2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
32 #include <tests_common.h>
34 #include "security_server_clean_env.h"
35 #include "security_server_tests_common.h"
36 #include <summary_collector.h>
39 // the maximum time (in seconds) passwords can expire in
40 const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
43 const char* TEST_PASSWORD = "IDLEPASS";
44 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
45 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
46 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
48 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
51 SystemClock(time_t sft)
63 void shift(time_t sft) {
65 time_t shifted = m_original + m_shift;
66 RUNNER_ASSERT_BT(0 == stime(&shifted));
70 if (std::uncaught_exception()) {
75 RUNNER_ASSERT_BT(0 == stime(&m_original));
84 * Confirm there is no password before tests are run.
86 RUNNER_TEST(tc01_clear_environment)
89 unsigned int attempt, max_attempt, expire_sec;
93 reset_security_server();
95 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
97 RUNNER_ASSERT_MSG_BT(expire_sec == 0, "expire_sec = " << expire_sec);
98 RUNNER_ASSERT_MSG_BT(max_attempt == 0, "max_attempt = " << max_attempt);
99 RUNNER_ASSERT_MSG_BT(attempt == 0, "attempt = " << attempt);
100 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
104 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
105 SLOGD("If not, you will see some failures\n");
107 RUNNER_IGNORED_MSG("I'm not root");
112 * Basic test of setting validity period.
114 RUNNER_TEST(tc02_security_server_set_pwd_validity)
118 // Prepare environment
119 reset_security_server();
123 ret = security_server_set_pwd_validity(10);
124 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
126 ret = security_server_set_pwd_validity(11);
127 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
130 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
131 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
133 ret = security_server_set_pwd_validity(10);
134 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
136 ret = security_server_set_pwd_validity(11);
137 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
141 * Basic test of setting maximum number of password challenges.
143 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
147 // Prepare environment
148 reset_security_server();
152 ret = security_server_set_pwd_max_challenge(5);
153 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
155 ret = security_server_set_pwd_max_challenge(6);
156 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
159 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
160 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
162 ret = security_server_set_pwd_max_challenge(5);
163 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
165 ret = security_server_set_pwd_max_challenge(6);
166 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
170 * Test checking a too long password.
172 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
175 unsigned int attempt, max_attempt, expire_sec;
178 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
179 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
183 * Test various parameter values when checking a password.
185 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
188 unsigned int attempt, max_attempt, expire_sec;
190 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
191 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
193 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
194 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
196 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
197 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
199 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
200 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
204 * Check the given password when no password is set.
206 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
209 unsigned int attempt, max_attempt, expire_sec;
211 // Prepare environment - there is no password now!
212 reset_security_server();
215 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
217 RUNNER_ASSERT_MSG_BT(expire_sec == 0, expire_sec);
218 RUNNER_ASSERT_MSG_BT(max_attempt == 0, max_attempt);
219 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
223 * Checks various parameter values.
225 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
229 // Prepare environment
230 reset_security_server();
233 ret = security_server_set_pwd(NULL, NULL, 0, 0);
234 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
238 * Test setting too long password.
240 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
244 // Prepare environment
245 reset_security_server();
249 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
250 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
254 * Basic password setting.
256 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
260 // Prepare environment
261 reset_security_server();
264 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
265 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
269 * Set a maximum password period.
271 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
274 // Prepare environment
275 reset_security_server();
276 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
277 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
280 usleep(PASSWORD_RETRY_TIMEOUT_US);
281 // UINT_MAX will cause api error, it is to big value
282 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
283 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
284 usleep(PASSWORD_RETRY_TIMEOUT_US);
285 // calculate max applicable valid days that will not be rejected by ss
286 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
287 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
288 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
289 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
293 * Set a maximum password challenge number.
295 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
298 // Prepare environment
299 reset_security_server();
300 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
301 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
304 usleep(PASSWORD_RETRY_TIMEOUT_US);
305 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
306 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
310 * Set empty password.
312 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
315 // Prepare environment
316 reset_security_server();
317 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
318 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
321 usleep(PASSWORD_RETRY_TIMEOUT_US);
322 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
323 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
327 * Change password to a too long password.
329 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
332 // Prepare environment
333 reset_security_server();
334 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
335 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
338 usleep(PASSWORD_RETRY_TIMEOUT_US);
339 std::string lng_pwd(5000, 'A');
340 ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
341 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
345 * Check empty password.
