#include <dpl/test/test_runner.h>
#include <dlog.h>
#include "security_server_clean_env.h"
+#include <tracker.h>
// security server retry timeout in microseconds
const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000;
+// the maximum time (in seconds) passwords can expire in
+const unsigned int PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
+
// test passwords
const char* TEST_PASSWORD = "IDLEPASS";
const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS";
// TEST
printf("5 subtests started...");
- for (i = 0; i < 5; i++) {
+ for (i = 1; i <= 5; i++) {
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, attempt);
+ RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
}
printf("DONE\n");
// TEST
printf("10 subtests started...");
- for (i = 0; i < 10; i++) {
+ for (i = 1; i <= 10; i++) {
sleep(1);
ret = security_server_chk_pwd(SECOND_TEST_PASSWORD, &attempt, &max_attempt, &expire_sec);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, "ret = " << ret);
- RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt);
+ RUNNER_ASSERT_MSG(attempt == i, "attempt = " << attempt << ", expected " << i);
}
// The check, that exceeds max number
* For example:
* verify_chk_pwd(__LINE__, "password", SECURITY_SERVER_API_SUCCESS, 2, 5, 10000, "debug string")
*/
-void verify_chk_pwd(int line_num, const char* challenge, int expected_result,
- unsigned int expected_current_attempt, unsigned int expected_max_attempt,
- unsigned int expected_valid_secs, const char* debug_str = "")
+void verify_chk_pwd_basic(
+ const char* challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ unsigned int expected_valid_secs,
+ const Tracker &tracker = Tracker())
{
/* ensure that initial values differ from expected ones */
unsigned int attempt = expected_current_attempt - 1;
int ret = security_server_chk_pwd(challenge, &attempt, &max_attempt, &expire_sec);
// validate returned value
- RUNNER_ASSERT_MSG(ret == expected_result, "[line " << line_num << "] "
- "security_server_chk_pwd returned "
- << ret << " (expected: " << expected_result << ") " << debug_str);
+ RUNNER_ASSERT_MSG(ret == expected_result,
+ tracker.str() <<
+ "security_server_chk_pwd returned "
+ << ret << " (expected: " << expected_result << ")");
// validate current attempts value
- RUNNER_ASSERT_MSG(attempt == expected_current_attempt, "[line " << line_num << "] "
- "security_server_chk_pwd returned attempt = " << attempt <<
- " (expected: " << expected_current_attempt << ") " << debug_str);
+ RUNNER_ASSERT_MSG(attempt == expected_current_attempt,
+ tracker.str() <<
+ "security_server_chk_pwd returned attempt = " << attempt <<
+ " (expected: " << expected_current_attempt << ")");
// validate max attempt value
- RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt, "[line " << line_num << "] "
- "security_server_chk_pwd returned max_attempt = " << max_attempt <<
- " (expected: " << expected_max_attempt << ") " << debug_str);
+ RUNNER_ASSERT_MSG(max_attempt == expected_max_attempt,
+ tracker.str() <<
+ "security_server_chk_pwd returned max_attempt = " << max_attempt <<
+ " (expected: " << expected_max_attempt << ")");
// validate expire seconds
- RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs, "[line " << line_num << "] "
- "security_server_chk_pwd returned expire_sec = " << expire_sec <<
- " (expected: " << expected_valid_secs << ") " << debug_str);
+ if (expected_valid_secs == PASSWORD_INFINITE_EXPIRATION_TIME) {
+ RUNNER_ASSERT_MSG(expire_sec == expected_valid_secs,
+ tracker.str() <<
+ "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: " << expected_valid_secs << ")");
+ } else {
+ // because of sleeps in test code we need to check period of time.
+ unsigned int begin = expected_valid_secs > 5 ? expected_valid_secs - 5 : 0;
+ unsigned int end = expected_valid_secs + 5;
+
+ RUNNER_ASSERT_MSG(expire_sec >= begin && expire_sec <= end,
+ tracker.str() <<
+ "security_server_chk_pwd returned expire_sec = " << expire_sec <<
+ " (expected: <" << begin << "," << end << ")");
+ }
+}
+
+/* This function is required because we cannot use default value in expected_valid_secs in
+ * verify_chk_pwd_basic and define Tracker at the same time. */
+void verify_chk_pwd(
+ const char *challenge,
+ int expected_result,
+ unsigned int expected_current_attempt,
+ unsigned int expected_max_attempt,
+ const Tracker &tracker = Tracker())
+{
+ verify_chk_pwd_basic(
+ challenge,
+ expected_result,
+ expected_current_attempt,
+ expected_max_attempt,
+ PASSWORD_INFINITE_EXPIRATION_TIME,
+ tracker);
}
+
/**
* Reach last attempt few times in a row (before exceeding max_attempt).
