void
write_genTime (time_t from, struct berval* into)
/* like format_localTime, except it returns a berval */
{
into->bv_val = format_genTime (from);
into->bv_len = strlen (into->bv_val);
}
static
int set_retry_cnt_and_time ( Slapi_PBlock *pb, int count, time_t cur_time ) {
const char *dn = NULL;
Slapi_DN *sdn = NULL;
Slapi_Mods smods;
time_t reset_time;
char *timestr;
passwdPolicy *pwpolicy = NULL;
int rc = 0;
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
dn = slapi_sdn_get_dn(sdn);
pwpolicy = new_passwdPolicy(pb, dn);
slapi_mods_init(&smods, 0);
reset_time = time_plus_sec ( cur_time,
pwpolicy->pw_resetfailurecount );
timestr = format_genTime ( reset_time );
slapi_mods_add_string(&smods, LDAP_MOD_REPLACE, "retryCountResetTime", timestr);
slapi_ch_free((void **)×tr);
rc = set_retry_cnt_mods(pb, &smods, count);
pw_apply_mods(sdn, &smods);
slapi_mods_done(&smods);
return rc;
}
int update_pw_retry ( Slapi_PBlock *pb )
{
Slapi_Entry *e;
int retry_cnt=0;
time_t reset_time;
time_t cur_time;
char *cur_time_str = NULL;
char *retryCountResetTime;
int passwordRetryCount;
int rc = 0;
/* get the entry */
e = get_entry ( pb, NULL );
if ( e == NULL ) {
return ( 1 );
}
cur_time = current_time();
/* check if the retry count can be reset. */
retryCountResetTime= slapi_entry_attr_get_charptr(e, "retryCountResetTime");
if(retryCountResetTime!=NULL)
{
reset_time = parse_genTime (retryCountResetTime);
slapi_ch_free((void **) &retryCountResetTime );
cur_time_str = format_genTime ( cur_time );
if ( difftime ( parse_genTime( cur_time_str ), reset_time) >= 0 )
{
/* set passwordRetryCount to 1 */
/* reset retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, 1, cur_time );
slapi_ch_free((void **) &cur_time_str );
slapi_entry_free( e );
return ( rc ); /* success */
} else {
slapi_ch_free((void **) &cur_time_str );
}
} else {
/* initialize passwordRetryCount and retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, 1, cur_time );
slapi_entry_free( e );
return ( rc ); /* success */
}
passwordRetryCount = slapi_entry_attr_get_int(e, "passwordRetryCount");
if (passwordRetryCount >= 0)
{
retry_cnt = passwordRetryCount + 1;
if ( retry_cnt == 1 ) {
/* set retryCountResetTime */
rc = set_retry_cnt_and_time ( pb, retry_cnt, cur_time );
} else {
/* set passwordRetryCount to retry_cnt */
rc = set_retry_cnt ( pb, retry_cnt );
}
}
slapi_entry_free( e );
return rc; /* success */
}
int set_retry_cnt_mods(Slapi_PBlock *pb, Slapi_Mods *smods, int count)
{
char *timestr;
time_t unlock_time;
char retry_cnt[8]; /* 1-65535 */
const char *dn = NULL;
Slapi_DN *sdn = NULL;
passwdPolicy *pwpolicy = NULL;
int rc = 0;
slapi_pblock_get( pb, SLAPI_TARGET_SDN, &sdn );
dn = slapi_sdn_get_dn(sdn);
pwpolicy = new_passwdPolicy(pb, dn);
if (smods) {
sprintf ( retry_cnt, "%d", count );
slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "passwordRetryCount", retry_cnt);
/* lock account if reache retry limit */
if ( count >= pwpolicy->pw_maxfailure ) {
/* Remove lock_account function to perform all mods at once */
/* lock_account ( pb ); */
/* reach the retry limit, lock the account */
if ( pwpolicy->pw_unlock == 0 ) {
/* lock until admin reset password */
unlock_time = NO_TIME;
} else {
unlock_time = time_plus_sec ( current_time(),
pwpolicy->pw_lockduration );
}
timestr= format_genTime ( unlock_time );
slapi_mods_add_string(smods, LDAP_MOD_REPLACE, "accountUnlockTime", timestr);
slapi_ch_free((void **)×tr);
rc = LDAP_CONSTRAINT_VIOLATION;
}
}
return rc;
}
