From c74ff9402309a947096392d777dd02523515de5b Mon Sep 17 00:00:00 2001 From: Michal Witanowski Date: Wed, 13 Nov 2013 15:55:16 +0100 Subject: [PATCH] Fix tc03_check_API_passwd_allow [Issue#] SSDWSSP-559 [Bug/Feature] tc03_check_API_passwd_allow was failing randomly. [Cause] SS needed to be restarted after clearing opt/data/security-server/ folder. [Solution] Fix bugs and adapt the test case to the new security server in both smack and non-smack test versions. Additionally, reset_security_server() has beed moved to security_server_clean_env.cpp. [Verification] Build, install and run the test case. Change-Id: I38dbe9d2ea3c18f491b40817422ed922942fd831 --- tests/security-server-tests/CMakeLists.txt | 1 + .../security_server_clean_env.cpp | 39 ++++++++++++++++++++ .../security_server_clean_env.h | 1 + .../security_server_tests_password.cpp | 17 --------- .../security_server_tests_server.cpp | 42 +++++----------------- 5 files changed, 49 insertions(+), 51 deletions(-) diff --git a/tests/security-server-tests/CMakeLists.txt b/tests/security-server-tests/CMakeLists.txt index 6dfd6dd..34860a5 100644 --- a/tests/security-server-tests/CMakeLists.txt +++ b/tests/security-server-tests/CMakeLists.txt @@ -56,6 +56,7 @@ SET(SEC_SRV_TC_SERVER_SOURCES ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_cookie_api.cpp ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_tests_weird_arguments.cpp ${PROJECT_SOURCE_DIR}/tests/security-server-tests/common/security_server_tests_common.cpp + ${PROJECT_SOURCE_DIR}/tests/security-server-tests/security_server_clean_env.cpp ) SET(SEC_SRV_PWD_SOURCES diff --git a/tests/security-server-tests/security_server_clean_env.cpp b/tests/security-server-tests/security_server_clean_env.cpp index f2b6ac1..b2b52e0 100644 --- a/tests/security-server-tests/security_server_clean_env.cpp +++ b/tests/security-server-tests/security_server_clean_env.cpp @@ -16,6 +16,11 @@ #include #include #include +#include + + +// sleep time (in seconds) after security server restart +const unsigned int SLEEP_AFTER_RESART = 1; // DBus definitions #define DBUS_SYSTEMD_NAME "org.freedesktop.systemd1" @@ -133,5 +138,39 @@ int restart_security_server() dbus_message_unref(msg); dbus_connection_unref(conn); + sleep(SLEEP_AFTER_RESART); + return 0; +} + + +static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/, + int tflag, struct FTW *ftwbuf) +{ + if (tflag == FTW_F) + unlink(fpath); + else if (tflag == FTW_DP && ftwbuf->level != 0) + rmdir(fpath); + + return 0; +} + +/** + * This function should be called at the begining of every SS test, so all the tests + * are independent of each other. + */ +int reset_security_server() +{ + const char* path = "/opt/data/security-server/"; + const int max_descriptors = 10; //max number of open file descriptors by nftw function + + // Clear /opt/data/security-server/ directory + if (access(path, F_OK) == 0) { + if (nftw(path, &nftw_rmdir_contents, max_descriptors, FTW_DEPTH) == -1) { + return 1; + } + sync(); + } + + restart_security_server(); return 0; } diff --git a/tests/security-server-tests/security_server_clean_env.h b/tests/security-server-tests/security_server_clean_env.h index 994a5be..1441f36 100644 --- a/tests/security-server-tests/security_server_clean_env.h +++ b/tests/security-server-tests/security_server_clean_env.h @@ -12,5 +12,6 @@ #define SECURITY_SERVER_CLEAN_ENV_H int restart_security_server(); +int reset_security_server(); #endif diff --git a/tests/security-server-tests/security_server_tests_password.cpp b/tests/security-server-tests/security_server_tests_password.cpp index dcb6a5b..cad5dfd 100644 --- a/tests/security-server-tests/security_server_tests_password.cpp +++ b/tests/security-server-tests/security_server_tests_password.cpp @@ -37,27 +37,12 @@ // security server retry timeout in microseconds const unsigned int PASSWORD_RETRY_TIMEOUT_US = 500000; -// sleep time (in seconds) after security server restart -const unsigned int SLEEP_AFTER_RESART = 2; - // test passwords const