[Issue#] SSDWSSP-700
[Feature/Bug] Add PASSWORD_INFINITE_EXPIRATION_TIME and PASSWORD_INFINITE_ATTEMPT_COUNT constant
to password service. Change infinite expiration time.
[Cause] Infinite expiration time and infinite attempt count were inputed directly to
variables in multiple places. Other infinite expiration time
[Solution] Constants were added for simplier switching between different infinite expiration
times and infinite attempt counts.
[Verification] Build, install, run tests. All should pass, except tests that treated infinite
expiration time as 0 value.
Change-Id: I49877154e97f57ac444dbc37924bb571f4fa3abe
const size_t MAX_PASSWORD_LEN = 32;
const unsigned int MAX_PASSWORD_HISTORY = 50;
const size_t MAX_PASSWORD_LEN = 32;
const unsigned int MAX_PASSWORD_HISTORY = 50;
+const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS = 0;
+const time_t PASSWORD_INFINITE_EXPIRATION_TIME = 0xFFFFFFFF;
+const unsigned int PASSWORD_INFINITE_ATTEMPT_COUNT = 0;
-const int SECURITY_SERVER_MAX_OBJ_NAME = 30;
+const int SECURITY_SERVER_MAX_OBJ_NAME = 30;
} // namespace SecurityServer
} // namespace SecurityServer
#define _SECURITY_SERVER_PROTOCOLS_
#include <cstddef>
#define _SECURITY_SERVER_PROTOCOLS_
#include <cstddef>
namespace SecurityServer {
namespace SecurityServer {
extern const size_t MAX_PASSWORD_LEN;
extern const unsigned int MAX_PASSWORD_HISTORY;
extern const size_t MAX_PASSWORD_LEN;
extern const unsigned int MAX_PASSWORD_HISTORY;
+extern const unsigned int PASSWORD_INFINITE_EXPIRATION_DAYS;
+extern const time_t PASSWORD_INFINITE_EXPIRATION_TIME;
+extern const unsigned int PASSWORD_INFINITE_ATTEMPT_COUNT;
extern const int SECURITY_SERVER_MAX_OBJ_NAME;
extern const int SECURITY_SERVER_MAX_OBJ_NAME;
#include <dpl/log/log.h>
#include <security-server.h>
#include <dpl/log/log.h>
#include <security-server.h>
#include <password-exception.h>
#include <password-file-buffer.h>
#include <password-exception.h>
#include <password-file-buffer.h>
Serialization::Serialize(stream, m_password);
}
Serialization::Serialize(stream, m_password);
}
- PasswordFile::PasswordFile(): m_maxAttempt(0), m_historySize(0), m_expireTime(0), m_attempt(0)
+ PasswordFile::PasswordFile(): m_maxAttempt(PASSWORD_INFINITE_ATTEMPT_COUNT), m_historySize(0),
+ m_expireTime(PASSWORD_INFINITE_EXPIRATION_TIME), m_attempt(0)
{
// check if data directory exists
// if not create it
{
// check if data directory exists
// if not create it
time_t PasswordFile::getExpireTimeLeft() const
{
time_t PasswordFile::getExpireTimeLeft() const
{
+ if(m_expireTime != PASSWORD_INFINITE_EXPIRATION_TIME)
return (m_expireTime - time(NULL));
else
return m_expireTime;
return (m_expireTime - time(NULL));
else
return m_expireTime;
bool PasswordFile::checkExpiration() const
{
//return true if expired, else false
bool PasswordFile::checkExpiration() const
{
//return true if expired, else false
- return ((m_expireTime != 0) && (time(NULL) > m_expireTime));
+ return ((m_expireTime != PASSWORD_INFINITE_EXPIRATION_TIME) && (time(NULL) > m_expireTime));
+ }
+
+ bool PasswordFile::checkIfAttemptsExceeded() const
+ {
+ return ((m_maxAttempt != PASSWORD_INFINITE_ATTEMPT_COUNT) && (m_attempt >= m_maxAttempt));
}
bool PasswordFile::isIgnorePeriod() const
}
bool PasswordFile::isIgnorePeriod() const
bool isPasswordReused(const std::string &password) const;
bool checkExpiration() const;
bool isPasswordReused(const std::string &password) const;
bool checkExpiration() const;
+ bool checkIfAttemptsExceeded() const;
bool isIgnorePeriod() const;
private:
bool isIgnorePeriod() const;
private:
namespace {
bool calculateExpiredTime(unsigned int receivedDays, unsigned int &validSecs)
{
namespace {
bool calculateExpiredTime(unsigned int receivedDays, unsigned int &validSecs)
{
+ validSecs = SecurityServer::PASSWORD_INFINITE_EXPIRATION_TIME;
+ //when receivedDays means infinite expiration, return default validSecs value.
+ if(receivedDays == SecurityServer::PASSWORD_INFINITE_EXPIRATION_DAYS)
return true;
time_t curTime = time(NULL);
return true;
time_t curTime = time(NULL);
validSecs = (curTime + (receivedDays * 86400));
return true;
}
validSecs = (curTime + (receivedDays * 86400));
return true;
}
-
- //when receivedDays equal to zero, it means infinite password valid time
- //if receivedDays is 0 return true, else return false (that is, an error)
- return false;
maxAttempt = m_pwdFile.getMaxAttempt();
expirationTime = m_pwdFile.getExpireTimeLeft();
maxAttempt = m_pwdFile.getMaxAttempt();
expirationTime = m_pwdFile.getExpireTimeLeft();
- if ((maxAttempt != 0) && (currentAttempt >= maxAttempt)) {
+ if (m_pwdFile.checkIfAttemptsExceeded()) {
LogError("Too many tries.");
return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
}
LogError("Too many tries.");
return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
}
- unsigned int maxAttempt = m_pwdFile.getMaxAttempt();
- if ((maxAttempt != 0) && (m_pwdFile.getAttempt() >= maxAttempt)) {
+ if (m_pwdFile.checkIfAttemptsExceeded()) {
LogError("Too many attempts.");
return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
}
LogError("Too many attempts.");
return SECURITY_SERVER_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED;
}