2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
32 #include <tests_common.h>
34 #include "security_server_clean_env.h"
35 #include "security_server_tests_common.h"
38 // the maximum time (in seconds) passwords can expire in
39 const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
42 const char* TEST_PASSWORD = "IDLEPASS";
43 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
44 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
45 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
47 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
50 SystemClock(time_t sft)
62 void shift(time_t sft) {
64 time_t shifted = m_original + m_shift;
65 RUNNER_ASSERT_ERRNO(0 == stime(&shifted));
69 if (std::uncaught_exception()) {
74 RUNNER_ASSERT_ERRNO(0 == stime(&m_original));
83 * Confirm there is no password before tests are run.
85 RUNNER_TEST(tc01_clear_environment)
88 unsigned int attempt, max_attempt, expire_sec;
92 reset_security_server();
94 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
96 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
97 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
98 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
99 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
103 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
104 SLOGD("If not, you will see some failures\n");
106 RUNNER_IGNORED_MSG("I'm not root");
111 * Basic test of setting validity period.
113 RUNNER_TEST(tc02_security_server_set_pwd_validity)
117 // Prepare environment
118 reset_security_server();
122 ret = security_server_set_pwd_validity(10);
123 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
125 ret = security_server_set_pwd_validity(11);
126 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
129 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
130 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
132 ret = security_server_set_pwd_validity(10);
133 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
135 ret = security_server_set_pwd_validity(11);
136 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
140 * Basic test of setting maximum number of password challenges.
142 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
146 // Prepare environment
147 reset_security_server();
151 ret = security_server_set_pwd_max_challenge(5);
152 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
154 ret = security_server_set_pwd_max_challenge(6);
155 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
158 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
159 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
161 ret = security_server_set_pwd_max_challenge(5);
162 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
164 ret = security_server_set_pwd_max_challenge(6);
165 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
169 * Test checking a too long password.
171 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
174 unsigned int attempt, max_attempt, expire_sec;
177 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
178 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
182 * Test various parameter values when checking a password.
184 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
187 unsigned int attempt, max_attempt, expire_sec;
189 ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec);
190 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
192 ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec);
193 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
195 ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec);
196 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
198 ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr);
199 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
203 * Check the given password when no password is set.
205 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
208 unsigned int attempt, max_attempt, expire_sec;
210 // Prepare environment - there is no password now!
211 reset_security_server();
214 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
216 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
217 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
218 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
222 * Checks various parameter values.
224 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
228 // Prepare environment
229 reset_security_server();
232 ret = security_server_set_pwd(nullptr, nullptr, 0, 0);
233 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
237 * Test setting too long password.
239 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
243 // Prepare environment
244 reset_security_server();
248 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
249 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
253 * Basic password setting.
255 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
259 // Prepare environment
260 reset_security_server();
263 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
264 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
268 * Set a maximum password period.
270 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
273 // Prepare environment
274 reset_security_server();
275 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
276 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
279 usleep(PASSWORD_RETRY_TIMEOUT_US);
280 // UINT_MAX will cause api error, it is to big value
281 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
282 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
283 usleep(PASSWORD_RETRY_TIMEOUT_US);
284 // calculate max applicable valid days that will not be rejected by ss
285 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
286 unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
287 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
288 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
292 * Set a maximum password challenge number.
294 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
297 // Prepare environment
298 reset_security_server();
299 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
300 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
303 usleep(PASSWORD_RETRY_TIMEOUT_US);
304 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
305 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
309 * Set empty password.
311 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
314 // Prepare environment
315 reset_security_server();
316 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
317 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
320 usleep(PASSWORD_RETRY_TIMEOUT_US);
321 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
322 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
326 * Change password to a too long password.
328 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
331 // Prepare environment
332 reset_security_server();
333 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
334 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
337 usleep(PASSWORD_RETRY_TIMEOUT_US);
338 std::string lng_pwd(5000, 'A');
339 ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
340 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
344 * Check empty password.
346 RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
349 unsigned int attempt, max_attempt, expire_sec;
351 // Prepare environment
352 reset_security_server();
353 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
354 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
357 usleep(PASSWORD_RETRY_TIMEOUT_US);
358 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
359 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
363 * Various validity parameter values.
