2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
33 #include "security_server_clean_env.h"
35 #include <summary_collector.h>
38 // security server retry timeout in microseconds
39 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
41 // the maximum time (in seconds) passwords can expire in
42 const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
45 const char* TEST_PASSWORD = "IDLEPASS";
46 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
47 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
48 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
50 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
53 * Confirm there is no password before tests are run.
55 RUNNER_TEST(tc01_clear_environment)
58 unsigned int attempt, max_attempt, expire_sec;
62 reset_security_server(TRACE_FROM_HERE);
64 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
66 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
67 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
68 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
69 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
73 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
74 SLOGD("If not, you will see some failures\n");
76 RUNNER_IGNORED_MSG("I'm not root");
81 * Basic test of setting validity period.
83 RUNNER_TEST(tc02_security_server_set_pwd_validity)
87 // Prepare environment
88 reset_security_server(TRACE_FROM_HERE);
92 ret = security_server_set_pwd_validity(10);
93 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
95 ret = security_server_set_pwd_validity(11);
96 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
99 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
100 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
102 ret = security_server_set_pwd_validity(10);
103 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
105 ret = security_server_set_pwd_validity(11);
106 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
110 * Basic test of setting maximum number of password challenges.
112 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
116 // Prepare environment
117 reset_security_server(TRACE_FROM_HERE);
121 ret = security_server_set_pwd_max_challenge(5);
122 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
124 ret = security_server_set_pwd_max_challenge(6);
125 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
128 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
129 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
131 ret = security_server_set_pwd_max_challenge(5);
132 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
134 ret = security_server_set_pwd_max_challenge(6);
135 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
139 * Test checking a too long password.
141 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
144 unsigned int attempt, max_attempt, expire_sec;
147 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
148 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
152 * Test various parameter values when checking a password.
154 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
157 unsigned int attempt, max_attempt, expire_sec;
159 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
160 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
162 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
163 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
165 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
166 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
168 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
169 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
173 * Check the given password when no password is set.
175 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
178 unsigned int attempt, max_attempt, expire_sec;
180 // Prepare environment - there is no password now!
181 reset_security_server(TRACE_FROM_HERE);
184 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
186 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
187 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
188 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
192 * Checks various parameter values.
194 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
198 // Prepare environment
199 reset_security_server(TRACE_FROM_HERE);
202 ret = security_server_set_pwd(NULL, NULL, 0, 0);
203 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
207 * Test setting too long password.
209 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
213 // Prepare environment
214 reset_security_server(TRACE_FROM_HERE);
218 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
219 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
223 * Basic password setting.
225 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
229 // Prepare environment
230 reset_security_server(TRACE_FROM_HERE);
233 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
234 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
238 * Set a maximum password period.
240 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
243 // Prepare environment
244 reset_security_server(TRACE_FROM_HERE);
245 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
246 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
250 // UINT_MAX will cause api error, it is to big value
251 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
252 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
254 // calculate max applicable valid days that will not be rejected by ss
255 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
256 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
257 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
258 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
262 * Set a maximum password challenge number.
264 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
267 // Prepare environment
268 reset_security_server(TRACE_FROM_HERE);
269 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
270 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
274 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
275 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
279 * Set empty password.
281 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
284 // Prepare environment
285 reset_security_server(TRACE_FROM_HERE);
286 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
287 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
291 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
292 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
296 * Change password to a too long password.
298 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
301 // Prepare environment
302 reset_security_server(TRACE_FROM_HERE);
303 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
304 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
308 char* long_password = (char*) malloc(5001);
309 long_password[5000] = '\0';
310 memset(long_password, 'A', 5000);
311 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
312 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
316 * Check empty password.
318 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
321 unsigned int attempt, max_attempt, expire_sec;
323 // Prepare environment
324 reset_security_server(TRACE_FROM_HERE);
325 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
326 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
330 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
331 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
335 * Various validity parameter values.
337 RUNNER_TEST(tc16_security_server_set_pwd_validity)
340 // Prepare environment
341 reset_security_server(TRACE_FROM_HERE);
342 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
343 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
346 ret = security_server_set_pwd_validity(0);
347 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
349 ret = security_server_set_pwd_validity(1);
350 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
352 //When trying to set UINT_MAX we should get error.
