2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
34 #include "security_server_clean_env.h"
37 // security server retry timeout in microseconds
38 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
40 // sleep time (in seconds) after security server restart
41 const unsigned int SLEEP_AFTER_RESART = 2;
44 const char* TEST_PASSWORD = "IDLEPASS";
45 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
46 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
47 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
50 * Reset security-server.
52 * Function should be run at the begining of every test, so every test is independent of each other.
54 void reset_security_server(){
55 system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
57 restart_security_server();
58 sleep(SLEEP_AFTER_RESART);
62 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
66 * Confirm there is no password before tests are run.
68 RUNNER_TEST(tc01_clear_environment)
71 unsigned int attempt, max_attempt, expire_sec;
75 reset_security_server();
77 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
79 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
80 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
81 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
82 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
86 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
87 SLOGD("If not, you will see some failures\n");
89 RUNNER_IGNORED_MSG("I'm not root");
95 * Basic test of setting validity period.
97 RUNNER_TEST(tc02_security_server_set_pwd_validity)
101 // Prepare environment
102 reset_security_server();
106 ret = security_server_set_pwd_validity(10);
107 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
109 ret = security_server_set_pwd_validity(11);
110 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
113 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
114 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
116 ret = security_server_set_pwd_validity(10);
117 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
119 ret = security_server_set_pwd_validity(11);
120 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
126 * Basic test of setting maximum number of password challenges.
128 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
132 // Prepare environment
133 reset_security_server();
137 ret = security_server_set_pwd_max_challenge(5);
138 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
140 ret = security_server_set_pwd_max_challenge(6);
141 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
144 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
145 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
147 ret = security_server_set_pwd_max_challenge(5);
148 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
150 ret = security_server_set_pwd_max_challenge(6);
151 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
154 reset_security_server();
158 * Test checking a too long password.
160 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
163 unsigned int attempt, max_attempt, expire_sec;
166 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
167 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
171 * Test various parameter values when checking a password.
173 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
176 unsigned int attempt, max_attempt, expire_sec;
178 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
179 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
181 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
182 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
184 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
185 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
187 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
188 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
192 * Check the given password when no password is set.
194 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
197 unsigned int attempt, max_attempt, expire_sec;
199 // Prepare environment - there is no password now!
200 reset_security_server();
203 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
205 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
206 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
207 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
211 * Checks various parameter values.
213 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
217 // Prepare environment
218 reset_security_server();
221 ret = security_server_set_pwd(NULL, NULL, 0, 0);
222 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
226 * Test setting too long password.
228 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
232 // Prepare environment
233 reset_security_server();
237 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
238 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
242 * Basic password setting.
244 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
248 // Prepare environment
249 reset_security_server();
253 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
254 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
258 * Set a maximum password period.
260 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
263 // Prepare environment
264 reset_security_server();
265 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
266 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
270 // UINT_MAX will cause api error, it is to big value
271 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
272 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
274 // calculate max applicable valid days that will not be rejected by ss
275 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
276 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
277 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
278 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
282 * Set a maximum password challenge number.
284 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
287 // Prepare environment
288 reset_security_server();
289 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
290 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
294 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
295 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
299 * Set empty password.
301 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
304 // Prepare environment
305 reset_security_server();
306 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
307 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
311 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
312 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
316 * Change password to a too long password.
318 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
321 // Prepare environment
322 reset_security_server();
323 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
324 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
328 char* long_password = (char*) malloc(5001);
329 long_password[5000] = '\0';
330 memset(long_password, 'A', 5000);
331 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
332 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
336 * Check empty password.
338 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
341 unsigned int attempt, max_attempt, expire_sec;
343 // Prepare environment
344 reset_security_server();
345 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
346 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
350 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
351 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
355 * Various validity parameter values.
357 RUNNER_TEST(tc16_security_server_set_pwd_validity)
360 // Prepare environment
361 reset_security_server();
362 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
363 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
366 ret = security_server_set_pwd_validity(0);
367 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
369 ret = security_server_set_pwd_validity(1);
370 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
372 //When trying to set UINT_MAX we should get error.
