projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Changing security-server tests to match no empty password string case.
[platform/core/test/security-tests.git] / tests / security-server-tests / security_server_tests_password.cpp
1 /*
2  * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
3  */
4 /*
5  * @file    security_server_tests_password.cpp
6  * @author  Bumjin Im (bj.im@samsung.com)
7  * @author  Pawel Polawski (p.polawski@partner.samsung.com)
8  * @author  Radoslaw Bartosiak (r.bartosiak@samsung.com)
9  * @author  Jan Olszak (j.olszak@samsung.com)
10  * @version 2.0
11  * @brief   Test cases for security server
12  *
13  * WARNING: In this file test order is very important. They have to always be run
14  * in correct order. This is done by correct test case names ("tcXX_").
15  */
16
17 #include <stdio.h>
18 #include <errno.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <limits.h>
22 #include <sys/types.h>
23 #include <sys/param.h>
24 #include <fcntl.h>
25 #include <sys/un.h>
26 #include <unistd.h>
27 #include <sys/socket.h>
28 #include <sys/time.h>
29 #include <dirent.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
32 #include <dlog.h>
33 #include "test.h"
34 #include "security_server_clean_env.h"
35
36
37 #define TEST_PASSWORD       "IDLEPASS"
38 #define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
39 #define THIRD_TEST_PASSWORD      "THIRDPASS"
40 /**
41  * Reset security-server.
42  *
43  * Function should be run at the begining of every test, so every test is independent of each other.
44  */
45 void reset_security_server(){
46     system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
47     sync();
48     restart_security_server();
49     sleep(1);
50 }
51
52
53 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
54
55
56 /**
57  * Confirm there is no password before tests are run.
58  */
59 RUNNER_TEST(tc01_clear_environment)
60 {
61     int ret;
62     unsigned int attempt, max_attempt, expire_sec;
63
64     if (getuid() == 0)
65     {
66         system("rm /opt/data/security-server/*");
67         sync();
68
69         ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
70
71         RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
72         RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
73         RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
74         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
75     }
76     else
77     {
78         SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
79         SLOGD("If not, you will see some failures\n");
80
81         RUNNER_IGNORED_MSG("I'm not root");
82     }
83     sleep(1);
84 }
85
86 /**
87  * Basic test of setting validity period.
88  */
89 RUNNER_TEST(tc02_security_server_set_pwd_validity)
90 {
91     int ret;
92
93     // Prepare environment
94     reset_security_server();
95
96     // TESTS:
97     // WITHOUT password
98     ret = security_server_set_pwd_validity(10);
99     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
100
101     ret = security_server_set_pwd_validity(11);
102     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
103
104     // WITH password
105     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
106     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
107
108     ret = security_server_set_pwd_validity(10);
109     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
110
111     ret = security_server_set_pwd_validity(11);
112     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
113
114     sleep(1);
115 }
116
117 /**
118  * Basic test of setting maximum number of password challenges.
119  */
120 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
121 {
122     int ret;
123
124     // Prepare environment
125     reset_security_server();
126
127     // TESTS:
128     // WITHOUT password
129     ret = security_server_set_pwd_max_challenge(5);
130     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
131
132     ret = security_server_set_pwd_max_challenge(6);
133     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
134
135     // WITH password
136     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
137     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
138
139     ret = security_server_set_pwd_max_challenge(5);
140     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
141
142     ret = security_server_set_pwd_max_challenge(6);
143     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
144
145     sleep(1);
146     reset_security_server();
147 }
148
149 /**
150  * Test checking a too long password.
151  */
152 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
153 {
154     int ret;
155     unsigned int attempt, max_attempt, expire_sec;
156
157     // 33 char password
158     ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
159     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
160 }
161
162 /**
163  * Test various parameter values when checking a password.
164  */
165 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
166 {
167     int ret;
168     unsigned int attempt, max_attempt, expire_sec;
169
170     ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
171     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
172
173     ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
174     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
175
176     ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
177     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
178
179     ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
180     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
181 }
182
183 /**
184  * Check the given password when no password is set.
185  */
186 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
187 {
188     int ret;
189     unsigned int attempt, max_attempt, expire_sec;
190
191     // Prepare environment - there is no password now!
192     reset_security_server();
193
194     // TEST
195     ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
196
197     RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
198     RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
199     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
200 }
201
202 /**
203  * Checks various parameter values.
