1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 * Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
25 */
26
27 #include <string.h>
28 #include <syslog.h>
29 #include "passwdutil.h"
30
31 int
__incr_failed_count(const char * username,char * repname,int max_failures)32 __incr_failed_count(const char *username, char *repname, int max_failures)
33 {
34 int ret;
35 void *buf;
36 attrlist items[1];
37 int repnum = name_to_int(repname);
38 repops_t *ops;
39
40 /* account locking only defined for files and ldap */
41 if ((repnum != REP_FILES) &&
42 (repnum != REP_LDAP)) {
43 return (PWU_SUCCESS);
44 }
45
46 ops = rops[repnum];
47 if ((ops->lock != NULL) &&
48 (ret = ops->lock()) != PWU_SUCCESS) {
49 return (ret);
50 }
51
52 items[0].type = ATTR_INCR_FAILED_LOGINS;
53 items[0].next = NULL;
54 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) {
55 goto out;
56 }
57
58 /* We increment the failed count by one */
59 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) {
60 goto out;
61 }
62
63 /* Did we just exceed "max_failures" ? */
64 if (items[0].data.val_i >= max_failures) {
65 syslog(LOG_AUTH|LOG_NOTICE,
66 "Excessive (%d) login failures for %s: locking account.",
67 max_failures, username);
68
69 items[0].type = ATTR_LOCK_ACCOUNT;
70 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
71 goto out;
72 }
73 if (((ret = ops->putpwnam(username, NULL, NULL, buf)) ==
74 PWU_SUCCESS) &&
75 (items[0].type == ATTR_LOCK_ACCOUNT))
76 ret = PWU_ACCOUNT_LOCKED;
77
78 out:
79 if (ops->unlock != NULL) {
80 ops->unlock();
81 }
82
83 return (ret);
84 }
85
86 /*
87 * reset the failed count.
88 * returns the number of failed logins before the reset, or an error (< 0)
89 */
90 int
__rst_failed_count(const char * username,char * repname)91 __rst_failed_count(const char *username, char *repname)
92 {
93 int ret;
94 void *buf;
95 attrlist items[1];
96 int repnum = name_to_int(repname);
97 repops_t *ops;
98
99 /* account locking only defined for files and ldap */
100 if ((repnum != REP_FILES) &&
101 (repnum != REP_LDAP)) {
102 return (PWU_SUCCESS);
103 }
104
105 ops = rops[repnum];
106 if ((ops->lock != NULL) &&
107 (ret = ops->lock()) != PWU_SUCCESS) {
108 return (ret);
109 }
110
111 items[0].type = ATTR_RST_FAILED_LOGINS;
112 items[0].next = NULL;
113 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
114 goto out;
115 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
116 goto out;
117 ret = ops->putpwnam(username, NULL, NULL, buf);
118 out:
119 if (ops->unlock != NULL) {
120 ops->unlock();
121 }
122
123 return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
124 }
125