void write_genTime (time_t from, struct berval* into) /* like format_localTime, except it returns a berval */ { into->bv_val = format_genTime (from); into->bv_len = strlen (into->bv_val); }
static int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) { const char *dn = NULL; Slapi_DN *sdn = NULL; Slapi_Mods smods; time_t reset_time; char *timestr; passwdPolicy *pwpolicy = NULL; int rc = 0; slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); slapi_mods_init(&smods, 0); reset_time = time_plus_sec ( cur_time, pwpolicy->pw_resetfailurecount ); timestr = format_genTime ( reset_time ); slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "retryCountResetTime", timestr); slapi_ch_free((void **)×tr); rc = set_retry_cnt_mods(pb, &smods, count); pw_apply_mods(sdn, &smods); slapi_mods_done(&smods); return rc; }
int update_pw_retry ( Slapi_PBlock *pb ) { Slapi_Entry *e; int retry_cnt=0; time_t reset_time; time_t cur_time; char *cur_time_str = NULL; char *retryCountResetTime; int passwordRetryCount; int rc = 0; /* get the entry */ e = get_entry ( pb, NULL ); if ( e == NULL ) { return ( 1 ); } cur_time = current_time(); /* check if the retry count can be reset. */ retryCountResetTime= slapi_entry_attr_get_charptr(e, "retryCountResetTime"); if(retryCountResetTime!=NULL) { reset_time = parse_genTime (retryCountResetTime); slapi_ch_free((void **) &retryCountResetTime ); cur_time_str = format_genTime ( cur_time ); if ( difftime ( parse_genTime( cur_time_str ), reset_time) >= 0 ) { /* set passwordRetryCount to 1 */ /* reset retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, 1, cur_time ); slapi_ch_free((void **) &cur_time_str ); slapi_entry_free( e ); return ( rc ); /* success */ } else { slapi_ch_free((void **) &cur_time_str ); } } else { /* initialize passwordRetryCount and retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, 1, cur_time ); slapi_entry_free( e ); return ( rc ); /* success */ } passwordRetryCount = slapi_entry_attr_get_int(e, "passwordRetryCount"); if (passwordRetryCount >= 0) { retry_cnt = passwordRetryCount + 1; if ( retry_cnt == 1 ) { /* set retryCountResetTime */ rc = set_retry_cnt_and_time ( pb, retry_cnt, cur_time ); } else { /* set passwordRetryCount to retry_cnt */ rc = set_retry_cnt ( pb, retry_cnt ); } } slapi_entry_free( e ); return rc; /* success */ }
int set_retry_cnt_mods(Slapi_PBlock *pb, Slapi_Mods *smods, int count) { char *timestr; time_t unlock_time; char retry_cnt[8]; /* 1-65535 */ const char *dn = NULL; Slapi_DN *sdn = NULL; passwdPolicy *pwpolicy = NULL; int rc = 0; slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn ); dn = slapi_sdn_get_dn(sdn); pwpolicy = new_passwdPolicy(pb, dn); if (smods) { sprintf ( retry_cnt, "%d", count ); slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "passwordRetryCount", retry_cnt); /* lock account if reache retry limit */ if ( count >= pwpolicy->pw_maxfailure ) { /* Remove lock_account function to perform all mods at once */ /* lock_account ( pb ); */ /* reach the retry limit, lock the account */ if ( pwpolicy->pw_unlock == 0 ) { /* lock until admin reset password */ unlock_time = NO_TIME; } else { unlock_time = time_plus_sec ( current_time(), pwpolicy->pw_lockduration ); } timestr= format_genTime ( unlock_time ); slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "accountUnlockTime", timestr); slapi_ch_free((void **)×tr); rc = LDAP_CONSTRAINT_VIOLATION; } } return rc; }