From f5c2df5eef850900ece9aa8efeaa09ec083313c9 Mon Sep 17 00:00:00 2001
From: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Date: Thu, 22 Nov 2018 23:24:25 +0530
Subject: Remove output user name comparison for pam_tally2

pam_tally2 output restricts printing user name to 15 characters
This makes the extra precautionary user name comparison to fail
causing system to fail inadvertently. Hence removed the
precautionary condition, as user name is passed to pam_tally2
as argument

Unit test:
Added user name of 16 characters or more and tried querying
the user locked for failed attempt, and got successful data

Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
---
 user_mgr.cpp | 47 +++++++++++++++++------------------------------
 1 file changed, 17 insertions(+), 30 deletions(-)

diff --git a/user_mgr.cpp b/user_mgr.cpp
index c5b068d..1cbd43a 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -671,35 +671,28 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName)
                             boost::algorithm::is_any_of("\t "),
                             boost::token_compress_on);
 
-    if (splitWords[t2UserIdx] == userName)
+    try
     {
-        try
+        unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
+        uint16_t value16 = 0;
+        if (tmp > std::numeric_limits<decltype(value16)>::max())
         {
-            unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
-            uint16_t value16 = 0;
-            if (tmp > std::numeric_limits<decltype(value16)>::max())
-            {
-                throw std::out_of_range("Out of range");
-            }
-            value16 = static_cast<decltype(value16)>(tmp);
-            if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
-                value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
-            {
-                return true; // User account is locked out
-            }
-            return false; // User account is un-locked
+            throw std::out_of_range("Out of range");
         }
-        catch (const std::exception &e)
+        value16 = static_cast<decltype(value16)>(tmp);
+        if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
+            value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
         {
-            log<level::ERR>("Exception for userLockedForFailedAttempt",
-                            entry("WHAT=%s", e.what()));
-            throw;
+            return true; // User account is locked out
         }
+        return false; // User account is un-locked
+    }
+    catch (const std::exception &e)
+    {
+        log<level::ERR>("Exception for userLockedForFailedAttempt",
+                        entry("WHAT=%s", e.what()));
+        throw;
     }
-    log<level::ERR>("Unable to get user account failed attempt",
-                    entry("USER_NAME=%s", userName.c_str()));
-    elog<InternalFailure>();
-    return false;
 }
 
 bool UserMgr::userLockedForFailedAttempt(const std::string &userName,
@@ -719,13 +712,7 @@ bool UserMgr::userLockedForFailedAttempt(const std::string &userName,
                             boost::algorithm::is_any_of("\t "),
                             boost::token_compress_on);
 
-    if (splitWords[t2UserIdx] == userName)
-    {
-        return userLockedForFailedAttempt(userName);
-    }
-    log<level::ERR>("Unable to clear user account failed attempt");
-    elog<InternalFailure>();
-    return false;
+    return userLockedForFailedAttempt(userName);
 }
 
 UserSSHLists UserMgr::getUserAndSshGrpList()
-- 
cgit v1.2.1