diff options
| author | Martyn Welch <martyn@welchs.me.uk> | 2022-02-07 12:20:27 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-02-07 13:20:27 +0100 |
| commit | 11c35109a67fa82b75f8d427fcb5ab41f61550f7 (patch) | |
| tree | bb995a6b8cd3ad8a5906fbcac753159f3222894e /modules/pam_pwhistory/pwhistory_helper.c | |
| parent | 5602198320902d02197876daf399cd5ae27a316f (diff) | |
| download | pam-11c35109a67fa82b75f8d427fcb5ab41f61550f7.tar.gz pam-11c35109a67fa82b75f8d427fcb5ab41f61550f7.tar.bz2 pam-11c35109a67fa82b75f8d427fcb5ab41f61550f7.zip | |
pam_pwhistory: Enable alternate location for password history file (#396)
Sometimes, especially in embedded devices, the /etc directory can be
read-only and/or not saved over upgrades. In order to ensure password
policies are maintained across upgrades and the module functions on
read-only file systems, allow the location of the password history file
to be set in the PAM configuration.
Signed-off-by: Edward <jinzhou.zhu1@ge.com>
[Martyn Welch: Updated commit message and ported to latest version]
Signed-off-by: Martyn Welch <martyn.welch@collabora.com>
Signed-off-by: Dmitry V. Levin <ldv@altlinux.org>
Diffstat (limited to 'modules/pam_pwhistory/pwhistory_helper.c')
| -rw-r--r-- | modules/pam_pwhistory/pwhistory_helper.c | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/modules/pam_pwhistory/pwhistory_helper.c b/modules/pam_pwhistory/pwhistory_helper.c index b08a14a7..7a61ae53 100644 --- a/modules/pam_pwhistory/pwhistory_helper.c +++ b/modules/pam_pwhistory/pwhistory_helper.c @@ -51,7 +51,7 @@ static int -check_history(const char *user, const char *debug) +check_history(const char *user, const char *filename, const char *debug) { char pass[PAM_MAX_RESP_SIZE + 1]; char *passwords[] = { pass }; @@ -68,7 +68,7 @@ check_history(const char *user, const char *debug) return PAM_AUTHTOK_ERR; } - retval = check_old_pass(user, pass, dbg); + retval = check_old_pass(user, pass, filename, dbg); memset(pass, '\0', PAM_MAX_RESP_SIZE); /* clear memory of the password */ @@ -76,13 +76,13 @@ check_history(const char *user, const char *debug) } static int -save_history(const char *user, const char *howmany, const char *debug) +save_history(const char *user, const char *filename, const char *howmany, const char *debug) { int num = atoi(howmany); int dbg = atoi(debug); /* no need to be too fancy here */ int retval; - retval = save_old_pass(user, num, dbg); + retval = save_old_pass(user, num, filename, dbg); return retval; } @@ -92,13 +92,14 @@ main(int argc, char *argv[]) { const char *option; const char *user; + const char *filename; /* * we establish that this program is running with non-tty stdin. * this is to discourage casual use. */ - if (isatty(STDIN_FILENO) || argc < 4) + if (isatty(STDIN_FILENO) || argc < 5) { fprintf(stderr, "This binary is not designed for running in this way.\n"); @@ -107,11 +108,12 @@ main(int argc, char *argv[]) option = argv[1]; user = argv[2]; + filename = argv[3]; - if (strcmp(option, "check") == 0 && argc == 4) - return check_history(user, argv[3]); - else if (strcmp(option, "save") == 0 && argc == 5) - return save_history(user, argv[3], argv[4]); + if (strcmp(option, "check") == 0 && argc == 5) + return check_history(user, filename, argv[4]); + else if (strcmp(option, "save") == 0 && argc == 6) + return save_history(user, filename, argv[4], argv[5]); fprintf(stderr, "This binary is not designed for running in this way.\n"); |