Add new API - auth_passwd_check_passwd_available()

This API checks only if typed string fulfills password policies.
App could use this API during typing a letter for new password and
notify user of helper message before calling password setting API.

To support kind helper message, we provide several error type for
each password policies.

* AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH
* AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM
* AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES
* AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH
* AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS
* AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE
* AUTH_PASSWD_API_ERROR_INVALID_PATTERN

Also, AUTH_PASSWD_API_ERROR_PASSWORD_INVALID is removed.

Change-Id: Ie7727ceb2c5fa095632b4c38e23c8d6daaae322a
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>

6 files changed, 148 insertions, 41 deletions

diff --git a/src/client/client-password.cpp b/src/client/client-password.cpp
index 600534b..11fd9ad 100644
--- a/src/client/client-password.cpp
+++ b/src/client/client-password.cpp
@@ -149,6 +149,35 @@ int auth_passwd_check_passwd_state(password_type passwd_type,
 }
 
 AUTH_PASSWD_API
+int auth_passwd_check_passwd_available(password_type passwd_type, const char *passwd)
+{
+	using namespace AuthPasswd;
+	return try_catch([&] {
+		if (NULL == passwd) {
+			LogError("Wrong input param");
+			return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
+		}
+
+		MessageBuffer send, recv;
+
+		Serialization::Serialize(send, static_cast<int>(PasswordHdrs::HDR_CHK_PASSWD_AVAILABLE));
+		Serialization::Serialize(send, passwd_type);
+		Serialization::Serialize(send, std::string(passwd));
+
+		int retCode = sendToServer(SERVICE_SOCKET_PASSWD_CHECK, send.Pop(), recv);
+
+		if (AUTH_PASSWD_API_SUCCESS != retCode) {
+			LogDebug("Error in sendToServer. Error code: " << retCode);
+			return retCode;
+		}
+
+		Deserialization::Deserialize(recv, retCode);
+
+		return retCode;
+	});
+}
+
+AUTH_PASSWD_API
 int auth_passwd_check_passwd_reused(password_type passwd_type,
 									const char *passwd,
 									int *is_reused)
diff --git a/src/common/include/protocols.h b/src/common/include/protocols.h
index 23e1429..2ec4e3b 100644
--- a/src/common/include/protocols.h
+++ b/src/common/include/protocols.h
@@ -49,6 +49,7 @@ extern char const *const SERVICE_SOCKET_PASSWD_POLICY;
 enum class PasswordHdrs {
 	HDR_CHK_PASSWD,
 	HDR_CHK_PASSWD_STATE,
+	HDR_CHK_PASSWD_AVAILABLE,
 	HDR_CHK_PASSWD_REUSED,
 	HDR_SET_PASSWD,
 	HDR_SET_PASSWD_RECOVERY,
diff --git a/src/include/auth-passwd-error.h b/src/include/auth-passwd-error.h
index 1abdf39..e21f5b5 100644
--- a/src/include/auth-passwd-error.h
+++ b/src/include/auth-passwd-error.h
@@ -63,23 +63,41 @@
 /*! \brief   indicating password mismatch */
 #define AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH -12
 
-/*! \brief   indicating password dose not meet password policies */
-#define AUTH_PASSWD_API_ERROR_PASSWORD_INVALID -13
-
 /*! \brief   indicating password retry timeout is not occurred yet */
-#define AUTH_PASSWD_API_ERROR_PASSWORD_RETRY_TIMER -14
+#define AUTH_PASSWD_API_ERROR_PASSWORD_RETRY_TIMER -13
 
 /*! \brief   indicating no other attempts are possible */
-#define AUTH_PASSWD_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -15
+#define AUTH_PASSWD_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED -14
 
 /*! \brief   indicating password is expired */
-#define AUTH_PASSWD_API_ERROR_PASSWORD_EXPIRED -16
+#define AUTH_PASSWD_API_ERROR_PASSWORD_EXPIRED -15
 
 /*! \brief   indicating password is reused */
-#define AUTH_PASSWD_API_ERROR_PASSWORD_REUSED -17
+#define AUTH_PASSWD_API_ERROR_PASSWORD_REUSED -16
 
 /*! \brief   indicating password recovery is restricted because max attempts policy is set */
-#define AUTH_PASSWD_API_ERROR_RECOVERY_PASSWORD_RESTRICTED -18
+#define AUTH_PASSWD_API_ERROR_RECOVERY_PASSWORD_RESTRICTED -17
+
+/*! \brief   indicating password does not meet password min length policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH -18
+
+/*! \brief   indicating password does not meet min complex character number policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM -19
+
+/*! \brief   indicating password does not meet max character occurences policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES -20
+
+/*! \brief   indicating password does not meet max number sequence length policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH -21
+
+/*! \brief   indicating password does not meet forbidden passwords policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS -22
+
+/*! \brief   indicating password does not meet quality type policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE -23
+
+/*! \brief   indicating password does not meet pattern policy */
+#define AUTH_PASSWD_API_ERROR_INVALID_PATTERN -24
 
