2 * Copyright (c) 2000 - 2013 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Bumjin Im <bj.im@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
19 * @file password-manager.cpp
20 * @author Zbigniew Jasinski (z.jasinski@samsung.com)
21 * @author Lukasz Kostyra (l.kostyra@partner.samsung.com)
23 * @brief Implementation of password management functions
26 #include <password-manager.h>
34 #include <dpl/log/log.h>
36 #include <protocols.h>
38 #include <security-server.h>
41 bool calculateExpiredTime(unsigned int receivedDays, unsigned int &validSecs)
43 validSecs = SecurityServer::PASSWORD_INFINITE_EXPIRATION_TIME;
45 //when receivedDays means infinite expiration, return default validSecs value.
46 if(receivedDays == SecurityServer::PASSWORD_INFINITE_EXPIRATION_DAYS)
49 time_t curTime = time(NULL);
51 if (receivedDays > ((UINT_MAX - curTime) / 86400)) {
52 LogError("Incorrect input param.");
55 validSecs = (curTime + (receivedDays * 86400));
61 namespace SecurityServer
63 int PasswordManager::isPwdValid(unsigned int ¤tAttempt, unsigned int &maxAttempt,
64 unsigned int &expirationTime) const
66 if (m_pwdFile.isIgnorePeriod()) {
67 LogError("Retry timeout occured.");
68 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
71 if (!m_pwdFile.isPasswordActive()) {
72 LogError("Current password not active.");
73 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
75 currentAttempt = m_pwdFile.getAttempt();
76 maxAttempt = m_pwdFile.getMaxAttempt();
77 expirationTime = m_pwdFile.getExpireTimeLeft();
79 return SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
82 return SECURITY_SERVER_API_SUCCESS;
85 int PasswordManager::checkPassword(const std::string &challenge, unsigned int ¤tAttempt,
86 unsigned int &maxAttempt, unsigned int &expirationTime)
88 LogSecureDebug("Inside checkPassword function.");
90 if (m_pwdFile.isIgnorePeriod()) {
91 LogError("Retry timeout occurred.");
92 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
95 if (!m_pwdFile.isPasswordActive()) {
96 LogError("Password not active.");
97 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
100 m_pwdFile.incrementAttempt();
101 m_pwdFile.writeAttemptToFile();
103 currentAttempt = m_pwdFile.getAttempt();
104 maxAttempt = m_pwdFile.getMaxAttempt();
105 expirationTime = m_pwdFile.getExpireTimeLeft();
107 if (m_pwdFile.checkIfAttemptsExceeded()) {
108 LogError("Too many tries.");
109 return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
112 if (!m_pwdFile.checkPassword(challenge)) {
113 LogError("Wrong password.");
114 return SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH;
117 if (m_pwdFile.checkExpiration()) {
118 LogError("Password expired.");
119 return SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED;
122 m_pwdFile.resetAttempt();
123 m_pwdFile.writeAttemptToFile();
125 return SECURITY_SERVER_API_SUCCESS;
128 int PasswordManager::setPassword(const std::string ¤tPassword,
129 const std::string &newPassword,
130 const unsigned int receivedAttempts,
131 const unsigned int receivedDays)
133 LogSecureDebug("Curpwd = " << currentPassword << ", newpwd = " << newPassword <<
134 ", recatt = " << receivedAttempts << ", recdays = " << receivedDays);
136 unsigned int valid_secs = 0;
139 if (m_pwdFile.isIgnorePeriod()) {
140 LogError("Retry timeout occured.");
141 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
144 //check if passwords are correct
145 if (currentPassword.size() > MAX_PASSWORD_LEN) {
146 LogError("Current password length failed.");
147 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
150 if (newPassword.size() > MAX_PASSWORD_LEN) {
151 LogError("New password length failed.");
152 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
155 //check delivered currentPassword
156 //when m_passwordActive flag is true, currentPassword shouldn't be empty
157 if (currentPassword.empty() && m_pwdFile.isPasswordActive()) {
158 LogError("Password is already set. Max history: " << m_pwdFile.getMaxHistorySize());
159 return SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
162 //increment attempt count before checking it against max attempt count
163 m_pwdFile.incrementAttempt();
164 m_pwdFile.writeAttemptToFile();
167 if (m_pwdFile.checkIfAttemptsExceeded()) {
168 LogError("Too many attempts.");
169 return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
172 //check current password, however only when we don't send empty string as current.
