projects / platform / core / test / security-tests.git / blob
? search:


19953e357b7ddfbd01be435461a45762263d49cf
[platform/core/test/security-tests.git] / tests / security-server-tests / security_server_tests_password.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4 /*
5  * @file    security_server_tests_password.cpp
6  * @author  Bumjin Im (bj.im@samsung.com)
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @author  Radoslaw Bartosiak (r.bartosiak@samsung.com)
9  * @author  Jan Olszak (j.olszak@samsung.com)
10  * @version 2.0
11  * @brief   Test cases for security server
12  *
13  * WARNING: In this file test order is very important. They have to always be run
14  * in correct order. This is done by correct test case names ("tcXX_").
15  */
16
17 #include <stdio.h>
18 #include <errno.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <limits.h>
22 #include <sys/types.h>
23 #include <sys/param.h>
24 #include <fcntl.h>
25 #include <sys/un.h>
26 #include <unistd.h>
27 #include <sys/socket.h>
28 #include <sys/time.h>
29 #include <dirent.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
32 #include <dlog.h>
33 #include "test.h"
34
35
36 #define TEST_PASSWORD       "IDLEPASS"
37 #define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
38 #define THIRD_TEST_PASSWORD      "THIRDPASS"
39 /**
40  * Reset security-server.
41  *
42  * Function should be run at the begining of every test, so every test is independent of each other.
43  */
44 void reset_security_server(){
45     int ret;
46     unsigned int attempt, max_attempt, expire_sec;
47     system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
48     sync();
49     system("killall -SIGKILL security-server");
50     sleep(1);
51
52 }
53
54
55 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
56
57
58 /**
59  * Confirm there is no password before tests are run.
60  */
61 RUNNER_TEST(tc01_clear_environment)
62 {
63     int ret;
64     unsigned int attempt, max_attempt, expire_sec;
65
66     if (getuid() == 0)
67     {
68         system("rm /opt/data/security-server/*");
69         sync();
70
71         ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
72
73         RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
74         RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
75         RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
76         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
77     }
78     else
79     {
80         SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
81         SLOGD("If not, you will see some failures\n");
82
83         RUNNER_IGNORED_MSG("I'm not root");
84     }
85     sleep(1);
86 }
87
88 /**
89  * Basic test of setting validity period.
90  */
91 RUNNER_TEST(tc02_security_server_set_pwd_validity)
92 {
93     int ret;
94
95     // Prepare environment
96     reset_security_server();
97
98     // TESTS:
99     // WITHOUT password
100     ret = security_server_set_pwd_validity(10);
101     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
102
103     ret = security_server_set_pwd_validity(11);
104     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
105
106     // WITH password
107     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
108     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
109
110     ret = security_server_set_pwd_validity(10);
111     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
112
113     ret = security_server_set_pwd_validity(11);
114     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
115
116     sleep(1);
117 }
118
119 /**
120  * Basic test of setting maximum number of password challenges.
121  */
122 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
123 {
124     int ret;
125
126     // Prepare environment
127     reset_security_server();
128
129     // TESTS:
130     // WITHOUT password
131     ret = security_server_set_pwd_max_challenge(5);
132     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
133
134     ret = security_server_set_pwd_max_challenge(6);
135     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
136
137     // WITH password
138     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
139     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
140
141     ret = security_server_set_pwd_max_challenge(5);
142     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
143
144     ret = security_server_set_pwd_max_challenge(6);
145     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
146
147     sleep(1);
148     reset_security_server();
149 }
150
151 /**
152  * Test checking a too long password.
153  */
154 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
155 {
156     int ret;
157     unsigned int attempt, max_attempt, expire_sec;
158
159     // 33 char password
160     ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
161     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
162 }
163
164 /**
165  * Test various parameter values when checking a password.
166  */
167 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
168 {
169     int ret;
170     unsigned int attempt, max_attempt, expire_sec;
171
172     ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
173     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
174
175     ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
176     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
177
178     ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
179     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
180
181     ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
182     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
183 }
184
185 /**
186  * Check the given password when no password is set.
187  */
188 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
189 {
190     int ret;
191     unsigned int attempt, max_attempt, expire_sec;
192
193     // Prepare environment - there is no password now!
194     reset_security_server();
195
196     // TEST
197     ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
198
199     RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
200     RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
201     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
202 }
203
204 /**
205  * Checks various parameter values.
