From e5e22cb95e5e8cb52b00a732a1f1537e2b57cdc1 Mon Sep 17 00:00:00 2001
From: KRI <kri@astec.net>
Date: Mon, 27 Apr 2020 09:45:23 +0200
Subject: [PATCH] RDEV-1727 updated exception handling

---
 SSH/PAM/src/coreHandler.c | 31 ++++++++++++++-----------------
 1 file changed, 14 insertions(+), 17 deletions(-)

diff --git a/SSH/PAM/src/coreHandler.c b/SSH/PAM/src/coreHandler.c
index 4fdfd0a..74e9a7d 100644
--- a/SSH/PAM/src/coreHandler.c
+++ b/SSH/PAM/src/coreHandler.c
@@ -176,15 +176,15 @@ void displaySelectedMethodMsg(pam_handle_t *pamh, char *selectedMethod) {
 
 void displayExceptionStatus(pam_handle_t *pamh, char *exception) {
     if (strcmp(exception, "UserBypassedException") == 0) {
-        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "User bypassed.");
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "User bypassed.");
     } else if (strcmp(exception, "TransactionAccessTokenExpiredException") == 0 || strcmp(exception, "TransactionExpiredException") == 0) {
-        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "Session expired. Please try again.");
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "Session expired. Please try again.");
     } else if (strcmp(exception, "TransactionIdExpiredException") == 0) {
-        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "Session finally expired.");
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "Session finally expired.");
     } else if (strcmp(exception, "SendMessageException") == 0) {
-		pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "Cannot send SMS message. Please check your phone number or try again later.");
+		pam_prompt(pamh, PAM_TEXT_INFO, NULL, "Cannot send SMS message. Please check your phone number or try again later.");
 	} else {
-        pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "%s", exception);
+        pam_prompt(pamh, PAM_TEXT_INFO, NULL, "%s", exception);
     }
 }
 
@@ -192,7 +192,7 @@ bool transactionErrorException(pam_handle_t *pamh, char *curlResponse) {
     char *exception = NULL;
     exception = parseNestedJson(curlResponse,"result","exception");
     if(exception != NULL) {
-        debugLog("Transaction exception ",exception);
+        debugLog("Transaction exception ", exception);
         displayExceptionStatus(pamh, exception);
         return true;
     }
@@ -230,6 +230,7 @@ char *curlHandler(pam_handle_t *pamh, char *jsonObj, char *url, char *secretKey)
         long size;
         curl_easy_getinfo(curl, CURLINFO_HEADER_SIZE, &size);
         curlResponse = curlResponseJsonParser(pamh, size, chunks.memory);
+        transactionErrorException(pamh,curlResponse);
         responseXRublon = curlResponseSignatureParser(pamh, size, chunks.memory);
         if(!verifyData(pamh, curlResponse, secretKey, responseXRublon)) {
             debugLog("Invalid Signature", "");
@@ -298,8 +299,9 @@ int postInit(pam_handle_t *pamh, cJSON **availableMethods, struct ApplicationInf
   
     char *curlResponse = curlHandler(pamh, jsonObj, url, secretKey);
     if(curlResponse == NULL) {
-        if((strcmp(getConfigValue("failmode"),"secure") != 0))
+        if((strcmp(getConfigValue("failmode"),"secure") != 0)) {
             return STATUS_BYPASS;
+        }
         return CONNECTION_ERROR;
     };
 
@@ -322,11 +324,8 @@ int postInit(pam_handle_t *pamh, cJSON **availableMethods, struct ApplicationInf
     info->companyName = parseNestedJson(curlResponse, "result","companyName");
     info->applicationName = parseNestedJson(curlResponse, "result", "applicationName");
 
-    if(strcmp(status,"ERROR") == 0) {
-        if(transactionErrorException(pamh,curlResponse))
-            return STATUS_DENIED;          
-    }
-    
+    if(strcmp(status,"ERROR") == 0)
+        return STATUS_DENIED;          
     if(gdprAccepted != 1 || tosAccepted != 1) {
         pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nYou have to read and accept our:\n- Terms of Use:   https://core.rublon.net/terms_of_use\n- Privacy Policy: https://core.rublon.net/privacy_policy\n");
         do{
@@ -387,10 +386,8 @@ int postMethod(pam_handle_t *pamh, char *secretKey, char *tId, char *selectedMet
                 pam_prompt(pamh, PAM_PROMPT_ECHO_OFF, NULL, "Press enter to continue.");
     }
 
-    if(strcmp(status,"ERROR") == 0) {
-        if(transactionErrorException(pamh,curlResponse))
-            return STATUS_DENIED;          
-    }
+    if(strcmp(status,"ERROR") == 0)
+        return STATUS_DENIED;          
     if(transactionId == NULL) {
         pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nRublon Transaction Error!");
         return STATUS_BYPASS;    
@@ -519,7 +516,7 @@ int postCredentials(pam_handle_t *pamh, char *systemToken, char *accessToken, ch
          pam_prompt(pamh, PAM_TEXT_INFO, NULL, "\nRublon Transaction Error!");
         return STATUS_BYPASS;       
     }
-    if( (strcmp(answer,"true") == 0) && (strcmp(status,"OK") == 0))
+    if((strcmp(answer,"true") == 0) && (strcmp(status,"OK") == 0))
         return STATUS_CONFIRMED;
 
     return STATUS_UNKNOWN;