From 0a7fe016a03184815b03fe92d50c58e67c8c05fc Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Thu, 9 Jun 2005 17:29:18 +0000 Subject: Relevant BUGIDs: none Purpose of commit: cleanup Commit summary: --------------- Fix all occurrence of dereferencing type-punned pointer will break strict-aliasing rules warnings --- CHANGELOG | 2 + configure | 81 ++++++++++++++- examples/xsh.c | 6 +- libpam/pam_dispatch.c | 11 +-- modules/pam_access/pam_access.c | 34 ++++--- modules/pam_cracklib/pam_cracklib.c | 26 ++--- modules/pam_debug/pam_debug.c | 9 +- modules/pam_env/pam_env.c | 168 ++++++++++++++++---------------- modules/pam_filter/pam_filter.c | 22 ++--- modules/pam_ftp/pam_ftp.c | 6 +- modules/pam_group/pam_group.c | 11 ++- modules/pam_issue/pam_issue.c | 5 +- modules/pam_lastlog/pam_lastlog.c | 22 +++-- modules/pam_listfile/pam_listfile.c | 22 +++-- modules/pam_mail/pam_mail.c | 8 +- modules/pam_mkhomedir/pam_mkhomedir.c | 12 ++- modules/pam_motd/pam_motd.c | 10 +- modules/pam_nologin/pam_nologin.c | 13 ++- modules/pam_rhosts/pam_rhosts_auth.c | 20 ++-- modules/pam_securetty/pam_securetty.c | 6 +- modules/pam_selinux/pam_selinux.c | 55 +++++++---- modules/pam_stress/pam_stress.c | 41 ++++---- modules/pam_succeed_if/pam_succeed_if.c | 6 +- modules/pam_tally/pam_tally.c | 6 +- modules/pam_time/pam_time.c | 23 +++-- modules/pam_unix/pam_unix_acct.c | 4 +- modules/pam_unix/pam_unix_auth.c | 9 +- modules/pam_unix/pam_unix_passwd.c | 27 ++--- modules/pam_unix/support.c | 76 ++++++++------- modules/pam_unix/support.h | 2 +- modules/pam_userdb/conv.c | 14 +-- modules/pam_userdb/pam_userdb.c | 6 +- modules/pam_warn/pam_warn.c | 4 +- modules/pammodutil/modutil_getlogin.c | 17 ++-- 34 files changed, 463 insertions(+), 321 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 0695b7f3..d5607b76 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -85,6 +85,8 @@ BerliOS Bugs are marked with (BerliOS #XXXX). Richard Shaffer (t8m) * pam_limits: Don't reset process priority if none is specified in the config file (Novell #81690 - kukuk) +* Fix all occurrence of dereferencing type-punned pointer will break + strict-aliasing rules warnings (kukuk) 0.79: Thu Mar 31 16:48:45 CEST 2005 * pam_tally: added audit option (toady) diff --git a/configure b/configure index 0f90e74d..bd8fc223 100755 --- a/configure +++ b/configure @@ -310,7 +310,7 @@ ac_includes_default="\ # include #endif" -ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS LIBPAM_VERSION_MAJOR LIBPAM_VERSION_MINOR LOCALSRCDIR LOCALOBJDIR OS CONF_CFLAGS MKDIR SHLIBMODE MANMODE USESONAME SOSWITCH NEEDSONAME LDCONFIG CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT YACC LEX LEXLIB LEX_OUTPUT_ROOT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE WITH_DEBUG WITH_MEMORY_DEBUG WITH_LIBDEBUG WITH_PRELUDE FAKEROOT SECUREDIR SCONFIGDIR SUPLEMENTED INCLUDEDIR DOCDIR MANDIR WITH_PAMLOCKING PAM_READ_BOTH_CONFS STATIC_LIBPAM DYNAMIC_LIBPAM DYNAMIC STATIC WITH_LCKPWDF CPP EGREP PAM_NEEDS_LIBC HAVE_LCKPWDF LIBDL HAVE_LIBCRACK HAVE_LIBCRYPT HAVE_LIBUTIL HAVE_LIBNDBM HAVE_LIBDB HAVE_LIBFL HAVE_LIBNSL HAVE_LIBPWDB HAVE_LIBFLEX HAVE_LIBLEX HAVE_NDBM_H CRACKLIB_DICTPATH DYNTYPE OS_CFLAGS WARNINGS PIC LD LD_D LD_L RANLIB STRIP CC_STATIC LIBOBJS HAVE_SGML2TXT HAVE_SGML2HTML HAVE_SGML2LATEX HAVE_PS2PDF HAVE_SGML2PS PSER PS2PDF LTLIBOBJS' +ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS LIBPAM_VERSION_MAJOR LIBPAM_VERSION_MINOR LOCALSRCDIR LOCALOBJDIR OS CONF_CFLAGS MKDIR SHLIBMODE MANMODE USESONAME SOSWITCH NEEDSONAME LDCONFIG CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT YACC LEX LEXLIB LEX_OUTPUT_ROOT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE WITH_DEBUG WITH_MEMORY_DEBUG WITH_LIBDEBUG WITH_PRELUDE FAKEROOT SECUREDIR SCONFIGDIR SUPLEMENTED INCLUDEDIR DOCDIR MANDIR WITH_PAMLOCKING PAM_READ_BOTH_CONFS STATIC_LIBPAM DYNAMIC_LIBPAM DYNAMIC STATIC WITH_LCKPWDF CPP EGREP PAM_NEEDS_LIBC HAVE_LCKPWDF LIBDL HAVE_LIBCRACK HAVE_LIBCRYPT HAVE_LIBUTIL HAVE_LIBNDBM HAVE_LIBDB HAVE_LIBFL HAVE_LIBNSL HAVE_LIBSELINUX HAVE_LIBPWDB HAVE_LIBFLEX HAVE_LIBLEX HAVE_NDBM_H CRACKLIB_DICTPATH DYNTYPE OS_CFLAGS WARNINGS PIC LD LD_D LD_L RANLIB STRIP CC_STATIC LIBOBJS HAVE_SGML2TXT HAVE_SGML2HTML HAVE_SGML2LATEX HAVE_PS2PDF HAVE_SGML2PS PSER PS2PDF LTLIBOBJS' ac_subst_files='' # Initialize some variables set by options. @@ -4441,6 +4441,84 @@ fi +echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5 +echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6 +if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then + echo $ECHO_N "(cached) $ECHO_C" >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lselinux $LIBS" +cat >conftest.$ac_ext <<_ACEOF +/* confdefs.h. */ +_ACEOF +cat confdefs.h >>conftest.$ac_ext +cat >>conftest.$ac_ext <<_ACEOF +/* end confdefs.h. */ + +/* Override any gcc2 internal prototype to avoid an error. */ +#ifdef __cplusplus +extern "C" +#endif +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char getfilecon (); +int +main () +{ +getfilecon (); + ; + return 0; +} +_ACEOF +rm -f conftest.$ac_objext conftest$ac_exeext +if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 + (eval $ac_link) 2>conftest.er1 + ac_status=$? + grep -v '^ *+' conftest.er1 >conftest.err + rm -f conftest.er1 + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && + { ac_try='test -z "$ac_c_werror_flag" + || test ! -s conftest.err' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; } && + { ac_try='test -s conftest$ac_exeext' + { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + ac_cv_lib_selinux_getfilecon=yes +else + echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +ac_cv_lib_selinux_getfilecon=no +fi +rm -f conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5 +echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6 +if test $ac_cv_lib_selinux_getfilecon = yes; then + HAVE_LIBSELINUX=yes ; cat >>confdefs.h <<\_ACEOF +#define HAVE_LIBSELINUX 1 +_ACEOF + +else + HAVE_LIBSELINUX=no +fi + + + +if test $HAVE_LIBSELINUX = yes ; then + pwdblibs="$pwdblibs -lselinux" +fi if test $HAVE_LIBNSL = yes ; then pwdblibs="$pwdblibs -lnsl" fi @@ -8344,6 +8422,7 @@ s,@HAVE_LIBNDBM@,$HAVE_LIBNDBM,;t t s,@HAVE_LIBDB@,$HAVE_LIBDB,;t t s,@HAVE_LIBFL@,$HAVE_LIBFL,;t t s,@HAVE_LIBNSL@,$HAVE_LIBNSL,;t t +s,@HAVE_LIBSELINUX@,$HAVE_LIBSELINUX,;t t s,@HAVE_LIBPWDB@,$HAVE_LIBPWDB,;t t s,@HAVE_LIBFLEX@,$HAVE_LIBFLEX,;t t s,@HAVE_LIBLEX@,$HAVE_LIBLEX,;t t diff --git a/examples/xsh.c b/examples/xsh.c index f8fa1426..7ec5c7a2 100644 --- a/examples/xsh.c +++ b/examples/xsh.c @@ -39,7 +39,7 @@ static struct pam_conv conv = { int main(int argc, char **argv) { pam_handle_t *pamh=NULL; - const char *username=NULL; + const void *username=NULL; const char *service="xsh"; int retcode; @@ -137,10 +137,10 @@ int main(int argc, char **argv) break; } - pam_get_item(pamh, PAM_USER, (const void **) &username); + pam_get_item(pamh, PAM_USER, &username); fprintf(stderr, "The user [%s] has been authenticated and `logged in'\n", - username); + (const char *)username); /* this is always a really bad thing for security! */ system("/bin/sh"); diff --git a/libpam/pam_dispatch.c b/libpam/pam_dispatch.c index 1daf0c9f..686c05ec 100644 --- a/libpam/pam_dispatch.c +++ b/libpam/pam_dispatch.c @@ -1,7 +1,7 @@ /* pam_dispatch.c - handles module function dispatch */ /* - * Copyright (c) 1998 Andrew G. Morgan + * Copyright (c) 1998, 2005 Andrew G. Morgan * * $Id$ */ @@ -40,11 +40,11 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR); if (h == NULL) { - const char *service=NULL; + const void *service=NULL; - (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service); + (void) pam_get_item(pamh, PAM_SERVICE, &service); _pam_system_log(LOG_ERR, "no modules loaded for `%s' service", - service ? service:"" ); + service ? (const char *)service:"" ); service = NULL; return PAM_MUST_FAIL_CODE; } @@ -237,7 +237,7 @@ static int _pam_dispatch_aux(pam_handle_t *pamh, int flags, struct handler *h, } } } - + /* this means that we need to skip #action stacked modules */ do { h = h->next; @@ -381,4 +381,3 @@ int _pam_dispatch(pam_handle_t *pamh, int flags, int choice) return retval; } - diff --git a/modules/pam_access/pam_access.c b/modules/pam_access/pam_access.c index 797e7160..2533243d 100644 --- a/modules/pam_access/pam_access.c +++ b/modules/pam_access/pam_access.c @@ -99,7 +99,7 @@ static const char *sep = ", \t"; /* list-element separator */ */ struct login_info { struct passwd *user; - char *from; + const char *from; const char *config_file; const char *service; }; @@ -160,7 +160,7 @@ static int list_match (pam_handle_t *, char *, struct login_info *, match_func *); static int user_match (pam_handle_t *, char *, struct login_info *); static int from_match (pam_handle_t *, char *, struct login_info *); -static int string_match (pam_handle_t *, char *, char *); +static int string_match (pam_handle_t *, const char *, const char *); /* login_access - match username/group and host/tty with access control file */ @@ -271,7 +271,7 @@ static char * myhostname(void) /* netgroup_match - match group against machine or user */ -static int netgroup_match(char *group, char *machine, char *user) +static int netgroup_match(const char *group, const char *machine, const char *user) { static char *mydomain = NULL; @@ -317,9 +317,9 @@ static int user_match(pam_handle_t *pamh, char *tok, struct login_info *item) static int from_match (pam_handle_t *pamh, char *tok, struct login_info *item) { - char *string = item->from; - int tok_len; - int str_len; + const char *string = item->from; + int tok_len; + int str_len; /* * If a token has the magic value "ALL" the match always succeeds. Return @@ -379,7 +379,7 @@ from_match (pam_handle_t *pamh, char *tok, struct login_info *item) /* string_match - match a string against one token */ static int -string_match (pam_handle_t *pamh, char *tok, char *string) +string_match (pam_handle_t *pamh, const char *tok, const char *string) { /* @@ -401,12 +401,15 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc ,const char **argv) { struct login_info loginfo; - const char *user=NULL, *service=NULL; - char *from=NULL; + const char *user=NULL; + const void *service=NULL; + const void *void_from=NULL; + const char *from; struct passwd *user_pw; - if ((pam_get_item(pamh, PAM_SERVICE, (const void **)&service) - != PAM_SUCCESS) || (service == NULL) || (*service == ' ')) { + if ((pam_get_item(pamh, PAM_SERVICE, &service) + != PAM_SUCCESS) || (service == NULL) || + (*(const char *)service == ' ')) { _log_err("cannot find the service name"); return PAM_ABORT; } @@ -421,18 +424,19 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc /* remote host name */ - if (pam_get_item(pamh, PAM_RHOST, (const void **)&from) + if (pam_get_item(pamh, PAM_RHOST, &void_from) != PAM_SUCCESS) { _log_err("cannot find the remote host name"); return PAM_ABORT; } + from = void_from; if ((from==NULL) || (*from=='\0')) { /* local login, set tty name */ - if (pam_get_item(pamh, PAM_TTY, (const void **)&from) != PAM_SUCCESS - || from == NULL) { + if (pam_get_item(pamh, PAM_TTY, &void_from) != PAM_SUCCESS + || void_from == NULL) { D(("PAM_TTY not set, probing stdin")); from = ttyname(STDIN_FILENO); if (from == NULL) { @@ -444,6 +448,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc return PAM_ABORT; } } + else + from = void_from; if (from[0] == '/') { /* full path */ from++; diff --git a/modules/pam_cracklib/pam_cracklib.c b/modules/pam_cracklib/pam_cracklib.c index 5ddf7f2c..1695e841 100644 --- a/modules/pam_cracklib/pam_cracklib.c +++ b/modules/pam_cracklib/pam_cracklib.c @@ -186,10 +186,11 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs, struct pam_response **response) { int retval; - struct pam_conv *conv = NULL; - - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + const void *void_conv = NULL; + const struct pam_conv *conv; + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = (const struct pam_conv *)void_conv; if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, (const struct pam_message **)message, response, conv->appdata_ptr); @@ -507,7 +508,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, const char *pass_new) { const char *msg = NULL; - const char *user; + const void *user; int retval; if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) { @@ -525,7 +526,7 @@ static int _pam_unix_approve_pass(pam_handle_t *pamh, */ msg = password_check(opt, pass_old,pass_new); if (!msg) { - retval = pam_get_item(pamh, PAM_USER, (const void **)&user); + retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS || user == NULL) { if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_ERR,"Can not get username"); @@ -600,15 +601,15 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } else if (flags & PAM_UPDATE_AUTHTOK) { int retval; - char *token1, *token2, *oldtoken; + char *token1, *token2; + const void *oldtoken; struct pam_message msg[1],*pmsg[1]; struct pam_response *resp; const char *cracklib_dictpath = CRACKLIB_DICTPATH; char prompt[BUFSIZ]; D(("do update")); - retval = pam_get_item(pamh, PAM_OLDAUTHTOK, - (const void **)&oldtoken); + retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldtoken); if (retval != PAM_SUCCESS) { if (ctrl & PAM_DEBUG_ARG) _pam_log(LOG_ERR,"Can not get old passwd"); @@ -637,9 +638,9 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, */ if (options.use_authtok == 1) { - const char *item = NULL; + const void *item = NULL; - retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &item); + retval = pam_get_item(pamh, PAM_AUTHTOK, &item); if (retval != PAM_SUCCESS) { /* very strange. */ _pam_log(LOG_ALERT @@ -788,7 +789,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, */ { - const char *item = NULL; + const void *item = NULL; retval = pam_set_item(pamh, PAM_AUTHTOK, token1); @@ -797,8 +798,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, token2 = _pam_delete(token2); if ( (retval != PAM_SUCCESS) || - ((retval = pam_get_item(pamh, PAM_AUTHTOK, - (const void **)&item) + ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item) ) != PAM_SUCCESS) ) { _pam_log(LOG_CRIT, "error manipulating password"); continue; diff --git a/modules/pam_debug/pam_debug.c b/modules/pam_debug/pam_debug.c index a6f3538c..e7ac8861 100644 --- a/modules/pam_debug/pam_debug.c +++ b/modules/pam_debug/pam_debug.c @@ -37,11 +37,14 @@ static int state(pam_handle_t *pamh, const char *text) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; struct pam_message msg[1], *mesg[1]; struct pam_response *response; - retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv); + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = (const struct pam_conv *) void_conv; + if ((retval != PAM_SUCCESS) || (conv == NULL)) { D(("failed to obtain conversation function")); return PAM_ABORT; @@ -114,7 +117,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, } PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv); diff --git a/modules/pam_env/pam_env.c b/modules/pam_env/pam_env.c index 2c93ebab..d05e33f8 100644 --- a/modules/pam_env/pam_env.c +++ b/modules/pam_env/pam_env.c @@ -4,7 +4,7 @@ * $Id$ * * Written by Dave Kinchlea 1997/01/31 - * Inspired by Andrew Morgan , who also supplied the + * Inspired by Andrew Morgan , who also supplied the * template for this file (via pam_mail) */ @@ -59,21 +59,21 @@ typedef struct var { #define GOOD_LINE 0 #define BAD_LINE 100 /* This must be > the largest PAM_* error code */ -#define DEFINE_VAR 101 +#define DEFINE_VAR 101 #define UNDEFINE_VAR 102 #define ILLEGAL_VAR 103 static int _assemble_line(FILE *, char *, int); static int _parse_line(char *, VAR *); static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */ -static void _clean_var(VAR *); +static void _clean_var(VAR *); static int _expand_arg(pam_handle_t *, char **); static const char * _pam_get_item_byname(pam_handle_t *, const char *); static int _define_var(pam_handle_t *, VAR *); static int _undefine_var(pam_handle_t *, VAR *); /* This is a flag used to designate an empty string */ -static char quote='Z'; +static char quote='Z'; /* some syslogging */ @@ -141,7 +141,7 @@ static int _parse_config_file(pam_handle_t *pamh, int ctrl, char **conffile) const char *file; char buffer[BUF_SIZE]; FILE *conf; - VAR Var, *var=&Var; + VAR Var, *var=&Var; var->name=NULL; var->defval=NULL; var->override=NULL; D(("Called.")); @@ -154,13 +154,13 @@ static int _parse_config_file(pam_handle_t *pamh, int ctrl, char **conffile) D(("Config file name is: %s", file)); - /* - * Lets try to open the config file, parse it and process + /* + * Lets try to open the config file, parse it and process * any variables found. */ if ((conf = fopen(file,"r")) == NULL) { - _log_err(LOG_ERR, "Unable to open config file: %s", + _log_err(LOG_ERR, "Unable to open config file: %s", strerror(errno)); return PAM_IGNORE; } @@ -176,19 +176,19 @@ static int _parse_config_file(pam_handle_t *pamh, int ctrl, char **conffile) retval = _check_var(pamh, var); if (DEFINE_VAR == retval) { - retval = _define_var(pamh, var); + retval = _define_var(pamh, var); } else if (UNDEFINE_VAR == retval) { - retval = _undefine_var(pamh, var); - } - } - if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval + retval = _undefine_var(pamh, var); + } + } + if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval && BAD_LINE != retval && PAM_BAD_ITEM != retval) break; - - _clean_var(var); + + _clean_var(var); } /* while */ - + (void) fclose(conf); /* tidy up */ @@ -272,7 +272,7 @@ static int _parse_env_file(pam_handle_t *pamh, int ctrl, char **env_file) break; } } - + (void) fclose(conf); /* tidy up */ @@ -367,41 +367,41 @@ static int _assemble_line(FILE *f, char *buffer, int buf_len) static int _parse_line(char *buffer, VAR *var) { - /* - * parse buffer into var, legal syntax is + /* + * parse buffer into var, legal syntax is * VARIABLE [DEFAULT=[[string]] [OVERRIDE=[value]] * - * Any other options defined make this a bad line, + * Any other options defined make this a bad line, * error logged and no var set */ - + int length, quoteflg=0; - char *ptr, **valptr, *tmpptr; - + char *ptr, **valptr, *tmpptr; + D(("Called buffer = <%s>", buffer)); length = strcspn(buffer," \t\n"); - + if ((var->name = malloc(length + 1)) == NULL) { _log_err(LOG_ERR, "Couldn't malloc %d