204  */
205 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
206 {
207     int ret;
208
209     // Prepare environment
210     reset_security_server();
211
212     // TEST
213     ret = security_server_set_pwd(NULL, NULL, 0, 0);
214     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
215 }
216
217 /**
218  * Test setting too long password.
219  */
220 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
221 {
222     int ret;
223
224     // Prepare environment
225     reset_security_server();
226
227     // TEST
228     // 33 char password
229     ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
230     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
231 }
232
233 /**
234  * Basic password setting.
235  */
236 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
237 {
238     int ret;
239
240     // Prepare environment
241     reset_security_server();
242
243     // TEST
244     sleep(1);
245     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
246     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
247 }
248
249 /**
250  * Set a maximum password period.
251  */
252 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
253 {
254     int ret;
255     // Prepare environment
256     reset_security_server();
257     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
258     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
259
260     // TEST
261     sleep(1);
262     ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, UINT_MAX);
263     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
264 }
265
266 /**
267  * Set a maximum password challenge number.
268  */
269 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
270 {
271     int ret;
272     // Prepare environment
273     reset_security_server();
274     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
275     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
276
277     // TEST
278     sleep(1);
279     ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, UINT_MAX, 0);
280     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
281 }
282
283 /**
284  * Set empty password.
285  */
286 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
287 {
288     int ret;
289     // Prepare environment
290     reset_security_server();
291     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
292     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
293
294     // TEST
295     sleep(1);
296     ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
297     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
298 }
299
300 /**
301  * Change password to a too long password.
302  */
303 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
304 {
305     int ret;
306     // Prepare environment
307     reset_security_server();
308     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
309     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
310
311     // TEST
312     sleep(1);
313     char* long_password = (char*) malloc(5001);
314     long_password[5000] = '\0';
315     memset(long_password, 'A', 5000);
316     ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
317     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
318 }
319
320 /**
321  * Check empty password.
322  */
323 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
324 {
325     int ret;
326     unsigned int attempt, max_attempt, expire_sec;
327
328     // Prepare environment
329     reset_security_server();
330     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
331     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
332
333     // TEST
334     sleep(1);
335     ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
336     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
337 }
338
339 /**
340  * Various validity parameter values.
341  */
342 RUNNER_TEST(tc16_security_server_set_pwd_validity)
343 {
344     int ret;
345     // Prepare environment
346     reset_security_server();
347     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
348     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
349
350     // TEST
351     ret = security_server_set_pwd_validity(0);
352     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
353
354     ret = security_server_set_pwd_validity(1);
355     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
356
357     ret = security_server_set_pwd_validity(UINT_MAX);
358     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
359
360     ret = security_server_set_pwd_validity(2);
361     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
362
363 }
364
365 /**
366  * Check passwords validity
367  */
368 RUNNER_TEST(tc17_security_server_is_pwd_valid)
369 {
370     int ret;
371     unsigned int attempt, max_attempt, expire_sec;
372
373     // Prepare environment
374     reset_security_server();
375     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
376     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
377
378     // TEST:
379     sleep(1);
380     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
381     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST,  "ret = " << ret);
382     RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805),  "expire_sec = " << expire_sec);
383 }
384
385 /**
386  * Various numbers of challenges.
387  */
388 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
389 {
390     int ret;
391     // Prepare environment
392     reset_security_server();
393     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, UINT_MAX);
394     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
395
396     // TESTS
397     sleep(1);
398     ret = security_server_set_pwd_max_challenge(0);
399     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
400
401     sleep(1);
402     ret = security_server_set_pwd_max_challenge(UINT_MAX);
403     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
404
405     sleep(1);
406     ret = security_server_set_pwd_max_challenge(5);
407     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
408
409     sleep(1);
410     ret = security_server_set_pwd_max_challenge(6);
411     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
412 }
413
414
415 /**
416  * Check the max number of challenges.
417  */
418 RUNNER_TEST(tc19_security_server_is_pwd_valid)
419 {
420     int ret;
421     unsigned int attempt, max_attempt, expire_sec;
422     // Prepare environment
423     reset_security_server();
424     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
425     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
426     sleep(1);
427     ret = security_server_set_pwd_max_challenge(6);
428     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
429
430     // TEST
431     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
432     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
433     RUNNER_ASSERT_MSG(max_attempt == 6,  "max_attempt = " << max_attempt);
434 }
435
436 /**
437  * Basic password check.
