Add support for deleting authentication failure record files
Added fix for #phosphor-user-manager/issues/4
If a user account locked due to user's password with too many
failed attempts use case, password will locked out for same
name account creation. This issues is due to missing authentication
failure record files clear in the account user delete path.
Added function for deleting authentication failure record files
in the account delete api to fix this issue.
faillock command --reset option is used to clear user's failure
records. Refer https://linux.die.net/man/8/faillock for details.
Tested: Created user and perform multiple failed authentication to
lock the account. After Account delete, and recreate a user with
same name , worked as expected.
Change-Id: I63a1becafa30035ac549166a1d70ee58baee86b4
Signed-off-by: Jayanth Othayoth <ojayanth@in.ibm.com>
diff --git a/user_mgr.cpp b/user_mgr.cpp
index edb25f3..6d58fa8 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -396,6 +396,9 @@
try
{
executeUserDelete(userName.c_str());
+
+ // Clear user fail records
+ executeUserClearFailRecords(userName.c_str());
}
catch (const InternalFailure& e)
{
@@ -968,7 +971,8 @@
try
{
- executeCmd("/usr/sbin/faillock", "--user", userName.c_str(), "--reset");
+ // Clear user fail records
+ executeUserClearFailRecords(userName.c_str());
}
catch (const InternalFailure& e)
{
@@ -1607,6 +1611,11 @@
executeCmd("/usr/sbin/userdel", userName, "-r");
}
+void UserMgr::executeUserClearFailRecords(const char* userName)
+{
+ executeCmd("/usr/sbin/faillock", "--user", userName, "--reset");
+}
+
void UserMgr::executeUserRename(const char* userName, const char* newUserName)
{
std::string newHomeDir = "/home/";