2 * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
5 * @file security_server_tests_password.cpp
6 * @author Bumjin Im (bj.im@samsung.com)
7 * @author Pawel Polawski (p.polawski@partner.samsung.com)
8 * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
9 * @author Jan Olszak (j.olszak@samsung.com)
11 * @brief Test cases for security server
13 * WARNING: In this file test order is very important. They have to always be run
14 * in correct order. This is done by correct test case names ("tcXX_").
22 #include <sys/types.h>
23 #include <sys/param.h>
27 #include <sys/socket.h>
30 #include "security-server.h"
31 #include <dpl/test/test_runner.h>
33 #include "security_server_clean_env.h"
36 // security server retry timeout in microseconds
37 const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
40 const char* TEST_PASSWORD = "IDLEPASS";
41 const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
42 const char* THIRD_TEST_PASSWORD = "THIRDPASS";
43 const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
46 RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
50 * Confirm there is no password before tests are run.
52 RUNNER_TEST(tc01_clear_environment)
55 unsigned int attempt, max_attempt, expire_sec;
59 reset_security_server();
61 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
63 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
64 RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
65 RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
66 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
70 SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
71 SLOGD("If not, you will see some failures\n");
73 RUNNER_IGNORED_MSG("I'm not root");
79 * Basic test of setting validity period.
81 RUNNER_TEST(tc02_security_server_set_pwd_validity)
85 // Prepare environment
86 reset_security_server();
90 ret = security_server_set_pwd_validity(10);
91 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
93 ret = security_server_set_pwd_validity(11);
94 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
97 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
98 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
100 ret = security_server_set_pwd_validity(10);
101 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
103 ret = security_server_set_pwd_validity(11);
104 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
110 * Basic test of setting maximum number of password challenges.
112 RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
116 // Prepare environment
117 reset_security_server();
121 ret = security_server_set_pwd_max_challenge(5);
122 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
124 ret = security_server_set_pwd_max_challenge(6);
125 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
128 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
129 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
131 ret = security_server_set_pwd_max_challenge(5);
132 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
134 ret = security_server_set_pwd_max_challenge(6);
135 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
138 reset_security_server();
142 * Test checking a too long password.
144 RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
147 unsigned int attempt, max_attempt, expire_sec;
150 ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
151 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
155 * Test various parameter values when checking a password.
157 RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
160 unsigned int attempt, max_attempt, expire_sec;
162 ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
163 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
165 ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
166 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
168 ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
169 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
171 ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
172 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
176 * Check the given password when no password is set.
178 RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
181 unsigned int attempt, max_attempt, expire_sec;
183 // Prepare environment - there is no password now!
184 reset_security_server();
187 ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
189 RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
190 RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
191 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
195 * Checks various parameter values.
197 RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
201 // Prepare environment
202 reset_security_server();
205 ret = security_server_set_pwd(NULL, NULL, 0, 0);
206 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
210 * Test setting too long password.
212 RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
216 // Prepare environment
217 reset_security_server();
221 ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
222 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
226 * Basic password setting.
228 RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
232 // Prepare environment
233 reset_security_server();
237 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
238 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
242 * Set a maximum password period.
244 RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
247 // Prepare environment
248 reset_security_server();
249 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
250 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
254 // UINT_MAX will cause api error, it is to big value
255 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
256 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
258 // calculate max applicable valid days that will not be rejected by ss
259 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
260 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
261 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
262 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
266 * Set a maximum password challenge number.
268 RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
271 // Prepare environment
272 reset_security_server();
273 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
274 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
278 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
279 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
283 * Set empty password.
285 RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
288 // Prepare environment
289 reset_security_server();
290 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
291 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
295 ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
296 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
300 * Change password to a too long password.
302 RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
305 // Prepare environment
306 reset_security_server();
307 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
308 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
312 char* long_password = (char*) malloc(5001);
313 long_password[5000] = '\0';
314 memset(long_password, 'A', 5000);
315 ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
316 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
320 * Check empty password.
