Index: Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c =================================================================== --- Linux-PAM-1.1.0.orig/modules/pam_pwhistory/opasswd.c +++ Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c @@ -94,6 +94,23 @@ parse_entry (char *line, opwd *data) return 0; } +static int +compare_password(const char *newpass, const char *oldpass) +{ + char *outval; +#ifdef HAVE_CRYPT_R + struct crypt_data output; + + output.initialized = 0; + + outval = crypt_r (newpass, oldpass, &output); +#else + outval = crypt (newpass, oldpass); +#endif + + return strcmp(outval, oldpass) == 0; +} + /* Check, if the new password is already in the opasswd file. */ int check_old_password (pam_handle_t *pamh, const char *user, @@ -167,12 +184,9 @@ check_old_password (pam_handle_t *pamh, if (found) { const char delimiters[] = ","; - struct crypt_data output; char *running; char *oldpass; - memset (&output, 0, sizeof (output)); - running = strdupa (entry.old_passwords); if (running == NULL) return PAM_BUF_ERR; @@ -180,7 +194,7 @@ check_old_password (pam_handle_t *pamh, do { oldpass = strsep (&running, delimiters); if (oldpass && strlen (oldpass) > 0 && - strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0) + compare_password(newpass, oldpass) ) { if (debug) pam_syslog (pamh, LOG_DEBUG, "New password already used"); Index: Linux-PAM-1.1.0/configure.in =================================================================== --- Linux-PAM-1.1.0.orig/configure.in +++ Linux-PAM-1.1.0/configure.in @@ -458,7 +458,7 @@ AC_FUNC_MEMCMP AC_FUNC_VPRINTF AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select) AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname) -AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r) +AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r) AC_CHECK_FUNCS(getgrouplist getline getdelim) AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af) Index: Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c =================================================================== --- Linux-PAM-1.1.0.orig/modules/pam_timestamp/pam_timestamp.c +++ Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c @@ -200,7 +200,13 @@ check_login_time(const char *ruser, time time_t oldest_login = 0; setutent(); - while(!getutent_r(&utbuf, &ut)) { + while( +#ifdef HAVE_GETUTENT_R + !getutent_r(&utbuf, &ut) +#else + (ut = getutent()) != NULL +#endif + ) { if (ut->ut_type != USER_PROCESS) { continue; }