diff options
Diffstat (limited to 'modules/pam_unix')
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_auth.c | 9 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 27 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 76 | ||||
| -rw-r--r-- | modules/pam_unix/support.h | 2 |
5 files changed, 63 insertions, 55 deletions
diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 9330a551..6e8ed614 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -188,7 +188,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, const char **argv) { unsigned int ctrl; - const char *uname; + const void *uname; int retval, daysleft; time_t curdays; struct spwd *spent; @@ -199,7 +199,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); - retval = pam_get_item(pamh, PAM_USER, (const void **) &uname); + retval = pam_get_item(pamh, PAM_USER, &uname); D(("user = `%s'", uname)); if (retval != PAM_SUCCESS || uname == NULL) { _log_err(LOG_ALERT, pamh diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 39e0cde5..2ed24127 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -107,7 +107,8 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags { unsigned int ctrl; int retval, *ret_data = NULL; - const char *name, *p; + const char *name; + const void *p; D(("called.")); @@ -197,7 +198,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags ,int argc, const char **argv) { int retval; - int *pretval = NULL; + const void *pretval = NULL; D(("called.")); @@ -206,9 +207,9 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags D(("recovering return code from auth call")); /* We will only find something here if UNIX_LIKE_AUTH is set -- don't worry about an explicit check of argv. */ - pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval); + pam_get_data(pamh, "unix_setcred_return", &pretval); if(pretval) { - retval = *pretval; + retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); D(("recovered data indicates that old retval was %d", retval)); } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9c7cb07c..99b127a0 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -738,7 +738,8 @@ static int _update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) } } -static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, +static int _do_setpass(pam_handle_t* pamh, const char *forwho, + const char *fromwhat, char *towhat, unsigned int ctrl, int remember) { struct passwd *pwd = NULL; @@ -754,7 +755,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, retval = PAM_AUTHTOK_ERR; goto done; } - + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { if ((master=getNISserver(pamh)) != NULL) { struct timeval timeout; @@ -777,7 +778,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, yppwd.newpw.pw_gecos = pwd->pw_gecos; yppwd.newpw.pw_dir = pwd->pw_dir; yppwd.newpw.pw_shell = pwd->pw_shell; - yppwd.oldpass = fromwhat ? fromwhat : ""; + yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup (""); yppwd.newpw.pw_passwd = towhat; D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho)); @@ -797,6 +798,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, (xdrproc_t) xdr_int, (char *) &status, timeout); + free (yppwd.oldpass); + if (err) { _make_remark(pamh, ctrl, PAM_TEXT_INFO, clnt_sperrno(err)); @@ -862,7 +865,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, } -done: +done: #ifdef USE_LCKPWDF ulckpwdf(); #endif @@ -943,7 +946,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh ,const char *pass_old ,const char *pass_new) { - const char *user; + const void *user; const char *remark = NULL; int retval = PAM_SUCCESS; @@ -964,7 +967,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh * checking this would be the place - AGM */ - retval = pam_get_item(pamh, PAM_USER, (const void **) &user); + retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { _log_err(LOG_ERR, pamh, "Can not get username"); @@ -1007,7 +1010,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* <DO NOT free() THESE> */ const char *user; - char *pass_old, *pass_new; + const void *pass_old, *pass_new; /* </DO NOT free() THESE> */ D(("called.")); @@ -1109,7 +1112,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ,"(current) UNIX password: " ,NULL ,_UNIX_OLD_AUTHTOK - ,(const char **) &pass_old); + ,&pass_old); free(Announce); if (retval != PAM_SUCCESS) { @@ -1168,10 +1171,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (off(UNIX_NOT_SET_PASS, ctrl)) { retval = pam_get_item(pamh, PAM_OLDAUTHTOK - ,(const void **) &pass_old); + ,&pass_old); } else { retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK - ,(const void **) &pass_old); + ,&pass_old); if (retval == PAM_NO_MODULE_DATA) { retval = PAM_SUCCESS; pass_old = NULL; @@ -1204,7 +1207,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ,"Enter new UNIX password: " ,"Retype new UNIX password: " ,_UNIX_NEW_AUTHTOK - ,(const char **) &pass_new); + ,&pass_new); if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { @@ -1222,7 +1225,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * password is acceptable. */ - if (pass_new[0] == '\0') { /* "\0" password = NULL */ + if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */ pass_new = NULL; } retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index bb74987b..5368ae20 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -1,4 +1,4 @@ -/* +/* * $Id$ * * Copyright information at end of file. @@ -40,11 +40,11 @@ extern char *bigcrypt(const char *key, const char *salt); void _log_err(int err, pam_handle_t *pamh, const char *format,...) { - char *service = NULL; + const void *service = NULL; char logname[256]; va_list args; - pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + pam_get_item(pamh, PAM_SERVICE, &service); if (service) { strncpy(logname, service, sizeof(logname)); logname[sizeof(logname) - 1 - strlen("(pam_unix)")] = '\0'; @@ -67,11 +67,13 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs ,struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse")); - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = void_conv; if (retval == PAM_SUCCESS) { retval = conv->conv(nargs, (const struct pam_message **) message @@ -230,10 +232,10 @@ struct _pam_failed_auth { static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) { int quiet; - const char *service = NULL; - const char *ruser = NULL; - const char *rhost = NULL; - const char *tty = NULL; + const void *service = NULL; + const void *ruser = NULL; + const void *rhost = NULL; + const void *tty = NULL; struct _pam_failed_auth *failure; D(("called")); @@ -249,13 +251,13 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) /* log the number of authentication failures */ if (failure->count > 1) { (void) pam_get_item(pamh, PAM_SERVICE, - (const void **)&service); + &service); (void) pam_get_item(pamh, PAM_RUSER, - (const void **)&ruser); + &ruser); (void) pam_get_item(pamh, PAM_RHOST, - (const void **)&rhost); + &rhost); (void) pam_get_item(pamh, PAM_TTY, - (const void **)&tty); + &tty); _log_err(LOG_NOTICE, pamh, "%d more authentication failure%s; " "logname=%s uid=%d euid=%d " @@ -476,9 +478,9 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ + { /* NIS+ */ uid_t save_euid, save_uid; - + save_euid = geteuid(); save_uid = getuid(); if (save_uid == pwd->pw_uid) @@ -493,7 +495,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) return 0; } } - + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); @@ -583,7 +585,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, for (i=2; i < rlim.rlim_max; i++) { if (fds[0] != i) close(i); - } + } } /* exec binary helper */ args[0] = x_strdup(CHKPWD_HELPER); @@ -662,9 +664,9 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ + { /* NIS+ */ uid_t save_euid, save_uid; - + save_euid = geteuid(); save_uid = getuid(); if (save_uid == pwd->pw_uid) @@ -678,7 +680,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name return PAM_CRED_INSUFFICIENT; } } - + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); @@ -710,7 +712,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name retval = PAM_SUCCESS; if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) { - + if (geteuid() || SELINUX_ENABLED) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary")); @@ -804,6 +806,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (new != NULL) { const char *login_name; + const void *void_old; + login_name = _pammodutil_getlogin(pamh); if (login_name == NULL) { @@ -816,7 +820,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name new->name = x_strdup(login_name); /* any previous failures for this user ? */ - pam_get_data(pamh, data_name, (const void **) &old); + pam_get_data(pamh, data_name, &void_old); + old = void_old; if (old != NULL) { new->count = old->count + 1; @@ -824,19 +829,19 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name retval = PAM_MAXTRIES; } } else { - const char *service=NULL; - const char *ruser=NULL; - const char *rhost=NULL; - const char *tty=NULL; + const void *service=NULL; + const void *ruser=NULL; + const void *rhost=NULL; + const void *tty=NULL; (void) pam_get_item(pamh, PAM_SERVICE, - (const void **)&service); + &service); (void) pam_get_item(pamh, PAM_RUSER, - (const void **)&ruser); + &ruser); (void) pam_get_item(pamh, PAM_RHOST, - (const void **)&rhost); + &rhost); (void) pam_get_item(pamh, PAM_TTY, - (const void **)&tty); + &tty); _log_err(LOG_NOTICE, pamh, "authentication failure; " @@ -886,7 +891,7 @@ int _unix_read_password(pam_handle_t * pamh ,const char *prompt1 ,const char *prompt2 ,const char *data_name - ,const char **pass) + ,const void **pass) { int authtok_flag; int retval; @@ -911,7 +916,7 @@ int _unix_read_password(pam_handle_t * pamh */ if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) { - retval = pam_get_item(pamh, authtok_flag, (const void **) pass); + retval = pam_get_item(pamh, authtok_flag, pass); if (retval != PAM_SUCCESS) { /* very strange. */ _log_err(LOG_ALERT, pamh @@ -1016,8 +1021,7 @@ int _unix_read_password(pam_handle_t * pamh retval = pam_set_item(pamh, authtok_flag, token); _pam_delete(token); /* clean it up */ if (retval != PAM_SUCCESS - || (retval = pam_get_item(pamh, authtok_flag - ,(const void **) pass)) + || (retval = pam_get_item(pamh, authtok_flag, pass)) != PAM_SUCCESS) { *pass = NULL; @@ -1079,13 +1083,13 @@ int _unix_shadowed(const struct passwd *pwd) * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 5f55911a..9cf21136 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -149,7 +149,7 @@ extern int _unix_read_password(pam_handle_t * pamh ,const char *prompt1 ,const char *prompt2 ,const char *data_name - ,const char **pass); + ,const void **pass); extern int _unix_shadowed(const struct passwd *pwd); extern struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user); |