pam/pam_cracklib-no-pwhistory.diff

--- modules/pam_cracklib/pam_cracklib.8.xml
+++ modules/pam_cracklib/pam_cracklib.8.xml	2008/10/17 10:25:35
@@ -111,15 +111,6 @@
           </para>
         </listitem>
       </varlistentry>
-      <varlistentry>
-        <term>Already used</term>
-        <listitem>
-          <para>
-            Was the password used in the past? Previously used passwords
-            are to be found in <filename>/etc/security/opasswd</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
     </variablelist>
     <para>
       This module with no arguments will work well for standard unix
--- modules/pam_cracklib/pam_cracklib.c
+++ modules/pam_cracklib/pam_cracklib.c	2008/10/17 10:26:56
@@ -472,43 +472,6 @@
 }
 
 
-#define OLD_PASSWORDS_FILE	"/etc/security/opasswd"
-
-static const char * check_old_password(const char *forwho, const char *newpass)
-{
-	static char buf[16384];
-	char *s_luser, *s_uid, *s_npas, *s_pas;
-	const char *msg = NULL;
-	FILE *opwfile;
-
-	opwfile = fopen(OLD_PASSWORDS_FILE, "r");
-	if (opwfile == NULL)
-		return NULL;
-
-	while (fgets(buf, 16380, opwfile)) {
-		if (!strncmp(buf, forwho, strlen(forwho))) {
-			char *sptr;
-			buf[strlen(buf)-1] = '\0';
-			s_luser = strtok_r(buf, ":,", &sptr);
-			s_uid   = strtok_r(NULL, ":,", &sptr);
-			s_npas  = strtok_r(NULL, ":,", &sptr);
-			s_pas   = strtok_r(NULL, ":,", &sptr);
-			while (s_pas != NULL) {
-				if (!strcmp(crypt(newpass, s_pas), s_pas)) {
-					msg = _("has been already used");
-					break;
-				}
-				s_pas = strtok_r(NULL, ":,", &sptr);
-			}
-			break;
-		}
-	}
-	fclose(opwfile);
-
-	return msg;
-}
-
-
 static int _pam_unix_approve_pass(pam_handle_t *pamh,
                                   unsigned int ctrl,
 				  struct cracklib_options *opt,
@@ -516,7 +479,6 @@
                                   const char *pass_new)
 {
     const char *msg = NULL;
-    const void *user;
     int retval;
 
     if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
@@ -532,15 +494,6 @@
      * checking this would be the place
      */
     msg = password_check(opt, pass_old, pass_new);
-    if (!msg) {
-	retval = pam_get_item(pamh, PAM_USER, &user);
-	if (retval != PAM_SUCCESS || user == NULL) {
-	    if (ctrl & PAM_DEBUG_ARG)
-		pam_syslog(pamh,LOG_ERR,"Can not get username");
-	    return PAM_AUTHTOK_ERR;
-	}
-	msg = check_old_password(user, pass_new);
-    }
 
     if (msg) {
         if (ctrl & PAM_DEBUG_ARG)
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=19 2008-10-22 18:33:56 +02:00			`--- modules/pam_cracklib/pam_cracklib.8.xml`
			`+++ modules/pam_cracklib/pam_cracklib.8.xml 2008/10/17 10:25:35`
			`@@ -111,15 +111,6 @@`
			`</para>`
			`</listitem>`
			`</varlistentry>`
			`- <varlistentry>`
			`- <term>Already used</term>`
			`- <listitem>`
			`- <para>`
			`- Was the password used in the past? Previously used passwords`
			`- are to be found in <filename>/etc/security/opasswd</filename>.`
			`- </para>`
			`- </listitem>`
			`- </varlistentry>`
			`</variablelist>`
			`<para>`
			`This module with no arguments will work well for standard unix`
			`--- modules/pam_cracklib/pam_cracklib.c`
			`+++ modules/pam_cracklib/pam_cracklib.c 2008/10/17 10:26:56`
			`@@ -472,43 +472,6 @@`
			`}`


			`-#define OLD_PASSWORDS_FILE "/etc/security/opasswd"`
			`-`
			`-static const char * check_old_password(const char forwho, const char newpass)`
			`-{`
			`- static char buf[16384];`
			`- char s_luser, s_uid, s_npas, s_pas;`
			`- const char *msg = NULL;`
			`- FILE *opwfile;`
			`-`
			`- opwfile = fopen(OLD_PASSWORDS_FILE, "r");`
			`- if (opwfile == NULL)`
			`- return NULL;`
			`-`
			`- while (fgets(buf, 16380, opwfile)) {`
			`- if (!strncmp(buf, forwho, strlen(forwho))) {`
			`- char *sptr;`
			`- buf[strlen(buf)-1] = '\0';`
			`- s_luser = strtok_r(buf, ":,", &sptr);`
			`- s_uid = strtok_r(NULL, ":,", &sptr);`
			`- s_npas = strtok_r(NULL, ":,", &sptr);`
			`- s_pas = strtok_r(NULL, ":,", &sptr);`
			`- while (s_pas != NULL) {`
			`- if (!strcmp(crypt(newpass, s_pas), s_pas)) {`
			`- msg = _("has been already used");`
			`- break;`
			`- }`
			`- s_pas = strtok_r(NULL, ":,", &sptr);`
			`- }`
			`- break;`
			`- }`
			`- }`
			`- fclose(opwfile);`
			`-`
			`- return msg;`
			`-}`
			`-`
			`-`
			`static int _pam_unix_approve_pass(pam_handle_t *pamh,`
			`unsigned int ctrl,`
			`struct cracklib_options *opt,`
			`@@ -516,7 +479,6 @@`
			`const char *pass_new)`
			`{`
			`const char *msg = NULL;`
			`- const void *user;`
			`int retval;`

			`if (pass_new == NULL \|\| (pass_old && !strcmp(pass_old,pass_new))) {`
			`@@ -532,15 +494,6 @@`
			`* checking this would be the place`
			`*/`
			`msg = password_check(opt, pass_old, pass_new);`
			`- if (!msg) {`
			`- retval = pam_get_item(pamh, PAM_USER, &user);`
			`- if (retval != PAM_SUCCESS \|\| user == NULL) {`
			`- if (ctrl & PAM_DEBUG_ARG)`
			`- pam_syslog(pamh,LOG_ERR,"Can not get username");`
			`- return PAM_AUTHTOK_ERR;`
			`- }`
			`- msg = check_old_password(user, pass_new);`
			`- }`

			`if (msg) {`
			`if (ctrl & PAM_DEBUG_ARG)`