Richard Shaffer (t8m)
* pam_limits: Don't reset process priority if none is specified in
the config file (Novell #81690 - kukuk)
+* Fix all occurrence of dereferencing type-punned pointer will break
+ strict-aliasing rules warnings (kukuk)
0.79: Thu Mar 31 16:48:45 CEST 2005
* pam_tally: added audit option (toady)
# include <unistd.h>
#endif"
-ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS LIBPAM_VERSION_MAJOR LIBPAM_VERSION_MINOR LOCALSRCDIR LOCALOBJDIR OS CONF_CFLAGS MKDIR SHLIBMODE MANMODE USESONAME SOSWITCH NEEDSONAME LDCONFIG CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT YACC LEX LEXLIB LEX_OUTPUT_ROOT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE WITH_DEBUG WITH_MEMORY_DEBUG WITH_LIBDEBUG WITH_PRELUDE FAKEROOT SECUREDIR SCONFIGDIR SUPLEMENTED INCLUDEDIR DOCDIR MANDIR WITH_PAMLOCKING PAM_READ_BOTH_CONFS STATIC_LIBPAM DYNAMIC_LIBPAM DYNAMIC STATIC WITH_LCKPWDF CPP EGREP PAM_NEEDS_LIBC HAVE_LCKPWDF LIBDL HAVE_LIBCRACK HAVE_LIBCRYPT HAVE_LIBUTIL HAVE_LIBNDBM HAVE_LIBDB HAVE_LIBFL HAVE_LIBNSL HAVE_LIBPWDB HAVE_LIBFLEX HAVE_LIBLEX HAVE_NDBM_H CRACKLIB_DICTPATH DYNTYPE OS_CFLAGS WARNINGS PIC LD LD_D LD_L RANLIB STRIP CC_STATIC LIBOBJS HAVE_SGML2TXT HAVE_SGML2HTML HAVE_SGML2LATEX HAVE_PS2PDF HAVE_SGML2PS PSER PS2PDF LTLIBOBJS'
+ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS LIBPAM_VERSION_MAJOR LIBPAM_VERSION_MINOR LOCALSRCDIR LOCALOBJDIR OS CONF_CFLAGS MKDIR SHLIBMODE MANMODE USESONAME SOSWITCH NEEDSONAME LDCONFIG CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT YACC LEX LEXLIB LEX_OUTPUT_ROOT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA LN_S SET_MAKE WITH_DEBUG WITH_MEMORY_DEBUG WITH_LIBDEBUG WITH_PRELUDE FAKEROOT SECUREDIR SCONFIGDIR SUPLEMENTED INCLUDEDIR DOCDIR MANDIR WITH_PAMLOCKING PAM_READ_BOTH_CONFS STATIC_LIBPAM DYNAMIC_LIBPAM DYNAMIC STATIC WITH_LCKPWDF CPP EGREP PAM_NEEDS_LIBC HAVE_LCKPWDF LIBDL HAVE_LIBCRACK HAVE_LIBCRYPT HAVE_LIBUTIL HAVE_LIBNDBM HAVE_LIBDB HAVE_LIBFL HAVE_LIBNSL HAVE_LIBSELINUX HAVE_LIBPWDB HAVE_LIBFLEX HAVE_LIBLEX HAVE_NDBM_H CRACKLIB_DICTPATH DYNTYPE OS_CFLAGS WARNINGS PIC LD LD_D LD_L RANLIB STRIP CC_STATIC LIBOBJS HAVE_SGML2TXT HAVE_SGML2HTML HAVE_SGML2LATEX HAVE_PS2PDF HAVE_SGML2PS PSER PS2PDF LTLIBOBJS'
ac_subst_files=''
# Initialize some variables set by options.
+echo "$as_me:$LINENO: checking for getfilecon in -lselinux" >&5
+echo $ECHO_N "checking for getfilecon in -lselinux... $ECHO_C" >&6
+if test "${ac_cv_lib_selinux_getfilecon+set}" = set; then
+ echo $ECHO_N "(cached) $ECHO_C" >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lselinux $LIBS"
+cat >conftest.$ac_ext <<_ACEOF
+/* confdefs.h. */
+_ACEOF
+cat confdefs.h >>conftest.$ac_ext
+cat >>conftest.$ac_ext <<_ACEOF
+/* end confdefs.h. */
+
+/* Override any gcc2 internal prototype to avoid an error. */
+#ifdef __cplusplus
+extern "C"
+#endif
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char getfilecon ();
+int
+main ()
+{
+getfilecon ();
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.$ac_objext conftest$ac_exeext
+if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
+ (eval $ac_link) 2>conftest.er1
+ ac_status=$?
