From 28903b11794f0b8509b2c791360219dbeb41f54e Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Sat, 9 May 2020 08:00:00 +0000
Subject: pam_setquota: fix return value when the user is unknown

Following the bad example in pam_mkhomedir module, from the very
beginning pam_setquota module used to return PAM_CRED_INSUFFICIENT
when pam_modutil_getpwnam() returned an error.  Fix this now
by changing the return value to PAM_USER_UNKNOWN.

* modules/pam_setquota/pam_setquota.c (pam_sm_open_session): Return
PAM_USER_UNKNOWN instead of PAM_CRED_INSUFFICIENT.
* modules/pam_setquota/pam_setquota.8.xml (PAM_CRED_INSUFFICIENT):
Replace with PAM_USER_UNKNOWN.
---
 modules/pam_setquota/pam_setquota.8.xml | 2 +-
 modules/pam_setquota/pam_setquota.c     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/pam_setquota')

diff --git a/modules/pam_setquota/pam_setquota.8.xml b/modules/pam_setquota/pam_setquota.8.xml
index 45c8653e..bb878e8c 100644
--- a/modules/pam_setquota/pam_setquota.8.xml
+++ b/modules/pam_setquota/pam_setquota.8.xml
@@ -218,7 +218,7 @@
         </varlistentry>
 
         <varlistentry>
-          <term>PAM_CRED_INSUFFICIENT</term>
+          <term>PAM_USER_UNKNOWN</term>
           <listitem>
             <para>
               The user was not found.
diff --git a/modules/pam_setquota/pam_setquota.c b/modules/pam_setquota/pam_setquota.c
index 43c76d66..9c05862a 100644
--- a/modules/pam_setquota/pam_setquota.c
+++ b/modules/pam_setquota/pam_setquota.c
@@ -227,7 +227,8 @@ pam_sm_open_session(pam_handle_t *pamh, int flags UNUSED,
   /* Get the password entry */
   pwd = pam_modutil_getpwnam(pamh, user);
   if (pwd == NULL) {
-    return PAM_CRED_INSUFFICIENT;
+    pam_syslog(pamh, LOG_NOTICE, "user unknown");
+    return PAM_USER_UNKNOWN;
   }
 
   /* Check if we should not set quotas for user */
-- 
cgit v1.2.3