BuildRequires: pkgconfig(cynara-client)
BuildRequires: pkgconfig(cynara-creds-socket)
BuildRequires: pkgconfig(cynara-session)
+BuildRequires: pkgconfig(security-manager)
Requires: security-config
Requires: lib%{name}-sw-backend = %{version}-%{release}
%{?systemd_requires}
cynara-client
cynara-creds-socket
cynara-session
+ security-manager
)
FIND_PACKAGE(Threads REQUIRED)
main/socket-manager.cpp
service/password.cpp
service/password-manager.cpp
+ service/password-policy-manager.cpp
service/policy-file.cpp
- service/policy-manager.cpp
service/plugin-loader.cpp
service/plugin-manager.cpp
service/privilege-check.cpp
--- /dev/null
+/*
+ * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Jooseong Lee <jooseong.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file password-policy-manager.h
+ * @author Jooseong Lee (jooseong.lee@samsung.com)
+ * @version 1.0
+ * @brief Implementation of password management functions
+ */
+
+#ifndef _POLICYMANAGER_H_
+#define _POLICYMANAGER_H_
+
+#include <string>
+#include <map>
+
+#include <policy.h>
+
+#include <policy-file.h>
+
+namespace AuthPasswd {
+class PolicyManager {
+public:
+ typedef std::map<unsigned int, PolicyFile> PolicyFileMap;
+
+ // policy checking functions
+ int checkPolicy(unsigned int passwdType,
+ const std::string ¤tPassword,
+ const std::string &newPassword,
+ unsigned int user);
+
+ // policy setting functions
+ int setPolicy(Policy policy);
+
+ // policy disabling functions
+ int disablePolicy(unsigned int user);
+
+private:
+ // managing functions
+ void addPolicy(unsigned int user);
+ void removePolicy(unsigned int user);
+ void existPolicy(unsigned int user);
+
+ PolicyFileMap m_policyFile;
+};
+} //namespace AuthPasswd
+
+#endif
#include <protocols.h>
#include <password-manager.h>
-#include <policy-manager.h>
+#include <password-policy-manager.h>
namespace AuthPasswd {
class PasswordService
+++ /dev/null
-/*
- * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Jooseong Lee <jooseong.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file policy-manager.h
- * @author Jooseong Lee (jooseong.lee@samsung.com)
- * @version 1.0
- * @brief Implementation of password management functions
- */
-
-#ifndef _POLICYMANAGER_H_
-#define _POLICYMANAGER_H_
-
-#include <string>
-#include <map>
-
-#include <policy.h>
-
-#include <policy-file.h>
-
-namespace AuthPasswd {
-class PolicyManager {
-public:
- typedef std::map<unsigned int, PolicyFile> PolicyFileMap;
-
- // policy checking functions
- int checkPolicy(unsigned int passwdType,
- const std::string ¤tPassword,
- const std::string &newPassword,
- unsigned int user);
-
- // policy setting functions
- int setPolicy(Policy policy);
-
- // policy disabling functions
- int disablePolicy(unsigned int user);
-
-private:
- // managing functions
- void addPolicy(unsigned int user);
- void removePolicy(unsigned int user);
- void existPolicy(unsigned int user);
-
- PolicyFileMap m_policyFile;
-};
-} //namespace AuthPasswd
-
-#endif
--- /dev/null
+/*
+ * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Jooseong Lee <jooseong.lee@samsung.com>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file policy-manager.cpp
+ * @author Jooseong Lee (jooseong.lee@samsung.com)
+ * @version 1.0
+ * @brief Implementation of password policy management functions
+ */
+
+#include <password-policy-manager.h>
+
+#include <iostream>
+#include <iterator>
+#include <algorithm>
+#include <cassert>