373 ret = security_server_set_pwd_validity(UINT_MAX);
374 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
376 ret = security_server_set_pwd_validity(2);
377 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
381 * Check passwords validity
383 RUNNER_TEST(tc17_security_server_is_pwd_valid)
386 unsigned int attempt, max_attempt, expire_sec;
388 // Prepare environment
389 reset_security_server();
390 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
391 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
395 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
396 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
397 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
401 * Various numbers of challenges.
403 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
406 // Prepare environment
407 reset_security_server();
408 // calculate max applicable valid days that will not be rejected by ss
409 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
410 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
411 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
412 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
416 ret = security_server_set_pwd_max_challenge(0);
417 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
420 ret = security_server_set_pwd_max_challenge(UINT_MAX);
421 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
424 ret = security_server_set_pwd_max_challenge(5);
425 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
428 ret = security_server_set_pwd_max_challenge(6);
429 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
434 * Check the max number of challenges.
436 RUNNER_TEST(tc19_security_server_is_pwd_valid)
439 unsigned int attempt, max_attempt, expire_sec;
440 // Prepare environment
441 reset_security_server();
442 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
443 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
445 ret = security_server_set_pwd_max_challenge(6);
446 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
449 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
450 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
451 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
455 * Basic password check.
457 RUNNER_TEST(tc20_security_server_chk_pwd)
460 unsigned int attempt, max_attempt, expire_sec;
462 // Prepare environment
463 reset_security_server();
464 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
465 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
469 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
470 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
473 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
474 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
478 * Check an incorrect password.
480 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
483 unsigned int attempt, max_attempt, expire_sec;
485 // Prepare environment
486 reset_security_server();
487 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
488 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
492 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
493 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
497 * Check an incorrect password
499 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
503 // Prepare environment
504 reset_security_server();
505 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
506 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
510 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
511 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
517 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
521 // Prepare environment
522 reset_security_server();
523 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
524 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
528 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
529 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
533 * Check wrong password multiple times and then check a correct one.
535 RUNNER_TEST(tc24_security_server_attempt_exceeding)
538 unsigned int i, attempt, max_attempt, expire_sec;
540 // Prepare environment
541 reset_security_server();
542 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
543 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
546 printf("5 subtests started...");
547 for (i = 0; i < 5; i++) {
549 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
550 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
551 RUNNER_ASSERT_MSG(attempt == i, attempt);
556 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
557 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
560 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
561 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
562 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
563 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
567 * Try to exceed maximum number of challenges.
569 RUNNER_TEST(tc25_security_server_attempt_exceeding)
572 unsigned int i, attempt, max_attempt, expire_sec;
574 // Prepare environment
575 reset_security_server();
576 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
577 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
580 printf("10 subtests started...");
581 for (i = 0; i < 10; i++) {
583 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
584 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
585 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt);
588 // The check, that exceeds max number
590 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
591 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
595 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
596 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
602 RUNNER_TEST(tc26_security_server_reset_pwd)
606 // Prepare environment
607 reset_security_server();
608 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
609 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
613 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
614 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
618 * Check too long password.
620 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
623 unsigned int attempt, max_attempt, expire_sec;
624 // Prepare environment
625 reset_security_server();
626 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
627 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
630 char* long_password = (char*) malloc(5001);
631 long_password[5000] = '\0';
632 memset(long_password, 'A', 5000);
633 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
634 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
638 * Check passwords expiration (not expired)
640 RUNNER_TEST(tc28_security_server_check_expiration)
643 unsigned int attempt, max_attempt, expire_sec;
645 // Prepare environment
646 reset_security_server();
647 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
648 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
652 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
653 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
654 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
658 * Use various parameter values of parameters.
660 RUNNER_TEST(tc29_security_server_set_pwd_history)
664 // Prepare environment
665 reset_security_server();
666 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
667 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
671 ret = security_server_set_pwd_history(100);
672 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
675 ret = security_server_set_pwd_history(51);
676 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
679 ret = security_server_set_pwd_history(-5);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
683 ret = security_server_set_pwd_history(50);
684 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
687 ret = security_server_set_pwd_history(0);
688 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
691 ret = security_server_set_pwd_history(INT_MAX);
692 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
695 ret = security_server_set_pwd_history(INT_MIN);
696 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
699 ret = security_server_set_pwd_history(10);
700 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
705 int dir_filter(const struct dirent *entry)
707 if ((strcmp(entry->d_name, ".") == 0) ||
708 (strcmp(entry->d_name, "..") == 0) ||
709 (strcmp(entry->d_name, "attempts") == 0) ||
710 (strcmp(entry->d_name, "history") == 0))
716 void clean_password_dir(void)
720 struct dirent **mydirent;
722 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
731 * Check password history.
