Security-server has been removed from Tizen 3.0 images.
Change-Id: I6cd8349abd94b2136726a357f515308cb482bce9
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
libsmack-test
libprivilege-control
libprivilege-control-test
-security-server
- security-server-tests-client-smack
- security-server-tests-stress
- security-server-tests-server
- security-server-tests-api-speed
- security-server-tests-password
- security-server-tests-privilege
- security-server-tests-dbus
security-manager
security-manager-tests
cynara
<filesystem path="/usr/bin/libsmack-test" exec_label="_" />
<filesystem path="/usr/bin/libprivilege-control-test" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-client-smack" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-server" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-password" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-privilege" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-stress" exec_label="_" />
- <filesystem path="/usr/bin/security-server-tests-dbus" exec_label="_" />
<filesystem path="/usr/bin/security-manager-tests" exec_label="_" />
<filesystem path="/usr/bin/cynara-tests" exec_label="_" />
<filesystem path="/usr/bin/ckm-tests" exec_label="User" />
BuildRequires: pkgconfig(libcap)
BuildRequires: pkgconfig(libsmack)
BuildRequires: pkgconfig(libprivilege-control)
-BuildRequires: pkgconfig(security-server)
BuildRequires: pkgconfig(security-manager)
BuildRequires: pkgconfig(key-manager)
BuildRequires: pkgconfig(dlog)
/usr/bin/libsmack-test
/usr/bin/smack-dbus-tests
/usr/bin/libprivilege-control-test
-/usr/bin/security-server-tests-client-smack
-/usr/bin/security-server-tests-server
-/usr/bin/security-server-tests-password
-/usr/bin/security-server-tests-privilege
-/usr/bin/security-server-tests-stress
/etc/smack/test_smack_rules_full
/etc/smack/test_smack_rules2
/etc/smack/test_smack_rules3
/etc/smack/test_smack_rules4
-/usr/bin/security-server-tests-mt
-/usr/bin/security-server-tests-api-speed
/usr/bin/security-manager-tests
/etc/smack/test_smack_rules
/etc/smack/test_smack_rules_lnk
ADD_SUBDIRECTORY(libprivilege-control-tests)
ADD_SUBDIRECTORY(libsmack-tests)
ADD_SUBDIRECTORY(smack-dbus-tests)
-ADD_SUBDIRECTORY(security-server-tests)
ADD_SUBDIRECTORY(security-manager-tests)
ADD_SUBDIRECTORY(cynara-tests)
ADD_SUBDIRECTORY(libwebappenc-tests)
${PROJECT_SOURCE_DIR}/src/ckm/async-api.cpp
${PROJECT_SOURCE_DIR}/src/ckm/ckm-common.cpp
${PROJECT_SOURCE_DIR}/src/ckm/cc-mode.cpp
-# ${PROJECT_SOURCE_DIR}/src/ckm/password-integration.cpp
${PROJECT_SOURCE_DIR}/src/ckm/system-db.cpp
${PROJECT_SOURCE_DIR}/src/ckm/initial-values.cpp
- ${PROJECT_SOURCE_DIR}/src/ckm/clean-env.cpp
${PROJECT_SOURCE_DIR}/src/ckm/test-certs.cpp
${PROJECT_SOURCE_DIR}/src/ckm/algo-params.cpp
${PROJECT_SOURCE_DIR}/src/ckm/encryption-decryption-env.cpp
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <ckm/ckm-control.h>
-
-#include <service_manager.h>
-#include <clean-env.h>
-
-int restart_security_server() {
- ServiceManager sm("security-server.service");
- sm.restartService();
-
- return 0;
-}
-
-static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW *ftwbuf)
-{
- if (tflag == FTW_F)
- unlink(fpath);
- else if (tflag == FTW_DP && ftwbuf->level != 0)
- rmdir(fpath);
-
- return 0;
-}
-
-/**
- * This function should be called at the begining of every SS test, so all the tests
- * are independent of each other.
- */
-int reset_security_server()
-{
- const char* path = "/opt/data/security-server/";
- const int max_descriptors = 10; //max number of open file descriptors by nftw function
-
- // Clear /opt/data/security-server/ directory
- if (access(path, F_OK) == 0) {
- if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
- return 1;
- }
- sync();
- }
-
- restart_security_server();
- auto control = CKM::Control::create();
-
- if (!!control) {
- control->lockUserKey(5000);
- control->removeUserData(5000);
- control->unlockUserKey(5000, "");
- }
-
- return 0;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-#pragma once
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <ckm/ckm-control.h>
-
-int restart_security_server();
-int reset_security_server();
-
+++ /dev/null
-/*
- * Copyright (c) 2000 - 2014 Samsung Electronics Co.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- *
- * @file password-integration.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- */
-#include <vector>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-
-#include <tests_common.h>
-
-#include <ckm/ckm-control.h>
-#include <ckm/ckm-manager.h>
-#include <ckm/ckm-password.h>
-#include <ckm/ckm-type.h>
-
-#include <security-server.h>
-
-#include <access_provider2.h>
-#include <clean-env.h>
-
-CKM::Alias CKM_ALIAS1 = "ALIAS1";
-CKM::Alias CKM_ALIAS2 = "ALIAS2";
-
-CKM::RawBuffer BIN_DATA1 = {'A','B','R','A','C','A','D','A','B','R','A'};
-
-const char * PASSWORD1 = "LongPassword1";
-const char * PASSWORD2 = "LongerPassword2";
-
-static const int USER_APP = 5000;
-
-const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-
-void dropPrivileges() {
- static const std::string LABEL1 = "TestLabel1";
- static const int GROUP_APP = 5000;
-
- AccessProvider ap(LABEL1);
- ap.allowAPI("key-manager::api-storage", "rw");
- ap.applyAndSwithToUser(USER_APP, GROUP_APP);
-}
-
-RUNNER_TEST_GROUP_INIT(T401_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4010_INIT)
-{
- reset_security_server();
- unsigned int attempt, max_attempt, expire_sec;
-
- int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4011_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4012_CLOSE_CKM_DB)
-{
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4013_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
-
- // CKM will automaticly unlock with empty password
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4014_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- unsigned int attempt, max_attempt, expire_sec;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- int ret = security_server_chk_pwd(NULL, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4015_GET_DATA)
-{
- dropPrivileges();
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
-}
-
-RUNNER_TEST_GROUP_INIT(T402_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4020_INIT)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4021_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4022_CLOSE_CKM_DB)
-{
- unsigned int attempt, max, expire;
-
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // login with current password to get rid of invalid "NULL" DKEK
- ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-
- ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4023_GET_DATA_NEGATIVE)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4024_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- unsigned int attempt, max, expire;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- int ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error =" << ret);
-}
-
-RUNNER_CHILD_TEST(T4025_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data missmatch");
-}
-
-RUNNER_TEST_GROUP_INIT(T403_SECURITY_SERVER_PASSWORD_INTEGRATION);
-
-RUNNER_TEST(T4030_INIT)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(NULL, PASSWORD1, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "");
-}
-
-RUNNER_CHILD_TEST(T4031_ADD_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- int ret = mgr->saveData(CKM_ALIAS1, BIN_DATA1, CKM::Policy());
- RUNNER_ASSERT_MSG(ret == CKM_API_SUCCESS, "");
-}
-
-RUNNER_TEST(T4032_CLOSE_CKM_DB)
-{
- unsigned int attempt, max, expire;
-
- auto ctl = CKM::Control::create();
-
- int ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // login with current password to get rid of invalid "NULL" DKEK
- ret = security_server_chk_pwd(PASSWORD1, &attempt, &max, &expire);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-
- ret = ctl->lockUserKey(USER_APP);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_CHILD_TEST(T4033_GET_DATA_NEGATIVE)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_ERROR_DB_LOCKED == ret, "Error=" << CKM::ErrorToString(ret));
-}
-
-RUNNER_TEST(T4034_UNLOCK_DATABASE_WITH_SECURITY_SERVER)
-{
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- int ret = security_server_set_pwd(PASSWORD1, PASSWORD2, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "Error=" << ret);
-}
-
-RUNNER_CHILD_TEST(T4035_GET_DATA)
-{
- dropPrivileges();
-
- auto mgr = CKM::Manager::create();
-
- CKM::RawBuffer buffer;
- int ret = mgr->getData(CKM_ALIAS1, CKM::Password(), buffer);
- RUNNER_ASSERT_MSG(CKM_API_SUCCESS == ret, "Error=" << CKM::ErrorToString(ret));
-
- RUNNER_ASSERT_MSG(buffer == BIN_DATA1, "Data mismatch");
-}
-
-
+++ /dev/null
-# Copyright (c) 2013-2015 Samsung Electronics Co., Ltd All Rights Reserved
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# @file CMakeLists.txt
-# @author Tomasz Swierczek (t.swierczek@samsung.com)
-# @author Mariusz Domanski (m.domanski@samsung.com)
-# @brief
-#
-
-INCLUDE(FindPkgConfig)
-
-# Dependencies
-PKG_CHECK_MODULES(SEC_SRV_TESTS_DEP
- libsmack
- libprivilege-control
- security-server
- dlog
- dbus-1
- REQUIRED)
-
-# Targets definition
-
-SET(TARGET_SEC_SRV_COMMON "security-server-tests-common")
-SET(TARGET_SEC_SRV_CLIENT_SMACK_TESTS "security-server-tests-client-smack")
-SET(TARGET_SEC_SRV_TC_SERVER_TESTS "security-server-tests-server")
-SET(TARGET_SEC_SRV_PWD_TESTS "security-server-tests-password")
-SET(TARGET_SEC_SRV_PRIVILEGE_TESTS "security-server-tests-privilege")
-SET(TARGET_SEC_SRV_STRESS_TESTS "security-server-tests-stress")
-SET(TARGET_SEC_SRV_MT_TESTS "security-server-tests-mt")
-SET(TARGET_SEC_SRV_MEASURER "security-server-tests-api-speed")
-
-
-# Sources definition
-
-SET(SEC_SRV_COMMON_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/security_server_tests_common.cpp
- )
-
-SET(SEC_SRV_CLIENT_SMACK_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_client_smack.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
- )
-
-SET(SEC_SRV_TC_SERVER_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/server.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/cookie_api.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/weird_arguments.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PWD_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_password.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_clean_env.cpp
- )
-
-SET(SEC_SRV_PRIVILEGE_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_privilege.cpp
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/libprivilege-control_test_common.cpp
- )
-
-SET(SEC_SRV_STRESS_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_stress.cpp
- )
-
-SET(SEC_SRV_MT_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_tests_mt.cpp
- )
-
-SET(SEC_SRV_MEASURER_SOURCES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_measurer_API_speed.cpp
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/security_server_mockup.cpp
- )
-
-INCLUDE_DIRECTORIES(SYSTEM
- ${SEC_SRV_TESTS_DEP_INCLUDE_DIRS}
- )
-
-INCLUDE_DIRECTORIES(
- ${PROJECT_SOURCE_DIR}/src/common/
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/common/
- ${PROJECT_SOURCE_DIR}/src/libprivilege-control-tests/common/
- )
-
-#LINK_DIRECTORIES(${SEC_SRV_PKGS_LIBRARY_DIRS})
-
-ADD_LIBRARY(${TARGET_SEC_SRV_COMMON} STATIC ${SEC_SRV_COMMON_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} ${SEC_SRV_CLIENT_SMACK_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_TC_SERVER_TESTS} ${SEC_SRV_TC_SERVER_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PWD_TESTS} ${SEC_SRV_PWD_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_PRIVILEGE_TESTS} ${SEC_SRV_PRIVILEGE_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_STRESS_TESTS} ${SEC_SRV_STRESS_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MT_TESTS} ${SEC_SRV_MT_SOURCES})
-ADD_EXECUTABLE(${TARGET_SEC_SRV_MEASURER} ${SEC_SRV_MEASURER_SOURCES})
-
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_CLIENT_SMACK_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_TC_SERVER_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PWD_TESTS}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_PRIVILEGE_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_STRESS_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MT_TESTS}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-TARGET_LINK_LIBRARIES(${TARGET_SEC_SRV_MEASURER}
- ${TARGET_SEC_SRV_COMMON}
- ${SEC_SRV_TESTS_DEP_LIBRARIES}
- dpl-test-framework
- tests-common
- )
-
-# Installation
-
-INSTALL(TARGETS ${TARGET_SEC_SRV_CLIENT_SMACK_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_TC_SERVER_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PWD_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_PRIVILEGE_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_STRESS_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MT_TESTS} DESTINATION /usr/bin)
-INSTALL(TARGETS ${TARGET_SEC_SRV_MEASURER} DESTINATION /usr/bin)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules1.smack
- DESTINATION /usr/share/privilege-control/
-)
-
-INSTALL(FILES
- ${PROJECT_SOURCE_DIR}/src/security-server-tests/WRT_sstp_test_rules2.smack
- DESTINATION /usr/share/privilege-control/
-)
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-~APP~ sstp_test_book_1 rwxatl
-sstp_test_subject_1 ~APP~ rwxatl
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.cpp
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include "security_server_tests_common.h"
-
-const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
-
-Cookie getCookieFromSS() {
- Cookie cookie(security_server_get_cookie_size());
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie.data(), cookie.size()),
- "Error in security_server_request_cookie.");
-
- return cookie;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
-*/
-
-/*
- * @file security_server_tests_common.h
- * @author Marcin Lis (m.lis@samsung.com)
- * @version 1.0
- * @brief security-server tests commons
- */
-
-#include <security-server.h>
-#include <tests_common.h>
-
-#ifndef SECURITY_SERVER_TESTS_COMMON_H_
-#define SECURITY_SERVER_TESTS_COMMON_H_
-
-extern const unsigned int PASSWORD_RETRY_TIMEOUT_US;
-typedef std::vector<char> Cookie;
-
-Cookie getCookieFromSS();
-
-#endif /* SECURITY_SERVER_TESTS_COMMON_H_ */
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-
-/*
- * @file security_server_tests_cookie_api.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server cookie api
- *
- */
-
-/*
-Tested API functions in this file:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
-