365 RUNNER_TEST(tc16_security_server_set_pwd_validity)
368 // Prepare environment
369 reset_security_server();
370 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
371 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
374 ret = security_server_set_pwd_validity(0);
375 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
377 ret = security_server_set_pwd_validity(1);
378 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
380 //When trying to set UINT_MAX we should get error.
381 ret = security_server_set_pwd_validity(UINT_MAX);
382 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
384 ret = security_server_set_pwd_validity(2);
385 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
389 * Check passwords validity
391 RUNNER_TEST(tc17_security_server_is_pwd_valid)
394 unsigned int attempt, max_attempt, expire_sec;
396 // Prepare environment
397 reset_security_server();
398 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2);
399 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
402 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
403 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
404 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
408 * Various numbers of challenges.
410 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
413 // Prepare environment
414 reset_security_server();
415 // calculate max applicable valid days that will not be rejected by ss
416 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
417 unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
418 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days);
419 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
422 ret = security_server_set_pwd_max_challenge(0);
423 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
425 ret = security_server_set_pwd_max_challenge(UINT_MAX);
426 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
428 ret = security_server_set_pwd_max_challenge(5);
429 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
431 ret = security_server_set_pwd_max_challenge(6);
432 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
437 * Check the max number of challenges.
439 RUNNER_TEST(tc19_security_server_is_pwd_valid)
442 unsigned int attempt, max_attempt, expire_sec;
443 // Prepare environment
444 reset_security_server();
445 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
446 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
448 ret = security_server_set_pwd_max_challenge(6);
449 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
452 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
453 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
454 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
458 * Basic password check.
460 RUNNER_TEST(tc20_security_server_chk_pwd)
463 unsigned int attempt, max_attempt, expire_sec;
465 // Prepare environment
466 reset_security_server();
467 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
468 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
471 usleep(PASSWORD_RETRY_TIMEOUT_US);
472 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
473 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
475 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
476 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
480 * Check an incorrect password.
482 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
485 unsigned int attempt, max_attempt, expire_sec;
487 // Prepare environment
488 reset_security_server();
489 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
490 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
493 usleep(PASSWORD_RETRY_TIMEOUT_US);
494 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
495 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
499 * Check an incorrect password
501 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
505 // Prepare environment
506 reset_security_server();
507 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
508 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
511 usleep(PASSWORD_RETRY_TIMEOUT_US);
512 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
513 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
519 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
523 // Prepare environment
524 reset_security_server();
525 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
526 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
529 usleep(PASSWORD_RETRY_TIMEOUT_US);
530 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
531 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
535 * Check wrong password multiple times and then check a correct one.
537 RUNNER_TEST(tc24_security_server_attempt_exceeding)
540 unsigned int i, attempt, max_attempt, expire_sec;
542 // Prepare environment
543 reset_security_server();
544 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
545 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
548 printf("5 subtests started...");
549 for (i = 1; i <= 5; i++) {
550 usleep(PASSWORD_RETRY_TIMEOUT_US);
551 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
552 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
553 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
557 usleep(PASSWORD_RETRY_TIMEOUT_US);
558 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
559 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
561 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
562 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
563 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
564 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
568 * Try to exceed maximum number of challenges.
570 RUNNER_TEST(tc25_security_server_attempt_exceeding)
573 unsigned int i, attempt, max_attempt, expire_sec;
575 // Prepare environment
576 reset_security_server();
577 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1);
578 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
581 printf("10 subtests started...");
582 for (i = 1; i <= 10; i++) {
583 usleep(PASSWORD_RETRY_TIMEOUT_US);
584 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
585 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
586 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
589 // The check, that exceeds max number
590 usleep(PASSWORD_RETRY_TIMEOUT_US);
591 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
592 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
595 usleep(PASSWORD_RETRY_TIMEOUT_US);
596 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
597 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
603 RUNNER_TEST(tc26_security_server_reset_pwd)
607 // Prepare environment
608 reset_security_server();
609 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
610 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
613 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
614 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
618 * Check too long password.
