diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:23:37 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 22:11:51 -0800 |
| commit | 7e6c4749370338c9af7e1b959f8ab96d089786d6 (patch) | |
| tree | 2da5e702d7da7b222237ea5ac71e208dd70791a6 /modules/pam_pwhistory/pam_pwhistory.c | |
| parent | fa4960114fc50965a9696f2db7406a9d792e3ff8 (diff) | |
| parent | 795badba7f95e737f979917859cd32c9bd47bcad (diff) | |
| download | pam-7e6c4749370338c9af7e1b959f8ab96d089786d6.tar.gz pam-7e6c4749370338c9af7e1b959f8ab96d089786d6.tar.bz2 pam-7e6c4749370338c9af7e1b959f8ab96d089786d6.zip | |
Merge upstream version 1.1.8
Diffstat (limited to 'modules/pam_pwhistory/pam_pwhistory.c')
| -rw-r--r-- | modules/pam_pwhistory/pam_pwhistory.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c index 9b588958..654edd39 100644 --- a/modules/pam_pwhistory/pam_pwhistory.c +++ b/modules/pam_pwhistory/pam_pwhistory.c @@ -1,6 +1,6 @@ /* - * Copyright (c) 2008 Thorsten Kukuk - * Author: Thorsten Kukuk <kukuk@suse.de> + * Copyright (c) 2008, 2012 Thorsten Kukuk + * Author: Thorsten Kukuk <kukuk@thkukuk.de> * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -103,6 +103,9 @@ parse_option (pam_handle_t *pamh, const char *argv, options_t *options) } +/* This module saves the current crypted password in /etc/security/opasswd + and then compares the new password with all entries in this file. */ + PAM_EXTERN int pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -155,10 +158,6 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (pwd == NULL) return PAM_USER_UNKNOWN; - /* Ignore root if not enforced */ - if (pwd->pw_uid == 0 && !options.enforce_for_root) - return PAM_SUCCESS; - if ((strcmp(pwd->pw_passwd, "x") == 0) || ((pwd->pw_passwd[0] == '#') && (pwd->pw_passwd[1] == '#') && @@ -168,15 +167,15 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (spw == NULL) return PAM_USER_UNKNOWN; - retval = save_old_password (pamh, user, pwd->pw_uid, spw->sp_pwdp, - options.remember, options.debug); + retval = save_old_pass (pamh, user, pwd->pw_uid, spw->sp_pwdp, + options.remember, options.debug); if (retval != PAM_SUCCESS) return retval; } else { - retval = save_old_password (pamh, user, pwd->pw_uid, pwd->pw_passwd, - options.remember, options.debug); + retval = save_old_pass (pamh, user, pwd->pw_uid, pwd->pw_passwd, + options.remember, options.debug); if (retval != PAM_SUCCESS) return retval; } @@ -208,14 +207,21 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv) if (options.debug) pam_syslog (pamh, LOG_DEBUG, "check against old password file"); - if (check_old_password (pamh, user, newpass, - options.debug) != PAM_SUCCESS) + if (check_old_pass (pamh, user, newpass, + options.debug) != PAM_SUCCESS) { - pam_error (pamh, - _("Password has been already used. Choose another.")); - newpass = NULL; - /* Remove password item, else following module will use it */ - pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); + if (getuid() || options.enforce_for_root || + (flags & PAM_CHANGE_EXPIRED_AUTHTOK)) + { + pam_error (pamh, + _("Password has been already used. Choose another.")); + newpass = NULL; + /* Remove password item, else following module will use it */ + pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL); + } + else + pam_info (pamh, + _("Password has been already used.")); } } |