2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
33 #include "security_server_clean_env.h"
37 // security server retry timeout in microseconds
38 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
40 // the maximum time (in seconds) passwords can expire in
41 const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
44 const char* TEST_PASSWORD = "IDLEPASS";
45 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
46 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
47 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
50 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
54 * Confirm there is no password before tests are run.
56 RUNNER_TEST(tc01_clear_environment)
59 unsigned int attempt, max_attempt, expire_sec;
63 reset_security_server();
65 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
67 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
68 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
69 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
70 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
74 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
75 SLOGD("If not, you will see some failures\n");
77 RUNNER_IGNORED_MSG("I'm not root");
83 * Basic test of setting validity period.
85 RUNNER_TEST(tc02_security_server_set_pwd_validity)
89 // Prepare environment
90 reset_security_server();
94 ret = security_server_set_pwd_validity(10);
95 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
97 ret = security_server_set_pwd_validity(11);
98 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
101 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
102 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
104 ret = security_server_set_pwd_validity(10);
105 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
107 ret = security_server_set_pwd_validity(11);
108 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
114 * Basic test of setting maximum number of password challenges.
116 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
120 // Prepare environment
121 reset_security_server();
125 ret = security_server_set_pwd_max_challenge(5);
126 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
128 ret = security_server_set_pwd_max_challenge(6);
129 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
132 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
133 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
135 ret = security_server_set_pwd_max_challenge(5);
136 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
138 ret = security_server_set_pwd_max_challenge(6);
139 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
142 reset_security_server();
146 * Test checking a too long password.
148 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
151 unsigned int attempt, max_attempt, expire_sec;
154 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
155 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
159 * Test various parameter values when checking a password.
161 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
164 unsigned int attempt, max_attempt, expire_sec;
166 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
167 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
169 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
170 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
172 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
173 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
175 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
176 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
180 * Check the given password when no password is set.
182 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
185 unsigned int attempt, max_attempt, expire_sec;
187 // Prepare environment - there is no password now!
188 reset_security_server();
191 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
193 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
194 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
195 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
199 * Checks various parameter values.
201 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
205 // Prepare environment
206 reset_security_server();
209 ret = security_server_set_pwd(NULL, NULL, 0, 0);
210 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
214 * Test setting too long password.
216 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
220 // Prepare environment
221 reset_security_server();
225 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
226 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
230 * Basic password setting.
232 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
236 // Prepare environment
237 reset_security_server();
241 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
242 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
246 * Set a maximum password period.
248 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
251 // Prepare environment
252 reset_security_server();
253 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
254 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
258 // UINT_MAX will cause api error, it is to big value
259 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
260 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
262 // calculate max applicable valid days that will not be rejected by ss
263 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
264 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
265 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
266 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
270 * Set a maximum password challenge number.
272 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
275 // Prepare environment
276 reset_security_server();
277 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
278 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
282 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
283 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
287 * Set empty password.
289 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
292 // Prepare environment
293 reset_security_server();
294 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
295 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
299 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
300 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
304 * Change password to a too long password.
306 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
309 // Prepare environment
310 reset_security_server();
311 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
312 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
316 char* long_password = (char*) malloc(5001);
317 long_password[5000] = '\0';
318 memset(long_password, 'A', 5000);
319 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
320 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
324 * Check empty password.
326 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
329 unsigned int attempt, max_attempt, expire_sec;
331 // Prepare environment
332 reset_security_server();
333 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
334 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
338 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
339 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
343 * Various validity parameter values.
345 RUNNER_TEST(tc16_security_server_set_pwd_validity)
348 // Prepare environment
349 reset_security_server();
350 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
351 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
354 ret = security_server_set_pwd_validity(0);
355 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
357 ret = security_server_set_pwd_validity(1);
358 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
360 //When trying to set UINT_MAX we should get error.
