Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sesman should return auth result/reason to xrdp #909

Closed
metalefty opened this issue Oct 13, 2017 · 0 comments · Fixed by #2472
Closed

sesman should return auth result/reason to xrdp #909

metalefty opened this issue Oct 13, 2017 · 0 comments · Fixed by #2472
Assignees
@speidy
Labels
enhancement sesman

Comments

@metalefty
Copy link
Member

Currently, xrdp can know if sesman could create a new session or find an existing session but cannot know the reason Due to this limitation, #642 will occur. Returning the result or reason to xrdp is very good to provide the exact reason of failure to users. It also helps to implement IP ban (fail2ban, blacklistd).

Maybe the following reasons are required at least.

  • authentication failed
  • user password expired
  • exhausted sessions count
  • user not in the TerminalServerUsers group
  • failed to execute backend
    • ex. Xvnc, X11rdp, Xorg executable doesn't exist
@metalefty metalefty mentioned this issue Dec 14, 2017
Closed
@metalefty metalefty mentioned this issue Jul 19, 2021
Merged
matt335672 added a commit to matt335672/xrdp that referenced this issue Dec 14, 2022
@matt335672
Update PAM auth module for UDS logins
e1b561e 
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.

Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See neutrinolabs#1921
and also neutrinolabs#909 and neutrinolabs#642
matt335672 added a commit to matt335672/xrdp that referenced this issue Dec 14, 2022
@matt335672
Update PAM auth module for UDS logins
71a13b5 
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.

Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See neutrinolabs#1921
and also neutrinolabs#909 and neutrinolabs#642
@matt335672 matt335672 mentioned this issue Dec 14, 2022
Merged
matt335672 added a commit to matt335672/xrdp that referenced this issue Dec 22, 2022
@matt335672
Update PAM auth module for UDS logins
2a3cec4 
An extra method auth_uds() is added to the PAM module to
allow a 'struct auth_info' to be created for a UDS login. The PAM stack
is used to check the UDS user can be authorized.

Also, an error code is returned from the auth module rather than a
simple boolean. This allows a more complete status to be communicated
to the user. See neutrinolabs#1921
and also neutrinolabs#909 and neutrinolabs#642
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@speidy speidy

Labels
enhancement sesman
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Implement uds authentication matt335672/xrdp
2 participants
@metalefty @speidy