2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Bumjin Im <bj.im@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file password-manager.cpp
20 * @author Zbigniew Jasinski (z.jasinski@samsung.com)
21 * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
23 * @brief Implementation of password management functions
26 #include <password-manager.h>
34 #include <dpl/log/log.h>
36 #include <protocols.h>
38 #include <security-server.h>
41 bool calculateExpiredTime(unsigned int receivedDays, unsigned int &validSecs)
43 validSecs = SecurityServer::PASSWORD_INFINITE_EXPIRATION_TIME;
45 //when receivedDays means infinite expiration, return default validSecs value.
46 if(receivedDays == SecurityServer::PASSWORD_INFINITE_EXPIRATION_DAYS)
49 time_t curTime = time(NULL);
51 if (receivedDays > ((UINT_MAX - curTime) / 86400)) {
52 LogError("Incorrect input param.");
55 validSecs = (curTime + (receivedDays * 86400));
61 namespace SecurityServer
63 int PasswordManager::isPwdValid(unsigned int ¤tAttempt, unsigned int &maxAttempt,
64 unsigned int &expirationTime) const
66 if (m_pwdFile.isIgnorePeriod()) {
67 LogError("Retry timeout occured.");
68 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
71 if (!m_pwdFile.isPasswordActive()) {
72 LogError("Current password not active.");
73 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
75 currentAttempt = m_pwdFile.getAttempt();
76 maxAttempt = m_pwdFile.getMaxAttempt();
77 expirationTime = m_pwdFile.getExpireTimeLeft();
79 return SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
82 return SECURITY_SERVER_API_SUCCESS;
85 int PasswordManager::checkPassword(const std::string &challenge, unsigned int ¤tAttempt,
86 unsigned int &maxAttempt, unsigned int &expirationTime)
88 LogSecureDebug("Inside checkPassword function.");
90 if (m_pwdFile.isIgnorePeriod()) {
91 LogError("Retry timeout occurred.");
92 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
95 if (!m_pwdFile.isPasswordActive()) {
96 LogError("Password not active.");
97 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
100 currentAttempt = m_pwdFile.getAttempt();
101 maxAttempt = m_pwdFile.getMaxAttempt();
102 expirationTime = m_pwdFile.getExpireTimeLeft();
104 if (m_pwdFile.checkIfAttemptsExceeded()) {
105 LogError("Too many tries.");
106 return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
109 m_pwdFile.incrementAttempt();
110 m_pwdFile.writeAttemptToFile();
112 if (!m_pwdFile.checkPassword(challenge)) {
113 LogError("Wrong password.");
114 return SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH;
117 if (m_pwdFile.checkExpiration()) {
118 LogError("Password expired.");
119 return SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED;
122 m_pwdFile.resetAttempt();
123 m_pwdFile.writeAttemptToFile();
125 return SECURITY_SERVER_API_SUCCESS;
128 int PasswordManager::setPassword(const std::string ¤tPassword,
129 const std::string &newPassword,
130 const unsigned int receivedAttempts,
131 const unsigned int receivedDays)
133 LogSecureDebug("Curpwd = " << currentPassword << ", newpwd = " << newPassword <<
134 ", recatt = " << receivedAttempts << ", recdays = " << receivedDays);
136 unsigned int valid_secs = 0;
139 if (m_pwdFile.isIgnorePeriod()) {
140 LogError("Retry timeout occured.");
141 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
144 //check if passwords are correct
145 if (currentPassword.size() > MAX_PASSWORD_LEN) {
146 LogError("Current password length failed.");
147 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
150 if (newPassword.size() > MAX_PASSWORD_LEN) {
151 LogError("New password length failed.");
152 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
155 //check delivered currentPassword
156 //when m_passwordActive flag is true, currentPassword shouldn't be empty
157 if (currentPassword.empty() && m_pwdFile.isPasswordActive()) {
158 LogError("Password is already set.");
159 return SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
163 if (m_pwdFile.checkIfAttemptsExceeded()) {
164 LogError("Too many attempts.");
165 return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
168 //if we didn't exceed max attempts, increment attempt count and save it to separate file
169 m_pwdFile.incrementAttempt();
170 m_pwdFile.writeAttemptToFile();
172 //check current password, however only when we don't send empty string as current.
173 if(!currentPassword.empty()) {
174 if(!m_pwdFile.checkPassword(currentPassword)) {
175 LogError("Wrong password.");
176 return SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH;
180 //check if password expired
181 if (m_pwdFile.checkExpiration()) {
182 LogError("Password expired.");
183 return SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED;
187 if (m_pwdFile.isPasswordActive()) {
188 if (m_pwdFile.isPasswordReused(newPassword)) {
189 LogError("Password reused.");
190 return SECURITY_SERVER_API_ERROR_PASSWORD_REUSED;
194 if(!calculateExpiredTime(receivedDays, valid_secs)) {
195 LogError("Received expiration time incorrect.");
196 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
200 m_pwdFile.setPassword(newPassword);
201 m_pwdFile.setMaxAttempt(receivedAttempts);
202 m_pwdFile.setExpireTime(valid_secs);
203 m_pwdFile.writeMemoryToFile();
205 m_pwdFile.resetAttempt();
206 m_pwdFile.writeAttemptToFile();
208 return SECURITY_SERVER_API_SUCCESS;
211 int PasswordManager::setPasswordValidity(const unsigned int receivedDays)
213 unsigned int valid_secs = 0;
215 LogSecureDebug("received_days: " << receivedDays);
217 if (!m_pwdFile.isPasswordActive()) {
218 LogError("Current password is not active.");
219 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
222 if(!calculateExpiredTime(receivedDays, valid_secs))
223 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
225 m_pwdFile.setExpireTime(valid_secs);
226 m_pwdFile.writeMemoryToFile();
228 return SECURITY_SERVER_API_SUCCESS;
231 int PasswordManager::resetPassword(const std::string &newPassword,
232 const unsigned int receivedAttempts,
233 const unsigned int receivedDays)
235 unsigned int valid_secs = 0;
237 if (m_pwdFile.isIgnorePeriod()) {
238 LogError("Retry timeout occured.");
239 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
242 if(!calculateExpiredTime(receivedDays, valid_secs))
243 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
245 m_pwdFile.setPassword(newPassword);
246 m_pwdFile.setMaxAttempt(receivedAttempts);
247 m_pwdFile.setExpireTime(valid_secs);
248 m_pwdFile.writeMemoryToFile();
250 m_pwdFile.resetAttempt();
251 m_pwdFile.writeAttemptToFile();
253 return SECURITY_SERVER_API_SUCCESS;
256 int PasswordManager::setPasswordHistory(const unsigned int history)
258 if(history > MAX_PASSWORD_HISTORY) {
259 LogError("Incorrect input param.");
260 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
264 if (m_pwdFile.isIgnorePeriod()) {
265 LogError("Retry timeout occurred.");
266 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
269 m_pwdFile.setHistory(history);
270 m_pwdFile.writeMemoryToFile();
272 return SECURITY_SERVER_API_SUCCESS;
275 int PasswordManager::setPasswordMaxChallenge(const unsigned int maxChallenge)
277 // check if there is password
278 if (!m_pwdFile.isPasswordActive()) {
279 LogError("Password not active.");
280 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
283 m_pwdFile.setMaxAttempt(maxChallenge);
284 m_pwdFile.writeMemoryToFile();
286 m_pwdFile.resetAttempt();
287 m_pwdFile.writeAttemptToFile();
289 return SECURITY_SERVER_API_SUCCESS;
291 } //namespace SecurityServer