361 ret = security_server_set_pwd_validity(UINT_MAX);
362 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
364 ret = security_server_set_pwd_validity(2);
365 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
369 * Check passwords validity
371 RUNNER_TEST(tc17_security_server_is_pwd_valid)
374 unsigned int attempt, max_attempt, expire_sec;
376 // Prepare environment
377 reset_security_server();
378 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
379 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
383 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
384 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
385 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
389 * Various numbers of challenges.
391 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
394 // Prepare environment
395 reset_security_server();
396 // calculate max applicable valid days that will not be rejected by ss
397 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
398 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
399 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
400 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
404 ret = security_server_set_pwd_max_challenge(0);
405 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
408 ret = security_server_set_pwd_max_challenge(UINT_MAX);
409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
412 ret = security_server_set_pwd_max_challenge(5);
413 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
416 ret = security_server_set_pwd_max_challenge(6);
417 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
422 * Check the max number of challenges.
424 RUNNER_TEST(tc19_security_server_is_pwd_valid)
427 unsigned int attempt, max_attempt, expire_sec;
428 // Prepare environment
429 reset_security_server();
430 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
431 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
433 ret = security_server_set_pwd_max_challenge(6);
434 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
437 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
438 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
439 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
443 * Basic password check.
445 RUNNER_TEST(tc20_security_server_chk_pwd)
448 unsigned int attempt, max_attempt, expire_sec;
450 // Prepare environment
451 reset_security_server();
452 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
453 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
457 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
458 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
461 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
462 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
466 * Check an incorrect password.
468 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
471 unsigned int attempt, max_attempt, expire_sec;
473 // Prepare environment
474 reset_security_server();
475 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
476 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
480 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
481 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
485 * Check an incorrect password
487 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
491 // Prepare environment
492 reset_security_server();
493 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
494 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
498 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
499 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
505 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
509 // Prepare environment
510 reset_security_server();
511 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
512 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
516 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
517 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
521 * Check wrong password multiple times and then check a correct one.
523 RUNNER_TEST(tc24_security_server_attempt_exceeding)
526 unsigned int i, attempt, max_attempt, expire_sec;
528 // Prepare environment
529 reset_security_server();
530 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
531 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
534 printf("5 subtests started...");
535 for (i = 1; i <= 5; i++) {
537 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
538 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
539 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
544 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
545 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
548 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
549 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
550 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
551 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
555 * Try to exceed maximum number of challenges.
557 RUNNER_TEST(tc25_security_server_attempt_exceeding)
560 unsigned int i, attempt, max_attempt, expire_sec;
562 // Prepare environment
563 reset_security_server();
564 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
565 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
568 printf("10 subtests started...");
569 for (i = 1; i <= 10; i++) {
571 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
572 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
573 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
576 // The check, that exceeds max number
578 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
579 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
583 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
584 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
590 RUNNER_TEST(tc26_security_server_reset_pwd)
594 // Prepare environment
595 reset_security_server();
596 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
597 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
601 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
602 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
606 * Check too long password.
608 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
611 unsigned int attempt, max_attempt, expire_sec;
612 // Prepare environment
613 reset_security_server();
614 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
615 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
618 char* long_password = (char*) malloc(5001);
619 long_password[5000] = '\0';
620 memset(long_password, 'A', 5000);
621 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
622 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
626 * Check passwords expiration (not expired)
628 RUNNER_TEST(tc28_security_server_check_expiration)
631 unsigned int attempt, max_attempt, expire_sec;
633 // Prepare environment
634 reset_security_server();
635 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
636 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
640 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
641 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
642 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
646 * Use various parameter values of parameters.
648 RUNNER_TEST(tc29_security_server_set_pwd_history)
652 // Prepare environment
653 reset_security_server();
654 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
655 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
659 ret = security_server_set_pwd_history(100);
660 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
663 ret = security_server_set_pwd_history(51);
664 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
667 ret = security_server_set_pwd_history(-5);
668 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
671 ret = security_server_set_pwd_history(50);
672 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
675 ret = security_server_set_pwd_history(0);
676 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
679 ret = security_server_set_pwd_history(INT_MAX);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
683 ret = security_server_set_pwd_history(INT_MIN);
684 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
687 ret = security_server_set_pwd_history(10);
688 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
693 int dir_filter(const struct dirent *entry)
695 if ((strcmp(entry->d_name, ".") == 0) ||
696 (strcmp(entry->d_name, "..") == 0) ||
697 (strcmp(entry->d_name, "attempts") == 0) ||
698 (strcmp(entry->d_name, "history") == 0))
704 void clean_password_dir(void)
708 struct dirent **mydirent;
710 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
719 * Check password history.
