From 8a89181e6994ae330f9281ebdbbea1f0560baefc Mon Sep 17 00:00:00 2001
From: Maximilian Seidler <78690852+PaideiaDilemma@users.noreply.github.com>
Date: Tue, 30 Jul 2024 18:52:50 +0200
Subject: [PATCH] auth: use pam_faillock log as $FAIL (#447)

Allows us to show "(x minutes left to unlock)" directly in the
input-field fail text.
---
 src/core/Auth.cpp | 13 +++++++++++--
 src/core/Auth.hpp |  1 +
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/core/Auth.cpp b/src/core/Auth.cpp
index eb7dffa..ed4a3fe 100644
--- a/src/core/Auth.cpp
+++ b/src/core/Auth.cpp
@@ -45,7 +45,14 @@ int conv(int num_msg, const struct pam_message** msg, struct pam_response** resp
                 initialPrompt    = false;
             } break;
             case PAM_ERROR_MSG: Debug::log(ERR, "PAM: {}", msg[i]->msg); break;
-            case PAM_TEXT_INFO: Debug::log(LOG, "PAM: {}", msg[i]->msg); break;
+            case PAM_TEXT_INFO:
+                Debug::log(LOG, "PAM: {}", msg[i]->msg);
+                // Targets this log from pam_faillock: https://github.com/linux-pam/linux-pam/blob/fa3295e079dbbc241906f29bde5fb71bc4172771/modules/pam_faillock/pam_faillock.c#L417
+                if (const auto MSG = std::string(msg[i]->msg); MSG.contains("left to unlock")) {
+                    CONVERSATIONSTATE->failText        = std::move(MSG);
+                    CONVERSATIONSTATE->failTextFromPam = true;
+                }
+                break;
         }
     }
 
@@ -110,7 +117,8 @@ bool CAuth::auth() {
     m_sConversationState.waitingForPamAuth = false;
 
     if (ret != PAM_SUCCESS) {
-        m_sConversationState.failText = ret == PAM_AUTH_ERR ? "Authentication failed" : "pam_authenticate failed";
+        if (!m_sConversationState.failTextFromPam)
+            m_sConversationState.failText = ret == PAM_AUTH_ERR ? "Authentication failed" : "pam_authenticate failed";
         Debug::log(ERR, "auth: {} for {}", m_sConversationState.failText, m_sPamModule);
         return false;
     }
@@ -173,4 +181,5 @@ void CAuth::resetConversation() {
     m_sConversationState.input             = "";
     m_sConversationState.waitingForPamAuth = false;
     m_sConversationState.inputRequested    = false;
+    m_sConversationState.failTextFromPam   = false;
 }
diff --git a/src/core/Auth.hpp b/src/core/Auth.hpp
index d480c71..a6f8289 100644
--- a/src/core/Auth.hpp
+++ b/src/core/Auth.hpp
@@ -18,6 +18,7 @@ class CAuth {
 
         bool                    waitingForPamAuth = false;
         bool                    inputRequested    = false;
+        bool                    failTextFromPam   = false;
     };
 
     CAuth();