client/site_tests/enterprise_Policies/enterprise_Policies.py

# Copyright (c) 2013 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

import logging, os, pwd, stat

from autotest_lib.client.common_lib import error
from autotest_lib.client.cros import auth_server, cros_ui_test, dns_server

class enterprise_Policies(cros_ui_test.UITest):
    version = 1


    def __authenticator(self, email, password):
        """Respond positively to any auth attempt."""
        return True


    def _file_exists(self, path):
        """Verify existence of file at 'path'."""
        if path is None:
            raise error.TestError('Warning: invalid path (%s).' % path)
        if not os.path.exists(path):
            raise error.TestFail('Failure: file %s does not exist.' % path)
        return True


    def _owner_mode_matches(self, path, expected_owner, expected_mode):
        """Checks if the file at 'path' is owned by 'expected_owner', and has
        permissions mode matching 'expected_mode'. Returns True if they match,
        else returns False. Logs any mismatches to logging.error.
        """
        s = os.stat(path)
        actual_owner = pwd.getpwuid(s.st_uid).pw_name
        actual_mode = stat.S_IMODE(s.st_mode)
        if (expected_owner != actual_owner or
            expected_mode != actual_mode):
            raise error.TestFail("%s - Expected %s:%s, saw %s:%s" %
                          (path, expected_owner, oct(expected_mode),
                           actual_owner, oct(actual_mode)))
        return True


    def initialize(self, creds='$default'):
        """Override superclass to provide a default value for the creds param.

        This is important for our class, since non-user sessions (AKA "browse
        without signing in") don't exercise the code we want to test.

        @param creds: Per cros_ui_test.UITest. Herein, default is '$default'.
        """
        assert creds, "Must use user credentials for this test."
        super(enterprise_Policies, self).initialize(creds,
                                                    is_creating_owner=True)


    def start_authserver(self):
        """Override superclass to use our authenticator."""
        super(enterprise_Policies, self).start_authserver(
            authenticator=self.__authenticator)


    def run_once(self):
        """Verify properties of install_attributes.pb, policy, key files."""
        install_attributes = "/home/.shadow/install_attributes.pb"
        self._file_exists(install_attributes)

        # TODO(scunningham) Correct mode should be 0644. Initialize() sets
        # it to 0600. Change expected mode to 0644 after crosbug.com/37633
        # is fixed.
        self._owner_mode_matches(install_attributes, "root", 0600)

        whitelist_policy = "/var/lib/whitelist/policy"
        self._file_exists(whitelist_policy)
        self._owner_mode_matches(whitelist_policy, "root", 0604)

        whitelist_key = "/var/lib/whitelist/owner.key"
        self._file_exists(whitelist_key)
        self._owner_mode_matches(whitelist_key, "root", 0604)


    def cleanup(self):
        super(enterprise_Policies, self).cleanup()
        self.write_perf_keyval(self.get_auth_endpoint_misses())