438  */
439 RUNNER_TEST(tc20_security_server_chk_pwd)
440 {
441     int ret;
442     unsigned int attempt, max_attempt, expire_sec;
443
444     // Prepare environment
445     reset_security_server();
446     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
447     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
448
449     // TEST
450     sleep(1);
451     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
452     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
453
454     sleep(1);
455     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
456     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
457 }
458
459 /**
460  * Check an incorrect password.
461  */
462 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
463 {
464     int ret;
465     unsigned int attempt, max_attempt, expire_sec;
466
467     // Prepare environment
468     reset_security_server();
469     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
470     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
471
472     //TEST
473     sleep(1);
474     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
475     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
476 }
477
478 /**
479  * Check an incorrect password
480  */
481 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
482 {
483     int ret;
484
485     // Prepare environment
486     reset_security_server();
487     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
488     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
489
490     // TEST
491     sleep(1);
492     ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
493     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,  "ret = " << ret);
494 }
495
496 /**
497  * Change password
498  */
499 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
500 {
501     int ret;
502
503     // Prepare environment
504     reset_security_server();
505     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
506     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
507
508     // TEST
509     sleep(1);
510     ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
511     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
512 }
513
514 /**
515  * Check wrong password multiple times and then check a correct one.
516  */
517 RUNNER_TEST(tc24_security_server_attempt_exceeding)
518 {
519     int ret;
520     unsigned int i, attempt, max_attempt, expire_sec;
521
522     // Prepare environment
523     reset_security_server();
524     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
525     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
526
527     // TEST
528     printf("5 subtests started...");
529     for (i = 0; i < 5; i++) {
530         sleep(1);
531         ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
532         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
533         RUNNER_ASSERT_MSG(attempt == i + 1, attempt);
534     }
535     printf("DONE\n");
536
537     sleep(1);
538     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
539     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
540
541     sleep(1);
542     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
543     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
544     RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
545     RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
546 }
547
548 /**
549  * Try to exceed maximum number of challenges.
550  */
551 RUNNER_TEST(tc25_security_server_attempt_exceeding)
552 {
553     int ret;
554     unsigned int i, attempt, max_attempt, expire_sec;
555
556     // Prepare environment
557     reset_security_server();
558     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
559     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
560
561     // TEST
562     printf("10 subtests started...");
563     for (i = 0; i < 10; i++) {
564         sleep(1);
565         ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
566         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
567         RUNNER_ASSERT_MSG(attempt == i + 1, "attempt = " << attempt);
568     }
569
570     // The check, that exceeds max number
571     sleep(1);
572     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
573     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
574     printf("DONE\n");
575
576     sleep(1);
577     ret = security_server_chk_pwd(TEST_PASSWORD,  &attempt, &max_attempt, &expire_sec);
578     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
579 }
580
581 /**
582  * Reset password
583  */
584 RUNNER_TEST(tc26_security_server_reset_pwd)
585 {
586     int ret;
587
588     // Prepare environment
589     reset_security_server();
590     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
591     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
592
593     // TEST
594     sleep(1);
595     ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
596     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
597 }
598
599 /**
600  * Check too long password.
601  */
602 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
603 {
604     int ret;
605     unsigned int attempt, max_attempt, expire_sec;
606     // Prepare environment
607     reset_security_server();
608     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
609     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
610
611     // TEST
612     char* long_password = (char*) malloc(5001);
613     long_password[5000] = '\0';
614     memset(long_password, 'A', 5000);
615     ret = security_server_chk_pwd(long_password,  &attempt, &max_attempt, &expire_sec);
616     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
617 }
618
619 /**
620  * Check passwords expiration (not expired)
621  */
622 RUNNER_TEST(tc28_security_server_check_expiration)
623 {
624     int ret;
625     unsigned int attempt, max_attempt, expire_sec;
626
627     // Prepare environment
628     reset_security_server();
629     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
630     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
631
632     // TEST
633     sleep(1);
634     ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
635     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
636     RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
637 }
638
639 /**
640  * Use various parameter values of parameters.