347 RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
350 unsigned int attempt, max_attempt, expire_sec;
352 // Prepare environment
353 reset_security_server();
354 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
355 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
358 usleep(PASSWORD_RETRY_TIMEOUT_US);
359 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
360 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
364 * Various validity parameter values.
366 RUNNER_TEST(tc16_security_server_set_pwd_validity)
369 // Prepare environment
370 reset_security_server();
371 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
372 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
375 ret = security_server_set_pwd_validity(0);
376 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
378 ret = security_server_set_pwd_validity(1);
379 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
381 //When trying to set UINT_MAX we should get error.
382 ret = security_server_set_pwd_validity(UINT_MAX);
383 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
385 ret = security_server_set_pwd_validity(2);
386 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
390 * Check passwords validity
392 RUNNER_TEST(tc17_security_server_is_pwd_valid)
395 unsigned int attempt, max_attempt, expire_sec;
397 // Prepare environment
398 reset_security_server();
399 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
400 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
403 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
404 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
405 RUNNER_ASSERT_MSG_BT((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
409 * Various numbers of challenges.
411 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
414 // Prepare environment
415 reset_security_server();
416 // calculate max applicable valid days that will not be rejected by ss
417 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
418 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
419 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
420 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
423 ret = security_server_set_pwd_max_challenge(0);
424 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
426 ret = security_server_set_pwd_max_challenge(UINT_MAX);
427 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
429 ret = security_server_set_pwd_max_challenge(5);
430 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
432 ret = security_server_set_pwd_max_challenge(6);
433 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
438 * Check the max number of challenges.
440 RUNNER_TEST(tc19_security_server_is_pwd_valid)
443 unsigned int attempt, max_attempt, expire_sec;
444 // Prepare environment
445 reset_security_server();
446 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
447 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
449 ret = security_server_set_pwd_max_challenge(6);
450 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
453 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
454 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
455 RUNNER_ASSERT_MSG_BT(max_attempt == 6, "max_attempt = " << max_attempt);
459 * Basic password check.
461 RUNNER_TEST(tc20_security_server_chk_pwd)
464 unsigned int attempt, max_attempt, expire_sec;
466 // Prepare environment
467 reset_security_server();
468 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
469 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
472 usleep(PASSWORD_RETRY_TIMEOUT_US);
473 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
474 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, ret);
476 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
477 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
481 * Check an incorrect password.
483 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
486 unsigned int attempt, max_attempt, expire_sec;
488 // Prepare environment
489 reset_security_server();
490 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
491 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
494 usleep(PASSWORD_RETRY_TIMEOUT_US);
495 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
496 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
500 * Check an incorrect password
502 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
506 // Prepare environment
507 reset_security_server();
508 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
509 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
512 usleep(PASSWORD_RETRY_TIMEOUT_US);
513 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
514 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
520 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
524 // Prepare environment
525 reset_security_server();
526 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
527 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
530 usleep(PASSWORD_RETRY_TIMEOUT_US);
531 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
532 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
536 * Check wrong password multiple times and then check a correct one.
538 RUNNER_TEST(tc24_security_server_attempt_exceeding)
541 unsigned int i, attempt, max_attempt, expire_sec;
543 // Prepare environment
544 reset_security_server();
545 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
546 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
549 printf("5 subtests started...");
550 for (i = 1; i <= 5; i++) {
551 usleep(PASSWORD_RETRY_TIMEOUT_US);
552 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
553 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
554 RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
558 usleep(PASSWORD_RETRY_TIMEOUT_US);
559 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
560 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
562 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
563 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
564 RUNNER_ASSERT_MSG_BT(attempt == 0, "ret = " << ret);
565 RUNNER_ASSERT_MSG_BT(max_attempt == 10, "ret = " << ret);
569 * Try to exceed maximum number of challenges.
571 RUNNER_TEST(tc25_security_server_attempt_exceeding)
574 unsigned int i, attempt, max_attempt, expire_sec;
576 // Prepare environment
577 reset_security_server();
578 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
579 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
582 printf("10 subtests started...");
583 for (i = 1; i <= 10; i++) {
584 usleep(PASSWORD_RETRY_TIMEOUT_US);
585 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
586 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
587 RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
590 // The check, that exceeds max number
591 usleep(PASSWORD_RETRY_TIMEOUT_US);
592 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
593 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
596 usleep(PASSWORD_RETRY_TIMEOUT_US);
597 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
598 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
604 RUNNER_TEST(tc26_security_server_reset_pwd)
608 // Prepare environment
609 reset_security_server();
610 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
611 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
614 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
615 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
619 * Check too long password.
