From 7d878c8471b56c018c04bfe9b83bea5fecd70f90 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 1 May 2020 21:44:59 +0000 Subject: pam_localuser: return PAM_INCOMPLETE when pam_get_user returns PAM_CONV_AGAIN Give the application a chance to handle PAM_INCOMPLETE. * modules/pam_localuser/pam_localuser.c (pam_sm_authenticate): Return PAM_INCOMPLETE instead of PAM_SERVICE_ERR when pam_get_user returns PAM_CONV_AGAIN. * modules/pam_localuser/pam_localuser.8.xml (RETURN VALUES): Document it. --- modules/pam_localuser/pam_localuser.8.xml | 10 ++++++++++ modules/pam_localuser/pam_localuser.c | 9 +++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/pam_localuser/pam_localuser.8.xml b/modules/pam_localuser/pam_localuser.8.xml index 2a8b2e04..4d3daa9e 100644 --- a/modules/pam_localuser/pam_localuser.8.xml +++ b/modules/pam_localuser/pam_localuser.8.xml @@ -102,6 +102,16 @@ + + PAM_INCOMPLETE + + + The conversation method supplied by the application + returned PAM_CONV_AGAIN. + + + + PAM_SERVICE_ERR diff --git a/modules/pam_localuser/pam_localuser.c b/modules/pam_localuser/pam_localuser.c index 249d09cf..9ffd54a3 100644 --- a/modules/pam_localuser/pam_localuser.c +++ b/modules/pam_localuser/pam_localuser.c @@ -60,7 +60,7 @@ int pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, int argc, const char **argv) { - int i, ret = PAM_SUCCESS; + int i, ret; FILE *fp; int debug = 0; const char *filename = "/etc/passwd"; @@ -95,9 +95,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags UNUSED, } } - if(pam_get_user(pamh, &user, NULL) != PAM_SUCCESS) { - pam_syslog (pamh, LOG_ERR, "user name not specified yet"); - return PAM_SERVICE_ERR; + /* Obtain the user name. */ + if ((ret = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) { + pam_syslog (pamh, LOG_ERR, "cannot determine user name"); + return ret == PAM_CONV_AGAIN ? PAM_INCOMPLETE : PAM_SERVICE_ERR; } if ((user_len = strlen(user)) == 0) { -- cgit v1.2.3