summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>2018-11-22 23:24:25 +0530
committerBrad Bishop <bradleyb@fuzziesquirrel.com>2018-11-28 14:35:00 +0000
commitf5c2df5eef850900ece9aa8efeaa09ec083313c9 (patch)
tree1377f12d9f3c91e31e53a2df9b6d83b9f428447c
parentf870b48ec87c6f41e1f25343d6cf2f09c43a5647 (diff)
downloadphosphor-user-manager-f5c2df5eef850900ece9aa8efeaa09ec083313c9.zip
phosphor-user-manager-f5c2df5eef850900ece9aa8efeaa09ec083313c9.tar.gz
Remove output user name comparison for pam_tally2
pam_tally2 output restricts printing user name to 15 characters This makes the extra precautionary user name comparison to fail causing system to fail inadvertently. Hence removed the precautionary condition, as user name is passed to pam_tally2 as argument Unit test: Added user name of 16 characters or more and tried querying the user locked for failed attempt, and got successful data Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2 Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
-rw-r--r--user_mgr.cpp47
1 files changed, 17 insertions, 30 deletions
diff --git a/user_mgr.cpp b/user_mgr.cpp
index c5b068d..1cbd43a 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -671,35 +671,28 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName)
boost::algorithm::is_any_of("\t "),
boost::token_compress_on);
- if (splitWords[t2UserIdx] == userName)
+ try
{
- try
+ unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
+ uint16_t value16 = 0;
+ if (tmp > std::numeric_limits<decltype(value16)>::max())
{
- unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
- uint16_t value16 = 0;
- if (tmp > std::numeric_limits<decltype(value16)>::max())
- {
- throw std::out_of_range("Out of range");
- }
- value16 = static_cast<decltype(value16)>(tmp);
- if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
- value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
- {
- return true; // User account is locked out
- }
- return false; // User account is un-locked
+ throw std::out_of_range("Out of range");
}
- catch (const std::exception &e)
+ value16 = static_cast<decltype(value16)>(tmp);
+ if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
+ value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
{
- log<level::ERR>("Exception for userLockedForFailedAttempt",
- entry("WHAT=%s", e.what()));
- throw;
+ return true; // User account is locked out
}
+ return false; // User account is un-locked
+ }
+ catch (const std::exception &e)
+ {
+ log<level::ERR>("Exception for userLockedForFailedAttempt",
+ entry("WHAT=%s", e.what()));
+ throw;
}
- log<level::ERR>("Unable to get user account failed attempt",
- entry("USER_NAME=%s", userName.c_str()));
- elog<InternalFailure>();
- return false;
}
bool UserMgr::userLockedForFailedAttempt(const std::string &userName,
@@ -719,13 +712,7 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName,
boost::algorithm::is_any_of("\t "),
boost::token_compress_on);
- if (splitWords[t2UserIdx] == userName)
- {
- return userLockedForFailedAttempt(userName);
- }
- log<level::ERR>("Unable to clear user account failed attempt");
- elog<InternalFailure>();
- return false;
+ return userLockedForFailedAttempt(userName);
}
UserSSHLists UserMgr::getUserAndSshGrpList()
OpenPOWER on IntegriCloud