620 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
623 unsigned int attempt, max_attempt, expire_sec;
624 // Prepare environment
625 reset_security_server();
626 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
627 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
630 std::string lng_pwd(5000, 'A');
631 ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
632 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
636 * Check passwords expiration (not expired)
638 RUNNER_TEST(tc28_security_server_check_expiration)
641 unsigned int attempt, max_attempt, expire_sec;
643 // Prepare environment
644 reset_security_server();
645 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
646 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
649 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
650 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
651 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
655 * Use various parameter values of parameters.
657 RUNNER_TEST(tc29_security_server_set_pwd_history)
661 // Prepare environment
662 reset_security_server();
663 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
664 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
667 ret = security_server_set_pwd_history(100);
668 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
670 ret = security_server_set_pwd_history(51);
671 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
673 ret = security_server_set_pwd_history(-5);
674 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
676 ret = security_server_set_pwd_history(50);
677 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
679 ret = security_server_set_pwd_history(0);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
682 ret = security_server_set_pwd_history(INT_MAX);
683 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
685 ret = security_server_set_pwd_history(INT_MIN);
686 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
688 ret = security_server_set_pwd_history(10);
689 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
694 int dir_filter(const struct dirent *entry)
696 if ((strcmp(entry->d_name, ".") == 0) ||
697 (strcmp(entry->d_name, "..") == 0) ||
698 (strcmp(entry->d_name, "attempts") == 0) ||
699 (strcmp(entry->d_name, "history") == 0))
705 void clean_password_dir(void)
709 struct dirent **mydirent;
711 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
720 * Check password history.
722 RUNNER_TEST(tc30_security_server_check_history)
726 char buf1[33], buf2[33];
728 // Prepare environment
729 reset_security_server();
731 clean_password_dir();
733 ret = security_server_set_pwd_history(9);
734 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
736 ret = security_server_reset_pwd("history0", 0, 0);
737 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
739 printf("11 subtests started...");
740 for (i = 0; i < 11; i++) {
741 sprintf(buf1, "history%d", i);
742 sprintf(buf2, "history%d", i + 1);
744 usleep(PASSWORD_RETRY_TIMEOUT_US);
745 ret = security_server_set_pwd(buf1, buf2, 0, 0);
746 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
750 usleep(PASSWORD_RETRY_TIMEOUT_US);
751 ret = security_server_set_pwd("history11", "history1", 0, 0);
752 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
754 usleep(PASSWORD_RETRY_TIMEOUT_US);
755 ret = security_server_set_pwd("history1", "history8", 0, 0);
756 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
758 usleep(PASSWORD_RETRY_TIMEOUT_US);
759 ret = security_server_set_pwd("history1", "history12", 0, 0);
760 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
762 printf("48 subtests started...");
763 for (i = 12; i < 60; i++) {
764 usleep(PASSWORD_RETRY_TIMEOUT_US);
766 sprintf(buf1, "history%d", i);
767 sprintf(buf2, "history%d", i + 1);
769 ret = security_server_set_pwd(buf1, buf2, 0, 0);
770 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
774 clean_password_dir();
780 RUNNER_TEST(tc31_security_server_replay_attack)
784 unsigned int attempt, max_attempt, expire_sec;
786 usleep(PASSWORD_RETRY_TIMEOUT_US);
787 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
789 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
792 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
796 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
802 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
805 unsigned int attempt, max_attempt, expire_sec;
806 struct timeval cur_time;
808 // Prepare environment
809 reset_security_server();
810 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1);
811 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
814 usleep(PASSWORD_RETRY_TIMEOUT_US);
815 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
816 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
818 ret = gettimeofday(&cur_time, nullptr);
819 RUNNER_ASSERT_ERRNO(ret != -1);
821 cur_time.tv_sec += (expire_sec + 1);
822 ret = settimeofday(&cur_time, nullptr);
823 RUNNER_ASSERT_ERRNO(ret != -1);
825 usleep(PASSWORD_RETRY_TIMEOUT_US);
826 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
827 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
829 usleep(PASSWORD_RETRY_TIMEOUT_US);
830 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
831 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
837 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
841 // Prepare environment
842 reset_security_server();
845 ret = security_server_reset_pwd(nullptr, 10, 10);
846 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
850 * Use this instead of security_server_chk_pwd directly to verify the function output.
