execute: make setup_pam() return -errno when possible

The only caller currently checks if the result is non-zero,
so nothing changes there.

diff --git a/src/execute.c b/src/execute.c
index 065101431d10fa987d81fbbb0625ce45fa0c3c36..2039861782f21c91ef95fc35800f9f58e2459395 100644 (file)
--- a/src/execute.c
+++ b/src/execute.c
@@ -716,6 +716,7 @@ static int setup_pam(
         pam_handle_t *handle = NULL;
         sigset_t ss, old_ss;
         int pam_code = PAM_SUCCESS;
+        int err;
         char **e = NULL;
         bool close_session = false;
         pid_t pam_pid = 0, parent_pid;
@@ -835,6 +836,11 @@ static int setup_pam(
         return 0;
 
 fail:
+        if (pam_code != PAM_SUCCESS)
+                err = -EPERM;  /* PAM errors do not map to errno */
+        else
+                err = -errno;
+
         if (handle) {
                 if (close_session)
                         pam_code = pam_close_session(handle, PAM_DATA_SILENT);
@@ -851,7 +857,7 @@ fail:
                 kill(pam_pid, SIGCONT);
         }
 
-        return EXIT_PAM;
+        return err;
 }
 #endif