clean_password_dir();
sleep(1);
- ret = security_server_set_pwd_history(10);
+ ret = security_server_set_pwd_history(9);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
sleep(1);
RUNNER_TEST(tc38_security_server_history_depth_change)
{
int ret;
- const int initial_history_depth = 3;
- const int decreased_history_depth = 2;
- const int increased_history_depth = 4;
+ const int initial_history_depth = 2;
+ const int decreased_history_depth = 1;
+ const int increased_history_depth = 3;
// Prepare environment
reset_security_server();
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
/*
- * Lower history depth. At this point SS should remember THIRD_TEST_PASSWORD
- * and SECOND_TEST_PASSWORD only.
+ * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
+ * and SECOND_TEST_PASSWORD as a part of history.
*/
usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd_history(decreased_history_depth);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
/*
- * Increase history depth to 4. At this point SS should remember TEST_PASSWORD
+ * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
* and THIRD_TEST_PASSWORD only.
*/
usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd_history(increased_history_depth);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- // 3th and TEST_PASSWORD remembered => 2nd should be accepted
+ // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
*/
RUNNER_TEST(tc40_security_server_history_check_after_reset)
{
- const unsigned int history_depth = 3;
+ const unsigned int history_depth = 2;
// Prepare environment
reset_security_server();
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
}
+/**
+ * Check if SS has correct behaviour when changing history depth to 0.
+ */
+RUNNER_TEST(tc41_security_server_empty_history_check)
+{
+ const unsigned int history_depth = 2;
+ const unsigned int empty_history_depth = 0;
+
+ //prepare environment
+ reset_security_server();
+
+ //set new history count
+ int ret = security_server_set_pwd_history(history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //set new password and fill history
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that everything went OK - try setting something that would cause reuse error
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //reset history limit to no history at all
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd_history(empty_history_depth);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //make sure, that current password still exists in memory
+ //expected attempt 2 because our previous tries increased attempt counter
+ verify_chk_pwd(__LINE__, THIRD_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 2, 0, 0);
+
+ //we also shouldn't be able to set the same password - it's a part of history after all
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+
+ //once again try setting earlier used passwords - now API should return success
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+}
+
+RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
+{
+ //prepare environment
+ reset_security_server();
+
+ //set a password
+ int ret = security_server_set_pwd(NULL, TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
+
+ //try setting different password and giving NULL as current once again
+ usleep(PASSWORD_RETRY_TIMEOUT_US);
+ ret = security_server_set_pwd(NULL, SECOND_TEST_PASSWORD, 0, 0);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
+}
int main(int argc, char *argv[])
{