Improve X11 shadow authentication reason failure log
This commit is contained in:
parent
0cb7ada6de
commit
e66ee477c0
@ -128,90 +128,69 @@ out_fail:
|
|||||||
return pam_status;
|
return pam_status;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info)
|
static BOOL x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info)
|
||||||
{
|
{
|
||||||
if (PathFileExistsA("/etc/pam.d/lightdm"))
|
size_t x;
|
||||||
{
|
const char* base = "/etc/pam.d";
|
||||||
info->service_name = _strdup("lightdm");
|
const char* hints[] = { "lightdm", "gdm", "xdm", "login", "sshd" };
|
||||||
}
|
|
||||||
else if (PathFileExistsA("/etc/pam.d/gdm"))
|
|
||||||
{
|
|
||||||
info->service_name = _strdup("gdm");
|
|
||||||
}
|
|
||||||
else if (PathFileExistsA("/etc/pam.d/xdm"))
|
|
||||||
{
|
|
||||||
info->service_name = _strdup("xdm");
|
|
||||||
}
|
|
||||||
else if (PathFileExistsA("/etc/pam.d/login"))
|
|
||||||
{
|
|
||||||
info->service_name = _strdup("login");
|
|
||||||
}
|
|
||||||
else if (PathFileExistsA("/etc/pam.d/sshd"))
|
|
||||||
{
|
|
||||||
info->service_name = _strdup("sshd");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!info->service_name)
|
for (x = 0; x < ARRAYSIZE(hints); x++)
|
||||||
return -1;
|
{
|
||||||
|
char path[MAX_PATH];
|
||||||
|
const char* hint = hints[x];
|
||||||
|
|
||||||
return 1;
|
_snprintf(path, sizeof(path), "%s/%s", base, hint);
|
||||||
|
if (PathFileExistsA(path))
|
||||||
|
{
|
||||||
|
|
||||||
|
info->service_name = _strdup(hint);
|
||||||
|
return info->service_name != NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
WLog_WARN(TAG, "Could not determine PAM service name");
|
||||||
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowClient* client,
|
static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowClient* client,
|
||||||
const char* user, const char* domain, const char* password)
|
const char* user, const char* domain, const char* password)
|
||||||
{
|
{
|
||||||
int pam_status;
|
int pam_status;
|
||||||
SHADOW_PAM_AUTH_INFO* info;
|
SHADOW_PAM_AUTH_INFO info = { 0 };
|
||||||
WINPR_UNUSED(subsystem);
|
WINPR_UNUSED(subsystem);
|
||||||
WINPR_UNUSED(client);
|
WINPR_UNUSED(client);
|
||||||
info = calloc(1, sizeof(SHADOW_PAM_AUTH_INFO));
|
|
||||||
|
|
||||||
if (!info)
|
if (!x11_shadow_pam_get_service_name(&info))
|
||||||
return PAM_CONV_ERR;
|
|
||||||
|
|
||||||
if (x11_shadow_pam_get_service_name(info) < 0)
|
|
||||||
{
|
|
||||||
free(info);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
|
||||||
|
|
||||||
info->appdata.user = user;
|
info.appdata.user = user;
|
||||||
info->appdata.domain = domain;
|
info.appdata.domain = domain;
|
||||||
info->appdata.password = password;
|
info.appdata.password = password;
|
||||||
info->pamc.conv = &x11_shadow_pam_conv;
|
info.pamc.conv = &x11_shadow_pam_conv;
|
||||||
info->pamc.appdata_ptr = &(info->appdata);
|
info.pamc.appdata_ptr = &(info->appdata);
|
||||||
pam_status = pam_start(info->service_name, 0, &(info->pamc), &(info->handle));
|
pam_status = pam_start(info->service_name, 0, &info.pamc, &info.handle);
|
||||||
|
|
||||||
if (pam_status != PAM_SUCCESS)
|
if (pam_status != PAM_SUCCESS)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info->handle, pam_status));
|
WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info.handle, pam_status));
|
||||||
free(info);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
pam_status = pam_authenticate(info->handle, 0);
|
pam_status = pam_authenticate(info.handle, 0);
|
||||||
|
|
||||||
if (pam_status != PAM_SUCCESS)
|
if (pam_status != PAM_SUCCESS)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info->handle, pam_status));
|
WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info.handle, pam_status));
|
||||||
free(info);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
pam_status = pam_acct_mgmt(info->handle, 0);
|
pam_status = pam_acct_mgmt(info.handle, 0);
|
||||||
|
|
||||||
if (pam_status != PAM_SUCCESS)
|
if (pam_status != PAM_SUCCESS)
|
||||||
{
|
{
|
||||||
WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info->handle, pam_status));
|
WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info.handle, pam_status));
|
||||||
free(info);
|
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
free(info);
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user