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- int security_server_get_uid_by_cookie(const char *cookie, uid_t *uid);
- int security_server_get_gid_by_cookie(const char *cookie, gid_t *gid);
-*/
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <sys/smack.h>
-#include <cstddef>
-#include <sys/types.h>
-#include <unistd.h>
-#include <access_provider.h>
-#include <security-server.h>
-#include <smack_access.h>
-#include <security_server_tests_common.h>
-#include <memory.h>
-
-const char *ROOT_USER = "root";
-const char *PROC_AUDIO_GROUP_NAME = "audio";
-
-const int KNOWN_COOKIE_SIZE = 20;
-
-RUNNER_TEST_GROUP_INIT(COOKIE_API_TESTS)
-
-/*
- * **************************************************************************
- * Test cases fot check various functions input params cases
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//passing nullptr as a buffer pointer
-RUNNER_CHILD_TEST(tc_arguments_01_01_security_server_request_cookie)
-{
- int ret = security_server_request_cookie(nullptr, KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//passing too small value as a buffer size
-RUNNER_CHILD_TEST(tc_arguments_01_02_security_server_request_cookie)
-{
- Cookie cookie(KNOWN_COOKIE_SIZE);
-
- int ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE - 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_02_01_security_server_check_privilege)
-{
- int ret = security_server_check_privilege(nullptr, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege() argument checking: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_03_01_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = security_server_check_privilege_by_cookie(nullptr, "wiadro", "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an object pointer
-RUNNER_CHILD_TEST(tc_arguments_03_02_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), nullptr, "rwx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//passing nullptr as an access pointer
-RUNNER_CHILD_TEST(tc_arguments_03_03_security_server_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege_by_cookie(cookie.data(), "wiadro", nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_check_privilege_by_cookie() argument checking: "
- << ret);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_04_01_security_server_get_cookie_pid)
-{
- int ret = security_server_get_cookie_pid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM,
- "Error in security_server_get_cookie_pid() argument checking: " << ret);
-}
-
-//getting pid of non existing cookie
-RUNNER_TEST(tc_arguments_04_02_security_server_get_cookie_pid)
-{
- const char wrong_cookie[KNOWN_COOKIE_SIZE] = {'w', 'a', 't', '?'};
- RUNNER_ASSERT(security_server_get_cookie_pid(wrong_cookie) ==
- SECURITY_SERVER_API_ERROR_NO_SUCH_COOKIE);
-}
-
-//---------------------------------------------------------------------------
-//passing nullptr as a cookie pointer
-RUNNER_CHILD_TEST(tc_arguments_05_01_security_server_get_smacklabel_cookie)
-{
- char *label = nullptr;
- label = security_server_get_smacklabel_cookie(nullptr);
- RUNNER_ASSERT_MSG(label == nullptr,
- "Error in security_server_get_smacklabel_cookie() argument checking");
-}
-
-
-
-/*
- * **************************************************************************
- * Unit tests for each function from API
- * **************************************************************************
- */
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_01_01_security_server_get_cookie_size)
-{
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_02_app_user_security_server_get_cookie_size_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is not loaded
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_01_03_app_user_security_server_request_cookie_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is not loaded but with too small
-// buffer size
-RUNNER_CHILD_TEST_NOSMACK(tc_init_01_04_app_user_security_server_request_cookie_too_small_buffer_size_nosmack)
-{
- int ret;
- int cookieSize = security_server_get_cookie_size();
- Cookie cookie(cookieSize);
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_request_cookie(cookie.data(), KNOWN_COOKIE_SIZE >> 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret = " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Get cookie size when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_01_05_app_user_security_server_get_cookie_size)
-{
- SecurityServer::AccessProvider provider("selflabel_01_05");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(ret == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_02_01_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie in normal case when smack is loaded
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_02_app_user_security_server_request_cookie)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
-
- SecurityServer::AccessProvider provider("selflabel_02_01");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-// Test setting up a cookie when smack is loaded but with too small buffer
-// size
-RUNNER_CHILD_TEST_SMACK(tc_unit_02_03_app_user_security_server_request_cookie_too_small_buffer_size)
-{
- int cookieSize = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookieSize == KNOWN_COOKIE_SIZE,
- "Error in security_server_get_cookie_size(): " << cookieSize);
- cookieSize >>= 1;
-
- SecurityServer::AccessProvider provider("selflabel_02_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie(cookieSize);
- int ret = security_server_request_cookie(cookie.data(), cookie.size());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL,
- "Error in security_server_request_cookie(): " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_03_01_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_02_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_03_03_app_user_security_server_check_privilege)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_03_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_check_privilege(): " << ret);
-}
-
-// invalid gid
-RUNNER_CHILD_TEST(tc_unit_03_04_security_server_check_privilege_neg)
-{
- remove_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
-
- // security_server_check_privilege fails, because the process does not belong to "audio" group
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-// add gid
-RUNNER_CHILD_TEST(tc_unit_03_05_security_server_check_privilege)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- Cookie cookie = getCookieFromSS();
- int audio_gid = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(audio_gid > -1,
- "security_server_get_gid() failed. result = " << audio_gid);
-
- int ret = security_server_check_privilege(cookie.data(), audio_gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// test invalid cookie name
-RUNNER_TEST(tc_unit_03_06_security_server_check_privilege)
-{
- // create invalid cookie
- int size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(size == KNOWN_COOKIE_SIZE, "Wrong cookie size. size = " << size);
-
- Cookie cookie(size);
- cookie[0] = 'a';
- int ret = security_server_check_privilege(cookie.data(), 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST(tc_unit_05_01_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_02_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid() should return access denied: " << ret);
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_05_03_app_user_security_server_get_cookie_pid)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_05_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret > -1, "Error in security_server_get_cookie_pid(): " << ret);
-
- int pid = getpid();
- RUNNER_ASSERT_MSG(pid == ret, "No match in PID received from cookie");
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_smack)
-{
- setLabelForSelf(__LINE__, "selflabel_06_01");
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_01") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-//root has access to API
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_06_01_security_server_get_smacklabel_cookie_nosmack)
-{
- Cookie cookie = getCookieFromSS();
-
- char *receivedLabel = security_server_get_smacklabel_cookie(cookie.data());
- RUNNER_ASSERT_MSG(receivedLabel != nullptr,
- "security_server_get_smacklabel_cookie returned nullptr");
- std::string label(receivedLabel);
- free(receivedLabel);
- RUNNER_ASSERT_MSG(label.empty(),
- "security_server_get_smacklabel_cookie returned: "
- << label);
-}
-
-//privileges drop and no smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_02_app_user_security_server_get_smacklabel_cookie)
-{
- Cookie cookie = getCookieFromSS();
-
- SecurityServer::AccessProvider provider("selflabel_06_02");
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(label.get() == nullptr,
- "nullptr should be received due to access denied, received label: "
- << label.get());
-}
-
-//privileges drop and added smack rule
-RUNNER_CHILD_TEST_SMACK(tc_unit_06_03_app_user_security_server_get_smacklabel_cookie)
-{
- SecurityServer::AccessProvider provider("selflabel_06_03");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- CStringPtr label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(strcmp(label.get(), "selflabel_06_03") == 0,
- "No match in smack label received from cookie, received label: "
- << label.get());
-}
-
-//---------------------------------------------------------------------------
-// apply smack labels and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_01_app_user_cookie_API_access_allow)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- SecurityServer::AccessProvider provider("subject_1d6eda7d");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- Cookie cookie = getCookieFromSS();
-
- int ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- int root_gid = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(root_gid > -1, "root_gid: " << root_gid);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(), "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "ss_label: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-// disable access and drop privileges
-RUNNER_CHILD_TEST_SMACK(tc_unit_09_02_app_user_cookie_API_access_deny)
-{
- SecurityServer::AccessProvider provider("subject_1d414140");
-
- Cookie cookie = getCookieFromSS();
-
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_check_privilege(cookie.data(), DB_ALARM_GID);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_gid should return access denied, "
- "ret: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_get_cookie_pid should return access denied, "
- "ret: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() == nullptr,
- "access should be denied so label should be nullptr: " << ss_label.get());
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_check_privilege_by_pid should return access denied, "
- "ret: " << ret);
-}
-
-// NOSMACK version of the test above
-RUNNER_CHILD_TEST_NOSMACK(tc_unit_09_01_app_user_cookie_API_access_allow_nosmack)
-{
- add_process_group(PROC_AUDIO_GROUP_NAME);
-
- // drop root privileges
- int ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- Cookie cookie = getCookieFromSS();
-
- ret = security_server_get_gid(PROC_AUDIO_GROUP_NAME);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"" << PROC_AUDIO_GROUP_NAME
- << "\" gid. Result: " << ret);
-
- ret = security_server_check_privilege(cookie.data(), ret);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege failed. Result: " << ret);
-
- ret = security_server_get_gid(ROOT_USER);
- RUNNER_ASSERT_MSG(ret > -1, "Failed to get \"root\" gid. Result: " << ret);
-
- ret = security_server_get_cookie_pid(cookie.data());
- RUNNER_ASSERT_MSG(ret == getpid(),
- "get_cookie_pid returned different pid than it should. Result: " << ret);
-
- CStringPtr ss_label(security_server_get_smacklabel_cookie(cookie.data()));
- RUNNER_ASSERT_MSG(ss_label.get() != nullptr, "get_smacklabel_cookie failed.");
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
-
- ret = security_server_check_privilege_by_pid(getpid(), "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid failed. Result: " << ret);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_clean_env.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions to prepare clean env for tests.
- *
- */
-
-#include <ftw.h>
-#include <unistd.h>
-
-#include <service_manager.h>
-
-int restart_security_server() {
- ServiceManager serviceManager("security-server.service");
- serviceManager.restartService();
-
- return 0;
-}
-
-static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/,
- int tflag, struct FTW *ftwbuf)
-{
- if (tflag == FTW_F)
- unlink(fpath);
- else if (tflag == FTW_DP && ftwbuf->level != 0)
- rmdir(fpath);
-
- return 0;
-}
-
-/**
- * This function should be called at the begining of every SS test, so all the tests
- * are independent of each other.
- */
-int reset_security_server()
-{
- const char* path = "/opt/data/security-server/";
- const int max_descriptors = 10; //max number of open file descriptors by nftw function
-
- // Clear /opt/data/security-server/ directory
- if (access(path, F_OK) == 0) {
- if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) {
- return 1;
- }
- sync();
- }
-
- restart_security_server();
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_clean_env.h
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Functions definitions to prepare clean env for tests.
- */
-
-#ifndef SECURITY_SERVER_CLEAN_ENV_H
-#define SECURITY_SERVER_CLEAN_ENV_H
-
-int reset_security_server();
-int restart_security_server();
-
-#endif
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Contact: Bumjin Im <bj.im@samsung.com>
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License
- */
-
-/*
- * @file security_server_measurer_API_speed.cpp
- * @author Radoslaw Bartosiak (radoslaw.bartosiak@samsung.com)
- * @version 1.0
- * @brief Log security server API functions average execution times and some aproximation of maximal and minimal execution time.
- * @details The functions are run at least NUMBER_OF_CALLS times (time is measured at the beginning and at the end, the difference is taken as the execution time).
- * @details One test case for one function of security-server. Test pass always when there was no connection error (API calls themselves may fail).
- * @details Measured times are logged using DLP testing framework logging functions. Calls each API function many times to take the average.
- * @details This file contains TEST_CASEs. Each TEST_CASE consist of one or more RUNs, each RUN consist of one or more function calls.
- * @details Each test case contains RUNs of one function only. The time is being measured before & after each run.
