From ab107eb640abaa2b43c96cd6cc360a836116dd76 Mon Sep 17 00:00:00 2001
From: akallabeth <akallabeth@posteo.net>
Date: Wed, 27 May 2020 11:53:28 +0200
Subject: [PATCH] Improve X11 shadow authentication reason failure log

(cherry picked from commit e66ee477c00b91cddc228adaf1577be602e4f725)
---
 server/shadow/X11/x11_shadow.c | 81 ++++++++++++++++--------------------------
 1 file changed, 30 insertions(+), 51 deletions(-)

diff --git a/server/shadow/X11/x11_shadow.c b/server/shadow/X11/x11_shadow.c
index 9dfa12a..98cf44d 100644
--- a/server/shadow/X11/x11_shadow.c
+++ b/server/shadow/X11/x11_shadow.c
@@ -128,90 +128,69 @@ out_fail:
 	return pam_status;
 }
 
-static int x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info)
+static BOOL x11_shadow_pam_get_service_name(SHADOW_PAM_AUTH_INFO* info)
 {
-	if (PathFileExistsA("/etc/pam.d/lightdm"))
-	{
-		info->service_name = _strdup("lightdm");
-	}
-	else if (PathFileExistsA("/etc/pam.d/gdm"))
-	{
-		info->service_name = _strdup("gdm");
-	}
-	else if (PathFileExistsA("/etc/pam.d/xdm"))
-	{
-		info->service_name = _strdup("xdm");
-	}
-	else if (PathFileExistsA("/etc/pam.d/login"))
-	{
-		info->service_name = _strdup("login");
-	}
-	else if (PathFileExistsA("/etc/pam.d/sshd"))
-	{
-		info->service_name = _strdup("sshd");
-	}
-	else
+	size_t x;
+	const char* base = "/etc/pam.d";
+	const char* hints[] = { "lightdm", "gdm", "xdm", "login", "sshd" };
+
+	for (x = 0; x < ARRAYSIZE(hints); x++)
 	{
-		return -1;
-	}
+		char path[MAX_PATH];
+		const char* hint = hints[x];
 
-	if (!info->service_name)
-		return -1;
+		_snprintf(path, sizeof(path), "%s/%s", base, hint);
+		if (PathFileExistsA(path))
+		{
 
-	return 1;
+			info->service_name = _strdup(hint);
+			return info->service_name != NULL;
+		}
+	}
+	WLog_WARN(TAG, "Could not determine PAM service name");
+	return FALSE;
 }
 
 static int x11_shadow_pam_authenticate(rdpShadowSubsystem* subsystem, rdpShadowClient* client,
                                        const char* user, const char* domain, const char* password)
 {
 	int pam_status;
-	SHADOW_PAM_AUTH_INFO* info;
+	SHADOW_PAM_AUTH_INFO info = { 0 };
 	WINPR_UNUSED(subsystem);
 	WINPR_UNUSED(client);
-	info = calloc(1, sizeof(SHADOW_PAM_AUTH_INFO));
-
-	if (!info)
-		return PAM_CONV_ERR;
 
-	if (x11_shadow_pam_get_service_name(info) < 0)
-	{
-		free(info);
+	if (!x11_shadow_pam_get_service_name(&info))
 		return -1;
-	}
 
-	info->appdata.user = user;
-	info->appdata.domain = domain;
-	info->appdata.password = password;
-	info->pamc.conv = &x11_shadow_pam_conv;
-	info->pamc.appdata_ptr = &(info->appdata);
-	pam_status = pam_start(info->service_name, 0, &(info->pamc), &(info->handle));
+	info.appdata.user = user;
+	info.appdata.domain = domain;
+	info.appdata.password = password;
+	info.pamc.conv = &x11_shadow_pam_conv;
+	info.pamc.appdata_ptr = &(info->appdata);
+	pam_status = pam_start(info->service_name, 0, &info.pamc, &info.handle);
 
 	if (pam_status != PAM_SUCCESS)
 	{
-		WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info->handle, pam_status));
-		free(info);
+		WLog_ERR(TAG, "pam_start failure: %s", pam_strerror(info.handle, pam_status));
 		return -1;
 	}
 
-	pam_status = pam_authenticate(info->handle, 0);
+	pam_status = pam_authenticate(info.handle, 0);
 
 	if (pam_status != PAM_SUCCESS)
 	{
-		WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info->handle, pam_status));
-		free(info);
+		WLog_ERR(TAG, "pam_authenticate failure: %s", pam_strerror(info.handle, pam_status));
 		return -1;
 	}
 
-	pam_status = pam_acct_mgmt(info->handle, 0);
+	pam_status = pam_acct_mgmt(info.handle, 0);
 
 	if (pam_status != PAM_SUCCESS)
 	{
-		WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info->handle, pam_status));
-		free(info);
+		WLog_ERR(TAG, "pam_acct_mgmt failure: %s", pam_strerror(info.handle, pam_status));
 		return -1;
 	}
 
-	free(info);
 	return 1;
 }
 
-- 
2.7.4