From 604d1271b7a0cffc50f8faaabfeb4dbaea019cde Mon Sep 17 00:00:00 2001 From: Lukasz Kostyra Date: Mon, 2 Dec 2013 15:16:11 +0100 Subject: [PATCH] Add new constants to password service. Change infinite expiration time. [Issue#] SSDWSSP-700 [Feature/Bug] Add PASSWORD_INFINITE_EXPIRATION_TIME and PASSWORD_INFINITE_ATTEMPT_COUNT constant to password service. Change infinite expiration time. [Cause] Infinite expiration time and infinite attempt count were inputed directly to variables in multiple places. Other infinite expiration time [Solution] Constants were added for simplier switching between different infinite expiration times and infinite attempt counts. [Verification] Build, install, run tests. All should pass, except tests that treated infinite expiration time as 0 value. Change-Id: I49877154e97f57ac444dbc37924bb571f4fa3abe --- src/server/common/protocols.cpp | 5 ++++- src/server/common/protocols.h | 4 ++++ src/server/service/password-file.cpp | 13 ++++++++++--- src/server/service/password-file.h | 1 + src/server/service/password-manager.cpp | 14 +++++--------- 5 files changed, 24 insertions(+), 13 deletions(-) diff --git a/src/server/common/protocols.cpp b/src/server/common/protocols.cpp index 5c219ac..4f03c9f 100644 --- a/src/server/common/protocols.cpp +++ b/src/server/common/protocols.cpp @@ -58,8 +58,11 @@ const size_t COOKIE_SIZE = 20; const size_t MAX_PASSWORD_LEN = 32; const unsigned int MAX_PASSWORD_HISTORY = 50; +const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS = 0; +const time_t PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF; +const unsigned int PASSWORD_INFINITE_ATTEMPT_COUNT = 0; -const int SECURITY_SERVER_MAX_OBJ_NAME = 30; +const int SECURITY_SERVER_MAX_OBJ_NAME = 30; } // namespace SecurityServer diff --git a/src/server/common/protocols.h b/src/server/common/protocols.h index b9383ad..b663972 100644 --- a/src/server/common/protocols.h +++ b/src/server/common/protocols.h @@ -26,6 +26,7 @@ #define _SECURITY_SERVER_PROTOCOLS_ #include +#include namespace SecurityServer { @@ -76,6 +77,9 @@ enum class PasswordHdrs extern const size_t MAX_PASSWORD_LEN; extern const unsigned int MAX_PASSWORD_HISTORY; +extern const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS; +extern const time_t PASSWORD_INFINITE_EXPIRATION_TIME; +extern const unsigned int PASSWORD_INFINITE_ATTEMPT_COUNT; extern const int SECURITY_SERVER_MAX_OBJ_NAME; diff --git a/src/server/service/password-file.cpp b/src/server/service/password-file.cpp index 0cef500..e6b8c44 100644 --- a/src/server/service/password-file.cpp +++ b/src/server/service/password-file.cpp @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -67,7 +68,8 @@ namespace SecurityServer Serialization::Serialize(stream, m_password); } - PasswordFile::PasswordFile(): m_maxAttempt(0), m_historySize(0), m_expireTime(0), m_attempt(0) + PasswordFile::PasswordFile(): m_maxAttempt(PASSWORD_INFINITE_ATTEMPT_COUNT), m_historySize(0), + m_expireTime(PASSWORD_INFINITE_EXPIRATION_TIME), m_attempt(0) { // check if data directory exists // if not create it @@ -302,7 +304,7 @@ namespace SecurityServer time_t PasswordFile::getExpireTimeLeft() const { - if(m_expireTime > 0) + if(m_expireTime != PASSWORD_INFINITE_EXPIRATION_TIME) return (m_expireTime - time(NULL)); else return m_expireTime; @@ -311,7 +313,12 @@ namespace SecurityServer bool PasswordFile::checkExpiration() const { //return true if expired, else false - return ((m_expireTime != 0) && (time(NULL) > m_expireTime)); + return ((m_expireTime != PASSWORD_INFINITE_EXPIRATION_TIME) && (time(NULL) > m_expireTime)); + } + + bool PasswordFile::checkIfAttemptsExceeded() const + { + return ((m_maxAttempt != PASSWORD_INFINITE_ATTEMPT_COUNT) && (m_attempt >= m_maxAttempt)); } bool PasswordFile::isIgnorePeriod() const diff --git a/src/server/service/password-file.h b/src/server/service/password-file.h index 216b9ab..0386db9 100644 --- a/src/server/service/password-file.h +++ b/src/server/service/password-file.h @@ -65,6 +65,7 @@ namespace SecurityServer bool isPasswordReused(const std::string &password) const; bool checkExpiration() const; + bool checkIfAttemptsExceeded() const; bool isIgnorePeriod() const; private: diff --git a/src/server/service/password-manager.cpp b/src/server/service/password-manager.cpp index 23a4b14..be7fc60 100644 --- a/src/server/service/password-manager.cpp +++ b/src/server/service/password-manager.cpp @@ -40,9 +40,10 @@ namespace { bool calculateExpiredTime(unsigned int receivedDays, unsigned int &validSecs) { - validSecs = 0; + validSecs = SecurityServer::PASSWORD_INFINITE_EXPIRATION_TIME; - if(receivedDays == 0) + //when receivedDays means infinite expiration, return default validSecs value. + if(receivedDays == SecurityServer::PASSWORD_INFINITE_EXPIRATION_DAYS) return true; time_t curTime = time(NULL); @@ -54,10 +55,6 @@ namespace { validSecs = (curTime + (receivedDays * 86400)); return true; } - - //when receivedDays equal to zero, it means infinite password valid time - //if receivedDays is 0 return true, else return false (that is, an error) - return false; } } //namespace @@ -104,7 +101,7 @@ namespace SecurityServer maxAttempt = m_pwdFile.getMaxAttempt(); expirationTime = m_pwdFile.getExpireTimeLeft(); - if ((maxAttempt != 0) && (currentAttempt >= maxAttempt)) { + if (m_pwdFile.checkIfAttemptsExceeded()) { LogError("Too many tries."); return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED; } @@ -163,8 +160,7 @@ namespace SecurityServer } // check attempt - unsigned int maxAttempt = m_pwdFile.getMaxAttempt(); - if ((maxAttempt != 0) && (m_pwdFile.getAttempt() >= maxAttempt)) { + if (m_pwdFile.checkIfAttemptsExceeded()) { LogError("Too many attempts."); return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED; } -- 2.7.4