+ grep -v '^ *+' conftest.er1 >conftest.err
+ rm -f conftest.er1
+ cat conftest.err >&5
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } &&
+ { ac_try='test -z "$ac_c_werror_flag"
+ || test ! -s conftest.err'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; } &&
+ { ac_try='test -s conftest$ac_exeext'
+ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
+ (eval $ac_try) 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }; }; then
+ ac_cv_lib_selinux_getfilecon=yes
+else
+ echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ac_cv_lib_selinux_getfilecon=no
+fi
+rm -f conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getfilecon" >&5
+echo "${ECHO_T}$ac_cv_lib_selinux_getfilecon" >&6
+if test $ac_cv_lib_selinux_getfilecon = yes; then
+ HAVE_LIBSELINUX=yes ; cat >>confdefs.h <<\_ACEOF
+#define HAVE_LIBSELINUX 1
+_ACEOF
+
+else
+ HAVE_LIBSELINUX=no
+fi
+
+
+
+if test $HAVE_LIBSELINUX = yes ; then
+ pwdblibs="$pwdblibs -lselinux"
+fi
if test $HAVE_LIBNSL = yes ; then
pwdblibs="$pwdblibs -lnsl"
fi
s,@HAVE_LIBDB@,$HAVE_LIBDB,;t t
s,@HAVE_LIBFL@,$HAVE_LIBFL,;t t
s,@HAVE_LIBNSL@,$HAVE_LIBNSL,;t t
+s,@HAVE_LIBSELINUX@,$HAVE_LIBSELINUX,;t t
s,@HAVE_LIBPWDB@,$HAVE_LIBPWDB,;t t
s,@HAVE_LIBFLEX@,$HAVE_LIBFLEX,;t t
s,@HAVE_LIBLEX@,$HAVE_LIBLEX,;t t
int main(int argc, char **argv)
{
pam_handle_t *pamh=NULL;
- const char *username=NULL;
+ const void *username=NULL;
const char *service="xsh";
int retcode;
break;
}
- pam_get_item(pamh, PAM_USER, (const void **) &username);
+ pam_get_item(pamh, PAM_USER, &username);
fprintf(stderr,
"The user [%s] has been authenticated and `logged in'\n",
- username);
+ (const char *)username);
/* this is always a really bad thing for security! */
system("/bin/sh");
/* pam_dispatch.c - handles module function dispatch */
/*
- * Copyright (c) 1998 Andrew G. Morgan <morgan@kernel.org>
+ * Copyright (c) 1998, 2005 Andrew G. Morgan <morgan@kernel.org>
*
* $Id$
*/
IF_NO_PAMH("_pam_dispatch_aux", pamh, PAM_SYSTEM_ERR);
if (h == NULL) {
- const char *service=NULL;
+ const void *service=NULL;
- (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+ (void) pam_get_item(pamh, PAM_SERVICE, &service);
_pam_system_log(LOG_ERR, "no modules loaded for `%s' service",
- service ? service:"<unknown>" );
+ service ? (const char *)service:"<unknown>" );
service = NULL;
return PAM_MUST_FAIL_CODE;
}
}
}
}
-
+
/* this means that we need to skip #action stacked modules */
do {
h = h->next;
return retval;
}
-
*/
struct login_info {
struct passwd *user;
- char *from;
+ const char *from;
const char *config_file;
const char *service;
};
match_func *);
static int user_match (pam_handle_t *, char *, struct login_info *);
static int from_match (pam_handle_t *, char *, struct login_info *);
-static int string_match (pam_handle_t *, char *, char *);
+static int string_match (pam_handle_t *, const char *, const char *);
/* login_access - match username/group and host/tty with access control file */
/* netgroup_match - match group against machine or user */
-static int netgroup_match(char *group, char *machine, char *user)
+static int netgroup_match(const char *group, const char *machine, const char *user)
{
static char *mydomain = NULL;
static int
from_match (pam_handle_t *pamh, char *tok, struct login_info *item)
{
- char *string = item->from;
- int tok_len;
- int str_len;
+ const char *string = item->from;
+ int tok_len;
+ int str_len;
/*
* If a token has the magic value "ALL" the match always succeeds. Return
