commit f5c2df5eef850900ece9aa8efeaa09ec083313c9
author Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Thu Nov 22 23:24:25 2018 +0530
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Wed Nov 28 14:35:00 2018 +0000
tree 1377f12d9f3c91e31e53a2df9b6d83b9f428447c
parent f870b48ec87c6f41e1f25343d6cf2f09c43a5647

Remove output user name comparison for pam_tally2

pam_tally2 output restricts printing user name to 15 characters
This makes the extra precautionary user name comparison to fail
causing system to fail inadvertently. Hence removed the
precautionary condition, as user name is passed to pam_tally2
as argument

Unit test:
Added user name of 16 characters or more and tried querying
the user locked for failed attempt, and got successful data

Change-Id: I889c423324e53e4c554e9dce772a39f1843803b2
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

user_mgr.cpp

diff --git a/user_mgr.cpp b/user_mgr.cpp
index c5b068d..1cbd43a 100644
--- a/user_mgr.cpp
+++ b/user_mgr.cpp
@@ -671,35 +671,28 @@
                             boost::algorithm::is_any_of("\t "),
                             boost::token_compress_on);
 
-    if (splitWords[t2UserIdx] == userName)
+    try
     {
-        try
+        unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
+        uint16_t value16 = 0;
+        if (tmp > std::numeric_limits<decltype(value16)>::max())
         {
-            unsigned long tmp = std::stoul(splitWords[t2FailCntIdx], nullptr);
-            uint16_t value16 = 0;
-            if (tmp > std::numeric_limits<decltype(value16)>::max())
-            {
-                throw std::out_of_range("Out of range");
-            }
-            value16 = static_cast<decltype(value16)>(tmp);
-            if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
-                value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
-            {
-                return true; // User account is locked out
-            }
-            return false; // User account is un-locked
+            throw std::out_of_range("Out of range");
         }
-        catch (const std::exception &e)
+        value16 = static_cast<decltype(value16)>(tmp);
+        if (AccountPolicyIface::maxLoginAttemptBeforeLockout() != 0 &&
+            value16 >= AccountPolicyIface::maxLoginAttemptBeforeLockout())
         {
-            log<level::ERR>("Exception for userLockedForFailedAttempt",
-                            entry("WHAT=%s", e.what()));
-            throw;
+            return true; // User account is locked out
         }
+        return false; // User account is un-locked
     }
-    log<level::ERR>("Unable to get user account failed attempt",
-                    entry("USER_NAME=%s", userName.c_str()));
-    elog<InternalFailure>();
-    return false;
+    catch (const std::exception &e)
+    {
+        log<level::ERR>("Exception for userLockedForFailedAttempt",
+                        entry("WHAT=%s", e.what()));
+        throw;
+    }
 }
 
 bool UserMgr::userLockedForFailedAttempt(const std::string &userName,
@@ -719,13 +712,7 @@
                             boost::algorithm::is_any_of("\t "),
                             boost::token_compress_on);
 
-    if (splitWords[t2UserIdx] == userName)
-    {
-        return userLockedForFailedAttempt(userName);
-    }
-    log<level::ERR>("Unable to clear user account failed attempt");
-    elog<InternalFailure>();
-    return false;
+    return userLockedForFailedAttempt(userName);
 }
 
 UserSSHLists UserMgr::getUserAndSshGrpList()