Return PAM_AUTHTOK_ERR when length exceeds limit
Currently, when the length of username or password exceeds IPMI limit,
it returns PAM_NEW_AUTHTOK_REQD. But according to the man page of
pam_sm_chauthtok, PAM_NEW_AUTHTOK_REQD is not a vaild return value.
Return PAM_AUTHTOK_ERR instead.
Tested:
Try updating a user in ipmi group with a 21-char password by calling
pam_chauthtok, PAM_AUTHTOK_ERR is returned.
Change-Id: Ia055f253865e9f4174dcbee8eec87917b7612f94
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>
diff --git a/src/pam_ipmicheck/pam_ipmicheck.c b/src/pam_ipmicheck/pam_ipmicheck.c
index 41b3abf..b9c0b0d 100644
--- a/src/pam_ipmicheck/pam_ipmicheck.c
+++ b/src/pam_ipmicheck/pam_ipmicheck.c
@@ -114,7 +114,7 @@
"Password length (%x) / User name length (%x) not acceptable",
strlen(pass_new), strlen(user));
pass_new = pass_old = NULL;
- return PAM_NEW_AUTHTOK_REQD;
+ return PAM_AUTHTOK_ERR;
}
}
diff --git a/src/pam_ipmisave/pam_ipmisave.c b/src/pam_ipmisave/pam_ipmisave.c
index f00ed4f..058e079 100644
--- a/src/pam_ipmisave/pam_ipmisave.c
+++ b/src/pam_ipmisave/pam_ipmisave.c
@@ -679,7 +679,7 @@
"Password length (%x) / User name length (%x) not acceptable",
strlen(pass_new), strlen(user));
pass_new = NULL;
- return PAM_NEW_AUTHTOK_REQD;
+ return PAM_AUTHTOK_ERR;
}
if (spec_pass_file == NULL) {
spec_pass_file = DEFAULT_SPEC_PASS_FILE;