Return PAM_AUTHTOK_ERR when length exceeds limit Currently, when the length of username or password exceeds IPMI limit, it returns PAM_NEW_AUTHTOK_REQD. But according to the man page of pam_sm_chauthtok, PAM_NEW_AUTHTOK_REQD is not a vaild return value. Return PAM_AUTHTOK_ERR instead. Tested: Try updating a user in ipmi group with a 21-char password by calling pam_chauthtok, PAM_AUTHTOK_ERR is returned. Change-Id: Ia055f253865e9f4174dcbee8eec87917b7612f94 Signed-off-by: Jiaqing Zhao <jiaqing.zhao@intel.com>

commit: e3771e857cb37f1352c3ac76c6fcfca772f63aeb [log] [tgz]
author: Jiaqing Zhao <jiaqing.zhao@intel.com> Sat Apr 02 18:02:25 2022 +0800
committer: Jiaqing Zhao <jiaqing.zhao@intel.com> Sat Apr 02 18:09:13 2022 +0800
tree: 10f0f1be21ef0f21f9d834f47a426e5f1109e2b0
parent: 08be868a6d18bca99d3580f4b3247c0c953f0f84 [diff] [blame]
diff --git a/src/pam_ipmisave/pam_ipmisave.c b/src/pam_ipmisave/pam_ipmisave.c
index f00ed4f..058e079 100644
--- a/src/pam_ipmisave/pam_ipmisave.c
+++ b/src/pam_ipmisave/pam_ipmisave.c

@@ -679,7 +679,7 @@
 				"Password length (%x) / User name length (%x) not acceptable",
 				strlen(pass_new), strlen(user));
 			pass_new = NULL;
-			return PAM_NEW_AUTHTOK_REQD;
+			return PAM_AUTHTOK_ERR;
 		}
 		if (spec_pass_file == NULL) {
 			spec_pass_file = DEFAULT_SPEC_PASS_FILE;
commit	e3771e857cb37f1352c3ac76c6fcfca772f63aeb	[log] [tgz]
author	Jiaqing Zhao <jiaqing.zhao@intel.com>	Sat Apr 02 18:02:25 2022 +0800
committer	Jiaqing Zhao <jiaqing.zhao@intel.com>	Sat Apr 02 18:09:13 2022 +0800
tree	10f0f1be21ef0f21f9d834f47a426e5f1109e2b0
parent	08be868a6d18bca99d3580f4b3247c0c953f0f84 [diff] [blame]