From 3ea39166d64d2e66cddef015734c2f91548423af Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Sat, 16 Apr 2011 11:22:54 -0400 Subject: [PATCH] pam: Clear up PAM_CONST related warnings on Linux Commit 78d1f8d8 expanded the use of PAM_CONST and introduced many new warnings on Linux where pam expects "const" arguments. This clears up the warnings by doing the following: - Cast "user" to char * when kalling ka* functions - Change the signature of pam_afs_prompt and pam_afs_printf to use PAM_CONST - Use a separate non-const password pointer for pam_afs_prompt Change-Id: I460e1d1ca763f0aea5edcdaa208b9d4b8299ded0 Reviewed-on: http://gerrit.openafs.org/4487 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Derrick Brashear --- src/pam/afs_auth.c | 31 ++++++++++++++++--------------- src/pam/afs_pam_msg.c | 4 ++-- src/pam/afs_pam_msg.h | 4 ++-- src/pam/afs_password.c | 25 +++++++++++++------------ src/pam/afs_setcred.c | 4 ++-- 5 files changed, 35 insertions(+), 33 deletions(-) diff --git a/src/pam/afs_auth.c b/src/pam/afs_auth.c index fe18df98b..83e472d81 100644 --- a/src/pam/afs_auth.c +++ b/src/pam/afs_auth.c @@ -220,6 +220,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, try_auth: if (password == NULL) { + char *prompt_password; torch_password = 1; @@ -233,12 +234,12 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, RET(PAM_AUTH_ERR); } - errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT); - if (errcode != PAM_SUCCESS || password == NULL) { + errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT); + if (errcode != PAM_SUCCESS || prompt_password == NULL) { pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED); RET(PAM_AUTH_ERR); } - if (password[0] == '\0') { + if (prompt_password[0] == '\0') { pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user); RET(PAM_NEW_AUTHTOK_REQD); } @@ -251,10 +252,10 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, * later, and free this storage now. */ - strncpy(my_password_buf, password, sizeof(my_password_buf)); + strncpy(my_password_buf, prompt_password, sizeof(my_password_buf)); my_password_buf[sizeof(my_password_buf) - 1] = '\0'; - memset(password, 0, strlen(password)); - free(password); + memset(prompt_password, 0, strlen(prompt_password)); + free(prompt_password); password = my_password_buf; } @@ -309,19 +310,19 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "in child"); if (refresh_token || set_token) - code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* default lifetime */ &password_expires, 0, /* spare 2 */ &reason /* error string */ ); else - code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ ); if (code) { @@ -360,18 +361,18 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "dont_fork"); if (refresh_token || set_token) - code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* default lifetime */ &password_expires, 0, /* spare 2 */ &reason /* error string */ ); else - code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ ); if (logmask && LOG_MASK(LOG_DEBUG)) @@ -413,7 +414,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, char *tmp = strdup(password); (void)pam_set_data(pamh, pam_afs_lh, tmp, lc_cleanup); if (torch_password) - memset(password, 0, strlen(password)); + memset((char *)password, 0, strlen(password)); } (void)setlogmask(origmask); #ifndef AFS_SUN56_ENV diff --git a/src/pam/afs_pam_msg.c b/src/pam/afs_pam_msg.c index bcbbc135a..29b89fca2 100644 --- a/src/pam/afs_pam_msg.c +++ b/src/pam/afs_pam_msg.c @@ -19,7 +19,7 @@ int -pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...) +pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...) { va_list args; char buf[PAM_MAX_MSG_SIZE]; @@ -53,7 +53,7 @@ pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...) int -pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo, +pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo, int fmt_msgid, ...) { va_list args; diff --git a/src/pam/afs_pam_msg.h b/src/pam/afs_pam_msg.h index c7e31654e..e8524869f 100644 --- a/src/pam/afs_pam_msg.h +++ b/src/pam/afs_pam_msg.h @@ -11,9 +11,9 @@ #define AFS_PAM_MSG_H -int pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...); +int pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...); -int pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo, +int pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo, int fmt_msgid, ...); diff --git a/src/pam/afs_password.c b/src/pam/afs_password.c index 6ca838fdc..d8c772849 100644 --- a/src/pam/afs_password.c +++ b/src/pam/afs_password.c @@ -164,6 +164,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) } if (password == NULL) { + char *prompt_password; torch_password = 1; if (use_first_pass) RET(PAM_AUTH_ERR); /* shouldn't happen */ @@ -174,12 +175,12 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) RET(PAM_AUTH_ERR); } - errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT); - if (errcode != PAM_SUCCESS || password == NULL) { + errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT); + if (errcode != PAM_SUCCESS || prompt_password == NULL) { pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED); RET(PAM_AUTH_ERR); } - if (password[0] == '\0') { + if (prompt_password[0] == '\0') { pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user); RET(PAM_NEW_AUTHTOK_REQD); } @@ -191,17 +192,17 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) * this storage, copy it to a buffer that won't need to be freed * later, and free this storage now. */ - strncpy(my_password_buf, password, sizeof(my_password_buf)); + strncpy(my_password_buf, prompt_password, sizeof(my_password_buf)); my_password_buf[sizeof(my_password_buf) - 1] = '\0'; - memset(password, 0, strlen(password)); - free(password); + memset(prompt_password, 0, strlen(password)); + free(prompt_password); password = my_password_buf; } - if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, /* kerberos name */ + if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, (char *)user, /* kerberos name */ NULL, /* instance */ NULL, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ )) != 0) { pam_afs_syslog(LOG_ERR, PAMAFS_LOGIN_FAILED, user, reason); @@ -271,10 +272,10 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) strcpy(realm, localcell); strcpy(cell, realm); /* oldkey is not used in ka_ChangePassword (only for ka_auth) */ - ka_StringToKey(password, realm, &oldkey); + ka_StringToKey((char *)password, realm, &oldkey); ka_StringToKey(new_password, realm, &newkey); if ((code = - ka_GetAdminToken(user, instance, realm, &oldkey, 20, &token, + ka_GetAdminToken((char *)user, instance, realm, &oldkey, 20, &token, 0)) != 0) { pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code); RET(PAM_AUTH_ERR); @@ -285,7 +286,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code); RET(PAM_AUTH_ERR); } - if ((code = ka_ChangePassword(user, /* kerberos name */ + if ((code = ka_ChangePassword((char *)user, /* kerberos name */ instance, /* instance */ conn, /* conn */ 0, /* old password unused */ @@ -300,7 +301,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) out: if (password && torch_password) { - memset(password, 0, strlen(password)); + memset((char *)password, 0, strlen(password)); } (void)setlogmask(origmask); #ifndef AFS_SUN56_ENV diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c index bd03c11a4..8c3f68f61 100644 --- a/src/pam/afs_setcred.c +++ b/src/pam/afs_setcred.c @@ -279,7 +279,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) auth_ok = !do_klog(user, password, "00:00:01", cell_ptr); ktc_ForgetAllTokens(); } else { - if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ password, /* password */ @@ -298,7 +298,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) if (use_klog) auth_ok = !do_klog(user, password, NULL, cell_ptr); else { - if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ password, /* password */ -- 2.39.5