From 1a3668c1bdc2e5944b88b314956430994f1668e5 Mon Sep 17 00:00:00 2001 From: Andrew Deason Date: Mon, 25 Apr 2011 13:53:52 -0500 Subject: [PATCH] pam: Password is const in setcred afs_setcred.c gets the "password" pointer from pam_get_data, which always gives a const pointer (unlike pam_get_item used in afs_auth.c &c, which sometimes gives a const or not-const pointer, depending on the PAM implementation). So, declare password const, to get better type checking. Reviewed-on: http://gerrit.openafs.org/4553 Tested-by: BuildBot Reviewed-by: Derrick Brashear (cherry picked from commit 94a9b2afd82b6729ddceb7ef736ddeb039e0ae1b) Change-Id: I3171babfbdf29e7aa543a17f7dd543deedc9b30c Reviewed-on: http://gerrit.openafs.org/6294 Tested-by: Derrick Brashear Reviewed-by: Derrick Brashear --- src/pam/afs_setcred.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c index ff11322f6..d5dcf4e8f 100644 --- a/src/pam/afs_setcred.c +++ b/src/pam/afs_setcred.c @@ -55,11 +55,11 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) char my_password_buf[256]; char *cell_ptr = NULL; char sbuffer[100]; - char *password = NULL; int torch_password = 1; int auth_ok = 0; char *lh; PAM_CONST char *user = NULL; + const char *password = NULL; int password_expires = -1; char *reason = NULL; struct passwd unix_pwd, *upwd = NULL; @@ -228,6 +228,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) try_auth: if (password == NULL) { + char *prompt_password; torch_password = 1; @@ -242,12 +243,12 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) } errcode = - pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT); - if (errcode != PAM_SUCCESS || password == NULL) { + pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT); + if (errcode != PAM_SUCCESS || prompt_password == NULL) { pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED); RET(PAM_AUTH_ERR); } - if (password[0] == '\0') { + if (prompt_password[0] == '\0') { if (logmask && LOG_MASK(LOG_DEBUG)) pam_afs_syslog(LOG_DEBUG, PAMAFS_NILPASSWORD); RET(PAM_NEW_AUTHTOK_REQD); @@ -260,10 +261,10 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) * later, and free this storage now. */ - strncpy(my_password_buf, password, sizeof(my_password_buf)); + strncpy(my_password_buf, prompt_password, sizeof(my_password_buf)); my_password_buf[sizeof(my_password_buf) - 1] = '\0'; - memset(password, 0, strlen(password)); - free(password); + memset(prompt_password, 0, strlen(prompt_password)); + free(prompt_password); password = my_password_buf; } /* @@ -287,7 +288,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char*)password, /* password */ 0, /* spare 2 */ &reason /* error string */ )) { @@ -306,7 +307,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char*)password, /* password */ 0, /* default lifetime */ &password_expires, 0, /* spare 2 */ &reason /* error string */ @@ -358,7 +359,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) out: if (password && torch_password) - memset(password, 0, strlen(password)); + memset((char*)password, 0, strlen(password)); (void)setlogmask(origmask); #ifndef AFS_SUN56_ENV closelog(); -- 2.39.5