2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
36 #define TEST_PASSWORD "IDLEPASS"
37 #define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
38 #define THIRD_TEST_PASSWORD "THIRDPASS"
40 * Reset security-server.
42 * Function should be run at the begining of every test, so every test is independent of each other.
44 void reset_security_server(){
46 unsigned int attempt, max_attempt, expire_sec;
47 system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
49 system("killall -SIGKILL security-server");
55 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
59 * Confirm there is no password before tests are run.
61 RUNNER_TEST(tc01_clear_environment)
64 unsigned int attempt, max_attempt, expire_sec;
68 system("rm /opt/data/security-server/*");
71 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
73 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
74 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
75 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
76 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
80 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
81 SLOGD("If not, you will see some failures\n");
83 RUNNER_IGNORED_MSG("I'm not root");
89 * Basic test of setting validity period.
91 RUNNER_TEST(tc02_security_server_set_pwd_validity)
95 // Prepare environment
96 reset_security_server();
100 ret = security_server_set_pwd_validity(10);
101 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
103 ret = security_server_set_pwd_validity(11);
104 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
107 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
108 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
110 ret = security_server_set_pwd_validity(10);
111 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
113 ret = security_server_set_pwd_validity(11);
114 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
120 * Basic test of setting maximum number of password challenges.
122 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
126 // Prepare environment
127 reset_security_server();
131 ret = security_server_set_pwd_max_challenge(5);
132 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
134 ret = security_server_set_pwd_max_challenge(6);
135 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
138 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
139 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
141 ret = security_server_set_pwd_max_challenge(5);
142 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
144 ret = security_server_set_pwd_max_challenge(6);
145 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
148 reset_security_server();
152 * Test checking a too long password.
154 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
157 unsigned int attempt, max_attempt, expire_sec;
160 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
161 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
165 * Test various parameter values when checking a password.
167 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
170 unsigned int attempt, max_attempt, expire_sec;
172 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
173 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
175 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
176 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
178 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
179 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
181 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
182 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
186 * Check the given password when no password is set.
188 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
191 unsigned int attempt, max_attempt, expire_sec;
193 // Prepare environment - there is no password now!
194 reset_security_server();
197 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
199 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
200 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
201 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
205 * Checks various parameter values.
207 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
211 // Prepare environment
212 reset_security_server();
215 ret = security_server_set_pwd(NULL, NULL, 0, 0);
216 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
220 * Test setting too long password.
222 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
226 // Prepare environment
227 reset_security_server();
231 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
232 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
236 * Basic password setting.
238 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
242 // Prepare environment
243 reset_security_server();
247 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
248 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
252 * Set a maximum password period.
254 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
257 // Prepare environment
258 reset_security_server();
259 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
260 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
264 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, UINT_MAX);
265 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
269 * Set a maximum password challenge number.
271 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
274 // Prepare environment
275 reset_security_server();
276 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
277 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
281 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, UINT_MAX, 0);
282 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
286 * Set empty password.
288 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
291 // Prepare environment
292 reset_security_server();
293 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
294 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
298 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
299 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
303 * Change password to a too long password.
305 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
308 // Prepare environment
309 reset_security_server();
310 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
311 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
315 char* long_password = (char*) malloc(5001);
316 long_password[5000] = '\0';
317 memset(long_password, 'A', 5000);
318 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
319 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
323 * Check empty password.
325 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
328 unsigned int attempt, max_attempt, expire_sec;
330 // Prepare environment
331 reset_security_server();
332 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
333 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
337 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
338 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
342 * Various validity parameter values.
344 RUNNER_TEST(tc16_security_server_set_pwd_validity)
347 // Prepare environment
348 reset_security_server();
349 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
350 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
353 ret = security_server_set_pwd_validity(0);
354 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
356 ret = security_server_set_pwd_validity(1);
357 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
359 ret = security_server_set_pwd_validity(UINT_MAX);
360 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
362 ret = security_server_set_pwd_validity(2);
363 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
368 * Check passwords validity
370 RUNNER_TEST(tc17_security_server_is_pwd_valid)
373 unsigned int attempt, max_attempt, expire_sec;
375 // Prepare environment
376 reset_security_server();
377 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
378 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
382 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
383 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
384 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
388 * Various numbers of challenges.
390 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
393 // Prepare environment
394 reset_security_server();
395 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, UINT_MAX);
396 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
400 ret = security_server_set_pwd_max_challenge(0);
401 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
404 ret = security_server_set_pwd_max_challenge(UINT_MAX);
405 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
408 ret = security_server_set_pwd_max_challenge(5);
409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
412 ret = security_server_set_pwd_max_challenge(6);
413 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
418 * Check the max number of challenges.
420 RUNNER_TEST(tc19_security_server_is_pwd_valid)
423 unsigned int attempt, max_attempt, expire_sec;
424 // Prepare environment
425 reset_security_server();
426 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
427 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
429 ret = security_server_set_pwd_max_challenge(6);
430 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
433 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
434 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
435 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
439 * Basic password check.
441 RUNNER_TEST(tc20_security_server_chk_pwd)
444 unsigned int attempt, max_attempt, expire_sec;
446 // Prepare environment
447 reset_security_server();
448 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
449 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
453 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
454 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
457 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
458 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
462 * Check an incorrect password.