353 ret = security_server_set_pwd_validity(UINT_MAX);
354 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
356 ret = security_server_set_pwd_validity(2);
357 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
361 * Check passwords validity
363 RUNNER_TEST(tc17_security_server_is_pwd_valid)
366 unsigned int attempt, max_attempt, expire_sec;
368 // Prepare environment
369 reset_security_server(TRACE_FROM_HERE);
370 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
371 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
375 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
376 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
377 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
381 * Various numbers of challenges.
383 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
386 // Prepare environment
387 reset_security_server(TRACE_FROM_HERE);
388 // calculate max applicable valid days that will not be rejected by ss
389 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
390 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
391 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
392 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
396 ret = security_server_set_pwd_max_challenge(0);
397 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
400 ret = security_server_set_pwd_max_challenge(UINT_MAX);
401 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
404 ret = security_server_set_pwd_max_challenge(5);
405 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
408 ret = security_server_set_pwd_max_challenge(6);
409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
414 * Check the max number of challenges.
416 RUNNER_TEST(tc19_security_server_is_pwd_valid)
419 unsigned int attempt, max_attempt, expire_sec;
420 // Prepare environment
421 reset_security_server(TRACE_FROM_HERE);
422 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
423 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
425 ret = security_server_set_pwd_max_challenge(6);
426 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
429 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
430 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
431 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
435 * Basic password check.
437 RUNNER_TEST(tc20_security_server_chk_pwd)
440 unsigned int attempt, max_attempt, expire_sec;
442 // Prepare environment
443 reset_security_server(TRACE_FROM_HERE);
444 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
445 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
449 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
450 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
453 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
454 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
458 * Check an incorrect password.
460 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
463 unsigned int attempt, max_attempt, expire_sec;
465 // Prepare environment
466 reset_security_server(TRACE_FROM_HERE);
467 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
468 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
472 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
473 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
477 * Check an incorrect password
479 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
483 // Prepare environment
484 reset_security_server(TRACE_FROM_HERE);
485 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
486 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
490 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
491 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
497 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
501 // Prepare environment
502 reset_security_server(TRACE_FROM_HERE);
503 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
504 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
508 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
509 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
513 * Check wrong password multiple times and then check a correct one.
515 RUNNER_TEST(tc24_security_server_attempt_exceeding)
518 unsigned int i, attempt, max_attempt, expire_sec;
520 // Prepare environment
521 reset_security_server(TRACE_FROM_HERE);
522 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
523 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
526 printf("5 subtests started...");
527 for (i = 1; i <= 5; i++) {
529 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
530 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
531 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
536 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
537 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
540 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
541 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
542 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
543 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
547 * Try to exceed maximum number of challenges.
549 RUNNER_TEST(tc25_security_server_attempt_exceeding)
552 unsigned int i, attempt, max_attempt, expire_sec;
554 // Prepare environment
555 reset_security_server(TRACE_FROM_HERE);
556 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
557 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
560 printf("10 subtests started...");
561 for (i = 1; i <= 10; i++) {
563 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
564 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
565 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
568 // The check, that exceeds max number
570 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
571 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
575 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
576 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
582 RUNNER_TEST(tc26_security_server_reset_pwd)
586 // Prepare environment
587 reset_security_server(TRACE_FROM_HERE);
588 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
589 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
593 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
594 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
598 * Check too long password.
600 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
603 unsigned int attempt, max_attempt, expire_sec;
604 // Prepare environment
605 reset_security_server(TRACE_FROM_HERE);
606 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
607 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
610 char* long_password = (char*) malloc(5001);
611 long_password[5000] = '\0';
612 memset(long_password, 'A', 5000);
613 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
614 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
618 * Check passwords expiration (not expired)
620 RUNNER_TEST(tc28_security_server_check_expiration)
623 unsigned int attempt, max_attempt, expire_sec;
625 // Prepare environment
626 reset_security_server(TRACE_FROM_HERE);
627 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
628 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
632 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
633 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
634 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
638 * Use various parameter values of parameters.