733 RUNNER_TEST(tc30_security_server_check_history)
737 char buf1[33], buf2[33];
739 // Prepare environment
740 reset_security_server();
742 clean_password_dir();
745 ret = security_server_set_pwd_history(10);
746 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
749 ret = security_server_reset_pwd("history0", 0, 0);
750 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
752 printf("11 subtests started...");
753 for (i = 0; i < 11; i++) {
754 sprintf(buf1, "history%d", i);
755 sprintf(buf2, "history%d", i + 1);
758 ret = security_server_set_pwd(buf1, buf2, 0, 0);
759 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
764 ret = security_server_set_pwd("history11", "history1", 0, 0);
765 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
768 ret = security_server_set_pwd("history1", "history8", 0, 0);
769 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
772 ret = security_server_set_pwd("history1", "history12", 0, 0);
773 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
775 printf("48 subtests started...");
776 for (i = 12; i < 60; i++) {
779 sprintf(buf1, "history%d", i);
780 sprintf(buf2, "history%d", i + 1);
782 ret = security_server_set_pwd(buf1, buf2, 0, 0);
783 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
787 clean_password_dir();
793 RUNNER_TEST(tc31_security_server_replay_attack)
797 unsigned int attempt, max_attempt, expire_sec;
800 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
802 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
805 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
809 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
815 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
818 unsigned int attempt, max_attempt, expire_sec;
819 struct timeval cur_time;
821 // Prepare environment
822 reset_security_server();
823 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
824 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
828 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
829 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
831 ret = gettimeofday(&cur_time, NULL);
832 RUNNER_ASSERT_MSG(ret > -1, ret);
834 cur_time.tv_sec += (expire_sec + 1);
835 ret = settimeofday(&cur_time, NULL);
836 RUNNER_ASSERT_MSG(ret > -1, ret);
839 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
840 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
843 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
844 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
850 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
854 // Prepare environment
855 reset_security_server();
859 ret = security_server_reset_pwd(NULL, 10, 10);
860 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
864 * Use this instead of security_server_chk_pwd directly to verify the function output.
866 * verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
868 void verify_chk_pwd(int line_num, const char* challenge, int expected_result,
869 unsigned int expected_current_attempt, unsigned int expected_max_attempt,
870 unsigned int expected_valid_secs, const char* debug_str = "")
872 /* ensure that initial values differ from expected ones */
873 unsigned int attempt = expected_current_attempt - 1;
874 unsigned int max_attempt = expected_max_attempt - 1;
875 unsigned int expire_sec = expected_valid_secs - 1;
877 usleep(PASSWORD_RETRY_TIMEOUT_US);
878 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
880 // validate returned value
881 RUNNER_ASSERT_MSG(ret == expected_result, "[line " << line_num << "] "
882 "security_server_chk_pwd returned "
883 << ret << " (expected: " << expected_result << ") " << debug_str);
885 // validate current attempts value
886 RUNNER_ASSERT_MSG(attempt == expected_current_attempt, "[line " << line_num << "] "
887 "security_server_chk_pwd returned attempt = " << attempt <<
888 " (expected: " << expected_current_attempt << ") " << debug_str);
890 // validate max attempt value
891 RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt, "[line " << line_num << "] "
892 "security_server_chk_pwd returned max_attempt = " << max_attempt <<
893 " (expected: " << expected_max_attempt << ") " << debug_str);
895 // validate expire seconds
896 RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs, "[line " << line_num << "] "
897 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
898 " (expected: " << expected_valid_secs << ") " << debug_str);
902 * Reach last attempt few times in a row (before exceeding max_attempt).
