Enhance return value from pamAuthenticateUser This enhances the return value from the pamAuthenticateUser function so callers can articulate PAM error codes like PAM_NEW_AUTHTOK_REQD which means the credentials are correct, but the password must be changed. Tested: Yes, scenarios via both Redfish login and Basic Auth: - correct username and password, password is not expired - correct username and password, password is expired - correct username and incorrect password, password is not expired - correct username and incorrect password, password is expired - non-existent user (passsword is not relevant) Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net> Change-Id: I1114d6c9cc591fb0a1853cb4edea32ad22f7b015

commit: d887fff197b2fc3357bcbb1adb028521699a204a [log] [tgz]
author: Joseph Reynolds <joseph-reynolds@charter.net> Tue Jan 14 16:34:09 2020 -0600
committer: Joseph Reynolds <joseph-reynolds@charter.net> Thu Jan 30 16:24:12 2020 +0000
tree: cd2038b1dfd796becf9444d27b1024ca5dc4b7d7
parent: d04ba325f3ef4e60eb4fd8e7477af78d1be0d79d [diff] [blame]
diff --git a/redfish-core/lib/redfish_sessions.hpp b/redfish-core/lib/redfish_sessions.hpp
index 88f250b..0094858 100644
--- a/redfish-core/lib/redfish_sessions.hpp
+++ b/redfish-core/lib/redfish_sessions.hpp

@@ -196,7 +196,7 @@
             return;
         }
 
-        if (!pamAuthenticateUser(username, password))
+        if (pamAuthenticateUser(username, password) != PAM_SUCCESS)
         {
             messages::resourceAtUriUnauthorized(res, std::string(req.url),
                                                 "Invalid username or password");
commit	d887fff197b2fc3357bcbb1adb028521699a204a	[log] [tgz]
author	Joseph Reynolds <joseph-reynolds@charter.net>	Tue Jan 14 16:34:09 2020 -0600
committer	Joseph Reynolds <joseph-reynolds@charter.net>	Thu Jan 30 16:24:12 2020 +0000
tree	cd2038b1dfd796becf9444d27b1024ca5dc4b7d7
parent	d04ba325f3ef4e60eb4fd8e7477af78d1be0d79d [diff] [blame]