721 RUNNER_TEST(tc30_security_server_check_history)
725 char buf1[33], buf2[33];
727 // Prepare environment
728 reset_security_server();
730 clean_password_dir();
733 ret = security_server_set_pwd_history(9);
734 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
737 ret = security_server_reset_pwd("history0", 0, 0);
738 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
740 printf("11 subtests started...");
741 for (i = 0; i < 11; i++) {
742 sprintf(buf1, "history%d", i);
743 sprintf(buf2, "history%d", i + 1);
746 ret = security_server_set_pwd(buf1, buf2, 0, 0);
747 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
752 ret = security_server_set_pwd("history11", "history1", 0, 0);
753 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
756 ret = security_server_set_pwd("history1", "history8", 0, 0);
757 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
760 ret = security_server_set_pwd("history1", "history12", 0, 0);
761 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
763 printf("48 subtests started...");
764 for (i = 12; i < 60; i++) {
767 sprintf(buf1, "history%d", i);
768 sprintf(buf2, "history%d", i + 1);
770 ret = security_server_set_pwd(buf1, buf2, 0, 0);
771 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
775 clean_password_dir();
781 RUNNER_TEST(tc31_security_server_replay_attack)
785 unsigned int attempt, max_attempt, expire_sec;
788 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
790 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
793 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
797 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
803 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
806 unsigned int attempt, max_attempt, expire_sec;
807 struct timeval cur_time;
809 // Prepare environment
810 reset_security_server();
811 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
812 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
816 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
817 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
819 ret = gettimeofday(&cur_time, NULL);
820 RUNNER_ASSERT_MSG(ret > -1, ret);
822 cur_time.tv_sec += (expire_sec + 1);
823 ret = settimeofday(&cur_time, NULL);
824 RUNNER_ASSERT_MSG(ret > -1, ret);
827 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
828 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
831 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
832 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
838 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
842 // Prepare environment
843 reset_security_server();
847 ret = security_server_reset_pwd(NULL, 10, 10);
848 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
852 * Use this instead of security_server_chk_pwd directly to verify the function output.
854 * verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
856 void verify_chk_pwd_basic(
857 const char* challenge,
859 unsigned int expected_current_attempt,
860 unsigned int expected_max_attempt,
861 unsigned int expected_valid_secs,
862 const Tracker &tracker = Tracker())
864 /* ensure that initial values differ from expected ones */
865 unsigned int attempt = expected_current_attempt - 1;
866 unsigned int max_attempt = expected_max_attempt - 1;
867 unsigned int expire_sec = expected_valid_secs - 1;
869 usleep(PASSWORD_RETRY_TIMEOUT_US);
870 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
872 // validate returned value
873 RUNNER_ASSERT_MSG(ret == expected_result,
875 "security_server_chk_pwd returned "
876 << ret << " (expected: " << expected_result << ")");
878 // validate current attempts value
879 RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
881 "security_server_chk_pwd returned attempt = " << attempt <<
882 " (expected: " << expected_current_attempt << ")");
884 // validate max attempt value
885 RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
887 "security_server_chk_pwd returned max_attempt = " << max_attempt <<
888 " (expected: " << expected_max_attempt << ")");
890 // validate expire seconds
891 if (expected_valid_secs == PASSWORD_INFINITE_EXPIRATION_TIME) {
892 RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs,
894 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
895 " (expected: " << expected_valid_secs << ")");
897 // because of sleeps in test code we need to check period of time.
