Please add which returns codes pam_u2f can emit to the documentation of pam_u2f at https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html and to the man pages. This should also contain a brief description what return code pam_u2f used in which case.
From reading the main source file I was able to compile this preliminary list:
PAM_IGNORE:
- unable to allocate memory (side remark: shouldn't this be
PAM_ABORT or PAM_BUF_ERROR?)
- could not resolve authfile path
- unable to switch user to uid
- could not restore privilege
PAM_CONV_ERR
- unable to get user name from PAM
PAM_USER_UNKNOWN
- unable to retrieve credentials for user
- PAM_AUTHINFO_UNAVAIL`
- failed to perform variable expansion
- unable to get devices from authentication file
- found no devices
PAM_SUCCESS
- found no devices but nouserok specified
- PAM_AUTH_ERR`
Note: This list incomplete, because I did not dive into the helper functions get_devices_from_authfile, do_authentication and do_manual_authentication. I compiled this list only from the main file pam-u2f.c.
Please add which returns codes pam_u2f can emit to the documentation of pam_u2f at https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html and to the man pages. This should also contain a brief description what return code pam_u2f used in which case.
From reading the main source file I was able to compile this preliminary list:
PAM_IGNORE:PAM_ABORTorPAM_BUF_ERROR?)PAM_CONV_ERRPAM_USER_UNKNOWNPAM_SUCCESSNote: This list incomplete, because I did not dive into the helper functions
get_devices_from_authfile,do_authenticationanddo_manual_authentication. I compiled this list only from the main filepam-u2f.c.