641  */
642 RUNNER_TEST(tc29_security_server_set_pwd_history)
643 {
644     int ret;
645
646     // Prepare environment
647     reset_security_server();
648     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
649     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
650
651     // TESTS
652     sleep(1);
653     ret = security_server_set_pwd_history(100);
654     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
655
656     sleep(1);
657     ret = security_server_set_pwd_history(51);
658     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
659
660     sleep(1);
661     ret = security_server_set_pwd_history(-5);
662     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
663
664     sleep(1);
665     ret = security_server_set_pwd_history(50);
666     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
667
668     sleep(1);
669     ret = security_server_set_pwd_history(0);
670     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
671
672     sleep(1);
673     ret = security_server_set_pwd_history(INT_MAX);
674     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
675
676     sleep(1);
677     ret = security_server_set_pwd_history(INT_MIN);
678     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
679
680     sleep(1);
681     ret = security_server_set_pwd_history(10);
682     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
683 }
684
685
686
687 int dir_filter(const struct dirent *entry)
688 {
689     if ((strcmp(entry->d_name, ".") == 0) ||
690         (strcmp(entry->d_name, "..") == 0) ||
691         (strcmp(entry->d_name, "attempts") == 0) ||
692         (strcmp(entry->d_name, "history") == 0))
693         return (0);
694     else
695         return (1);
696 }
697
698 void clean_password_dir(void)
699 {
700     int ret;
701     int i;
702     struct dirent **mydirent;
703
704     ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
705     i = ret;
706     while (i--)
707         free(mydirent[i]);
708     free(mydirent);
709 }
710
711
712 /**
713  * Check password history.
714  */
715 RUNNER_TEST(tc30_security_server_check_history)
716 {
717     int ret;
718     int i;
719     char buf1[33], buf2[33];
720
721     // Prepare environment
722     reset_security_server();
723
724     clean_password_dir();
725
726     sleep(1);
727     ret = security_server_set_pwd_history(10);
728     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
729
730     sleep(1);
731     ret = security_server_reset_pwd("history0", 0, 0);
732     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
733
734     printf("11 subtests started...");
735     for (i = 0; i < 11; i++) {
736         sprintf(buf1, "history%d", i);
737         sprintf(buf2, "history%d", i + 1);
738
739         sleep(1);
740         ret = security_server_set_pwd(buf1, buf2, 0, 0);
741         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
742     }
743     printf("DONE\n");
744
745     sleep(1);
746     ret = security_server_set_pwd("history11", "history1", 0, 0);
747     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
748
749     sleep(1);
750     ret = security_server_set_pwd("history1", "history8", 0, 0);
751     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
752
753     sleep(1);
754     ret = security_server_set_pwd("history1", "history12", 0, 0);
755     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
756
757     printf("48 subtests started...");
758     for (i = 12; i < 60; i++) {
759         sleep(1);
760
761         sprintf(buf1, "history%d", i);
762         sprintf(buf2, "history%d", i + 1);
763
764         ret = security_server_set_pwd(buf1, buf2, 0, 0);
765         RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
766     }
767     printf("DONE\n");
768
769     clean_password_dir();
770 }
771
772 /**
773  * Replay attack
774  */
775 RUNNER_TEST(tc31_security_server_replay_attack)
776 {
777     int ret;
778     int i = 0;
779     unsigned int attempt, max_attempt, expire_sec;
780
781     sleep(1);
782     ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
783
784     while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
785         i += 100000;
786
787         ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
788         usleep(i);
789     }
790
791     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
792 }
793
794 /**
795  * Expired password
796  */
797 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
798 {
799     int ret;
800     unsigned int attempt, max_attempt, expire_sec;
801     struct timeval cur_time;
802
803     // Prepare environment
804     reset_security_server();
805     ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
806     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
807
808     // TEST
809     sleep(1);
810     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
811     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
812
813     ret = gettimeofday(&cur_time, NULL);
814     RUNNER_ASSERT_MSG(ret > -1, ret);
815
816     cur_time.tv_sec += (expire_sec + 1);
817     ret = settimeofday(&cur_time, NULL);
818     RUNNER_ASSERT_MSG(ret > -1, ret);
819
820     sleep(1);
821     ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
822     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
823
824     sleep(1);
825     ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
826     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
827 }
828
829 /**
830  * Reset password
831  */
832 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
833 {
834     int ret;
835
836     // Prepare environment
837     reset_security_server();
838
839     // TEST
840     sleep(1);
841     ret = security_server_reset_pwd(NULL, 10, 10);
842     RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
843 }
844
845
846 int main(int argc, char *argv[])
847 {
848     int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
849
850     return status;
851 }
Domain: Security / Uncategorized;