898 unsigned int begin = expected_valid_secs > 5 ? expected_valid_secs - 5 : 0;
899 unsigned int end = expected_valid_secs + 5;
901 RUNNER_ASSERT_MSG(expire_sec >= begin && expire_sec <= end,
903 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
904 " (expected: <" << begin << "," << end << ")");
908 /* This function is required because we cannot use default value in expected_valid_secs in
909 * verify_chk_pwd_basic and define Tracker at the same time. */
911 const char *challenge,
913 unsigned int expected_current_attempt,
914 unsigned int expected_max_attempt,
915 const Tracker &tracker = Tracker())
917 verify_chk_pwd_basic(
920 expected_current_attempt,
921 expected_max_attempt,
922 PASSWORD_INFINITE_EXPIRATION_TIME,
928 * Reach last attempt few times in a row (before exceeding max_attempt).
930 RUNNER_TEST(tc34_security_server_max_attempts)
932 // Prepare environment
933 reset_security_server();
935 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
936 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
938 // change max attempts number few times
939 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
941 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
942 unsigned int max_challenges = max_challenge_tab[pass];
944 usleep(PASSWORD_RETRY_TIMEOUT_US);
945 ret = security_server_set_pwd_max_challenge(max_challenges);
946 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
948 // max_challenges-1 wrong password attempts
949 for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
950 verify_chk_pwd(SECOND_TEST_PASSWORD,
951 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
955 std::string("pass = " + std::to_string(pass) +
956 ", attempt = " + std::to_string(attempt_nr))));
958 // Check correct password finally
959 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
960 max_challenges, max_challenges, TRACE_FROM_HERE);
965 * Decrease 'max challenge' number after several missed attempts.
967 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
969 const unsigned int max_challenge_more = 10;
970 const unsigned int max_challenge_less = 5;
972 // Prepare environment
973 reset_security_server();
975 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
976 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
979 for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
980 verify_chk_pwd(SECOND_TEST_PASSWORD,
981 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
985 std::string("attempt = " + std::to_string(attempt))));
987 // lower max_challenge
988 usleep(PASSWORD_RETRY_TIMEOUT_US);
989 ret = security_server_set_pwd_max_challenge(max_challenge_less);
990 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
992 // try valid password - should pass (curr attempts is reset)
993 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less,
996 // remove max attempts limit
997 usleep(PASSWORD_RETRY_TIMEOUT_US);
998 ret = security_server_set_pwd_max_challenge(0);
999 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1001 // try valid password again - should pass
1002 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
1004 // try to change the password - should pass
1005 usleep(PASSWORD_RETRY_TIMEOUT_US);
1006 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1007 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1009 // validate new password
1010 verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
1014 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
1015 * works as it should.
1017 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
1019 const int history_depth = 5;
1020 const unsigned int max_challenge = 3;
1021 std::string prev_pass, new_pass = TEST_PASSWORD;
1023 // Prepare environment
1024 reset_security_server();
1026 int ret = security_server_set_pwd_history(history_depth);
1027 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1029 usleep(PASSWORD_RETRY_TIMEOUT_US);
1030 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
1031 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1033 for (int depth = 0; depth < history_depth; ++depth) {
1034 prev_pass = new_pass;
1036 //generate password name
1037 new_pass = "history" + std::to_string(depth+1);
1039 usleep(PASSWORD_RETRY_TIMEOUT_US);
1040 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
1041 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1043 // challenge initial password
1046 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1049 TRACE_FROM_HERE_MSG(
1050 std::string("depth = " + std::to_string(depth))));
1052 // challenge previous password
1055 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1058 TRACE_FROM_HERE_MSG(
1059 std::string("depth = " + std::to_string(depth)).c_str()));
1064 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1065 * This test simulates user's behaviour - challenges valid and invalid passwords
1066 * in various combinations.
1068 RUNNER_TEST(tc37_security_server_challenge_mixed)
1070 // Prepare environment
1071 reset_security_server();
1073 const unsigned int max_challenge = 2;
1074 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1075 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1077 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1078 for (unsigned int i = 0; i < max_challenge; ++i)
1081 SECURITY_SERVER_API_SUCCESS,
1084 TRACE_FROM_HERE_MSG(
1085 std::string("i = " + std::to_string(i))));
1087 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1088 // If it didn't, the test would fail in third loop pass.
