| # Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import logging, random, string |
| from dbus.mainloop.glib import DBusGMainLoop |
| |
| from autotest_lib.client.bin import test |
| from autotest_lib.client.common_lib import error |
| from autotest_lib.client.common_lib.cros import policy, session_manager |
| from autotest_lib.client.cros import cros_ui, cryptohome, ownership |
| |
| |
| class login_RemoteOwnership(test.test): |
| """Tests to ensure that the Ownership API can be used, as an |
| enterprise might, to set device policies. |
| """ |
| |
| version = 1 |
| |
| |
| def initialize(self): |
| # Start with a clean slate wrt ownership |
| ownership.restart_ui_to_clear_ownership_files() |
| super(login_RemoteOwnership, self).initialize() |
| policy.install_protobufs(self.autodir, self.job) |
| |
| bus_loop = DBusGMainLoop(set_as_default=True) |
| self._cryptohome_proxy = cryptohome.CryptohomeProxy( |
| bus_loop, self.autodir, self.job) |
| self._sm = session_manager.connect(bus_loop) |
| |
| |
| def run_once(self): |
| # Initial policy setup. |
| poldata = policy.build_policy_data() |
| priv = ownership.known_privkey() |
| pub = ownership.known_pubkey() |
| policy.push_policy_and_verify( |
| policy.generate_policy(priv, pub, poldata), self._sm) |
| |
| # Force re-key the device |
| (priv, pub) = ownership.pairgen_as_data() |
| policy.push_policy_and_verify( |
| policy.generate_policy(priv, pub, poldata), self._sm) |
| |
| # Rotate key gracefully. |
| self.username = (''.join(random.sample(string.ascii_lowercase,6)) + |
| "@foo.com") |
| password = ''.join(random.sample(string.ascii_lowercase,6)) |
| self._cryptohome_proxy.remove(self.username) |
| self._cryptohome_proxy.mount(self.username, password, create=True) |
| |
| (new_priv, new_pub) = ownership.pairgen_as_data() |
| |
| self._sm.StartSession(self.username, '') |
| |
| policy.push_policy_and_verify( |
| policy.generate_policy(key=new_priv, |
| pubkey=new_pub, |
| policy=poldata, |
| old_key=priv), |
| self._sm) |
| |
| try: |
| self._sm.StopSession('') |
| except error.TestError as e: |
| logging.error(str(e)) |
| raise error.TestFail('Could not stop session for random user') |
| |
| |
| def cleanup(self): |
| # Best effort to bounce the UI, which may be up or down. |
| cros_ui.stop(allow_fail=True) |
| self._cryptohome_proxy.remove(self.username) |
| cros_ui.start(allow_fail=True, wait_for_login_prompt=False) |
| super(login_RemoteOwnership, self).cleanup() |