summaryrefslogtreecommitdiff
path: root/modules/pam_pwhistory
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_pwhistory')
-rw-r--r--modules/pam_pwhistory/opasswd.c22
1 files changed, 18 insertions, 4 deletions
diff --git a/modules/pam_pwhistory/opasswd.c b/modules/pam_pwhistory/opasswd.c
index 3c8e5cff..f045555f 100644
--- a/modules/pam_pwhistory/opasswd.c
+++ b/modules/pam_pwhistory/opasswd.c
@@ -94,6 +94,23 @@ parse_entry (char *line, opwd *data)
return 0;
}
+static int
+compare_password(const char *newpass, const char *oldpass)
+{
+ char *outval;
+#ifdef HAVE_CRYPT_R
+ struct crypt_data output;
+
+ output.initialized = 0;
+
+ outval = crypt_r (newpass, oldpass, &output);
+#else
+ outval = crypt (newpass, oldpass);
+#endif
+
+ return strcmp(outval, oldpass) == 0;
+}
+
/* Check, if the new password is already in the opasswd file. */
int
check_old_password (pam_handle_t *pamh, const char *user,
@@ -167,12 +184,9 @@ check_old_password (pam_handle_t *pamh, const char *user,
if (found)
{
const char delimiters[] = ",";
- struct crypt_data output;
char *running;
char *oldpass;
- memset (&output, 0, sizeof (output));
-
running = strdupa (entry.old_passwords);
if (running == NULL)
return PAM_BUF_ERR;
@@ -180,7 +194,7 @@ check_old_password (pam_handle_t *pamh, const char *user,
do {
oldpass = strsep (&running, delimiters);
if (oldpass && strlen (oldpass) > 0 &&
- strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0)
+ compare_password(newpass, oldpass) )
{
if (debug)
pam_syslog (pamh, LOG_DEBUG, "New password already used");