#include <dirent.h>
#include "security-server.h"
#include <dpl/test/test_runner.h>
+#include <tests_common.h>
#include <dlog.h>
-#include "test.h"
+#include "security_server_clean_env.h"
+#include <tracker.h>
+#include <summary_collector.h>
-#define TEST_PASSWORD "IDLEPASS"
-#define SECOND_TEST_PASSWORD "OTHERIDLEPASS"
-#define THIRD_TEST_PASSWORD "THIRDPASS"
-/**
- * Reset security-server.
- *
- * Function should be run at the begining of every test, so every test is independent of each other.
- */
-void reset_security_server(){
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi");
- sync();
- system("killall -SIGKILL security-server");
- sleep(1);
+// security server retry timeout in microseconds
+const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-}
+// the maximum time (in seconds) passwords can expire in
+const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
+// test passwords
+const char* TEST_PASSWORD = "IDLEPASS";
+const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
+const char* THIRD_TEST_PASSWORD = "THIRDPASS";
+const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
-
/**
* Confirm there is no password before tests are run.
*/
if (getuid() == 0)
{
- system("rm /opt/data/security-server/*");
- sync();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(expire_sec == 0, "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 0, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(attempt == 0, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
}
else
{
RUNNER_IGNORED_MSG("I'm not root");
}
- sleep(1);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TESTS:
// WITHOUT password
ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
// WITH password
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- sleep(1);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TESTS:
// WITHOUT password
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
// WITH password
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- sleep(1);
- reset_security_server();
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
// 33 char password
ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", NULL, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", &attempt, NULL, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_chk_pwd("password", &attempt, &max_attempt, NULL);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment - there is no password now!
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TEST
ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(expire_sec == 0, expire_sec);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 0, max_attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TEST
ret = security_server_set_pwd(NULL, NULL, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TEST
// 33 char password
ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TEST
- sleep(1);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ // UINT_MAX will cause api error, it is to big value
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ sleep(1);
+ // calculate max applicable valid days that will not be rejected by ss
+ // ensure, that after conversion from days to seconds in ss there will be no uint overflow
+ unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, UINT_MAX, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
long_password[5000] = '\0';
memset(long_password, 'A', 5000);
ret = security_server_set_pwd(TEST_PASSWORD,long_password, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EMPTY, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
ret = security_server_set_pwd_validity(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = security_server_set_pwd_validity(1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ //When trying to set UINT_MAX we should get error.
ret = security_server_set_pwd_validity(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST:
sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
}
/**
{
int ret;
// Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ reset_security_server(TRACE_FROM_HERE);
+ // calculate max applicable valid days that will not be rejected by ss
+ // ensure, that after conversion from days to seconds in ss there will be no uint overflow
+ unsigned int valid_days = ((UINT_MAX - time(NULL)) / 86400) - 1;
+ ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, valid_days);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TESTS
sleep(1);
ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_max_challenge(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
int ret;
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 6, "max_attempt = " << max_attempt);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, ret);
sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
//TEST
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
RUNNER_TEST(tc24_security_server_attempt_exceeding)
{
int ret;
- int i;
- unsigned int attempt, max_attempt, expire_sec;
+ unsigned int i, attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
printf("5 subtests started...");
- for (i = 0; i < 5; i++) {
+ for (i = 1; i <= 5; i++) {
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i + 1, attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
}
printf("DONE\n");
sleep(1);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == 0, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == 10, "ret = " << ret);
}
/**
RUNNER_TEST(tc25_security_server_attempt_exceeding)
{
int ret;
- int i;
- unsigned int attempt, max_attempt, expire_sec;
+ unsigned int i, attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
printf("10 subtests started...");
- for (i = 0; i < 10; i++) {
+ for (i = 1; i <= 10; i++) {
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i + 1, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(attempt == i, "attempt = " << attempt << ", expected " << i);
}
// The check, that exceeds max number
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
printf("DONE\n");
sleep(1);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
/**
int ret;
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
char* long_password = (char*) malloc(5001);
long_password[5000] = '\0';
memset(long_password, 'A', 5000);
ret = security_server_chk_pwd(long_password, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
/**
unsigned int attempt, max_attempt, expire_sec;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TESTS
sleep(1);
ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(51);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(-5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(50);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(INT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(INT_MIN);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
char buf1[33], buf2[33];
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
clean_password_dir();
- sleep(1);
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(9);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_reset_pwd("history0", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
printf("11 subtests started...");
for (i = 0; i < 11; i++) {
sleep(1);
ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
printf("DONE\n");
sleep(1);
ret = security_server_set_pwd("history11", "history1", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd("history1", "history8", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
sleep(1);
ret = security_server_set_pwd("history1", "history12", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
printf("48 subtests started...");
for (i = 12; i < 60; i++) {
sprintf(buf2, "history%d", i + 1);
ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
printf("DONE\n");
usleep(i);
}
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
struct timeval cur_time;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
ret = security_server_set_pwd(NULL, TEST_PASSWORD, 4, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// TEST
sleep(1);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
ret = gettimeofday(&cur_time, NULL);
- RUNNER_ASSERT_MSG(ret > -1, ret);
+ RUNNER_ASSERT_MSG_BT(ret > -1, ret);
cur_time.tv_sec += (expire_sec + 1);
ret = settimeofday(&cur_time, NULL);
- RUNNER_ASSERT_MSG(ret > -1, ret);
+ RUNNER_ASSERT_MSG_BT(ret > -1, ret);
sleep(1);
ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
}
/**
int ret;
// Prepare environment
- reset_security_server();
+ reset_security_server(TRACE_FROM_HERE);
// TEST
- sleep(1);
ret = security_server_reset_pwd(NULL, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
}
+/*
+ * Use this instead of security_server_chk_pwd directly to verify the function output.