+#include <climits>
+
+#include <dpl/log/log.h>
+
+#include <auth-passwd-policy-types.h>
+#include <auth-passwd-error.h>
+
+namespace AuthPasswd {
+void PolicyManager::addPolicy(unsigned int user)
+{
+ m_policyFile.insert(PolicyFileMap::value_type(user, PolicyFile(user)));
+}
+
+void PolicyManager::removePolicy(unsigned int user)
+{
+ m_policyFile.erase(user);
+}
+
+void PolicyManager::existPolicy(unsigned int user)
+{
+ PolicyFileMap::iterator itPwd = m_policyFile.find(user);
+
+ if (itPwd != m_policyFile.end())
+ return;
+
+ addPolicy(user);
+ return;
+}
+
+int PolicyManager::checkPolicy(unsigned int passwdType,
+ const std::string ¤tPassword,
+ const std::string &newPassword,
+ unsigned int user)
+{
+ LogSecureDebug("Inside checkPolicy function.");
+
+ // check if passwords are correct
+ if (currentPassword.size() > MAX_PASSWORD_LEN) {
+ LogError("Current password length failed.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ if (newPassword.size() > MAX_PASSWORD_LEN) {
+ LogError("New password length failed.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ existPolicy(user);
+ PolicyFileMap::iterator itPolicy = m_policyFile.find(user);
+
+ if (!itPolicy->second.isPolicyActive() || (passwdType != AUTH_PWD_NORMAL))
+ return AUTH_PASSWD_API_SUCCESS;
+
+ if (itPolicy->second.getQualityType() == AUTH_PWD_QUALITY_UNSPECIFIED && newPassword.empty())
+ return AUTH_PASSWD_API_SUCCESS;
+
+ if (!itPolicy->second.checkMinLength(newPassword)) {
+ LogError("new passwd's minLength is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH;
+ }
+
+ if (!itPolicy->second.checkMinComplexCharNumber(newPassword)) {
+ LogError("new passwd's minComplexCharNumber is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM;
+ }
+
+ if (!itPolicy->second.checkMaxCharOccurrences(newPassword)) {
+ LogError("new passwd's maxCharOccurrences is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES;
+ }
+
+ if (!itPolicy->second.checkMaxNumSeqLength(newPassword)) {
+ LogError("new passwd's maxNumSeqLength is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH;
+ }
+
+ if (!itPolicy->second.checkForbiddenPasswds(newPassword)) {
+ LogError("new passwd is forbiddenPasswd");
+ return AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS;
+ }
+
+ if (!itPolicy->second.checkQualityType(newPassword)) {
+ LogError("new passwd's qualityType is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE;
+ }
+
+ if (!itPolicy->second.checkPattern(newPassword)) {
+ LogError("new passwd's pattern is invalid");
+ return AUTH_PASSWD_API_ERROR_INVALID_PATTERN;
+ }
+
+ return AUTH_PASSWD_API_SUCCESS;
+}
+
+int PolicyManager::setPolicy(Policy policy)
+{
+ LogSecureDebug("Inside setPolicy function.");
+ existPolicy(policy.uid);
+ PolicyFileMap::iterator itPolicy = m_policyFile.find(policy.uid);
+
+ // check if policies are correct
+ assert(POLICY_TYPE_FIRST == POLICY_MAX_ATTEMPTS);
+ assert(POLICY_TYPE_LAST == POLICY_FORBIDDEN_PASSWDS);
+ for (int i = POLICY_TYPE_FIRST; i < POLICY_TYPE_LAST + 1; i++) {
+ if (!policy.isFlagOn(static_cast<password_policy_type>(i)))
+ continue;
+
+ switch (i) {
+ case POLICY_MAX_ATTEMPTS:
+ break;
+
+ case POLICY_VALID_PERIOD: {
+ time_t curTime = time(NULL);
+
+ if (policy.validPeriod > ((UINT_MAX - curTime) / 86400)) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+ }
+
+ case POLICY_HISTORY_SIZE:
+ if (policy.historySize > MAX_PASSWORD_HISTORY) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_MIN_LENGTH:
+ if (policy.minLength > MAX_PASSWORD_LEN) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_MIN_COMPLEX_CHAR_NUMBER:
+ if (policy.minComplexCharNumber > MAX_PASSWORD_LEN) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_MAX_CHAR_OCCURRENCES:
+ if (policy.maxCharOccurrences > MAX_PASSWORD_LEN) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_MAX_NUMERIC_SEQ_LENGTH:
+ if (policy.maxNumSeqLength > MAX_PASSWORD_LEN) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_QUALITY_TYPE:
+ if (policy.qualityType > AUTH_PWD_QUALITY_LAST) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ case POLICY_PATTERN:
+ if (!itPolicy->second.isValidPattern(policy.pattern)) {
+ LogError("Incorrect input param.");
+ return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+ }
+
+ break;
+
+ default: // POLICY_FORBIDDEN_PASSWDS
+ break;
+ }
+ }
+
+ // update policies
+ for (int i = POLICY_TYPE_FIRST; i < POLICY_TYPE_LAST + 1; i++) {
+ if (!policy.isFlagOn(static_cast<password_policy_type>(i)))
+ continue;
+
+ switch (i) {
+ case POLICY_MAX_ATTEMPTS:
+ LogSecureDebug("maxAttempts: " << policy.maxAttempts);
+ break;
+
+ case POLICY_VALID_PERIOD:
+ LogSecureDebug("validPeriod: " << policy.validPeriod);
+ break;
+
+ case POLICY_HISTORY_SIZE:
+ LogSecureDebug("historySize: " << policy.historySize);
+ break;
+
+ case POLICY_MIN_LENGTH:
+ LogSecureDebug("minLength: " << policy.minLength);
+ itPolicy->second.setMinLength(policy.minLength);
+ break;
+
+ case POLICY_MIN_COMPLEX_CHAR_NUMBER:
+ LogSecureDebug("minComplexCharNumber: " << policy.minComplexCharNumber);
+ itPolicy->second.setMinComplexCharNumber(policy.minComplexCharNumber);
+ break;
+
+ case POLICY_MAX_CHAR_OCCURRENCES:
+ LogSecureDebug("maxCharOccurrences: " << policy.maxCharOccurrences);
+ itPolicy->second.setMaxCharOccurrences(policy.maxCharOccurrences);
+ break;
+
+ case POLICY_MAX_NUMERIC_SEQ_LENGTH:
+ LogSecureDebug("maxNumSeqLength: " << policy.maxNumSeqLength);
+ itPolicy->second.setMaxNumSeqLength(policy.maxNumSeqLength);
+ break;
+
+ case POLICY_QUALITY_TYPE:
+ LogSecureDebug("qualityType: " << policy.qualityType);
+ itPolicy->second.setQualityType(policy.qualityType);
+ break;
+
+ case POLICY_PATTERN:
+ LogSecureDebug("pattern: " << policy.pattern);
+ itPolicy->second.setPattern(policy.pattern);
+ break;
+
+ default: // POLICY_FORBIDDEN_PASSWDS
+ LogSecureDebug("forbiddenPasswds number: " << policy.forbiddenPasswds.size());
+ itPolicy->second.setForbiddenPasswds(policy.forbiddenPasswds);
+ break;
+ }
+ }
+
+ itPolicy->second.enable();
+ itPolicy->second.writeMemoryToFile();
+ return AUTH_PASSWD_API_SUCCESS;
+}
+
+int PolicyManager::disablePolicy(unsigned int user)
+{
+ LogSecureDebug("Inside disablePolicy function.");
+ existPolicy(user);
+ PolicyFileMap::iterator itPolicy = m_policyFile.find(user);
+ itPolicy->second.disable();
+ itPolicy->second.writeMemoryToFile();
+ return AUTH_PASSWD_API_SUCCESS;
+}
+} //namespace AuthPasswd
+++ /dev/null
-/*
- * Copyright (c) 2016 - 2016 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Jooseong Lee <jooseong.lee@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-/*
- * @file policy-manager.cpp
- * @author Jooseong Lee (jooseong.lee@samsung.com)
- * @version 1.0
- * @brief Implementation of password policy management functions
- */
-
-#include <policy-manager.h>
-
-#include <iostream>
-#include <iterator>
-#include <algorithm>