/* string_match - match a string against one token */
static int
-string_match (pam_handle_t *pamh, char *tok, char *string)
+string_match (pam_handle_t *pamh, const char *tok, const char *string)
{
/*
,const char **argv)
{
struct login_info loginfo;
- const char *user=NULL, *service=NULL;
- char *from=NULL;
+ const char *user=NULL;
+ const void *service=NULL;
+ const void *void_from=NULL;
+ const char *from;
struct passwd *user_pw;
- if ((pam_get_item(pamh, PAM_SERVICE, (const void **)&service)
- != PAM_SUCCESS) || (service == NULL) || (*service == ' ')) {
+ if ((pam_get_item(pamh, PAM_SERVICE, &service)
+ != PAM_SUCCESS) || (service == NULL) ||
+ (*(const char *)service == ' ')) {
_log_err("cannot find the service name");
return PAM_ABORT;
}
/* remote host name */
- if (pam_get_item(pamh, PAM_RHOST, (const void **)&from)
+ if (pam_get_item(pamh, PAM_RHOST, &void_from)
!= PAM_SUCCESS) {
_log_err("cannot find the remote host name");
return PAM_ABORT;
}
+ from = void_from;
if ((from==NULL) || (*from=='\0')) {
/* local login, set tty name */
- if (pam_get_item(pamh, PAM_TTY, (const void **)&from) != PAM_SUCCESS
- || from == NULL) {
+ if (pam_get_item(pamh, PAM_TTY, &void_from) != PAM_SUCCESS
+ || void_from == NULL) {
D(("PAM_TTY not set, probing stdin"));
from = ttyname(STDIN_FILENO);
if (from == NULL) {
return PAM_ABORT;
}
}
+ else
+ from = void_from;
if (from[0] == '/') { /* full path */
from++;
struct pam_response **response)
{
int retval;
- struct pam_conv *conv = NULL;
-
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ const void *void_conv = NULL;
+ const struct pam_conv *conv;
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+ conv = (const struct pam_conv *)void_conv;
if ( retval == PAM_SUCCESS && conv ) {
retval = conv->conv(nargs, (const struct pam_message **)message,
response, conv->appdata_ptr);
const char *pass_new)
{
const char *msg = NULL;
- const char *user;
+ const void *user;
int retval;
if (pass_new == NULL || (pass_old && !strcmp(pass_old,pass_new))) {
*/
msg = password_check(opt, pass_old,pass_new);
if (!msg) {
- retval = pam_get_item(pamh, PAM_USER, (const void **)&user);
+ retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS || user == NULL) {
if (ctrl & PAM_DEBUG_ARG) {
_pam_log(LOG_ERR,"Can not get username");
} else if (flags & PAM_UPDATE_AUTHTOK) {
int retval;
- char *token1, *token2, *oldtoken;
+ char *token1, *token2;
+ const void *oldtoken;
struct pam_message msg[1],*pmsg[1];
struct pam_response *resp;
const char *cracklib_dictpath = CRACKLIB_DICTPATH;
char prompt[BUFSIZ];
D(("do update"));
- retval = pam_get_item(pamh, PAM_OLDAUTHTOK,
- (const void **)&oldtoken);
+ retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &oldtoken);
if (retval != PAM_SUCCESS) {
if (ctrl & PAM_DEBUG_ARG)
_pam_log(LOG_ERR,"Can not get old passwd");
*/
if (options.use_authtok == 1) {
- const char *item = NULL;
+ const void *item = NULL;
- retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &item);
+ retval = pam_get_item(pamh, PAM_AUTHTOK, &item);
if (retval != PAM_SUCCESS) {
/* very strange. */
_pam_log(LOG_ALERT
*/
{
- const char *item = NULL;
+ const void *item = NULL;
retval = pam_set_item(pamh, PAM_AUTHTOK, token1);
token2 = _pam_delete(token2);
if ( (retval != PAM_SUCCESS) ||
- ((retval = pam_get_item(pamh, PAM_AUTHTOK,
- (const void **)&item)
+ ((retval = pam_get_item(pamh, PAM_AUTHTOK, &item)
) != PAM_SUCCESS) ) {
_pam_log(LOG_CRIT, "error manipulating password");
continue;
