<label name="security-server::api-get-gid" />
<label name="security-server::api-password-check" />
<label name="security-server::api-password-set" />
+ <label name="security-server::api-password-reset" />
<label name="security-server::audit-files" />
</provide>
</define>
ln -s ../security-server-open-for.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-open-for.socket
ln -s ../security-server-password-check.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-password-check.socket
ln -s ../security-server-password-set.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-password-set.socket
+ln -s ../security-server-password-reset.socket %{buildroot}/usr/lib/systemd/system/sockets.target.wants/security-server-password-reset.socket
%clean
rm -rf %{buildroot}
%attr(-,root,root) /usr/lib/systemd/system/security-server-password-check.socket
%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-password-set.socket
%attr(-,root,root) /usr/lib/systemd/system/security-server-password-set.socket
+%attr(-,root,root) /usr/lib/systemd/system/sockets.target.wants/security-server-password-reset.socket
+%attr(-,root,root) /usr/lib/systemd/system/security-server-password-reset.socket
%{_datadir}/license/%{name}
* #include <security-server.h>
* ...
* int ret;
- * unsigned int attempt, max_attempt, expire_sec;
*
- * ret = security_server_set_pwd("this_is_new_pwd", 20, 365);
+ * ret = security_server_reset_pwd("this_is_new_pwd", 20, 365);
* if(retval != SECURITY_SERVER_API_SUCCESS)
* {
* printf("%s", "we have error\n");
*
* \endcode
*
- * Access to this function requires SMACK rule: "<app_label> security-server::api-password-set w"
+ * Access to this function requires SMACK rule: "<app_label> security-server::api-password-reset w"
*/
int security_server_reset_pwd(const char *new_pwd,
const unsigned int max_challenge,
Serialization::Serialize(send, max_challenge);
Serialization::Serialize(send, valid_period_in_days);
- int retCode = sendToServer(SERVICE_SOCKET_PASSWD_SET, send.Pop(), recv);
+ int retCode = sendToServer(SERVICE_SOCKET_PASSWD_RESET, send.Pop(), recv);
if (SECURITY_SERVER_API_SUCCESS != retCode) {
LogError("Error in sendToServer. Error code: " << retCode);
return retCode;
"/tmp/.security-server-api-password-check.sock";
char const * const SERVICE_SOCKET_PASSWD_SET =
"/tmp/.security-server-api-password-set.sock";
+char const * const SERVICE_SOCKET_PASSWD_RESET =
+ "/tmp/.security-server-api-password-reset.sock";
const size_t COOKIE_SIZE = 20;
extern char const * const SERVICE_SOCKET_OPEN_FOR;
extern char const * const SERVICE_SOCKET_PASSWD_CHECK;
extern char const * const SERVICE_SOCKET_PASSWD_SET;
+extern char const * const SERVICE_SOCKET_PASSWD_RESET;
enum class AppPermissionsAction { ENABLE, DISABLE };
// you may ignore this ID (just pass 0)
const InterfaceID SOCKET_ID_CHECK = 0;
const InterfaceID SOCKET_ID_SET = 1;
+const InterfaceID SOCKET_ID_RESET = 2;
} // namespace anonymous
{
return ServiceDescriptionVector {
{SERVICE_SOCKET_PASSWD_CHECK, "security-server::api-password-check", SOCKET_ID_CHECK},
- {SERVICE_SOCKET_PASSWD_SET, "security-server::api-password-set", SOCKET_ID_SET}
+ {SERVICE_SOCKET_PASSWD_SET, "security-server::api-password-set", SOCKET_ID_SET},
+ {SERVICE_SOCKET_PASSWD_RESET, "security-server::api-password-reset", SOCKET_ID_RESET}
};
}
result = m_pwdManager.setPasswordMaxChallenge(rec_max_challenge);
break;
+ case PasswordHdrs::HDR_SET_PWD_HISTORY:
+ Deserialization::Deserialize(buffer, rec_history);
+ result = m_pwdManager.setPasswordHistory(rec_history);
+ break;
+
+ default:
+ LogError("Unknown msg header.");
+ Throw(Exception::IncorrectHeader);
+ }
+
+ return result;
+}
+
+int PasswordService::processResetFunctions(PasswordHdrs hdr, MessageBuffer& buffer)
+{
+ int result = SECURITY_SERVER_API_ERROR_SERVER_ERROR;
+
+ std::string newPwd;
+ unsigned int rec_att = 0, rec_days = 0;
+
+ switch(hdr) {
case PasswordHdrs::HDR_RST_PWD:
Deserialization::Deserialize(buffer, newPwd);
Deserialization::Deserialize(buffer, rec_att);
result = m_pwdManager.resetPassword(newPwd, rec_att, rec_days);
break;
- case PasswordHdrs::HDR_SET_PWD_HISTORY:
- Deserialization::Deserialize(buffer, rec_history);
- result = m_pwdManager.setPasswordHistory(rec_history);
- break;
-
default:
LogError("Unknown msg header.");
Throw(Exception::IncorrectHeader);
retCode = processSetFunctions(hdr, buffer);
break;
+ case SOCKET_ID_RESET:
+ retCode = processResetFunctions(hdr, buffer);
+ break;
+
default:
LogError("Wrong interfaceID.");
Throw(Exception::IncorrectHeader);
int processCheckFunctions(PasswordHdrs hdr, MessageBuffer& buffer, unsigned int &cur_att,
unsigned int &max_att, unsigned int &exp_time);
int processSetFunctions(PasswordHdrs hdr, MessageBuffer& buffer);
+ int processResetFunctions(PasswordHdrs hdr, MessageBuffer& buffer);
// service attributes
PasswordManager m_pwdManager;
${CMAKE_SOURCE_DIR}/systemd/security-server-app-privilege-by-name.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-cookie-check-tmp.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-open-for.socket
+ ${CMAKE_SOURCE_DIR}/systemd/security-server-password-reset.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-password-check.socket
${CMAKE_SOURCE_DIR}/systemd/security-server-password-set.socket
DESTINATION
--- /dev/null
+[Socket]
+ListenStream=/tmp/.security-server-api-password-reset.sock
+SocketMode=0777
+#SmackLabelIPIn=security-server::api-password-reset
+SmackLabelIPIn=*
+SmackLabelIPOut=@
+
+Service=security-server.service
+
+[Install]
+WantedBy=sockets.target
Sockets=security-server-open-for.socket
Sockets=security-server-password-check.socket
Scokets=security-server-password-set.socket
+Scokets=security-server-password-reset.socket
[Install]
WantedBy=multi-user.target