852 * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
854 void verify_chk_pwd (
855 const char* challenge,
857 unsigned int expected_current_attempt,
858 unsigned int expected_max_attempt,
859 const std::string &info = std::string())
861 /* ensure that initial values differ from expected ones */
862 unsigned int attempt = expected_current_attempt - 1;
863 unsigned int max_attempt = expected_max_attempt - 1;
864 unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
866 usleep(PASSWORD_RETRY_TIMEOUT_US);
867 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
869 // validate returned value
870 RUNNER_ASSERT_MSG(ret == expected_result,
871 info << "security_server_chk_pwd returned "
872 << ret << " (expected: " << expected_result << ")");
874 // validate current attempts value
875 RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
876 info << "security_server_chk_pwd returned attempt = " << attempt <<
877 " (expected: " << expected_current_attempt << ")");
879 // validate max attempt value
880 RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
881 info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
882 " (expected: " << expected_max_attempt << ")");
884 RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
885 info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
886 " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
890 * Reach last attempt few times in a row (before exceeding max_attempt).
892 RUNNER_TEST(tc34_security_server_max_attempts)
894 // Prepare environment
895 reset_security_server();
897 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
898 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
900 // change max attempts number few times
901 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
903 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
904 unsigned int max_challenges = max_challenge_tab[pass];
906 ret = security_server_set_pwd_max_challenge(max_challenges);
907 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
909 // max_challenges-1 wrong password attempts
910 for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
911 verify_chk_pwd(SECOND_TEST_PASSWORD,
912 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
915 std::string("pass = ") + std::to_string(pass) +
916 ", attempt = " + std::to_string(attempt_nr));
918 // Check correct password finally
919 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
920 max_challenges, max_challenges);
925 * Decrease 'max challenge' number after several missed attempts.
927 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
929 const unsigned int max_challenge_more = 10;
930 const unsigned int max_challenge_less = 5;
932 // Prepare environment
933 reset_security_server();
935 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0);
936 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
939 for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
940 verify_chk_pwd(SECOND_TEST_PASSWORD,
941 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
944 std::string("attempt = ") + std::to_string(attempt));
946 // lower max_challenge
947 ret = security_server_set_pwd_max_challenge(max_challenge_less);
948 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
950 // try valid password - should pass (curr attempts is reset)
951 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
953 // remove max attempts limit
954 ret = security_server_set_pwd_max_challenge(0);
955 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
957 // try valid password again - should pass
958 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
960 // try to change the password - should pass
961 usleep(PASSWORD_RETRY_TIMEOUT_US);
962 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
963 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
965 // validate new password
966 verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
970 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
971 * works as it should.
973 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
975 const int history_depth = 5;
976 const unsigned int max_challenge = 3;
977 std::string prev_pass, new_pass = TEST_PASSWORD;
979 // Prepare environment
980 reset_security_server();
982 int ret = security_server_set_pwd_history(history_depth);
983 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
985 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
986 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
988 for (int depth = 0; depth < history_depth; ++depth) {
989 prev_pass = new_pass;
991 //generate password name
992 new_pass = "history" + std::to_string(depth+1);
994 usleep(PASSWORD_RETRY_TIMEOUT_US);
995 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
996 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
998 // challenge initial password
1001 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1004 std::string("depth = ") + std::to_string(depth));
1006 // challenge previous password
1009 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1012 std::string("depth = ") + std::to_string(depth));
1017 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1018 * This test simulates user's behaviour - challenges valid and invalid passwords
1019 * in various combinations.
1021 RUNNER_TEST(tc37_security_server_challenge_mixed)
1023 // Prepare environment
1024 reset_security_server();
1026 const unsigned int max_challenge = 2;
1027 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
1028 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1030 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1031 for (unsigned int i = 0; i < max_challenge; ++i)
1034 SECURITY_SERVER_API_SUCCESS,
1037 std::string("i = ") + std::to_string(i));
1039 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1040 // If it didn't, the test would fail in third loop pass.
1041 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1044 SECOND_TEST_PASSWORD,
1045 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1048 std::string("i = ") + std::to_string(i));
1053 SECURITY_SERVER_API_SUCCESS,
1056 std::string("i = ") + std::to_string(i));
1059 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1060 // any further attempts (even correct) are blocked
1061 for (unsigned int i = 1; i <= max_challenge; ++i)
1063 SECOND_TEST_PASSWORD,
1064 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1067 std::string("i = ") + std::to_string(i));
1069 // correct - refused
1070 for (unsigned int i = 1; i <= max_challenge; ++i)
1073 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1076 std::string("i = ") + std::to_string(i));
1080 * Pasword change mixed with history depth change.
