From a6f41c35e337db192e612ee6e1545fcae4c69ac7 Mon Sep 17 00:00:00 2001
From: Philip Hands <phil@hands.com>
Date: Thu, 29 Jun 2017 22:11:09 +0200
Subject: lvc: grab updates from tails (01371c19bd..6ae59c49e5)

Signed-off-by: Holger Levsen <holger@layer-acht.org>
---
 cucumber/features/step_definitions/mac_spoofing.rb | 87 ++++++++++++----------
 1 file changed, 49 insertions(+), 38 deletions(-)

(limited to 'cucumber/features/step_definitions/mac_spoofing.rb')

diff --git a/cucumber/features/step_definitions/mac_spoofing.rb b/cucumber/features/step_definitions/mac_spoofing.rb
index a4aa8714..260b28fd 100644
--- a/cucumber/features/step_definitions/mac_spoofing.rb
+++ b/cucumber/features/step_definitions/mac_spoofing.rb
@@ -5,51 +5,51 @@ def all_ethernet_nics
 end
 
 When /^I disable MAC spoofing in Tails Greeter$/ do
+  open_greeter_additional_settings()
   @screen.wait_and_click("TailsGreeterMACSpoofing.png", 30)
+  @screen.wait_and_click("TailsGreeterDisableMACSpoofing.png", 10)
+  @screen.wait_and_click("TailsGreeterAdditionalSettingsAdd.png", 10)
 end
 
-Then /^the network device has (its default|a spoofed) MAC address configured$/ do |mode|
+Then /^the (\d+)(?:st|nd|rd|th) network device has (its real|a spoofed) MAC address configured$/ do |dev_nr, mode|
   is_spoofed = (mode == "a spoofed")
-  nic = "eth0"
-  assert_equal([nic], all_ethernet_nics,
-               "We only expected NIC #{nic} but these are present: " +
-               all_ethernet_nics.join(", "))
-  nic_real_mac = $vm.real_mac
+  alias_name = "net#{dev_nr.to_i - 1}"
+  nic_real_mac = $vm.real_mac(alias_name)
+  nic = "eth#{dev_nr.to_i - 1}"
   nic_current_mac = $vm.execute_successfully(
     "get_current_mac_of_nic #{nic}", :libs => 'hardware'
   ).stdout.chomp
-  if is_spoofed
-    if nic_real_mac == nic_current_mac
-      save_pcap_file
-      raise "The MAC address was expected to be spoofed but wasn't"
-    end
-  else
-    if nic_real_mac != nic_current_mac
-      save_pcap_file
-      raise "The MAC address is spoofed but was expected to not be"
+  begin
+    if is_spoofed
+      if nic_real_mac == nic_current_mac
+        raise "The MAC address was expected to be spoofed but wasn't"
+      end
+    else
+      if nic_real_mac != nic_current_mac
+        raise "The MAC address is spoofed but was expected to not be"
+      end
     end
+  rescue Exception => e
+    save_failure_artifact("Network capture", @sniffer.pcap_file)
+    raise e
   end
 end
 
-Then /^the real MAC address was (not )?leaked$/ do |mode|
-  is_leaking = mode.nil?
-  leaks = FirewallLeakCheck.new(@sniffer.pcap_file)
-  mac_leaks = leaks.mac_leaks
-  if is_leaking
-    if !mac_leaks.include?($vm.real_mac)
-      save_pcap_file
-      raise "The real MAC address was expected to leak but didn't. We " +
-            "observed the following MAC addresses: #{mac_leaks}"
-    end
-  else
-    if mac_leaks.include?($vm.real_mac)
-      save_pcap_file
-      raise "The real MAC address was leaked but was expected not to. We " +
-            "observed the following MAC addresses: #{mac_leaks}"
+Then /^no network device leaked the real MAC address$/ do
+  macs = $vm.all_real_macs
+  assert_all_connections(@sniffer.pcap_file) do |c|
+    macs.all? do |mac|
+      not [c.mac_saddr, c.mac_daddr].include?(mac)
     end
   end
 end
 
+Then /^some network device leaked the real MAC address$/ do
+  assert_raise(FirewallAssertionFailedError) do
+    step 'no network device leaked the real MAC address'
+  end
+end
+
 Given /^macchanger will fail by not spoofing and always returns ([\S]+)$/ do |mode|
   $vm.execute_successfully("mv /usr/bin/macchanger /usr/bin/macchanger.orig")
   $vm.execute_successfully("ln -s /bin/#{mode} /usr/bin/macchanger")
@@ -76,14 +76,6 @@ EOF
   $vm.execute_successfully("chmod a+rx /sbin/modprobe")
 end
 
-When /^see the "Network card disabled" notification$/ do
-  robust_notification_wait("MACSpoofNetworkCardDisabled.png", 60)
-end
-
-When /^see the "All networking disabled" notification$/ do
-  robust_notification_wait("MACSpoofNetworkingDisabled.png", 60)
-end
-
 Then /^(\d+|no) network interface(?:s)? (?:is|are) enabled$/ do |expected_nr_nics|
   # note that "no".to_i => 0 in Ruby.
   expected_nr_nics = expected_nr_nics.to_i
@@ -106,3 +98,22 @@ Then /^the MAC spoofing panic mode disabled networking$/ do
     end
   end
 end
+
+When /^I hotplug a network device( and wait for it to be initialized)?$/ do |wait|
+  initial_nr_nics = wait ? all_ethernet_nics.size : nil
+  xml = <<-EOF
+    <interface type='network'>
+      <alias name='net1'/>
+      <mac address='52:54:00:11:22:33'/>
+      <source network='TailsToasterNet'/>
+      <model type='virtio'/>
+      <link state='up'/>
+    </interface>
+  EOF
+  $vm.plug_device(xml)
+  if wait
+    try_for(20) do
+      all_ethernet_nics.size >= initial_nr_nics + 1
+    end
+  end
+end
-- 
cgit v1.2.3-70-g09d2