-#include <cassert>
-#include <climits>
-
-#include <dpl/log/log.h>
-
-#include <auth-passwd-policy-types.h>
-#include <auth-passwd-error.h>
-
-namespace AuthPasswd {
-void PolicyManager::addPolicy(unsigned int user)
-{
- m_policyFile.insert(PolicyFileMap::value_type(user, PolicyFile(user)));
-}
-
-void PolicyManager::removePolicy(unsigned int user)
-{
- m_policyFile.erase(user);
-}
-
-void PolicyManager::existPolicy(unsigned int user)
-{
- PolicyFileMap::iterator itPwd = m_policyFile.find(user);
-
- if (itPwd != m_policyFile.end())
- return;
-
- addPolicy(user);
- return;
-}
-
-int PolicyManager::checkPolicy(unsigned int passwdType,
- const std::string ¤tPassword,
- const std::string &newPassword,
- unsigned int user)
-{
- LogSecureDebug("Inside checkPolicy function.");
-
- // check if passwords are correct
- if (currentPassword.size() > MAX_PASSWORD_LEN) {
- LogError("Current password length failed.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- if (newPassword.size() > MAX_PASSWORD_LEN) {
- LogError("New password length failed.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- existPolicy(user);
- PolicyFileMap::iterator itPolicy = m_policyFile.find(user);
-
- if (!itPolicy->second.isPolicyActive() || (passwdType != AUTH_PWD_NORMAL))
- return AUTH_PASSWD_API_SUCCESS;
-
- if (itPolicy->second.getQualityType() == AUTH_PWD_QUALITY_UNSPECIFIED && newPassword.empty())
- return AUTH_PASSWD_API_SUCCESS;
-
- if (!itPolicy->second.checkMinLength(newPassword)) {
- LogError("new passwd's minLength is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH;
- }
-
- if (!itPolicy->second.checkMinComplexCharNumber(newPassword)) {
- LogError("new passwd's minComplexCharNumber is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM;
- }
-
- if (!itPolicy->second.checkMaxCharOccurrences(newPassword)) {
- LogError("new passwd's maxCharOccurrences is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES;
- }
-
- if (!itPolicy->second.checkMaxNumSeqLength(newPassword)) {
- LogError("new passwd's maxNumSeqLength is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH;
- }
-
- if (!itPolicy->second.checkForbiddenPasswds(newPassword)) {
- LogError("new passwd is forbiddenPasswd");
- return AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS;
- }
-
- if (!itPolicy->second.checkQualityType(newPassword)) {
- LogError("new passwd's qualityType is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE;
- }
-
- if (!itPolicy->second.checkPattern(newPassword)) {
- LogError("new passwd's pattern is invalid");
- return AUTH_PASSWD_API_ERROR_INVALID_PATTERN;
- }
-
- return AUTH_PASSWD_API_SUCCESS;
-}
-
-int PolicyManager::setPolicy(Policy policy)
-{
- LogSecureDebug("Inside setPolicy function.");
- existPolicy(policy.uid);
- PolicyFileMap::iterator itPolicy = m_policyFile.find(policy.uid);
-
- // check if policies are correct
- assert(POLICY_TYPE_FIRST == POLICY_MAX_ATTEMPTS);
- assert(POLICY_TYPE_LAST == POLICY_FORBIDDEN_PASSWDS);
- for (int i = POLICY_TYPE_FIRST; i < POLICY_TYPE_LAST + 1; i++) {
- if (!policy.isFlagOn(static_cast<password_policy_type>(i)))
- continue;
-
- switch (i) {
- case POLICY_MAX_ATTEMPTS:
- break;
-
- case POLICY_VALID_PERIOD: {
- time_t curTime = time(NULL);
-
- if (policy.validPeriod > ((UINT_MAX - curTime) / 86400)) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
- }
-
- case POLICY_HISTORY_SIZE:
- if (policy.historySize > MAX_PASSWORD_HISTORY) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_MIN_LENGTH:
- if (policy.minLength > MAX_PASSWORD_LEN) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_MIN_COMPLEX_CHAR_NUMBER:
- if (policy.minComplexCharNumber > MAX_PASSWORD_LEN) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_MAX_CHAR_OCCURRENCES:
- if (policy.maxCharOccurrences > MAX_PASSWORD_LEN) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_MAX_NUMERIC_SEQ_LENGTH:
- if (policy.maxNumSeqLength > MAX_PASSWORD_LEN) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_QUALITY_TYPE:
- if (policy.qualityType > AUTH_PWD_QUALITY_LAST) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- case POLICY_PATTERN:
- if (!itPolicy->second.isValidPattern(policy.pattern)) {
- LogError("Incorrect input param.");
- return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
- }
-
- break;
-
- default: // POLICY_FORBIDDEN_PASSWDS
- break;
- }
- }
-
- // update policies
- for (int i = POLICY_TYPE_FIRST; i < POLICY_TYPE_LAST + 1; i++) {
- if (!policy.isFlagOn(static_cast<password_policy_type>(i)))
- continue;
-
- switch (i) {
- case POLICY_MAX_ATTEMPTS:
- LogSecureDebug("maxAttempts: " << policy.maxAttempts);
- break;
-
- case POLICY_VALID_PERIOD:
- LogSecureDebug("validPeriod: " << policy.validPeriod);
- break;
-
- case POLICY_HISTORY_SIZE:
- LogSecureDebug("historySize: " << policy.historySize);
- break;
-
- case POLICY_MIN_LENGTH:
- LogSecureDebug("minLength: " << policy.minLength);
- itPolicy->second.setMinLength(policy.minLength);
- break;
-
- case POLICY_MIN_COMPLEX_CHAR_NUMBER:
- LogSecureDebug("minComplexCharNumber: " << policy.minComplexCharNumber);
- itPolicy->second.setMinComplexCharNumber(policy.minComplexCharNumber);
- break;
-
- case POLICY_MAX_CHAR_OCCURRENCES:
- LogSecureDebug("maxCharOccurrences: " << policy.maxCharOccurrences);
- itPolicy->second.setMaxCharOccurrences(policy.maxCharOccurrences);
- break;
-
- case POLICY_MAX_NUMERIC_SEQ_LENGTH:
- LogSecureDebug("maxNumSeqLength: " << policy.maxNumSeqLength);
- itPolicy->second.setMaxNumSeqLength(policy.maxNumSeqLength);
- break;
-
- case POLICY_QUALITY_TYPE:
- LogSecureDebug("qualityType: " << policy.qualityType);
- itPolicy->second.setQualityType(policy.qualityType);
- break;
-
- case POLICY_PATTERN:
- LogSecureDebug("pattern: " << policy.pattern);
- itPolicy->second.setPattern(policy.pattern);
- break;
-
- default: // POLICY_FORBIDDEN_PASSWDS
- LogSecureDebug("forbiddenPasswds number: " << policy.forbiddenPasswds.size());
- itPolicy->second.setForbiddenPasswds(policy.forbiddenPasswds);
- break;
- }
- }
-
- itPolicy->second.enable();
- itPolicy->second.writeMemoryToFile();
- return AUTH_PASSWD_API_SUCCESS;
-}
-
-int PolicyManager::disablePolicy(unsigned int user)
-{
- LogSecureDebug("Inside disablePolicy function.");
- existPolicy(user);
- PolicyFileMap::iterator itPolicy = m_policyFile.find(user);
- itPolicy->second.disable();
- itPolicy->second.writeMemoryToFile();
- return AUTH_PASSWD_API_SUCCESS;
-}
-} //namespace AuthPasswd
#include <sys/un.h>
#include <dpl/log/log.h>
+#include <app-runtime.h>
namespace AuthPasswd {
return 1;
}
- user = cr.uid;
+ bool is_app = false;
+ int ret = security_manager_is_app_from_pid(cr.pid, &is_app);
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ LogError("security_manager_is_app_from_pid() failed. ret=" << ret);
+ return 1;
+ }
+
+ if (is_app) {
+ // The client is an application. So we need to get app ower id.