- */
-
-#include <dpl/log/log.h>
-#include <dpl/singleton.h>
-#include <dpl/singleton_safe_impl.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <errno.h>
-#include <float.h>
-#include <fcntl.h>
-#include <security-server.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/smack.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <memory.h>
-#include "security_server_mockup.h"
-#include <smack_access.h>
-
-IMPLEMENT_SAFE_SINGLETON(DPL::Log::LogSystem);
-#include <security_server_tests_common.h>
-#include <tests_common.h>
-
-/*Number of calls in a single test*/
-#define NUMBER_OF_CALLS (5)
-#define MICROSECS_PER_SEC (1000000)
-/* number of miliseconds, process will be suspended for multiplications of this quantum */
-#define QUANTUM (10000)
-/*Strings used in tests*/
-/*name of existing user group on test device like "tel_gprs"*/
-#define EXISTING_GROUP_NAME "telephony_makecall"
-/*below labels should not be used in the system*/
-#define M60_OBJECT_LABEL "tc060MeasurerLabel"
-#define M60_SUBJECT_LABEL "tc060Subject"
-#define M70_OBJECT_LABEL "tc070MeasurerLabel"
-#define M70_SUBJECT_LABEL "tc070Subject"
-#define M160_CUSTOMER_LABEL "my_customer_label"
-#define M170_OBJECT_LABEL "myObject"
-
-namespace {
-void securityClientEnableLogSystem(void) {
- DPL::Log::LogSystemSingleton::Instance().SetTag("SEC_SRV_API_SPEED");
-}
-}
-
-/** Store statistics from a set of function calls
-*/
-struct readwrite_stats
-{
- timeval current_start_time; /*of last API call*/
- timeval current_end_time; /*of last API call*/
- int number_of_calls; /*till now*/
- double total_duration; /*of all API calls*/
- double average_duration;
- double minimal_duration; /*minimum of averages*/
- double maximal_duration; /*maximum of averages*/
-};
-
-/*Auxiliary functions*/
-
-/**Sleep for the given time
- @param seconds
- @param nanoseconds
- @return 0 on success, -1 on error if process woken earlier
-*/
-int my_nanosecsleep(long nanoseconds) {
- timespec sleep_spec;
- sleep_spec.tv_sec = 0;
- sleep_spec.tv_nsec = nanoseconds;
- return nanosleep(&sleep_spec, nullptr);
-}
-
-/**Read from pipe descriptor to buffer; retries if less than count bytes were read.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes read
- @return number of bytes read (count)
-*/
-int my_pipe_read(int fd, void *buf, size_t count) {
- ssize_t readf = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 < (s = TEMP_FAILURE_RETRY(read(fd, ((char*)buf) + readf, rest))),
- "Error in read from pipe");
- rest -= s;
- readf += s;
- }
- return readf;
-}
-
-/**Write from buffer to a pipe ; retries if less than count bytes were written.
- @param fd descriptor
- @param buf start of buffer
- @param count number of bytes to write
- @return number of bytes written (count)
-*/
-int my_pipe_write(int fd, void *buf, size_t count) {
- ssize_t writef = 0;
- ssize_t rest = count;
- ssize_t s;
- while (rest > 0) {
- RUNNER_ASSERT_ERRNO_MSG(0 <= (s = TEMP_FAILURE_RETRY(write(fd, ((char*)buf) + writef, rest))),
- "Error in write to pipe");
- rest -= s;
- writef += s;
- }
- return writef;
-}
-
-
-/** Check whether there was connection error during function call (Security Server API) based on exit code
- @param result_code the exit code of a function
- @return -1 if the function result code indicated network error, 0 otherwise
-*/
-int communication_succeeded(int result_code) {
- switch(result_code)
- {
- case SECURITY_SERVER_API_ERROR_NO_SUCH_SERVICE:
- case SECURITY_SERVER_API_ERROR_SOCKET:
- case SECURITY_SERVER_API_ERROR_BAD_REQUEST:
- case SECURITY_SERVER_API_ERROR_BAD_RESPONSE:
- return -1;
- default:
- return 0;
- }
-}
-
-/** Returns current system time (wrapper for standard system function)
- @return current system time
-*/
-timeval my_gettime() {
- timeval t;
- int res = gettimeofday(&t, nullptr);
- RUNNER_ASSERT_ERRNO_MSG(res == 0, "gettimeofday() returned error value: " << res);
- return t;
-}
-
-/** Return a difference between two times (wrapper for standard system function)
- @param time t1
- @param time t2
- @return t1 - t2
-*/
-timeval my_timersub(timeval t1, timeval t2) {
- timeval result;
- timersub(&t1, &t2, &result);
- return result;
-}
-
-double timeval_to_microsecs(timeval t) {
- return ((double)t.tv_sec * (double)MICROSECS_PER_SEC) + ((double)t.tv_usec);
-}
-
-/** Initialize statistics at the beginning of a TEST_CASE
- @param stats [in/out] statistics to be initialized
-*/
-void initialize_stats(readwrite_stats *stats) {
- stats->number_of_calls = 0;
- stats->total_duration = 0.0;
- stats->average_duration = 0.0;
- stats->minimal_duration = DBL_MAX;
- stats->maximal_duration = 0.0;
-}
-
-/** Save time at the beginning of a RUN
- @param stats [in/out] statistics
-*/
-void start_stats_update(readwrite_stats *stats) {
- stats->current_start_time = my_gettime();
- //LogDebug("start_stats_update at: %ld.%06ld\n", stats->current_start_time.tv_sec, stats->current_start_time.tv_usec);
-}
-
-/** Save time at the end of a RUN and updates the statistics (current_end_time, number_of_calls, total_duration, minimal_duration, maximal_duration)
- @param stats [in/out] statistics
-*/
-void end_stats_update(readwrite_stats *stats) {
- stats->current_end_time = my_gettime();
- double current_duration = timeval_to_microsecs(my_timersub(stats->current_end_time, stats->current_start_time));
- stats->total_duration += current_duration;
- stats->number_of_calls += 1;
- if (current_duration < stats->minimal_duration)
- (stats->minimal_duration) = current_duration;
- if (current_duration > stats->maximal_duration)
- (stats->maximal_duration) = current_duration;
-}
-
-/** Updates the statistics (average_duration, number_of_new_calls, total_duration, minimal_duration, maximal_duration)
- Function is used instead of start_stats_update and end_stats_update (e.g when current_duration and number_of_new_calls are reported by child process.
- @param stats [in/out] statistics
- @param number_of_new_calls number of function calls in the RUN
- @param current_duration (total) of number_of_new calls
-*/
-void stats_update(readwrite_stats *stats, int number_of_new_calls, double current_duration) {
- if (number_of_new_calls > 0) {
- double current_average = (double)current_duration / (double)number_of_new_calls;
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- stats->total_duration += current_duration;
- stats->number_of_calls += number_of_new_calls;
- if (current_average < stats->minimal_duration)
- (stats->minimal_duration) = current_average;
- if (current_average > stats->maximal_duration)
- (stats->maximal_duration) = current_average;
- }
- else
- LogDebug("stats_update called after zero successful function calls \n");
-}
-
-/** Calculate the average time and calculates statistics taken by a single function call.
- Called at the end of a TEST_CASE.
- @param stats [in/out] statistics
- @param function_name of the function called in tests (to be printed)
-*/
-void finish_stats(readwrite_stats *stats, const char* function_name) {
- if ((stats->number_of_calls) > 0) {
- stats->average_duration = (double)((stats->total_duration) / (stats->number_of_calls));
- printf("The approx (min, max, avg) execution times for function:\n%s are: \n---(%'.2fus, %'.2fus, %'.2fus)\n", function_name, stats->minimal_duration, stats->maximal_duration, stats->average_duration);
- }
- else
- LogDebug("No function call succeeded\n");
-}
-
-/*TEST CASES*/
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_API_SPEED_MEASURER)
-
-/*
- * test: Tests the tests
- * expected: The minimum shall be about (QUANTUM) = 10^-2s = 10000 us, max about (NUMBER_OF_CALLS*QUANTUM) = 5*10^-2s = 50000us, avg (average) about (0.5*NUMBER_OF_CALLS+1*QUANTUM)=3*10^-2s = 30000us. Max is no more than 50% bigger than minimum.
- */
-RUNNER_TEST(m000_security_server_test_the_tests) {
- int ret;
- readwrite_stats stats;
- double expected_min_min = QUANTUM;
- double expected_min_max = 1.5 * expected_min_min;
- double expected_avarage_min = (((double)(NUMBER_OF_CALLS + 1)) / 2.0) * expected_min_min;
- double expected_avarage_max = 1.5 * expected_avarage_min;
- double expected_max_min = ((double)(NUMBER_OF_CALLS)) * expected_min_min;
- double expected_max_max = 1.5 * expected_max_min;
- initialize_stats(&stats);
- for (int i=0; i < NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = my_nanosecsleep((long) ((i+1)*QUANTUM*1000));
- RUNNER_ASSERT_MSG(ret == 0, "system sleep function returned premature wake-up; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "my_nanosecsleep");
- RUNNER_ASSERT_MSG((stats.average_duration>expected_avarage_min) && (stats.average_duration<expected_avarage_max), "Avarage time is suspicious - check the issue; stats.average_duration=" << stats.average_duration);
- RUNNER_ASSERT_MSG((stats.minimal_duration>expected_min_min) && (stats.minimal_duration<expected_min_max), "Minimal time is suspicious - check the issue; stats.minimal_duration=" << stats.minimal_duration);
- RUNNER_ASSERT_MSG((stats.maximal_duration>expected_max_min) && (stats.maximal_duration<expected_max_max), "Maximal time is suspicious - check the issue; stats.maximal_duration=" << stats.maximal_duration);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m010_security_server_security_server_get_gid) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_gid(EXISTING_GROUP_NAME);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_gid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m030_security_server_request_cookie) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- * Create new processes and measures times of first calls of security_server_request_cookie in them
- *
- */
-RUNNER_MULTIPROCESS_TEST(m031_security_server_request_cookie_first_time_only) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- readwrite_stats stats;
-
- int pipefd[2];
- int cpid;
- int number_of_calls;
- double duration_of_calls;
- /*initialize pipes - one pipe for one child process*/
- RUNNER_ASSERT_ERRNO_MSG(0 == pipe(pipefd), "error in pipe");
- initialize_stats(&stats);
- for (int i = 0; i < NUMBER_OF_CALLS; i++) {
- RUNNER_ASSERT_ERRNO_MSG(-1 != (cpid = fork()), "error in fork #i = " << i);
- if (cpid == 0) { /* Child*/
- close(pipefd[0]); /* Close unused read end */
- timeval start_time;
- timeval end_time;
- start_time = my_gettime();
- ret = security_server_request_cookie(cookie, cookie_size);
- end_time = my_gettime();
- if (communication_succeeded(ret) == 0) {
- number_of_calls = 1;
- duration_of_calls = timeval_to_microsecs(my_timersub(end_time, start_time));
-
- } else
- {
- number_of_calls = 0;
- duration_of_calls = 0.0;
- }
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in write number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_write(pipefd[1], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in write duration of calls to pipe");
- close(pipefd[1]);
- exit(EXIT_SUCCESS);
- } else
- { /* Parent */
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &number_of_calls, sizeof(number_of_calls)) == sizeof(number_of_calls), "error in read number of calls to pipe");
- RUNNER_ASSERT_MSG(my_pipe_read(pipefd[0], &duration_of_calls, sizeof(duration_of_calls)) == sizeof(duration_of_calls), "error in read duration of calls to pipe");
-
- RUNNER_ASSERT_MSG(number_of_calls > 0, "commmunication error");
- stats_update(&stats, number_of_calls, duration_of_calls);
- }
- /*parent*/
- }
- close(pipefd[1]); /* Close parent descriptors */
- close(pipefd[0]);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m040_security_server_get_cookie_size) {
- size_t cookie_size;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(cookie_size > 0, "cookie_size = " << cookie_size);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_get_cookie_size");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m050_security_server_check_privilege) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char *existing_group_name = EXISTING_GROUP_NAME;
- size_t cookie_size;
- int call_gid;
- // we use existing group name for the measurment, however this is not neccessary
- call_gid = security_server_get_gid(existing_group_name);
- cookie_size = security_server_get_cookie_size();
- char recved_cookie[cookie_size];
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege(recved_cookie, (gid_t)call_gid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege");
-}
-
-void testSecurityServerCheckPrivilegeByCookie(bool smack) {
- const char *object_label = M60_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M60_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- RUNNER_ASSERT_MSG(0 == (ret = smack_set_label_for_self(subject_label)),
- "Error in smack_set_label_for_self(); ret = " << ret);
- }
-
- Cookie cookie = getCookieFromSS();
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights);
- else
- ret = security_server_check_privilege_by_cookie(
- cookie.data(),
- object_label,
- access_rights_ext);
-
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_TEST_SMACK(m060_security_server_check_privilege_by_cookie_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(true);
-}
-
-RUNNER_TEST_NOSMACK(m060_security_server_check_privilege_by_cookie_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeByCookie(false);
-}
-
-void testSecurityServerCheckPrivilegeBySockfd(bool smack) {
- const char *object_label = M70_OBJECT_LABEL;
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = M70_SUBJECT_LABEL;
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
-
- if (smack) {
- SmackAccess smackAccess;
- smackAccess.add(subject_label, object_label, access_rights);
- smackAccess.apply();
- }
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- if (smack)
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- close(csockfd);
- exit(EXIT_SUCCESS);
- //end child
- } else {
- //parent
- sleep(2);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- /*odd(i) - ask for possessed privileges, even(i) ask for not possessed privileges */
- if (i%2)
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- else
- ret = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
-
- finish_stats(&stats, "check_privilege_by_sockfd");
- }
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-
-RUNNER_MULTIPROCESS_TEST_SMACK(m070_security_server_check_privilege_by_sockfd_smack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(true);
-}
-
-RUNNER_MULTIPROCESS_TEST_NOSMACK(m070_security_server_check_privilege_by_sockfd_nosmack) {
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- testSecurityServerCheckPrivilegeBySockfd(false);
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m080_security_server_get_cookie_pid) {
- int ret;
- size_t cookie_size;
- cookie_size = security_server_get_cookie_size();
- char cookie[cookie_size];
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "security_server_request_cookie failed; ret = " << ret);
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_request_cookie");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m090_security_server_is_pwd_valid) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_is_pwd_valid");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m100_security_server_set_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd("this_is_current_pwd", "this_is_new_pwd", 20, 365);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m110_security_server_set_pwd_validity) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_validity");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m120_security_server_set_pwd_max_challenge) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_max_challenge(3);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_max_challenge");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m130_security_server_reset_pwd) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_reset_pwd("apud", 1, 2);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_reset_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m140_security_server_chk_pwd) {
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_chk_pwd("is_this_password", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_chk_pwd");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m150_security_server_set_pwd_history) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_set_pwd_history");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m160_security_server_app_give_access) {
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- const char* customer_label = M160_CUSTOMER_LABEL;
- int customer_pid = getpid();
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_app_give_access(customer_label, customer_pid);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_app_give_access");
-}
-
-/*
- * measurer: Fails only on connection error.
