# Copyright (c) 2013 The Chromium OS Authors. All rights reserved. # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. import dbus, os from dbus.mainloop.glib import DBusGMainLoop from autotest_lib.client.bin import test, utils from autotest_lib.client.common_lib import error from autotest_lib.client.common_lib.cros import policy, session_manager from autotest_lib.client.cros import cryptohome, ownership class login_MultiUserPolicy(test.test): """Verifies that storing and retrieving user policy works with multiple profiles signed-in. """ version = 1 _user1 = 'user1@somewhere.com' _user2 = 'user2@somewhere.com' def setup(self): os.chdir(self.srcdir) utils.make('OUT_DIR=.') def initialize(self): super(login_MultiUserPolicy, self).initialize() self._bus_loop = DBusGMainLoop(set_as_default=True) # Clear the user's vault, to make sure the test starts without any # policy or key lingering around. At this stage the session isn't # started and there's no user signed in. ownership.restart_ui_to_clear_ownership_files() cryptohome_proxy = cryptohome.CryptohomeProxy(self._bus_loop) cryptohome_proxy.ensure_clean_cryptohome_for(self._user1) cryptohome_proxy.ensure_clean_cryptohome_for(self._user2) def run_once(self): sm = session_manager.connect(self._bus_loop) # Start a session for the first user, and verify that no policy exists # for that user yet. if not sm.StartSession(self._user1, ''): raise error.TestError('Could not start session') policy_blob = sm.RetrievePolicyForUser(self._user1, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Now store a policy. This is building a device policy protobuf, but # that's fine as far as the session_manager is concerned; it's the # outer PolicyFetchResponse that contains the public_key. public_key = ownership.known_pubkey() private_key = ownership.known_privkey() policy_data = policy.build_policy_data(self.srcdir) policy_response = policy.generate_policy(self.srcdir, private_key, public_key, policy_data) try: result = sm.StorePolicyForUser(self._user1, dbus.ByteArray(policy_response)) if not result: raise error.TestFail('Failed to store user policy') except dbus.exceptions.DBusException, e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Storing policy for the second user fails before his session starts. try: result = sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) raise error.TestFail('Storing policy should fail before the session ' 'is started') except dbus.exceptions.DBusException, e: pass # Now start the second user's session, and verify that he has no # policy stored yet. if not sm.StartSession(self._user2, ''): raise error.TestError('Could not start second session') policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if policy_blob: raise error.TestError('session_manager already has user policy!') # Storing works now. try: result = sm.StorePolicyForUser(self._user2, dbus.ByteArray(policy_response)) if not result: raise error.TestFail('Failed to store user policy') except dbus.exceptions.DBusException, e: raise error.TestFail('Call to StorePolicyForUser failed', e) # Verify that retrieving policy works too. policy_blob = sm.RetrievePolicyForUser(self._user2, byte_arrays=True) if not policy_blob: raise error.TestError('Failed to retrieve stored policy')