From 25a1fab5b6c5ef2a8bb109232b765cb8b332ce5e Mon Sep 17 00:00:00 2001 From: matt335672 <30179339+matt335672@users.noreply.github.com> Date: Sat, 19 Aug 2023 13:35:26 +0100 Subject: [PATCH] Check auth_start_session() result --- sesman/libsesman/verify_user_pam.c | 24 +++++++++++++++++++-- sesman/libsesman/verify_user_pam_userpass.c | 24 +++++++++++++++++++-- sesman/sesexec/session.c | 7 +++++- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/sesman/libsesman/verify_user_pam.c b/sesman/libsesman/verify_user_pam.c index b400bb5e2c..ca5136688d 100644 --- a/sesman/libsesman/verify_user_pam.c +++ b/sesman/libsesman/verify_user_pam.c @@ -397,8 +397,8 @@ auth_uds(const char *user, enum scp_login_status *errorcode) /******************************************************************************/ /* returns error */ -int -auth_start_session(struct auth_info *auth_info, int display_num) +static int +auth_start_session_private(struct auth_info *auth_info, int display_num) { int error; char display[256]; @@ -436,6 +436,26 @@ auth_start_session(struct auth_info *auth_info, int display_num) return 0; } +/******************************************************************************/ +/** + * Main routine to start a session + * + * Calls the private routine and logs an additional error if the private + * routine fails + */ +int +auth_start_session(struct auth_info *auth_info, int display_num) +{ + int result = auth_start_session_private(auth_info, display_num); + if (result != 0) + { + LOG(LOG_LEVEL_ERROR, + "Can't start PAM session. See PAM logging for more info"); + } + + return result; +} + /******************************************************************************/ /* returns error */ static int diff --git a/sesman/libsesman/verify_user_pam_userpass.c b/sesman/libsesman/verify_user_pam_userpass.c index 349d811145..9a6f657c2c 100644 --- a/sesman/libsesman/verify_user_pam_userpass.c +++ b/sesman/libsesman/verify_user_pam_userpass.c @@ -207,8 +207,8 @@ auth_uds(const char *user, enum scp_login_status *errorcode) /******************************************************************************/ /* returns error */ -int -auth_start_session(struct auth_info *auth_info, int display_num) +static int +auth_start_session_private(struct auth_info *auth_info, int display_num) { int error; char display[256]; @@ -246,6 +246,26 @@ auth_start_session(struct auth_info *auth_info, int display_num) return 0; } +/******************************************************************************/ +/** + * Main routine to start a session + * + * Calls the private routine and logs an additional error if the private + * routine fails + */ +int +auth_start_session(struct auth_info *auth_info, int display_num) +{ + int result = auth_start_session_private(auth_info, display_num); + if (result != 0) + { + LOG(LOG_LEVEL_ERROR, + "Can't start PAM session. See PAM logging for more info"); + } + + return result; +} + /******************************************************************************/ /* returns error */ static int diff --git a/sesman/sesexec/session.c b/sesman/sesexec/session.c index 6836d5c47d..900b394333 100644 --- a/sesman/sesexec/session.c +++ b/sesman/sesexec/session.c @@ -568,7 +568,12 @@ session_start_wrapped(struct login_info *login_info, int window_manager_pid; enum scp_screate_status status = E_SCP_SCREATE_GENERAL_ERROR; - auth_start_session(login_info->auth_info, s->display); + if (auth_start_session(login_info->auth_info, s->display) != 0) + { + // Errors are logged by the auth module, as they are + // specific to that module + return E_SCP_SCREATE_GENERAL_ERROR; + } #ifdef USE_BSD_SETLOGIN /** * Create a new session and process group since the 4.4BSD