From: Andrew Deason <adeason@sinenomine.net>
Date: Mon, 25 Apr 2011 18:58:34 +0000 (-0500)
Subject: pam: Fix password torching const-ness
X-Git-Tag: upstream/1.8.0_pre1^2~3816
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=5cd4282758317b24d2f63408ab4c62551bbebc03;p=packages%2Fo%2Fopenafs.git

pam: Fix password torching const-ness

In some code branches, the PAM code "torches" a password by zeroing
it. However, it does this through a const pointer which we otherwise
know is not actually const. Make sure we get better type checking by
doing this through a non-const pointer.

Change-Id: Ibdb4c7b98baf964a8efdf0e8a9882f8ab29e22af
Reviewed-on: http://gerrit.openafs.org/4554
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
---

diff --git a/src/pam/afs_auth.c b/src/pam/afs_auth.c
index 83e472d81..9051cc4df 100644
--- a/src/pam/afs_auth.c
+++ b/src/pam/afs_auth.c
@@ -57,7 +57,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
     int got_authtok = 0;	/* got PAM_AUTHTOK upon entry */
     PAM_CONST char *user = NULL, *password = NULL;
     afs_int32 password_expires = -1;
-    int torch_password = 1;
+    char *torch_password = NULL;
     int i;
     PAM_CONST struct pam_conv *pam_convp = NULL;
     int auth_ok;
@@ -205,13 +205,11 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
 	    pam_afs_syslog(LOG_DEBUG, PAMAFS_NOFIRSTPASS, user);
     } else if (password[0] == '\0') {
 	/* Actually we *did* get one but it was empty. */
-	torch_password = 0;
 	pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user);
 	RET(PAM_NEW_AUTHTOK_REQD);
     } else {
 	if (logmask && LOG_MASK(LOG_DEBUG))
 	    pam_afs_syslog(LOG_DEBUG, PAMAFS_GOTPASS, user);
-	torch_password = 0;
 	got_authtok = 1;
     }
     if (!(use_first_pass || try_first_pass)) {
@@ -222,8 +220,6 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
     if (password == NULL) {
 	char *prompt_password;
 
-	torch_password = 1;
-
 	if (use_first_pass)
 	    RET(PAM_AUTH_ERR);	/* shouldn't happen */
 	if (try_first_pass)
@@ -256,7 +252,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
 	my_password_buf[sizeof(my_password_buf) - 1] = '\0';
 	memset(prompt_password, 0, strlen(prompt_password));
 	free(prompt_password);
-	password = my_password_buf;
+	password = torch_password = my_password_buf;
 
     }
 
@@ -398,7 +394,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
      * after pam_afs
      */
     if (!got_authtok) {
-	torch_password = 0;
+	torch_password = NULL;
 	(void)pam_set_item(pamh, PAM_AUTHTOK, password);
     }
 
@@ -414,7 +410,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
 	char *tmp = strdup(password);
 	(void)pam_set_data(pamh, pam_afs_lh, tmp, lc_cleanup);
 	if (torch_password)
-	    memset((char *)password, 0, strlen(password));
+	    memset(torch_password, 0, strlen(torch_password));
     }
     (void)setlogmask(origmask);
 #ifndef AFS_SUN56_ENV
diff --git a/src/pam/afs_password.c b/src/pam/afs_password.c
index d8c772849..0aab5b115 100644
--- a/src/pam/afs_password.c
+++ b/src/pam/afs_password.c
@@ -39,7 +39,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
     int try_first_pass = 0;
     int ignore_root = 0;
     int got_authtok = 0;	/* got PAM_AUTHTOK upon entry */
-    int torch_password = 1;
+    char *torch_password = NULL;
     int i;
     char my_password_buf[256];
     char instance[256];
@@ -150,13 +150,11 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	    pam_afs_syslog(LOG_DEBUG, PAMAFS_NOFIRSTPASS, user);
     } else if (password[0] == '\0') {
 	/* Actually we *did* get one but it was empty. */
-	torch_password = 0;
 	pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user);
 	RET(PAM_NEW_AUTHTOK_REQD);
     } else {
 	if (logmask && LOG_MASK(LOG_DEBUG))
 	    pam_afs_syslog(LOG_DEBUG, PAMAFS_GOTPASS, user);
-	torch_password = 0;
 	got_authtok = 1;
     }
     if (!(use_first_pass || try_first_pass)) {
@@ -165,7 +163,6 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
 