- */
-RUNNER_TEST(m170_security_server_check_privilege_by_pid) {
-
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- readwrite_stats stats;
- initialize_stats(&stats);
- int pid = getpid();
- const char *object = M170_OBJECT_LABEL;
- const char *access_rights = "rw";
- for (int i = 1; i <= NUMBER_OF_CALLS; i++) {
- start_stats_update(&stats);
- ret = security_server_check_privilege_by_pid(pid, object, access_rights);
- RUNNER_ASSERT_MSG(communication_succeeded(ret) == 0, "commmunication error; ret = " << ret);
- end_stats_update(&stats);
- }
- finish_stats(&stats, "security_server_check_privilege_by_pid");
-}
-
-
-int main(int argc, char *argv[])
-{
- securityClientEnableLogSystem();
- DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_mockup.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief All mockups required in security-server tests.
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <security-server.h>
-
-#include <dpl/log/log.h>
-
-#define SECURITY_SERVER_TEST_SOCK_PATH "/tmp/.security_server_sock_mockup"
-
-/* Create a Unix domain socket and bind */
-int create_new_socket()
-{
- int localsockfd = -1, flags;
- struct sockaddr_un serveraddr;
- mode_t sock_mode;
-
- if (-1 == remove(SECURITY_SERVER_TEST_SOCK_PATH)) {
- LogDebug("Unable to remove " << SECURITY_SERVER_TEST_SOCK_PATH);
- }
-
- /* Create Unix domain socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- localsockfd = -1;
- LogDebug("Socket creation failed");
- goto error;
- }
-
- /* Make socket as non blocking */
- if ((flags = fcntl(localsockfd, F_GETFL, 0)) < 0 ||
- fcntl(localsockfd, F_SETFL, flags) < 0)
- {
- close(localsockfd);
- localsockfd = -1;
- LogDebug("Cannot go to nonblocking mode");
- goto error;
- }
-
- bzero (&serveraddr, sizeof(serveraddr));
- serveraddr.sun_family = AF_UNIX;
- strncpy(serveraddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH,
- strlen(SECURITY_SERVER_TEST_SOCK_PATH) + 1);
-
- /* Bind the socket */
- if ((bind(localsockfd, (struct sockaddr*)&serveraddr, sizeof(serveraddr))) < 0)
- {
- LogDebug("Cannot bind");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-
- /* Change permission to accept all processes that has different uID/gID */
- sock_mode = (S_IRWXU | S_IRWXG | S_IRWXO);
-
- /* Flawfinder hits this chmod function as level 5 CRITICAL as race condition flaw *
- * * Flawfinder recommends to user fchmod insted of chmod
- * * But, fchmod doesn't work on socket file so there is no other choice at this point */
- if (chmod(SECURITY_SERVER_TEST_SOCK_PATH, sock_mode) < 0) /* Flawfinder: ignore */
- {
- LogDebug("chmod() error");
- close(localsockfd);
- localsockfd = -1;
- goto error;
- }
-error:
- return localsockfd;
-}
-
-int connect_to_testserver()
-{
- struct sockaddr_un clientaddr;
- int client_len = 0, localsockfd;
-
- /* Create a socket */
- if ((localsockfd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
- {
- LogDebug("Error on socket. Errno: " << errno);
- return -1;
- }
-
- bzero(&clientaddr, sizeof(clientaddr));
- clientaddr.sun_family = AF_UNIX;
- strncpy(clientaddr.sun_path, SECURITY_SERVER_TEST_SOCK_PATH, strlen(SECURITY_SERVER_TEST_SOCK_PATH));
- clientaddr.sun_path[strlen(SECURITY_SERVER_TEST_SOCK_PATH)] = 0;
- client_len = sizeof(clientaddr);
- if (connect(localsockfd, (struct sockaddr*)&clientaddr, client_len) < 0)
- {
- LogDebug("Error on connect. Errno: " << errno);
- close(localsockfd);
- return -1;
- }
- return localsockfd;
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.0
- * @brief Mockups.
- */
-
-#ifndef _SS_CLIENT_SERVER_
-#define _SS_CLIENT_SERVER_
-
-int create_new_socket();
-int connect_to_testserver();
-
-#endif
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_client_smack.cpp
- * @author Bartlomiej Grzelewski (b.grzelewski@samsung.com)
- * @version 1.1
- * @brief Test cases for security-server-client-smack.
- */
-
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include <sys/un.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <errno.h>
-
-#include <memory>
-#include <functional>
-
-#include <dpl/log/log.h>
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include "security_server_mockup.h"
-
-#include <security-server.h>
-#include <access_provider.h>
-#include "tests_common.h"
-#include <memory.h>
-
-#define PROPER_COOKIE_SIZE 20
-
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_CLIENT_SMACK)
-
-/*
- * test: tc04_security_server_get_gid
- * description: Checking for security_server_get_gid
- * with nonexisting gid and existing one
- * expected: security_server_get_gid should return
- * SECURITY_SERVER_ERROR_NO_SUCH_OBJECT with first call
- * and group id with second call
- */
-RUNNER_CHILD_TEST_SMACK(tc04_security_server_get_gid)
-{
- SecurityServer::AccessProvider provider("tc04mylabel");
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_get_gid("abc123xyz_pysiaczek");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT == ret, "Ret: " << ret);
- ret = security_server_get_gid("root");
- LogDebug("ret = " << ret);
- RUNNER_ASSERT_MSG(0 == ret, "Ret: " << ret);
-}
-
-/*
- * test: tc05_check_privilege_by_cookie
- * description: Function security_server_check_privilege_by_cookie should
- * return status of access rights of cookie owner. In this case cookie owner
- * is the same process that ask for the rights.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_CHILD_TEST_SMACK(tc05_check_privilege_by_cookie)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char *object_label = "tc05objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc05subjectlabel";
-
- SecurityServer::AccessProvider provider(subject_label);
- provider.allowSS();
- provider.addObjectRule(object_label, access_rights);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_request_cookie(cookie,20));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights));
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_check_privilege_by_cookie(
- cookie,
- object_label,
- access_rights_ext));
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc06_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc06objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc06subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- smack_accesses *handle;
- RUNNER_ASSERT(0 == smack_accesses_new(&handle));
- RUNNER_ASSERT(0 == smack_accesses_add(handle,
- subject_label,
- object_label,
- access_rights));
- RUNNER_ASSERT(0 == smack_accesses_apply(handle));
- smack_accesses_free(handle);
-
- int pid = fork();
- char *label;
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,"") == 0, "label is \"" << label << "\"");
- free(label);
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- usleep(500);
-
- close(csockfd);
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- RUNNER_ASSERT_MSG(strcmp(label,subject_label) == 0, "label is \"" << label << "\"" << ", subject_label is \"" << subject_label << "\"" );
- free(label);
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
- }
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, "result = " << result2);
-}
-
-/*
- * test: security_server_check_privilege_by_sockfd
- * description: This test will create dummy server that will accept connection
- * and die. The client will try to check access rights using connection descriptor.
- * Because we read a smack label not from socket directly, but from from pid of process
- * on the other end of socket - that's why smack label will be updated.
- * In this test client is running under root and server is not - to test the extreme case.
- * expected: Function call with access rights set to "r" should return SUCCESS,
- * with "rw" should return ACCESS DENIED.
- */
-RUNNER_MULTIPROCESS_TEST_SMACK(tc07_check_privilege_by_sockfd)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char *object_label = "tc07objectlabel";
- const char *access_rights = "r";
- const char *access_rights_ext = "rw";
- const char *subject_label = "tc07subjectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- SmackAccess access;
- access.add(subject_label, object_label, access_rights);
- access.apply();
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (0 == pid) {
- // child
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(subject_label), "child label " << subject_label << " not set");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
- int csockfd = TEMP_FAILURE_RETRY(accept(sockfd,(struct sockaddr*)&client_addr, &client_len));
- if (csockfd >= 0)
- close(csockfd);
- LogDebug("Exit!");
- exit(0);
- } else {
- // parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "connect_to_testserver() failed");
-
- result1 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights);
- result2 = security_server_check_privilege_by_sockfd(
- sockfd,
- object_label,
- access_rights_ext);
-
- close(sockfd);
-
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_ERROR_ACCESS_DENIED == result2, " result2 = " << result2);
- }
- }
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_security_server_get_gid_nosmack)
-{
- int ret;
-
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_get_gid("definitely_not_existing_object");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret = " << ret);
- ret = security_server_get_gid("root");
- RUNNER_ASSERT_MSG(ret == 0, "ret = " << ret);
-}
-
-/*
- * NOSMACK version of tc05 test.
- *
- * Correct behaviour of smack_accesses_apply and smack_set_label_for_self was checked by libsmack
- * tests. We assume, that those tests pass. Additionally security_server_check_privilege_by_cookie
- * should return SUCCESS no matter what access_rights we give to this function.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc05_check_privilege_by_cookie_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- char cookie[20];
- const char* object_label = "tc05objectlabel";
-
- RUNNER_ASSERT(security_server_request_cookie(cookie,20) == SECURITY_SERVER_API_SUCCESS);
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "r"));
-
- //On NOSMACK env security server should return success on any accesses, even those that are
- //incorrect.
- RUNNER_ASSERT(SECURITY_SERVER_API_SUCCESS ==
- security_server_check_privilege_by_cookie(cookie, object_label, "rw"));
-}
-
-/**
- * NOSMACK version of tc06 test.
- *
- * Differences between this and SMACK version (server):
- * - Skipped setting access_rights
- * - Skipped setting label for server
- * - get_smacklabel_sockfd is called only once for server, almost right after fork and creation
- * of socket (because it should do nothing when SMACK is off)
- * - After get_smacklabel_sockfd privileges are dropped and server is prepared to accept connections
- * from client
- *
- * For client the only difference are expected results from check_privilege_by_sockfd - both should
- * return SUCCESS.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc06_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc06objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- char* label;
- RUNNER_ASSERT_ERRNO(pid >= 0);
-
- int ret;
-
- if (pid == 0) { //child process - server
- //create new socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //check if get_smacklabel_sockfd works correctly
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "security_server_get_smacklabel_sockfd failed");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //if everything works, cleanup and return 0
- close(csockfd);
- exit(0);
- } else {
- //parent
- sleep(1);
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to connect to server.");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- label = security_server_get_smacklabel_sockfd(sockfd);
- RUNNER_ASSERT_MSG(label != nullptr, "get_smacklabel_sockfd failed.");
- ret = strcmp(label, "");
- free(label);
- RUNNER_ASSERT_MSG(ret == 0, "label is \"" << label << "\"");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
- }
-
- RUNNER_ASSERT_MSG(result1 == SECURITY_SERVER_API_SUCCESS, "result = " << result1);
- RUNNER_ASSERT_MSG(result2 == SECURITY_SERVER_API_SUCCESS, "result = " << result2);
-}
-
-/**
- * NOSMACK version of tc07 test.