char* TEST_PASSWORD = "IDLEPASS"; const char* SECOND_TEST_PASSWORD = "OTHERIDLEPASS"; const char* THIRD_TEST_PASSWORD = "THIRDPASS"; const char* FOURTH_TEST_PASSWORD = "FOURTHPASS"; -/** - * Reset security-server. - * - * Function should be run at the begining of every test, so every test is independent of each other. - */ -void reset_security_server(){ - system("if [ -d /opt/data/security-server ]; then \n rm -rf /opt/data/security-server/*; \n fi"); - sync(); - restart_security_server(); - sleep(SLEEP_AFTER_RESART); -} - RUNNER_TEST_GROUP_INIT(SECURITY_SERVER_TESTS_PASSWORD); @@ -1170,7 +1155,6 @@ RUNNER_TEST(tc39_security_server_attempts_num_check_after_reset) // restart server - triggers loading password data from file restart_security_server(); - sleep(SLEEP_AFTER_RESART); // challenge invalid password verify_chk_pwd(__LINE__, SECOND_TEST_PASSWORD, SECURITY_SERVER_API_ERROR_PASSWORD_MISMATCH, @@ -1212,7 +1196,6 @@ RUNNER_TEST(tc40_security_server_history_check_after_reset) // restart server - triggers loading password data from file restart_security_server(); - sleep(SLEEP_AFTER_RESART); // try to reuse history passwords usleep(PASSWORD_RETRY_TIMEOUT_US); diff --git a/tests/security-server-tests/security_server_tests_server.cpp b/tests/security-server-tests/security_server_tests_server.cpp index 9616324..9a94372 100644 --- a/tests/security-server-tests/security_server_tests_server.cpp +++ b/tests/security-server-tests/security_server_tests_server.cpp @@ -23,6 +23,7 @@ #include #include #include "security-server.h" +#include "security_server_clean_env.h" #include #include #include @@ -308,36 +309,15 @@ error: return 0; } -static int nftw_rmdir_contents(const char *fpath, const struct stat * /*sb*/, - int tflag, struct FTW *ftwbuf) -{ - if (tflag == FTW_F) { - unlink(fpath); - } - if (tflag == FTW_DP && ftwbuf->level != 0) { - rmdir(fpath); - } - - return 0; -} - int clear_password(char ** /*error*/) { int ret = -1; unsigned int attempt, max_attempt, expire_sec; - const char *path = "/opt/data/security-server/"; const char *subject_allow = "subject_allow"; struct smack_accesses *handle = NULL; - attempt = max_attempt = expire_sec = 0; - if (getuid() == 0) { - if (access(path, F_OK) == 0) { - if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) { - return 1; - } - sync(); - } + reset_security_server(); ret = smack_accesses_new(&handle); RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_SUCCESS, "ret: " << ret); @@ -354,12 +334,13 @@ int clear_password(char ** /*error*/) smack_accesses_free(handle); + attempt = max_attempt = expire_sec = UINT_MAX; ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); + RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); RUNNER_ASSERT(expire_sec == 0); RUNNER_ASSERT(max_attempt == 0); RUNNER_ASSERT(attempt == 0); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, "ret: " << ret); /* we revoke all rules for subject 'subject_allow' */ ret = smack_revoke_subject(subject_allow); @@ -1029,25 +1010,18 @@ int clear_password_nosmack() { int ret = -1; unsigned int attempt, max_attempt, expire_sec; - const char* path = "/opt/data/security-server/"; - - attempt = max_attempt = expire_sec = 0; if (getuid() == 0) { - if (access(path, F_OK) == 0) { - if (nftw(path, &nftw_rmdir_contents, 20, FTW_DEPTH) == -1) { - return 1; - } - sync(); - } + reset_security_server(); + attempt = max_attempt = expire_sec = UINT_MAX; ret = security_server_is_pwd_valid(&attempt, &max_attempt, &expire_sec); + RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, + "is_pwd_faild should return no password error. Result: " << ret); RUNNER_ASSERT_MSG(expire_sec == 0, "expire_sec = " << expire_sec << ", should be 0."); RUNNER_ASSERT_MSG(max_attempt == 0, "max_attempt = " << max_attempt << ", should be 0."); RUNNER_ASSERT_MSG(attempt == 0, "attempt = " << attempt << ", should be 0."); - RUNNER_ASSERT_MSG(ret == SECURITY_SERVER_API_ERROR_NO_PASSWORD, - "is_pwd_faild should return no password error. Result: " << ret); sleep(1); -- 2.7.4