+ ret = security_manager_get_app_owner_uid(cr.pid, &user);
+ if (ret != SECURITY_MANAGER_SUCCESS) {
+ LogError("security_manager_get_app_owner_uid() failed. ret=" << ret);
+ return 1;
+ }
+ } else {
+ user = cr.uid;
+ }
+
return 0;
}
${SERVER_PATH}/service/plugin-loader.cpp
${SERVER_PATH}/service/plugin-manager.cpp)
-PKG_CHECK_MODULES(${TARGET_TEST}_DEP REQUIRED klay security-manager)
+PKG_CHECK_MODULES(${TARGET_TEST}_DEP REQUIRED klay security-manager libtzplatform-config)
INCLUDE_DIRECTORIES(SYSTEM ${${TARGET_TEST}_DEP_INCLUDE_DIRS}
${INCLUDE_PATH}
{
int ret = auth_passwd_reset_passwd(
AUTH_PWD_NORMAL,
- getuid(),
+ test::get_test_uid(false),
default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_max_attempts(policy, 10);
TESTCASE(T00202_disable_policy)
{
- int ret = auth_passwd_disable_policy(getuid());
+ int ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
}
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
// ===============================
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_history_size(policy, 0);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_history_size(policy, 0);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_max_num_seq_len(policy, max_num_seq);
ret = auth_passwd_set_policy(policy);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep(1);
ret = auth_passwd_set_passwd(AUTH_PWD_NORMAL, default_pass, allowed_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
}
TESTCASE(T00207_reset_passwd_privilege)
{
auto reset_passwd_function = [] () -> int {
- return auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ return auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
};
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.settings.main",
test::ScopedPolicy sp(test::create_policy_h(), auth_passwd_free_policy);
policy_h *policy = sp.get();
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
if (ret != AUTH_PASSWD_API_SUCCESS)
return ret;
ret = auth_passwd_set_max_attempts(policy, 10);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.settings.main",
AUTH_PASSWD_API_ERROR_ACCESS_DENIED, set_policy_function));
- int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
- TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.Apps",
AUTH_PASSWD_API_SUCCESS, set_policy_function));
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
- TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_SYSTEM, "",
AUTH_PASSWD_API_SUCCESS, set_policy_function));
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
- TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_SYSTEM_PRIVILEGED, "",
AUTH_PASSWD_API_SUCCESS, set_policy_function));
}
TESTCASE(T0010_init)
{
- int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
- auth_passwd_disable_policy(getuid());
+ auth_passwd_disable_policy(test::get_test_uid(false));
}
TESTCASE(T00111_check)
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_quality(policy, AUTH_PWD_QUALITY_ALPHABETIC);
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_policy(policy);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
/* restore */
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep_for_retry_timeout();
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_min_length(policy, 4);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
/* restore */
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep_for_retry_timeout();
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_min_complex_char_num(policy, AUTH_PWD_COMPLEX_CHAR_GROUP_1);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
/* restore */
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
sleep_for_retry_timeout();
policy_h *policy = sp.get();
TEST_EXPECT(true, policy != nullptr);
- int ret = auth_passwd_set_user(policy, getuid());
+ int ret = auth_passwd_set_user(policy, test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
ret = auth_passwd_set_validity(policy, 1);
ret = set_relative_date(-2);
TEST_EXPECT(true, ret == 0);
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
}
return check_passwd(AUTH_PWD_NORMAL, default_pass);
};
- int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
+ TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(true), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
- ret = auth_passwd_disable_policy(getuid());
+ ret = auth_passwd_disable_policy(test::get_test_uid(false));
+ TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
+ ret = auth_passwd_disable_policy(test::get_test_uid(true));
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.settings.main",
return auth_passwd_set_passwd(AUTH_PWD_NORMAL, default_pass, NULL);
};
- int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ int ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(true), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.settings.main",
AUTH_PASSWD_API_ERROR_ACCESS_DENIED, set_passwd_function));
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(true), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_APP, "org.tizen.Apps",
AUTH_PASSWD_API_SUCCESS, set_passwd_function));
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_SYSTEM, "",
AUTH_PASSWD_API_SUCCESS, set_passwd_function));
- ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, getuid(), default_pass);
+ ret = auth_passwd_reset_passwd(AUTH_PWD_NORMAL, test::get_test_uid(false), default_pass);
TEST_EXPECT(AUTH_PASSWD_API_SUCCESS, ret);
TEST_EXPECT(true, test::run_in_process(SM_PROCESS_TYPE_SYSTEM_PRIVILEGED, "",
AUTH_PASSWD_API_SUCCESS, set_passwd_function));
* @version 1.0
* @brief
*/
+
+#include <tzplatform_config.h>
+
#include "test-util.h"
namespace test {
return handle;
}
+uid_t get_test_uid(bool app)
+{
+ static uid_t APP_OWNER = tzplatform_getuid(TZ_SYS_DEFAULT_USER);
+ if (app)
+ return APP_OWNER;
+ else
+ return 0;
+}
+
} // namespace test
namespace test {
policy_h *create_policy_h();
+uid_t get_test_uid(bool app);
using ScopedPolicy = std::unique_ptr<policy_h, decltype(&auth_passwd_free_policy)>;
projects / platform / core / security / auth-fw.git / commitdiff