621 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
624 unsigned int attempt, max_attempt, expire_sec;
625 // Prepare environment
626 reset_security_server();
627 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
628 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
631 std::string lng_pwd(5000, 'A');
632 ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
633 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
637 * Check passwords expiration (not expired)
639 RUNNER_TEST(tc28_security_server_check_expiration)
642 unsigned int attempt, max_attempt, expire_sec;
644 // Prepare environment
645 reset_security_server();
646 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
647 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
650 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
651 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
652 RUNNER_ASSERT_MSG_BT((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
656 * Use various parameter values of parameters.
658 RUNNER_TEST(tc29_security_server_set_pwd_history)
662 // Prepare environment
663 reset_security_server();
664 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
665 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
668 ret = security_server_set_pwd_history(100);
669 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
671 ret = security_server_set_pwd_history(51);
672 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
674 ret = security_server_set_pwd_history(-5);
675 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
677 ret = security_server_set_pwd_history(50);
678 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
680 ret = security_server_set_pwd_history(0);
681 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
683 ret = security_server_set_pwd_history(INT_MAX);
684 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
686 ret = security_server_set_pwd_history(INT_MIN);
687 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
689 ret = security_server_set_pwd_history(10);
690 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
695 int dir_filter(const struct dirent *entry)
697 if ((strcmp(entry->d_name, ".") == 0) ||
698 (strcmp(entry->d_name, "..") == 0) ||
699 (strcmp(entry->d_name, "attempts") == 0) ||
700 (strcmp(entry->d_name, "history") == 0))
706 void clean_password_dir(void)
710 struct dirent **mydirent;
712 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
721 * Check password history.
723 RUNNER_TEST(tc30_security_server_check_history)
727 char buf1[33], buf2[33];
729 // Prepare environment
730 reset_security_server();
732 clean_password_dir();
734 ret = security_server_set_pwd_history(9);
735 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
737 ret = security_server_reset_pwd("history0", 0, 0);
738 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
740 printf("11 subtests started...");
741 for (i = 0; i < 11; i++) {
742 sprintf(buf1, "history%d", i);
743 sprintf(buf2, "history%d", i + 1);
745 usleep(PASSWORD_RETRY_TIMEOUT_US);
746 ret = security_server_set_pwd(buf1, buf2, 0, 0);
747 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
751 usleep(PASSWORD_RETRY_TIMEOUT_US);
752 ret = security_server_set_pwd("history11", "history1", 0, 0);
753 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
755 usleep(PASSWORD_RETRY_TIMEOUT_US);
756 ret = security_server_set_pwd("history1", "history8", 0, 0);
757 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
759 usleep(PASSWORD_RETRY_TIMEOUT_US);
760 ret = security_server_set_pwd("history1", "history12", 0, 0);
761 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
763 printf("48 subtests started...");
764 for (i = 12; i < 60; i++) {
765 usleep(PASSWORD_RETRY_TIMEOUT_US);
767 sprintf(buf1, "history%d", i);
768 sprintf(buf2, "history%d", i + 1);
770 ret = security_server_set_pwd(buf1, buf2, 0, 0);
771 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
775 clean_password_dir();
781 RUNNER_TEST(tc31_security_server_replay_attack)
785 unsigned int attempt, max_attempt, expire_sec;
787 usleep(PASSWORD_RETRY_TIMEOUT_US);
788 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
790 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
793 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
797 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
803 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
806 unsigned int attempt, max_attempt, expire_sec;
807 struct timeval cur_time;
809 // Prepare environment
810 reset_security_server();
811 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
812 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
815 usleep(PASSWORD_RETRY_TIMEOUT_US);
816 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
817 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
819 ret = gettimeofday(&cur_time, NULL);
820 RUNNER_ASSERT_MSG_BT(ret > -1, ret);
822 cur_time.tv_sec += (expire_sec + 1);
823 ret = settimeofday(&cur_time, NULL);
824 RUNNER_ASSERT_MSG_BT(ret > -1, ret);
826 usleep(PASSWORD_RETRY_TIMEOUT_US);
827 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
828 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
830 usleep(PASSWORD_RETRY_TIMEOUT_US);
831 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
832 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
838 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
842 // Prepare environment
843 reset_security_server();
846 ret = security_server_reset_pwd(NULL, 10, 10);
847 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
851 * Use this instead of security_server_chk_pwd directly to verify the function output.