904 RUNNER_TEST(tc34_security_server_max_attempts)
906 // Prepare environment
907 reset_security_server();
909 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
910 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
912 // change max attempts number few times
913 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
915 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
916 unsigned int max_challenges = max_challenge_tab[pass];
918 usleep(PASSWORD_RETRY_TIMEOUT_US);
919 ret = security_server_set_pwd_max_challenge(max_challenges);
920 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
922 // max_challenges-1 wrong password attempts
923 for (unsigned int attempt_nr = 0; attempt_nr < max_challenges - 1; ++attempt_nr)
924 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
925 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
926 attempt_nr, max_challenges, 0,
927 std::string("pass = " + std::to_string(pass) +
928 ", attempt = " + std::to_string(attempt_nr)).c_str());
930 // Check correct password finally
931 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
932 max_challenges - 1, max_challenges, 0);
937 * Decrease 'max challenge' number after several missed attempts.
939 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
941 const unsigned int max_challenge_more = 10;
942 const unsigned int max_challenge_less = 5;
944 // Prepare environment
945 reset_security_server();
947 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
948 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
951 for (unsigned int attempt = 0; attempt < max_challenge_more; ++attempt)
952 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
953 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
954 attempt, max_challenge_more, 0,
955 std::string("attempt = " + std::to_string(attempt)).c_str());
957 // lower max_challenge
958 usleep(PASSWORD_RETRY_TIMEOUT_US);
959 ret = security_server_set_pwd_max_challenge(max_challenge_less);
960 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
962 // try valid password - should pass (curr attempts is reset)
963 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
964 0, max_challenge_less, 0);
966 // remove max attempts limit
967 usleep(PASSWORD_RETRY_TIMEOUT_US);
968 ret = security_server_set_pwd_max_challenge(0);
969 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
971 // try valid password again - should pass
972 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
974 // try to change the password - should pass
975 usleep(PASSWORD_RETRY_TIMEOUT_US);
976 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
977 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
979 // validate new password
980 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
984 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
985 * works as it should.
987 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
989 const int history_depth = 5;
990 const unsigned int max_challenge = 3;
991 std::string prev_pass, new_pass = TEST_PASSWORD;
993 // Prepare environment
994 reset_security_server();
996 int ret = security_server_set_pwd_history(history_depth);
997 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
999 usleep(PASSWORD_RETRY_TIMEOUT_US);
1000 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
1001 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1003 for (int depth = 0; depth < history_depth; ++depth) {
1004 prev_pass = new_pass;
1006 //generate password name
1007 new_pass = "history" + std::to_string(depth+1);
1009 usleep(PASSWORD_RETRY_TIMEOUT_US);
1010 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
1011 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1013 // challenge initial password
1014 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1015 0, max_challenge, 0,
1016 std::string("depth = " + std::to_string(depth)).c_str());
1018 // challenge previous password
1019 verify_chk_pwd(__LINE__, prev_pass.c_str(), SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1020 1, max_challenge, 0,
1021 std::string("depth = " + std::to_string(depth)).c_str());
1026 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1027 * This test simulates user's behaviour - challenges valid and invalid passwords
1028 * in various combinations.
1030 RUNNER_TEST(tc37_security_server_challenge_mixed)
1032 // Prepare environment
1033 reset_security_server();
1035 const unsigned int max_challenge = 2;
1036 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1037 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1039 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1040 for (unsigned int i = 0; i < max_challenge; ++i)
1041 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
1042 0, max_challenge, 0,
1043 std::string("i = " + std::to_string(i)).c_str());
1045 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1046 // If it didn't, the test would fail in third loop pass.
1047 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1049 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1050 0, max_challenge, 0,
1051 std::string("i = " + std::to_string(i)).c_str());
1054 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
1055 1, max_challenge, 0,
1056 std::string("i = " + std::to_string(i)).c_str());
1059 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1060 // any further attempts (even correct) are blocked
1061 for (unsigned int i = 0; i < max_challenge; ++i)
1062 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1063 i, max_challenge, 0,
1064 std::string("i = " + std::to_string(i)).c_str());
1066 // correct - refused
1067 for (unsigned int i = 0; i < max_challenge; ++i)
1068 verify_chk_pwd(__LINE__, TEST_PASSWORD,
1069 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1070 2, max_challenge, 0,
1071 std::string("i = " + std::to_string(i)).c_str());
1075 * Pasword change mixed with history depth change.
