From 9a1a98220697f922a4c0d8460b899987ad0e1c61 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Fri, 31 May 2019 13:13:10 +0200
Subject: su: More descriptive error message on malformed user entry

With users coming from LDAP, it is often the case that the entry in LDAP
does not contain one or more attributes required by su or, because of
misconfigured access control rights, the attribute might not be readable
by the LDAP client. In that case, su just tells the user that the user
does not exist.

It might be more user-friendly to tell the user to check the user entry
for all required fields.
---
 login-utils/su-common.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/login-utils/su-common.c b/login-utils/su-common.c
index caabe23a6..4d91b22e4 100644
--- a/login-utils/su-common.c
+++ b/login-utils/su-common.c
@@ -1446,7 +1446,9 @@ int su_main(int argc, char **argv, int mode)
 	    || !su->pwd->pw_passwd
 	    || !su->pwd->pw_name || !*su->pwd->pw_name
 	    || !su->pwd->pw_dir  || !*su->pwd->pw_dir)
-		errx(EXIT_FAILURE, _("user %s does not exist"), su->new_user);
+		errx(EXIT_FAILURE,
+		     _("user %s does not exist or the user entry does not "
+		       "contain all the required fields"), su->new_user);
 
 	su->new_user = su->pwd->pw_name;
 	su->old_user = xgetlogin();
-- 
cgit v1.2.3-55-g7522