853 * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
855 void verify_chk_pwd (
856 const char* challenge,
858 unsigned int expected_current_attempt,
859 unsigned int expected_max_attempt,
860 const std::string &info = std::string())
862 /* ensure that initial values differ from expected ones */
863 unsigned int attempt = expected_current_attempt - 1;
864 unsigned int max_attempt = expected_max_attempt - 1;
865 unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
867 usleep(PASSWORD_RETRY_TIMEOUT_US);
868 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
870 // validate returned value
871 RUNNER_ASSERT_MSG_BT(ret == expected_result,
872 info << "security_server_chk_pwd returned "
873 << ret << " (expected: " << expected_result << ")");
875 // validate current attempts value
876 RUNNER_ASSERT_MSG_BT(attempt == expected_current_attempt,
877 info << "security_server_chk_pwd returned attempt = " << attempt <<
878 " (expected: " << expected_current_attempt << ")");
880 // validate max attempt value
881 RUNNER_ASSERT_MSG_BT(max_attempt == expected_max_attempt,
882 info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
883 " (expected: " << expected_max_attempt << ")");
885 RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
886 info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
887 " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
891 * Reach last attempt few times in a row (before exceeding max_attempt).
893 RUNNER_TEST(tc34_security_server_max_attempts)
895 // Prepare environment
896 reset_security_server();
898 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
899 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
901 // change max attempts number few times
902 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
904 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
905 unsigned int max_challenges = max_challenge_tab[pass];
907 ret = security_server_set_pwd_max_challenge(max_challenges);
908 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
910 // max_challenges-1 wrong password attempts
911 for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
912 verify_chk_pwd(SECOND_TEST_PASSWORD,
913 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
916 std::string("pass = ") + std::to_string(pass) +
917 ", attempt = " + std::to_string(attempt_nr));
919 // Check correct password finally
920 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
921 max_challenges, max_challenges);
926 * Decrease 'max challenge' number after several missed attempts.
928 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
930 const unsigned int max_challenge_more = 10;
931 const unsigned int max_challenge_less = 5;
933 // Prepare environment
934 reset_security_server();
936 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
937 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
940 for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
941 verify_chk_pwd(SECOND_TEST_PASSWORD,
942 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
945 std::string("attempt = ") + std::to_string(attempt));
947 // lower max_challenge
948 ret = security_server_set_pwd_max_challenge(max_challenge_less);
949 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
951 // try valid password - should pass (curr attempts is reset)
952 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
954 // remove max attempts limit
955 ret = security_server_set_pwd_max_challenge(0);
956 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
958 // try valid password again - should pass
959 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
961 // try to change the password - should pass
962 usleep(PASSWORD_RETRY_TIMEOUT_US);
963 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
964 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
966 // validate new password
967 verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
971 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
972 * works as it should.
974 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
976 const int history_depth = 5;
977 const unsigned int max_challenge = 3;
978 std::string prev_pass, new_pass = TEST_PASSWORD;
980 // Prepare environment
981 reset_security_server();
983 int ret = security_server_set_pwd_history(history_depth);
984 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
986 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
987 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
989 for (int depth = 0; depth < history_depth; ++depth) {
990 prev_pass = new_pass;
992 //generate password name
993 new_pass = "history" + std::to_string(depth+1);
995 usleep(PASSWORD_RETRY_TIMEOUT_US);
996 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
997 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
999 // challenge initial password
1002 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1005 std::string("depth = ") + std::to_string(depth));
1007 // challenge previous password
1010 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1013 std::string("depth = ") + std::to_string(depth));
1018 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1019 * This test simulates user's behaviour - challenges valid and invalid passwords
1020 * in various combinations.
1022 RUNNER_TEST(tc37_security_server_challenge_mixed)
1024 // Prepare environment
1025 reset_security_server();
1027 const unsigned int max_challenge = 2;
1028 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1029 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1031 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1032 for (unsigned int i = 0; i < max_challenge; ++i)
1035 SECURITY_SERVER_API_SUCCESS,
1038 std::string("i = ") + std::to_string(i));
1040 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1041 // If it didn't, the test would fail in third loop pass.