bytes", length+1); return PAM_BUF_ERR; } - - /* - * The first thing on the line HAS to be the variable name, + + /* + * The first thing on the line HAS to be the variable name, * it may be the only thing though. */ strncpy(var->name, buffer, length); var->name[length] = '\0'; D(("var->name = <%s>, length = %d", var->name, length)); - /* + /* * Now we check for arguments, we only support two kinds and ('cause I am lazy) * each one can actually be listed any number of times */ - + ptr = buffer+length; - while ((length = strspn(ptr, " \t")) > 0) { + while ((length = strspn(ptr, " \t")) > 0) { ptr += length; /* remove leading whitespace */ D((ptr)); if (strncmp(ptr,"DEFAULT=",8) == 0) { @@ -417,18 +417,18 @@ static int _parse_line(char *buffer, VAR *var) _log_err(LOG_ERR, "Unrecognized Option: %s - ignoring line", ptr); return BAD_LINE; } - + if ('"' != *ptr) { /* Escaped quotes not supported */ length = strcspn(ptr, " \t\n"); tmpptr = ptr+length; } else { - tmpptr = strchr(++ptr, '"'); + tmpptr = strchr(++ptr, '"'); if (!tmpptr) { D(("Unterminated quoted string: %s", ptr-1)); _log_err(LOG_ERR, "Unterminated quoted string: %s", ptr-1); return BAD_LINE; } - length = tmpptr - ptr; + length = tmpptr - ptr; if (*++tmpptr && ' ' != *tmpptr && '\t' != *tmpptr && '\n' != *tmpptr) { D(("Quotes must cover the entire string: <%s>", ptr)); _log_err(LOG_ERR, "Quotes must cover the entire string: <%s>", ptr); @@ -449,11 +449,11 @@ static int _parse_line(char *buffer, VAR *var) } ptr = tmpptr; /* Start the search where we stopped */ } /* while */ - - /* + + /* * The line is parsed, all is well. */ - + D(("Exit.")); ptr = NULL; tmpptr = NULL; valptr = NULL; return GOOD_LINE; @@ -461,16 +461,16 @@ static int _parse_line(char *buffer, VAR *var) static int _check_var(pam_handle_t *pamh, VAR *var) { - /* - * Examine the variable and determine what action to take. + /* + * Examine the variable and determine what action to take. * Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take * or a PAM_* error code if passed back from other routines * * if no DEFAULT provided, the empty string is assumed * if no OVERRIDE provided, the empty string is assumed - * if DEFAULT= and OVERRIDE evaluates to the empty string, + * if DEFAULT= and OVERRIDE evaluates to the empty string, * this variable should be undefined - * if DEFAULT="" and OVERRIDE evaluates to the empty string, + * if DEFAULT="" and OVERRIDE evaluates to the empty string, * this variable should be defined with no value * if OVERRIDE=value and value turns into the empty string, DEFAULT is used * @@ -498,18 +498,18 @@ static int _check_var(pam_handle_t *pamh, VAR *var) } /* Now its easy */ - - if (var->override && *(var->override) && "e != var->override) { + + if (var->override && *(var->override) && "e != var->override) { /* if there is a non-empty string in var->override, we use it */ D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override)); var->value = var->override; retval = DEFINE_VAR; } else { - + var->value = var->defval; if ("e == var->defval) { - /* - * This means that the empty string was given for defval value + /* + * This means that the empty string was given for defval value * which indicates that a variable should be defined with no value */ *var->defval = '\0'; @@ -531,12 +531,12 @@ static int _check_var(pam_handle_t *pamh, VAR *var) static int _expand_arg(pam_handle_t *pamh, char **value) { const char *orig=*value, *tmpptr=NULL; - char *ptr; /* - * Sure would be nice to use tmpptr but it needs to be + char *ptr; /* + * Sure would be nice to use tmpptr but it needs to be * a constant so that the compiler will shut up when I * call pam_getenv and _pam_get_item_byname -- sigh */ - + /* No unexpanded variable can be bigger than BUF_SIZE */ char type, tmpval[BUF_SIZE]; @@ -546,11 +546,11 @@ static int _expand_arg(pam_handle_t *pamh, char **value) D(("Remember to initialize tmp!")); memset(tmp, 0, MAX_ENV); - /* + /* * (possibly non-existent) environment variables can be used as values * by prepending a "$" and wrapping in {} (ie: ${HOST}), can escape with "\" - * (possibly non-existent) PAM items can be used as values - * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape + * (possibly non-existent) PAM items can be used as values + * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape * */ D(("Expanding <%s>",orig)); @@ -559,7 +559,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value) ++orig; if ('$' != *orig && '@' != *orig) { D(("Unrecognized escaped character: <%c> - ignoring", *orig)); - _log_err(LOG_ERR, "Unrecognized escaped character: <%c> - ignoring", + _log_err(LOG_ERR, "Unrecognized escaped character: <%c> - ignoring", *orig); } else if ((strlen(tmp) + 1) < MAX_ENV) { tmp[strlen(tmp)] = *orig++; /* Note the increment */ @@ -570,7 +570,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value) tmp, tmpptr); } continue; - } + } if ('$' == *orig || '@' == *orig) { if ('{' != *(orig+1)) { D(("Expandable variables must be wrapped in {}" @@ -586,7 +586,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value) type = *orig; orig+=2; /* skip the ${ or @{ characters */ ptr = strchr(orig, '}'); - if (ptr) { + if (ptr) { *ptr++ = '\0'; } else { D(("Unterminated expandable variable: <%s>", orig-2)); @@ -596,18 +596,18 @@ static int _expand_arg(pam_handle_t *pamh, char **value) strncpy(tmpval, orig, sizeof(tmpval)); tmpval[sizeof(tmpval)-1] = '\0'; orig=ptr; - /* - * so, we know we need to expand tmpval, it is either + /* + * so, we know we need to expand tmpval, it is either * an environment variable or a PAM_ITEM. type will tell us which */ switch (type) { - + case '$': D(("Expanding env var: <%s>",tmpval)); tmpptr = pam_getenv(pamh, tmpval); D(("Expanded to <%s>", tmpptr)); break; - + case '@': D(("Expanding pam item: <%s>",tmpval)); tmpptr = _pam_get_item_byname(pamh, tmpval); @@ -619,7 +619,7 @@ static int _expand_arg(pam_handle_t *pamh, char **value) _log_err(LOG_CRIT, "Impossible error, type == <%c>", type); return PAM_ABORT; } /* switch */ - + if (tmpptr) { if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) { strcat(tmp, tmpptr); @@ -659,13 +659,13 @@ static int _expand_arg(pam_handle_t *pamh, char **value) static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) { - /* + /* * This function just allows me to use names as given in the config * file and translate them into the appropriate PAM_ITEM macro */ int item; - const char *itemval; + const void *itemval; D(("Called.")); if (strcmp(name, "PAM_USER") == 0) { @@ -683,8 +683,8 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) _log_err(LOG_ERR, "Unknown PAM_ITEM: <%s>", name); return NULL; } - - if (pam_get_item(pamh, item, (const void **)&itemval) != PAM_SUCCESS) { + + if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) { D(("pam_get_item failed")); return NULL; /* let pam_get_item() log the error */ } @@ -695,10 +695,10 @@ static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name) static int _define_var(pam_handle_t *pamh, VAR *var) { /* We have a variable to define, this is a simple function */ - + char *envvar; int size, retval=PAM_SUCCESS; - + D(("Called.")); size = strlen(var->name)+strlen(var->value)+2; if ((envvar = malloc(size)) == NULL) { @@ -716,7 +716,7 @@ static int _define_var(pam_handle_t *pamh, VAR *var) static int _undefine_var(pam_handle_t *pamh, VAR *var) { /* We have a variable to undefine, this is a simple function */ - + D(("Called and exit.")); return pam_putenv(pamh, var->name); } @@ -724,13 +724,13 @@ static int _undefine_var(pam_handle_t *pamh, VAR *var) static void _clean_var(VAR *var) { if (var->name) { - free(var->name); + free(var->name); } if (var->defval && ("e != var->defval)) { - free(var->defval); + free(var->defval); } if (var->override && ("e != var->override)) { - free(var->override); + free(var->override); } var->name = NULL; var->value = NULL; /* never has memory specific to it */ @@ -746,12 +746,12 @@ static void _clean_var(VAR *var) PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) -{ +{ return PAM_IGNORE; } -PAM_EXTERN -int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, +PAM_EXTERN +int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; @@ -760,7 +760,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, /* * this module sets environment variables read in from a file */ - + D(("Called.")); ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv); @@ -770,40 +770,40 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, retval = _parse_env_file(pamh, ctrl, &env_file); /* indicate success or failure */ - + D(("Exit.")); return retval; } -PAM_EXTERN -int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, +PAM_EXTERN +int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { _log_err(LOG_NOTICE, "pam_sm_acct_mgmt called inappropriatly"); return PAM_SERVICE_ERR; } - + PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc ,const char **argv) { int retval, ctrl, readenv=DEFAULT_READ_ENVFILE; char *conf_file=NULL, *env_file=NULL; - + /* * this module sets environment variables read in from a file */ - + D(("Called.")); ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv); - + retval = _parse_config_file(pamh, ctrl, &conf_file); - + if(readenv && retval == PAM_SUCCESS) retval = _parse_env_file(pamh, ctrl, &env_file); /* indicate success or failure */ - + D(("Exit.")); return retval; } @@ -816,8 +816,8 @@ int pam_sm_close_session(pam_handle_t *pamh,int flags,int argc, return PAM_SUCCESS; } -PAM_EXTERN -int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, +PAM_EXTERN +int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) { _log_err(LOG_NOTICE, "pam_sm_chauthtok called inappropriatly"); diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 328fec87..2b7f6bf0 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -130,7 +130,8 @@ static int process_args(pam_handle_t *pamh *evp = NULL; } else { char **levp; - const char *tmp; + const char *user = NULL; + const void *tmp; int i,size, retval; *filtername = *++argv; @@ -177,7 +178,7 @@ static int process_args(pam_handle_t *pamh #define SERVICE_OFFSET 8 /* strlen('SERVICE='); */ #define SERVICE_NAME "SERVICE=" - retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&tmp); + retval = pam_get_item(pamh, PAM_SERVICE, &tmp); if (retval != PAM_SUCCESS || tmp == NULL) { _pam_log(LOG_CRIT,"service name not found"); if (levp) { @@ -207,12 +208,11 @@ static int process_args(pam_handle_t *pamh #define USER_OFFSET 5 /* strlen('USER='); */ #define USER_NAME "USER=" - tmp = NULL; - pam_get_user(pamh, &tmp, NULL); - if (tmp == NULL) { - tmp = ""; + pam_get_user(pamh, &user, NULL); + if (user == NULL) { + user = ""; } - size = USER_OFFSET+strlen(tmp); + size = USER_OFFSET+strlen(user); levp[2] = (char *) malloc(size+1); if (levp[2] == NULL) { @@ -226,7 +226,7 @@ static int process_args(pam_handle_t *pamh } strncpy(levp[2],USER_NAME,USER_OFFSET); - strcpy(levp[2]+USER_OFFSET, tmp); + strcpy(levp[2]+USER_OFFSET, user); levp[2][size] = '\0'; /* terminate */ /* the "USER" variable */ @@ -595,9 +595,9 @@ static int set_filter(pam_handle_t *pamh, int flags, int ctrl static int set_the_terminal(pam_handle_t *pamh) { - const char *tty; + const void *tty; - if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS + if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS || tty == NULL) { tty = ttyname(STDIN_FILENO); if (tty == NULL) { @@ -642,7 +642,7 @@ static int need_a_filter(pam_handle_t *pamh , (const char **)evp, filterfile); } - if (retval == PAM_SUCCESS + if (retval == PAM_SUCCESS && !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) { retval = set_the_terminal(pamh); if (retval != PAM_SUCCESS) { diff --git a/modules/pam_ftp/pam_ftp.c b/modules/pam_ftp/pam_ftp.c index e95b7d78..482ba3a4 100644 --- a/modules/pam_ftp/pam_ftp.c +++ b/modules/pam_ftp/pam_ftp.c @@ -53,11 +53,13 @@ static int converse(pam_handle_t *pamh, int nargs , struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse\n")); - retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = (const struct pam_conv *)void_conv; if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, ( const struct pam_message ** ) message diff --git a/modules/pam_group/pam_group.c b/modules/pam_group/pam_group.c index 548edf3a..379c4d51 100644 --- a/modules/pam_group/pam_group.c +++ b/modules/pam_group/pam_group.c @@ -776,8 +776,9 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags , int argc, const char **argv) { - const char *service=NULL, *tty=NULL; + const void *service=NULL, *void_tty=NULL; const char *user=NULL; + const char *tty; int retval; unsigned setting; @@ -791,7 +792,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags /* set service name */ - if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) + if (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || service == NULL) { _log_err("cannot find the current service name"); return PAM_ABORT; @@ -807,8 +808,8 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags /* set tty name */ - if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS - || tty == NULL) { + if (pam_get_item(pamh, PAM_TTY, &void_tty) != PAM_SUCCESS + || void_tty == NULL) { D(("PAM_TTY not set, probing stdin")); tty = ttyname(STDIN_FILENO); if (tty == NULL) { @@ -820,6 +821,8 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags return PAM_ABORT; } } + else + tty = (const char *) void_tty; if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */ tty += 5; diff --git a/modules/pam_issue/pam_issue.c b/modules/pam_issue/pam_issue.c index 5b3c864b..5c93da88 100644 --- a/modules/pam_issue/pam_issue.c +++ b/modules/pam_issue/pam_issue.c @@ -50,7 +50,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, FILE *fd; int parse_esc = 1; char *prompt_tmp = NULL; - const char *cur_prompt = NULL; + const void *cur_prompt = NULL; struct stat st; char *issue_file = NULL; @@ -91,8 +91,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, return PAM_IGNORE; } - retval = pam_get_item(pamh, PAM_USER_PROMPT, - (const void **) &cur_prompt); + retval = pam_get_item(pamh, PAM_USER_PROMPT, &cur_prompt); if (retval != PAM_SUCCESS) { fclose(fd); if (issue_file) diff --git a/modules/pam_lastlog/pam_lastlog.c b/modules/pam_lastlog/pam_lastlog.c index e9eeac4e..e9c89786 100644 --- a/modules/pam_lastlog/pam_lastlog.c +++ b/modules/pam_lastlog/pam_lastlog.c @@ -145,11 +145,13 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs , struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse")); - retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; + retval = pam_get_item( pamh, PAM_CONV, &void_conv ) ; + conv = (const struct pam_conv *)void_conv; if ( retval == PAM_SUCCESS && conv) { retval = conv->conv(nargs, ( const struct pam_message ** ) message @@ -325,8 +327,9 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) /* write latest value */ { time_t ll_time; - const char *remote_host=NULL - , *terminal_line=DEFAULT_TERM; + const void *remote_host=NULL + , *void_terminal_line=DEFAULT_TERM; + const char *terminal_line; /* set this login date */ D(("set the most recent login time")); @@ -335,7 +338,7 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) last_login.ll_time = ll_time; /* set the remote host */ - (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host); + (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (remote_host == NULL) { remote_host = DEFAULT_HOST; } @@ -347,7 +350,8 @@ static int last_login_date(pam_handle_t *pamh, int announce, uid_t uid) remote_host = NULL; /* set the terminal line */ - (void) pam_get_item(pamh, PAM_TTY, (const void **)&terminal_line); + (void) pam_get_item(pamh, PAM_TTY, &void_terminal_line); + terminal_line = void_terminal_line; D(("terminal = %s", terminal_line)); if (terminal_line == NULL) { terminal_line = DEFAULT_TERM; @@ -404,7 +408,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc , const char **argv) { int retval, ctrl; - const char *user; + const void *user; const struct passwd *pwd; uid_t uid; @@ -417,8 +421,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc /* which user? */ - retval = pam_get_item(pamh, PAM_USER, (const void **)&user); - if (retval != PAM_SUCCESS || user == NULL || *user == '\0') { + retval = pam_get_item(pamh, PAM_USER, &user); + if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { _log_err(LOG_NOTICE, "user unknown"); return PAM_USER_UNKNOWN; } diff --git a/modules/pam_listfile/pam_listfile.c b/modules/pam_listfile/pam_listfile.c index a473fab1..d5b462d4 100644 --- a/modules/pam_listfile/pam_listfile.c +++ b/modules/pam_listfile/pam_listfile.c @@ -48,7 +48,7 @@ static void _pam_log(int err, const char *format, ...) { va_list args; - + va_start(args, format); vsyslog(LOG_AUTH | err, format, args); va_end(args); @@ -83,6 +83,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2; + const void *void_citemp; const char *citemp; char *ifname=NULL; char aline[256]; @@ -183,14 +184,14 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar free(ifname); return onerr; } else if( - (apply_type==APPLY_TYPE_NONE) || + (apply_type==APPLY_TYPE_NONE) || ((apply_type!