From fe2d1b6615a43ad6ba3e0df50e3643b7a9476131 Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Sat, 16 Apr 2011 11:22:54 -0400 Subject: [PATCH] pam: Clear up PAM_CONST related warnings on Linux Commit 78d1f8d8 expanded the use of PAM_CONST and introduced many new warnings on Linux where pam expects "const" arguments. This clears up the warnings by doing the following: - Cast "user" to char * when kalling ka* functions - Change the signature of pam_afs_prompt and pam_afs_printf to use PAM_CONST - Use a separate non-const password pointer for pam_afs_prompt Reviewed-on: http://gerrit.openafs.org/4487 Tested-by: BuildBot Reviewed-by: Andrew Deason Reviewed-by: Derrick Brashear (cherry picked from commit 3ea39166d64d2e66cddef015734c2f91548423af) Change-Id: I16179a1c8b9d0e53c90b54733d1c5130f1d23153 Reviewed-on: http://gerrit.openafs.org/6293 Reviewed-by: Derrick Brashear Tested-by: Derrick Brashear --- src/pam/afs_auth.c | 31 ++++++++++++++++--------------- src/pam/afs_pam_msg.c | 4 ++-- src/pam/afs_pam_msg.h | 4 ++-- src/pam/afs_password.c | 25 +++++++++++++------------ src/pam/afs_setcred.c | 4 ++-- 5 files changed, 35 insertions(+), 33 deletions(-) diff --git a/src/pam/afs_auth.c b/src/pam/afs_auth.c index 39c465b503..502f2c8b02 100644 --- a/src/pam/afs_auth.c +++ b/src/pam/afs_auth.c @@ -224,6 +224,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, try_auth: if (password == NULL) { + char *prompt_password; torch_password = 1; @@ -237,12 +238,12 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, RET(PAM_AUTH_ERR); } - errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT); - if (errcode != PAM_SUCCESS || password == NULL) { + errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT); + if (errcode != PAM_SUCCESS || prompt_password == NULL) { pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED); RET(PAM_AUTH_ERR); } - if (password[0] == '\0') { + if (prompt_password[0] == '\0') { pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user); RET(PAM_NEW_AUTHTOK_REQD); } @@ -255,10 +256,10 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, * later, and free this storage now. */ - strncpy(my_password_buf, password, sizeof(my_password_buf)); + strncpy(my_password_buf, prompt_password, sizeof(my_password_buf)); my_password_buf[sizeof(my_password_buf) - 1] = '\0'; - memset(password, 0, strlen(password)); - free(password); + memset(prompt_password, 0, strlen(prompt_password)); + free(prompt_password); password = my_password_buf; } @@ -313,19 +314,19 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "in child"); if (refresh_token || set_token) - code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* default lifetime */ &password_expires, 0, /* spare 2 */ &reason /* error string */ ); else - code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ ); if (code) { @@ -364,18 +365,18 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, if (logmask && LOG_MASK(LOG_DEBUG)) syslog(LOG_DEBUG, "dont_fork"); if (refresh_token || set_token) - code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* default lifetime */ &password_expires, 0, /* spare 2 */ &reason /* error string */ ); else - code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + code = ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ ); if (logmask && LOG_MASK(LOG_DEBUG)) @@ -417,7 +418,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, char *tmp = strdup(password); (void)pam_set_data(pamh, pam_afs_lh, tmp, lc_cleanup); if (torch_password) - memset(password, 0, strlen(password)); + memset((char *)password, 0, strlen(password)); } (void)setlogmask(origmask); #ifndef AFS_SUN56_ENV diff --git a/src/pam/afs_pam_msg.c b/src/pam/afs_pam_msg.c index e554612837..4ec87826b6 100644 --- a/src/pam/afs_pam_msg.c +++ b/src/pam/afs_pam_msg.c @@ -21,7 +21,7 @@ int -pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...) +pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...) { va_list args; char buf[PAM_MAX_MSG_SIZE]; @@ -55,7 +55,7 @@ pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...) int -pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo, +pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo, int fmt_msgid, ...) { va_list args; diff --git a/src/pam/afs_pam_msg.h b/src/pam/afs_pam_msg.h index c7e31654e8..e8524869f8 100644 --- a/src/pam/afs_pam_msg.h +++ b/src/pam/afs_pam_msg.h @@ -11,9 +11,9 @@ #define AFS_PAM_MSG_H -int pam_afs_printf(struct pam_conv *pam_convp, int error, int fmt_msgid, ...); +int pam_afs_printf(PAM_CONST struct pam_conv *pam_convp, int error, int fmt_msgid, ...); -int pam_afs_prompt(struct pam_conv *pam_convp, char **response, int echo, +int pam_afs_prompt(PAM_CONST struct pam_conv *pam_convp, char **response, int echo, int fmt_msgid, ...); diff --git a/src/pam/afs_password.c b/src/pam/afs_password.c index a296b14d1e..d5372e9c67 100644 --- a/src/pam/afs_password.c +++ b/src/pam/afs_password.c @@ -168,6 +168,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) } if (password == NULL) { + char *prompt_password; torch_password = 1; if (use_first_pass) RET(PAM_AUTH_ERR); /* shouldn't happen */ @@ -178,12 +179,12 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) RET(PAM_AUTH_ERR); } - errcode = pam_afs_prompt(pam_convp, &password, 0, PAMAFS_PWD_PROMPT); - if (errcode != PAM_SUCCESS || password == NULL) { + errcode = pam_afs_prompt(pam_convp, &prompt_password, 0, PAMAFS_PWD_PROMPT); + if (errcode != PAM_SUCCESS || prompt_password == NULL) { pam_afs_syslog(LOG_ERR, PAMAFS_GETPASS_FAILED); RET(PAM_AUTH_ERR); } - if (password[0] == '\0') { + if (prompt_password[0] == '\0') { pam_afs_syslog(LOG_INFO, PAMAFS_NILPASSWORD, user); RET(PAM_NEW_AUTHTOK_REQD); } @@ -195,17 +196,17 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) * this storage, copy it to a buffer that won't need to be freed * later, and free this storage now. */ - strncpy(my_password_buf, password, sizeof(my_password_buf)); + strncpy(my_password_buf, prompt_password, sizeof(my_password_buf)); my_password_buf[sizeof(my_password_buf) - 1] = '\0'; - memset(password, 0, strlen(password)); - free(password); + memset(prompt_password, 0, strlen(password)); + free(prompt_password); password = my_password_buf; } - if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, /* kerberos name */ + if ((code = ka_VerifyUserPassword(KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, (char *)user, /* kerberos name */ NULL, /* instance */ NULL, /* realm */ - password, /* password */ + (char *)password, /* password */ 0, /* spare 2 */ &reason /* error string */ )) != 0) { pam_afs_syslog(LOG_ERR, PAMAFS_LOGIN_FAILED, user, reason); @@ -275,10 +276,10 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) strcpy(realm, localcell); strcpy(cell, realm); /* oldkey is not used in ka_ChangePassword (only for ka_auth) */ - ka_StringToKey(password, realm, &oldkey); + ka_StringToKey((char *)password, realm, &oldkey); ka_StringToKey(new_password, realm, &newkey); if ((code = - ka_GetAdminToken(user, instance, realm, &oldkey, 20, &token, + ka_GetAdminToken((char *)user, instance, realm, &oldkey, 20, &token, 0)) != 0) { pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code); RET(PAM_AUTH_ERR); @@ -289,7 +290,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) pam_afs_syslog(LOG_ERR, PAMAFS_KAERROR, code); RET(PAM_AUTH_ERR); } - if ((code = ka_ChangePassword(user, /* kerberos name */ + if ((code = ka_ChangePassword((char *)user, /* kerberos name */ instance, /* instance */ conn, /* conn */ 0, /* old password unused */ @@ -304,7 +305,7 @@ pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) out: if (password && torch_password) { - memset(password, 0, strlen(password)); + memset((char *)password, 0, strlen(password)); } (void)setlogmask(origmask); #ifndef AFS_SUN56_ENV diff --git a/src/pam/afs_setcred.c b/src/pam/afs_setcred.c index d5dcf4e8f1..ec8398f769 100644 --- a/src/pam/afs_setcred.c +++ b/src/pam/afs_setcred.c @@ -285,7 +285,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) auth_ok = !do_klog(user, password, "00:00:01", cell_ptr); ktc_ForgetAllTokens(); } else { - if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, user, /* kerberos name */ + if (ka_VerifyUserPassword(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ (char*)password, /* password */ @@ -304,7 +304,7 @@ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv) if (use_klog) auth_ok = !do_klog(user, password, NULL, cell_ptr); else { - if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, user, /* kerberos name */ + if (ka_UserAuthenticateGeneral(KA_USERAUTH_VERSION, (char *)user, /* kerberos name */ NULL, /* instance */ cell_ptr, /* realm */ (char*)password, /* password */