}
PasswordFile::PasswordFile(): m_maxAttempt(PASSWORD_INFINITE_ATTEMPT_COUNT), m_historySize(0),
- m_expireTime(PASSWORD_INFINITE_EXPIRATION_TIME), m_attempt(0)
+ m_expireTime(PASSWORD_INFINITE_EXPIRATION_TIME),
+ m_passwordActive(false), m_attempt(0)
{
// check if data directory exists
// if not create it
{
PasswordFileBuffer pwdBuffer;
+ LogError("Saving max_att: " << m_maxAttempt << ", history_size: " << m_historySize <<
+ ", m_expireTime: " << m_expireTime << ", isActive: " << m_passwordActive);
+
//serialize password attributes
Serialization::Serialize(pwdBuffer, m_maxAttempt);
Serialization::Serialize(pwdBuffer, m_historySize);
Serialization::Serialize(pwdBuffer, m_expireTime);
+ Serialization::Serialize(pwdBuffer, m_passwordActive);
Serialization::Serialize(pwdBuffer, m_passwords);
pwdBuffer.Save(DATA_DIR + "/" + PASSWORD_FILE);
Deserialization::Deserialize(pwdFile, m_maxAttempt);
Deserialization::Deserialize(pwdFile, m_historySize);
Deserialization::Deserialize(pwdFile, m_expireTime);
+ Deserialization::Deserialize(pwdFile, m_passwordActive);
Deserialization::Deserialize(pwdFile, m_passwords);
+
+ LogError("Received max_att: " << m_maxAttempt << ", history_size: " << m_historySize <<
+ ", m_expireTime: " << m_expireTime << ", isActive: " << m_passwordActive);
}
void PasswordFile::writeAttemptToFile() const
}
}
+ void PasswordFile::activatePassword()
+ {
+ m_passwordActive = true;
+ }
+
bool PasswordFile::isPasswordActive() const
{
- return !(m_passwords.empty());
+ return m_passwordActive;
}
void PasswordFile::setHistory(unsigned int history)
LogSecureDebug("PwdCount: " << m_passwords.size() << ", PwdMaxHistory: " << getHistorySize());
- if(std::find_if(m_passwords.begin(), m_passwords.end(),
+ auto history_beginning = (m_passwords.begin())++;
+
+ if(std::find_if(history_beginning, m_passwords.end(),
[&hashedPwd](const Password& pwd) { return (pwd.m_password == hashedPwd); })
!= m_passwords.end()) {
LogSecureDebug("Passwords match!");
return (diff.count() < RETRY_TIMEOUT);
}
+ bool PasswordFile::isHistoryActive() const
+ {
+ return (m_historySize != 0);
+ }
+
//hashPassword is also used in Password struct constructor, that's why it's static. Moreover
//it is assumed that incorrect input password was checked earlier.
PasswordFile::RawHash PasswordFile::hashPassword(const std::string &password)
void setPassword(const std::string &password);
bool checkPassword(const std::string &password) const;
+
+ void activatePassword();
bool isPasswordActive() const;
void setHistory(unsigned int history);
bool checkIfAttemptsExceeded() const;
bool isIgnorePeriod() const;
+ bool isHistoryActive() const;
+
private:
typedef std::vector<unsigned char> RawHash;
typedef std::chrono::duration<double> TimeDiff;
unsigned int m_maxAttempt;
unsigned int m_historySize;
time_t m_expireTime;
+ bool m_passwordActive;
//attempt file data
unsigned int m_attempt;
//check delivered currentPassword
//when m_passwordActive flag is true, currentPassword shouldn't be empty
if (currentPassword.empty() && m_pwdFile.isPasswordActive()) {
- LogError("Password is already set.");
+ LogError("Password is already set. History count: " << m_pwdFile.getHistorySize());
return SECURITY_SERVER_API_ERROR_PASSWORD_EXIST;
}
return SECURITY_SERVER_API_ERROR_PASSWORD_EXPIRED;
}
- //check history
- if (m_pwdFile.isPasswordActive()) {
+ //check history, however only if history is active
+ if (m_pwdFile.isPasswordActive() && m_pwdFile.isHistoryActive()) {
if (m_pwdFile.isPasswordReused(newPassword)) {
LogError("Password reused.");
return SECURITY_SERVER_API_ERROR_PASSWORD_REUSED;
//setting password
m_pwdFile.setPassword(newPassword);
+ m_pwdFile.activatePassword();
m_pwdFile.setMaxAttempt(receivedAttempts);
m_pwdFile.setExpireTime(valid_secs);
m_pwdFile.writeMemoryToFile();
return SECURITY_SERVER_API_ERROR_INPUT_PARAM;
m_pwdFile.setPassword(newPassword);
+ m_pwdFile.activatePassword();
m_pwdFile.setMaxAttempt(receivedAttempts);
m_pwdFile.setExpireTime(valid_secs);
m_pwdFile.writeMemoryToFile();
projects / platform / core / security / security-manager.git / commitdiff