173 if(!currentPassword.empty()) {
174 if(!m_pwdFile.checkPassword(currentPassword)) {
175 LogError("Wrong password.");
176 return SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH;
180 //check if password expired
181 if (m_pwdFile.checkExpiration()) {
182 LogError("Password expired.");
183 return SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED;
186 //check history, however only if history is active
187 if (m_pwdFile.isPasswordActive() && m_pwdFile.isHistoryActive()) {
188 if (m_pwdFile.isPasswordReused(newPassword)) {
189 LogError("Password reused.");
190 return SECURITY_SERVER_API_ERROR_PASSWORD_REUSED;
194 if(!calculateExpiredTime(receivedDays, valid_secs)) {
195 LogError("Received expiration time incorrect.");
196 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
200 m_pwdFile.setPassword(newPassword);
201 m_pwdFile.activatePassword();
202 m_pwdFile.setMaxAttempt(receivedAttempts);
203 m_pwdFile.setExpireTime(valid_secs);
204 m_pwdFile.writeMemoryToFile();
206 m_pwdFile.resetAttempt();
207 m_pwdFile.writeAttemptToFile();
209 return SECURITY_SERVER_API_SUCCESS;
212 int PasswordManager::setPasswordValidity(const unsigned int receivedDays)
214 unsigned int valid_secs = 0;
216 LogSecureDebug("received_days: " << receivedDays);
218 if (!m_pwdFile.isPasswordActive()) {
219 LogError("Current password is not active.");
220 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
223 if(!calculateExpiredTime(receivedDays, valid_secs))
224 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
226 m_pwdFile.setExpireTime(valid_secs);
227 m_pwdFile.writeMemoryToFile();
229 return SECURITY_SERVER_API_SUCCESS;
232 int PasswordManager::resetPassword(const std::string &newPassword,
233 const unsigned int receivedAttempts,
234 const unsigned int receivedDays)
236 unsigned int valid_secs = 0;
238 if (m_pwdFile.isIgnorePeriod()) {
239 LogError("Retry timeout occured.");
240 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
243 if(!calculateExpiredTime(receivedDays, valid_secs))
244 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
246 m_pwdFile.setPassword(newPassword);
247 m_pwdFile.activatePassword();
248 m_pwdFile.setMaxAttempt(receivedAttempts);
249 m_pwdFile.setExpireTime(valid_secs);
250 m_pwdFile.writeMemoryToFile();
252 m_pwdFile.resetAttempt();
253 m_pwdFile.writeAttemptToFile();
255 return SECURITY_SERVER_API_SUCCESS;
258 int PasswordManager::setPasswordHistory(const unsigned int history)
260 if(history > MAX_PASSWORD_HISTORY) {
261 LogError("Incorrect input param.");
262 return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
266 if (m_pwdFile.isIgnorePeriod()) {
267 LogError("Retry timeout occurred.");
268 return SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER;
271 m_pwdFile.setMaxHistorySize(history);
272 m_pwdFile.writeMemoryToFile();
274 return SECURITY_SERVER_API_SUCCESS;
277 int PasswordManager::setPasswordMaxChallenge(const unsigned int maxChallenge)
279 // check if there is password
280 if (!m_pwdFile.isPasswordActive()) {
281 LogError("Password not active.");
282 return SECURITY_SERVER_API_ERROR_NO_PASSWORD;
285 m_pwdFile.setMaxAttempt(maxChallenge);
286 m_pwdFile.writeMemoryToFile();
288 m_pwdFile.resetAttempt();
289 m_pwdFile.writeAttemptToFile();
291 return SECURITY_SERVER_API_SUCCESS;
293 } //namespace SecurityServer