PAM error text can be configured

ulab-next
ArvidNorr 12 years ago
parent a2bbbd8cc3
commit 0770f217fa

@ -48,7 +48,7 @@ auth_account_disabled(struct spwd *stp);
/******************************************************************************/ /******************************************************************************/
/* returns boolean */ /* returns boolean */
long DEFAULT_CC long DEFAULT_CC
auth_userpass(char *user, char *pass) auth_userpass(char *user, char *pass, int *errorcode)
{ {
char salt[13] = "$1$"; char salt[13] = "$1$";
char hash[35] = ""; char hash[35] = "";

@ -396,7 +396,7 @@ cleanup:
/******************************************************************************/ /******************************************************************************/
/* returns boolean */ /* returns boolean */
int DEFAULT_CC int DEFAULT_CC
auth_userpass(char *user, char *pass) auth_userpass(char *user, char *pass, int *errorcode)
{ {
struct k_opts opts; struct k_opts opts;
struct k5_data k5; struct k5_data k5;

@ -34,7 +34,7 @@
/******************************************************************************/ /******************************************************************************/
/* returns boolean */ /* returns boolean */
int DEFAULT_CC int DEFAULT_CC
auth_userpass(char *user, char *pass) auth_userpass(char *user, char *pass, int *errorcode)
{ {
pam_handle_t *pamh; pam_handle_t *pamh;
pam_userpass_t userpass; pam_userpass_t userpass;

@ -25,6 +25,8 @@ tcp_keepalive=yes
#autorun=xrdp1 #autorun=xrdp1
#hidelogwindow=yes #hidelogwindow=yes
#bulk_compression=yes #bulk_compression=yes
# You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url
[Logging] [Logging]
LogFile=xrdp.log LogFile=xrdp.log

@ -1204,7 +1204,7 @@ const char *getPAMError(const int pamError)
{ {
switch(pamError){ switch(pamError){
case PAM_SUCCESS: case PAM_SUCCESS:
return "Success"; return "Success";
case PAM_OPEN_ERR: case PAM_OPEN_ERR:
return "dlopen() failure"; return "dlopen() failure";
case PAM_SYMBOL_ERR: case PAM_SYMBOL_ERR:
@ -1273,6 +1273,58 @@ const char *getPAMError(const int pamError)
} }
}
const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
{
switch(pamError){
case PAM_SUCCESS:
return NULL;
case PAM_OPEN_ERR:
case PAM_SYMBOL_ERR:
case PAM_SERVICE_ERR:
case PAM_SYSTEM_ERR:
case PAM_BUF_ERR:
case PAM_PERM_DENIED:
case PAM_AUTH_ERR:
case PAM_CRED_INSUFFICIENT:
case PAM_AUTHINFO_UNAVAIL:
case PAM_USER_UNKNOWN:
case PAM_CRED_UNAVAIL:
case PAM_CRED_ERR:
case PAM_NO_MODULE_DATA:
case PAM_BAD_ITEM:
case PAM_CONV_ERR:
case PAM_AUTHTOK_ERR:
case PAM_AUTHTOK_LOCK_BUSY:
case PAM_AUTHTOK_DISABLE_AGING:
case PAM_TRY_AGAIN:
case PAM_IGNORE:
case PAM_MODULE_UNKNOWN:
case PAM_CONV_AGAIN:
case PAM_INCOMPLETE:
case _PAM_RETURN_VALUES+1:
case _PAM_RETURN_VALUES+3:
return NULL;
case PAM_MAXTRIES:
case PAM_NEW_AUTHTOK_REQD:
case PAM_ACCT_EXPIRED:
case PAM_CRED_EXPIRED:
case PAM_AUTHTOK_EXPIRED:
if(self->wm->pamerrortxt[0])
{
return self->wm->pamerrortxt;
}
else
{
return "Authentication error - Verify that user/password is valid ";
}
default:{
return "No expected error" ;
}
}
} }
#endif #endif
/*****************************************************************************/ /*****************************************************************************/
@ -1368,6 +1420,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
{ {
int reply; int reply;
char replytxt[80]; char replytxt[80];
char *additionalError;
xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control..."); xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
/* g_writeln("we use pam modules to check if we can approve this user"); */ /* g_writeln("we use pam modules to check if we can approve this user"); */
@ -1390,6 +1443,14 @@ xrdp_mm_connect(struct xrdp_mm *self)
xrdp_wm_log_msg(self->wm, replytxt); xrdp_wm_log_msg(self->wm, replytxt);
log_message(LOG_LEVEL_INFO, replytxt); log_message(LOG_LEVEL_INFO, replytxt);
additionalError = getPAMAdditionalErrorInfo(reply,self);
if(additionalError)
{
if(additionalError[0])
{
xrdp_wm_log_msg(self->wm,additionalError);
}
}
if (reply != 0) if (reply != 0)
{ {

@ -316,6 +316,7 @@ struct xrdp_wm
int hints; int hints;
int allowedchannels[MAX_NR_CHANNELS]; int allowedchannels[MAX_NR_CHANNELS];
int allowedinitialized ; int allowedinitialized ;
char pamerrortxt[256];
}; };
/* rdp process */ /* rdp process */

@ -452,6 +452,11 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name)
self->hide_log_window = 1; self->hide_log_window = 1;
} }
} }
else if (g_strcasecmp(val, "pamerrortxt") == 0)
{
val = (char *)list_get_item(values, index);
g_strncpy(self->pamerrortxt,val,256);
}
} }
} }
} }

Loading…
Cancel
Save