summaryrefslogtreecommitdiffstats
path: root/features/step_definitions/root_access_control.rb
blob: ff1bdfcc72e91cccb1854b6ea80ac29349278592 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Then /^I should be able to run administration commands as the live user$/ do
  stdout = $vm.execute("echo #{@sudo_password} | sudo -S whoami",
                       :user => LIVE_USER).stdout
  actual_user = stdout.sub(/^\[sudo\] password for #{LIVE_USER}: /, "").chomp
  assert_equal("root", actual_user, "Could not use sudo")
end

Then /^I should not be able to run administration commands as the live user with the "([^"]*)" password$/ do |password|
  stderr = $vm.execute("echo #{password} | sudo -S whoami",
                       :user => LIVE_USER).stderr
  sudo_failed = stderr.include?("The administration password is disabled") || stderr.include?("is not allowed to execute")
  assert(sudo_failed, "The administration password is not disabled:" + stderr)
end

When /^running a command as root with pkexec requires PolicyKit administrator privileges$/ do
  action = 'org.freedesktop.policykit.exec'
  action_details = $vm.execute("pkaction --verbose --action-id #{action}").stdout
  assert(action_details[/\s+implicit any:\s+auth_admin$/],
         "Expected 'auth_admin' for 'any':\n#{action_details}")
  assert(action_details[/\s+implicit inactive:\s+auth_admin$/],
         "Expected 'auth_admin' for 'inactive':\n#{action_details}")
  assert(action_details[/\s+implicit active:\s+auth_admin$/],
         "Expected 'auth_admin' for 'active':\n#{action_details}")
end

Then /^I should be able to run a command as root with pkexec$/ do
  step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
  step 'I enter the sudo password in the pkexec prompt'
  try_for(10, :msg => 'The /root/pkexec-test file was not created.') {
    $vm.execute('ls /root/pkexec-test').success?
  }
end

Then /^I should not be able to run a command as root with pkexec and the standard passwords$/ do
  step "I run \"pkexec touch /root/pkexec-test\" in GNOME Terminal"
  ['', 'live', 'amnesia'].each do |password|
    step "I enter the \"#{password}\" password in the pkexec prompt"
    @screen.wait('PolicyKitAuthFailure.png', 20)
  end
  @screen.type(Sikuli::Key.ESC)
  @screen.wait('PolicyKitAuthCompleteFailure.png', 20)
end