auth: use pam_faillock log as $FAIL (#447)

Allows us to show "(x minutes left to unlock)" directly in the
input-field fail text.
This commit is contained in:
Maximilian Seidler 2024-07-30 18:52:50 +02:00 committed by GitHub
parent 5e8f12c2d9
commit 8a89181e69
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 12 additions and 2 deletions

View file

@ -45,7 +45,14 @@ int conv(int num_msg, const struct pam_message** msg, struct pam_response** resp
initialPrompt = false;
} break;
case PAM_ERROR_MSG: Debug::log(ERR, "PAM: {}", msg[i]->msg); break;
case PAM_TEXT_INFO: Debug::log(LOG, "PAM: {}", msg[i]->msg); break;
case PAM_TEXT_INFO:
Debug::log(LOG, "PAM: {}", msg[i]->msg);
// Targets this log from pam_faillock: https://github.com/linux-pam/linux-pam/blob/fa3295e079dbbc241906f29bde5fb71bc4172771/modules/pam_faillock/pam_faillock.c#L417
if (const auto MSG = std::string(msg[i]->msg); MSG.contains("left to unlock")) {
CONVERSATIONSTATE->failText = std::move(MSG);
CONVERSATIONSTATE->failTextFromPam = true;
}
break;
}
}
@ -110,6 +117,7 @@ bool CAuth::auth() {
m_sConversationState.waitingForPamAuth = false;
if (ret != PAM_SUCCESS) {
if (!m_sConversationState.failTextFromPam)
m_sConversationState.failText = ret == PAM_AUTH_ERR ? "Authentication failed" : "pam_authenticate failed";
Debug::log(ERR, "auth: {} for {}", m_sConversationState.failText, m_sPamModule);
return false;
@ -173,4 +181,5 @@ void CAuth::resetConversation() {
m_sConversationState.input = "";
m_sConversationState.waitingForPamAuth = false;
m_sConversationState.inputRequested = false;
m_sConversationState.failTextFromPam = false;
}

View file

@ -18,6 +18,7 @@ class CAuth {
bool waitingForPamAuth = false;
bool inputRequested = false;
bool failTextFromPam = false;
};
CAuth();