summaryrefslogtreecommitdiffstats
path: root/xrdp
diff options
context:
space:
mode:
Diffstat (limited to 'xrdp')
-rw-r--r--xrdp/xrdp.ini2
-rw-r--r--xrdp/xrdp_mm.c63
-rw-r--r--xrdp/xrdp_types.h1
-rw-r--r--xrdp/xrdp_wm.c5
4 files changed, 70 insertions, 1 deletions
diff --git a/xrdp/xrdp.ini b/xrdp/xrdp.ini
index f500f63f..d4a99dfb 100644
--- a/xrdp/xrdp.ini
+++ b/xrdp/xrdp.ini
@@ -25,6 +25,8 @@ tcp_keepalive=yes
#autorun=xrdp1
#hidelogwindow=yes
#bulk_compression=yes
+# You can set the PAM error text in a gateway setup (MAX 256 chars)
+#pamerrortxt=change your password according to policy at http://url
[Logging]
LogFile=xrdp.log
diff --git a/xrdp/xrdp_mm.c b/xrdp/xrdp_mm.c
index 0f2fae2a..28b83ad0 100644
--- a/xrdp/xrdp_mm.c
+++ b/xrdp/xrdp_mm.c
@@ -1204,7 +1204,7 @@ const char *getPAMError(const int pamError)
{
switch(pamError){
case PAM_SUCCESS:
- return "Success";
+ return "Success";
case PAM_OPEN_ERR:
return "dlopen() failure";
case PAM_SYMBOL_ERR:
@@ -1274,6 +1274,58 @@ const char *getPAMError(const int pamError)
}
}
+
+const char *getPAMAdditionalErrorInfo(const int pamError,struct xrdp_mm *self)
+{
+ switch(pamError){
+ case PAM_SUCCESS:
+ return NULL;
+ case PAM_OPEN_ERR:
+ case PAM_SYMBOL_ERR:
+ case PAM_SERVICE_ERR:
+ case PAM_SYSTEM_ERR:
+ case PAM_BUF_ERR:
+ case PAM_PERM_DENIED:
+ case PAM_AUTH_ERR:
+ case PAM_CRED_INSUFFICIENT:
+ case PAM_AUTHINFO_UNAVAIL:
+ case PAM_USER_UNKNOWN:
+ case PAM_CRED_UNAVAIL:
+ case PAM_CRED_ERR:
+ case PAM_NO_MODULE_DATA:
+ case PAM_BAD_ITEM:
+ case PAM_CONV_ERR:
+ case PAM_AUTHTOK_ERR:
+ case PAM_AUTHTOK_LOCK_BUSY:
+ case PAM_AUTHTOK_DISABLE_AGING:
+ case PAM_TRY_AGAIN:
+ case PAM_IGNORE:
+ case PAM_MODULE_UNKNOWN:
+ case PAM_CONV_AGAIN:
+ case PAM_INCOMPLETE:
+ case _PAM_RETURN_VALUES+1:
+ case _PAM_RETURN_VALUES+3:
+ return NULL;
+ case PAM_MAXTRIES:
+ case PAM_NEW_AUTHTOK_REQD:
+ case PAM_ACCT_EXPIRED:
+ case PAM_CRED_EXPIRED:
+ case PAM_AUTHTOK_EXPIRED:
+ if(self->wm->pamerrortxt[0])
+ {
+ return self->wm->pamerrortxt;
+ }
+ else
+ {
+ return "Authentication error - Verify that user/password is valid ";
+ }
+ default:{
+ return "No expected error" ;
+ }
+
+ }
+
+}
#endif
/*****************************************************************************/
int APP_CC
@@ -1368,6 +1420,7 @@ xrdp_mm_connect(struct xrdp_mm *self)
{
int reply;
char replytxt[80];
+ char *additionalError;
xrdp_wm_log_msg(self->wm, "Please wait, we now perform access control...");
/* g_writeln("we use pam modules to check if we can approve this user"); */
@@ -1390,6 +1443,14 @@ xrdp_mm_connect(struct xrdp_mm *self)
xrdp_wm_log_msg(self->wm, replytxt);
log_message(LOG_LEVEL_INFO, replytxt);
+ additionalError = getPAMAdditionalErrorInfo(reply,self);
+ if(additionalError)
+ {
+ if(additionalError[0])
+ {
+ xrdp_wm_log_msg(self->wm,additionalError);
+ }
+ }
if (reply != 0)
{
diff --git a/xrdp/xrdp_types.h b/xrdp/xrdp_types.h
index fdaed059..d99dced9 100644
--- a/xrdp/xrdp_types.h
+++ b/xrdp/xrdp_types.h
@@ -316,6 +316,7 @@ struct xrdp_wm
int hints;
int allowedchannels[MAX_NR_CHANNELS];
int allowedinitialized ;
+ char pamerrortxt[256];
};
/* rdp process */
diff --git a/xrdp/xrdp_wm.c b/xrdp/xrdp_wm.c
index 27a794a0..e779d641 100644
--- a/xrdp/xrdp_wm.c
+++ b/xrdp/xrdp_wm.c
@@ -452,6 +452,11 @@ xrdp_wm_load_static_colors_plus(struct xrdp_wm *self, char *autorun_name)
self->hide_log_window = 1;
}
}
+ else if (g_strcasecmp(val, "pamerrortxt") == 0)
+ {
+ val = (char *)list_get_item(values, index);
+ g_strncpy(self->pamerrortxt,val,256);
+ }
}
}
}