464 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
467 unsigned int attempt, max_attempt, expire_sec;
469 // Prepare environment
470 reset_security_server();
471 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
472 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
476 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
477 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
481 * Check an incorrect password
483 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
487 // Prepare environment
488 reset_security_server();
489 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
490 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
494 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
495 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
501 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
505 // Prepare environment
506 reset_security_server();
507 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
508 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
512 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
513 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
517 * Check wrong password multiple times and then check a correct one.
519 RUNNER_TEST(tc24_security_server_attempt_exceeding)
523 unsigned int attempt, max_attempt, expire_sec;
525 // Prepare environment
526 reset_security_server();
527 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
528 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
531 printf("5 subtests started...");
532 for (i = 0; i < 5; i++) {
534 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
535 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
536 RUNNER_ASSERT_MSG(attempt == i + 1, attempt);
541 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
542 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
545 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
546 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
547 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
548 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
552 * Try to exceed maximum number of challenges.
554 RUNNER_TEST(tc25_security_server_attempt_exceeding)
558 unsigned int attempt, max_attempt, expire_sec;
560 // Prepare environment
561 reset_security_server();
562 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
563 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
566 printf("10 subtests started...");
567 for (i = 0; i < 10; i++) {
569 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
570 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
571 RUNNER_ASSERT_MSG(attempt == i + 1, "attempt = " << attempt);
574 // The check, that exceeds max number
576 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
577 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
581 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
582 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
588 RUNNER_TEST(tc26_security_server_reset_pwd)
592 // Prepare environment
593 reset_security_server();
594 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
595 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
599 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
600 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
604 * Check too long password.
606 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
609 unsigned int attempt, max_attempt, expire_sec;
610 // Prepare environment
611 reset_security_server();
612 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
613 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
616 char* long_password = (char*) malloc(5001);
617 long_password[5000] = '\0';
618 memset(long_password, 'A', 5000);
619 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
620 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
624 * Check passwords expiration (not expired)
626 RUNNER_TEST(tc28_security_server_check_expiration)
629 unsigned int attempt, max_attempt, expire_sec;
631 // Prepare environment
632 reset_security_server();
633 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
634 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
638 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
639 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
640 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
644 * Use various parameter values of parameters.
646 RUNNER_TEST(tc29_security_server_set_pwd_history)
650 // Prepare environment
651 reset_security_server();
652 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
653 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
657 ret = security_server_set_pwd_history(100);
658 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
661 ret = security_server_set_pwd_history(51);
662 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
665 ret = security_server_set_pwd_history(-5);
666 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
669 ret = security_server_set_pwd_history(50);
670 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
673 ret = security_server_set_pwd_history(0);
674 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
677 ret = security_server_set_pwd_history(INT_MAX);
678 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
681 ret = security_server_set_pwd_history(INT_MIN);
682 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
685 ret = security_server_set_pwd_history(10);
686 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
691 int dir_filter(const struct dirent *entry)
693 if ((strcmp(entry->d_name, ".") == 0) ||
694 (strcmp(entry->d_name, "..") == 0) ||
695 (strcmp(entry->d_name, "attempts") == 0) ||
696 (strcmp(entry->d_name, "history") == 0))
702 void clean_password_dir(void)
706 struct dirent **mydirent;
708 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
717 * Check password history.
719 RUNNER_TEST(tc30_security_server_check_history)
723 char buf1[33], buf2[33];
725 // Prepare environment
726 reset_security_server();
728 clean_password_dir();
731 ret = security_server_set_pwd_history(10);
732 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
735 ret = security_server_reset_pwd("history0", 0, 0);
736 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
738 printf("11 subtests started...");
739 for (i = 0; i < 11; i++) {
740 sprintf(buf1, "history%d", i);
741 sprintf(buf2, "history%d", i + 1);
744 ret = security_server_set_pwd(buf1, buf2, 0, 0);
745 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
750 ret = security_server_set_pwd("history11", "history1", 0, 0);
751 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
754 ret = security_server_set_pwd("history1", "history8", 0, 0);
755 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
758 ret = security_server_set_pwd("history1", "history12", 0, 0);
759 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
761 printf("48 subtests started...");
762 for (i = 12; i < 60; i++) {
765 sprintf(buf1, "history%d", i);
766 sprintf(buf2, "history%d", i + 1);
768 ret = security_server_set_pwd(buf1, buf2, 0, 0);
769 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
773 clean_password_dir();
779 RUNNER_TEST(tc31_security_server_replay_attack)
783 unsigned int attempt, max_attempt, expire_sec;
786 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
788 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
791 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
795 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
801 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
804 unsigned int attempt, max_attempt, expire_sec;
805 struct timeval cur_time;
807 // Prepare environment
808 reset_security_server();
809 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
810 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
814 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
815 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
817 ret = gettimeofday(&cur_time, NULL);
818 RUNNER_ASSERT_MSG(ret > -1, ret);
820 cur_time.tv_sec += (expire_sec + 1);
821 ret = settimeofday(&cur_time, NULL);
822 RUNNER_ASSERT_MSG(ret > -1, ret);
825 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
826 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
829 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
830 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
836 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
840 // Prepare environment
841 reset_security_server();
845 ret = security_server_reset_pwd(NULL, 10, 10);
846 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
850 int main(int argc, char *argv[])
852 int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);