2c134435e8
* Allow 9 digits long passcode for passcode bypass * Change name of 'Mobile Passcode' to 'Passcode' * Do not display any prompt when user is waiting * Add autopushPrompt option * Change name OTP method * Change enrolement message handling * Addded postrm script * [bugfix] Restart sshd service after rublon package instalation * Rename 01_rublon_ssh.conf to 01-rublon-ssh.conf * Prepared scripts for generating rpm for alma nad rocky * Adding public key authentication option * Add postinst script and ssh configuration for using pubkey * Add GCC 7 compatybility * Cleanup includes, cleanup std::array usage * Add Static String implementation * Remove memory_resources * Add monotonic_buffer_resource in experimental c++ imlpementation * Use case insensitive map * Remove not needed code * Stop using deprecated SHA256 functions * Changed app verstion to v2.0.4 * Fixed postinst script for ubuntu * CHanged vangrantfile not to show gui * Refactor cpack + add component builds for rpm based distros
96 lines
4.7 KiB
C++
96 lines
4.7 KiB
C++
#pragma once
|
|
|
|
#include "rublon/bits.hpp"
|
|
#include "rublon/configuration.hpp"
|
|
#include <rublon/error.hpp>
|
|
#include <rublon/pam_action.hpp>
|
|
#include <rublon/utils.hpp>
|
|
|
|
namespace rublon {
|
|
class ErrorHandler {
|
|
public:
|
|
const Pam_t & pam;
|
|
const Configuration & config;
|
|
AuthenticationStatus printErrorDetails(const Error & error) {
|
|
log(LogLevel::Error, "Process interrupted by {%s::%s}", error.errorClassName(), error.categoryName());
|
|
if(error.is< RublonAuthenticationInterrupt >()) {
|
|
switch(error.get< RublonAuthenticationInterrupt >().errorClass) {
|
|
case RublonAuthenticationInterrupt::ErrorClass::UserBaypass:
|
|
return AuthenticationStatus::Action::Bypass;
|
|
case RublonAuthenticationInterrupt::ErrorClass::UserDenied:
|
|
pam.print("Access denied! Contact your administrator for more information");
|
|
return AuthenticationStatus::Action::Denied;
|
|
case RublonAuthenticationInterrupt::ErrorClass::UserWaiting:
|
|
case RublonAuthenticationInterrupt::ErrorClass::UserPending:
|
|
pam.print(
|
|
"Your account is awaiting administrator's approval.\n"
|
|
"Contact your administrator and ask them to approve your account");
|
|
return AuthenticationStatus::Action::Denied;
|
|
case RublonAuthenticationInterrupt::ErrorClass::UserNotFound:
|
|
return AuthenticationStatus::Action::Bypass;
|
|
}
|
|
}
|
|
|
|
if(error.is< MethodError >()) {
|
|
switch(error.get< MethodError >().errorClass) {
|
|
case MethodError::ErrorClass::BadMethod:
|
|
return AuthenticationStatus::Action::Denied;
|
|
case MethodError::ErrorClass::BadUserInput:
|
|
return AuthenticationStatus::Action::Denied;
|
|
case MethodError::ErrorClass::NoMethodAvailable:
|
|
return AuthenticationStatus::Action::Denied;
|
|
}
|
|
}
|
|
|
|
if(error.is< ConnectionError >()) {
|
|
if(config.failMode == FailMode::deny) {
|
|
pam.print("Incorrect response from the Rublon API, user bypassed");
|
|
return AuthenticationStatus::Action::Bypass;
|
|
} else {
|
|
pam.print("Incorrect response from the Rublon API, user access denied");
|
|
return AuthenticationStatus::Action::Denied;
|
|
}
|
|
}
|
|
|
|
if(error.is< CoreHandlerError >()) {
|
|
const auto & reson = error.get< CoreHandlerError >().reson;
|
|
pam.print("Something went wrong and authentication could not be completed, contact your administrator");
|
|
|
|
///TODO change to some kind of enum and remove string
|
|
if(reson == "UserBypassedException" or reson == "UserNotFoundException")
|
|
return AuthenticationStatus::Action::Bypass;
|
|
}
|
|
|
|
if(error.is< WerificationError >()) {
|
|
switch(error.get< WerificationError >().errorClass) {
|
|
case WerificationError::ErrorClass::PasscodeException:
|
|
pam.print(R"(Incorrect passcode)");
|
|
return AuthenticationStatus::Action::Denied;
|
|
case WerificationError::ErrorClass::BadInput:
|
|
pam.print(R"(Ensure that the Secret Key is correct.)");
|
|
return AuthenticationStatus::Action::Denied;
|
|
}
|
|
}
|
|
|
|
if(error.is< RublonCheckApplicationException >()) {
|
|
switch(error.get< RublonCheckApplicationException >().errorClass) {
|
|
case RublonCheckApplicationException::ErrorClass::ApplicationNotFoundException:
|
|
log(LogLevel::Error, R"(Could not find the application in the Rublon Admin Console.)");
|
|
log(LogLevel::Error, R"(Ensure that the application exists and the SystemToken is correct.)");
|
|
return AuthenticationStatus::Action::Denied;
|
|
case RublonCheckApplicationException::ErrorClass::InvalidSignatureException:
|
|
log(LogLevel::Error, R"(Could not verify the signature.)");
|
|
log(LogLevel::Error, R"(Ensure that the Secret Key is correct.)");
|
|
return AuthenticationStatus::Action::Denied;
|
|
case RublonCheckApplicationException::ErrorClass::UnsupportedVersionException:
|
|
log(LogLevel::Error, R"(The provided version of the app is unsupported.)");
|
|
log(LogLevel::Error, R"(Try changing the app version.)");
|
|
return AuthenticationStatus::Action::Denied;
|
|
}
|
|
}
|
|
|
|
return AuthenticationStatus::Action::Denied;
|
|
}
|
|
};
|
|
} // namespace rublon
|