• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5import logging, os, shutil, tempfile
6
7import common, constants, cryptohome
8from autotest_lib.client.bin import utils
9from autotest_lib.client.common_lib import autotemp, error
10from autotest_lib.client.cros import cros_ui
11
12
13PK12UTIL = 'pk12util'
14CERTUTIL = 'certutil'
15OPENSSLP12 = 'openssl pkcs12'
16OPENSSLX509 = 'openssl x509'
17OPENSSLRSA = 'openssl rsa'
18OPENSSLREQ = 'openssl req'
19OPENSSLCRYPTO = 'openssl sha1'
20
21TESTUSER = 'ownership_test@chromium.org'
22TESTPASS = 'testme'
23
24
25class OwnershipError(error.TestError):
26    """Generic error for ownership-related failures."""
27    pass
28
29
30class scoped_tempfile(object):
31    """A wrapper that provides scoped semantics for temporary files.
32
33    Providing a file path causes the scoped_tempfile to take ownership of the
34    file at the provided path.  The file at the path will be deleted when this
35    object goes out of scope.  If no path is provided, then a temporary file
36    object will be created for the lifetime of the scoped_tempfile
37
38    autotemp.tempfile objects don't seem to play nicely with being
39    used in system commands, so they can't be used for my purposes.
40    """
41
42    tempdir = autotemp.tempdir(unique_id='ownership')
43
44    def __init__(self, name=None):
45        self.name = name
46        if not self.name:
47            self.fo = tempfile.TemporaryFile()
48
49
50    def __del__(self):
51        if self.name:
52            if os.path.exists(self.name):
53                os.unlink(self.name)
54        else:
55            self.fo.close()  # Will destroy the underlying tempfile
56
57
58def system_output_on_fail(cmd):
59    """Run a |cmd|, capturing output and logging it only on error.
60
61    @param cmd: the command to run.
62    """
63    output = None
64    try:
65        output = utils.system_output(cmd)
66    except:
67        logging.error(output)
68        raise
69
70
71def __unlink(filename):
72    """unlink a file, but log OSError and IOError instead of raising.
73
74    This allows unlinking files that don't exist safely.
75
76    @param filename: the file to attempt to unlink.
77    """
78    try:
79        os.unlink(filename)
80    except (IOError, OSError) as error:
81        logging.info(error)
82
83
84def restart_ui_to_clear_ownership_files():
85    """Remove on-disk state related to device ownership.
86
87    The UI must be stopped while we do this, or the session_manager will
88    write the policy and key files out again.
89    """
90    cros_ui.stop(allow_fail=not cros_ui.is_up())
91    clear_ownership_files_no_restart()
92    cros_ui.start()
93
94
95def clear_ownership_files_no_restart():
96    """Remove on-disk state related to device ownership.
97
98    The UI must be stopped while we do this, or the session_manager will
99    write the policy and key files out again.
100    """
101    if cros_ui.is_up():
102        raise error.TestError("Tried to clear ownership with UI running.")
103    __unlink(constants.OWNER_KEY_FILE)
104    __unlink(constants.SIGNED_POLICY_FILE)
105    __unlink(os.path.join(constants.USER_DATA_DIR, 'Local State'))
106
107
108def fake_ownership():
109    """Fake ownership by generating the necessary magic files."""
110    # Determine the module directory.
111    dirname = os.path.dirname(__file__)
112    mock_certfile = os.path.join(dirname, constants.MOCK_OWNER_CERT)
113    mock_signedpolicyfile = os.path.join(dirname,
114                                         constants.MOCK_OWNER_POLICY)
115    utils.open_write_close(constants.OWNER_KEY_FILE,
116                           cert_extract_pubkey_der(mock_certfile))
117    shutil.copy(mock_signedpolicyfile,
118                constants.SIGNED_POLICY_FILE)
119
120
121POLICY_TYPE = 'google/chromeos/device'
122
123
124def assert_has_policy_data(response_proto):
125    """Assert that given protobuf has a policy_data field.
126
127    @param response_proto: a PolicyFetchResponse protobuf.
128    @raises OwnershipError on failure.
129    """
130    if not response_proto.HasField("policy_data"):
131        raise OwnershipError('Malformatted response.')
132
133
134def assert_has_device_settings(data_proto):
135    """Assert that given protobuf is a policy with device settings in it.
136
137    @param data_proto: a PolicyData protobuf.
138    @raises OwnershipError if this isn't CrOS policy, or has no settings inside.
139    """
140    if (not data_proto.HasField("policy_type") or
141        data_proto.policy_type != POLICY_TYPE or
142        not data_proto.HasField("policy_value")):
143        raise OwnershipError('Malformatted response.')
144
145
146def assert_username(data_proto, username):
147    """Assert that given protobuf is a policy associated with the given user.
148
149    @param data_proto: a PolicyData protobuf.
150    @param username: the username to check for
151    @raises OwnershipError if data_proto isn't associated with username
152    """
153    if data_proto.username != username:
154        raise OwnershipError('Incorrect username.')
