1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#include <string.h>
#include <syslog.h>
#include "passwdutil.h"
int
__incr_failed_count(char *username, char *repname, int max_failures)
{
int ret;
void *buf;
attrlist items[1];
int repnum = name_to_int(repname);
repops_t *ops;
/* account locking only defined for files and ldap */
if ((repnum != REP_FILES) &&
(repnum != REP_LDAP)) {
return (PWU_SUCCESS);
}
ops = rops[repnum];
if ((ops->lock != NULL) &&
(ret = ops->lock()) != PWU_SUCCESS) {
return (ret);
}
items[0].type = ATTR_INCR_FAILED_LOGINS;
items[0].next = NULL;
if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) {
goto out;
}
/* We increment the failed count by one */
if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) {
goto out;
}
/* Did we just exceed "max_failures" ? */
if (items[0].data.val_i >= max_failures) {
syslog(LOG_AUTH|LOG_NOTICE,
"Excessive (%d) login failures for %s: locking account.",
max_failures, username);
items[0].type = ATTR_LOCK_ACCOUNT;
if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
goto out;
}
if (((ret = ops->putpwnam(username, NULL, NULL, buf)) ==
PWU_SUCCESS) &&
(items[0].type == ATTR_LOCK_ACCOUNT))
ret = PWU_ACCOUNT_LOCKED;
out:
if (ops->unlock != NULL) {
ops->unlock();
}
return (ret);
}
/*
* reset the failed count.
* returns the number of failed logins before the reset, or an error (< 0)
*/
int
__rst_failed_count(char *username, char *repname)
{
int ret;
void *buf;
attrlist items[1];
int repnum = name_to_int(repname);
repops_t *ops;
/* account locking only defined for files and ldap */
if ((repnum != REP_FILES) &&
(repnum != REP_LDAP)) {
return (PWU_SUCCESS);
}
ops = rops[repnum];
if ((ops->lock != NULL) &&
(ret = ops->lock()) != PWU_SUCCESS) {
return (ret);
}
items[0].type = ATTR_RST_FAILED_LOGINS;
items[0].next = NULL;
if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
goto out;
if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
goto out;
ret = ops->putpwnam(username, NULL, NULL, buf);
out:
if (ops->unlock != NULL) {
ops->unlock();
}
return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
}
|
