From 5154aabe8aac27d569059cad3332cd12c7442a8a Mon Sep 17 00:00:00 2001
From: Florian Best <best@univention.de>
Date: Wed, 26 Jun 2019 23:13:13 +0200
Subject: Restrict password length when changing password

---
 modules/pam_unix/pam_unix_passwd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules/pam_unix')

diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index df4c1233..4d2f5e2c 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -576,7 +576,11 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 			return PAM_AUTHTOK_ERR;
 		}
 	}
-	if (off(UNIX__IAMROOT, ctrl)) {
+
+	if (strlen(pass_new) > MAX_PASS) {
+		remark = _("You must choose a shorter password.");
+		D(("length exceeded [%s]", remark));
+	} else if (off(UNIX__IAMROOT, ctrl)) {
 		if (strlen(pass_new) < pass_min_len)
 		  remark = _("You must choose a longer password.");
 		D(("length check [%s]", remark));
-- 
cgit v1.2.3