static int state(pam_handle_t *pamh, const char *text)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
struct pam_message msg[1], *mesg[1];
struct pam_response *response;
- retval = pam_get_item(pamh, PAM_CONV, (const void **)&conv);
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+ conv = (const struct pam_conv *) void_conv;
+
if ((retval != PAM_SUCCESS) || (conv == NULL)) {
D(("failed to obtain conversation function"));
return PAM_ABORT;
}
PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
return parse_args(PAM_SUCCESS, "cred", pamh, argc, argv);
* $Id$
*
* Written by Dave Kinchlea <kinch@kinch.ark.com> 1997/01/31
- * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the
+ * Inspired by Andrew Morgan <morgan@kernel.org>, who also supplied the
* template for this file (via pam_mail)
*/
#define GOOD_LINE 0
#define BAD_LINE 100 /* This must be > the largest PAM_* error code */
-#define DEFINE_VAR 101
+#define DEFINE_VAR 101
#define UNDEFINE_VAR 102
#define ILLEGAL_VAR 103
static int _assemble_line(FILE *, char *, int);
static int _parse_line(char *, VAR *);
static int _check_var(pam_handle_t *, VAR *); /* This is the real meat */
-static void _clean_var(VAR *);
+static void _clean_var(VAR *);
static int _expand_arg(pam_handle_t *, char **);
static const char * _pam_get_item_byname(pam_handle_t *, const char *);
static int _define_var(pam_handle_t *, VAR *);
static int _undefine_var(pam_handle_t *, VAR *);
/* This is a flag used to designate an empty string */
-static char quote='Z';
+static char quote='Z';
/* some syslogging */
const char *file;
char buffer[BUF_SIZE];
FILE *conf;
- VAR Var, *var=&Var;
+ VAR Var, *var=&Var;
var->name=NULL; var->defval=NULL; var->override=NULL;
D(("Called."));
D(("Config file name is: %s", file));
- /*
- * Lets try to open the config file, parse it and process
+ /*
+ * Lets try to open the config file, parse it and process
* any variables found.
*/
if ((conf = fopen(file,"r")) == NULL) {
- _log_err(LOG_ERR, "Unable to open config file: %s",
+ _log_err(LOG_ERR, "Unable to open config file: %s",
strerror(errno));
return PAM_IGNORE;
}
retval = _check_var(pamh, var);
if (DEFINE_VAR == retval) {
- retval = _define_var(pamh, var);
+ retval = _define_var(pamh, var);
} else if (UNDEFINE_VAR == retval) {
- retval = _undefine_var(pamh, var);
- }
- }
- if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval
+ retval = _undefine_var(pamh, var);
+ }
+ }
+ if (PAM_SUCCESS != retval && ILLEGAL_VAR != retval
&& BAD_LINE != retval && PAM_BAD_ITEM != retval) break;
-
- _clean_var(var);
+
+ _clean_var(var);
} /* while */
-
+
(void) fclose(conf);
/* tidy up */
break;
}
}
-
+
(void) fclose(conf);
/* tidy up */
static int _parse_line(char *buffer, VAR *var)
{
- /*
- * parse buffer into var, legal syntax is
+ /*
+ * parse buffer into var, legal syntax is
* VARIABLE [DEFAULT=[[string]] [OVERRIDE=[value]]
*
- * Any other options defined make this a bad line,
+ * Any other options defined make this a bad line,
* error logged and no var set
*/
-
+
int length, quoteflg=0;
- char *ptr, **valptr, *tmpptr;
-
+ char *ptr, **valptr, *tmpptr;
+
D(("Called buffer = <%s>", buffer));
length = strcspn(buffer," \t\n");
-
+
if ((var->name = malloc(length + 1)) == NULL) {
_log_err(LOG_ERR, "Couldn't malloc %d bytes", length+1);
return PAM_BUF_ERR;
}
-
- /*
- * The first thing on the line HAS to be the variable name,
+
+ /*
+ * The first thing on the line HAS to be the variable name,
* it may be the only thing though.
