2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
34 #include "security_server_clean_env.h"
37 #define TEST_PASSWORD "IDLEPASS"
38 #define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
39 #define THIRD_TEST_PASSWORD "THIRDPASS"
41 * Reset security-server.
43 * Function should be run at the begining of every test, so every test is independent of each other.
45 void reset_security_server(){
46 system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
48 restart_security_server();
53 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
57 * Confirm there is no password before tests are run.
59 RUNNER_TEST(tc01_clear_environment)
62 unsigned int attempt, max_attempt, expire_sec;
66 system("rm /opt/data/security-server/*");
69 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
71 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
72 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
73 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
74 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
78 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
79 SLOGD("If not, you will see some failures\n");
81 RUNNER_IGNORED_MSG("I'm not root");
87 * Basic test of setting validity period.
89 RUNNER_TEST(tc02_security_server_set_pwd_validity)
93 // Prepare environment
94 reset_security_server();
98 ret = security_server_set_pwd_validity(10);
99 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
101 ret = security_server_set_pwd_validity(11);
102 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
105 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
106 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
108 ret = security_server_set_pwd_validity(10);
109 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
111 ret = security_server_set_pwd_validity(11);
112 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
118 * Basic test of setting maximum number of password challenges.
120 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
124 // Prepare environment
125 reset_security_server();
129 ret = security_server_set_pwd_max_challenge(5);
130 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
132 ret = security_server_set_pwd_max_challenge(6);
133 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
136 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
137 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
139 ret = security_server_set_pwd_max_challenge(5);
140 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
142 ret = security_server_set_pwd_max_challenge(6);
143 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
146 reset_security_server();
150 * Test checking a too long password.
152 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
155 unsigned int attempt, max_attempt, expire_sec;
158 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
159 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
163 * Test various parameter values when checking a password.
165 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
168 unsigned int attempt, max_attempt, expire_sec;
170 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
171 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
173 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
174 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
176 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
177 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
179 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
180 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
184 * Check the given password when no password is set.
186 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
189 unsigned int attempt, max_attempt, expire_sec;
191 // Prepare environment - there is no password now!
192 reset_security_server();
195 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
197 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
198 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
199 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
203 * Checks various parameter values.
205 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
209 // Prepare environment
210 reset_security_server();
213 ret = security_server_set_pwd(NULL, NULL, 0, 0);
214 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
218 * Test setting too long password.
220 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
224 // Prepare environment
225 reset_security_server();
229 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
230 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
234 * Basic password setting.
236 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
240 // Prepare environment
241 reset_security_server();
245 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
246 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
250 * Set a maximum password period.
252 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
255 // Prepare environment
256 reset_security_server();
257 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
258 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
262 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, UINT_MAX);
263 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
267 * Set a maximum password challenge number.
269 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
272 // Prepare environment
273 reset_security_server();
274 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
275 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
279 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, UINT_MAX, 0);
280 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
284 * Set empty password.
286 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
289 // Prepare environment
290 reset_security_server();
291 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
292 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
296 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
297 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
301 * Change password to a too long password.
303 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
306 // Prepare environment
307 reset_security_server();
308 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
309 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
313 char* long_password = (char*) malloc(5001);
314 long_password[5000] = '\0';
315 memset(long_password, 'A', 5000);
316 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
317 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
321 * Check empty password.
323 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
326 unsigned int attempt, max_attempt, expire_sec;
328 // Prepare environment
329 reset_security_server();
330 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
331 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
335 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
336 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
340 * Various validity parameter values.
342 RUNNER_TEST(tc16_security_server_set_pwd_validity)
345 // Prepare environment
346 reset_security_server();
347 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
348 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
351 ret = security_server_set_pwd_validity(0);
352 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
354 ret = security_server_set_pwd_validity(1);
355 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
357 ret = security_server_set_pwd_validity(UINT_MAX);
358 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
360 ret = security_server_set_pwd_validity(2);
361 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
366 * Check passwords validity
368 RUNNER_TEST(tc17_security_server_is_pwd_valid)
371 unsigned int attempt, max_attempt, expire_sec;
373 // Prepare environment
374 reset_security_server();
375 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
376 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
380 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
381 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
382 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
386 * Various numbers of challenges.
388 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
391 // Prepare environment
392 reset_security_server();
393 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, UINT_MAX);
394 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
398 ret = security_server_set_pwd_max_challenge(0);
399 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
402 ret = security_server_set_pwd_max_challenge(UINT_MAX);
403 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
406 ret = security_server_set_pwd_max_challenge(5);
407 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
410 ret = security_server_set_pwd_max_challenge(6);
411 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
416 * Check the max number of challenges.
418 RUNNER_TEST(tc19_security_server_is_pwd_valid)
421 unsigned int attempt, max_attempt, expire_sec;
422 // Prepare environment
423 reset_security_server();
424 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
425 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
427 ret = security_server_set_pwd_max_challenge(6);
428 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
431 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
432 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
433 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
437 * Basic password check.
439 RUNNER_TEST(tc20_security_server_chk_pwd)
442 unsigned int attempt, max_attempt, expire_sec;
444 // Prepare environment
445 reset_security_server();
446 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
447 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
451 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
452 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
455 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
456 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
460 * Check an incorrect password.
