/* * Copyright (c) 1989 - 1994, Julianne Frances Haugh * Copyright (c) 1996 - 1998, Marek Michałkiewicz * Copyright (c) 2002 - 2005, Tomasz Kłoczko * Copyright (c) 2008 , Nicolas François * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the copyright holders or contributors may not be used to * endorse or promote products derived from this software without * specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include #ident "$Id$" #include #include #include "defines.h" #include "faillog.h" #include "getdef.h" #include "failure.h" #define YEAR (365L*DAY) /* * failure - make failure entry * * failure() creates a new (struct faillog) entry or updates an * existing one with the current failed login information. */ void failure (uid_t uid, const char *tty, struct faillog *fl) { int fd; /* * Don't do anything if failure logging isn't set up. */ /* TODO: check if the file exists */ if ((fd = open (FAILLOG_FILE, O_RDWR)) < 0) return; /* * The file is indexed by UID value meaning that shared UID's * share failure log records. That's OK since they really * share just about everything else ... */ lseek (fd, (off_t) (sizeof *fl) * uid, SEEK_SET); if (read (fd, (char *) fl, sizeof *fl) != sizeof *fl) memzero (fl, sizeof *fl); /* * Update the record. We increment the failure count to log the * latest failure. The only concern here is overflow, and we'll * check for that. The line name and time of day are both * updated as well. */ if (fl->fail_cnt + 1 > 0) fl->fail_cnt++; strncpy (fl->fail_line, tty, sizeof fl->fail_line); time (&fl->fail_time); /* * Seek back to the correct position in the file and write the * record out. Ideally we should lock the file in case the same * account is being logged simultaneously. But the risk doesn't * seem that great. */ lseek (fd, (off_t) (sizeof *fl) * uid, SEEK_SET); /* TODO: check failures */ write (fd, (char *) fl, sizeof *fl); /* TODO: log failures */ close (fd); /* TODO: log failures */ } static bool too_many_failures (const struct faillog *fl) { time_t now; if (fl->fail_max == 0 || fl->fail_cnt < fl->fail_max) return false; if (fl->fail_locktime == 0) return true; /* locked until reset manually */ time (&now); if (fl->fail_time + fl->fail_locktime < now) return false; /* enough time since last failure */ return true; } /* * failcheck - check for failures > allowable * * failcheck() is called AFTER the password has been validated. If the * account has been "attacked" with too many login failures, failcheck() * returns 0 to indicate that the login should be denied even though * the password is valid. * * failed indicates if the login failed AFTER the password has been * validated. */ int failcheck (uid_t uid, struct faillog *fl, bool failed) { int fd; struct faillog fail; /* * Suppress the check if the log file isn't there. */ /* TODO: check if the file exists */ fd = open (FAILLOG_FILE, O_RDWR); if (fd < 0) { return 1; } /* * Get the record from the file and determine if the user has * exceeded the failure limit. If "max" is zero, any number * of failures are permitted. Only when "max" is non-zero and * "cnt" is greater than or equal to "max" is the account * considered to be locked. * * If read fails, there is no record for this user yet (the * file is initially zero length and extended by writes), so * no need to reset the count. */ lseek (fd, (off_t) (sizeof *fl) * uid, SEEK_SET); if (read (fd, (char *) fl, sizeof *fl) != sizeof *fl) { close (fd); return 1; } if (too_many_failures (fl)) { close (fd); return 0; } /* * The record is updated if this is not a failure. The count will * be reset to zero, but the rest of the information will be left * in the record in case someone wants to see where the failed * login originated. */ if (!failed) { fail = *fl; fail.fail_cnt = 0; lseek (fd, (off_t) sizeof fail * uid, SEEK_SET); write (fd, (char *) &fail, sizeof fail); } close (fd); return 1; } /* * failprint - print line of failure information * * failprint takes a (struct faillog) entry and formats it into a * message which is displayed at login time. */ void failprint (const struct faillog *fail) { struct tm *tp; #if HAVE_STRFTIME char lasttimeb[256]; char *lasttime = lasttimeb; #else char *lasttime; #endif time_t NOW; if (fail->fail_cnt == 0) return; tp = localtime (&(fail->fail_time)); time (&NOW); #if HAVE_STRFTIME /* * Print all information we have. */ strftime (lasttimeb, sizeof lasttimeb, "%c", tp); #else /* * Do the same thing, but don't use strftime since it * probably doesn't exist on this system */ lasttime = asctime (tp); lasttime[24] = '\0'; if (NOW - fail->fail_time < YEAR) lasttime[19] = '\0'; if (NOW - fail->fail_time < DAY) lasttime = lasttime + 11; if (*lasttime == ' ') lasttime++; #endif printf (ngettext ("%d failure since last login.\n" "Last was %s on %s.\n", "%d failures since last login.\n" "Last was %s on %s.\n", fail->fail_cnt), fail->fail_cnt, lasttime, fail->fail_line); } /* * failtmp - update the cummulative failure log * * failtmp updates the (struct utmp) formatted failure log which * maintains a record of all login failures. */ void failtmp ( #ifdef HAVE_UTMPX_H const struct utmpx *failent #else const struct utmp *failent #endif ) { char *ftmp; int fd; /* * Get the name of the failure file. If no file has been defined * in login.defs, don't do this. */ ftmp = getdef_str ("FTMP_FILE"); if (NULL == ftmp) { return; } /* * Open the file for append. It must already exist for this * feature to be used. */ fd = open (ftmp, O_WRONLY | O_APPEND); if (-1 == fd) { return; } /* * Output the new failure record and close the log file. */ write (fd, (const char *) failent, sizeof *failent); close (fd); /* TODO: check if the file could be closed */ }