322 RUNNER_TEST(tc15_security_server_chk_pwd_shortest_password)
325 unsigned int attempt, max_attempt, expire_sec;
327 // Prepare environment
328 reset_security_server();
329 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
330 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
334 ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
335 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
339 * Various validity parameter values.
341 RUNNER_TEST(tc16_security_server_set_pwd_validity)
344 // Prepare environment
345 reset_security_server();
346 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
347 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
350 ret = security_server_set_pwd_validity(0);
351 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
353 ret = security_server_set_pwd_validity(1);
354 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
356 //When trying to set UINT_MAX we should get error.
357 ret = security_server_set_pwd_validity(UINT_MAX);
358 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
360 ret = security_server_set_pwd_validity(2);
361 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
365 * Check passwords validity
367 RUNNER_TEST(tc17_security_server_is_pwd_valid)
370 unsigned int attempt, max_attempt, expire_sec;
372 // Prepare environment
373 reset_security_server();
374 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
375 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
379 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
380 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
381 RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
385 * Various numbers of challenges.
387 RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
390 // Prepare environment
391 reset_security_server();
392 // calculate max applicable valid days that will not be rejected by ss
393 // ensure, that after conversion from days to seconds in ss there will be no uint overflow
394 unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
395 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
396 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
400 ret = security_server_set_pwd_max_challenge(0);
401 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
404 ret = security_server_set_pwd_max_challenge(UINT_MAX);
405 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
408 ret = security_server_set_pwd_max_challenge(5);
409 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
412 ret = security_server_set_pwd_max_challenge(6);
413 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
418 * Check the max number of challenges.
420 RUNNER_TEST(tc19_security_server_is_pwd_valid)
423 unsigned int attempt, max_attempt, expire_sec;
424 // Prepare environment
425 reset_security_server();
426 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
427 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
429 ret = security_server_set_pwd_max_challenge(6);
430 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
433 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
434 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
435 RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
439 * Basic password check.
441 RUNNER_TEST(tc20_security_server_chk_pwd)
444 unsigned int attempt, max_attempt, expire_sec;
446 // Prepare environment
447 reset_security_server();
448 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
449 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
453 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
454 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
457 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
458 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
462 * Check an incorrect password.
464 RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
467 unsigned int attempt, max_attempt, expire_sec;
469 // Prepare environment
470 reset_security_server();
471 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
472 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
476 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
477 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
481 * Check an incorrect password
483 RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
487 // Prepare environment
488 reset_security_server();
489 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
490 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
494 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
495 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
501 RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
505 // Prepare environment
506 reset_security_server();
507 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
508 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
512 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
513 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
517 * Check wrong password multiple times and then check a correct one.
519 RUNNER_TEST(tc24_security_server_attempt_exceeding)
522 unsigned int i, attempt, max_attempt, expire_sec;
524 // Prepare environment
525 reset_security_server();
526 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
527 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
530 printf("5 subtests started...");
531 for (i = 0; i < 5; i++) {
533 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
534 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
535 RUNNER_ASSERT_MSG(attempt == i, attempt);
540 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
541 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
544 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
545 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
546 RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
547 RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
551 * Try to exceed maximum number of challenges.
553 RUNNER_TEST(tc25_security_server_attempt_exceeding)
556 unsigned int i, attempt, max_attempt, expire_sec;
558 // Prepare environment
559 reset_security_server();
560 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
561 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
564 printf("10 subtests started...");
565 for (i = 0; i < 10; i++) {
567 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
568 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
569 RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt);
572 // The check, that exceeds max number
574 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
575 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
579 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
580 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
586 RUNNER_TEST(tc26_security_server_reset_pwd)
590 // Prepare environment
591 reset_security_server();
592 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
593 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
597 ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
598 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
602 * Check too long password.