1042 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1045 SECOND_TEST_PASSWORD,
1046 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1049 std::string("i = ") + std::to_string(i));
1054 SECURITY_SERVER_API_SUCCESS,
1057 std::string("i = ") + std::to_string(i));
1060 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1061 // any further attempts (even correct) are blocked
1062 for (unsigned int i = 1; i <= max_challenge; ++i)
1064 SECOND_TEST_PASSWORD,
1065 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1068 std::string("i = ") + std::to_string(i));
1070 // correct - refused
1071 for (unsigned int i = 1; i <= max_challenge; ++i)
1074 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1077 std::string("i = ") + std::to_string(i));
1081 * Pasword change mixed with history depth change.
1083 RUNNER_TEST(tc38_security_server_history_depth_change)
1086 const int initial_history_depth = 2;
1087 const int decreased_history_depth = 1;
1088 const int increased_history_depth = 3;
1090 // Prepare environment
1091 reset_security_server();
1093 ret = security_server_set_pwd_history(initial_history_depth);
1094 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1096 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1097 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1099 usleep(PASSWORD_RETRY_TIMEOUT_US);
1100 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1101 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1103 usleep(PASSWORD_RETRY_TIMEOUT_US);
1104 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1105 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1107 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1108 usleep(PASSWORD_RETRY_TIMEOUT_US);
1109 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1110 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1113 * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
1114 * and SECOND_TEST_PASSWORD as a part of history.
1116 ret = security_server_set_pwd_history(decreased_history_depth);
1117 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1119 usleep(PASSWORD_RETRY_TIMEOUT_US);
1120 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1121 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1123 usleep(PASSWORD_RETRY_TIMEOUT_US);
1124 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1125 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1128 * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
1129 * and THIRD_TEST_PASSWORD only.
1131 ret = security_server_set_pwd_history(increased_history_depth);
1132 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1134 // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
1135 usleep(PASSWORD_RETRY_TIMEOUT_US);
1136 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1137 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1139 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1140 usleep(PASSWORD_RETRY_TIMEOUT_US);
1141 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1142 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1146 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1148 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1150 unsigned int attempt, max_attempt, expire_sec;
1151 const unsigned int max_challenge = 10;
1152 const unsigned int invalid_attempts_num = 3;
1154 // Prepare environment
1155 reset_security_server();
1157 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1158 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1161 for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
1163 SECOND_TEST_PASSWORD,
1164 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1168 attempt = max_attempt = expire_sec = UINT_MAX;
1169 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1170 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1171 RUNNER_ASSERT_MSG_BT(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1172 RUNNER_ASSERT_MSG_BT(attempt == invalid_attempts_num, "attempt = " << attempt);
1173 RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
1176 // restart server - triggers loading password data from file
1177 restart_security_server();
1179 // challenge invalid password
1181 SECOND_TEST_PASSWORD,
1182 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1183 invalid_attempts_num + 1,
1186 // challenge valid password
1189 SECURITY_SERVER_API_SUCCESS,
1190 invalid_attempts_num + 2,
1195 * Validate passwords history after security server reset.
1197 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1199 const unsigned int history_depth = 2;
1201 // Prepare environment
1202 reset_security_server();
1204 int ret = security_server_set_pwd_history(history_depth);
1205 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1207 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1208 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1210 usleep(PASSWORD_RETRY_TIMEOUT_US);
1211 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1212 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1214 usleep(PASSWORD_RETRY_TIMEOUT_US);
1215 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1216 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1218 usleep(PASSWORD_RETRY_TIMEOUT_US);
1219 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1220 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1222 // restart server - triggers loading password data from file
1223 restart_security_server();
1225 // try to reuse history passwords
1226 usleep(PASSWORD_RETRY_TIMEOUT_US);
1227 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1228 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1230 usleep(PASSWORD_RETRY_TIMEOUT_US);
1231 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1232 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1234 usleep(PASSWORD_RETRY_TIMEOUT_US);
1235 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1236 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1240 * Check if SS has correct behaviour when changing history depth to 0.
