PAM error text can be configured

ulab-next
ArvidNorr 12 years ago
parent a2bbbd8cc3
commit 0770f217fa

@ -48,7 +48,7 @@ auth_account_disabled(struct spwd *stp);
/******************************************************************************/
/* returns boolean */
long DEFAULT_CC
auth_userpass(char *user, char *pass)
auth_userpass(char *user, char *pass, int *errorcode)
{
char salt[13] = "$1$";
char hash[35] = "";

@ -396,7 +396,7 @@ cleanup:
/******************************************************************************/
/* returns boolean */
int DEFAULT_CC
auth_userpass(char *user, char *pass)
auth_userpass(char *user, char *pass, int *errorcode)
{
struct k_opts opts;
struct k5_data k5;

@ -34,7 +34,7 @@
/******************************************************************************/
/* returns boolean */
int DEFAULT_CC
auth_userpass(char *user, char *pass)
auth_userpass(char *user, char *pass, int *errorcode)
{
pam_handle_t *pamh;
pam_userpass_t userpass;

@ -25,6 +25,8 @@ tcp_keepalive=yes
#autorun=xrdp1
#hidelogwindow=yes
#bulk_compression=yes
# You can set the PAM error text in a gateway setup (MAX 256 chars)
#pamerrortxt=change your password according to policy at http://url
[Logging]
LogFile=xrdp.log

@ -1273,6 +1273,58 @@ const char *getPAMError(const int pamError)
}
}
const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
{
switch(pamError){
case PAM_SUCCESS:
return NULL;
case PAM_OPEN_ERR:
case PAM_SYMBOL_ERR:
case PAM_SERVICE_ERR:
case PAM_SYSTEM_ERR:
case PAM_BUF_ERR:
case PAM_PERM_DENIED:
case PAM_AUTH_ERR:
case PAM_CRED_INSUFFICIENT:
case PAM_AUTHINFO_UNAVAIL:
case PAM_USER_UNKNOWN:
case PAM_CRED_UNAVAIL:
case PAM_CRED_ERR:
case PAM_NO_MODULE_DATA:
case PAM_BAD_ITEM:
case PAM_CONV_ERR:
case PAM_AUTHTOK_ERR:
case PAM_AUTHTOK_LOCK_BUSY:
case PAM_AUTHTOK_DISABLE_AGING:
case PAM_TRY_AGAIN:
case PAM_IGNORE:
case PAM_MODULE_UNKNOWN:
case PAM_CONV_AGAIN:
case PAM_INCOMPLETE:
case _PAM_RETURN_VALUES+1:
case _PAM_RETURN_VALUES+3:
return NULL;
case PAM_MAXTRIES:
case PAM_NEW_AUTHTOK_REQD:
case PAM_ACCT_EXPIRED:
case PAM_CRED_EXPIRED:
case PAM_AUTHTOK_EXPIRED:
if(self->wm->pamerrortxt[0])
{
return self->wm->pamerrortxt;
}
else
{
return "Authentication error - Verify that user/password is valid ";
}
default:{
return "No expected error" ;
}
}
}
#endif
/*****************************************************************************/
@ -1368,6 +1420,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
{
int reply;
char replytxt[80];
char *additionalError;
xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
/* g_writeln("we use pam modules to check if we can approve this user"); */
@ -1390,6 +1443,14 @@ xrdp_mm_connect(struct xrdp_mm *self)
xrdp_wm_log_msg(self->wm, replytxt);
log_message(LOG_LEVEL_INFO, replytxt);
additionalError = getPAMAdditionalErrorInfo(reply,self);
if(additionalError)
{
if(additionalError[0])
{
xrdp_wm_log_msg(self->wm,additionalError);
}
}
if (reply != 0)
{

@ -316,6 +316,7 @@ struct xrdp_wm
int hints;
int allowedchannels[MAX_NR_CHANNELS];
int allowedinitialized ;
char pamerrortxt[256];
};
/* rdp process */

@ -452,6 +452,11 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name)
self->hide_log_window = 1;
}
}
else if (g_strcasecmp(val, "pamerrortxt") == 0)
{
val = (char *)list_get_item(values, index);
g_strncpy(self->pamerrortxt,val,256);
}
}
}
}

Loading…
Cancel
Save