=APPLY_TYPE_NULL) && (*apply_val=='\0')) ) { _pam_log(LOG_ERR, LOCAL_LOG_PREFIX "Invalid usage for apply= parameter"); return onerr; } - + /* Check if it makes sense to use the apply= parameter */ if (apply_type != APPLY_TYPE_NULL) { if((citem==PAM_USER) || (citem==PAM_RUSER)) { @@ -204,12 +205,12 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar apply_type=APPLY_TYPE_NULL; } } - + /* Short-circuit - test if this session apply for this user */ { const char *user_name; int rval; - + rval=pam_get_user(pamh,&user_name,NULL); if((rval==PAM_SUCCESS) && user_name && user_name[0]) { /* Got it ? Valid ? */ @@ -240,7 +241,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar } } - retval = pam_get_item(pamh,citem,(const void **)&citemp); + retval = pam_get_item(pamh,citem,&void_citemp); + citemp = void_citemp; if(retval != PAM_SUCCESS) { return onerr; } @@ -330,7 +332,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar || !S_ISREG(fileinfo.st_mode)) { /* If the file is world writable or is not a normal file, return error */ - _pam_log(LOG_ERR,LOCAL_LOG_PREFIX + _pam_log(LOG_ERR,LOCAL_LOG_PREFIX "%s is either world writable or not a normal file", ifname); free(ifname); @@ -396,12 +398,13 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **ar return PAM_SUCCESS; } else { - const char *service, *user_name; + const void *service; + const char *user_name; #ifdef DEBUG _pam_log(LOG_INFO,LOCAL_LOG_PREFIX "Returning PAM_AUTH_ERR, retval = %d", retval); #endif - (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service); + (void) pam_get_item(pamh, PAM_SERVICE, &service); (void) pam_get_user(pamh, &user_name, NULL); _pam_log(LOG_ALERT,LOCAL_LOG_PREFIX "Refused user %s for service %s", user_name, service); @@ -439,4 +442,3 @@ struct pam_module _pam_listfile_modstruct = { #endif /* PAM_STATIC */ /* end of module definition */ - diff --git a/modules/pam_mail/pam_mail.c b/modules/pam_mail/pam_mail.c index 77dae21d..dde8887f 100644 --- a/modules/pam_mail/pam_mail.c +++ b/modules/pam_mail/pam_mail.c @@ -139,11 +139,13 @@ static int converse(pam_handle_t *pamh, int ctrl, int nargs , struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse")); - retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ; + retval = pam_get_item( pamh, PAM_CONV, &void_conv ) ; + conv = (const struct pam_conv *) void_conv; if ( retval == PAM_SUCCESS && conv ) { retval = conv->conv(nargs, ( const struct pam_message ** ) message @@ -211,7 +213,7 @@ static int get_folder(pam_handle_t *pamh, int ctrl, } /* put folder together */ - + hashcount = hashcount < strlen(user) ? hashcount : strlen(user); if (ctrl & PAM_HOME_MAIL) { diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index 504155a8..fa3e5a94 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -111,11 +111,13 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs ,struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse")); - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = (const struct pam_conv *)void_conv; if (retval == PAM_SUCCESS && conv) { @@ -522,7 +524,7 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc ,const char **argv) { int retval, ctrl; - const char *user; + const void *user; const struct passwd *pwd; struct stat St; @@ -530,8 +532,8 @@ int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc ctrl = _pam_parse(flags, argc, argv); /* Determine the user name so we can get the home directory */ - retval = pam_get_item(pamh, PAM_USER, (const void **) &user); - if (retval != PAM_SUCCESS || user == NULL || *user == '\0') + retval = pam_get_item(pamh, PAM_USER, &user); + if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') { _log_err(LOG_NOTICE, "user unknown"); return PAM_USER_UNKNOWN; diff --git a/modules/pam_motd/pam_motd.c b/modules/pam_motd/pam_motd.c index 3ff7a30e..8cdb633f 100644 --- a/modules/pam_motd/pam_motd.c +++ b/modules/pam_motd/pam_motd.c @@ -5,7 +5,7 @@ * * Based off of: * $Id$ - * + * * Written by Michael K. Johnson 1996/10/24 * */ @@ -54,7 +54,8 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, int fd; char *mtmp=NULL; char *motd_path=NULL; - struct pam_conv *conversation; + const void *void_conv; + const struct pam_conv *conversation; struct pam_message message; struct pam_message *pmessage = &message; struct pam_response *resp = NULL; @@ -103,8 +104,9 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, close(fd); /* Use conversation function to give user contents of motd */ - if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) == - PAM_SUCCESS && conversation) { + if (pam_get_item(pamh, PAM_CONV, &void_conv) == + PAM_SUCCESS && void_conv) { + conversation = void_conv; conversation->conv(1, (const struct pam_message **)&pmessage, &resp, conversation->appdata_ptr); if (resp) diff --git a/modules/pam_nologin/pam_nologin.c b/modules/pam_nologin/pam_nologin.c index bfd17753..1281e8ba 100644 --- a/modules/pam_nologin/pam_nologin.c +++ b/modules/pam_nologin/pam_nologin.c @@ -80,7 +80,8 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) char *mtmp=NULL; struct passwd *user_pwd; - struct pam_conv *conversation; + const void *void_conv; + const struct pam_conv *conversation; struct pam_message message; struct pam_message *pmessage = &message; struct pam_response *resp = NULL; @@ -121,13 +122,15 @@ static int perform_check(pam_handle_t *pamh, struct opt_s *opts) mtmp[st.st_size] = '\000'; /* - * Use conversation function to give user contents + * Use conversation function to give user contents * of /etc/nologin */ - if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) - == PAM_SUCCESS && conversation && conversation->conv) { - (void) conversation->conv(1, + if (pam_get_item(pamh, PAM_CONV, &void_conv) + == PAM_SUCCESS && void_conv && + ((const struct pam_conv *)void_conv)->conv) { + conversation = void_conv; + (void) conversation->conv(1, (const struct pam_message **)&pmessage, &resp, conversation->appdata_ptr); diff --git a/modules/pam_rhosts/pam_rhosts_auth.c b/modules/pam_rhosts/pam_rhosts_auth.c index 595aa4ef..961d1910 100644 --- a/modules/pam_rhosts/pam_rhosts_auth.c +++ b/modules/pam_rhosts/pam_rhosts_auth.c @@ -216,9 +216,9 @@ static int pam_get_rhost(pam_handle_t *pamh, const char **rhost , const char *prompt) { int retval; - const char *current; + const void *current; - retval = pam_get_item (pamh, PAM_RHOST, (const void **)¤t); + retval = pam_get_item (pamh, PAM_RHOST, ¤t); if (retval != PAM_SUCCESS) return retval; @@ -239,9 +239,9 @@ static int pam_get_ruser(pam_handle_t *pamh, const char **ruser, const char *prompt) { int retval; - const char *current; + const void *current; - retval = pam_get_item (pamh, PAM_RUSER, (const void **)¤t); + retval = pam_get_item (pamh, PAM_RUSER, ¤t); if (retval != PAM_SUCCESS) { return retval; } @@ -265,7 +265,8 @@ __icheckhost (pam_handle_t *pamh, struct _options *opts, U32 raddr struct hostent *hp; U32 laddr; int negate=1; /* Multiply return with this to get -1 instead of 1 */ - char **pp, *user; + char **pp; + const void *user; /* Check nis netgroup. We assume that pam has done all needed paranoia checking before we are handed the rhost */ @@ -280,7 +281,7 @@ __icheckhost (pam_handle_t *pamh, struct _options *opts, U32 raddr negate=-1; lhost++; } else if (strcmp("+",lhost) == 0) { - (void) pam_get_item(pamh, PAM_USER, (const void **)&user); + (void) pam_get_item(pamh, PAM_USER, &user); D(("user %s has a `+' host entry", user)); if (opts->opt_promiscuous) return (1); /* asking for trouble, but ok.. */ @@ -321,7 +322,7 @@ static int __icheckuser(pam_handle_t *pamh, struct _options *opts ruser is user id on remote host rhost is the remote host name */ - char *user; + const void *user; /* [-+]@netgroup */ if (strncmp("+@",luser,2) == 0) @@ -336,8 +337,9 @@ static int __icheckuser(pam_handle_t *pamh, struct _options *opts /* + */ if (strcmp("+",luser) == 0) { - (void) pam_get_item(pamh, PAM_USER, (const void **)&user); - _pam_log(LOG_WARNING, "user %s has a `+' user entry", user); + (void) pam_get_item(pamh, PAM_USER, &user); + _pam_log(LOG_WARNING, "user %s has a `+' user entry", + (const char *) user); if (opts->opt_promiscuous) return(1); /* If not promiscuous we handle it as a negative match */ diff --git a/modules/pam_securetty/pam_securetty.c b/modules/pam_securetty/pam_securetty.c index 3a9ae421..7a29d956 100644 --- a/modules/pam_securetty/pam_securetty.c +++ b/modules/pam_securetty/pam_securetty.c @@ -77,7 +77,8 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, { int retval = PAM_AUTH_ERR; const char *username; - char *uttyname; + const char *uttyname; + const void *void_uttyname; char ttyfileline[256]; char ptname[256]; struct stat ttyfileinfo; @@ -107,7 +108,8 @@ static int securetty_perform_check(pam_handle_t *pamh, int flags, int ctrl, return PAM_SUCCESS; } - retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname); + retval = pam_get_item(pamh, PAM_TTY, &void_uttyname); + uttyname = void_uttyname; if (retval != PAM_SUCCESS || uttyname == NULL) { if (ctrl & PAM_DEBUG_ARG) { _pam_log(LOG_WARNING, "cannot determine user's tty"); diff --git a/modules/pam_selinux/pam_selinux.c b/modules/pam_selinux/pam_selinux.c index 0c05d18b..9235382a 100644 --- a/modules/pam_selinux/pam_selinux.c +++ b/modules/pam_selinux/pam_selinux.c @@ -72,7 +72,9 @@ #include #include -static int send_text( struct pam_conv *conv, const char *text, int debug) { +static int +send_text (const struct pam_conv *conv, const char *text, int debug) +{ struct pam_message message; const struct pam_message *messages[] = {&message}; struct pam_response *responses; @@ -93,8 +95,10 @@ static int send_text( struct pam_conv *conv, const char *text, int debug) { * This function sends a message to the user and gets the response. The caller * is responsible for freeing the responses. */ -static int query_response( struct pam_conv *conv, const char *text, - struct pam_response **responses, int debug) { +static int +query_response (const struct pam_conv *conv, const char *text, + struct pam_response **responses, int debug) +{ struct pam_message message; const struct pam_message *messages[] = {&message}; @@ -112,10 +116,12 @@ static security_context_t select_context (pam_handle_t *pamh, security_context_t* contextlist, int debug) { - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; - if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS && - conv) { + if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS && + void_conv) { + conv = void_conv; if (conv->conv != NULL) { struct pam_response *responses; char *text=calloc(PATH_MAX,1); @@ -171,14 +177,16 @@ select_context (pam_handle_t *pamh, security_context_t* contextlist, } static security_context_t -manual_context (pam_handle_t *pamh, char *user, int debug) +manual_context (pam_handle_t *pamh, const char *user, int debug) { - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; security_context_t newcon; context_t new_context; int mls_enabled = is_selinux_mls_enabled(); - if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS) { + if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS) { + conv = void_conv; if (conv && conv->conv != NULL) { struct pam_response *responses; @@ -329,11 +337,13 @@ static char *ttyn=NULL; static void verbose_message(pam_handle_t *pamh, char *msg, int debug) { - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; struct pam_message message; const struct pam_message *messages[] = {&message}; struct pam_response *responses; - if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS) { + if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS) { + conv = void_conv; if (conv && conv->conv != NULL) { char text[PATH_MAX]; @@ -374,11 +384,11 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { int i, debug = 0, ttys=1, has_tty=isatty(0), verbose=0, multiple=0, close_session=0; - int ret=0; - security_context_t* contextlist=NULL; + int ret = 0; + security_context_t* contextlist = NULL; int num_contexts = 0; - char *username=NULL; - const char *tty=NULL; + const void *username = NULL; + const void *tty = NULL; /* Parse arguments. */ for (i = 0; i < argc; i++) { @@ -409,7 +419,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) if (!(selinux_enabled = is_selinux_enabled()>0) ) return PAM_SUCCESS; - if (pam_get_item(pamh, PAM_USER, (const void**)&username) != PAM_SUCCESS || + if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS || username == NULL) { return PAM_AUTH_ERR; } @@ -426,11 +436,14 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) if (has_tty) { user_context = manual_context(pamh,username,debug); if (user_context == NULL) { - syslog (LOG_ERR, _("Unable to get valid context for %s"), username); + syslog (LOG_ERR, _("Unable to get valid context for %s"), + (const char *)username); return PAM_AUTH_ERR; } } else { - syslog (LOG_ERR, _("Unable to get valid context for %s, No valid tty"), username); + syslog (LOG_ERR, + _("Unable to get valid context for %s, No valid tty"), + (const char *)username); return PAM_AUTH_ERR; } } @@ -439,7 +452,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } if (ttys) { /* Get the name of the terminal. */ - if (pam_get_item(pamh, PAM_TTY, (const void**)&tty) != PAM_SUCCESS) { + if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS) { tty = NULL; } @@ -467,13 +480,13 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } if (ret) { syslog(LOG_ERR, _("Error! Unable to set %s executable context %s."), - username, user_context); + (const char *)username, user_context); freecon(user_context); return PAM_AUTH_ERR; } else { if (debug) syslog(LOG_NOTICE, _("%s: set %s security context to %s"),MODULE, - username, user_context); + (const char *)username, user_context); } freecon(user_context); diff --git a/modules/pam_stress/pam_stress.c b/modules/pam_stress/pam_stress.c index 205c432d..194c044d 100644 --- a/modules/pam_stress/pam_stress.c +++ b/modules/pam_stress/pam_stress.c @@ -132,9 +132,11 @@ static int converse(pam_handle_t *pamh, int nargs , struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; - retval = pam_get_item(pamh,PAM_CONV,(const void **)&conv); + retval = pam_get_item(pamh,PAM_CONV,&void_conv); + conv = void_conv; if (retval == PAM_SUCCESS && conv) { retval = conv->conv(nargs, (const struct pam_message **) message , response, conv->appdata_ptr); @@ -156,13 +158,14 @@ static int converse(pam_handle_t *pamh, int nargs static int stress_get_password(pam_handle_t *pamh, int flags , int ctrl, char **password) { + const void *pam_pass; char *pass; if ( (ctrl & (PAM_ST_TRY_PASS1|PAM_ST_USE_PASS1)) - && (pam_get_item(pamh,PAM_AUTHTOK,(const void **)&pass) + && (pam_get_item(pamh,PAM_AUTHTOK,&pam_pass) == PAM_SUCCESS) - && (pass != NULL) ) { - if ((pass = strdup(pass)) == NULL) + && (pam_pass != NULL) ) { + if ((pass = strdup(pam_pass)) == NULL) return PAM_BUF_ERR; } else if ((ctrl & PAM_ST_USE_PASS1)) { _pam_log(LOG_WARNING, "pam_stress: no forwarded password"); @@ -271,10 +274,10 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* if we are debugging then we print the password */ if (ctrl & PAM_ST_DEBUG) { - (void) pam_get_item(pamh,PAM_AUTHTOK,(const void **)&pass); + const void *pam_pass; + (void) pam_get_item(pamh,PAM_AUTHTOK,&pam_pass); _pam_log(LOG_DEBUG, - "pam_st_authenticate: password entered is: [%s]\n",pass); - pass = NULL; + "pam_st_authenticate: password entered is: [%s]\n",pam_pass); } /* if we signal a fail for this function then fail */ @@ -341,16 +344,16 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - char *username,*service; + const void *username, *service; int ctrl = _pam_parse(argc,argv); D(("called. [post parsing]")); _pam_report(ctrl,"pam_sm_open_session", flags, argc, argv); - if ((pam_get_item(pamh, PAM_USER, (const void **) &username) + if ((pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS || !username) - || (pam_get_item(pamh, PAM_SERVICE, (const void **) &service) + || (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || !service)) { _pam_log(LOG_WARNING,"pam_sm_open_session: for whom?"); return PAM_SESSION_ERR; @@ -369,16 +372,16 @@ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - const char *username,*service; + const void *username, *service; int ctrl = _pam_parse(argc,argv); D(("called. [post parsing]")); _pam_report(ctrl,"pam_sm_close_session", flags, argc, argv); - if ((pam_get_item(pamh, PAM_USER, (const void **)&username) + if ((pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS || !username) - || (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) + || (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || !service)) { _pam_log(LOG_WARNING,"pam_sm_close_session: for whom?"); return PAM_SESSION_ERR; @@ -417,7 +420,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } else if (flags & PAM_UPDATE_AUTHTOK) { /* second call */ struct pam_message msg[3],*pmsg[3]; struct pam_response *resp; - const char *text; + const void *text; char *txt=NULL; int i; @@ -430,7 +433,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if ( !(ctrl && PAM_ST_EXPIRED) && (flags & PAM_CHANGE_EXPIRED_AUTHTOK) - && (pam_get_data(pamh,"stress_new_pwd",(const void **)&text) + && (pam_get_data(pamh,"stress_new_pwd", &text) != PAM_SUCCESS || strcmp(text,"yes"))) { return PAM_SUCCESS; /* the token has not expired */ } @@ -466,9 +469,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* set up for conversation */ if (!(flags & PAM_SILENT)) { - char *username; + const void *username; - if ( pam_get_item(pamh, PAM_USER, (const void **)&username) + if ( pam_get_item(pamh, PAM_USER, &username) || username == NULL ) { _pam_log(LOG_ERR,"no username set"); return PAM_USER_UNKNOWN; @@ -531,7 +534,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, return PAM_AUTHTOK_ERR; } - if (pam_get_item(pamh,PAM_AUTHTOK,(const void **)&text) + if (pam_get_item(pamh,PAM_AUTHTOK,&text) == PAM_SUCCESS) { (void) pam_set_item(pamh,PAM_OLDAUTHTOK,text); text = NULL; diff --git a/modules/pam_succeed_if/pam_succeed_if.c b/modules/pam_succeed_if/pam_succeed_if.c index 8a665f52..65ccaa3a 100644 --- a/modules/pam_succeed_if/pam_succeed_if.c +++ b/modules/pam_succeed_if/pam_succeed_if.c @@ -101,7 +101,7 @@ evaluate_num(const char *left, const char *right, int (*cmp)(int, int)) if (ret != PAM_SUCCESS) { return ret; } - + return cmp(l, r) ? PAM_SUCCESS : PAM_AUTH_ERR; } @@ -330,7 +330,7 @@ evaluate(pam_handle_t *pamh, int debug, int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { - const char *prompt; + const void *prompt; const char *user; struct passwd *pwd; int ret, i, count, use_uid, debug; @@ -338,7 +338,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) int quiet_fail, quiet_succ; /* Get the user prompt. */ - ret = pam_get_item(pamh, PAM_USER_PROMPT, (const void**) &prompt); + ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt); if ((ret != PAM_SUCCESS) || (prompt == NULL) || (strlen(prompt) == 0)) { prompt = "login: "; } diff --git a/modules/pam_tally/pam_tally.c b/modules/pam_tally/pam_tally.c index 0f70f8d6..075392c7 100644 --- a/modules/pam_tally/pam_tally.c +++ b/modules/pam_tally/pam_tally.c @@ -424,7 +424,7 @@ static int tally_bump (int inc, time_t *oldtime, FILE *TALLY = NULL; - const char + const void *remote_host = NULL, *cur_tty = NULL; struct fail_s fs, *fsp = &fs; @@ -445,10 +445,10 @@ static int tally_bump (int inc, time_t *oldtime, fsp->fs_faillog.fail_time = *oldtime; } } - (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host); + (void) pam_get_item(pamh, PAM_RHOST, &remote_host); if (!remote_host) { - (void) pam_get_item(pamh, PAM_TTY, (const void **)&cur_tty); + (void) pam_get_item(pamh, PAM_TTY, &cur_tty); if (!cur_tty) { strncpy(fsp->fs_faillog.fail_line, "unknown", sizeof(fsp->fs_faillog.fail_line) - 1); diff --git a/modules/pam_time/pam_time.c b/modules/pam_time/pam_time.c index 9858307e..5a5281a6 100644 --- a/modules/pam_time/pam_time.c +++ b/modules/pam_time/pam_time.c @@ -36,11 +36,11 @@ static const char rcsid[] = #define PAM_TIME_BUFLEN 1000 #define FIELD_SEPARATOR ';' /* this is new as of .02 */ -#ifdef TRUE -# undef TRUE -#endif -#ifdef FALSE -# undef FALSE +#ifdef TRUE +# undef TRUE +#endif +#ifdef FALSE +# undef FALSE #endif typedef enum { FALSE, TRUE } boolean; @@ -134,7 +134,7 @@ static int read_field(int fd, char **buf, int *from, int *to) fd = -1; /* end of file reached */ } else *to += i; - + /* * contract the buffer. Delete any comments, and replace all * multiple spaces with single commas @@ -558,12 +558,13 @@ static int check_account(const char *service PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc ,const char **argv) { - const char *service=NULL, *tty=NULL; + const void *service=NULL, *void_tty=NULL; + const char *tty; const char *user=NULL; /* set service name */ - if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service) + if (pam_get_item(pamh, PAM_SERVICE, &service) != PAM_SUCCESS || service == NULL) { _log_err("cannot find the current service name"); return PAM_ABORT; @@ -579,8 +580,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc /* set tty name */ - if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS - || tty == NULL) { + if (pam_get_item(pamh, PAM_TTY, &void_tty) != PAM_SUCCESS + || void_tty == NULL) { D(("PAM_TTY not set, probing stdin")); tty = ttyname(STDIN_FILENO); if (tty == NULL) { @@ -592,6 +593,8 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc return PAM_ABORT; } } + else + tty = void_tty; if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */ tty += 5; diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index 9330a551..6e8ed614 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -188,7 +188,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, int argc, const char **argv) { unsigned int ctrl; - const char *uname; + const void *uname; int retval, daysleft; time_t curdays; struct spwd *spent; @@ -199,7 +199,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags, ctrl = _set_ctrl(pamh, flags, NULL, argc, argv); - retval = pam_get_item(pamh, PAM_USER, (const void **) &uname); + retval = pam_get_item(pamh, PAM_USER, &uname); D(("user = `%s'", uname)); if (retval != PAM_SUCCESS || uname == NULL) { _log_err(LOG_ALERT, pamh diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c index 39e0cde5..2ed24127 100644 --- a/modules/pam_unix/pam_unix_auth.c +++ b/modules/pam_unix/pam_unix_auth.c @@ -107,7 +107,8 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags { unsigned int ctrl; int retval, *ret_data = NULL; - const char *name, *p; + const char *name; + const void *p; D(("called.")); @@ -197,7 +198,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags ,int argc, const char **argv) { int retval; - int *pretval = NULL; + const void *pretval = NULL; D(("called.")); @@ -206,9 +207,9 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags D(("recovering return code from auth call")); /* We will only find something here if UNIX_LIKE_AUTH is set -- don't worry about an explicit check of argv. */ - pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval); + pam_get_data(pamh, "unix_setcred_return", &pretval); if(pretval) { - retval = *pretval; + retval = *(const int *)pretval; pam_set_data(pamh, "unix_setcred_return", NULL, NULL); D(("recovered data indicates that old retval was %d", retval)); } diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 9c7cb07c..99b127a0 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -738,7 +738,8 @@ static int _update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat) } } -static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, +static int _do_setpass(pam_handle_t* pamh, const char *forwho, + const char *fromwhat, char *towhat, unsigned int ctrl, int remember) { struct passwd *pwd = NULL; @@ -754,7 +755,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, retval = PAM_AUTHTOK_ERR; goto done; } - + if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) { if ((master=getNISserver(pamh)) != NULL) { struct timeval timeout; @@ -777,7 +778,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, yppwd.newpw.pw_gecos = pwd->pw_gecos; yppwd.newpw.pw_dir = pwd->pw_dir; yppwd.newpw.pw_shell = pwd->pw_shell; - yppwd.oldpass = fromwhat ? fromwhat : ""; + yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup (""); yppwd.newpw.pw_passwd = towhat; D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho)); @@ -797,6 +798,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, (xdrproc_t) xdr_int, (char *) &status, timeout); + free (yppwd.oldpass); + if (err) { _make_remark(pamh, ctrl, PAM_TEXT_INFO, clnt_sperrno(err)); @@ -862,7 +865,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat, } -done: +done: #ifdef USE_LCKPWDF ulckpwdf(); #endif @@ -943,7 +946,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh ,const char *pass_old ,const char *pass_new) { - const char *user; + const void *user; const char *remark = NULL; int retval = PAM_SUCCESS; @@ -964,7 +967,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh * checking this would be the place - AGM */ - retval = pam_get_item(pamh, PAM_USER, (const void **) &user); + retval = pam_get_item(pamh, PAM_USER, &user); if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { _log_err(LOG_ERR, pamh, "Can not get username"); @@ -1007,7 +1010,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* */ const char *user; - char *pass_old, *pass_new; + const void *pass_old, *pass_new; /* */ D(("called.")); @@ -1109,7 +1112,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ,"(current) UNIX password: " ,NULL ,_UNIX_OLD_AUTHTOK - ,(const char **) &pass_old); + ,&pass_old); free(Announce); if (retval != PAM_SUCCESS) { @@ -1168,10 +1171,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (off(UNIX_NOT_SET_PASS, ctrl)) { retval = pam_get_item(pamh, PAM_OLDAUTHTOK - ,(const void **) &pass_old); + ,&pass_old); } else { retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK - ,(const void **) &pass_old); + ,&pass_old); if (retval == PAM_NO_MODULE_DATA) { retval = PAM_SUCCESS; pass_old = NULL; @@ -1204,7 +1207,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ,"Enter new UNIX password: " ,"Retype new UNIX password: " ,_UNIX_NEW_AUTHTOK - ,(const char **) &pass_new); + ,&pass_new); if (retval != PAM_SUCCESS) { if (on(UNIX_DEBUG, ctrl)) { @@ -1222,7 +1225,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * password is acceptable. */ - if (pass_new[0] == '\0') { /* "\0" password = NULL */ + if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */ pass_new = NULL; } retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new); diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index bb74987b..5368ae20 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -1,4 +1,4 @@ -/* +/* * $Id$ * * Copyright information at end of file. @@ -40,11 +40,11 @@ extern char *bigcrypt(const char *key, const char *salt); void _log_err(int err, pam_handle_t *pamh, const char *format,...) { - char *service = NULL; + const void *service = NULL; char logname[256]; va_list args; - pam_get_item(pamh, PAM_SERVICE, (const void **) &service); + pam_get_item(pamh, PAM_SERVICE, &service); if (service) { strncpy(logname, service, sizeof(logname)); logname[sizeof(logname) - 1 - strlen("(pam_unix)")] = '\0'; @@ -67,11 +67,13 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs ,struct pam_response **response) { int retval; - struct pam_conv *conv; + const void *void_conv; + const struct pam_conv *conv; D(("begin to converse")); - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv); + retval = pam_get_item(pamh, PAM_CONV, &void_conv); + conv = void_conv; if (retval == PAM_SUCCESS) { retval = conv->conv(nargs, (const struct pam_message **) message @@ -230,10 +232,10 @@ struct _pam_failed_auth { static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) { int quiet; - const char *service = NULL; - const char *ruser = NULL; - const char *rhost = NULL; - const char *tty = NULL; + const void *service = NULL; + const void *ruser = NULL; + const void *rhost = NULL; + const void *tty = NULL; struct _pam_failed_auth *failure; D(("called")); @@ -249,13 +251,13 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err) /* log the number of authentication failures */ if (failure->count > 1) { (void) pam_get_item(pamh, PAM_SERVICE, - (const void **)&service); + &service); (void) pam_get_item(pamh, PAM_RUSER, - (const void **)&ruser); + &ruser); (void) pam_get_item(pamh, PAM_RHOST, - (const void **)&rhost); + &rhost); (void) pam_get_item(pamh, PAM_TTY, - (const void **)&tty); + &tty); _log_err(LOG_NOTICE, pamh, "%d more authentication failure%s; " "logname=%s uid=%d euid=%d " @@ -476,9 +478,9 