155
156
157def assert_guest_setting(settings, guests):
158    """Assert that given protobuf has given guest-related settings.
159
160    @param settings: a ChromeDeviceSettingsProto protobuf.
161    @param guests: boolean indicating whether guests are allowed to sign in.
162    @raises OwnershipError if settings doesn't enforce the provided setting.
163    """
164    if not settings.HasField("guest_mode_enabled"):
165        raise OwnershipError('No guest mode setting protobuf.')
166    if not settings.guest_mode_enabled.HasField("guest_mode_enabled"):
167        raise OwnershipError('No guest mode setting.')
168    if settings.guest_mode_enabled.guest_mode_enabled != guests:
169        raise OwnershipError('Incorrect guest mode setting.')
170
171
172def assert_show_users(settings, show_users):
173    """Assert that given protobuf has given user-avatar-showing settings.
174
175    @param settings: a ChromeDeviceSettingsProto protobuf.
176    @param show_users: boolean indicating whether avatars are shown on sign in.
177    @raises OwnershipError if settings doesn't enforce the provided setting.
178    """
179    if not settings.HasField("show_user_names"):
180        raise OwnershipError('No show users setting protobuf.')
181    if not settings.show_user_names.HasField("show_user_names"):
182        raise OwnershipError('No show users setting.')
183    if settings.show_user_names.show_user_names != show_users:
184        raise OwnershipError('Incorrect show users setting.')
185
186
187def assert_roaming(settings, roaming):
188    """Assert that given protobuf has given roaming settings.
189
190    @param settings: a ChromeDeviceSettingsProto protobuf.
191    @param roaming: boolean indicating whether roaming is allowed.
192    @raises OwnershipError if settings doesn't enforce the provided setting.
193    """
194    if not settings.HasField("data_roaming_enabled"):
195        raise OwnershipError('No roaming setting protobuf.')
196    if not settings.data_roaming_enabled.HasField("data_roaming_enabled"):
197        raise OwnershipError('No roaming setting.')
198    if settings.data_roaming_enabled.data_roaming_enabled != roaming:
199        raise OwnershipError('Incorrect roaming setting.')
200
201
202def assert_new_users(settings, new_users):
203    """Assert that given protobuf has given new user settings.
204
205    @param settings: a ChromeDeviceSettingsProto protobuf.
206    @param new_users: boolean indicating whether adding users is allowed.
207    @raises OwnershipError if settings doesn't enforce the provided setting.
208    """
209    if not settings.HasField("allow_new_users"):
210        raise OwnershipError('No allow new users setting protobuf.')
211    if not settings.allow_new_users.HasField("allow_new_users"):
212        raise OwnershipError('No allow new users setting.')
213    if settings.allow_new_users.allow_new_users != new_users:
214        raise OwnershipError('Incorrect allow new users setting.')
215
216
217def assert_users_on_whitelist(settings, users):
218    """Assert that given protobuf has given users on the whitelist.
219
220    @param settings: a ChromeDeviceSettingsProto protobuf.
221    @param users: iterable containing usernames that should be on whitelist.
222    @raises OwnershipError if settings doesn't enforce the provided setting.
223    """
224    if settings.HasField("user_whitelist"):
225        for user in users:
226            if user not in settings.user_whitelist.user_whitelist:
227                raise OwnershipError(user + ' not whitelisted.')
228    else:
229        raise OwnershipError('No user whitelist.')
230
231
232def __user_nssdb(user):
233    """Returns the path to the NSSDB for the provided user.
234
235    @param user: the user whose NSSDB the caller wants.
236    @return: absolute path to user's NSSDB.
237    """
238    return os.path.join(cryptohome.user_path(user), '.pki', 'nssdb')
239
240
241def use_known_ownerkeys(user):
242    """Sets the system up to use a well-known keypair for owner operations.
243
244    Assuming the appropriate cryptohome is already mounted, configures the
245    device to accept policies signed with the checked-in 'mock' owner key.
246
247    @param user: the user whose NSSDB should be populated with key material.
248    """
249    dirname = os.path.dirname(__file__)
250    mock_keyfile = os.path.join(dirname, constants.MOCK_OWNER_KEY)
251    mock_certfile = os.path.join(dirname, constants.MOCK_OWNER_CERT)
252    push_to_nss(mock_keyfile, mock_certfile, __user_nssdb(user))
253    utils.open_write_close(constants.OWNER_KEY_FILE,
254                           cert_extract_pubkey_der(mock_certfile))
255
256
257def known_privkey():
258    """Returns the mock owner private key in PEM format.
259
260    @return: mock owner private key in PEM format.
261    """
262    dirname = os.path.dirname(__file__)
263    return utils.read_file(os.path.join(dirname, constants.MOCK_OWNER_KEY))
264
265
266def known_pubkey():
267    """Returns the mock owner public key in DER format.
268
269    @return: mock owner public key in DER format.
