89 lines
2.4 KiB
Diff
89 lines
2.4 KiB
Diff
--- modules/pam_cracklib/pam_cracklib.8.xml
|
|
+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35
|
|
@@ -111,15 +111,6 @@
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
- <varlistentry>
|
|
- <term>Already used</term>
|
|
- <listitem>
|
|
- <para>
|
|
- Was the password used in the past? Previously used passwords
|
|
- are to be found in <filename>/etc/security/opasswd</filename>.
|
|
- </para>
|
|
- </listitem>
|
|
- </varlistentry>
|
|
</variablelist>
|
|
<para>
|
|
This module with no arguments will work well for standard unix
|
|
--- modules/pam_cracklib/pam_cracklib.c
|
|
+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56
|
|
@@ -472,43 +472,6 @@
|
|
}
|
|
|
|
|
|
-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"
|
|
-
|
|
-static const char * check_old_password(const char *forwho, const char *newpass)
|
|
-{
|
|
- static char buf[16384];
|
|
- char *s_luser, *s_uid, *s_npas, *s_pas;
|
|
- const char *msg = NULL;
|
|
- FILE *opwfile;
|
|
-
|
|
- opwfile = fopen(OLD_PASSWORDS_FILE, "r");
|
|
- if (opwfile == NULL)
|
|
- return NULL;
|
|
-
|
|
- while (fgets(buf, 16380, opwfile)) {
|
|
- if (!strncmp(buf, forwho, strlen(forwho))) {
|
|
- char *sptr;
|
|
- buf[strlen(buf)-1] = '\0';
|
|
- s_luser = strtok_r(buf, ":,", &sptr);
|
|
- s_uid = strtok_r(NULL, ":,", &sptr);
|
|
- s_npas = strtok_r(NULL, ":,", &sptr);
|
|
- s_pas = strtok_r(NULL, ":,", &sptr);
|
|
- while (s_pas != NULL) {
|
|
- if (!strcmp(crypt(newpass, s_pas), s_pas)) {
|
|
- msg = _("has been already used");
|
|
- break;
|
|
- }
|
|
- s_pas = strtok_r(NULL, ":,", &sptr);
|
|
- }
|
|
- break;
|
|
- }
|
|
- }
|
|
- fclose(opwfile);
|
|
-
|
|
- return msg;
|
|
-}
|
|
-
|
|
-
|
|
static int _pam_unix_approve_pass(pam_handle_t *pamh,
|
|
unsigned int ctrl,
|
|
struct cracklib_options *opt,
|
|
@@ -516,7 +479,6 @@
|
|
const char *pass_new)
|
|
{
|
|
const char *msg = NULL;
|
|
- const void *user;
|
|
int retval;
|
|
|
|
if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
|
|
@@ -532,15 +494,6 @@
|
|
* checking this would be the place
|
|
*/
|
|
msg = password_check(opt, pass_old, pass_new);
|
|
- if (!msg) {
|
|
- retval = pam_get_item(pamh, PAM_USER, &user);
|
|
- if (retval != PAM_SUCCESS || user == NULL) {
|
|
- if (ctrl & PAM_DEBUG_ARG)
|
|
- pam_syslog(pamh,LOG_ERR,"Can not get username");
|
|
- return PAM_AUTHTOK_ERR;
|
|
- }
|
|
- msg = check_old_password(user, pass_new);
|
|
- }
|
|
|
|
if (msg) {
|
|
if (ctrl & PAM_DEBUG_ARG)
|