604 RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
607 unsigned int attempt, max_attempt, expire_sec;
608 // Prepare environment
609 reset_security_server();
610 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
611 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
614 char* long_password = (char*) malloc(5001);
615 long_password[5000] = '\0';
616 memset(long_password, 'A', 5000);
617 ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
618 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
622 * Check passwords expiration (not expired)
624 RUNNER_TEST(tc28_security_server_check_expiration)
627 unsigned int attempt, max_attempt, expire_sec;
629 // Prepare environment
630 reset_security_server();
631 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
632 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
636 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
637 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
638 RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
642 * Use various parameter values of parameters.
644 RUNNER_TEST(tc29_security_server_set_pwd_history)
648 // Prepare environment
649 reset_security_server();
650 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
651 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
655 ret = security_server_set_pwd_history(100);
656 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
659 ret = security_server_set_pwd_history(51);
660 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
663 ret = security_server_set_pwd_history(-5);
664 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
667 ret = security_server_set_pwd_history(50);
668 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
671 ret = security_server_set_pwd_history(0);
672 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
675 ret = security_server_set_pwd_history(INT_MAX);
676 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
679 ret = security_server_set_pwd_history(INT_MIN);
680 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
683 ret = security_server_set_pwd_history(10);
684 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
689 int dir_filter(const struct dirent *entry)
691 if ((strcmp(entry->d_name, ".") == 0) ||
692 (strcmp(entry->d_name, "..") == 0) ||
693 (strcmp(entry->d_name, "attempts") == 0) ||
694 (strcmp(entry->d_name, "history") == 0))
700 void clean_password_dir(void)
704 struct dirent **mydirent;
706 ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
715 * Check password history.
717 RUNNER_TEST(tc30_security_server_check_history)
721 char buf1[33], buf2[33];
723 // Prepare environment
724 reset_security_server();
726 clean_password_dir();
729 ret = security_server_set_pwd_history(9);
730 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
733 ret = security_server_reset_pwd("history0", 0, 0);
734 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
736 printf("11 subtests started...");
737 for (i = 0; i < 11; i++) {
738 sprintf(buf1, "history%d", i);
739 sprintf(buf2, "history%d", i + 1);
742 ret = security_server_set_pwd(buf1, buf2, 0, 0);
743 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
748 ret = security_server_set_pwd("history11", "history1", 0, 0);
749 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
752 ret = security_server_set_pwd("history1", "history8", 0, 0);
753 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
756 ret = security_server_set_pwd("history1", "history12", 0, 0);
757 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
759 printf("48 subtests started...");
760 for (i = 12; i < 60; i++) {
763 sprintf(buf1, "history%d", i);
764 sprintf(buf2, "history%d", i + 1);
766 ret = security_server_set_pwd(buf1, buf2, 0, 0);
767 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
771 clean_password_dir();
777 RUNNER_TEST(tc31_security_server_replay_attack)
781 unsigned int attempt, max_attempt, expire_sec;
784 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
786 while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
789 ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
793 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
799 RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
802 unsigned int attempt, max_attempt, expire_sec;
803 struct timeval cur_time;
805 // Prepare environment
806 reset_security_server();
807 ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
808 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
812 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
813 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
815 ret = gettimeofday(&cur_time, NULL);
816 RUNNER_ASSERT_MSG(ret > -1, ret);
818 cur_time.tv_sec += (expire_sec + 1);
819 ret = settimeofday(&cur_time, NULL);
820 RUNNER_ASSERT_MSG(ret > -1, ret);
823 ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
824 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
827 ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
828 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
834 RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
838 // Prepare environment
839 reset_security_server();
843 ret = security_server_reset_pwd(NULL, 10, 10);
844 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
848 * Use this instead of security_server_chk_pwd directly to verify the function output.
