From a51c2cc8cb11c340e3768d6142008862b7ce69c1 Mon Sep 17 00:00:00 2001 From: Benny Baumann Date: Mon, 13 Nov 2023 14:17:01 +0100 Subject: pam_unix: only output length check message on failure The debug message was placed outside the password length check and thus if the length check succeeded no message would have been placed. Comparing this location with other occurrences indicates this was by mistake, thus the message is now suppressed if there's nothing to print anyway. Signed-off-by: Benny Baumann --- modules/pam_unix/pam_unix_passwd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'modules/pam_unix/pam_unix_passwd.c') diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index c3417413..c1d547c7 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -572,9 +572,10 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh remark = _("You must choose a shorter password."); D(("length exceeded [%s]", remark)); } else if (off(UNIX__IAMROOT, ctrl)) { - if ((int)strlen(pass_new) < pass_min_len) + if ((int)strlen(pass_new) < pass_min_len) { remark = _("You must choose a longer password."); - D(("length check [%s]", remark)); + D(("length check [%s]", remark)); + } if (on(UNIX_REMEMBER_PASSWD, ctrl)) { if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR) remark = _("Password has been already used. Choose another."); -- cgit v1.2.3