1089 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1092 SECOND_TEST_PASSWORD,
1093 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1096 TRACE_FROM_HERE_MSG(
1097 std::string("i = " + std::to_string(i))));
1102 SECURITY_SERVER_API_SUCCESS,
1105 TRACE_FROM_HERE_MSG(
1106 std::string("i = " + std::to_string(i))));
1109 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1110 // any further attempts (even correct) are blocked
1111 for (unsigned int i = 1; i <= max_challenge; ++i)
1113 SECOND_TEST_PASSWORD,
1114 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1117 TRACE_FROM_HERE_MSG(
1118 std::string("i = " + std::to_string(i))));
1120 // correct - refused
1121 for (unsigned int i = 1; i <= max_challenge; ++i)
1124 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1127 TRACE_FROM_HERE_MSG(
1128 std::string("i = " + std::to_string(i))));
1132 * Pasword change mixed with history depth change.
1134 RUNNER_TEST(tc38_security_server_history_depth_change)
1137 const int initial_history_depth = 2;
1138 const int decreased_history_depth = 1;
1139 const int increased_history_depth = 3;
1141 // Prepare environment
1142 reset_security_server();
1144 ret = security_server_set_pwd_history(initial_history_depth);
1145 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1147 usleep(PASSWORD_RETRY_TIMEOUT_US);
1148 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1149 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1151 usleep(PASSWORD_RETRY_TIMEOUT_US);
1152 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1153 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1155 usleep(PASSWORD_RETRY_TIMEOUT_US);
1156 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1157 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1159 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1160 usleep(PASSWORD_RETRY_TIMEOUT_US);
1161 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1162 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1165 * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
1166 * and SECOND_TEST_PASSWORD as a part of history.
1168 usleep(PASSWORD_RETRY_TIMEOUT_US);
1169 ret = security_server_set_pwd_history(decreased_history_depth);
1170 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1172 usleep(PASSWORD_RETRY_TIMEOUT_US);
1173 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1174 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1176 usleep(PASSWORD_RETRY_TIMEOUT_US);
1177 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1178 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1181 * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
1182 * and THIRD_TEST_PASSWORD only.
1184 usleep(PASSWORD_RETRY_TIMEOUT_US);
1185 ret = security_server_set_pwd_history(increased_history_depth);
1186 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1188 // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
1189 usleep(PASSWORD_RETRY_TIMEOUT_US);
1190 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1191 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1193 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1194 usleep(PASSWORD_RETRY_TIMEOUT_US);
1195 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1196 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1200 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1202 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1204 unsigned int attempt, max_attempt, expire_sec;
1205 const unsigned int max_challenge = 10;
1206 const unsigned int invalid_attempts_num = 3;
1208 // Prepare environment
1209 reset_security_server();
1211 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1212 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1215 for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
1217 SECOND_TEST_PASSWORD,
1218 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1221 TRACE_FROM_HERE_MSG(
1222 std::string("attempt = " + std::to_string(attempt))));
1224 usleep(PASSWORD_RETRY_TIMEOUT_US);
1225 attempt = max_attempt = expire_sec = UINT_MAX;
1226 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1227 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1228 RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1229 RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
1230 RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
1233 // restart server - triggers loading password data from file
1234 restart_security_server();
1236 // challenge invalid password
1238 SECOND_TEST_PASSWORD,
1239 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1240 invalid_attempts_num + 1,
1244 // challenge valid password
1247 SECURITY_SERVER_API_SUCCESS,
1248 invalid_attempts_num + 2,
1254 * Validate passwords history after security server reset.
