From 6f4a40a1d82592095ea24a64b34774842d7814b3 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Thu, 14 May 2020 08:00:00 +0000
Subject: pam_usertype: return PAM_INCOMPLETE when pam_get_user returns
 PAM_CONV_AGAIN

Give the application a chance to handle PAM_INCOMPLETE.

* modules/pam_usertype/pam_usertype.c (pam_usertype_get_uid): Return
PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_usertype/pam_usertype.8.xml (RETURN VALUES): Document it.
---
 modules/pam_usertype/pam_usertype.8.xml | 10 ++++++++++
 modules/pam_usertype/pam_usertype.c     |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml
index 1ba4ee71..4eed4eab 100644
--- a/modules/pam_usertype/pam_usertype.8.xml
+++ b/modules/pam_usertype/pam_usertype.8.xml
@@ -110,6 +110,16 @@
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term>PAM_INCOMPLETE</term>
+          <listitem>
+            <para>
+              The conversation method supplied by the application
+              returned PAM_CONV_AGAIN.
+            </para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term>PAM_AUTH_ERR</term>
           <listitem>
diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c
index eb656c09..dd297150 100644
--- a/modules/pam_usertype/pam_usertype.c
+++ b/modules/pam_usertype/pam_usertype.c
@@ -129,7 +129,7 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts,
     if (ret != PAM_SUCCESS) {
         pam_syslog(pamh, LOG_ERR, "error retrieving user name: %s",
                    pam_strerror(pamh, ret));
-        return ret;
+        return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : ret;
     }
 
     pwd = pam_modutil_getpwnam(pamh, username);
-- 
cgit v1.2.3