From 8283ef44f01931108c5f29bd4e0bda8c86bc5478 Mon Sep 17 00:00:00 2001
From: Thorsten Kukuk <kukuk@thkukuk.de>
Date: Sun, 12 Oct 2008 17:06:04 +0000
Subject: Relevant BUGIDs:

Purpose of commit:

Commit summary:
---------------

2008-10-10  Thorsten Kukuk  <kukuk@thkukuk.de>

        * modules/pam_cracklib/pam_cracklib.c (_pam_unix_approve_pass):
        Remove check for re-used passwords.
        * modules/pam_cracklib/pam_cracklib.8.xml: Remove documentation
        of re-used password check.
---
 modules/pam_cracklib/pam_cracklib.8.xml |  9 -------
 modules/pam_cracklib/pam_cracklib.c     | 44 ++-------------------------------
 2 files changed, 2 insertions(+), 51 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_cracklib/pam_cracklib.8.xml b/modules/pam_cracklib/pam_cracklib.8.xml
index 3d061c43..336da5dd 100644
--- a/modules/pam_cracklib/pam_cracklib.8.xml
+++ b/modules/pam_cracklib/pam_cracklib.8.xml
@@ -111,15 +111,6 @@
           </para>
         </listitem>
       </varlistentry>
-      <varlistentry>
-        <term>Already used</term>
-        <listitem>
-          <para>
-            Was the password used in the past? Previously used passwords
-            are to be found in <filename>/etc/security/opasswd</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
       <varlistentry>
         <term>Same consecutive characters</term>
         <listitem>
diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c
index 3dcc4729..2c4cd4a0 100644
--- a/modules/pam_cracklib/pam_cracklib.c
+++ b/modules/pam_cracklib/pam_cracklib.c
@@ -462,7 +462,7 @@ static int usercheck(struct cracklib_options *opt, const char *new,
     /* now reverse the username, we can do that in place
        as it is strdup-ed */
     f = user;
-    b = user+strlen(user)-1;    
+    b = user+strlen(user)-1;
     while (f < b) {
 	char c;
 
@@ -547,43 +547,6 @@ static const char *password_check(struct cracklib_options *opt,
 }
 
 
-#define OLD_PASSWORDS_FILE	"/etc/security/opasswd"
-
-static const char * check_old_password(const char *forwho, const char *newpass)
-{
-	static char buf[16384];
-	char *s_luser, *s_uid, *s_npas, *s_pas;
-	const char *msg = NULL;
-	FILE *opwfile;
-
-	opwfile = fopen(OLD_PASSWORDS_FILE, "r");
-	if (opwfile == NULL)
-		return NULL;
-
-	while (fgets(buf, 16380, opwfile)) {
-		if (!strncmp(buf, forwho, strlen(forwho))) {
-			char *sptr;
-			buf[strlen(buf)-1] = '\0';
-			s_luser = strtok_r(buf, ":,", &sptr);
-			s_uid   = strtok_r(NULL, ":,", &sptr);
-			s_npas  = strtok_r(NULL, ":,", &sptr);
-			s_pas   = strtok_r(NULL, ":,", &sptr);
-			while (s_pas != NULL) {
-				if (!strcmp(crypt(newpass, s_pas), s_pas)) {
-					msg = _("has been already used");
-					break;
-				}
-				s_pas = strtok_r(NULL, ":,", &sptr);
-			}
-			break;
-		}
-	}
-	fclose(opwfile);
-
-	return msg;
-}
-
-
 static int _pam_unix_approve_pass(pam_handle_t *pamh,
                                   unsigned int ctrl,
 				  struct cracklib_options *opt,
@@ -613,9 +576,6 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh,
      * checking this would be the place
      */
     msg = password_check(opt, pass_old, pass_new, user);
-    if (!msg) {
-	msg = check_old_password(user, pass_new);
-    }
 
     if (msg) {
         if (ctrl & PAM_DEBUG_ARG)
@@ -710,7 +670,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
 		retval = PAM_AUTHTOK_RECOVERY_ERR;         /* didn't work */
 	    }
 	}
-	
+
 	if (options.use_authtok != 1) {
             /* Prepare to ask the user for the first time */
             resp = NULL;
-- 
cgit v1.2.3