Hi Tomas,
On Linux-PAM-1.1.6, I do 'make xtests' get a FAIL (tst-pam_history1).
As commit 585f6c06b2d3574935ed62c3084f2aadd6d1defb("pam_pwhistory: Always record the
old password even when root changes it."), maybe here we lose a reinitialization
for newpass in pam_sm_chauthtok.
As commit bd07ad3adc626f842a4391d256541883426fd389("Reflect the enforce_for_root
semantics change in pam_pwhistory xtest."), add an option 'enforce_for_root' can
make the 'tst-pam_history1' PASS.
What do you think?
Regards
Wang
------------------------------------------------------------------------------------------------------
---
modules/pam_pwhistory/pam_pwhistory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/pam_pwhistory/pam_pwhistory.c b/modules/pam_pwhistory/pam_pwhistory.c
index 654edd3..bc9319e 100644
--- a/modules/pam_pwhistory/pam_pwhistory.c
+++ b/modules/pam_pwhistory/pam_pwhistory.c
@@ -210,12 +210,12 @@ pam_sm_chauthtok (pam_handle_t *pamh, int flags, int argc, const char **argv)
if (check_old_pass (pamh, user, newpass,
options.debug) != PAM_SUCCESS)
{
+ newpass = NULL;
if (getuid() || options.enforce_for_root ||
(flags & PAM_CHANGE_EXPIRED_AUTHTOK))
{
pam_error (pamh,
_("Password has been already used. Choose another."));
- newpass = NULL;
/* Remove password item, else following module will use it */
pam_set_item (pamh, PAM_AUTHTOK, (void *) NULL);
}
--
1.7.12
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
