1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <string.h>
27 #include <syslog.h>
28 #include "passwdutil.h"
29
30 int
__incr_failed_count(char * username,char * repname,int max_failures)31 __incr_failed_count(char *username, char *repname, int max_failures)
32 {
33 int ret;
34 void *buf;
35 attrlist items[1];
36 int repnum = name_to_int(repname);
37 repops_t *ops;
38
39 /* account locking only defined for files and ldap */
40 if ((repnum != REP_FILES) &&
41 (repnum != REP_LDAP)) {
42 return (PWU_SUCCESS);
43 }
44
45 ops = rops[repnum];
46 if ((ops->lock != NULL) &&
47 (ret = ops->lock()) != PWU_SUCCESS) {
48 return (ret);
49 }
50
51 items[0].type = ATTR_INCR_FAILED_LOGINS;
52 items[0].next = NULL;
53 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) {
54 goto out;
55 }
56
57 /* We increment the failed count by one */
58 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) {
59 goto out;
60 }
61
62 /* Did we just exceed "max_failures" ? */
63 if (items[0].data.val_i >= max_failures) {
64 syslog(LOG_AUTH|LOG_NOTICE,
65 "Excessive (%d) login failures for %s: locking account.",
66 max_failures, username);
67
68 items[0].type = ATTR_LOCK_ACCOUNT;
69 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
70 goto out;
71 }
72 if (((ret = ops->putpwnam(username, NULL, NULL, buf)) ==
73 PWU_SUCCESS) &&
74 (items[0].type == ATTR_LOCK_ACCOUNT))
75 ret = PWU_ACCOUNT_LOCKED;
76
77 out:
78 if (ops->unlock != NULL) {
79 ops->unlock();
80 }
81
82 return (ret);
83 }
84
85 /*
86 * reset the failed count.
87 * returns the number of failed logins before the reset, or an error (< 0)
88 */
89 int
__rst_failed_count(char * username,char * repname)90 __rst_failed_count(char *username, char *repname)
91 {
92 int ret;
93 void *buf;
94 attrlist items[1];
95 int repnum = name_to_int(repname);
96 repops_t *ops;
97
98 /* account locking only defined for files and ldap */
99 if ((repnum != REP_FILES) &&
100 (repnum != REP_LDAP)) {
101 return (PWU_SUCCESS);
102 }
103
104 ops = rops[repnum];
105 if ((ops->lock != NULL) &&
106 (ret = ops->lock()) != PWU_SUCCESS) {
107 return (ret);
108 }
109
110 items[0].type = ATTR_RST_FAILED_LOGINS;
111 items[0].next = NULL;
112 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
113 goto out;
114 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
115 goto out;
116 ret = ops->putpwnam(username, NULL, NULL, buf);
117 out:
118 if (ops->unlock != NULL) {
119 ops->unlock();
120 }
121
122 return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
123 }
124