1242 RUNNER_TEST(tc41_security_server_empty_history_check)
1244 const unsigned int history_depth = 2;
1245 const unsigned int empty_history_depth = 0;
1247 //prepare environment
1248 reset_security_server();
1250 //set new history count
1251 int ret = security_server_set_pwd_history(history_depth);
1252 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1254 //set new password and fill history
1255 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1256 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1258 usleep(PASSWORD_RETRY_TIMEOUT_US);
1259 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1260 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1262 usleep(PASSWORD_RETRY_TIMEOUT_US);
1263 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1264 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1266 //make sure, that everything went OK - try setting something that would cause reuse error
1267 usleep(PASSWORD_RETRY_TIMEOUT_US);
1268 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1269 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1271 usleep(PASSWORD_RETRY_TIMEOUT_US);
1272 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1273 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1275 //reset history limit to no history at all
1276 ret = security_server_set_pwd_history(empty_history_depth);
1277 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1279 //make sure, that current password still exists in memory
1280 //expected attempt 3 because our previous tries increased attempt counter
1282 THIRD_TEST_PASSWORD,
1283 SECURITY_SERVER_API_SUCCESS,
1287 //make sure that it's possible to reuse old password once history limit is set to 0
1288 usleep(PASSWORD_RETRY_TIMEOUT_US);
1289 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1290 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1292 //once again try setting earlier used passwords - now API should return success
1293 usleep(PASSWORD_RETRY_TIMEOUT_US);
1294 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1295 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1297 usleep(PASSWORD_RETRY_TIMEOUT_US);
1298 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1299 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1302 RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
1304 //prepare environment
1305 reset_security_server();
1308 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1309 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1311 //try setting different password and giving NULL as current once again
1312 usleep(PASSWORD_RETRY_TIMEOUT_US);
1313 ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
1314 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1317 RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
1319 //prepare environment
1320 reset_security_server();
1323 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1324 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1327 unsigned int attempt, max_attempt, expire_sec;
1328 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1329 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1330 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1331 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1334 RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
1336 //prepare environment
1337 reset_security_server();
1340 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1341 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1344 unsigned int attempt, max_attempt, expire_sec;
1345 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1346 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1347 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1348 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1351 RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
1353 //prepare environment
1354 reset_security_server();
1357 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1358 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1361 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1362 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1363 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1364 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1367 RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
1369 //prepare environment
1370 reset_security_server();
1373 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1374 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1377 ret = security_server_set_pwd_validity(11);
1378 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1379 ret = security_server_set_pwd_validity(11);
1380 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1383 RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
1385 //prepare environment
1386 reset_security_server();
1389 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1390 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1393 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1394 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1395 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1396 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1399 RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
1401 //prepare environment
1402 reset_security_server();
1405 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1406 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1409 ret = security_server_set_pwd_history(5);
1410 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1411 ret = security_server_set_pwd_history(5);
1412 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1415 RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
1417 //prepare environment
1418 reset_security_server();
1421 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1422 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1425 ret = security_server_set_pwd_max_challenge(5);
1426 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1427 ret = security_server_set_pwd_max_challenge(5);
1428 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1431 RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
1434 unsigned int attempt, max_attempt, expire_sec;
1436 // Prepare environment
1437 reset_security_server();
1438 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
1439 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1440 usleep(PASSWORD_RETRY_TIMEOUT_US);
1442 // Assert security server sets infinite expiration time
1443 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1444 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1445 usleep(PASSWORD_RETRY_TIMEOUT_US);
1447 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1448 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1449 RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
1450 "invalid expiration time " << expire_sec);
1452 clean_password_dir();
1455 RUNNER_TEST(tc51_security_server_is_pwd_valid)
1457 reset_security_server();
1459 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 1);
1460 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1462 unsigned int attempt, maxAttempt, validSec;
1463 attempt = maxAttempt = validSec = 0;
1465 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1466 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
1467 " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
1470 SystemClock clock(60*60*24*2);
1472 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1473 RUNNER_ASSERT_MSG_BT((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
1474 "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
1475 << " validSec=" << validSec);
1478 RUNNER_TEST(tc52_security_server_is_pwd_valid)
1480 reset_security_server();
1482 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1483 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1485 unsigned int attempt, maxAttempt, validSec;
1486 attempt = maxAttempt = validSec = 0;
1488 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1489 RUNNER_ASSERT_MSG_BT((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
1490 " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
1493 RUNNER_TEST(tc53_security_server_is_pwd_valid)
1495 reset_security_server();
1497 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 3);
1498 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1500 unsigned int attempt, maxAttempt, validSec;
1501 attempt = maxAttempt = validSec = 0;
1503 // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
1504 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1505 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1506 RUNNER_ASSERT_MSG_BT((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
1509 clock.shift(-60*60*24); // one day back
1511 // password should be valid for 4 days == (60*60*24*4) 345600 seconds
1512 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1513 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1514 RUNNER_ASSERT_MSG_BT((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
1516 clock.shift(-60*60*24*2); // 3 days back
1518 // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
1519 ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
1520 RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1521 RUNNER_ASSERT_MSG_BT((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
1524 int main(int argc, char *argv[])
1526 SummaryCollector::Register();
1527 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);