206  */
207 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
208 {
209     int ret;
210
211     // Prepare environment
212     reset_security_server();
213
214     // TEST
215     ret = security_server_set_pwd(NULL, NULL, 0, 0);
216     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
217 }
218
219 /**
220  * Test setting too long password.
221  */
222 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
223 {
224     int ret;
225
226     // Prepare environment
227     reset_security_server();
228
229     // TEST
230     // 33 char password
231     ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
232     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
233 }
234
235 /**
236  * Basic password setting.
237  */
238 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
239 {
240     int ret;
241
242     // Prepare environment
243     reset_security_server();
244
245     // TEST
246     sleep(1);
247     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
248     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
249 }
250
251 /**
252  * Set a maximum password period.
253  */
254 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
255 {
256     int ret;
257     // Prepare environment
258     reset_security_server();
259     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
260     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
261
262     // TEST
263     sleep(1);
264     ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, UINT_MAX);
265     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
266 }
267
268 /**
269  * Set a maximum password challenge number.
270  */
271 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
272 {
273     int ret;
274     // Prepare environment
275     reset_security_server();
276     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
277     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
278
279     // TEST
280     sleep(1);
281     ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, UINT_MAX, 0);
282     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
283 }
284
285 /**
286  * Set empty password.
287  */
288 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
289 {
290     int ret;
291     // Prepare environment
292     reset_security_server();
293     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
294     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
295
296     // TEST
297     sleep(1);
298     ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
299     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
300 }
301
302 /**
303  * Change password to a too long password.
304  */
305 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
306 {
307     int ret;
308     // Prepare environment
309     reset_security_server();
310     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
311     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
312
313     // TEST
314     sleep(1);
315     char* long_password = (char*) malloc(5001);
316     long_password[5000] = '\0';
317     memset(long_password, 'A', 5000);
318     ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
319     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
320 }
321
322 /**
323  * Check empty password.
324  */
325 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
326 {
327     int ret;
328     unsigned int attempt, max_attempt, expire_sec;
329
330     // Prepare environment
331     reset_security_server();
332     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
333     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
334
335     // TEST
336     sleep(1);
337     ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
338     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
339 }
340
341 /**
342  * Various validity parameter values.
343  */
344 RUNNER_TEST(tc16_security_server_set_pwd_validity)
345 {
346     int ret;
347     // Prepare environment
348     reset_security_server();
349     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
350     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
351
352     // TEST
353     ret = security_server_set_pwd_validity(0);
354     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
355
356     ret = security_server_set_pwd_validity(1);
357     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
358
359     ret = security_server_set_pwd_validity(UINT_MAX);
360     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
361
362     ret = security_server_set_pwd_validity(2);
363     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
364
365 }
366
367 /**
368  * Check passwords validity
369  */
370 RUNNER_TEST(tc17_security_server_is_pwd_valid)
371 {
372     int ret;
373     unsigned int attempt, max_attempt, expire_sec;
374
375     // Prepare environment
376     reset_security_server();
377     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
378     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
379
380     // TEST:
381     sleep(1);
382     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
383     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST,  "ret = " << ret);
384     RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805),  "expire_sec = " << expire_sec);
385 }
386
387 /**
388  * Various numbers of challenges.
389  */
390 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
391 {
392     int ret;
393     // Prepare environment
394     reset_security_server();
395     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, UINT_MAX);
396     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
397
398     // TESTS
399     sleep(1);
400     ret = security_server_set_pwd_max_challenge(0);
401     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
402
403     sleep(1);
404     ret = security_server_set_pwd_max_challenge(UINT_MAX);
405     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
406
407     sleep(1);
408     ret = security_server_set_pwd_max_challenge(5);
409     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
410
411     sleep(1);
412     ret = security_server_set_pwd_max_challenge(6);
413     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
414 }
415
416
417 /**
418  * Check the max number of challenges.
419  */
420 RUNNER_TEST(tc19_security_server_is_pwd_valid)
421 {
422     int ret;
423     unsigned int attempt, max_attempt, expire_sec;
424     // Prepare environment
425     reset_security_server();
426     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
427     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
428     sleep(1);
429     ret = security_server_set_pwd_max_challenge(6);
430     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
431
432     // TEST
433     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
434     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
435     RUNNER_ASSERT_MSG(max_attempt == 6,  "max_attempt = " << max_attempt);
436 }
437
438 /**
439  * Basic password check.
