xref: /illumos-gate/usr/src/lib/passwdutil/__failed_count.c (revision 56e2cc86321ec889bf83a888d902c60d6fb2ef8d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <string.h>
27 #include <syslog.h>
28 #include "passwdutil.h"
29 
30 int
31 __incr_failed_count(char *username, char *repname, int max_failures)
32 {
33 	int ret;
34 	void *buf;
35 	attrlist items[1];
36 	int repnum = name_to_int(repname);
37 	repops_t *ops;
38 
39 	/* account locking only defined for files and ldap */
40 	if ((repnum != REP_FILES) &&
41 	    (repnum != REP_LDAP)) {
42 		return (PWU_SUCCESS);
43 	}
44 
45 	ops = rops[repnum];
46 	if ((ops->lock != NULL) &&
47 	    (ret = ops->lock()) != PWU_SUCCESS) {
48 		return (ret);
49 	}
50 
51 	items[0].type = ATTR_INCR_FAILED_LOGINS;
52 	items[0].next = NULL;
53 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) {
54 		goto out;
55 	}
56 
57 	/* We increment the failed count by one */
58 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) {
59 		goto out;
60 	}
61 
62 	/* Did we just exceed "max_failures" ? */
63 	if (items[0].data.val_i >= max_failures) {
64 		syslog(LOG_AUTH|LOG_NOTICE,
65 		    "Excessive (%d) login failures for %s: locking account.",
66 		    max_failures, username);
67 
68 		items[0].type = ATTR_LOCK_ACCOUNT;
69 		if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
70 			goto out;
71 	}
72 	if (((ret = ops->putpwnam(username, NULL, NULL, NULL, buf)) ==
73 	    PWU_SUCCESS) &&
74 	    (items[0].type == ATTR_LOCK_ACCOUNT))
75 		ret = PWU_ACCOUNT_LOCKED;
76 
77 out:
78 	if (ops->unlock != NULL) {
79 		ops->unlock();
80 	}
81 
82 	return (ret);
83 }
84 
85 /*
86  * reset the failed count.
87  * returns the number of failed logins before the reset, or an error (< 0)
88  */
89 int
90 __rst_failed_count(char *username, char *repname)
91 {
92 	int ret;
93 	void *buf;
94 	attrlist items[1];
95 	int repnum = name_to_int(repname);
96 	repops_t *ops;
97 
98 	/* account locking only defined for files and ldap */
99 	if ((repnum != REP_FILES) &&
100 	    (repnum != REP_LDAP)) {
101 		return (PWU_SUCCESS);
102 	}
103 
104 	ops = rops[repnum];
105 	if ((ops->lock != NULL) &&
106 	    (ret = ops->lock()) != PWU_SUCCESS) {
107 		return (ret);
108 	}
109 
110 	items[0].type = ATTR_RST_FAILED_LOGINS;
111 	items[0].next = NULL;
112 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
113 		goto out;
114 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
115 		goto out;
116 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
117 out:
118 	if (ops->unlock != NULL) {
119 		ops->unlock();
120 	}
121 
122 	return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
123 }
124