pam_fprintd: Consistently return PAM_AUTHINFO_UNAVAIL when device has no prints

Loading saved prints may lead to an error if they were stored long time ago and so they're using a wrong format. In such case we list the prints as available even though they are really not, so the PAM module won't return PAM_AUTHINFO_UNAVAIL as in the no-prints case but PAM_USER_UNKNOWN. This will lead some auth systems (such as gdm) to keep retrying using PAM fprintd module, even if it's not really available.
author: Marco Trevisan (Treviño) <mail@3v1n0.net> 2021-03-02 15:03:38 +0100
committer: Marco Trevisan (Treviño) <mail@3v1n0.net> 2021-03-02 17:15:14 +0100
commit: df6ebefef7d9ebbb5aa36e6c5685e67e81fe775e (patch)
tree: 6448c11de4bf4505af47d33bad68b9e3f1121cd3 /pam
parent: b7aa0c455dbb11676d256a395cc443ecd554124c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pam/pam_fprintd.c b/pam/pam_fprintd.c
index 9c4adcf..8cbd01c 100644
--- a/pam/pam_fprintd.c
+++ b/pam/pam_fprintd.c
@@ -351,7 +351,7 @@ verify_started_cb (sd_bus_message *m,
       if (sd_bus_error_has_name (error, "net.reactivated.Fprint.Error.NoEnrolledPrints"))
         {
           pam_syslog (data->pamh, LOG_DEBUG, "No prints enrolled");
-          data->verify_ret = PAM_USER_UNKNOWN;
+          data->verify_ret = PAM_AUTHINFO_UNAVAIL;
         }
       else
         {
author	Marco Trevisan (Treviño) <mail@3v1n0.net>	2021-03-02 15:03:38 +0100
committer	Marco Trevisan (Treviño) <mail@3v1n0.net>	2021-03-02 17:15:14 +0100
commit	df6ebefef7d9ebbb5aa36e6c5685e67e81fe775e (patch)
tree	6448c11de4bf4505af47d33bad68b9e3f1121cd3 /pam
parent	b7aa0c455dbb11676d256a395cc443ecd554124c (diff)