jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pam: Clear up PAM_CONST related warnings on Linux

Browse Source 
Commit 78d1f8d8 expanded the use of PAM_CONST and introduced many
new warnings on Linux where pam expects "const" arguments.

This clears up the warnings by doing the following:
- Cast "user" to char * when kalling ka* functions
- Change the signature of pam_afs_prompt and pam_afs_printf to use
PAM_CONST
- Use a separate non-const password pointer for pam_afs_prompt

Reviewed-on: http://gerrit.openafs.org/4487
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
(cherry picked from commit 3ea39166d64d2e66cddef015734c2f91548423af)

Change-Id: I16179a1c8b9d0e53c90b54733d1c5130f1d23153
Reviewed-on: http://gerrit.openafs.org/6293
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
This commit is contained in:
Marc Dionne 2011-04-16 11:22:54 -04:00 committed by Derrick Brashear
parent 71d5f66e86
commit fe2d1b6615
5 changed files with 35 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/pam/afs_auth.c
View File

@ -224,6 +224,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
try_auth:
if (password == NULL) {
char *prompt_password;
torch_password = 1;
@ -237,12 +238,12 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
RET(PAM_AUTH_ERR);
}
errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT);
if (errcode != PAM_SUCCESS || password == NULL) {
errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT);
if (errcode != PAM_SUCCESS || prompt_password == NULL) {
pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED);
RET(PAM_AUTH_ERR);
}
if (password[0] == '\0') {
if (prompt_password[0] == '\0') {
pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user);
RET(PAM_NEW_AUTHTOK_REQD);
}
@ -255,10 +256,10 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
* later, and free this storage now.
*/
strncpy(my_password_buf, password, sizeof(my_password_buf));
strncpy(my_password_buf, prompt_password, sizeof(my_password_buf));
my_password_buf[sizeof(my_password_buf) - 1] = '\0';
memset(password, 0, strlen(password));
free(password);
memset(prompt_password, 0, strlen(prompt_password));
free(prompt_password);
password = my_password_buf;
}
@ -313,19 +314,19 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
if (logmask && LOG_MASK(LOG_DEBUG))
syslog(LOG_DEBUG, "in child");
if (refresh_token || set_token)
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
password, /* password */
(char *)password, /* password */
0, /* default lifetime */
&password_expires, 0, /* spare 2 */
&reason
/* error string */ );
else
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
password, /* password */
(char *)password, /* password */
0, /* spare 2 */
&reason /* error string */ );
if (code) {
@ -364,18 +365,18 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
if (logmask && LOG_MASK(LOG_DEBUG))
syslog(LOG_DEBUG, "dont_fork");
if (refresh_token || set_token)
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */
code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
password, /* password */
(char *)password, /* password */
0, /* default lifetime */
&password_expires, 0, /* spare 2 */
&reason /* error string */ );
else
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */
code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
password, /* password */
(char *)password, /* password */
0, /* spare 2 */
&reason /* error string */ );
if (logmask && LOG_MASK(LOG_DEBUG))
@ -417,7 +418,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc,
char *tmp = strdup(password);
(void)pam_set_data(pamh, pam_afs_lh, tmp, lc_cleanup);
if (torch_password)
memset(password, 0, strlen(password));
memset((char *)password, 0, strlen(password));
}
(void)setlogmask(origmask);
#ifndef AFS_SUN56_ENV

4
src/pam/afs_pam_msg.c
View File

@ -21,7 +21,7 @@
int
pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...)
pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...)
{
va_list args;
char buf[PAM_MAX_MSG_SIZE];
@ -55,7 +55,7 @@ pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...)
int
pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo,
pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo,
int fmt_msgid, ...)
{
va_list args;

4
src/pam/afs_pam_msg.h
View File

@ -11,9 +11,9 @@
#define AFS_PAM_MSG_H
int pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...);
int pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...);
int pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo,
int pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo,
int fmt_msgid, ...);

25
src/pam/afs_password.c
View File

@ -168,6 +168,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
}
if (password == NULL) {
char *prompt_password;
torch_password = 1;
if (use_first_pass)
RET(PAM_AUTH_ERR); /* shouldn't happen */
@ -178,12 +179,12 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
RET(PAM_AUTH_ERR);
}
errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT);
if (errcode != PAM_SUCCESS || password == NULL) {
errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT);
if (errcode != PAM_SUCCESS || prompt_password == NULL) {
pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED);
RET(PAM_AUTH_ERR);
}
if (password[0] == '\0') {
if (prompt_password[0] == '\0') {
pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user);
RET(PAM_NEW_AUTHTOK_REQD);
}
@ -195,17 +196,17 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
* this storage, copy it to a buffer that won't need to be freed
* later, and free this storage now.
*/
strncpy(my_password_buf, password, sizeof(my_password_buf));
strncpy(my_password_buf, prompt_password, sizeof(my_password_buf));
my_password_buf[sizeof(my_password_buf) - 1] = '\0';
memset(password, 0, strlen(password));
free(password);
memset(prompt_password, 0, strlen(password));
free(prompt_password);
password = my_password_buf;
}
if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, /* kerberos name */
if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, (char *)user, /* kerberos name */
NULL, /* instance */
NULL, /* realm */
password, /* password */
(char *)password, /* password */
0, /* spare 2 */
&reason /* error string */ )) != 0) {
pam_afs_syslog(LOG_ERR, PAMAFS_LOGIN_FAILED, user, reason);
@ -275,10 +276,10 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
strcpy(realm, localcell);
strcpy(cell, realm);
/* oldkey is not used in ka_ChangePassword (only for ka_auth) */
ka_StringToKey(password, realm, &oldkey);
ka_StringToKey((char *)password, realm, &oldkey);
ka_StringToKey(new_password, realm, &newkey);
if ((code =
ka_GetAdminToken(user, instance, realm, &oldkey, 20, &token,
ka_GetAdminToken((char *)user, instance, realm, &oldkey, 20, &token,
0)) != 0) {
pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code);
RET(PAM_AUTH_ERR);
@ -289,7 +290,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code);
RET(PAM_AUTH_ERR);
}
if ((code = ka_ChangePassword(user, /* kerberos name */
if ((code = ka_ChangePassword((char *)user, /* kerberos name */
instance, /* instance */
conn, /* conn */
0, /* old password unused */
@ -304,7 +305,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv)
out:
if (password && torch_password) {
memset(password, 0, strlen(password));
memset((char *)password, 0, strlen(password));
}
(void)setlogmask(origmask);
#ifndef AFS_SUN56_ENV

4
src/pam/afs_setcred.c
View File

@ -285,7 +285,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
auth_ok = !do_klog(user, password, "00:00:01", cell_ptr);
ktc_ForgetAllTokens();
} else {
if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */
if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
(char*)password, /* password */
@ -304,7 +304,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
if (use_klog)
auth_ok = !do_klog(user, password, NULL, cell_ptr);
else {
if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */
if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */
NULL, /* instance */
cell_ptr, /* realm */
(char*)password, /* password */