Refactor executeCmd calls to pam_tally2
executeCmd() will throw and errors need to be caught. And the command
output in set handler of UserLockedForFailedAttempt is not used, remove
it.
Tested:
Verified setting UserLockedForFailedAttempt to false resets the login
failed attempts counter in pam_tally2, and get that value returns if
the user's login failed attempts exceeds MaxLoginAttemptBeforeLockout.
Change-Id: Ie50749c99667e4041189e8c9aebbe33961509f05
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
diff --git a/user_mgr.cpp b/user_mgr.cpp
index 131c805..d5100af 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -694,8 +694,15 @@
// All user management lock has to be based on /etc/shadow
// TODO phosphor-user-manager#10 phosphor::user::shadow::Lock lock{};
std::vector<std::string> output;
-
- output = executeCmd("/usr/sbin/pam_tally2", "-u", userName.c_str());
+ try
+ {
+ output = executeCmd("/usr/sbin/pam_tally2", "-u", userName.c_str());
+ }
+ catch (const InternalFailure& e)
+ {
+ log<level::ERR>("Unable to read login failure counter");
+ elog<InternalFailure>();
+ }
std::vector<std::string> splitWords;
boost::algorithm::split(splitWords, output[t2OutputIndex],
@@ -731,17 +738,20 @@
{
// All user management lock has to be based on /etc/shadow
// TODO phosphor-user-manager#10 phosphor::user::shadow::Lock lock{};
- std::vector<std::string> output;
if (value == true)
{
return userLockedForFailedAttempt(userName);
}
- output = executeCmd("/usr/sbin/pam_tally2", "-u", userName.c_str(), "-r");
- std::vector<std::string> splitWords;
- boost::algorithm::split(splitWords, output[t2OutputIndex],
- boost::algorithm::is_any_of("\t "),
- boost::token_compress_on);
+ try
+ {
+ executeCmd("/usr/sbin/pam_tally2", "-u", userName.c_str(), "-r");
+ }
+ catch (const InternalFailure& e)
+ {
+ log<level::ERR>("Unable to reset login failure counter");
+ elog<InternalFailure>();
+ }
return userLockedForFailedAttempt(userName);
}