462 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
465 unsigned int attempt, max_attempt, expire_sec;
467 // Prepare environment
468 reset_security_server();
469 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
470 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
474 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
475 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
479 * Check an incorrect password
481 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
485 // Prepare environment
486 reset_security_server();
487 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
488 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
492 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
493 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
499 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
503 // Prepare environment
504 reset_security_server();
505 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
506 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
510 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
511 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
515 * Check wrong password multiple times and then check a correct one.
517 RUNNER_TEST(tc24_security_server_attempt_exceeding)
520 unsigned int i, attempt, max_attempt, expire_sec;
522 // Prepare environment
523 reset_security_server();
524 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
525 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
528 printf("5 subtests started...");
529 for (i = 0; i < 5; i++) {
531 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
532 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
533 RUNNER_ASSERT_MSG(attempt == i + 1, attempt);
538 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
539 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
542 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
543 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
544 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
545 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
549 * Try to exceed maximum number of challenges.
551 RUNNER_TEST(tc25_security_server_attempt_exceeding)
554 unsigned int i, attempt, max_attempt, expire_sec;
556 // Prepare environment
557 reset_security_server();
558 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
559 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
562 printf("10 subtests started...");
563 for (i = 0; i < 10; i++) {
565 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
566 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
567 RUNNER_ASSERT_MSG(attempt == i + 1, "attempt = " << attempt);
570 // The check, that exceeds max number
572 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
573 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
577 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
578 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
584 RUNNER_TEST(tc26_security_server_reset_pwd)
588 // Prepare environment
589 reset_security_server();
590 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
591 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
595 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
596 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
600 * Check too long password.
602 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
605 unsigned int attempt, max_attempt, expire_sec;
606 // Prepare environment
607 reset_security_server();
608 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
609 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
612 char* long_password = (char*) malloc(5001);
613 long_password[5000] = '\0';
614 memset(long_password, 'A', 5000);
615 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
616 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
620 * Check passwords expiration (not expired)
622 RUNNER_TEST(tc28_security_server_check_expiration)
625 unsigned int attempt, max_attempt, expire_sec;
627 // Prepare environment
628 reset_security_server();
629 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
630 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
634 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
635 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
636 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
640 * Use various parameter values of parameters.
642 RUNNER_TEST(tc29_security_server_set_pwd_history)
646 // Prepare environment
647 reset_security_server();
648 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
649 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
653 ret = security_server_set_pwd_history(100);
654 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
657 ret = security_server_set_pwd_history(51);
658 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
661 ret = security_server_set_pwd_history(-5);
662 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
665 ret = security_server_set_pwd_history(50);
666 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
669 ret = security_server_set_pwd_history(0);
670 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
673 ret = security_server_set_pwd_history(INT_MAX);
674 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
677 ret = security_server_set_pwd_history(INT_MIN);
678 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
681 ret = security_server_set_pwd_history(10);
682 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
687 int dir_filter(const struct dirent *entry)
689 if ((strcmp(entry->d_name, ".") == 0) ||
690 (strcmp(entry->d_name, "..") == 0) ||
691 (strcmp(entry->d_name, "attempts") == 0) ||
692 (strcmp(entry->d_name, "history") == 0))
698 void clean_password_dir(void)
702 struct dirent **mydirent;
704 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
713 * Check password history.
715 RUNNER_TEST(tc30_security_server_check_history)
719 char buf1[33], buf2[33];
721 // Prepare environment
722 reset_security_server();
724 clean_password_dir();
727 ret = security_server_set_pwd_history(10);
728 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
731 ret = security_server_reset_pwd("history0", 0, 0);
732 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
734 printf("11 subtests started...");
735 for (i = 0; i < 11; i++) {
736 sprintf(buf1, "history%d", i);
737 sprintf(buf2, "history%d", i + 1);
740 ret = security_server_set_pwd(buf1, buf2, 0, 0);
741 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
746 ret = security_server_set_pwd("history11", "history1", 0, 0);
747 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
750 ret = security_server_set_pwd("history1", "history8", 0, 0);
751 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
754 ret = security_server_set_pwd("history1", "history12", 0, 0);
755 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
757 printf("48 subtests started...");
758 for (i = 12; i < 60; i++) {
761 sprintf(buf1, "history%d", i);
762 sprintf(buf2, "history%d", i + 1);
764 ret = security_server_set_pwd(buf1, buf2, 0, 0);
765 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
769 clean_password_dir();
775 RUNNER_TEST(tc31_security_server_replay_attack)
779 unsigned int attempt, max_attempt, expire_sec;
782 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
784 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
787 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
791 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
797 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
800 unsigned int attempt, max_attempt, expire_sec;
801 struct timeval cur_time;
803 // Prepare environment
804 reset_security_server();
805 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
806 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
810 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
811 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
813 ret = gettimeofday(&cur_time, NULL);
814 RUNNER_ASSERT_MSG(ret > -1, ret);
816 cur_time.tv_sec += (expire_sec + 1);
817 ret = settimeofday(&cur_time, NULL);
818 RUNNER_ASSERT_MSG(ret > -1, ret);
821 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
822 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
825 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
826 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
832 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
836 // Prepare environment
837 reset_security_server();
841 ret = security_server_reset_pwd(NULL, 10, 10);
842 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
846 int main(int argc, char *argv[])
848 int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);