- */
-RUNNER_MULTIPROCESS_TEST_NOSMACK(tc07_check_privilege_by_sockfd_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- const char* object_label = "tc07objectlabel";
-
- int result1 = -1;
- int result2 = -1;
-
- int pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) {
-
- pid = fork();
- RUNNER_ASSERT_ERRNO(-1 != pid);
-
- if (pid == 0) { //child process
- //Create socket
- int sockfd = create_new_socket();
- RUNNER_ASSERT_MSG(sockfd >= 0, "create_new_socket() failed");
-
- SockUniquePtr sockfd_ptr(&sockfd);
-
- //Drop privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Prepare for accepting
- RUNNER_ASSERT_ERRNO_MSG(listen(sockfd, 5) >= 0, "child listen failed");
-
- struct sockaddr_un client_addr;
- socklen_t client_len = sizeof(client_addr);
-
- //Accept connections
- int csockfd;
- RUNNER_ASSERT_ERRNO_MSG((csockfd = accept(sockfd,(struct sockaddr*)&client_addr, &client_len)) > 0,
- "child accept failed");
-
- //wait a little bit for parent to do it's job
- usleep(200);
-
- //cleanup and kill child
- close(csockfd);
- exit(0);
- } else { //parent process
- //Drop root privileges
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- //Wait for server to set up
- sleep(1);
-
- //Connect and check privileges
- int sockfd = connect_to_testserver();
- RUNNER_ASSERT_MSG(sockfd >= 0, "Failed to create socket fd.");
-
- result1 = security_server_check_privilege_by_sockfd(sockfd, object_label, "r");
- result2 = security_server_check_privilege_by_sockfd(sockfd, object_label, "rw");
-
- close(sockfd);
-
- //Both results (just like in the previous test case) should return success.
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result1, "result1 = " << result1);
- RUNNER_ASSERT_MSG(SECURITY_SERVER_API_SUCCESS == result2, "result2 = " << result2);
- }
- }
-}
-
-RUNNER_TEST_SMACK(tc18_security_server_get_smacklabel_cookie) {
- int res;
-
- char *label_smack = nullptr;
- char *label_ss = nullptr;
- char *cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size, "Wrong cookie size from security-server");
-
- cookie = (char*) calloc(cookie_size, 1);
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- res = security_server_request_cookie(cookie, cookie_size);
- if (res != SECURITY_SERVER_API_SUCCESS) {
- free(cookie);
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS, "Error in requesting cookie from security-server");
- }
-
- label_ss = security_server_get_smacklabel_cookie(cookie);
- free(cookie);
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
-
- std::string label_cookie(label_ss);
- free(label_ss);
-
- res = smack_new_label_from_self(&label_smack);
- if (res < 0) {
- free(label_smack);
- RUNNER_ASSERT_MSG(res == 0, "Error in getting self SMACK label");
- }
- std::string label_self(label_smack ? label_smack : "");
- free(label_smack);
-
- RUNNER_ASSERT_MSG(label_self == label_cookie, "No match in SMACK labels");
-
-
- //TODO: here could be label change using SMACK API and checking if it
- //is changed using security-server API function based on the same cookie
-}
-
-/**
- * NOSMACK version of tc_security_server_get_smacklabel_cookie test.
- *
- * Most of this test goes exactly as the original one. The only difference are the labels:
- * - We assume that libsmack tests passed and smack_new_label_from_self will return -1 and nullptr
- * label - there is no need to re-check it.
- * - Label acquired from security_server_get_smacklabel_cookie should be an empty string.
- */
-RUNNER_TEST_NOSMACK(tc18_security_server_get_smacklabel_cookie_nosmack) {
- int res;
-
- char* label_ss = nullptr;
- char* cookie = nullptr;
-
- int cookie_size = security_server_get_cookie_size();
- RUNNER_ASSERT_MSG(PROPER_COOKIE_SIZE == cookie_size,
- "Wrong cookie size from security-server. Size: " << cookie_size);
-
- cookie = (char*) calloc(cookie_size, sizeof(char));
- RUNNER_ASSERT_MSG(nullptr != cookie, "Memory allocation error");
-
- //Request cookie from SS
- res = security_server_request_cookie(cookie, cookie_size);
- CookieUniquePtr cookie_ptr(cookie);
- cookie = nullptr;
- RUNNER_ASSERT_MSG(res == SECURITY_SERVER_API_SUCCESS,
- "Error in requesting cookie from security-server. Result: " << res);
-
- label_ss = security_server_get_smacklabel_cookie(cookie_ptr.get());
- RUNNER_ASSERT_MSG(label_ss != nullptr, "Error in getting label by cookie");
-
- std::string label(label_ss);
- free(label_ss);
- RUNNER_ASSERT_MSG(label.empty(), "label_ss is not an empty string.");
-
-}
-
-////////////////////
-/////MAIN///////////
-////////////////////
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2011 Samsung Electronics Co., Ltd All Rights Reserved
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- * @file security_server_tests_mt.cpp
- * @author Krzysztof Jackiewicz (k.jackiewicz@samsung.com)
- * @version 1.0
- * @brief This test creates multiple processes that connect to security
- * server and perform random operations using its API. The purpose
- * of this test is to check if security-server crashes when under
- * heavy load. Test succeeds if all processes finish.
- */
-
-#include <dpl/log/log.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <security-server.h>
-#include <sys/wait.h>
-#include <random>
-#include <functional>
-#include <chrono>
-
-namespace {
-const size_t PROC_TOTAL = 1000; // total number of processes to spawn
-const size_t PROC_MAX = 10; // max number of processes working at the same time
-const size_t LOOPS = 50; // number of loop repeats
-
-std::default_random_engine generator(std::chrono::system_clock::now().time_since_epoch().count());
-
-// common function data
-struct Data {
- char *cookie; // not owned
-
- Data(char *c) : cookie(c) {}
-};
-
-
-// test functions
-void request_cookie(const Data&)
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
-}
-
-void check_privilege(const Data &d)
-{
- int ret = security_server_get_gid("audio");
- security_server_check_privilege(d.cookie, ret);
-}
-
-void check_privilege_by_cookie(const Data &d)
-{
- security_server_check_privilege_by_cookie(d.cookie, "label", "rwxat");
-}
-
-void get_cookie_pid(const Data &d)
-{
- security_server_get_cookie_pid(d.cookie);
-}
-
-void get_smack_label(const Data &d)
-{
- char *label = security_server_get_smacklabel_cookie(d.cookie);
- free(label);
-}
-
-void random_sleep(const Data&)
-{
- std::uniform_int_distribution<size_t> distribution(0,100);
- usleep(distribution(generator));
-}
-
-
-// list of test functions
-std::vector<std::function<void(const Data&)> > functions = {
- random_sleep,
- request_cookie,
- check_privilege,
- check_privilege_by_cookie,
- get_cookie_pid,
- get_smack_label
-};
-} // namespace
-
-// randomly calls test functions
-void security_server_magic()
-{
- char cookie[20];
- security_server_request_cookie(cookie, 20);
- Data d(cookie);
-
- // random loop number
- std::uniform_int_distribution<size_t> l_dist(0,LOOPS);
- size_t loops = l_dist(generator);
-
- // random function call
- std::uniform_int_distribution<size_t> distribution(0,functions.size() - 1);
- auto rnd = std::bind(distribution, generator);
- for (size_t i = 0; i < loops; ++i) {
- functions[rnd()](d);
- }
-}
-
-int main()
-{
- size_t current = 0;
- size_t spawned = 0;
- for (;;) {
- if (current >= PROC_MAX || spawned >= PROC_TOTAL) {
- int status;
- int ret = wait(&status);
-
- // all processes spawned, no more children to wait for
- if (spawned >= PROC_TOTAL && ret <= 0)
- break;
-
- current--;
- }
-
- // spawn predefined number of processes
- if (spawned < PROC_TOTAL) {
- pid_t pid = fork();
- if (pid == 0) {
- LogDebug("START " << spawned);
- security_server_magic();
- LogError("STOP " << spawned);
- exit(0);
- }
- else {
- //LogWarning("PID " << pid);
- spawned++;
- current++;
- }
- }
- }
- LogInfo("Finished");
- return 0;
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_password.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @author Radoslaw Bartosiak (r.bartosiak@samsung.com)
- * @author Jan Olszak (j.olszak@samsung.com)
- * @version 2.0
- * @brief Test cases for security server
- *
- * WARNING: In this file test order is very important. They have to always be run
- * in correct order. This is done by correct test case names ("tcXX_").
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-#include <dirent.h>
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <tests_common.h>
-#include <dlog.h>
-#include "security_server_clean_env.h"
-#include "security_server_tests_common.h"
-
-
-// the maximum time (in seconds) passwords can expire in
-const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
-
-// test passwords
-const char* TEST_PASSWORD = "IDLEPASS";
-const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
-const char* THIRD_TEST_PASSWORD = "THIRDPASS";
-const char* FOURTH_TEST_PASSWORD = "FOURTHPASS";
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD);
-
-struct SystemClock {
- SystemClock(time_t sft)
- : m_original(time(0))
- , m_shift(0)
- {
- shift(sft);
- }
-
- SystemClock()
- : m_original(time(0))
- , m_shift(0)
- {}
-
- void shift(time_t sft) {
- m_shift += sft;
- time_t shifted = m_original + m_shift;
- RUNNER_ASSERT_ERRNO(0 == stime(&shifted));
- }
-
- ~SystemClock() {
- if (std::uncaught_exception()) {
- stime(&m_original);
- return;
- }
-
- RUNNER_ASSERT_ERRNO(0 == stime(&m_original));
- }
-private:
- time_t m_original;
- time_t m_shift;
-};
-
-
-/**
- * Confirm there is no password before tests are run.
- */
-RUNNER_TEST(tc01_clear_environment)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0)
- {
- reset_security_server();
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
- }
- else
- {
- SLOGD("To run the test as non root user, please remove password files (/opt/data/security-server/*) in root shell\n");
- SLOGD("If not, you will see some failures\n");
-
- RUNNER_IGNORED_MSG("I'm not root");
- }
-}
-
-/**
- * Basic test of setting validity period.
- */
-RUNNER_TEST(tc02_security_server_set_pwd_validity)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Basic test of setting maximum number of password challenges.
- */
-RUNNER_TEST(tc03_security_server_set_pwd_max_challenge)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TESTS:
- // WITHOUT password
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-
- // WITH password
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Test checking a too long password.
- */
-RUNNER_TEST(tc04_security_server_chk_pwd_too_long_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // 33 char password
- ret = security_server_chk_pwd("abcdefghijklmnopqrstuvwxyz0123456", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test various parameter values when checking a password.
- */
-RUNNER_TEST(tc05_security_server_chk_pwd_null_input_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- ret = security_server_chk_pwd(nullptr, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", nullptr, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, nullptr, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_chk_pwd("password", &attempt, &max_attempt, nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check the given password when no password is set.
- */
-RUNNER_TEST(tc06_security_server_chk_pwd_no_password_case)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment - there is no password now!
- reset_security_server();
-
- // TEST
- ret = security_server_chk_pwd("isthisempty", &attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(expire_sec == 0, expire_sec);
- RUNNER_ASSERT_MSG(max_attempt == 0, max_attempt);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret = " << ret);
-}
-
-/**
- * Checks various parameter values.
- */
-RUNNER_TEST(tc07_security_server_set_pwd_null_input_case)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, nullptr, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Test setting too long password.
- */
-RUNNER_TEST(tc08_security_server_set_pwd_too_long_input_param)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- // 33 char password
- ret = security_server_set_pwd("abcdefghijklmnopqrstuvwxyz0123456", "abcdefghijklmnopqrstuvwxyz0123456", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Basic password setting.
- */
-RUNNER_TEST(tc09_security_server_set_pwd_current_pwd_empty)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password period.
- */
-RUNNER_TEST(tc10_security_server_set_pwd_current_pwd_max_valid_period_in_days)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // UINT_MAX will cause api error, it is to big value
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set a maximum password challenge number.
- */
-RUNNER_TEST(tc11_security_server_set_pwd_current_pwd_max_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, UINT_MAX, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Set empty password.
- */
-RUNNER_TEST(tc12_security_server_set_pwd_current_pwd_nonempty2zero)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, "", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Change password to a too long password.
- */
-RUNNER_TEST(tc14_security_server_set_pwd_current_pwd_too_long_input_param)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- std::string lng_pwd(5000, 'A');
- ret = security_server_set_pwd(TEST_PASSWORD,lng_pwd.c_str(), 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check empty password.