640 RUNNER_TEST(tc29_security_server_set_pwd_history)
644 // Prepare environment
645 reset_security_server(TRACE_FROM_HERE);
646 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
647 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
651 ret = security_server_set_pwd_history(100);
652 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
655 ret = security_server_set_pwd_history(51);
656 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
659 ret = security_server_set_pwd_history(-5);
660 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
663 ret = security_server_set_pwd_history(50);
664 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
667 ret = security_server_set_pwd_history(0);
668 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
671 ret = security_server_set_pwd_history(INT_MAX);
672 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
675 ret = security_server_set_pwd_history(INT_MIN);
676 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
679 ret = security_server_set_pwd_history(10);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
685 int dir_filter(const struct dirent *entry)
687 if ((strcmp(entry->d_name, ".") == 0) ||
688 (strcmp(entry->d_name, "..") == 0) ||
689 (strcmp(entry->d_name, "attempts") == 0) ||
690 (strcmp(entry->d_name, "history") == 0))
696 void clean_password_dir(void)
700 struct dirent **mydirent;
702 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
711 * Check password history.
713 RUNNER_TEST(tc30_security_server_check_history)
717 char buf1[33], buf2[33];
719 // Prepare environment
720 reset_security_server(TRACE_FROM_HERE);
722 clean_password_dir();
724 ret = security_server_set_pwd_history(9);
725 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
728 ret = security_server_reset_pwd("history0", 0, 0);
729 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
731 printf("11 subtests started...");
732 for (i = 0; i < 11; i++) {
733 sprintf(buf1, "history%d", i);
734 sprintf(buf2, "history%d", i + 1);
737 ret = security_server_set_pwd(buf1, buf2, 0, 0);
738 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
743 ret = security_server_set_pwd("history11", "history1", 0, 0);
744 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
747 ret = security_server_set_pwd("history1", "history8", 0, 0);
748 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
751 ret = security_server_set_pwd("history1", "history12", 0, 0);
752 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
754 printf("48 subtests started...");
755 for (i = 12; i < 60; i++) {
758 sprintf(buf1, "history%d", i);
759 sprintf(buf2, "history%d", i + 1);
761 ret = security_server_set_pwd(buf1, buf2, 0, 0);
762 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
766 clean_password_dir();
772 RUNNER_TEST(tc31_security_server_replay_attack)
776 unsigned int attempt, max_attempt, expire_sec;
779 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
781 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
784 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
788 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
794 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
797 unsigned int attempt, max_attempt, expire_sec;
798 struct timeval cur_time;
800 // Prepare environment
801 reset_security_server(TRACE_FROM_HERE);
802 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
803 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
807 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
808 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
810 ret = gettimeofday(&cur_time, NULL);
811 RUNNER_ASSERT_MSG(ret > -1, ret);
813 cur_time.tv_sec += (expire_sec + 1);
814 ret = settimeofday(&cur_time, NULL);
815 RUNNER_ASSERT_MSG(ret > -1, ret);
818 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
819 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
822 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
823 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
829 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
833 // Prepare environment
834 reset_security_server(TRACE_FROM_HERE);
837 ret = security_server_reset_pwd(NULL, 10, 10);
838 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
842 * Use this instead of security_server_chk_pwd directly to verify the function output.
844 * verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
846 void verify_chk_pwd_basic(
847 const char* challenge,
849 unsigned int expected_current_attempt,
850 unsigned int expected_max_attempt,
851 unsigned int expected_valid_secs,
852 const Tracker &tracker = Tracker())
854 /* ensure that initial values differ from expected ones */
855 unsigned int attempt = expected_current_attempt - 1;
856 unsigned int max_attempt = expected_max_attempt - 1;
857 unsigned int expire_sec = expected_valid_secs - 1;
859 usleep(PASSWORD_RETRY_TIMEOUT_US);
860 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
862 // validate returned value
863 RUNNER_ASSERT_MSG(ret == expected_result,
865 "security_server_chk_pwd returned "
866 << ret << " (expected: " << expected_result << ")");
868 // validate current attempts value
869 RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
871 "security_server_chk_pwd returned attempt = " << attempt <<
872 " (expected: " << expected_current_attempt << ")");
874 // validate max attempt value
875 RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
877 "security_server_chk_pwd returned max_attempt = " << max_attempt <<
878 " (expected: " << expected_max_attempt << ")");
880 // validate expire seconds
881 if (expected_valid_secs == PASSWORD_INFINITE_EXPIRATION_TIME) {
882 RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs,
884 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
885 " (expected: " << expected_valid_secs << ")");
887 // because of sleeps in test code we need to check period of time.