+ * For example:
+ * verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
+ */
+void verify_chk_pwd_basic(
+ const char* challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ unsigned int expected_valid_secs,
+ const Tracker &tracker = Tracker())
+{
+ /* ensure that initial values differ from expected ones */
+ unsigned int attempt = expected_current_attempt - 1;
+ unsigned int max_attempt = expected_max_attempt - 1;
+ unsigned int expire_sec = expected_valid_secs - 1;
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
+
+ // validate returned value
+ RUNNER_ASSERT_MSG_BT(ret == expected_result,
+ tracker.str() <<
+ "security_server_chk_pwd returned "
+ << ret << " (expected: " << expected_result << ")");
+
+ // validate current attempts value
+ RUNNER_ASSERT_MSG_BT(attempt == expected_current_attempt,
+ tracker.str() <<
+ "security_server_chk_pwd returned attempt = " << attempt <<
+ " (expected: " << expected_current_attempt << ")");
+
+ // validate max attempt value
+ RUNNER_ASSERT_MSG_BT(max_attempt == expected_max_attempt,
+ tracker.str() <<
+ "security_server_chk_pwd returned max_attempt = " << max_attempt <<
+ " (expected: " << expected_max_attempt << ")");
+
+ // validate expire seconds
+ if (expected_valid_secs == PASSWORD_INFINITE_EXPIRATION_TIME) {
+ RUNNER_ASSERT_MSG_BT(expire_sec == expected_valid_secs,
+ tracker.str() <<
+ "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: " << expected_valid_secs << ")");
+ } else {
+ // because of sleeps in test code we need to check period of time.
+ unsigned int begin = expected_valid_secs > 5 ? expected_valid_secs - 5 : 0;
+ unsigned int end = expected_valid_secs + 5;
+
+ RUNNER_ASSERT_MSG_BT(expire_sec >= begin && expire_sec <= end,
+ tracker.str() <<
+ "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: <" << begin << "," << end << ")");
+ }
+}
-int main(int argc, char *argv[])
+/* This function is required because we cannot use default value in expected_valid_secs in
+ * verify_chk_pwd_basic and define Tracker at the same time. */
+void verify_chk_pwd(
+ const char *challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ const Tracker &tracker = Tracker())
+{
+ verify_chk_pwd_basic(
+ challenge,
+ expected_result,
+ expected_current_attempt,
+ expected_max_attempt,
+ PASSWORD_INFINITE_EXPIRATION_TIME,
+ tracker);
+}
+
+
+/**
+ * Reach last attempt few times in a row (before exceeding max_attempt).
+ */
+RUNNER_TEST(tc34_security_server_max_attempts)
+{
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // change max attempts number few times
+ std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
+
+ for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
+ unsigned int max_challenges = max_challenge_tab[pass];
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_max_challenge(max_challenges);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // max_challenges-1 wrong password attempts
+ for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt_nr,
+ max_challenges,
+ TRACE_FROM_HERE_MSG(
+ std::string("pass = " + std::to_string(pass) +
+ ", attempt = " + std::to_string(attempt_nr))));
+
+ // Check correct password finally
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
+ max_challenges, max_challenges, TRACE_FROM_HERE);
+ }
+}
+
+/**
+ * Decrease 'max challenge' number after several missed attempts.
+ */
+RUNNER_TEST(tc35_security_server_decrease_max_attempts)
{
- int status = DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
+ const unsigned int max_challenge_more = 10;
+ const unsigned int max_challenge_less = 5;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge_more, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge_more,
+ TRACE_FROM_HERE_MSG(
+ std::string("attempt = " + std::to_string(attempt))));
+
+ // lower max_challenge
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_max_challenge(max_challenge_less);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password - should pass (curr attempts is reset)
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less,
+ TRACE_FROM_HERE);
+
+ // remove max attempts limit
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_max_challenge(0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // try valid password again - should pass
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
+
+ // try to change the password - should pass
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // validate new password
+ verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
+}
- return status;
+/**
+ * Change password few times and challenge previous passwords - checks if security_server_set_pwd
+ * works as it should.