1082 RUNNER_TEST(tc38_security_server_history_depth_change)
1085 const int initial_history_depth = 2;
1086 const int decreased_history_depth = 1;
1087 const int increased_history_depth = 3;
1089 // Prepare environment
1090 reset_security_server();
1092 ret = security_server_set_pwd_history(initial_history_depth);
1093 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1095 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1096 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1098 usleep(PASSWORD_RETRY_TIMEOUT_US);
1099 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1100 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1102 usleep(PASSWORD_RETRY_TIMEOUT_US);
1103 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1104 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1106 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1107 usleep(PASSWORD_RETRY_TIMEOUT_US);
1108 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1109 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1112 * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
1113 * and SECOND_TEST_PASSWORD as a part of history.
1115 ret = security_server_set_pwd_history(decreased_history_depth);
1116 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1118 usleep(PASSWORD_RETRY_TIMEOUT_US);
1119 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1120 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1122 usleep(PASSWORD_RETRY_TIMEOUT_US);
1123 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1124 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1127 * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
1128 * and THIRD_TEST_PASSWORD only.
1130 ret = security_server_set_pwd_history(increased_history_depth);
1131 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1133 // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
1134 usleep(PASSWORD_RETRY_TIMEOUT_US);
1135 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1136 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1138 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1139 usleep(PASSWORD_RETRY_TIMEOUT_US);
1140 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1141 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1145 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1147 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1149 unsigned int attempt, max_attempt, expire_sec;
1150 const unsigned int max_challenge = 10;
1151 const unsigned int invalid_attempts_num = 3;
1153 // Prepare environment
1154 reset_security_server();
1156 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
1157 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1160 for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
1162 SECOND_TEST_PASSWORD,
1163 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1167 attempt = max_attempt = expire_sec = UINT_MAX;
1168 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1169 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1170 RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1171 RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
1172 RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
1175 // restart server - triggers loading password data from file
1176 restart_security_server();
1178 // challenge invalid password
1180 SECOND_TEST_PASSWORD,
1181 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1182 invalid_attempts_num + 1,
1185 // challenge valid password
1188 SECURITY_SERVER_API_SUCCESS,
1189 invalid_attempts_num + 2,
1194 * Validate passwords history after security server reset.
1196 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1198 const unsigned int history_depth = 2;
1200 // Prepare environment
1201 reset_security_server();
1203 int ret = security_server_set_pwd_history(history_depth);
1204 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1206 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1207 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1209 usleep(PASSWORD_RETRY_TIMEOUT_US);
1210 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1211 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1213 usleep(PASSWORD_RETRY_TIMEOUT_US);
1214 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1215 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1217 usleep(PASSWORD_RETRY_TIMEOUT_US);
1218 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1219 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1221 // restart server - triggers loading password data from file
1222 restart_security_server();
1224 // try to reuse history passwords
1225 usleep(PASSWORD_RETRY_TIMEOUT_US);
1226 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1227 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1229 usleep(PASSWORD_RETRY_TIMEOUT_US);
1230 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1231 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1233 usleep(PASSWORD_RETRY_TIMEOUT_US);
1234 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1235 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1239 * Check if SS has correct behaviour when changing history depth to 0.
