xref: /illumos-gate/usr/src/lib/passwdutil/__failed_count.c (revision 7655c6d53c36750b508636f48c73a2de57754e5a) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  * Copyright 2024 OmniOS Community Edition (OmniOSce) Association.
25  */
26 
27 #include <string.h>
28 #include <syslog.h>
29 #include "passwdutil.h"
30 
31 int
32 __incr_failed_count(const char *username, char *repname, int max_failures)
33 {
34 	int ret;
35 	void *buf;
36 	attrlist items[1];
37 	int repnum = name_to_int(repname);
38 	repops_t *ops;
39 
40 	/* account locking only defined for files and ldap */
41 	if ((repnum != REP_FILES) &&
42 	    (repnum != REP_LDAP)) {
43 		return (PWU_SUCCESS);
44 	}
45 
46 	ops = rops[repnum];
47 	if ((ops->lock != NULL) &&
48 	    (ret = ops->lock()) != PWU_SUCCESS) {
49 		return (ret);
50 	}
51 
52 	items[0].type = ATTR_INCR_FAILED_LOGINS;
53 	items[0].next = NULL;
54 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) {
55 		goto out;
56 	}
57 
58 	/* We increment the failed count by one */
59 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) {
60 		goto out;
61 	}
62 
63 	/* Did we just exceed "max_failures" ? */
64 	if (items[0].data.val_i >= max_failures) {
65 		syslog(LOG_AUTH|LOG_NOTICE,
66 		    "Excessive (%d) login failures for %s: locking account.",
67 		    max_failures, username);
68 
69 		items[0].type = ATTR_LOCK_ACCOUNT;
70 		if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
71 			goto out;
72 	}
73 	if (((ret = ops->putpwnam(username, NULL, NULL, buf)) ==
74 	    PWU_SUCCESS) &&
75 	    (items[0].type == ATTR_LOCK_ACCOUNT))
76 		ret = PWU_ACCOUNT_LOCKED;
77 
78 out:
79 	if (ops->unlock != NULL) {
80 		ops->unlock();
81 	}
82 
83 	return (ret);
84 }
85 
86 /*
87  * reset the failed count.
88  * returns the number of failed logins before the reset, or an error (< 0)
89  */
90 int
91 __rst_failed_count(const char *username, char *repname)
92 {
93 	int ret;
94 	void *buf;
95 	attrlist items[1];
96 	int repnum = name_to_int(repname);
97 	repops_t *ops;
98 
99 	/* account locking only defined for files and ldap */
100 	if ((repnum != REP_FILES) &&
101 	    (repnum != REP_LDAP)) {
102 		return (PWU_SUCCESS);
103 	}
104 
105 	ops = rops[repnum];
106 	if ((ops->lock != NULL) &&
107 	    (ret = ops->lock()) != PWU_SUCCESS) {
108 		return (ret);
109 	}
110 
111 	items[0].type = ATTR_RST_FAILED_LOGINS;
112 	items[0].next = NULL;
113 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
114 		goto out;
115 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
116 		goto out;
117 	ret = ops->putpwnam(username, NULL, NULL, buf);
118 out:
119 	if (ops->unlock != NULL) {
120 		ops->unlock();
121 	}
122 
123 	return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
124 }
125