1077 RUNNER_TEST(tc38_security_server_history_depth_change)
1080 const int initial_history_depth = 3;
1081 const int decreased_history_depth = 2;
1082 const int increased_history_depth = 4;
1084 // Prepare environment
1085 reset_security_server();
1087 ret = security_server_set_pwd_history(initial_history_depth);
1088 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1090 usleep(PASSWORD_RETRY_TIMEOUT_US);
1091 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1092 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1094 usleep(PASSWORD_RETRY_TIMEOUT_US);
1095 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1096 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1098 usleep(PASSWORD_RETRY_TIMEOUT_US);
1099 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1100 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1102 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1103 usleep(PASSWORD_RETRY_TIMEOUT_US);
1104 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1105 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1108 * Lower history depth. At this point SS should remember THIRD_TEST_PASSWORD
1109 * and SECOND_TEST_PASSWORD only.
1111 usleep(PASSWORD_RETRY_TIMEOUT_US);
1112 ret = security_server_set_pwd_history(decreased_history_depth);
1113 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1115 usleep(PASSWORD_RETRY_TIMEOUT_US);
1116 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1117 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1119 usleep(PASSWORD_RETRY_TIMEOUT_US);
1120 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1121 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1124 * Increase history depth to 4. At this point SS should remember TEST_PASSWORD
1125 * and THIRD_TEST_PASSWORD only.
1127 usleep(PASSWORD_RETRY_TIMEOUT_US);
1128 ret = security_server_set_pwd_history(increased_history_depth);
1129 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1131 // 3th and TEST_PASSWORD remembered => 2nd should be accepted
1132 usleep(PASSWORD_RETRY_TIMEOUT_US);
1133 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1134 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1136 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1137 usleep(PASSWORD_RETRY_TIMEOUT_US);
1138 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1139 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1143 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1145 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1147 unsigned int attempt, max_attempt, expire_sec;
1148 const unsigned int max_challenge = 10;
1149 const unsigned int invalid_attempts_num = 3;
1151 // Prepare environment
1152 reset_security_server();
1154 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1155 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1158 for (unsigned int attempt = 0; attempt < invalid_attempts_num; ++attempt)
1159 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1160 attempt, max_challenge, 0,
1161 std::string("attempt = " + std::to_string(attempt)).c_str());
1163 usleep(PASSWORD_RETRY_TIMEOUT_US);
1164 attempt = max_attempt = expire_sec = UINT_MAX;
1165 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1166 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1167 RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1168 RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
1169 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
1171 // restart server - triggers loading password data from file
1172 restart_security_server();
1173 sleep(SLEEP_AFTER_RESART);
1175 // challenge invalid password
1176 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1177 invalid_attempts_num, max_challenge, 0);
1179 // challenge valid password
1180 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, invalid_attempts_num+1,
1185 * Validate passwords history after security server reset.
1187 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1189 const unsigned int history_depth = 3;
1191 // Prepare environment
1192 reset_security_server();
1194 int ret = security_server_set_pwd_history(history_depth);
1195 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1197 usleep(PASSWORD_RETRY_TIMEOUT_US);
1198 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1199 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1201 usleep(PASSWORD_RETRY_TIMEOUT_US);
1202 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1203 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1205 usleep(PASSWORD_RETRY_TIMEOUT_US);
1206 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1207 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1209 usleep(PASSWORD_RETRY_TIMEOUT_US);
1210 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1211 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1213 // restart server - triggers loading password data from file
1214 restart_security_server();
1215 sleep(SLEEP_AFTER_RESART);
1217 // try to reuse history passwords
1218 usleep(PASSWORD_RETRY_TIMEOUT_US);
1219 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1220 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1222 usleep(PASSWORD_RETRY_TIMEOUT_US);
1223 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1224 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1226 usleep(PASSWORD_RETRY_TIMEOUT_US);
1227 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1228 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1232 int main(int argc, char *argv[])
1234 int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);