1256 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1258 const unsigned int history_depth = 2;
1260 // Prepare environment
1261 reset_security_server();
1263 int ret = security_server_set_pwd_history(history_depth);
1264 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1266 usleep(PASSWORD_RETRY_TIMEOUT_US);
1267 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1268 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1270 usleep(PASSWORD_RETRY_TIMEOUT_US);
1271 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1272 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1274 usleep(PASSWORD_RETRY_TIMEOUT_US);
1275 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1276 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1278 usleep(PASSWORD_RETRY_TIMEOUT_US);
1279 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1280 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1282 // restart server - triggers loading password data from file
1283 restart_security_server();
1285 // try to reuse history passwords
1286 usleep(PASSWORD_RETRY_TIMEOUT_US);
1287 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1288 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1290 usleep(PASSWORD_RETRY_TIMEOUT_US);
1291 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1292 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1294 usleep(PASSWORD_RETRY_TIMEOUT_US);
1295 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1296 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1300 * Check if SS has correct behaviour when changing history depth to 0.
1302 RUNNER_TEST(tc41_security_server_empty_history_check)
1304 const unsigned int history_depth = 2;
1305 const unsigned int empty_history_depth = 0;
1307 //prepare environment
1308 reset_security_server();
1310 //set new history count
1311 int ret = security_server_set_pwd_history(history_depth);
1312 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1314 //set new password and fill history
1315 usleep(PASSWORD_RETRY_TIMEOUT_US);
1316 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1317 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1319 usleep(PASSWORD_RETRY_TIMEOUT_US);
1320 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1321 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1323 usleep(PASSWORD_RETRY_TIMEOUT_US);
1324 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1325 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1327 //make sure, that everything went OK - try setting something that would cause reuse error
1328 usleep(PASSWORD_RETRY_TIMEOUT_US);
1329 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1330 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1332 usleep(PASSWORD_RETRY_TIMEOUT_US);
1333 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1334 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1336 //reset history limit to no history at all
1337 usleep(PASSWORD_RETRY_TIMEOUT_US);
1338 ret = security_server_set_pwd_history(empty_history_depth);
1339 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1341 //make sure, that current password still exists in memory
1342 //expected attempt 3 because our previous tries increased attempt counter
1344 THIRD_TEST_PASSWORD,
1345 SECURITY_SERVER_API_SUCCESS,
1350 //make sure that it's possible to reuse old password once history limit is set to 0
1351 usleep(PASSWORD_RETRY_TIMEOUT_US);
1352 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1353 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1355 //once again try setting earlier used passwords - now API should return success
1356 usleep(PASSWORD_RETRY_TIMEOUT_US);
1357 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1358 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1360 usleep(PASSWORD_RETRY_TIMEOUT_US);
1361 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1362 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1365 RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
1367 //prepare environment
1368 reset_security_server();
1371 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1372 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1374 //try setting different password and giving NULL as current once again
1375 usleep(PASSWORD_RETRY_TIMEOUT_US);
1376 ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
1377 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1380 RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
1382 //prepare environment
1383 reset_security_server();
1386 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1387 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1390 unsigned int attempt, max_attempt, expire_sec;
1391 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1392 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1393 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1394 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1397 RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
1399 //prepare environment
1400 reset_security_server();
1403 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1404 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1407 unsigned int attempt, max_attempt, expire_sec;
1408 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1410 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1411 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1414 RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
1416 //prepare environment
1417 reset_security_server();
1420 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1421 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1424 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1425 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1426 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1427 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1430 RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
1432 //prepare environment
1433 reset_security_server();
1436 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1437 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1440 ret = security_server_set_pwd_validity(11);
1441 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1442 ret = security_server_set_pwd_validity(11);
1443 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1446 RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
1448 //prepare environment
1449 reset_security_server();
1452 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1453 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1456 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1457 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1458 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1459 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1462 RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
1464 //prepare environment
1465 reset_security_server();
1468 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1469 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1472 ret = security_server_set_pwd_history(5);
1473 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1474 ret = security_server_set_pwd_history(5);
1475 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1478 RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
1480 //prepare environment
1481 reset_security_server();
1484 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1485 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1488 ret = security_server_set_pwd_max_challenge(5);
1489 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1490 ret = security_server_set_pwd_max_challenge(5);
1491 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1494 int main(int argc, char *argv[])
1496 int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);