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ + { /* NIS+ */ uid_t save_euid, save_uid; - + save_euid = geteuid(); save_uid = getuid(); if (save_uid == pwd->pw_uid) @@ -493,7 +495,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name) return 0; } } - + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); @@ -583,7 +585,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, for (i=2; i < rlim.rlim_max; i++) { if (fds[0] != i) close(i); - } + } } /* exec binary helper */ args[0] = x_strdup(CHKPWD_HELPER); @@ -662,9 +664,9 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (pwd != NULL) { if (strcmp( pwd->pw_passwd, "*NP*" ) == 0) - { /* NIS+ */ + { /* NIS+ */ uid_t save_euid, save_uid; - + save_euid = geteuid(); save_uid = getuid(); if (save_uid == pwd->pw_uid) @@ -678,7 +680,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name return PAM_CRED_INSUFFICIENT; } } - + spwdent = _pammodutil_getspnam (pamh, name); if (save_uid == pwd->pw_uid) setreuid( save_uid, save_euid ); @@ -710,7 +712,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name retval = PAM_SUCCESS; if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) { - + if (geteuid() || SELINUX_ENABLED) { /* we are not root perhaps this is the reason? Run helper */ D(("running helper binary")); @@ -804,6 +806,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name if (new != NULL) { const char *login_name; + const void *void_old; + login_name = _pammodutil_getlogin(pamh); if (login_name == NULL) { @@ -816,7 +820,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name new->name = x_strdup(login_name); /* any previous failures for this user ? */ - pam_get_data(pamh, data_name, (const void **) &old); + pam_get_data(pamh, data_name, &void_old); + old = void_old; if (old != NULL) { new->count = old->count + 1; @@ -824,19 +829,19 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name retval = PAM_MAXTRIES; } } else { - const char *service=NULL; - const char *ruser=NULL; - const char *rhost=NULL; - const char *tty=NULL; + const void *service=NULL; + const void *ruser=NULL; + const void *rhost=NULL; + const void *tty=NULL; (void) pam_get_item(pamh, PAM_SERVICE, - (const void **)&service); + &service); (void) pam_get_item(pamh, PAM_RUSER, - (const void **)&ruser); + &ruser); (void) pam_get_item(pamh, PAM_RHOST, - (const void **)&rhost); + &rhost); (void) pam_get_item(pamh, PAM_TTY, - (const void **)&tty); + &tty); _log_err(LOG_NOTICE, pamh, "authentication failure; " @@ -886,7 +891,7 @@ int _unix_read_password(pam_handle_t * pamh ,const char *prompt1 ,const char *prompt2 ,const char *data_name - ,const char **pass) + ,const void **pass) { int authtok_flag; int retval; @@ -911,7 +916,7 @@ int _unix_read_password(pam_handle_t * pamh */ if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) { - retval = pam_get_item(pamh, authtok_flag, (const void **) pass); + retval = pam_get_item(pamh, authtok_flag, pass); if (retval != PAM_SUCCESS) { /* very strange. */ _log_err(LOG_ALERT, pamh @@ -1016,8 +1021,7 @@ int _unix_read_password(pam_handle_t * pamh retval = pam_set_item(pamh, authtok_flag, token); _pam_delete(token); /* clean it up */ if (retval != PAM_SUCCESS - || (retval = pam_get_item(pamh, authtok_flag - ,(const void **) pass)) + || (retval = pam_get_item(pamh, authtok_flag, pass)) != PAM_SUCCESS) { *pass = NULL; @@ -1079,13 +1083,13 @@ int _unix_shadowed(const struct passwd *pwd) * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior * written permission. - * + * * ALTERNATIVELY, this product may be distributed under the terms of * the GNU Public License, in which case the provisions of the GPL are * required INSTEAD OF the above restrictions. (This clause is * necessary due to a potential bad interaction between the GPL and * the restrictions contained in a BSD-style copyright.) - * + * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h index 5f55911a..9cf21136 100644 --- a/modules/pam_unix/support.h +++ b/modules/pam_unix/support.h @@ -149,7 +149,7 @@ extern int _unix_read_password(pam_handle_t * pamh ,const char *prompt1 ,const char *prompt2 ,const char *data_name - ,const char **pass); + ,const void **pass); extern int _unix_shadowed(const struct passwd *pwd); extern struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user); diff --git a/modules/pam_userdb/conv.c b/modules/pam_userdb/conv.c index de5d12f2..33923851 100644 --- a/modules/pam_userdb/conv.c +++ b/modules/pam_userdb/conv.c @@ -22,13 +22,15 @@ static int converse(pam_handle_t *pamh, struct pam_response **response) { int retval; + const void* void_conv; const struct pam_conv *conv; - retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv ) ; + retval = pam_get_item(pamh, PAM_CONV, &void_conv ) ; + conv = void_conv; if (retval == PAM_SUCCESS) retval = conv->conv(1, (const struct pam_message **)message, response, conv->appdata_ptr); - + return retval; /* propagate error status */ } @@ -49,7 +51,7 @@ int conversation(pam_handle_t *pamh) struct pam_response *resp; int retval; char * token = NULL; - + pmsg[0] = &msg[0]; msg[0].msg_style = PAM_PROMPT_ECHO_OFF; msg[0].msg = "Password: "; @@ -59,7 +61,7 @@ int conversation(pam_handle_t *pamh) retval = converse(pamh, pmsg, &resp); if (resp != NULL) { - const char * item; + const void *item; /* interpret the response */ if (retval == PAM_SUCCESS) { /* a good conversation */ token = x_strdup(resp[0].resp); @@ -72,11 +74,11 @@ int conversation(pam_handle_t *pamh) retval = pam_set_item(pamh, PAM_AUTHTOK, token); token = _pam_delete(token); /* clean it up */ if ( (retval != PAM_SUCCESS) || - (retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item)) + (retval = pam_get_item(pamh, PAM_AUTHTOK, &item)) != PAM_SUCCESS ) { return retval; } - + _pam_drop_reply(resp, 1); } else { retval = (retval == PAM_SUCCESS) diff --git a/modules/pam_userdb/pam_userdb.c b/modules/pam_userdb/pam_userdb.c index a0a5b8b5..f019c67a 100644 --- a/modules/pam_userdb/pam_userdb.c +++ b/modules/pam_userdb/pam_userdb.c @@ -295,7 +295,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { const char *username; - const char *password; + const void *password; char *database = NULL; char *cryptmode = NULL; int retval = PAM_AUTH_ERR, ctrl; @@ -329,7 +329,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, * user anyway, so check for one and handle a failure for that case. If * use_authtok wasn't specified, then we've already asked once and needn't * do so again. */ - retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &password); + retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if ((retval != PAM_SUCCESS) && ((ctrl & PAM_USE_AUTHTOK_ARG) != 0)) { retval = conversation(pamh); if (retval != PAM_SUCCESS) { @@ -340,7 +340,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, } /* Get the password */ - retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password); + retval = pam_get_item(pamh, PAM_AUTHTOK, &password); if (retval != PAM_SUCCESS) { _pam_log(LOG_ERR, "Could not retrieve user's password"); return -2; diff --git a/modules/pam_warn/pam_warn.c b/modules/pam_warn/pam_warn.c index f167ea91..ee787e73 100644 --- a/modules/pam_warn/pam_warn.c +++ b/modules/pam_warn/pam_warn.c @@ -28,7 +28,7 @@ /* some syslogging */ #define OBTAIN(item, value, default_value) do { \ - (void) pam_get_item(pamh, item, (const void **) &value); \ + (void) pam_get_item(pamh, item, &value); \ value = value ? value : default_value ; \ } while (0) @@ -45,7 +45,7 @@ static void _pam_log(int err, const char *format, ...) static void log_items(pam_handle_t *pamh, const char *function) { - const char *service=NULL, *user=NULL, *terminal=NULL, + const void *service=NULL, *user=NULL, *terminal=NULL, *rhost=NULL, *ruser=NULL; OBTAIN(PAM_SERVICE, service, ""); diff --git a/modules/pammodutil/modutil_getlogin.c b/modules/pammodutil/modutil_getlogin.c index ef09d031..fa67402d 100644 --- a/modules/pammodutil/modutil_getlogin.c +++ b/modules/pammodutil/modutil_getlogin.c @@ -17,21 +17,22 @@ const char *_pammodutil_getlogin(pam_handle_t *pamh) { int status; - char *logname; + const void *logname; + const void *void_curr_tty; const char *curr_tty; char *curr_user; struct utmp *ut, line; - status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, - (const void **) &logname); + status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname); if (status == PAM_SUCCESS) { return logname; } - status = pam_get_item(pamh, PAM_TTY, (const void **) &curr_tty); - if ((status != PAM_SUCCESS) || (curr_tty == NULL)) { - curr_tty = ttyname(0); - } + status = pam_get_item(pamh, PAM_TTY, &void_curr_tty); + if ((status != PAM_SUCCESS) || (void_curr_tty == NULL)) + curr_tty = ttyname(0); + else + curr_tty = (const char*)void_curr_tty; if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) { return NULL; @@ -52,7 +53,7 @@ const char *_pammodutil_getlogin(pam_handle_t *pamh) goto clean_up_and_go_home; } - strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); + strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user)); /* calloc already zeroed the memory */ status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user, -- cgit v1.2.3