270    """
271    dirname = os.path.dirname(__file__)
272    return cert_extract_pubkey_der(os.path.join(dirname,
273                                                constants.MOCK_OWNER_CERT))
274
275
276def pairgen():
277    """Generate a self-signed cert and associated private key.
278
279    Generates a self-signed X509 certificate and the associated private key.
280    The key is 2048 bits.  The generated material is stored in PEM format
281    and the paths to the two files are returned.
282
283    The caller is responsible for cleaning up these files.
284
285    @return: (/path/to/private_key, /path/to/self-signed_cert)
286    """
287    keyfile = scoped_tempfile.tempdir.name + '/private.key'
288    certfile = scoped_tempfile.tempdir.name + '/cert.pem'
289    cmd = '%s -x509 -subj %s -newkey rsa:2048 -nodes -keyout %s -out %s' % (
290        OPENSSLREQ, '/CN=me', keyfile, certfile)
291    system_output_on_fail(cmd)
292    return (keyfile, certfile)
293
294
295def pairgen_as_data():
296    """Generates keypair, returns keys as data.
297
298    Generates a fresh owner keypair and then passes back the
299    PEM-encoded private key and the DER-encoded public key.
300
301    @return: (PEM-encoded private key, DER-encoded public key)
302    """
303    (keypath, certpath) = pairgen()
304    keyfile = scoped_tempfile(keypath)
305    certfile = scoped_tempfile(certpath)
306    return (utils.read_file(keyfile.name),
307            cert_extract_pubkey_der(certfile.name))
308
309
310def push_to_nss(keyfile, certfile, nssdb):
311    """Takes a pre-generated key pair and pushes them to an NSS DB.
312
313    Given paths to a private key and cert in PEM format, stores the pair
314    in the provided nssdb.
315
316    @param keyfile: path to PEM-formatted private key file.
317    @param certfile: path to PEM-formatted cert file for associated public key.
318    @param nssdb: path to NSSDB to be populated with the provided keys.
319    """
320    for_push = scoped_tempfile(scoped_tempfile.tempdir.name + '/for_push.p12')
321    cmd = '%s -export -in %s -inkey %s -out %s ' % (
322        OPENSSLP12, certfile, keyfile, for_push.name)
323    cmd += '-passin pass: -passout pass:'
324    system_output_on_fail(cmd)
325    cmd = '%s -d "sql:%s" -i %s -W ""' % (PK12UTIL,
326                                          nssdb,
327                                          for_push.name)
328    system_output_on_fail(cmd)
329
330
331def cert_extract_pubkey_der(pem):
332    """Given a PEM-formatted cert, extracts the public key in DER format.
333
334    Pass in an X509 certificate in PEM format, and you'll get back the
335    DER-formatted public key as a string.
336
337    @param pem: path to a PEM-formatted cert file.
338    @return: DER-encoded public key from cert, as a string.
339    """
340    outfile = scoped_tempfile(scoped_tempfile.tempdir.name + '/pubkey.der')
341    cmd = '%s -in %s -pubkey -noout ' % (OPENSSLX509, pem)
342    cmd += '| %s -outform DER -pubin -out %s' % (OPENSSLRSA,
343                                                 outfile.name)
344    system_output_on_fail(cmd)
345    der = utils.read_file(outfile.name)
346    return der
347
348
349def sign(pem_key, data):
350    """Signs |data| with key from |pem_key|, returns signature.
351
352    Using the PEM-formatted private key in |pem_key|, generates an
353    RSA-with-SHA1 signature over |data| and returns the signature in
354    a string.
355
356    @param pem_key: PEM-formatted private key, as a string.
357    @param data: data to be signed.
358    @return: signature as a string.
359    """
360    sig = scoped_tempfile()
361    err = scoped_tempfile()
362    data_file = scoped_tempfile()
363    data_file.fo.write(data)
364    data_file.fo.seek(0)
365
366    pem_key_file = scoped_tempfile(scoped_tempfile.tempdir.name + '/pkey.pem')
367    utils.open_write_close(pem_key_file.name, pem_key)
368
369    cmd = '%s -sign %s' % (OPENSSLCRYPTO, pem_key_file.name)
370    try:
371        utils.run(cmd,
372                  stdin=data_file.fo,
373                  stdout_tee=sig.fo,
374                  stderr_tee=err.fo)
375    except:
376        err.fo.seek(0)
377        logging.error(err.fo.read())
378        raise
379
380    sig.fo.seek(0)
381    sig_data = sig.fo.read()
382    if not sig_data:
383        raise error.OwnershipError('Empty signature!')
384    return sig_data
385
386
387def get_user_policy_key_filename(username):
388    """Returns the path to the user policy key for the given username.
389
390    @param username: the user whose policy key we want the path to.
391    @return: absolute path to user's policy key file.
392    """
393    return os.path.join(constants.USER_POLICY_DIR,
394                        cryptohome.get_user_hash(username),
395                        constants.USER_POLICY_KEY_FILENAME)
396