- */
-RUNNER_TEST(tc15_security_server_chk_pwd_empty_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Various validity parameter values.
- */
-RUNNER_TEST(tc16_security_server_set_pwd_validity)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_set_pwd_validity(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //When trying to set UINT_MAX we should get error.
- ret = security_server_set_pwd_validity(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_validity(2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check passwords validity
- */
-RUNNER_TEST(tc17_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 2);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST:
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec > 172795) && (expire_sec < 172805), "expire_sec = " << expire_sec);
-}
-
-/**
- * Various numbers of challenges.
- */
-RUNNER_TEST(tc18_security_server_set_pwd_max_challenge)
-{
- int ret;
- // Prepare environment
- reset_security_server();
- // calculate max applicable valid days that will not be rejected by ss
- // ensure, that after conversion from days to seconds in ss there will be no uint overflow
- unsigned int valid_days = ((UINT_MAX - time(nullptr)) / 86400) - 1;
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, valid_days);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(UINT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-/**
- * Check the max number of challenges.
- */
-RUNNER_TEST(tc19_security_server_is_pwd_valid)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_max_challenge(6);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 6, "max_attempt = " << max_attempt);
-}
-
-/**
- * Basic password check.
- */
-RUNNER_TEST(tc20_security_server_chk_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password.
- */
-RUNNER_TEST(tc21_security_server_chk_incorrect_pwd)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Check an incorrect password
- */
-RUNNER_TEST(tc22_security_server_set_pwd_incorrect_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Change password
- */
-RUNNER_TEST(tc23_security_server_set_pwd_correct_current)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check wrong password multiple times and then check a correct one.
- */
-RUNNER_TEST(tc24_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("5 subtests started...");
- for (i = 1; i <= 5; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == 0, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == 10, "ret = " << ret);
-}
-
-/**
- * Try to exceed maximum number of challenges.
- */
-RUNNER_TEST(tc25_security_server_attempt_exceeding)
-{
- int ret;
- unsigned int i, attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- printf("10 subtests started...");
- for (i = 1; i <= 10; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
- }
-
- // The check, that exceeds max number
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc26_security_server_reset_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_reset_pwd(TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check too long password.
- */
-RUNNER_TEST(tc27_security_server_chk_pwd_too_long_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- std::string lng_pwd(5000, 'A');
- ret = security_server_chk_pwd(lng_pwd.c_str(), &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/**
- * Check passwords expiration (not expired)
- */
-RUNNER_TEST(tc28_security_server_check_expiration)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((expire_sec < 86402) && (expire_sec > 86396), "expire_sec = " << ret);
-}
-
-/**
- * Use various parameter values of parameters.
- */
-RUNNER_TEST(tc29_security_server_set_pwd_history)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 5, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TESTS
- ret = security_server_set_pwd_history(100);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(51);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(-5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(50);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MAX);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(INT_MIN);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-
-
-int dir_filter(const struct dirent *entry)
-{
- if ((strcmp(entry->d_name, ".") == 0) ||
- (strcmp(entry->d_name, "..") == 0) ||
- (strcmp(entry->d_name, "attempts") == 0) ||
- (strcmp(entry->d_name, "history") == 0))
- return (0);
- else
- return (1);
-}
-
-void clean_password_dir(void)
-{
- int ret;
- int i;
- struct dirent **mydirent;
-
- ret = scandir("/opt/data/security-server", &mydirent, &dir_filter, alphasort);
- i = ret;
- while (i--)
- free(mydirent[i]);
- free(mydirent);
-}
-
-
-/**
- * Check password history.
- */
-RUNNER_TEST(tc30_security_server_check_history)
-{
- int ret;
- int i;
- char buf1[33], buf2[33];
-
- // Prepare environment
- reset_security_server();
-
- clean_password_dir();
-
- ret = security_server_set_pwd_history(9);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd("history0", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("11 subtests started...");
- for (i = 0; i < 11; i++) {
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history11", "history1", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history8", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("history1", "history12", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- printf("48 subtests started...");
- for (i = 12; i < 60; i++) {
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- sprintf(buf1, "history%d", i);
- sprintf(buf2, "history%d", i + 1);
-
- ret = security_server_set_pwd(buf1, buf2, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- }
- printf("DONE\n");
-
- clean_password_dir();
-}
-
-/**
- * Replay attack
- */
-RUNNER_TEST(tc31_security_server_replay_attack)
-{
- int ret;
- int i = 0;
- unsigned int attempt, max_attempt, expire_sec;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
-
- while (ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER) {
- i += 100000;
-
- ret = security_server_chk_pwd("quickquickquick", &attempt, &max_attempt, &expire_sec);
- usleep(i);
- }
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Expired password
- */
-RUNNER_TEST(tc32_security_server_challenge_on_expired_password)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
- struct timeval cur_time;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 4, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = gettimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- cur_time.tv_sec += (expire_sec + 1);
- ret = settimeofday(&cur_time, nullptr);
- RUNNER_ASSERT_ERRNO(ret != -1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
-}
-
-/**
- * Reset password
- */
-RUNNER_TEST(tc33_security_server_reset_by_null_pwd)
-{
- int ret;
-
- // Prepare environment
- reset_security_server();
-
- // TEST
- ret = security_server_reset_pwd(nullptr, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret = " << ret);
-}
-
-/*
- * Use this instead of security_server_chk_pwd directly to verify the function output.
- * For example:
- * verify_chk_pwd("password", SECURITY_SERVER_API_SUCCESS, 2, 5, "debug string")
- */
-void verify_chk_pwd (
- const char* challenge,
- int expected_result,
- unsigned int expected_current_attempt,
- unsigned int expected_max_attempt,
- const std::string &info = std::string())
-{
- /* ensure that initial values differ from expected ones */
- unsigned int attempt = expected_current_attempt - 1;
- unsigned int max_attempt = expected_max_attempt - 1;
- unsigned int expire_sec = PASSWORD_INFINITE_EXPIRATION_TIME - 1;
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
-
- // validate returned value
- RUNNER_ASSERT_MSG(ret == expected_result,
- info << "security_server_chk_pwd returned "
- << ret << " (expected: " << expected_result << ")");
-
- // validate current attempts value
- RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
- info << "security_server_chk_pwd returned attempt = " << attempt <<
- " (expected: " << expected_current_attempt << ")");
-
- // validate max attempt value
- RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
- info << "security_server_chk_pwd returned max_attempt = " << max_attempt <<
- " (expected: " << expected_max_attempt << ")");
-
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- info << "security_server_chk_pwd returned expire_sec = " << expire_sec <<
- " (expected: " << PASSWORD_INFINITE_EXPIRATION_TIME << ")");
-}
-
-/**
- * Reach last attempt few times in a row (before exceeding max_attempt).
- */
-RUNNER_TEST(tc34_security_server_max_attempts)
-{
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // change max attempts number few times
- std::vector<unsigned int> max_challenge_tab = {1, 4, 2};
-
- for (size_t pass = 0; pass < max_challenge_tab.size(); ++pass) {
- unsigned int max_challenges = max_challenge_tab[pass];
-
- ret = security_server_set_pwd_max_challenge(max_challenges);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // max_challenges-1 wrong password attempts
- for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt_nr,
- max_challenges,
- std::string("pass = ") + std::to_string(pass) +
- ", attempt = " + std::to_string(attempt_nr));
-
- // Check correct password finally
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- max_challenges, max_challenges);
- }
-}
-
-/**
- * Decrease 'max challenge' number after several missed attempts.
- */
-RUNNER_TEST(tc35_security_server_decrease_max_attempts)
-{
- const unsigned int max_challenge_more = 10;
- const unsigned int max_challenge_less = 5;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge_more, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
- verify_chk_pwd(SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge_more,
- std::string("attempt = ") + std::to_string(attempt));
-
- // lower max_challenge
- ret = security_server_set_pwd_max_challenge(max_challenge_less);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password - should pass (curr attempts is reset)
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less);
-
- // remove max attempts limit
- ret = security_server_set_pwd_max_challenge(0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // try valid password again - should pass
- verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-
- // try to change the password - should pass
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // validate new password
- verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0);
-}
-
-/**
- * Change password few times and challenge previous passwords - checks if security_server_set_pwd
- * works as it should.
- */
-RUNNER_TEST(tc36_security_server_challenge_previous_passwords)
-{
- const int history_depth = 5;
- const unsigned int max_challenge = 3;
- std::string prev_pass, new_pass = TEST_PASSWORD;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- for (int depth = 0; depth < history_depth; ++depth) {
- prev_pass = new_pass;
-
- //generate password name
- new_pass = "history" + std::to_string(depth+1);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(prev_pass.c_str(), new_pass.c_str(), max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // challenge initial password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
-
- // challenge previous password
- verify_chk_pwd(
- prev_pass.c_str(),
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 2,
- max_challenge,
- std::string("depth = ") + std::to_string(depth));
- }
-}
-
-/**
- * Challenge correct and incorrect passwords, check security_server_chk_pwd output.
- * This test simulates user's behaviour - challenges valid and invalid passwords
- * in various combinations.
- */
-RUNNER_TEST(tc37_security_server_challenge_mixed)
-{
- // Prepare environment
- reset_security_server();
-
- const unsigned int max_challenge = 2;
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 2x correct pwd - verify that 'cuurrent attempt' isn't increased
- for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // Ensure that challenging valid password resets 'cuurrent attempt' value.
- // If it didn't, the test would fail in third loop pass.
- for (unsigned int i = 0; i < max_challenge + 1; ++i) {
- // incorrect pwd
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct pwd
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 2,
- max_challenge,
- std::string("i = ") + std::to_string(i));
- }
-
- // incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
- // any further attempts (even correct) are blocked
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-
- // correct - refused
- for (unsigned int i = 1; i <= max_challenge; ++i)
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
- max_challenge + i,
- max_challenge,
- std::string("i = ") + std::to_string(i));
-}
-
-/*
- * Pasword change mixed with history depth change.
- */
-RUNNER_TEST(tc38_security_server_history_depth_change)
-{
- int ret;
- const int initial_history_depth = 2;
- const int decreased_history_depth = 1;
- const int increased_history_depth = 3;
-
- // Prepare environment
- reset_security_server();
-
- ret = security_server_set_pwd_history(initial_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 1st should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Lower history depth. At this point SS should treat THIRD_TEST_PASSWORD as current pwd,
- * and SECOND_TEST_PASSWORD as a part of history.
- */
- ret = security_server_set_pwd_history(decreased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- /*
- * Increase history depth to 3. At this point SS should remember TEST_PASSWORD
- * and THIRD_TEST_PASSWORD only.
- */
- ret = security_server_set_pwd_history(increased_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // 3rd and TEST_PASSWORD remembered => 2nd should be accepted
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // TEST_PASSWORD, 2nd and 3rd remembered => 3rd should be refused
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-}
-
-/**
- * Challenge invalid password, reset server and check if 'current attempts' is restored.
- */
-RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset)
-{
- unsigned int attempt, max_attempt, expire_sec;
- const unsigned int max_challenge = 10;
- const unsigned int invalid_attempts_num = 3;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, max_challenge, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // missed attempts
- for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt,
- max_challenge);
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
- RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
- expire_sec);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // challenge invalid password
- verify_chk_pwd(
- SECOND_TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- invalid_attempts_num + 1,
- max_challenge);
-
- // challenge valid password
- verify_chk_pwd(
- TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- invalid_attempts_num + 2,
- max_challenge);
-}
-
-/**
- * Validate passwords history after security server reset.
- */
-RUNNER_TEST(tc40_security_server_history_check_after_reset)
-{
- const unsigned int history_depth = 2;
-
- // Prepare environment
- reset_security_server();
-
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, FOURTH_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- // restart server - triggers loading password data from file
- restart_security_server();
-
- // try to reuse history passwords
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(FOURTH_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-/**
- * Check if SS has correct behaviour when changing history depth to 0.
