diff options
Diffstat (limited to 'xrdp')
-rw-r--r-- | xrdp/xrdp.ini | 2 | ||||
-rw-r--r-- | xrdp/xrdp_mm.c | 63 | ||||
-rw-r--r-- | xrdp/xrdp_types.h | 1 | ||||
-rw-r--r-- | xrdp/xrdp_wm.c | 5 |
4 files changed, 70 insertions, 1 deletions
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini index f500f63f..d4a99dfb 100644 --- a/xrdp/xrdp.ini +++ b/xrdp/xrdp.ini @@ -25,6 +25,8 @@ tcp_keepalive=yes #autorun=xrdp1 #hidelogwindow=yes #bulk_compression=yes +# You can set the PAM error text in a gateway setup (MAX 256 chars) +#pamerrortxt=change your password according to policy at http://url [Logging] LogFile=xrdp.log diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c index 0f2fae2a..28b83ad0 100644 --- a/xrdp/xrdp_mm.c +++ b/xrdp/xrdp_mm.c @@ -1204,7 +1204,7 @@ const char *getPAMError(const int pamError) { switch(pamError){ case PAM_SUCCESS: - return "Success"; + return "Success"; case PAM_OPEN_ERR: return "dlopen() failure"; case PAM_SYMBOL_ERR: @@ -1274,6 +1274,58 @@ const char *getPAMError(const int pamError) } } + +const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self) +{ + switch(pamError){ + case PAM_SUCCESS: + return NULL; + case PAM_OPEN_ERR: + case PAM_SYMBOL_ERR: + case PAM_SERVICE_ERR: + case PAM_SYSTEM_ERR: + case PAM_BUF_ERR: + case PAM_PERM_DENIED: + case PAM_AUTH_ERR: + case PAM_CRED_INSUFFICIENT: + case PAM_AUTHINFO_UNAVAIL: + case PAM_USER_UNKNOWN: + case PAM_CRED_UNAVAIL: + case PAM_CRED_ERR: + case PAM_NO_MODULE_DATA: + case PAM_BAD_ITEM: + case PAM_CONV_ERR: + case PAM_AUTHTOK_ERR: + case PAM_AUTHTOK_LOCK_BUSY: + case PAM_AUTHTOK_DISABLE_AGING: + case PAM_TRY_AGAIN: + case PAM_IGNORE: + case PAM_MODULE_UNKNOWN: + case PAM_CONV_AGAIN: + case PAM_INCOMPLETE: + case _PAM_RETURN_VALUES+1: + case _PAM_RETURN_VALUES+3: + return NULL; + case PAM_MAXTRIES: + case PAM_NEW_AUTHTOK_REQD: + case PAM_ACCT_EXPIRED: + case PAM_CRED_EXPIRED: + case PAM_AUTHTOK_EXPIRED: + if(self->wm->pamerrortxt[0]) + { + return self->wm->pamerrortxt; + } + else + { + return "Authentication error - Verify that user/password is valid "; + } + default:{ + return "No expected error" ; + } + + } + +} #endif /*****************************************************************************/ int APP_CC @@ -1368,6 +1420,7 @@ xrdp_mm_connect(struct xrdp_mm *self) { int reply; char replytxt[80]; + char *additionalError; xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control..."); /* g_writeln("we use pam modules to check if we can approve this user"); */ @@ -1390,6 +1443,14 @@ xrdp_mm_connect(struct xrdp_mm *self) xrdp_wm_log_msg(self->wm, replytxt); log_message(LOG_LEVEL_INFO, replytxt); + additionalError = getPAMAdditionalErrorInfo(reply,self); + if(additionalError) + { + if(additionalError[0]) + { + xrdp_wm_log_msg(self->wm,additionalError); + } + } if (reply != 0) { diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h index fdaed059..d99dced9 100644 --- a/xrdp/xrdp_types.h +++ b/xrdp/xrdp_types.h @@ -316,6 +316,7 @@ struct xrdp_wm int hints; int allowedchannels[MAX_NR_CHANNELS]; int allowedinitialized ; + char pamerrortxt[256]; }; /* rdp process */ diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c index 27a794a0..e779d641 100644 --- a/xrdp/xrdp_wm.c +++ b/xrdp/xrdp_wm.c @@ -452,6 +452,11 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name) self->hide_log_window = 1; } } + else if (g_strcasecmp(val, "pamerrortxt") == 0) + { + val = (char *)list_get_item(values, index); + g_strncpy(self->pamerrortxt,val,256); + } } } } |