*/
strncpy(var->name, buffer, length);
var->name[length] = '\0';
D(("var->name = <%s>, length = %d", var->name, length));
- /*
+ /*
* Now we check for arguments, we only support two kinds and ('cause I am lazy)
* each one can actually be listed any number of times
*/
-
+
ptr = buffer+length;
- while ((length = strspn(ptr, " \t")) > 0) {
+ while ((length = strspn(ptr, " \t")) > 0) {
ptr += length; /* remove leading whitespace */
D((ptr));
if (strncmp(ptr,"DEFAULT=",8) == 0) {
_log_err(LOG_ERR, "Unrecognized Option: %s - ignoring line", ptr);
return BAD_LINE;
}
-
+
if ('"' != *ptr) { /* Escaped quotes not supported */
length = strcspn(ptr, " \t\n");
tmpptr = ptr+length;
} else {
- tmpptr = strchr(++ptr, '"');
+ tmpptr = strchr(++ptr, '"');
if (!tmpptr) {
D(("Unterminated quoted string: %s", ptr-1));
_log_err(LOG_ERR, "Unterminated quoted string: %s", ptr-1);
return BAD_LINE;
}
- length = tmpptr - ptr;
+ length = tmpptr - ptr;
if (*++tmpptr && ' ' != *tmpptr && '\t' != *tmpptr && '\n' != *tmpptr) {
D(("Quotes must cover the entire string: <%s>", ptr));
_log_err(LOG_ERR, "Quotes must cover the entire string: <%s>", ptr);
}
ptr = tmpptr; /* Start the search where we stopped */
} /* while */
-
- /*
+
+ /*
* The line is parsed, all is well.
*/
-
+
D(("Exit."));
ptr = NULL; tmpptr = NULL; valptr = NULL;
return GOOD_LINE;
static int _check_var(pam_handle_t *pamh, VAR *var)
{
- /*
- * Examine the variable and determine what action to take.
+ /*
+ * Examine the variable and determine what action to take.
* Returns DEFINE_VAR, UNDEFINE_VAR depending on action to take
* or a PAM_* error code if passed back from other routines
*
* if no DEFAULT provided, the empty string is assumed
* if no OVERRIDE provided, the empty string is assumed
- * if DEFAULT= and OVERRIDE evaluates to the empty string,
+ * if DEFAULT= and OVERRIDE evaluates to the empty string,
* this variable should be undefined
- * if DEFAULT="" and OVERRIDE evaluates to the empty string,
+ * if DEFAULT="" and OVERRIDE evaluates to the empty string,
* this variable should be defined with no value
* if OVERRIDE=value and value turns into the empty string, DEFAULT is used
*
}
/* Now its easy */
-
- if (var->override && *(var->override) && "e != var->override) {
+
+ if (var->override && *(var->override) && "e != var->override) {
/* if there is a non-empty string in var->override, we use it */
D(("OVERRIDE variable <%s> being used: <%s>", var->name, var->override));
var->value = var->override;
retval = DEFINE_VAR;
} else {
-
+
var->value = var->defval;
if ("e == var->defval) {
- /*
- * This means that the empty string was given for defval value
+ /*
+ * This means that the empty string was given for defval value
* which indicates that a variable should be defined with no value
*/
*var->defval = '\0';
static int _expand_arg(pam_handle_t *pamh, char **value)
{
const char *orig=*value, *tmpptr=NULL;
- char *ptr; /*
- * Sure would be nice to use tmpptr but it needs to be
+ char *ptr; /*
+ * Sure would be nice to use tmpptr but it needs to be
* a constant so that the compiler will shut up when I
* call pam_getenv and _pam_get_item_byname -- sigh
*/
-
+
/* No unexpanded variable can be bigger than BUF_SIZE */
char type, tmpval[BUF_SIZE];
D(("Remember to initialize tmp!"));
memset(tmp, 0, MAX_ENV);
- /*
+ /*
* (possibly non-existent) environment variables can be used as values
* by prepending a "$" and wrapping in {} (ie: ${HOST}), can escape with "\"
- * (possibly non-existent) PAM items can be used as values
- * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape
+ * (possibly non-existent) PAM items can be used as values
+ * by prepending a "@" and wrapping in {} (ie: @{PAM_RHOST}, can escape
*
*/
D(("Expanding <%s>",orig));
++orig;
if ('$' != *orig && '@' != *orig) {
D(("Unrecognized escaped character: <%c> - ignoring", *orig));
- _log_err(LOG_ERR, "Unrecognized escaped character: <%c> - ignoring",
+ _log_err(LOG_ERR, "Unrecognized escaped character: <%c> - ignoring",
*orig);
} else if ((strlen(tmp) + 1) < MAX_ENV) {
tmp[strlen(tmp)] = *orig++; /* Note the increment */
tmp, tmpptr);
}
continue;
- }
+ }
if ('$' == *orig || '@' == *orig) {
if ('{' != *(orig+1)) {
D(("Expandable variables must be wrapped in {}"
type = *orig;
