webui: pam authentication cleanup

bareos · Sep 29, 2021 · cf0d068 · cf0d068
1 parent fafe231
commit cf0d068
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 18 deletions.
diff --git a/webui/install/directors.ini.in b/webui/install/directors.ini.in
@@ -22,11 +22,11 @@ dirport	= @dirport@
 ; Set catalog to explicit value if you have multiple catalogs
 ;catalog = "MyCatalog"
 
-; Set the console name and password for a dedicated pam console;
-; the counterpart console-config in the director must have set
-; UsePamAuthentication = yes
-;pam_console_name = "admin"
-;pam_console_password = "admin"
+; Set the console name and password for a dedicated pam console.
+; Make sure, that "UsePamAuthentication = yes" is set in the
+; counterpart Director console configuration.
+;pam_console_name = "username"
+;pam_console_password = "password"
 
 ; TLS verify peer
 ; Possible values: true or false
@@ -71,6 +71,8 @@ enabled = "no"
 diraddress = "192.168.120.1"
 dirport = @dirport@
 ;catalog = "MyCatalog"
+;pam_console_name = "username"
+;pam_console_password = "password"
 ;tls_verify_peer = false
 ;server_can_do_tls = false
 ;server_requires_tls = false

diff --git a/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php b/webui/vendor/Bareos/library/Bareos/BSock/BareosBSock.php
@@ -566,6 +566,9 @@ private function connect()
       }
 
       if (!self::login()) {
+         if ($this->config['UsePamAuthentication'] === true) {
+            error_log("AUTH: failed to connect to PAM console '" . $this->config['console_name'] . "' on DIR");
+         }
          return false;
       }
 
@@ -574,20 +577,20 @@ private function connect()
          error_log($recv);
       }
 
-      if ($this->config['UsePamAuthentication'] === true && !strncasecmp($recv, "1000", 4)) {
-          error_log("AUTH: " . $this->config['console_name'] . " is not a defined PAM Console on DIR");
-          return false;
-      }
-
-      if (!strncasecmp($recv, "1001", 4)) {
-          $pam_answer = "4002".chr(0x1e).$this->config['pam_username'].chr(0x1e).$this->config['pam_password'];
-          if (!self::send($pam_answer)) {
-            error_log("Send failed for pam credentials");
+      if ($this->config['UsePamAuthentication'] === true) {
+          if (!strncasecmp($recv, "1000", 4)) {
+            error_log("AUTH: '" . $this->config['console_name'] . "' is not a defined PAM console on DIR");
             return false;
-          }
-          $recv = self::receive();
-          if($this->config['debug']) {
-             error_log($recv);
+          } elseif (!strncasecmp($recv, "1001", 4)) {
+             $pam_answer = "4002".chr(0x1e).$this->config['pam_username'].chr(0x1e).$this->config['pam_password'];
+             if (!self::send($pam_answer)) {
+               error_log("Send failed for pam credentials");
+               return false;
+             }
+             $recv = self::receive();
+             if($this->config['debug']) {
+                error_log($recv);
+             }
           }
       }