Improve X11 shadow authentication reason failure log

This commit is contained in:
akallabeth 2020-05-27 11:53:28 +02:00
parent 0cb7ada6de
commit e66ee477c0

View File

@ -128,90 +128,69 @@ out_fail:
return pam_status; return pam_status;
} }
static int x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info) static BOOL x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info)
{ {
if (PathFileExistsA("/etc/pam.d/lightdm")) size_t x;
{ const char* base = "/etc/pam.d";
info->service_name = _strdup("lightdm"); const char* hints[] = { "lightdm", "gdm", "xdm", "login", "sshd" };
}
else if (PathFileExistsA("/etc/pam.d/gdm"))
{
info->service_name = _strdup("gdm");
}
else if (PathFileExistsA("/etc/pam.d/xdm"))
{
info->service_name = _strdup("xdm");
}
else if (PathFileExistsA("/etc/pam.d/login"))
{
info->service_name = _strdup("login");
}
else if (PathFileExistsA("/etc/pam.d/sshd"))
{
info->service_name = _strdup("sshd");
}
else
{
return -1;
}
if (!info->service_name) for (x = 0; x < ARRAYSIZE(hints); x++)
return -1; {
char path[MAX_PATH];
const char* hint = hints[x];
return 1; _snprintf(path, sizeof(path), "%s/%s", base, hint);
if (PathFileExistsA(path))
{
info->service_name = _strdup(hint);
return info->service_name != NULL;
}
}
WLog_WARN(TAG, "Could not determine PAM service name");
return FALSE;
} }
static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowClient* client, static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowClient* client,
const char* user, const char* domain, const char* password) const char* user, const char* domain, const char* password)
{ {
int pam_status; int pam_status;
SHADOW_PAM_AUTH_INFO* info; SHADOW_PAM_AUTH_INFO info = { 0 };
WINPR_UNUSED(subsystem); WINPR_UNUSED(subsystem);
WINPR_UNUSED(client); WINPR_UNUSED(client);
info = calloc(1, sizeof(SHADOW_PAM_AUTH_INFO));
if (!info) if (!x11_shadow_pam_get_service_name(&info))
return PAM_CONV_ERR;
if (x11_shadow_pam_get_service_name(info) < 0)
{
free(info);
return -1; return -1;
}
info->appdata.user = user; info.appdata.user = user;
info->appdata.domain = domain; info.appdata.domain = domain;
info->appdata.password = password; info.appdata.password = password;
info->pamc.conv = &x11_shadow_pam_conv; info.pamc.conv = &x11_shadow_pam_conv;
info->pamc.appdata_ptr = &(info->appdata); info.pamc.appdata_ptr = &(info->appdata);
pam_status = pam_start(info->service_name, 0, &(info->pamc), &(info->handle)); pam_status = pam_start(info->service_name, 0, &info.pamc, &info.handle);
if (pam_status != PAM_SUCCESS) if (pam_status != PAM_SUCCESS)
{ {
WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info->handle, pam_status)); WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info.handle, pam_status));
free(info);
return -1; return -1;
} }
pam_status = pam_authenticate(info->handle, 0); pam_status = pam_authenticate(info.handle, 0);
if (pam_status != PAM_SUCCESS) if (pam_status != PAM_SUCCESS)
{ {
WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info->handle, pam_status)); WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info.handle, pam_status));
free(info);
return -1; return -1;
} }
pam_status = pam_acct_mgmt(info->handle, 0); pam_status = pam_acct_mgmt(info.handle, 0);
if (pam_status != PAM_SUCCESS) if (pam_status != PAM_SUCCESS)
{ {
WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info->handle, pam_status)); WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info.handle, pam_status));
free(info);
return -1; return -1;
} }
free(info);
return 1; return 1;
} }