888 unsigned int begin = expected_valid_secs > 5 ? expected_valid_secs - 5 : 0;
889 unsigned int end = expected_valid_secs + 5;
891 RUNNER_ASSERT_MSG(expire_sec >= begin && expire_sec <= end,
893 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
894 " (expected: <" << begin << "," << end << ")");
898 /* This function is required because we cannot use default value in expected_valid_secs in
899 * verify_chk_pwd_basic and define Tracker at the same time. */
901 const char *challenge,
903 unsigned int expected_current_attempt,
904 unsigned int expected_max_attempt,
905 const Tracker &tracker = Tracker())
907 verify_chk_pwd_basic(
910 expected_current_attempt,
911 expected_max_attempt,
912 PASSWORD_INFINITE_EXPIRATION_TIME,
918 * Reach last attempt few times in a row (before exceeding max_attempt).
920 RUNNER_TEST(tc34_security_server_max_attempts)
922 // Prepare environment
923 reset_security_server(TRACE_FROM_HERE);
925 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
926 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
928 // change max attempts number few times
929 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
931 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
932 unsigned int max_challenges = max_challenge_tab[pass];
934 usleep(PASSWORD_RETRY_TIMEOUT_US);
935 ret = security_server_set_pwd_max_challenge(max_challenges);
936 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
938 // max_challenges-1 wrong password attempts
939 for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
940 verify_chk_pwd(SECOND_TEST_PASSWORD,
941 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
945 std::string("pass = " + std::to_string(pass) +
946 ", attempt = " + std::to_string(attempt_nr))));
948 // Check correct password finally
949 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
950 max_challenges, max_challenges, TRACE_FROM_HERE);
955 * Decrease 'max challenge' number after several missed attempts.
957 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
959 const unsigned int max_challenge_more = 10;
960 const unsigned int max_challenge_less = 5;
962 // Prepare environment
963 reset_security_server(TRACE_FROM_HERE);
965 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
966 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
969 for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
970 verify_chk_pwd(SECOND_TEST_PASSWORD,
971 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
975 std::string("attempt = " + std::to_string(attempt))));
977 // lower max_challenge
978 usleep(PASSWORD_RETRY_TIMEOUT_US);
979 ret = security_server_set_pwd_max_challenge(max_challenge_less);
980 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
982 // try valid password - should pass (curr attempts is reset)
983 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less,
986 // remove max attempts limit
987 usleep(PASSWORD_RETRY_TIMEOUT_US);
988 ret = security_server_set_pwd_max_challenge(0);
989 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
991 // try valid password again - should pass
992 verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
994 // try to change the password - should pass
995 usleep(PASSWORD_RETRY_TIMEOUT_US);
996 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
997 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
999 // validate new password
1000 verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
1004 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
1005 * works as it should.
1007 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
1009 const int history_depth = 5;
1010 const unsigned int max_challenge = 3;
1011 std::string prev_pass, new_pass = TEST_PASSWORD;
1013 // Prepare environment
1014 reset_security_server(TRACE_FROM_HERE);
1016 int ret = security_server_set_pwd_history(history_depth);
1017 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1019 usleep(PASSWORD_RETRY_TIMEOUT_US);
1020 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
1021 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1023 for (int depth = 0; depth < history_depth; ++depth) {
1024 prev_pass = new_pass;
1026 //generate password name
1027 new_pass = "history" + std::to_string(depth+1);
1029 usleep(PASSWORD_RETRY_TIMEOUT_US);
1030 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
1031 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1033 // challenge initial password
1036 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1039 TRACE_FROM_HERE_MSG(
1040 std::string("depth = " + std::to_string(depth))));
1042 // challenge previous password
1045 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1048 TRACE_FROM_HERE_MSG(
1049 std::string("depth = " + std::to_string(depth)).c_str()));
1054 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1055 * This test simulates user's behaviour - challenges valid and invalid passwords
1056 * in various combinations.
