xref: /illumos-gate/usr/src/lib/passwdutil/__failed_count.c (revision 47fc6f3c5b3c55e162497f2704e8a30366037e6d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <string.h>
29 #include <syslog.h>
30 #include "passwdutil.h"
31 
32 int
33 __incr_failed_count(char *username, char *repname, int max_failures)
34 {
35 	int ret;
36 	void *buf;
37 	attrlist items[1];
38 	repops_t *ops = rops[REP_FILES];
39 
40 	/* account locking only defined for files */
41 	if (strcmp(repname, "files") != 0)
42 		return (PWU_SUCCESS);
43 
44 	if ((ret = ops->lock()) != PWU_SUCCESS)
45 		return (ret);
46 
47 	items[0].type = ATTR_INCR_FAILED_LOGINS;
48 	items[0].next = NULL;
49 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
50 		goto out;
51 
52 	/* We increment the failed count by one */
53 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
54 		goto out;
55 
56 	/* Did we just exceed "max_failures" ? */
57 	if (items[0].data.val_i >= max_failures) {
58 		syslog(LOG_AUTH|LOG_NOTICE,
59 		    "Excessive (%d) login failures for %s: locking account.",
60 		    max_failures, username);
61 
62 		items[0].type = ATTR_LOCK_ACCOUNT;
63 		if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
64 			goto out;
65 	}
66 	if (((ret = ops->putpwnam(username, NULL, NULL, NULL, buf)) ==
67 	    PWU_SUCCESS) &&
68 	    (items[0].type == ATTR_LOCK_ACCOUNT))
69 		ret = PWU_ACCOUNT_LOCKED;
70 
71 out:
72 	ops->unlock();
73 
74 	return (ret);
75 }
76 
77 /*
78  * reset the failed count.
79  * returns the number of failed logins before the reset, or an error (< 0)
80  */
81 int
82 __rst_failed_count(char *username, char *repname)
83 {
84 	int ret;
85 	void *buf;
86 	attrlist items[1];
87 	repops_t *ops = rops[REP_FILES];
88 
89 	/* account locking only defined for files */
90 	if (strcmp(repname, "files") != 0)
91 		return (PWU_SUCCESS);
92 
93 	if ((ret = ops->lock()) != PWU_SUCCESS)
94 		return (ret);
95 
96 	items[0].type = ATTR_RST_FAILED_LOGINS;
97 	items[0].next = NULL;
98 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
99 		goto out;
100 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
101 		goto out;
102 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
103 out:
104 	ops->unlock();
105 
106 	return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
107 }
108