pam_get_user: consistently return PAM_SYSTEM_ERR if user specified a NULL pointer

pam_get_user returns PAM_SYSTEM_ERR in case of pamh == NULL.
In case of user == NULL, however, it used to return PAM_PERM_DENIED,
and in case of NULL conversation function it used to return
PAM_SERVICE_ERR.

According to the documentation, PAM_SYSTEM_ERR shall be returned
if a NULL pointer was submitted.

Fix this inconsistency and return PAM_SYSTEM_ERR in each of these
programming error cases.

* libpam/pam_item.c (pam_get_user): Return PAM_SYSTEM_ERR instead of
PAM_PERM_DENIED if user == NULL.  Return PAM_SYSTEM_ERR instead of
PAM_SERVICE_ERR if pamh->pam_conversation == NULL.

1 files changed, 2 insertions, 2 deletions

diff --git a/libpam/pam_item.c b/libpam/pam_item.c
index 8148fd57..36298ce0 100644
--- a/libpam/pam_item.c
+++ b/libpam/pam_item.c
@@ -285,13 +285,13 @@ int pam_get_user(pam_handle_t *pamh, const char **user, const char *prompt)
     if (user == NULL) {
         /* ensure that the module has supplied a destination */
 	pam_syslog(pamh, LOG_ERR, "pam_get_user: nowhere to record username");
-	return PAM_PERM_DENIED;
+	return PAM_SYSTEM_ERR;
     } else
 	*user = NULL;
 
     if (pamh->pam_conversation == NULL) {
 	pam_syslog(pamh, LOG_ERR, "pam_get_user: no conv element in pamh");
-	return PAM_SERVICE_ERR;
+	return PAM_SYSTEM_ERR;
     }
 
     if (pamh->user) {    /* have one so return it */