From ff316996cbc0aa1085d9a89a06f338ce09527915 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Thu, 14 May 2020 08:00:00 +0000
Subject: pam_faillock: return PAM_INCOMPLETE when pam_get_user returns
 PAM_CONV_AGAIN

Give the application a chance to handle PAM_INCOMPLETE.

* modules/pam_faillock/pam_faillock.c (get_pam_user): Return
PAM_INCOMPLETE instead of PAM_CONV_AGAIN when pam_get_user returns
PAM_CONV_AGAIN.
* modules/pam_faillock/pam_faillock.8.xml (RETURN VALUES): Document it.
---
 modules/pam_faillock/pam_faillock.8.xml | 9 +++++++++
 modules/pam_faillock/pam_faillock.c     | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'modules/pam_faillock')

diff --git a/modules/pam_faillock/pam_faillock.8.xml b/modules/pam_faillock/pam_faillock.8.xml
index d7f2a3ce..c734c28c 100644
--- a/modules/pam_faillock/pam_faillock.8.xml
+++ b/modules/pam_faillock/pam_faillock.8.xml
@@ -170,6 +170,15 @@
           </para>
         </listitem>
       </varlistentry>
+      <varlistentry>
+        <term>PAM_INCOMPLETE</term>
+        <listitem>
+          <para>
+            The conversation method supplied by the application
+            returned PAM_CONV_AGAIN.
+          </para>
+        </listitem>
+      </varlistentry>
       <varlistentry>
         <term>PAM_SUCCESS</term>
         <listitem>
diff --git a/modules/pam_faillock/pam_faillock.c b/modules/pam_faillock/pam_faillock.c
index e340a83c..142cf7e3 100644
--- a/modules/pam_faillock/pam_faillock.c
+++ b/modules/pam_faillock/pam_faillock.c
@@ -394,7 +394,7 @@ get_pam_user(pam_handle_t *pamh, struct options *opts)
 	struct passwd *pwd;
 
 	if ((rv=pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) {
-		return rv;
+		return rv == PAM_CONV_AGAIN ? PAM_INCOMPLETE : rv;
 	}
 
 	if (*user == '\0') {
-- 
cgit v1.2.3