850 * verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
852 void verify_chk_pwd(int line_num, const char* challenge, int expected_result,
853 unsigned int expected_current_attempt, unsigned int expected_max_attempt,
854 unsigned int expected_valid_secs, const char* debug_str = "")
856 /* ensure that initial values differ from expected ones */
857 unsigned int attempt = expected_current_attempt - 1;
858 unsigned int max_attempt = expected_max_attempt - 1;
859 unsigned int expire_sec = expected_valid_secs - 1;
861 usleep(PASSWORD_RETRY_TIMEOUT_US);
862 int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
864 // validate returned value
865 RUNNER_ASSERT_MSG(ret == expected_result, "[line " << line_num << "] "
866 "security_server_chk_pwd returned "
867 << ret << " (expected: " << expected_result << ") " << debug_str);
869 // validate current attempts value
870 RUNNER_ASSERT_MSG(attempt == expected_current_attempt, "[line " << line_num << "] "
871 "security_server_chk_pwd returned attempt = " << attempt <<
872 " (expected: " << expected_current_attempt << ") " << debug_str);
874 // validate max attempt value
875 RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt, "[line " << line_num << "] "
876 "security_server_chk_pwd returned max_attempt = " << max_attempt <<
877 " (expected: " << expected_max_attempt << ") " << debug_str);
879 // validate expire seconds
880 RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs, "[line " << line_num << "] "
881 "security_server_chk_pwd returned expire_sec = " << expire_sec <<
882 " (expected: " << expected_valid_secs << ") " << debug_str);
886 * Reach last attempt few times in a row (before exceeding max_attempt).
888 RUNNER_TEST(tc34_security_server_max_attempts)
890 // Prepare environment
891 reset_security_server();
893 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
894 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
896 // change max attempts number few times
897 std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
899 for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
900 unsigned int max_challenges = max_challenge_tab[pass];
902 usleep(PASSWORD_RETRY_TIMEOUT_US);
903 ret = security_server_set_pwd_max_challenge(max_challenges);
904 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
906 // max_challenges-1 wrong password attempts
907 for (unsigned int attempt_nr = 0; attempt_nr < max_challenges - 1; ++attempt_nr)
908 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
909 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
910 attempt_nr, max_challenges, 0,
911 std::string("pass = " + std::to_string(pass) +
912 ", attempt = " + std::to_string(attempt_nr)).c_str());
914 // Check correct password finally
915 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
916 max_challenges - 1, max_challenges, 0);
921 * Decrease 'max challenge' number after several missed attempts.
923 RUNNER_TEST(tc35_security_server_decrease_max_attempts)
925 const unsigned int max_challenge_more = 10;
926 const unsigned int max_challenge_less = 5;
928 // Prepare environment
929 reset_security_server();
931 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
932 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
935 for (unsigned int attempt = 0; attempt < max_challenge_more; ++attempt)
936 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
937 SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
938 attempt, max_challenge_more, 0,
939 std::string("attempt = " + std::to_string(attempt)).c_str());
941 // lower max_challenge
942 usleep(PASSWORD_RETRY_TIMEOUT_US);
943 ret = security_server_set_pwd_max_challenge(max_challenge_less);
944 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
946 // try valid password - should pass (curr attempts is reset)
947 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
948 0, max_challenge_less, 0);
950 // remove max attempts limit
951 usleep(PASSWORD_RETRY_TIMEOUT_US);
952 ret = security_server_set_pwd_max_challenge(0);
953 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
955 // try valid password again - should pass
956 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
958 // try to change the password - should pass
959 usleep(PASSWORD_RETRY_TIMEOUT_US);
960 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
961 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
963 // validate new password
964 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
968 * Change password few times and challenge previous passwords - checks if security_server_set_pwd
969 * works as it should.