440  */
441 RUNNER_TEST(tc20_security_server_chk_pwd)
442 {
443     int ret;
444     unsigned int attempt, max_attempt, expire_sec;
445
446     // Prepare environment
447     reset_security_server();
448     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
449     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
450
451     // TEST
452     sleep(1);
453     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
454     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
455
456     sleep(1);
457     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
458     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
459 }
460
461 /**
462  * Check an incorrect password.
463  */
464 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
465 {
466     int ret;
467     unsigned int attempt, max_attempt, expire_sec;
468
469     // Prepare environment
470     reset_security_server();
471     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
472     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
473
474     //TEST
475     sleep(1);
476     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
477     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
478 }
479
480 /**
481  * Check an incorrect password
482  */
483 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
484 {
485     int ret;
486
487     // Prepare environment
488     reset_security_server();
489     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
490     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
491
492     // TEST
493     sleep(1);
494     ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
495     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,  "ret = " << ret);
496 }
497
498 /**
499  * Change password
500  */
501 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
502 {
503     int ret;
504
505     // Prepare environment
506     reset_security_server();
507     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
508     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
509
510     // TEST
511     sleep(1);
512     ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
513     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
514 }
515
516 /**
517  * Check wrong password multiple times and then check a correct one.
518  */
519 RUNNER_TEST(tc24_security_server_attempt_exceeding)
520 {
521     int ret;
522     int i;
523     unsigned int attempt, max_attempt, expire_sec;
524
525     // Prepare environment
526     reset_security_server();
527     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
528     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
529
530     // TEST
531     printf("5 subtests started...");
532     for (i = 0; i < 5; i++) {
533         sleep(1);
534         ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
535         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
536         RUNNER_ASSERT_MSG(attempt == i + 1, attempt);
537     }
538     printf("DONE\n");
539
540     sleep(1);
541     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
542     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
543
544     sleep(1);
545     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
546     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
547     RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
548     RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
549 }
550
551 /**
552  * Try to exceed maximum number of challenges.
553  */
554 RUNNER_TEST(tc25_security_server_attempt_exceeding)
555 {
556     int ret;
557     int i;
558     unsigned int attempt, max_attempt, expire_sec;
559
560     // Prepare environment
561     reset_security_server();
562     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
563     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
564
565     // TEST
566     printf("10 subtests started...");
567     for (i = 0; i < 10; i++) {
568         sleep(1);
569         ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
570         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
571         RUNNER_ASSERT_MSG(attempt == i + 1, "attempt = " << attempt);
572     }
573
574     // The check, that exceeds max number
575     sleep(1);
576     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
577     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
578     printf("DONE\n");
579
580     sleep(1);
581     ret = security_server_chk_pwd(TEST_PASSWORD,  &attempt, &max_attempt, &expire_sec);
582     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
583 }
584
585 /**
586  * Reset password
587  */
588 RUNNER_TEST(tc26_security_server_reset_pwd)
589 {
590     int ret;
591
592     // Prepare environment
593     reset_security_server();
594     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
595     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
596
597     // TEST
598     sleep(1);
599     ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
600     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
601 }
602
603 /**
604  * Check too long password.
605  */
606 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
607 {
608     int ret;
609     unsigned int attempt, max_attempt, expire_sec;
610     // Prepare environment
611     reset_security_server();
612     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
613     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
614
615     // TEST
616     char* long_password = (char*) malloc(5001);
617     long_password[5000] = '\0';
618     memset(long_password, 'A', 5000);
619     ret = security_server_chk_pwd(long_password,  &attempt, &max_attempt, &expire_sec);
620     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
621 }
622
623 /**
624  * Check passwords expiration (not expired)
625  */
626 RUNNER_TEST(tc28_security_server_check_expiration)
627 {
628     int ret;
629     unsigned int attempt, max_attempt, expire_sec;
630
631     // Prepare environment
632     reset_security_server();
633     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
634     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
635
636     // TEST
637     sleep(1);
638     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
639     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
640     RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
641 }
642
643 /**
644  * Use various parameter values of parameters.