orig+=2; /* skip the ${ or @{ characters */
ptr = strchr(orig, '}');
- if (ptr) {
+ if (ptr) {
*ptr++ = '\0';
} else {
D(("Unterminated expandable variable: <%s>", orig-2));
strncpy(tmpval, orig, sizeof(tmpval));
tmpval[sizeof(tmpval)-1] = '\0';
orig=ptr;
- /*
- * so, we know we need to expand tmpval, it is either
+ /*
+ * so, we know we need to expand tmpval, it is either
* an environment variable or a PAM_ITEM. type will tell us which
*/
switch (type) {
-
+
case '$':
D(("Expanding env var: <%s>",tmpval));
tmpptr = pam_getenv(pamh, tmpval);
D(("Expanded to <%s>", tmpptr));
break;
-
+
case '@':
D(("Expanding pam item: <%s>",tmpval));
tmpptr = _pam_get_item_byname(pamh, tmpval);
_log_err(LOG_CRIT, "Impossible error, type == <%c>", type);
return PAM_ABORT;
} /* switch */
-
+
if (tmpptr) {
if ((strlen(tmp) + strlen(tmpptr)) < MAX_ENV) {
strcat(tmp, tmpptr);
static const char * _pam_get_item_byname(pam_handle_t *pamh, const char *name)
{
- /*
+ /*
* This function just allows me to use names as given in the config
* file and translate them into the appropriate PAM_ITEM macro
*/
int item;
- const char *itemval;
+ const void *itemval;
D(("Called."));
if (strcmp(name, "PAM_USER") == 0) {
_log_err(LOG_ERR, "Unknown PAM_ITEM: <%s>", name);
return NULL;
}
-
- if (pam_get_item(pamh, item, (const void **)&itemval) != PAM_SUCCESS) {
+
+ if (pam_get_item(pamh, item, &itemval) != PAM_SUCCESS) {
D(("pam_get_item failed"));
return NULL; /* let pam_get_item() log the error */
}
static int _define_var(pam_handle_t *pamh, VAR *var)
{
/* We have a variable to define, this is a simple function */
-
+
char *envvar;
int size, retval=PAM_SUCCESS;
-
+
D(("Called."));
size = strlen(var->name)+strlen(var->value)+2;
if ((envvar = malloc(size)) == NULL) {
static int _undefine_var(pam_handle_t *pamh, VAR *var)
{
/* We have a variable to undefine, this is a simple function */
-
+
D(("Called and exit."));
return pam_putenv(pamh, var->name);
}
static void _clean_var(VAR *var)
{
if (var->name) {
- free(var->name);
+ free(var->name);
}
if (var->defval && ("e != var->defval)) {
- free(var->defval);
+ free(var->defval);
}
if (var->override && ("e != var->override)) {
- free(var->override);
+ free(var->override);
}
var->name = NULL;
var->value = NULL; /* never has memory specific to it */
PAM_EXTERN
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc,
const char **argv)
-{
+{
return PAM_IGNORE;
}
-PAM_EXTERN
-int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN
+int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
/*
* this module sets environment variables read in from a file
*/
-
+
D(("Called."));
ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv);
retval = _parse_env_file(pamh, ctrl, &env_file);
/* indicate success or failure */
-
+
D(("Exit."));
return retval;
}
-PAM_EXTERN
-int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN
+int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
_log_err(LOG_NOTICE, "pam_sm_acct_mgmt called inappropriatly");
return PAM_SERVICE_ERR;
}
-
+
PAM_EXTERN
int pam_sm_open_session(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
int retval, ctrl, readenv=DEFAULT_READ_ENVFILE;
char *conf_file=NULL, *env_file=NULL;
-
+
/*
* this module sets environment variables read in from a file
*/
-
+
D(("Called."));
ctrl = _pam_parse(flags, argc, argv, &conf_file, &env_file, &readenv);
-
+
retval = _parse_config_file(pamh, ctrl, &conf_file);
-
+
if(readenv && retval == PAM_SUCCESS)
retval = _parse_env_file(pamh, ctrl, &env_file);
/* indicate success or failure */
-
+
D(("Exit."));
return retval;
}
return PAM_SUCCESS;
}
-PAM_EXTERN
-int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
+PAM_EXTERN
+int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
_log_err(LOG_NOTICE, "pam_sm_chauthtok called inappropriatly");
*evp = NULL;
} else {
char **levp;
- const char *tmp;
+ const char *user = NULL;
+ const void *tmp;
int i,size, retval;
*filtername = *++argv;
#define SERVICE_OFFSET 8 /* strlen('SERVICE='); */
#define SERVICE_NAME "SERVICE="
- retval = pam_get_item(pamh, PAM_SERVICE, (const void **)&tmp);
+ retval = pam_get_item(pamh, PAM_SERVICE, &tmp);
if (retval != PAM_SUCCESS || tmp == NULL) {
_pam_log(LOG_CRIT,"service name not found");
if (levp) {
#define USER_OFFSET 5 /* strlen('USER='); */