 /*! \brief   indicating the error with unknown reason */
 #define AUTH_PASSWD_API_ERROR_UNKNOWN -255
diff --git a/src/include/auth-passwd.h b/src/include/auth-passwd.h
index 08aee2f..24be828 100644
--- a/src/include/auth-passwd.h
+++ b/src/include/auth-passwd.h
@@ -207,6 +207,57 @@ int auth_passwd_check_passwd_state(password_type passwd_type,
 								   unsigned int *valid_secs);
 
 /**
+ *
+ * \par Description:
+ * This API checks only if typed string fulfills password policies.
+ *
+ * \par Purpose:
+ * This API should be used by setting application during typing a letter for new password.
+ *
+ * \par Typical use case:
+ * App could check whether typed password is available and notify user of helper message
+ * before calling password setting API.
+ *
+ * \par Method of function operation:
+ * Sends a check request to auth-fw and auth-fw replies with password availability.
+ *
+ * \par Sync (or) Async:
+ * This is a Synchronous API.
+ *
+ * \par Important notes:
+ *  You can't check password reusability.
+ *
+ * \param[in] passwd_type Password type, such as normal(lock) password, recovery password and so on.
+ * \param[in] passwd Null terminated inputted password string.
+ *
+ * \return AUTH_PASSWD_API_SUCCESS
+ * \return AUTH_PASSWD_API_ERROR_ACCESS_DENIED
+ * \return AUTH_PASSWD_API_ERROR_SOCKET
+ * \return AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH
+ *              Typed string doesn't fulfill min length policy.
+ * \return AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM
+ *              Typed string doesn't fulfill min complex character number policy.
+ * \return AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES
+ *              Typed string doesn't fulfill max character occurences policy.
+ * \return AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH
+ *              Typed string doesn't fulfill max number sequence length policy.
+ * \return AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS
+ *              Typed string doesn't fulfill forbidden passwords policy.
+ * \return AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE
+ *              Typed string doesn't fulfill qulity type policy
+ * \return AUTH_PASSWD_API_ERROR_INVALID_PATTERN
+ *              Typed string doesn't fulfill pattern policy.
+ * \par Known issues/bugs:
+ * None
+ *
+ * \pre None
+ *
+ * \post None
+ *
+ */
+int auth_passwd_check_passwd_available(password_type passwd_type, const char *passwd);
+
+/**
  * \par Description:
  * This API checks if password was used before.
  *
diff --git a/src/server/service/password.cpp b/src/server/service/password.cpp
index a44c3a9..85e1cba 100644
--- a/src/server/service/password.cpp
+++ b/src/server/service/password.cpp
@@ -121,10 +121,10 @@ int PasswordService::processCheckFunctions(PasswordHdrs hdr, MessageBuffer &buff
 		unsigned int &max_att, unsigned int &exp_time)
 {
 	int result = AUTH_PASSWD_API_ERROR_SERVER_ERROR;
+	unsigned int passwdType = 0;
 
 	switch (hdr) {
 	case PasswordHdrs::HDR_CHK_PASSWD: {
-		unsigned int passwdType = 0;
 		std::string challenge;
 		Deserialization::Deserialize(buffer, passwdType);
 		Deserialization::Deserialize(buffer, challenge);
@@ -134,12 +134,18 @@ int PasswordService::processCheckFunctions(PasswordHdrs hdr, MessageBuffer &buff
 	}
 
 	case PasswordHdrs::HDR_CHK_PASSWD_STATE: {
-		unsigned int passwdType = 0;
 		Deserialization::Deserialize(buffer, passwdType);
 		result = m_pwdManager.isPwdValid(passwdType, cur_user, cur_att, max_att, exp_time);
 		break;
 	}
 
