diff options
| author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2018-11-22 23:24:25 +0530 |
|---|---|---|
| committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-11-28 14:35:00 +0000 |
| commit | f5c2df5eef850900ece9aa8efeaa09ec083313c9 (patch) | |
| tree | 1377f12d9f3c91e31e53a2df9b6d83b9f428447c | |
| parent | f870b48ec87c6f41e1f25343d6cf2f09c43a5647 (diff) | |
| download | phosphor-user-manager-f5c2df5eef850900ece9aa8efeaa09ec083313c9.tar.gz phosphor-user-manager-f5c2df5eef850900ece9aa8efeaa09ec083313c9.zip | |
Remove output user name comparison for pam_tally2
pam_tally2 output restricts printing user name to 15 characters
This makes the extra precautionary user name comparison to fail
causing system to fail inadvertently. Hence removed the
precautionary condition, as user name is passed to pam_tally2
as argument
Unit test:
Added user name of 16 characters or more and tried querying
the user locked for failed attempt, and got successful data
Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
| -rw-r--r-- | user_mgr.cpp | 47 |
1 files changed, 17 insertions, 30 deletions
diff --git a/user_mgr.cpp b/user_mgr.cpp index c5b068d..1cbd43a 100644 --- a/user_mgr.cpp +++ b/user_mgr.cpp @@ -671,35 +671,28 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName) boost::algorithm::is_any_of("\t "), boost::token_compress_on); - if (splitWords[t2UserIdx] == userName) + try { - try + unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr); + uint16_t value16 = 0; + if (tmp > std::numeric_limits<decltype(value16)>::max()) { - unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr); - uint16_t value16 = 0; - if (tmp > std::numeric_limits<decltype(value16)>::max()) - { - throw std::out_of_range("Out of range"); - } - value16 = static_cast<decltype(value16)>(tmp); - if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 && - value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout()) - { - return true; // User account is locked out - } - return false; // User account is un-locked + throw std::out_of_range("Out of range"); } - catch (const std::exception &e) + value16 = static_cast<decltype(value16)>(tmp); + if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 && + value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout()) { - log<level::ERR>("Exception for userLockedForFailedAttempt", - entry("WHAT=%s", e.what())); - throw; + return true; // User account is locked out } + return false; // User account is un-locked + } + catch (const std::exception &e) + { + log<level::ERR>("Exception for userLockedForFailedAttempt", + entry("WHAT=%s", e.what())); + throw; } - log<level::ERR>("Unable to get user account failed attempt", - entry("USER_NAME=%s", userName.c_str())); - elog<InternalFailure>(); - return false; } bool UserMgr::userLockedForFailedAttempt(const std::string &userName, @@ -719,13 +712,7 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName, boost::algorithm::is_any_of("\t "), boost::token_compress_on); - if (splitWords[t2UserIdx] == userName) - { - return userLockedForFailedAttempt(userName); - } - log<level::ERR>("Unable to clear user account failed attempt"); - elog<InternalFailure>(); - return false; + return userLockedForFailedAttempt(userName); } UserSSHLists UserMgr::getUserAndSshGrpList() |
