diff options
| author | Thorsten Kukuk <kukuk@thkukuk.de> | 2008-10-12 17:06:04 +0000 |
|---|---|---|
| committer | Thorsten Kukuk <kukuk@thkukuk.de> | 2008-10-12 17:06:04 +0000 |
| commit | 8283ef44f01931108c5f29bd4e0bda8c86bc5478 (patch) | |
| tree | 8adf635e2020b6804b19638304c8d8b75408937e | |
| parent | dad5bd7c146a842e11da19c5715db117d62f5677 (diff) | |
Relevant BUGIDs:
Purpose of commit:
Commit summary:
---------------
2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de>
* modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
Remove check for re-used passwords.
* modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
of re-used password check.
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.8.xml | 9 | ||||
| -rw-r--r-- | modules/pam_cracklib/pam_cracklib.c | 44 |
3 files changed, 7 insertions, 51 deletions
@@ -1,5 +1,10 @@ 2008-10-10 Thorsten Kukuk <kukuk@thkukuk.de> + * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass): + Remove check for re-used passwords. + * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation + of re-used password check. + * configure.in: add modules/pam_pwhistory/Makefile. * doc/sag/Linux-PAM_SAG.xml: Include pam_pwhistory.xml. * doc/sag/pam_pwhistory.xml: New. diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml index 3d061c43..336da5dd 100644 --- a/modules/pam_cracklib/pam_cracklib.8.xml +++ b/modules/pam_cracklib/pam_cracklib.8.xml @@ -112,15 +112,6 @@ </listitem> </varlistentry> <varlistentry> - <term>Already used</term> - <listitem> - <para> - Was the password used in the past? Previously used passwords - are to be found in <filename>/etc/security/opasswd</filename>. - </para> - </listitem> - </varlistentry> - <varlistentry> <term>Same consecutive characters</term> <listitem> <para> diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 3dcc4729..2c4cd4a0 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -462,7 +462,7 @@ static int usercheck(struct cracklib_options *opt, const char *new, /* now reverse the username, we can do that in place as it is strdup-ed */ f = user; - b = user+strlen(user)-1; + b = user+strlen(user)-1; while (f < b) { char c; @@ -547,43 +547,6 @@ static const char *password_check(struct cracklib_options *opt, } -#define OLD_PASSWORDS_FILE "/etc/security/opasswd" - -static const char * check_old_password(const char *forwho, const char *newpass) -{ - static char buf[16384]; - char *s_luser, *s_uid, *s_npas, *s_pas; - const char *msg = NULL; - FILE *opwfile; - - opwfile = fopen(OLD_PASSWORDS_FILE, "r"); - if (opwfile == NULL) - return NULL; - - while (fgets(buf, 16380, opwfile)) { - if (!strncmp(buf, forwho, strlen(forwho))) { - char *sptr; - buf[strlen(buf)-1] = '\0'; - s_luser = strtok_r(buf, ":,", &sptr); - s_uid = strtok_r(NULL, ":,", &sptr); - s_npas = strtok_r(NULL, ":,", &sptr); - s_pas = strtok_r(NULL, ":,", &sptr); - while (s_pas != NULL) { - if (!strcmp(crypt(newpass, s_pas), s_pas)) { - msg = _("has been already used"); - break; - } - s_pas = strtok_r(NULL, ":,", &sptr); - } - break; - } - } - fclose(opwfile); - - return msg; -} - - static int _pam_unix_approve_pass(pam_handle_t *pamh, unsigned int ctrl, struct cracklib_options *opt, @@ -613,9 +576,6 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, * checking this would be the place */ msg = password_check(opt, pass_old, pass_new, user); - if (!msg) { - msg = check_old_password(user, pass_new); - } if (msg) { if (ctrl & PAM_DEBUG_ARG) @@ -710,7 +670,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = PAM_AUTHTOK_RECOVERY_ERR; /* didn't work */ } } - + if (options.use_authtok != 1) { /* Prepare to ask the user for the first time */ resp = NULL; |