1058 RUNNER_TEST(tc37_security_server_challenge_mixed)
1060 // Prepare environment
1061 reset_security_server(TRACE_FROM_HERE);
1063 const unsigned int max_challenge = 2;
1064 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1065 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1067 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1068 for (unsigned int i = 0; i < max_challenge; ++i)
1071 SECURITY_SERVER_API_SUCCESS,
1074 TRACE_FROM_HERE_MSG(
1075 std::string("i = " + std::to_string(i))));
1077 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1078 // If it didn't, the test would fail in third loop pass.
1079 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1082 SECOND_TEST_PASSWORD,
1083 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1086 TRACE_FROM_HERE_MSG(
1087 std::string("i = " + std::to_string(i))));
1092 SECURITY_SERVER_API_SUCCESS,
1095 TRACE_FROM_HERE_MSG(
1096 std::string("i = " + std::to_string(i))));
1099 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1100 // any further attempts (even correct) are blocked
1101 for (unsigned int i = 1; i <= max_challenge; ++i)
1103 SECOND_TEST_PASSWORD,
1104 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1107 TRACE_FROM_HERE_MSG(
1108 std::string("i = " + std::to_string(i))));
1110 // correct - refused
1111 for (unsigned int i = 1; i <= max_challenge; ++i)
1114 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1117 TRACE_FROM_HERE_MSG(
1118 std::string("i = " + std::to_string(i))));
1122 * Pasword change mixed with history depth change.
1124 RUNNER_TEST(tc38_security_server_history_depth_change)
1127 const int initial_history_depth = 2;
1128 const int decreased_history_depth = 1;
1129 const int increased_history_depth = 3;
1131 // Prepare environment
1132 reset_security_server(TRACE_FROM_HERE);
1134 ret = security_server_set_pwd_history(initial_history_depth);
1135 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1137 usleep(PASSWORD_RETRY_TIMEOUT_US);
1138 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1139 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1141 usleep(PASSWORD_RETRY_TIMEOUT_US);
1142 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1143 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1145 usleep(PASSWORD_RETRY_TIMEOUT_US);
1146 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1147 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1149 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1150 usleep(PASSWORD_RETRY_TIMEOUT_US);
1151 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1152 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1155 * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
1156 * and SECOND_TEST_PASSWORD as a part of history.
1158 usleep(PASSWORD_RETRY_TIMEOUT_US);
1159 ret = security_server_set_pwd_history(decreased_history_depth);
1160 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1162 usleep(PASSWORD_RETRY_TIMEOUT_US);
1163 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1164 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1166 usleep(PASSWORD_RETRY_TIMEOUT_US);
1167 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1168 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1171 * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
1172 * and THIRD_TEST_PASSWORD only.
1174 usleep(PASSWORD_RETRY_TIMEOUT_US);
1175 ret = security_server_set_pwd_history(increased_history_depth);
1176 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1178 // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
1179 usleep(PASSWORD_RETRY_TIMEOUT_US);
1180 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1181 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1183 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1184 usleep(PASSWORD_RETRY_TIMEOUT_US);
1185 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1186 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1190 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1192 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1194 unsigned int attempt, max_attempt, expire_sec;
1195 const unsigned int max_challenge = 10;
1196 const unsigned int invalid_attempts_num = 3;
1198 // Prepare environment
1199 reset_security_server(TRACE_FROM_HERE);
1201 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1202 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1205 for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
1207 SECOND_TEST_PASSWORD,
1208 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1211 TRACE_FROM_HERE_MSG(
1212 std::string("attempt = " + std::to_string(attempt))));
1214 usleep(PASSWORD_RETRY_TIMEOUT_US);
1215 attempt = max_attempt = expire_sec = UINT_MAX;
1216 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1217 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1218 RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1219 RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
1220 RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
1223 // restart server - triggers loading password data from file
1224 restart_security_server();
1226 // challenge invalid password
1228 SECOND_TEST_PASSWORD,
1229 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1230 invalid_attempts_num + 1,
1234 // challenge valid password
1237 SECURITY_SERVER_API_SUCCESS,
1238 invalid_attempts_num + 2,
1244 * Validate passwords history after security server reset.
