Return PAM_AUTHTOK_ERR when length exceeds limit Currently, when the length of username or password exceeds IPMI limit, it returns PAM_NEW_AUTHTOK_REQD. But according to the man page of pam_sm_chauthtok, PAM_NEW_AUTHTOK_REQD is not a vaild return value. Return PAM_AUTHTOK_ERR instead. Tested: Try updating a user in ipmi group with a 21-char password by calling pam_chauthtok, PAM_AUTHTOK_ERR is returned. Change-Id: Ia055f253865e9f4174dcbee8eec87917b7612f94 Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

commit: e3771e857cb37f1352c3ac76c6fcfca772f63aeb [log] [tgz]
author: Jiaqing Zhao <jiaqing.zhao@intel.com> Sat Apr 02 18:02:25 2022 +0800
committer: Jiaqing Zhao <jiaqing.zhao@intel.com> Sat Apr 02 18:09:13 2022 +0800
tree: 10f0f1be21ef0f21f9d834f47a426e5f1109e2b0
parent: 08be868a6d18bca99d3580f4b3247c0c953f0f84 [diff] [blame]
diff --git a/src/pam_ipmicheck/pam_ipmicheck.c b/src/pam_ipmicheck/pam_ipmicheck.c
index 41b3abf..b9c0b0d 100644
--- a/src/pam_ipmicheck/pam_ipmicheck.c
+++ b/src/pam_ipmicheck/pam_ipmicheck.c

@@ -114,7 +114,7 @@
 				"Password length (%x) / User name length (%x) not acceptable",
 				strlen(pass_new), strlen(user));
 			pass_new = pass_old = NULL;
-			return PAM_NEW_AUTHTOK_REQD;
+			return PAM_AUTHTOK_ERR;
 		}
 	}
commit	e3771e857cb37f1352c3ac76c6fcfca772f63aeb	[log] [tgz]
author	Jiaqing Zhao <jiaqing.zhao@intel.com>	Sat Apr 02 18:02:25 2022 +0800
committer	Jiaqing Zhao <jiaqing.zhao@intel.com>	Sat Apr 02 18:09:13 2022 +0800
tree	10f0f1be21ef0f21f9d834f47a426e5f1109e2b0
parent	08be868a6d18bca99d3580f4b3247c0c953f0f84 [diff] [blame]