645  */
646 RUNNER_TEST(tc29_security_server_set_pwd_history)
647 {
648     int ret;
649
650     // Prepare environment
651     reset_security_server();
652     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
653     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
654
655     // TESTS
656     sleep(1);
657     ret = security_server_set_pwd_history(100);
658     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
659
660     sleep(1);
661     ret = security_server_set_pwd_history(51);
662     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
663
664     sleep(1);
665     ret = security_server_set_pwd_history(-5);
666     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
667
668     sleep(1);
669     ret = security_server_set_pwd_history(50);
670     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
671
672     sleep(1);
673     ret = security_server_set_pwd_history(0);
674     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
675
676     sleep(1);
677     ret = security_server_set_pwd_history(INT_MAX);
678     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
679
680     sleep(1);
681     ret = security_server_set_pwd_history(INT_MIN);
682     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
683
684     sleep(1);
685     ret = security_server_set_pwd_history(10);
686     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
687 }
688
689
690
691 int dir_filter(const struct dirent *entry)
692 {
693     if ((strcmp(entry->d_name, ".") == 0) ||
694         (strcmp(entry->d_name, "..") == 0) ||
695         (strcmp(entry->d_name, "attempts") == 0) ||
696         (strcmp(entry->d_name, "history") == 0))
697         return (0);
698     else
699         return (1);
700 }
701
702 void clean_password_dir(void)
703 {
704     int ret;
705     int i;
706     struct dirent **mydirent;
707
708     ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
709     i = ret;
710     while (i--)
711         free(mydirent[i]);
712     free(mydirent);
713 }
714
715
716 /**
717  * Check password history.
718  */
719 RUNNER_TEST(tc30_security_server_check_history)
720 {
721     int ret;
722     int i;
723     char buf1[33], buf2[33];
724
725     // Prepare environment
726     reset_security_server();
727
728     clean_password_dir();
729
730     sleep(1);
731     ret = security_server_set_pwd_history(10);
732     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
733
734     sleep(1);
735     ret = security_server_reset_pwd("history0", 0, 0);
736     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
737
738     printf("11 subtests started...");
739     for (i = 0; i < 11; i++) {
740         sprintf(buf1, "history%d", i);
741         sprintf(buf2, "history%d", i + 1);
742
743         sleep(1);
744         ret = security_server_set_pwd(buf1, buf2, 0, 0);
745         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
746     }
747     printf("DONE\n");
748
749     sleep(1);
750     ret = security_server_set_pwd("history11", "history1", 0, 0);
751     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
752
753     sleep(1);
754     ret = security_server_set_pwd("history1", "history8", 0, 0);
755     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
756
757     sleep(1);
758     ret = security_server_set_pwd("history1", "history12", 0, 0);
759     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
760
761     printf("48 subtests started...");
762     for (i = 12; i < 60; i++) {
763         sleep(1);
764
765         sprintf(buf1, "history%d", i);
766         sprintf(buf2, "history%d", i + 1);
767
768         ret = security_server_set_pwd(buf1, buf2, 0, 0);
769         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
770     }
771     printf("DONE\n");
772
773     clean_password_dir();
774 }
775
776 /**
777  * Replay attack
778  */
779 RUNNER_TEST(tc31_security_server_replay_attack)
780 {
781     int ret;
782     int i = 0;
783     unsigned int attempt, max_attempt, expire_sec;
784
785     sleep(1);
786     ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
787
788     while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
789         i += 100000;
790
791         ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
792         usleep(i);
793     }
794
795     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
796 }
797
798 /**
799  * Expired password
800  */
801 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
802 {
803     int ret;
804     unsigned int attempt, max_attempt, expire_sec;
805     struct timeval cur_time;
806
807     // Prepare environment
808     reset_security_server();
809     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
810     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
811
812     // TEST
813     sleep(1);
814     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
815     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
816
817     ret = gettimeofday(&cur_time, NULL);
818     RUNNER_ASSERT_MSG(ret > -1, ret);
819
820     cur_time.tv_sec += (expire_sec + 1);
821     ret = settimeofday(&cur_time, NULL);
822     RUNNER_ASSERT_MSG(ret > -1, ret);
823
824     sleep(1);
825     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
826     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
827
828     sleep(1);
829     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
830     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
831 }
832
833 /**
834  * Reset password
835  */
836 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
837 {
838     int ret;
839
840     // Prepare environment
841     reset_security_server();
842
843     // TEST
844     sleep(1);
845     ret = security_server_reset_pwd(NULL, 10, 10);
846     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
847 }
848
849
850 int main(int argc, char *argv[])
851 {
852     int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
853
854     return status;
855 }
Domain: Security / Uncategorized;