1241 RUNNER_TEST(tc41_security_server_empty_history_check)
1243 const unsigned int history_depth = 2;
1244 const unsigned int empty_history_depth = 0;
1246 //prepare environment
1247 reset_security_server();
1249 //set new history count
1250 int ret = security_server_set_pwd_history(history_depth);
1251 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1253 //set new password and fill history
1254 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1255 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1257 usleep(PASSWORD_RETRY_TIMEOUT_US);
1258 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1259 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1261 usleep(PASSWORD_RETRY_TIMEOUT_US);
1262 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1263 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1265 //make sure, that everything went OK - try setting something that would cause reuse error
1266 usleep(PASSWORD_RETRY_TIMEOUT_US);
1267 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1268 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1270 usleep(PASSWORD_RETRY_TIMEOUT_US);
1271 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1272 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1274 //reset history limit to no history at all
1275 ret = security_server_set_pwd_history(empty_history_depth);
1276 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1278 //make sure, that current password still exists in memory
1279 //expected attempt 3 because our previous tries increased attempt counter
1281 THIRD_TEST_PASSWORD,
1282 SECURITY_SERVER_API_SUCCESS,
1286 //make sure that it's possible to reuse old password once history limit is set to 0
1287 usleep(PASSWORD_RETRY_TIMEOUT_US);
1288 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1289 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1291 //once again try setting earlier used passwords - now API should return success
1292 usleep(PASSWORD_RETRY_TIMEOUT_US);
1293 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1294 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1296 usleep(PASSWORD_RETRY_TIMEOUT_US);
1297 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1298 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1301 RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
1303 //prepare environment
1304 reset_security_server();
1307 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1308 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1310 //try setting different password and giving nullptr as current once again
1311 usleep(PASSWORD_RETRY_TIMEOUT_US);
1312 ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0);
1313 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1316 RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
1318 //prepare environment
1319 reset_security_server();
1322 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1323 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1326 unsigned int attempt, max_attempt, expire_sec;
1327 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1328 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1329 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1330 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1333 RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
1335 //prepare environment
1336 reset_security_server();
1339 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1340 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1343 unsigned int attempt, max_attempt, expire_sec;
1344 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1345 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1346 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1347 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1350 RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
1352 //prepare environment
1353 reset_security_server();
1356 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1357 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1360 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1361 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1362 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1363 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1366 RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
1368 //prepare environment
1369 reset_security_server();
1372 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1373 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1376 ret = security_server_set_pwd_validity(11);
1377 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1378 ret = security_server_set_pwd_validity(11);
1379 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1382 RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
1384 //prepare environment
1385 reset_security_server();
1388 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1389 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1392 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1393 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1394 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1395 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1398 RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
1400 //prepare environment
1401 reset_security_server();
1404 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1405 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1408 ret = security_server_set_pwd_history(5);
1409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1410 ret = security_server_set_pwd_history(5);
1411 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1414 RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
1416 //prepare environment
1417 reset_security_server();
1420 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1421 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1424 ret = security_server_set_pwd_max_challenge(5);
1425 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1426 ret = security_server_set_pwd_max_challenge(5);
1427 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1430 RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
1433 unsigned int attempt, max_attempt, expire_sec;
1435 // Prepare environment
1436 reset_security_server();
1437 ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
1438 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1439 usleep(PASSWORD_RETRY_TIMEOUT_US);
1441 // Assert security server sets infinite expiration time
1442 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1443 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1444 usleep(PASSWORD_RETRY_TIMEOUT_US);
1446 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1447 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1448 RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
1449 "invalid expiration time " << expire_sec);
1451 clean_password_dir();
1454 RUNNER_TEST(tc51_security_server_is_pwd_valid)
1456 reset_security_server();
1458 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1);
1459 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1461 unsigned int attempt, maxAttempt, validSec;
1462 attempt = maxAttempt = validSec = 0;
1464 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1465 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
1466 " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
1469 SystemClock clock(60*60*24*2);
1471 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1472 RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
1473 "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
1474 << " validSec=" << validSec);
1477 RUNNER_TEST(tc52_security_server_is_pwd_valid)
1479 reset_security_server();
1481 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
1482 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1484 unsigned int attempt, maxAttempt, validSec;
1485 attempt = maxAttempt = validSec = 0;
1487 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1488 RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
1489 " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
1492 RUNNER_TEST(tc53_security_server_is_pwd_valid)
1494 reset_security_server();
1496 int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3);
1497 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1499 unsigned int attempt, maxAttempt, validSec;
1500 attempt = maxAttempt = validSec = 0;
1502 // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
1503 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1504 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1505 RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
1508 clock.shift(-60*60*24); // one day back
1510 // password should be valid for 4 days == (60*60*24*4) 345600 seconds
1511 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1512 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1513 RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
1515 clock.shift(-60*60*24*2); // 3 days back
1517 // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
1518 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1519 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1520 RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
1523 int main(int argc, char *argv[])
1525 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);