971 RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
973 const int history_depth = 5;
974 const unsigned int max_challenge = 3;
975 std::string prev_pass, new_pass = TEST_PASSWORD;
977 // Prepare environment
978 reset_security_server();
980 int ret = security_server_set_pwd_history(history_depth);
981 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
983 usleep(PASSWORD_RETRY_TIMEOUT_US);
984 ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
985 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
987 for (int depth = 0; depth < history_depth; ++depth) {
988 prev_pass = new_pass;
990 //generate password name
991 new_pass = "history" + std::to_string(depth+1);
993 usleep(PASSWORD_RETRY_TIMEOUT_US);
994 ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
995 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
997 // challenge initial password
998 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1000 std::string("depth = " + std::to_string(depth)).c_str());
1002 // challenge previous password
1003 verify_chk_pwd(__LINE__, prev_pass.c_str(), SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1004 1, max_challenge, 0,
1005 std::string("depth = " + std::to_string(depth)).c_str());
1010 * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
1011 * This test simulates user's behaviour - challenges valid and invalid passwords
1012 * in various combinations.
1014 RUNNER_TEST(tc37_security_server_challenge_mixed)
1016 // Prepare environment
1017 reset_security_server();
1019 const unsigned int max_challenge = 2;
1020 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1021 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1023 // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
1024 for (unsigned int i = 0; i < max_challenge; ++i)
1025 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
1026 0, max_challenge, 0,
1027 std::string("i = " + std::to_string(i)).c_str());
1029 // Ensure that challenging valid password resets 'cuurrent attempt' value.
1030 // If it didn't, the test would fail in third loop pass.
1031 for (unsigned int i = 0; i < max_challenge + 1; ++i) {
1033 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1034 0, max_challenge, 0,
1035 std::string("i = " + std::to_string(i)).c_str());
1038 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
1039 1, max_challenge, 0,
1040 std::string("i = " + std::to_string(i)).c_str());
1043 // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
1044 // any further attempts (even correct) are blocked
1045 for (unsigned int i = 0; i < max_challenge; ++i)
1046 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1047 i, max_challenge, 0,
1048 std::string("i = " + std::to_string(i)).c_str());
1050 // correct - refused
1051 for (unsigned int i = 0; i < max_challenge; ++i)
1052 verify_chk_pwd(__LINE__, TEST_PASSWORD,
1053 SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
1054 2, max_challenge, 0,
1055 std::string("i = " + std::to_string(i)).c_str());
1059 * Pasword change mixed with history depth change.
1061 RUNNER_TEST(tc38_security_server_history_depth_change)
1064 const int initial_history_depth = 2;
1065 const int decreased_history_depth = 1;
1066 const int increased_history_depth = 3;
1068 // Prepare environment
1069 reset_security_server();
1071 ret = security_server_set_pwd_history(initial_history_depth);
1072 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1074 usleep(PASSWORD_RETRY_TIMEOUT_US);
1075 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1076 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1078 usleep(PASSWORD_RETRY_TIMEOUT_US);
1079 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1080 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1082 usleep(PASSWORD_RETRY_TIMEOUT_US);
1083 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1084 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1086 // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
1087 usleep(PASSWORD_RETRY_TIMEOUT_US);
1088 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1089 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1092 * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
1093 * and SECOND_TEST_PASSWORD as a part of history.
1095 usleep(PASSWORD_RETRY_TIMEOUT_US);
1096 ret = security_server_set_pwd_history(decreased_history_depth);
1097 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1099 usleep(PASSWORD_RETRY_TIMEOUT_US);
1100 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1101 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1103 usleep(PASSWORD_RETRY_TIMEOUT_US);
1104 ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1105 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1108 * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
1109 * and THIRD_TEST_PASSWORD only.
1111 usleep(PASSWORD_RETRY_TIMEOUT_US);
1112 ret = security_server_set_pwd_history(increased_history_depth);
1113 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1115 // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
1116 usleep(PASSWORD_RETRY_TIMEOUT_US);
1117 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1118 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1120 // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
1121 usleep(PASSWORD_RETRY_TIMEOUT_US);
1122 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1123 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1127 * Challenge invalid password, reset server and check if 'current attempts' is restored.