1246 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1248 const unsigned int history_depth = 2;
1250 // Prepare environment
1251 reset_security_server(TRACE_FROM_HERE);
1253 int ret = security_server_set_pwd_history(history_depth);
1254 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1256 usleep(PASSWORD_RETRY_TIMEOUT_US);
1257 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1258 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1260 usleep(PASSWORD_RETRY_TIMEOUT_US);
1261 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1262 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1264 usleep(PASSWORD_RETRY_TIMEOUT_US);
1265 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1266 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1268 usleep(PASSWORD_RETRY_TIMEOUT_US);
1269 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1270 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1272 // restart server - triggers loading password data from file
1273 restart_security_server();
1275 // try to reuse history passwords
1276 usleep(PASSWORD_RETRY_TIMEOUT_US);
1277 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1278 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1280 usleep(PASSWORD_RETRY_TIMEOUT_US);
1281 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1282 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1284 usleep(PASSWORD_RETRY_TIMEOUT_US);
1285 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1286 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1290 * Check if SS has correct behaviour when changing history depth to 0.
1292 RUNNER_TEST(tc41_security_server_empty_history_check)
1294 const unsigned int history_depth = 2;
1295 const unsigned int empty_history_depth = 0;
1297 //prepare environment
1298 reset_security_server(TRACE_FROM_HERE);
1300 //set new history count
1301 int ret = security_server_set_pwd_history(history_depth);
1302 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1304 //set new password and fill history
1305 usleep(PASSWORD_RETRY_TIMEOUT_US);
1306 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1307 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1309 usleep(PASSWORD_RETRY_TIMEOUT_US);
1310 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1311 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1313 usleep(PASSWORD_RETRY_TIMEOUT_US);
1314 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1315 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1317 //make sure, that everything went OK - try setting something that would cause reuse error
1318 usleep(PASSWORD_RETRY_TIMEOUT_US);
1319 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1320 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1322 usleep(PASSWORD_RETRY_TIMEOUT_US);
1323 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1324 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1326 //reset history limit to no history at all
1327 usleep(PASSWORD_RETRY_TIMEOUT_US);
1328 ret = security_server_set_pwd_history(empty_history_depth);
1329 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1331 //make sure, that current password still exists in memory
1332 //expected attempt 3 because our previous tries increased attempt counter
1334 THIRD_TEST_PASSWORD,
1335 SECURITY_SERVER_API_SUCCESS,
1340 //make sure that it's possible to reuse old password once history limit is set to 0
1341 usleep(PASSWORD_RETRY_TIMEOUT_US);
1342 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1343 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1345 //once again try setting earlier used passwords - now API should return success
1346 usleep(PASSWORD_RETRY_TIMEOUT_US);
1347 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1348 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1350 usleep(PASSWORD_RETRY_TIMEOUT_US);
1351 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1352 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1355 RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
1357 //prepare environment
1358 reset_security_server(TRACE_FROM_HERE);
1361 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1362 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1364 //try setting different password and giving NULL as current once again
1365 usleep(PASSWORD_RETRY_TIMEOUT_US);
1366 ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
1367 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1370 RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
1372 //prepare environment
1373 reset_security_server();
1376 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1377 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1380 unsigned int attempt, max_attempt, expire_sec;
1381 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1382 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1383 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1384 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1387 RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
1389 //prepare environment
1390 reset_security_server();
1393 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1394 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1397 unsigned int attempt, max_attempt, expire_sec;
1398 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1399 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1400 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
1401 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1404 RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
1406 //prepare environment
1407 reset_security_server();
1410 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1411 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1414 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1415 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1416 ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1417 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
1420 RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
1422 //prepare environment
1423 reset_security_server();
1426 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1427 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1430 ret = security_server_set_pwd_validity(11);
1431 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1432 ret = security_server_set_pwd_validity(11);
1433 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1436 RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
1438 //prepare environment
1439 reset_security_server();
1442 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1443 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1446 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1447 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1448 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1449 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1452 RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
1454 //prepare environment
1455 reset_security_server();
1458 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1459 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1462 ret = security_server_set_pwd_history(5);
1463 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1464 ret = security_server_set_pwd_history(5);
1465 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1468 RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
1470 //prepare environment
1471 reset_security_server();
1474 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1475 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1478 ret = security_server_set_pwd_max_challenge(5);
1479 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1480 ret = security_server_set_pwd_max_challenge(5);
1481 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1484 int main(int argc, char *argv[])
1486 SummaryCollector::Register();
1487 return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);