*/
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// max_challenges-1 wrong password attempts
- for (unsigned int attempt_nr = 0; attempt_nr < max_challenges - 1; ++attempt_nr)
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
+ for (unsigned int attempt_nr = 1; attempt_nr < max_challenges; ++attempt_nr)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt_nr, max_challenges, 0,
- std::string("pass = " + std::to_string(pass) +
- ", attempt = " + std::to_string(attempt_nr)).c_str());
+ attempt_nr,
+ max_challenges,
+ TRACE_FROM_HERE_MSG(
+ std::string("pass = " + std::to_string(pass) +
+ ", attempt = " + std::to_string(attempt_nr))));
// Check correct password finally
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- max_challenges - 1, max_challenges, 0);
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
+ max_challenges, max_challenges, TRACE_FROM_HERE);
}
}
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// missed attempts
- for (unsigned int attempt = 0; attempt < max_challenge_more; ++attempt)
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD,
+ for (unsigned int attempt = 1; attempt <= max_challenge_more; ++attempt)
+ verify_chk_pwd(SECOND_TEST_PASSWORD,
SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt, max_challenge_more, 0,
- std::string("attempt = " + std::to_string(attempt)).c_str());
+ attempt,
+ max_challenge_more,
+ TRACE_FROM_HERE_MSG(
+ std::string("attempt = " + std::to_string(attempt))));
// lower max_challenge
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// try valid password - should pass (curr attempts is reset)
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- 0, max_challenge_less, 0);
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, max_challenge_less,
+ TRACE_FROM_HERE);
// remove max attempts limit
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// try valid password again - should pass
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
+ verify_chk_pwd(TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
// try to change the password - should pass
usleep(PASSWORD_RETRY_TIMEOUT_US);
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// validate new password
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 0, 0, 0);
+ verify_chk_pwd(SECOND_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 1, 0, TRACE_FROM_HERE);
}
/**
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// challenge initial password
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 0, max_challenge, 0,
- std::string("depth = " + std::to_string(depth)).c_str());
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth))));
// challenge previous password
- verify_chk_pwd(__LINE__, prev_pass.c_str(), SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 1, max_challenge, 0,
- std::string("depth = " + std::to_string(depth)).c_str());
+ verify_chk_pwd(
+ prev_pass.c_str(),
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("depth = " + std::to_string(depth)).c_str()));
}
}
// 2x correct pwd - verify that 'cuurrent attempt' isn't increased
for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- 0, max_challenge, 0,
- std::string("i = " + std::to_string(i)).c_str());
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
// Ensure that challenging valid password resets 'cuurrent attempt' value.
// If it didn't, the test would fail in third loop pass.
for (unsigned int i = 0; i < max_challenge + 1; ++i) {
// incorrect pwd
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- 0, max_challenge, 0,
- std::string("i = " + std::to_string(i)).c_str());
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ 1,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
// correct pwd
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS,
- 1, max_challenge, 0,
- std::string("i = " + std::to_string(i)).c_str());
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 2,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
}
// incorrect pwd 2x - 'cuurrent attempt' reaches max_challenge -
// any further attempts (even correct) are blocked
- for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- i, max_challenge, 0,
- std::string("i = " + std::to_string(i)).c_str());
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
// correct - refused
- for (unsigned int i = 0; i < max_challenge; ++i)
- verify_chk_pwd(__LINE__, TEST_PASSWORD,
- SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
- 2, max_challenge, 0,
- std::string("i = " + std::to_string(i)).c_str());
+ for (unsigned int i = 1; i <= max_challenge; ++i)
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED,
+ max_challenge + i,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("i = " + std::to_string(i))));
}
/*
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
// missed attempts
- for (unsigned int attempt = 0; attempt < invalid_attempts_num; ++attempt)
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- attempt, max_challenge, 0,
- std::string("attempt = " + std::to_string(attempt)).c_str());
+ for (unsigned int attempt = 1; attempt <= invalid_attempts_num; ++attempt)
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ attempt,
+ max_challenge,
+ TRACE_FROM_HERE_MSG(
+ std::string("attempt = " + std::to_string(attempt))));
usleep(PASSWORD_RETRY_TIMEOUT_US);
attempt = max_attempt = expire_sec = UINT_MAX;
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_EXIST, "ret = " << ret);
RUNNER_ASSERT_MSG(max_attempt == max_challenge, "max_attempt = " << max_attempt);
RUNNER_ASSERT_MSG(attempt == invalid_attempts_num, "attempt = " << attempt);
- RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec);
+ RUNNER_ASSERT_MSG(expire_sec == PASSWORD_INFINITE_EXPIRATION_TIME, "expire_sec = " <<
+ expire_sec);
// restart server - triggers loading password data from file
restart_security_server();
// challenge invalid password
- verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
- invalid_attempts_num, max_challenge, 0);
+ verify_chk_pwd(
+ SECOND_TEST_PASSWORD,
+ SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH,
+ invalid_attempts_num + 1,
+ max_challenge,
+ TRACE_FROM_HERE);
// challenge valid password
- verify_chk_pwd(__LINE__, TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, invalid_attempts_num+1,
- max_challenge, 0);
+ verify_chk_pwd(
+ TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ invalid_attempts_num + 2,
+ max_challenge,
+ TRACE_FROM_HERE);
}
/**
RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
//make sure, that current password still exists in memory
- //expected attempt 2 because our previous tries increased attempt counter
- verify_chk_pwd(__LINE__, THIRD_TEST_PASSWORD, SECURITY_SERVER_API_SUCCESS, 2, 0, 0);
-
- //we also shouldn't be able to set the same password - it's a part of history after all
+ //expected attempt 3 because our previous tries increased attempt counter
+ verify_chk_pwd(
+ THIRD_TEST_PASSWORD,
+ SECURITY_SERVER_API_SUCCESS,
+ 3,
+ 0,
+ TRACE_FROM_HERE);
+
+ //make sure that it's possible to reuse old password once history limit is set to 0
usleep(PASSWORD_RETRY_TIMEOUT_US);
ret = security_server_set_pwd(THIRD_TEST_PASSWORD, THIRD_TEST_PASSWORD, 0, 0);
- RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_PASSWORD_REUSED, "ret = " << ret);
+ RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret = " << ret);
//once again try setting earlier used passwords - now API should return success
usleep(PASSWORD_RETRY_TIMEOUT_US);
projects / platform / core / test / security-tests.git / commitdiff