2 * Copyright 2000, International Business Machines Corporation and others.
5 * This software has been released under the terms of the IBM Public
6 * License. For details, see the LICENSE file in the top-level source
7 * directory or online at http://www.openafs.org/dl/license10.html
14 #include <afsconfig.h>
15 #include <afs/param.h>
34 /* Open the auxiliary database file containing failed authentication
35 * counters, and the times at which the last failures occurred.
38 int kaux_opendb(char *path)
40 char dbpathname[1024];
41 static char dbname[] = "auxdb";
43 if (strlen(path) < 1024 - strlen(dbname)) { /* bullet-proofing */
45 strcpy(dbpathname, path);
46 strcat(dbpathname, dbname);
48 fd = open (dbpathname, O_CREAT | O_RDWR, 0600);
49 if (fd <0) perror(dbpathname);
55 /* close that auxiliary database. Unneccessary, but here for symmetry.
57 void kaux_closedb(void)
60 if (fd > 0) close(fd);
66 * The read and write routines take as a parameter, the offset into
67 * the main database at which a particular user's entry resides. They
68 * then convert that into an offset into the auxiliary database. This
69 * makes the main code a little simpler, though it obscures a small
73 afs_int32 to, /* this is the offset of the user id in the main database.
74 * we do the conversion here - probably a bad idea. */
75 unsigned int *nfailures,
80 *nfailures = *lasttime = 0;
82 if (fd <= 0 || !to) return 0;
84 offset = ((to - sizeof(struct kaheader))/ENTRYSIZE)*(sizeof(int)+sizeof(afs_int32));
85 /* can't get there from here */
86 if (offset > lseek(fd, offset, SEEK_SET)) return 0;
88 /* we should just end up with 0 for nfailures and lasttime if EOF is
89 * encountered here, I hope */
90 if ((0 > read(fd, nfailures, sizeof(int))) ||
91 (0 > read(fd, lasttime, sizeof(afs_int32)))) {
92 *nfailures = *lasttime = 0;
93 perror("kaux_read()");
101 unsigned int nfailures,
106 if (fd <= 0 || !to) return 0;
108 offset = ((to - sizeof(struct kaheader))/ENTRYSIZE)*(sizeof(int)+sizeof(afs_int32));
109 /* can't get there from here */
110 if (offset > lseek(fd, offset, SEEK_SET)) return 0;
112 if ((write (fd, &nfailures, sizeof(int)) != sizeof(int)) ||
113 (write (fd, &lasttime, sizeof(afs_int32)) != sizeof(afs_int32)))
114 perror("kaux_write()");
119 /* adjust this user's records to reflect a failure.
120 * locktime is the value stored in the main database that specifies
121 * how long a user's ID should be locked once the attempts limit has
122 * been exceeded. It also functions as the interval during which the
123 * permitted N-1 authentication failures plus the forbidden Nth
124 * failure must occur, in order for the ID to actually be locked. Ie,
125 * all failures which occurred more than _locktime_ seconds ago are
127 * locktime == 0 signifies that the ID should be locked indefinitely
134 afs_uint32 lasttime, now;
138 kaux_read(to, &nfailures, &lasttime);
140 if (locktime && lasttime + locktime < now)
145 kaux_write(to, nfailures, now);
150 * report on whether a particular id is locked or not...
151 * has to get some dirt from ubik.
152 * We multiply the actual number of permitted attempts by two because
153 * klog tries to authenticate twice when the password is bogus: once
154 * with the ka_string_to_key, and once with des_string_to_key, for
155 * Kerberos compatibility. It's easier to frob here than to explain
157 * RETURNS: time when the ID will be unlocked, or 0 if it's not locked.
164 extern int ubeacon_Debug(), ubeacon_AmSyncSite();
165 unsigned int nfailures, myshare;
167 struct ubik_debug beaconinfo;
170 /* if attempts is 0, that means there's no limit, so the id
171 * can't ever be locked...
173 if (!attempts) return 0;
175 kaux_read(to, &nfailures, &lasttime);
177 ubeacon_Debug(&beaconinfo);
178 attempts = attempts * 2;
180 myshare = attempts / beaconinfo.nServers;
181 if (ubeacon_AmSyncSite())
182 myshare += attempts % beaconinfo.nServers;
187 else if ((nfailures < myshare) || (locktime && lasttime + locktime < time(0))) {
190 else if (locktime == 0) { /* infinite */
194 return (lasttime + locktime);