     if (password == NULL) {
 	char *prompt_password;
-	torch_password = 1;
 	if (use_first_pass)
 	    RET(PAM_AUTH_ERR);	/* shouldn't happen */
 	if (try_first_pass)
@@ -196,7 +193,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	my_password_buf[sizeof(my_password_buf) - 1] = '\0';
 	memset(prompt_password, 0, strlen(password));
 	free(prompt_password);
-	password = my_password_buf;
+	password = torch_password = my_password_buf;
     }
 
     if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, (char *)user,	/* kerberos name */
@@ -208,7 +205,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	pam_afs_syslog(LOG_ERR, PAMAFS_LOGIN_FAILED, user, reason);
 	RET(PAM_AUTH_ERR);
     }
-    torch_password = 0;
+    torch_password = NULL;
     pam_set_item(pamh, PAM_AUTHTOK, password);
     pam_set_item(pamh, PAM_OLDAUTHTOK, password);
     if (flags & PAM_PRELIM_CHECK) {
@@ -301,7 +298,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
 
   out:
     if (password && torch_password) {
-	memset((char *)password, 0, strlen(password));
+	memset(torch_password, 0, strlen(torch_password));
     }
     (void)setlogmask(origmask);
 #ifndef AFS_SUN56_ENV
diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c
index 7077ec9a0..5fa060f7d 100644
--- a/src/pam/afs_setcred.c
+++ b/src/pam/afs_setcred.c
@@ -50,7 +50,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
     char my_password_buf[256];
     char *cell_ptr = NULL;
     char sbuffer[100];
-    int torch_password = 1;
+    char *torch_password = NULL;
     int auth_ok = 0;
     char *lh;
     PAM_CONST char *user = NULL;
@@ -202,7 +202,6 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	} else if (password[0] == '\0') {
 	    /* Actually we *did* get one but it was empty. */
 	    got_authtok = 1;
-	    torch_password = 0;
 	    /* So don't use it. */
 	    password = NULL;
 	    if (use_first_pass) {
@@ -214,7 +213,6 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	} else {
 	    if (logmask && LOG_MASK(LOG_DEBUG))
 		pam_afs_syslog(LOG_DEBUG, PAMAFS_GOTPASS, user);
-	    torch_password = 0;
 	    got_authtok = 1;
 	}
 	if (!(use_first_pass || try_first_pass)) {
@@ -225,8 +223,6 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	if (password == NULL) {
 	    char *prompt_password;
 
-	    torch_password = 1;
-
 	    if (use_first_pass)
 		RET(PAM_AUTH_ERR);	/* shouldn't happen */
 	    if (try_first_pass)
@@ -260,7 +256,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 	    my_password_buf[sizeof(my_password_buf) - 1] = '\0';
 	    memset(prompt_password, 0, strlen(prompt_password));
 	    free(prompt_password);
-	    password = my_password_buf;
+	    password = torch_password = my_password_buf;
 	}
 	/*
 	 * We only set a PAG here, if we haven't got one before in
@@ -322,7 +318,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 
 	/* pam_sm_authenticate should have set this
 	 * if (auth_ok && !got_authtok) {
-	 *     torch_password = 0;
+	 *     torch_password = NULL;
 	 *     (void) pam_set_item(pamh, PAM_AUTHTOK, password);
 	 * }
 	 */
@@ -354,7 +350,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
 
   out:
     if (password && torch_password)
-	memset((char*)password, 0, strlen(password));
+	memset(torch_password, 0, strlen(torch_password));
     (void)setlogmask(origmask);
 #ifndef AFS_SUN56_ENV
     closelog();