+	case PasswordHdrs::HDR_CHK_PASSWD_AVAILABLE: {
+		std::string challenge;
+		Deserialization::Deserialize(buffer, passwdType);
+		Deserialization::Deserialize(buffer, challenge);
+		result = m_policyManager.checkPolicy(passwdType, NO_PASSWORD, challenge, cur_user);
+	}
+
 	default:
 		LogError("Unknown msg header.");
 		Throw(Exception::IncorrectHeader);
@@ -338,18 +344,20 @@ bool PasswordService::processOne(const ConnectionID &conn, MessageBuffer &buffer
 		//Returning additional information should occur only when checking functions
 		//are called, and under certain return values
 		if (interfaceID == SOCKET_ID_CHECK) {
-			switch (retCode) {
-			case AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH:
-			case AUTH_PASSWD_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
-			case AUTH_PASSWD_API_ERROR_PASSWORD_EXPIRED:
-			case AUTH_PASSWD_API_SUCCESS:
-				Serialization::Serialize(sendBuffer, cur_att);
-				Serialization::Serialize(sendBuffer, max_att);
-				Serialization::Serialize(sendBuffer, exp_time);
-				break;
-
-			default:
-				break;
+			if (hdr != PasswordHdrs::HDR_CHK_PASSWD_AVAILABLE) {
+				switch (retCode) {
+				case AUTH_PASSWD_API_ERROR_PASSWORD_MISMATCH:
+				case AUTH_PASSWD_API_ERROR_PASSWORD_MAX_ATTEMPTS_EXCEEDED:
+				case AUTH_PASSWD_API_ERROR_PASSWORD_EXPIRED:
+				case AUTH_PASSWD_API_SUCCESS:
+					Serialization::Serialize(sendBuffer, cur_att);
+					Serialization::Serialize(sendBuffer, max_att);
+					Serialization::Serialize(sendBuffer, exp_time);
+					break;
+
+				default:
+					break;
+				}
 			}
 		} else if (interfaceID == SOCKET_ID_SET) {
 			if (hdr == PasswordHdrs::HDR_CHK_PASSWD_REUSED && retCode == AUTH_PASSWD_API_SUCCESS)
diff --git a/src/server/service/policy-manager.cpp b/src/server/service/policy-manager.cpp
index f999496..e6139b3 100644
--- a/src/server/service/policy-manager.cpp
+++ b/src/server/service/policy-manager.cpp
@@ -83,37 +83,37 @@ int PolicyManager::checkPolicy(unsigned int passwdType,
 
 	if (!itPolicy->second.checkMinLength(newPassword)) {
 		LogError("new passwd's minLength is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_MIN_LENGTH;
 	}
 
 	if (!itPolicy->second.checkMinComplexCharNumber(newPassword)) {
 		LogError("new passwd's minComplexCharNumber is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_MIN_COMPLEX_CHAR_NUM;
 	}
 
 	if (!itPolicy->second.checkMaxCharOccurrences(newPassword)) {
 		LogError("new passwd's maxCharOccurrences is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_MAX_CHAR_OCCURENCES;
 	}
 
 	if (!itPolicy->second.checkMaxNumSeqLength(newPassword)) {
 		LogError("new passwd's maxNumSeqLength is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_MAX_NUM_SEQ_LENGTH;
+	}
+
+	if (!itPolicy->second.checkForbiddenPasswds(newPassword)) {
+		LogError("new passwd is forbiddenPasswd");
+		return AUTH_PASSWD_API_ERROR_INVALID_FORBIDDEN_PASSWORDS;
 	}
 
 	if (!itPolicy->second.checkQualityType(newPassword)) {
 		LogError("new passwd's qualityType is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_QUALITY_TYPE;
 	}
 
 	if (!itPolicy->second.checkPattern(newPassword)) {
 		LogError("new passwd's pattern is invalid");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
-	}
-
-	if (!itPolicy->second.checkForbiddenPasswds(newPassword)) {
-		LogError("new passwd is forbiddenPasswd");
-		return AUTH_PASSWD_API_ERROR_PASSWORD_INVALID;
+		return AUTH_PASSWD_API_ERROR_INVALID_PATTERN;
 	}
 
 	return AUTH_PASSWD_API_SUCCESS;
@@ -185,6 +185,9 @@ int PolicyManager::setPolicy(Policy policy)
 
 			break;
 
+		case POLICY_FORBIDDEN_PASSWDS:
+			break;
+
 		case POLICY_QUALITY_TYPE:
 			if (policy.qualityType > AUTH_PWD_QUALITY_LAST) {
 				LogError("Incorrect input param.");
@@ -201,9 +204,6 @@ int PolicyManager::setPolicy(Policy policy)
 
 			break;
 
-		case POLICY_FORBIDDEN_PASSWDS:
-			break;
-
 		default:
 			LogError("Not supported policy type.");
 			return AUTH_PASSWD_API_ERROR_INPUT_PARAM;
@@ -248,6 +248,11 @@ int PolicyManager::setPolicy(Policy policy)
 			itPolicy->second.setMaxNumSeqLength(policy.maxNumSeqLength);
 			break;
 
+		case POLICY_FORBIDDEN_PASSWDS:
+			LogSecureDebug("forbiddenPasswds number: " << policy.forbiddenPasswds.size());
+			itPolicy->second.setForbiddenPasswds(policy.forbiddenPasswds);
+			break;
+
 		case POLICY_QUALITY_TYPE:
 			LogSecureDebug("qualityType: " << policy.qualityType);
 			itPolicy->second.setQualityType(policy.qualityType);
@@ -258,11 +263,6 @@ int PolicyManager::setPolicy(Policy policy)
 			itPolicy->second.setPattern(policy.pattern);
 			break;
 
-		case POLICY_FORBIDDEN_PASSWDS:
-			LogSecureDebug("forbiddenPasswds number: " << policy.forbiddenPasswds.size());
-			itPolicy->second.setForbiddenPasswds(policy.forbiddenPasswds);
-			break;
-
 		default:
 			LogError("Not supported policy type.");
 			return AUTH_PASSWD_API_ERROR_INPUT_PARAM;