+ */
+RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
+{
+ const int history_depth = 5;
+ const unsigned int max_challenge = 3;
+ std::string prev_pass, new_pass = TEST_PASSWORD;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ for (int depth = 0; depth < history_depth; ++depth) {
+ prev_pass = new_pass;
+
+ //generate password name
+ new_pass = "history" + std::to_string(depth+1);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // challenge initial password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth))));
+
+ // challenge previous password
+ verify_chk_pwd(
+ prev_pass.c_str(),
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth)).c_str()));
+ }
+}
+
+/**
+ * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
+ * This test simulates user's behaviour - challenges valid and invalid passwords
+ * in various combinations.
+ */
+RUNNER_TEST(tc37_security_server_challenge_mixed)
+{
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ const unsigned int max_challenge = 2;
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
+ for (unsigned int i = 0; i < max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // Ensure that challenging valid password resets 'cuurrent attempt' value.
+ // If it didn't, the test would fail in third loop pass.
+ for (unsigned int i = 0; i < max_challenge + 1; ++i) {
+ // incorrect pwd
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // correct pwd
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+ }
+
+ // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
+ // any further attempts (even correct) are blocked
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+
+ // correct - refused
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ max_challenge + i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
+}
+
+/*
+ * Pasword change mixed with history depth change.
+ */
+RUNNER_TEST(tc38_security_server_history_depth_change)
+{
+ int ret;
+ const int initial_history_depth = 2;
+ const int decreased_history_depth = 1;
+ const int increased_history_depth = 3;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ ret = security_server_set_pwd_history(initial_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
+ * and SECOND_TEST_PASSWORD as a part of history.
+ */
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(decreased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ /*
+ * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
+ * and THIRD_TEST_PASSWORD only.
+ */
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(increased_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+}
+
+/**
+ * Challenge invalid password, reset server and check if 'current attempts' is restored.
+ */
+RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
+{
+ unsigned int attempt, max_attempt, expire_sec;
+ const unsigned int max_challenge = 10;
+ const unsigned int invalid_attempts_num = 3;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, max_challenge, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // missed attempts
+ for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("attempt = " + std::to_string(attempt))));
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ attempt = max_attempt = expire_sec = UINT_MAX;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT(max_attempt == max_challenge, "max_attempt = " << max_attempt);
+ RUNNER_ASSERT_MSG_BT(attempt == invalid_attempts_num, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG_BT(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
+ expire_sec);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // challenge invalid password
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ invalid_attempts_num + 1,
+ max_challenge,
+ TRACE_FROM_HERE);
+
+ // challenge valid password
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ invalid_attempts_num + 2,
+ max_challenge,
+ TRACE_FROM_HERE);
+}
+
+/**
+ * Validate passwords history after security server reset.
+ */
+RUNNER_TEST(tc40_security_server_history_check_after_reset)
+{
+ const unsigned int history_depth = 2;
+
+ // Prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ // restart server - triggers loading password data from file
+ restart_security_server();
+
+ // try to reuse history passwords
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+/**
+ * Check if SS has correct behaviour when changing history depth to 0.
+ */
+RUNNER_TEST(tc41_security_server_empty_history_check)
+{
+ const unsigned int history_depth = 2;
+ const unsigned int empty_history_depth = 0;
+
+ //prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ //set new history count
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //set new password and fill history
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that everything went OK - try setting something that would cause reuse error
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //reset history limit to no history at all
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(empty_history_depth);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that current password still exists in memory
+ //expected attempt 3 because our previous tries increased attempt counter
+ verify_chk_pwd(
+ THIRD_TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 3,
+ 0,
+ TRACE_FROM_HERE);
+
+ //make sure that it's possible to reuse old password once history limit is set to 0
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //once again try setting earlier used passwords - now API should return success
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
+{
+ //prepare environment
+ reset_security_server(TRACE_FROM_HERE);
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //try setting different password and giving NULL as current once again
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+ ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
+
+RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ unsigned int attempt, max_attempt, expire_sec;
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+ ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
+}
+
+RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_validity(11);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_history(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //do test
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ ret = security_server_set_pwd_max_challenge(5);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
+{
+ int ret;
+ unsigned int attempt, max_attempt, expire_sec;
+
+ // Prepare environment
+ reset_security_server();
+ ret = security_server_set_pwd(NULL, TEST_PASSWORD, 10, 10);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ // Assert security server sets infinite expiration time
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+
+ ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
+ RUNNER_ASSERT_MSG_BT(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+ RUNNER_ASSERT_MSG_BT((time_t) expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
+ "invalid expiration time " << expire_sec);
+
+ clean_password_dir();
+}
+
+int main(int argc, char *argv[])
+{
+ SummaryCollector::Register();
+ return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
}