xref: /titanic_52/usr/src/lib/passwdutil/__failed_count.c (revision 18c2aff776a775d34a4c9893a4c72e0434d68e36)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include <string.h>
29 #include <syslog.h>
30 #include "passwdutil.h"
31 
32 int
33 __incr_failed_count(char *username, char *repname, int max_failures)
34 {
35 	int ret;
36 	void *buf;
37 	attrlist items[1];
38 	repops_t *ops = rops[REP_FILES];
39 
40 	/* account locking only defined for files */
41 	if (strcmp(repname, "files") != 0)
42 		return (PWU_SUCCESS);
43 
44 	if ((ret = ops->lock()) != PWU_SUCCESS)
45 		return (ret);
46 
47 	items[0].type = ATTR_INCR_FAILED_LOGINS;
48 	items[0].next = NULL;
49 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
50 		goto out;
51 
52 	/* We increment the failed count by one */
53 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
54 		goto out;
55 
56 	/* Did we just exceed "max_failures" ? */
57 	if (items[0].data.val_i >= max_failures) {
58 		syslog(LOG_AUTH|LOG_NOTICE,
59 		    "Excessive (%d) login failures for %s: locking account.",
60 		    max_failures, username);
61 
62 		items[0].type = ATTR_LOCK_ACCOUNT;
63 		if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
64 			goto out;
65 	}
66 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
67 
68 out:
69 	ops->unlock();
70 
71 	return (ret);
72 }
73 
74 /*
75  * reset the failed count.
76  * returns the number of failed logins before the reset, or an error (< 0)
77  */
78 int
79 __rst_failed_count(char *username, char *repname)
80 {
81 	int ret;
82 	void *buf;
83 	attrlist items[1];
84 	repops_t *ops = rops[REP_FILES];
85 
86 	/* account locking only defined for files */
87 	if (strcmp(repname, "files") != 0)
88 		return (PWU_SUCCESS);
89 
90 	if ((ret = ops->lock()) != PWU_SUCCESS)
91 		return (ret);
92 
93 	items[0].type = ATTR_RST_FAILED_LOGINS;
94 	items[0].next = NULL;
95 	if ((ret = ops->getpwnam(username, items, NULL, &buf)) != PWU_SUCCESS)
96 		goto out;
97 	if ((ret = ops->update(items, NULL, buf)) != PWU_SUCCESS)
98 		goto out;
99 	ret = ops->putpwnam(username, NULL, NULL, NULL, buf);
100 out:
101 	ops->unlock();
102 
103 	return (ret != PWU_SUCCESS ? ret : items[0].data.val_i);
104 }
105