xref: /titanic_41/usr/src/lib/passwdutil/__failed_count.c (revision ba2e4443695ee6a6f420a35cd4fc3d3346d22932)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 #include <string.h>
30 #include <syslog.h>
31 #include "passwdutil.h"
32 
33 int
34 __incr_failed_count(char *username, char *repname, int max_failures)
35 {
36 	int ret;
37 	void *buf;
38 	attrlist items[1];
39 	repops_t *ops = rops[REP_FILES];
40 
41 	/* account locking only defined for files */
42 	if (strcmp(repname, "files") != 0)
43 		return (PWU_SUCCESS);
44 
45 	if ((ret = ops->lock()) != PWU_SUCCESS)
46 		return (ret);
47 
48 	items[0].type = ATTR_INCR_FAILED_LOGINS;
49 	items[0].next = NULL;
50 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
51 		goto out;
52 
53 	/* We increment the failed count by one */
54 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
55 		goto out;
56 
57 	/* Did we just exceed "max_failures" ? */
58 	if (items[0].data.val_i == max_failures) {
59 		syslog(LOG_AUTH|LOG_NOTICE,
60 		    "Excessive (%d) login failures for %s: locking account.",
61 		    max_failures, username);
62 
63 		items[0].type = ATTR_LOCK_ACCOUNT;
64 		if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
65 			goto out;
66 	}
67 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
68 
69 out:
70 	ops->unlock();
71 
72 	return (ret);
73 }
74 
75 /*
76  * reset the failed count.
77  * returns the number of failed logins before the reset, or an error (< 0)
78  */
79 int
80 __rst_failed_count(char *username, char *repname)
81 {
82 	int ret;
83 	void *buf;
84 	attrlist items[1];
85 	repops_t *ops = rops[REP_FILES];
86 
87 	/* account locking only defined for files */
88 	if (strcmp(repname, "files") != 0)
89 		return (PWU_SUCCESS);
90 
91 	if ((ret = ops->lock()) != PWU_SUCCESS)
92 		return (ret);
93 
94 	items[0].type = ATTR_RST_FAILED_LOGINS;
95 	items[0].next = NULL;
96 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
97 		goto out;
98 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
99 		goto out;
100 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
101 out:
102 	ops->unlock();
103 
104 	return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
105 }
106