1129 RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
1131 unsigned int attempt, max_attempt, expire_sec;
1132 const unsigned int max_challenge = 10;
1133 const unsigned int invalid_attempts_num = 3;
1135 // Prepare environment
1136 reset_security_server();
1138 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
1139 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1142 for (unsigned int attempt = 0; attempt < invalid_attempts_num; ++attempt)
1143 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1144 attempt, max_challenge, 0,
1145 std::string("attempt = " + std::to_string(attempt)).c_str());
1147 usleep(PASSWORD_RETRY_TIMEOUT_US);
1148 attempt = max_attempt = expire_sec = UINT_MAX;
1149 ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
1150 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1151 RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
1152 RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
1153 RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
1155 // restart server - triggers loading password data from file
1156 restart_security_server();
1158 // challenge invalid password
1159 verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
1160 invalid_attempts_num, max_challenge, 0);
1162 // challenge valid password
1163 verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, invalid_attempts_num+1,
1168 * Validate passwords history after security server reset.
1170 RUNNER_TEST(tc40_security_server_history_check_after_reset)
1172 const unsigned int history_depth = 2;
1174 // Prepare environment
1175 reset_security_server();
1177 int ret = security_server_set_pwd_history(history_depth);
1178 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1180 usleep(PASSWORD_RETRY_TIMEOUT_US);
1181 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1182 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1184 usleep(PASSWORD_RETRY_TIMEOUT_US);
1185 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1186 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1188 usleep(PASSWORD_RETRY_TIMEOUT_US);
1189 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1190 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1192 usleep(PASSWORD_RETRY_TIMEOUT_US);
1193 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
1194 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1196 // restart server - triggers loading password data from file
1197 restart_security_server();
1199 // try to reuse history passwords
1200 usleep(PASSWORD_RETRY_TIMEOUT_US);
1201 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1202 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1204 usleep(PASSWORD_RETRY_TIMEOUT_US);
1205 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1206 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1208 usleep(PASSWORD_RETRY_TIMEOUT_US);
1209 ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1210 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1214 * Check if SS has correct behaviour when changing history depth to 0.
1216 RUNNER_TEST(tc41_security_server_empty_history_check)
1218 const unsigned int history_depth = 2;
1219 const unsigned int empty_history_depth = 0;
1221 //prepare environment
1222 reset_security_server();
1224 //set new history count
1225 int ret = security_server_set_pwd_history(history_depth);
1226 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1228 //set new password and fill history
1229 usleep(PASSWORD_RETRY_TIMEOUT_US);
1230 ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
1231 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1233 usleep(PASSWORD_RETRY_TIMEOUT_US);
1234 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1235 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1237 usleep(PASSWORD_RETRY_TIMEOUT_US);
1238 ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1239 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1241 //make sure, that everything went OK - try setting something that would cause reuse error
1242 usleep(PASSWORD_RETRY_TIMEOUT_US);
1243 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1244 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1246 usleep(PASSWORD_RETRY_TIMEOUT_US);
1247 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1248 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1250 //reset history limit to no history at all
1251 usleep(PASSWORD_RETRY_TIMEOUT_US);
1252 ret = security_server_set_pwd_history(empty_history_depth);
1253 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1255 //make sure, that current password still exists in memory
1256 //expected attempt 2 because our previous tries increased attempt counter
1257 verify_chk_pwd(__LINE__, THIRD_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 2, 0, 0);
1259 //we also shouldn't be able to set the same password - it's a part of history after all
1260 usleep(PASSWORD_RETRY_TIMEOUT_US);
1261 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
1262 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
1264 //once again try setting earlier used passwords - now API should return success
1265 usleep(PASSWORD_RETRY_TIMEOUT_US);
1266 ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
1267 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1269 usleep(PASSWORD_RETRY_TIMEOUT_US);
1270 ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
1271 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1274 RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
1276 //prepare environment
1277 reset_security_server();
1280 int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
1281 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
1283 //try setting different password and giving NULL as current once again
1284 usleep(PASSWORD_RETRY_TIMEOUT_US);
1285 ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
1286 RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
1289 int main(int argc, char *argv[])
1291 int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);