1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
Index: Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
===================================================================
--- Linux-PAM-1.1.0.orig/modules/pam_pwhistory/opasswd.c
+++ Linux-PAM-1.1.0/modules/pam_pwhistory/opasswd.c
@@ -94,6 +94,23 @@ parse_entry (char *line, opwd *data)
return 0;
}
+static int
+compare_password(const char *newpass, const char *oldpass)
+{
+ char *outval;
+#ifdef HAVE_CRYPT_R
+ struct crypt_data output;
+
+ output.initialized = 0;
+
+ outval = crypt_r (newpass, oldpass, &output);
+#else
+ outval = crypt (newpass, oldpass);
+#endif
+
+ return strcmp(outval, oldpass) == 0;
+}
+
/* Check, if the new password is already in the opasswd file. */
int
check_old_password (pam_handle_t *pamh, const char *user,
@@ -167,12 +184,9 @@ check_old_password (pam_handle_t *pamh,
if (found)
{
const char delimiters[] = ",";
- struct crypt_data output;
char *running;
char *oldpass;
- memset (&output, 0, sizeof (output));
-
running = strdupa (entry.old_passwords);
if (running == NULL)
return PAM_BUF_ERR;
@@ -180,7 +194,7 @@ check_old_password (pam_handle_t *pamh,
do {
oldpass = strsep (&running, delimiters);
if (oldpass && strlen (oldpass) > 0 &&
- strcmp (crypt_r (newpass, oldpass, &output), oldpass) == 0)
+ compare_password(newpass, oldpass) )
{
if (debug)
pam_syslog (pamh, LOG_DEBUG, "New password already used");
Index: Linux-PAM-1.1.0/configure.in
===================================================================
--- Linux-PAM-1.1.0.orig/configure.in
+++ Linux-PAM-1.1.0/configure.in
@@ -458,7 +458,7 @@ AC_FUNC_MEMCMP
AC_FUNC_VPRINTF
AC_CHECK_FUNCS(fseeko gethostname gettimeofday lckpwdf mkdir select)
AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
-AC_CHECK_FUNCS(getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
+AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r)
AC_CHECK_FUNCS(getgrouplist getline getdelim)
AC_CHECK_FUNCS(inet_ntop inet_pton ruserok_af)
Index: Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
===================================================================
--- Linux-PAM-1.1.0.orig/modules/pam_timestamp/pam_timestamp.c
+++ Linux-PAM-1.1.0/modules/pam_timestamp/pam_timestamp.c
@@ -200,7 +200,13 @@ check_login_time(const char *ruser, time
time_t oldest_login = 0;
setutent();
- while(!getutent_r(&utbuf, &ut)) {
+ while(
+#ifdef HAVE_GETUTENT_R
+ !getutent_r(&utbuf, &ut)
+#else
+ (ut = getutent()) != NULL
+#endif
+ ) {
if (ut->ut_type != USER_PROCESS) {
continue;
}
|