- */
-RUNNER_TEST(tc41_security_server_empty_history_check)
-{
- const unsigned int history_depth = 2;
- const unsigned int empty_history_depth = 0;
-
- //prepare environment
- reset_security_server();
-
- //set new history count
- int ret = security_server_set_pwd_history(history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //set new password and fill history
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(SECOND_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that everything went OK - try setting something that would cause reuse error
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
-
- //reset history limit to no history at all
- ret = security_server_set_pwd_history(empty_history_depth);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //make sure, that current password still exists in memory
- //expected attempt 3 because our previous tries increased attempt counter
- verify_chk_pwd(
- THIRD_TEST_PASSWORD,
- SECURITY_SERVER_API_SUCCESS,
- 3,
- 0);
-
- //make sure that it's possible to reuse old password once history limit is set to 0
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //once again try setting earlier used passwords - now API should return success
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(THIRD_TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc42_security_server_set_new_pwd_with_current_empty)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //try setting different password and giving nullptr as current once again
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc43_security_server_no_retry_timeout_is_pwd_valid)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
-}
-
-RUNNER_TEST(tc44_security_server_retry_timeout_chk_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- unsigned int attempt, max_attempt, expire_sec;
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_chk_pwd(TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc45_security_server_retry_timeout_set_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
- ret = security_server_set_pwd(TEST_PASSWORD, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_RETRY_TIMER, "ret = " << ret);
-}
-
-RUNNER_TEST(tc46_security_server_no_retry_timeout_set_pwd_validity)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_validity(11);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc47_security_server_no_retry_timeout_reset_pwd)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_reset_pwd(TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc48_security_server_no_retry_timeout_pwd_history)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_history(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc49_security_server_no_retry_timeout_set_pwd_max_challenge)
-{
- //prepare environment
- reset_security_server();
-
- //set a password
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- //do test
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-}
-
-RUNNER_TEST(tc50_security_server_set_pwd_current_pwd_with_infinite_expiration_time)
-{
- int ret;
- unsigned int attempt, max_attempt, expire_sec;
-
- // Prepare environment
- reset_security_server();
- ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 10, 10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- // Assert security server sets infinite expiration time
- ret = security_server_set_pwd(TEST_PASSWORD, SECOND_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
-
- ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
- RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME,
- "invalid expiration time " << expire_sec);
-
- clean_password_dir();
-}
-
-RUNNER_TEST(tc51_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 1);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-
-
- SystemClock clock(60*60*24*2);
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0),
- "ret = " << ret << " atempt=" << attempt << " maxAttempt=" << maxAttempt
- << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc52_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG((ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST) && (validSec == 0xffffffff), "ret = " << ret <<
- " atempt=" << attempt << " maxAttempt=" << maxAttempt << " validSec=" << validSec);
-}
-
-RUNNER_TEST(tc53_security_server_is_pwd_valid)
-{
- reset_security_server();
-
- int ret = security_server_set_pwd(nullptr, TEST_PASSWORD, 0, 3);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
-
- unsigned int attempt, maxAttempt, validSec;
- attempt = maxAttempt = validSec = 0;
-
- // password shoudl be valid for 3 days == (60*60*24*3) 259200 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 259000) && (validSec < 260000), "validSec = " << validSec);
-
- SystemClock clock;
- clock.shift(-60*60*24); // one day back
-
- // password should be valid for 4 days == (60*60*24*4) 345600 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 345000) && (validSec < 346000), "validSec = " << validSec);
-
- clock.shift(-60*60*24*2); // 3 days back
-
- // password shoudl be valid for 6 days == (60*60*24*6) 518400 seconds
- ret = security_server_is_pwd_valid(&attempt, &maxAttempt, &validSec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
- RUNNER_ASSERT_MSG((validSec > 518000) && (validSec < 519000), "validSec = " << validSec);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-#include <dpl/test/test_runner.h>
-
-#include <libprivilege-control_test_common.h>
-
-#include <security-server.h>
-#include <privilege-control.h>
-
-const char *SSTP_APP_ID = "sstp_test_app";
-const char *SSTP_OTHER_LABEL = "sstp_test_other_label";
-
-const char *SSTP_PERMS[] = {
- "sstp_test_rules1",
- "sstp_test_rules2",
- nullptr
-};
-
-const char *SSTP_PERMS1[] = {
- SSTP_PERMS[0],
- nullptr
-};
-
-const char *SSTP_PERMS2[] = {
- SSTP_PERMS[1],
- nullptr
-};
-
-void check_security_server_app_has_privilege(const char *app_label,
- const char *permission,
- int is_enabled_expected)
-{
- int result;
- int is_enabled;
-
- result = security_server_app_has_privilege(app_label, APP_TYPE_WGT, permission, &is_enabled);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error calling security_server_app_has_privilege. Result: " << result);
-
- RUNNER_ASSERT_MSG(is_enabled == is_enabled_expected,
- "Result of security_server_app_has_privilege should be: " << is_enabled_expected);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PRIVILEGE);
-
-RUNNER_TEST(sstp_01_security_server_app_has_privilege)
-{
- int result;
-
- DB_BEGIN
-
- result = perm_app_uninstall(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error uninstalling app. Result" << result);
-
- result = perm_app_install(SSTP_APP_ID);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error installing app. Result" << result);
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_enable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2, false);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error registering app r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 1);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS1);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 1);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-
- DB_BEGIN
-
- result = perm_app_disable_permissions(SSTP_APP_ID, APP_TYPE_WGT, SSTP_PERMS2);
- RUNNER_ASSERT_MSG(result == PC_OPERATION_SUCCESS,
- "Error disabling app r and no r permissions. Result: " << result);
-
- DB_END
-
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(USER_APP_ID, SSTP_PERMS[1], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[0], 0);
- check_security_server_app_has_privilege(SSTP_OTHER_LABEL, SSTP_PERMS[1], 0);
-}
-
-int main(int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_stress.cpp
- * @author Pawel Polawski (p.polawski@partner.samsung.com)
- * @version 1.0
- * @brief Test cases for security server stress tests
- *
- */
-
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_multiprocess.h>
-#include <tests_common.h>
-#include <iostream>
-#include <sys/smack.h>
-#include <cstddef>
-#include <thread>
-#include <mutex>
-#include <string>
-#include <sys/types.h>
-#include <unistd.h>
-#include "security-server.h"
-#include <memory.h>
-
-std::mutex g_mutex;
-std::mutex g_msgMutex;
-size_t g_successes = 0;
-
-//number of threads
-const size_t g_threadsNumber = 5;
-
-//environment setup
-const std::string g_subject("woda");
-const std::string g_object("wiadro");
-const std::string g_rule("rwx");
-
-//for storing errors
-std::string g_errors;
-
-
-void appendError(const std::string &message)
-{
- std::lock_guard<std::mutex> lock(g_msgMutex);
- g_errors += message;
- g_errors += "\n";
-}
-
-void cookie_api_thread_function(bool isSmack)
-{
- /*
- Tested API functions:
-
- int security_server_get_cookie_size(void);
- int security_server_request_cookie(char *cookie, size_t bufferSize);
- int security_server_check_privilege(const char *cookie, gid_t privilege);
- int security_server_check_privilege_by_cookie(const char *cookie,
- const char *object,
- const char *access_rights);
- int security_server_get_cookie_pid(const char *cookie);
- char *security_server_get_smacklabel_cookie(const char *cookie);
- */
-
- int ret;
- size_t COOKIE_SIZE;
-
- //security_server_get_cookie_size()
- COOKIE_SIZE = security_server_get_cookie_size();
- if (COOKIE_SIZE != 20) {
- appendError("Error in security_server_get_cookie_size(): " + std::to_string(COOKIE_SIZE));
- return;
- }
-
- //security_server_request_cookie()
- std::vector<char> cookie(COOKIE_SIZE);
- ret = security_server_request_cookie(cookie.data(), COOKIE_SIZE);
- if (ret < 0) {
- appendError("Error in security_server_request_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege()
- ret = security_server_check_privilege(cookie.data(), 0);
- if (ret < 0) {
- appendError("Error in security_server_check_privilege(): " + std::to_string(ret));
- return;
- }
-
- //security_server_check_privilege_by_cookie()
- ret = security_server_check_privilege_by_cookie(cookie.data(), g_object.data(), g_rule.data());
- if (ret < 0) {
- appendError("Error in security_server_check_privilege_by_cookie(): " + std::to_string(ret));
- return;
- }
-
- //security_server_get_cookie_pid
- ret = security_server_get_cookie_pid(cookie.data());
- if (ret < 0) {
- appendError("Error in security_server_get_cookie_pid(): " + std::to_string(ret));
- return;
- }
-
- if (isSmack) {
- //security_server_get_smacklabel_cookie()
- char *tmp = security_server_get_smacklabel_cookie(cookie.data());
- std::string labelFromCookie(tmp ? tmp : "");
- free(tmp);
- if (labelFromCookie.size() == 0) {
- appendError("Error in security_server_get_smacklabel_cookie(): " + labelFromCookie);
- return;
- }
-
- char *labelFromSelfTmp = nullptr;
- ret = smack_new_label_from_self(&labelFromSelfTmp);
- if (ret < 0) {
- appendError("Error in smack_new_label_from_self(): " + std::to_string(ret));
- return;
- }
-
- std::string labelFromSelf(labelFromSelfTmp ? labelFromSelfTmp : "");
- free(labelFromSelfTmp);
- if (labelFromSelf != labelFromCookie) {
- appendError("Error in comparing SMACK label: " + std::to_string(ret));
- return;
- }
- }
-
- std::lock_guard<std::mutex> lock(g_mutex);
- ++g_successes;
-}
-
-void testFunction(bool isSmack)
-{
- std::vector<std::thread> threadsVector;
-
- if (isSmack) {
- //preapre environment
- int ret = smack_set_label_for_self(g_subject.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_set_label_for_self()");
-
- struct smack_accesses *rulesRaw = nullptr;
- ret = smack_accesses_new(&rulesRaw);
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_new()");
- SmackAccessesPtr rules(rulesRaw);
- ret = smack_accesses_add(rules.get(), g_subject.data(), g_object.data(), g_rule.data());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_add()");
- ret = smack_accesses_apply(rules.get());
- RUNNER_ASSERT_MSG(ret == 0, "Error in smack_accesses_apply()");
- }
-
- //spawning threads
- for (size_t i = 0 ; i < g_threadsNumber; ++i)
- threadsVector.push_back(std::thread(cookie_api_thread_function, isSmack));
-
- //waiting for threads end
- for (auto itr = threadsVector.begin(); itr != threadsVector.end(); ++itr)
- itr->join();
-}
-
-
-RUNNER_TEST_GROUP_INIT(stress_tests)
-
-RUNNER_CHILD_TEST_SMACK(tc_stress_cookie_api_smack)
-{
- testFunction(true);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc_stress_cookie_api_no_smack)
-{
- testFunction(false);
-
- RUNNER_ASSERT_MSG(g_successes == g_threadsNumber,
- "Not all threads exit with success: "
- << g_successes << "/ " << g_threadsNumber
- << std::endl << "Errors:" << std::endl << g_errors);
-}
-
-
-
-int main (int argc, char *argv[])
-{
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
-
+++ /dev/null
-/*
- * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_server.cpp
- * @author Bumjin Im (bj.im@samsung.com)
- * @author Mariusz Domanski (m.domanski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- */
-
-#include <stdio.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <sys/param.h>
-#include <fcntl.h>
-#include <sys/un.h>
-#include <unistd.h>
-#include <poll.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/smack.h>
-#include <sys/wait.h>
-#include "security-server.h"
-#include "security_server_clean_env.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/test/test_runner_child.h>
-#include <dlog.h>
-#include <privilege-control.h>
-#include <ftw.h>
-#include "security_server_tests_common.h"
-#include "tests_common.h"
-#include <smack_access.h>
-#include <access_provider.h>
-
-const char *TEST03_SUBJECT = "subject_0f09f7cc";
-const char *TEST04_SUBJECT = "subject_57dfbfc5";
-const char *TEST07_SUBJECT = "subject_cd738844";
-const char *TEST08_SUBJECT = "subject_fd84ba7f";
-
-void clear_password()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
- RUNNER_ASSERT(expire_sec == 0);
- RUNNER_ASSERT(max_attempt == 0);
- RUNNER_ASSERT(attempt == 0);
-
- sleep(1);
-}
-
-void check_API_passwd(bool smack) {
- int ret = -1;
- int err, err_is_pwd_valid;
- unsigned int attempt, max_attempt, expire_sec;
-
- err = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_SUCCESS;
- err_is_pwd_valid = smack ? SECURITY_SERVER_API_ERROR_ACCESS_DENIED : SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
- attempt = max_attempt = expire_sec = 0;
-
- if (smack) {
- SecurityServer::AccessProvider privider(TEST04_SUBJECT);
- privider.applyAndSwithToUser(APP_UID, APP_GID);
- } else {
- RUNNER_ASSERT_MSG((ret = drop_root_privileges()) == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
- }
-
- ret = security_server_set_pwd_validity(APP_UID);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_validity has failed,"
- " ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_max_challenge has failed,"
- " ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err_is_pwd_valid,
- "security_server_is_pwd_valid should return password exist,"
- " ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd("12345", "12346", 0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd has failed, ret: " << ret);
-
- ret = security_server_reset_pwd("12346",0, 0);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_reset_pwd has failed, ret: " << ret);
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12346", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_chk_pwd has failed, ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == err,
- "security_server_set_pwd_history has failed, ret: " << ret);
-}
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_SERVER);
-
-RUNNER_TEST(tc_security_server_get_gid_normal_case_trying_to_get_gid_of_tel_gprs)
-{
- RUNNER_ASSERT(security_server_get_gid("tel_gprs") >= 0);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_empty_object_name)
-{
- RUNNER_ASSERT(security_server_get_gid("") == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-RUNNER_TEST(tc_security_server_get_gid_wrong_object_name_teltel)
-{
- RUNNER_ASSERT(security_server_get_gid("teltel") == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc01a_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- SecurityServer::AccessProvider provider(object);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- security_server_app_give_access(subject, getpid());
-
- RUNNER_ASSERT(1 == smack_have_access(subject, object, "rwxat"));
-}
-
-/*
- * Currently we are NOT revoking any permissions given by
- * security_server_app_give_access function
- */
-/*RUNNER_TEST(tc01b_security_server_app_give_access)
-{
- const char *subject = "abc345v34sfa";
- const char *object = "efg678x2lkjz";
-
- // After part A thread from security-server will be notified about
- // process end and revoke permissions. We need to give him some
- // time.