#define USER_NAME "USER="
- tmp = NULL;
- pam_get_user(pamh, &tmp, NULL);
- if (tmp == NULL) {
- tmp = "<unknown>";
+ pam_get_user(pamh, &user, NULL);
+ if (user == NULL) {
+ user = "<unknown>";
}
- size = USER_OFFSET+strlen(tmp);
+ size = USER_OFFSET+strlen(user);
levp[2] = (char *) malloc(size+1);
if (levp[2] == NULL) {
}
strncpy(levp[2],USER_NAME,USER_OFFSET);
- strcpy(levp[2]+USER_OFFSET, tmp);
+ strcpy(levp[2]+USER_OFFSET, user);
levp[2][size] = '\0'; /* <NUL> terminate */
/* the "USER" variable */
static int set_the_terminal(pam_handle_t *pamh)
{
- const char *tty;
+ const void *tty;
- if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
+ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS
|| tty == NULL) {
tty = ttyname(STDIN_FILENO);
if (tty == NULL) {
, (const char **)evp, filterfile);
}
- if (retval == PAM_SUCCESS
+ if (retval == PAM_SUCCESS
&& !(ctrl & NON_TERM) && (ctrl & NEW_TERM)) {
retval = set_the_terminal(pamh);
if (retval != PAM_SUCCESS) {
, struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
D(("begin to converse\n"));
- retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ;
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+ conv = (const struct pam_conv *)void_conv;
if ( retval == PAM_SUCCESS && conv ) {
retval = conv->conv(nargs, ( const struct pam_message ** ) message
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags
, int argc, const char **argv)
{
- const char *service=NULL, *tty=NULL;
+ const void *service=NULL, *void_tty=NULL;
const char *user=NULL;
+ const char *tty;
int retval;
unsigned setting;
/* set service name */
- if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service)
+ if (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || service == NULL) {
_log_err("cannot find the current service name");
return PAM_ABORT;
/* set tty name */
- if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
- || tty == NULL) {
+ if (pam_get_item(pamh, PAM_TTY, &void_tty) != PAM_SUCCESS
+ || void_tty == NULL) {
D(("PAM_TTY not set, probing stdin"));
tty = ttyname(STDIN_FILENO);
if (tty == NULL) {
return PAM_ABORT;
}
}
+ else
+ tty = (const char *) void_tty;
if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */
tty += 5;
FILE *fd;
int parse_esc = 1;
char *prompt_tmp = NULL;
- const char *cur_prompt = NULL;
+ const void *cur_prompt = NULL;
struct stat st;
char *issue_file = NULL;
return PAM_IGNORE;
}
- retval = pam_get_item(pamh, PAM_USER_PROMPT,
- (const void **) &cur_prompt);
+ retval = pam_get_item(pamh, PAM_USER_PROMPT, &cur_prompt);
if (retval != PAM_SUCCESS) {
fclose(fd);
if (issue_file)
, struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
D(("begin to converse"));
- retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ;
+ retval = pam_get_item( pamh, PAM_CONV, &void_conv ) ;
+ conv = (const struct pam_conv *)void_conv;
if ( retval == PAM_SUCCESS && conv) {
retval = conv->conv(nargs, ( const struct pam_message ** ) message
/* write latest value */
{
time_t ll_time;
- const char *remote_host=NULL
- , *terminal_line=DEFAULT_TERM;
+ const void *remote_host=NULL
+ , *void_terminal_line=DEFAULT_TERM;
+ const char *terminal_line;
/* set this login date */
D(("set the most recent login time"));
last_login.ll_time = ll_time;
/* set the remote host */
- (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host);
+ (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
if (remote_host == NULL) {
remote_host = DEFAULT_HOST;
}
remote_host = NULL;
/* set the terminal line */
- (void) pam_get_item(pamh, PAM_TTY, (const void **)&terminal_line);
+ (void) pam_get_item(pamh, PAM_TTY, &void_terminal_line);
+ terminal_line = void_terminal_line;
D(("terminal = %s", terminal_line));
if (terminal_line == NULL) {
terminal_line = DEFAULT_TERM;
, const char **argv)
{
int retval, ctrl;
- const char *user;
+ const void *user;
const struct passwd *pwd;
uid_t uid;
/* which user? */
- retval = pam_get_item(pamh, PAM_USER, (const void **)&user);
- if (retval != PAM_SUCCESS || user == NULL || *user == '\0') {
+ retval = pam_get_item(pamh, PAM_USER, &user);
+ if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0') {
_log_err(LOG_NOTICE, "user unknown");
return PAM_USER_UNKNOWN;
}
static void _pam_log(int err, const char *format, ...)
