1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License, Version 1.0 only 6 * (the "License"). You may not use this file except in compliance 7 * with the License. 8 * 9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10 * or http://www.opensolaris.org/os/licensing. 11 * See the License for the specific language governing permissions 12 * and limitations under the License. 13 * 14 * When distributing Covered Code, include this CDDL HEADER in each 15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16 * If applicable, add the following below this CDDL HEADER, with the 17 * fields enclosed by brackets "[]" replaced with your own identifying 18 * information: Portions Copyright [yyyy] [name of copyright owner] 19 * 20 * CDDL HEADER END 21 */ 22 /* 23 * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 */ 26 27 #pragma ident "%Z%%M% %I% %E% SMI" 28 29 #include <string.h> 30 #include <syslog.h> 31 #include "passwdutil.h" 32 33 int 34 __incr_failed_count(char *username, char *repname, int max_failures) 35 { 36 int ret; 37 void *buf; 38 attrlist items[1]; 39 repops_t *ops = rops[REP_FILES]; 40 41 /* account locking only defined for files */ 42 if (strcmp(repname, "files") != 0) 43 return (PWU_SUCCESS); 44 45 if ((ret = ops->lock()) != PWU_SUCCESS) 46 return (ret); 47 48 items[0].type = ATTR_INCR_FAILED_LOGINS; 49 items[0].next = NULL; 50 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) 51 goto out; 52 53 /* We increment the failed count by one */ 54 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) 55 goto out; 56 57 /* Did we just exceed "max_failures" ? */ 58 if (items[0].data.val_i == max_failures) { 59 syslog(LOG_AUTH|LOG_NOTICE, 60 "Excessive (%d) login failures for %s: locking account.", 61 max_failures, username); 62 63 items[0].type = ATTR_LOCK_ACCOUNT; 64 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) 65 goto out; 66 } 67 ret = ops->putpwnam(username, NULL, NULL, NULL, buf); 68 69 out: 70 ops->unlock(); 71 72 return (ret); 73 } 74 75 /* 76 * reset the failed count. 77 * returns the number of failed logins before the reset, or an error (< 0) 78 */ 79 int 80 __rst_failed_count(char *username, char *repname) 81 { 82 int ret; 83 void *buf; 84 attrlist items[1]; 85 repops_t *ops = rops[REP_FILES]; 86 87 /* account locking only defined for files */ 88 if (strcmp(repname, "files") != 0) 89 return (PWU_SUCCESS); 90 91 if ((ret = ops->lock()) != PWU_SUCCESS) 92 return (ret); 93 94 items[0].type = ATTR_RST_FAILED_LOGINS; 95 items[0].next = NULL; 96 if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS) 97 goto out; 98 if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS) 99 goto out; 100 ret = ops->putpwnam(username, NULL, NULL, NULL, buf); 101 out: 102 ops->unlock(); 103 104 return (ret != PWU_SUCCESS ? ret : items[0].data.val_i); 105 } 106