- sleep(1);
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r----"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "-w---"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "--x--"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "---a-"));
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "----t"));
-}*/
-
-RUNNER_CHILD_TEST_SMACK(tc01c_security_server_app_give_access_no_access)
-{
- const char *subject = "xxx45v34sfa";
- const char *object = "yyy78x2lkjz";
-
- SmackAccess smack;
- smack.add(subject, object, "-----");
- smack.apply();
-
- RUNNER_ASSERT_MSG(0 == smack_set_label_for_self(object), "Error in smack_label_for_self");
-
- RUNNER_ASSERT_MSG(drop_root_privileges() == 0, "uid = " << getuid());
-
- RUNNER_ASSERT(SECURITY_SERVER_API_ERROR_ACCESS_DENIED ==
- security_server_app_give_access(subject, getpid()));
-
- RUNNER_ASSERT(0 == smack_have_access(subject, object, "r"));
-}
-
-RUNNER_TEST_SMACK(tc02_check_privilege_by_pid)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_SUCCESS);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT(ret != SECURITY_SERVER_API_SUCCESS);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc03_check_API_passwd_allow)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password();
-
- SecurityServer::AccessProvider provider(TEST03_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc04_check_API_passwd_denied)
-{
- check_API_passwd(true);
-}
-
-RUNNER_CHILD_TEST_NOSMACK(tc04_check_API_app_user_passwd_allow_nosmack)
-{
- check_API_passwd(false);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc07_check_API_data_share_allow)
-{
- SecurityServer::AccessProvider provider(TEST07_SUBJECT);
- provider.allowSS();
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-}
-
-RUNNER_CHILD_TEST_SMACK(tc08_check_API_data_share_denied)
-{
- SecurityServer::AccessProvider provider(TEST08_SUBJECT);
- provider.applyAndSwithToUser(APP_UID, APP_GID);
-
- int ret = security_server_app_give_access(TEST08_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED,
- "security_server_app_give_access should return access denied,"
- " ret: " << ret);
-}
-
-//////////////////////////////////////////
-/////////NOSMACK ENV TESTS////////////////
-//////////////////////////////////////////
-
-/**
- * NOSMACK version of tc01a and tc01c tests.
- *
- * SMACK is turned off - that means for us, that we don't need any accesses added to our process
- * in SMACK before dropping root privileges. This test drops root privileges, calls
- * security_server_app_give_access and then checks if smack_have_access returns error (because
- * SMACK is off).
- *
- * security_server_app_give_access shouldn't return anything else than success when SMACK is off,
- * hence there is only one test that replaces tests tc01a and tc01c.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc01_security_server_app_give_access_nosmack)
-{
- const char* subject = "abc345v34sfa";
- const char* object = "efg678x2lkjz";
- int result = 0;
-
- result = drop_root_privileges();
- RUNNER_ASSERT_MSG(result == 0,
- "Failed to drop root privileges. Result: " << result << "uid = " << getuid());
-
- result = security_server_app_give_access(subject, getpid());
- RUNNER_ASSERT_MSG(result == SECURITY_SERVER_API_SUCCESS,
- "Error in security_server_app_give_access. Result: " << result);
-
- result = smack_have_access(subject, object, "rwxat");
- RUNNER_ASSERT_MSG(result == -1,
- "smack_have_access should return error when SMACK is off. Result: " << result);
-}
-
-/**
- * NOSMACK version of tc02 test.
- *
- * check_privilege_by_pid should always return success when SMACK is off, no matter if label is
- * real or not.
- */
-RUNNER_TEST_NOSMACK(tc02_check_privilege_by_pid_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_pid is temporarily disabled: always returns success");
- int ret;
- int pid;
-
- pid = getpid();
-
- //we checking existing rule, it should return positive
- ret = security_server_check_privilege_by_pid(pid, "_", "rx");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for existing label failed. Result: " << ret);
-
- //we checking rule with label that not exist
- ret = security_server_check_privilege_by_pid(pid, "thislabelisnotreal", "rwxat");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_pid for nonexisting label failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of clear_password function.
- *
- * Compared to SMACK version of this function, this one skips adding rules and setting label.
- */
-int clear_password_nosmack()
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- if (getuid() == 0) {
- reset_security_server();
-
- attempt = max_attempt = expire_sec = UINT_MAX;
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
-
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_faild should return no password error. Result: " << ret);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0.");
- RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0.");
- RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0.");
-
- return 0;
- }
- return -1;
-}
-
-/**
- * NOSMACK version of tc03 test.
- *
- * Just as tc01a/tc01c NOSMACK replacement, we don't need to do anything with SMACK because most
- * important functions will return errors (that is smack_accesses_apply/smack_have_access etc.).
- * First clear password, then drop privileges and proceed to regular testing.
- */
-
-RUNNER_CHILD_TEST_NOSMACK(tc03_check_API_passwd_allow_nosmack)
-{
- int ret = -1;
- unsigned int attempt, max_attempt, expire_sec;
-
- attempt = max_attempt = expire_sec = 0;
-
- clear_password_nosmack();
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_set_pwd_validity(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_validity should return no password error. Result: " << ret);
-
- ret = security_server_set_pwd_max_challenge(5);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "set_pwd_max_challenge should return no password error. Result: " << ret);
-
- ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD,
- "is_pwd_valid should return no password error. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_set_pwd(nullptr, "12345", 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd failed. Result: " << ret);
-
- ret = security_server_reset_pwd("12345",0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "reset_pwd failed. Result: " << ret);
-
- usleep(PASSWORD_RETRY_TIMEOUT_US);
- ret = security_server_chk_pwd("12345", &attempt, &max_attempt, &expire_sec);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "chk_pwd failed. Result: " << ret);
-
- ret = security_server_set_pwd_history(10);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "set_pwd_history failed. Result: " << ret);
-}
-
-/**
- * NOSMACK version of tc07 test.
- *
- * Similarily to previous tests - no need to set self label because SMACK is off. Just as
- * tc01a/tc01c replacement, security_server_app_give_access should return only success. Hence the
- * NOSMACK version of tc08 test is skipped.
- */
-RUNNER_CHILD_TEST_NOSMACK(tc07_check_API_data_share_allow_nosmack)
-{
- int ret = -1;
-
- // drop root privileges
- ret = drop_root_privileges();
- RUNNER_ASSERT_MSG(ret == 0,
- "Failed to drop root privileges. Result: " << ret << "uid = " << getuid());
-
- ret = security_server_app_give_access(TEST07_SUBJECT, getpid());
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "app_give_access failed. Result: " << ret);
-}
-
-int main(int argc, char *argv[]) {
- if (0 != getuid()) {
- printf("Error: %s must be executed by root\n", argv[0]);
- exit(1);
- }
- return DPL::Test::TestRunnerSingleton::Instance().ExecTestRunner(argc, argv);
-}
+++ /dev/null
-/*
- * Copyright (c) 2013 Samsung Electronics Co., Ltd All Rights Reserved
- */
-/*
- * @file security_server_tests_weird_arguments.cpp
- * @author Zbigniew Jasinski (z.jasinski@samsung.com)
- * @version 1.0
- * @brief Test cases for security server
- *
- */
-#include "tests_common.h"
-#include "security-server.h"
-#include <dpl/test/test_runner.h>
-#include <dpl/log/log.h>
-
-RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_WEIRD_ARGUMENTS);
-
-RUNNER_TEST(tc01_security_server_get_gid_weird_input_case)
-{
- int ret = 0;
- char weird[] = {static_cast <char> (0xe3), 0x79, static_cast <char> (0x82), 0x0};
-
- /* normal param case */
- ret = security_server_get_gid("tel_sim");
- RUNNER_ASSERT_MSG(ret > -1, "ret: " << ret);
-
- /* wrong param case */
- ret = security_server_get_gid("elephony_akecall");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* weird param case */
- ret = security_server_get_gid(weird);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_SUCH_OBJECT, "ret: " << ret);
-
- /* null param case */
- ret = security_server_get_gid(nullptr);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* param too long case */
- ret = security_server_get_gid("abcdefghijklmnopqrstuvwxyz01234");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* empty param case */
- ret = security_server_get_gid("");
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-/* from security_server_tests_server.cpp */
-
-RUNNER_TEST(tc03_security_server_request_cookie_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_request_cookie(cookie, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* buffer size too small case */
- cookie_size = 19;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_BUFFER_TOO_SMALL, "ret: " << ret);
-}
-
-RUNNER_TEST(tc04_security_server_check_privilege_weird_input_case)
-{
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();
- gid_t gid = DB_ALARM_GID;
-
- /* null cookie case */
- char *cookie = nullptr;
-
- ret = security_server_check_privilege(cookie, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- /* big gid case */
- gid = 70666;
-
- ret = security_server_check_privilege(cookie2, gid);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_ACCESS_DENIED, "ret: " << ret);
-}
-RUNNER_TEST(tc05_security_server_check_privilege_by_cookie_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_cookie is temporarily disabled: always returns success");
- int ret = 0;
- size_t cookie_size = security_server_get_cookie_size();;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* null cookie case */
- char *cookie = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null object case */
- char *object2 = nullptr;
- char cookie2[cookie_size];
-
- ret = security_server_request_cookie(cookie2, cookie_size);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret);
-
- ret = security_server_check_privilege_by_cookie(cookie2, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_cookie(cookie2, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST_SMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char *object = "telephony_makecall";
- const char *access_rights = "r";
-
- /* invalid sockfd case */
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
- sockfd = 0;
-
- /* null object case */
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-
- /* null access rights case */
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM, "ret: " << ret);
-}
-
-RUNNER_TEST(tc07_security_server_get_cookie_pid_weird_input_case)
-{
- int ret = 0;
- char *cookie = nullptr;
-
- ret = security_server_get_cookie_pid(cookie);
- RUNNER_ASSERT(ret == SECURITY_SERVER_API_ERROR_INPUT_PARAM);
-}
-
-///////////////////////////
-/////NOSMACK ENV TESTS/////
-///////////////////////////
-
-/**
- * NOSMACK version of tc06 test.
- *
- * security_server_check_privilege_by_sockfd at first checks if SMACK exists and then checks if
- * params are correct. Even with incorrect params we should expect SUCCESS instead of
- * ERROR_INPUT_PARAM.
- */
-
-RUNNER_TEST_NOSMACK(tc06_security_server_check_privilege_by_sockfd_weird_input_case_nosmack)
-{
- RUNNER_IGNORED_MSG("security_server_check_privilege_by_sockfd is temporarily disabled: always returns success");
- int ret = 0;
- int sockfd = -1;
- const char* object = "telephony_makecall";
- const char* access_rights = "r";
-
- //invalid sockfd case
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
- sockfd = 0;
-
- //null object case
- char *object2 = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object2, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-
- //null access rights case
- access_rights = nullptr;
- ret = security_server_check_privilege_by_sockfd(sockfd, object, access_rights);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS,
- "check_privilege_by_sockfd failed. Result: " << ret);
-}
-
echo
libprivilege-control-test "${@:2}"
;;
-"ss-clientsmack")
- echo "========================================================================="
- echo "SECURITY SERVER TEST CLIENT SMACK"
- echo
- security-server-tests-client-smack "${@:2}"
- ;;
-"ss-stress")
- echo "========================================================================="
- echo "SECURITY SERVER TEST STRESS"
- echo
- security-server-tests-stress "${@:2}"
- ;;
-"ss-server")
- echo "========================================================================="
- echo "SECURITY SERVER TEST SERVER"
- echo
- security-server-tests-server "${@:2}"
- ;;
-"ss-api-speed")
- echo "========================================================================="
- echo "SECURITY SERVER MEASURER SERVER"
- echo
- security-server-tests-api-speed "${@:2}"
- ;;
-"ss-password")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PASSWORD"
- echo
- security-server-tests-password "${@:2}"
- ;;
-"ss-privilege")
- echo "========================================================================="
- echo "SECURITY SERVER TEST PRIVILEGE"
- echo
- security-server-tests-privilege "${@:2}"
- ;;
"security-manager")
echo "========================================================================="
echo "SECURITY MANAGER TESTS"