pam/pam_unix.diff

diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 6575938..6f5b2eb 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -97,8 +97,9 @@ typedef struct {
 					   password hash algorithms */
 #define UNIX_BLOWFISH_PASS       26	/* new password hashes will use blowfish */
 #define UNIX_MIN_PASS_LEN        27	/* min length for password */
+#define UNIX_DES                 28     /* DES, default */
 /* -------------- */
-#define UNIX_CTRLS_              28	/* number of ctrl arguments defined */
+#define UNIX_CTRLS_              29	/* number of ctrl arguments defined */
 
 #define UNIX_DES_CRYPT(ctrl)	(off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))
 
@@ -135,6 +136,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =
 /* UNIX_ALGO_ROUNDS */     {"rounds=",         _ALL_ON_,          0100000000, 0},
 /* UNIX_BLOWFISH_PASS */   {"blowfish",    _ALL_ON_^(0260420000), 0200000000, 1},
 /* UNIX_MIN_PASS_LEN */    {"minlen=",		_ALL_ON_,         0400000000, 0},
+/* UNIX_DES */             {"des",             _ALL_ON_^(0260420000),      0, 1},
 };
 
 #define UNIX_DEFAULTS  (unix_args[UNIX__NONULL].flag)
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9aae3b0..d5f2540 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -614,7 +614,8 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
 		if (_unix_blankpasswd(pamh, ctrl, user)) {
 			return PAM_SUCCESS;
-		} else if (off(UNIX__IAMROOT, ctrl)) {
+		} else if (off(UNIX__IAMROOT, ctrl) ||
+			   (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
 			/* instruct user what is happening */
 			if (asprintf(&Announce, _("Changing password for %s."),
 				user) < 0) {
- Add encryption_method_nis.diff: - implement pam_unix2 functionality to use another hash for NIS passwords. - Add pam_unix.diff: - fix if /etc/login.defs uses DES - ask always for old password if a NIS password will be changed OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=125 2013-11-12 13:46:50 +01:00			`diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h`
			`index 6575938..6f5b2eb 100644`
			`--- a/modules/pam_unix/support.h`
			`+++ b/modules/pam_unix/support.h`
			`@@ -97,8 +97,9 @@ typedef struct {`
			`password hash algorithms */`
			`#define UNIX_BLOWFISH_PASS 26 /* new password hashes will use blowfish */`
			`#define UNIX_MIN_PASS_LEN 27 /* min length for password */`
			`+#define UNIX_DES 28 /* DES, default */`
			`/* -------------- */`
			`-#define UNIX_CTRLS_ 28 /* number of ctrl arguments defined */`
			`+#define UNIX_CTRLS_ 29 /* number of ctrl arguments defined */`

			`#define UNIX_DES_CRYPT(ctrl) (off(UNIX_MD5_PASS,ctrl)&&off(UNIX_BIGCRYPT,ctrl)&&off(UNIX_SHA256_PASS,ctrl)&&off(UNIX_SHA512_PASS,ctrl)&&off(UNIX_BLOWFISH_PASS,ctrl))`

			`@@ -135,6 +136,7 @@ static const UNIX_Ctrls unix_args[UNIX_CTRLS_] =`
			`/* UNIX_ALGO_ROUNDS */ {"rounds=", _ALL_ON_, 0100000000, 0},`
			`/* UNIX_BLOWFISH_PASS */ {"blowfish", _ALL_ON_^(0260420000), 0200000000, 1},`
			`/* UNIX_MIN_PASS_LEN */ {"minlen=", _ALL_ON_, 0400000000, 0},`
			`+/* UNIX_DES */ {"des", _ALL_ON_^(0260420000), 0, 1},`
			`};`

			`#define UNIX_DEFAULTS (unix_args[UNIX__NONULL].flag)`
			`diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c`
			`index 9aae3b0..d5f2540 100644`
			`--- a/modules/pam_unix/pam_unix_passwd.c`
			`+++ b/modules/pam_unix/pam_unix_passwd.c`
			`@@ -614,7 +614,8 @@ pam_sm_chauthtok(pam_handle_t pamh, int flags, int argc, const char *argv)`

			`if (_unix_blankpasswd(pamh, ctrl, user)) {`
			`return PAM_SUCCESS;`
			`- } else if (off(UNIX__IAMROOT, ctrl)) {`
			`+ } else if (off(UNIX__IAMROOT, ctrl) \|\|`
			`+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {`
			`/* instruct user what is happening */`
			`if (asprintf(&Announce, _("Changing password for %s."),`
			`user) < 0) {`