{
va_list args;
-
+
va_start(args, format);
vsyslog(LOG_AUTH | err, format, args);
va_end(args);
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int retval, i, citem=0, extitem=0, onerr=PAM_SERVICE_ERR, sense=2;
+ const void *void_citemp;
const char *citemp;
char *ifname=NULL;
char aline[256];
free(ifname);
return onerr;
} else if(
- (apply_type==APPLY_TYPE_NONE) ||
+ (apply_type==APPLY_TYPE_NONE) ||
((apply_type!=APPLY_TYPE_NULL) && (*apply_val=='\0'))
) {
_pam_log(LOG_ERR,
LOCAL_LOG_PREFIX "Invalid usage for apply= parameter");
return onerr;
}
-
+
/* Check if it makes sense to use the apply= parameter */
if (apply_type != APPLY_TYPE_NULL) {
if((citem==PAM_USER) || (citem==PAM_RUSER)) {
apply_type=APPLY_TYPE_NULL;
}
}
-
+
/* Short-circuit - test if this session apply for this user */
{
const char *user_name;
int rval;
-
+
rval=pam_get_user(pamh,&user_name,NULL);
if((rval==PAM_SUCCESS) && user_name && user_name[0]) {
/* Got it ? Valid ? */
}
}
- retval = pam_get_item(pamh,citem,(const void **)&citemp);
+ retval = pam_get_item(pamh,citem,&void_citemp);
+ citemp = void_citemp;
if(retval != PAM_SUCCESS) {
return onerr;
}
|| !S_ISREG(fileinfo.st_mode)) {
/* If the file is world writable or is not a
normal file, return error */
- _pam_log(LOG_ERR,LOCAL_LOG_PREFIX
+ _pam_log(LOG_ERR,LOCAL_LOG_PREFIX
"%s is either world writable or not a normal file",
ifname);
free(ifname);
return PAM_SUCCESS;
}
else {
- const char *service, *user_name;
+ const void *service;
+ const char *user_name;
#ifdef DEBUG
_pam_log(LOG_INFO,LOCAL_LOG_PREFIX
"Returning PAM_AUTH_ERR, retval = %d", retval);
#endif
- (void) pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
+ (void) pam_get_item(pamh, PAM_SERVICE, &service);
(void) pam_get_user(pamh, &user_name, NULL);
_pam_log(LOG_ALERT,LOCAL_LOG_PREFIX "Refused user %s for service %s",
user_name, service);
#endif /* PAM_STATIC */
/* end of module definition */
-
, struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
D(("begin to converse"));
- retval = pam_get_item( pamh, PAM_CONV, (const void **) &conv ) ;
+ retval = pam_get_item( pamh, PAM_CONV, &void_conv ) ;
+ conv = (const struct pam_conv *) void_conv;
if ( retval == PAM_SUCCESS && conv ) {
retval = conv->conv(nargs, ( const struct pam_message ** ) message
}
/* put folder together */
-
+
hashcount = hashcount < strlen(user) ? hashcount : strlen(user);
if (ctrl & PAM_HOME_MAIL) {
,struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
D(("begin to converse"));
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+ conv = (const struct pam_conv *)void_conv;
if (retval == PAM_SUCCESS && conv)
{
,const char **argv)
{
int retval, ctrl;
- const char *user;
+ const void *user;
const struct passwd *pwd;
struct stat St;
ctrl = _pam_parse(flags, argc, argv);
/* Determine the user name so we can get the home directory */
- retval = pam_get_item(pamh, PAM_USER, (const void **) &user);
- if (retval != PAM_SUCCESS || user == NULL || *user == '\0')
+ retval = pam_get_item(pamh, PAM_USER, &user);
+ if (retval != PAM_SUCCESS || user == NULL || *(const char *)user == '\0')
{
_log_err(LOG_NOTICE, "user unknown");
return PAM_USER_UNKNOWN;
*
* Based off of:
* $Id$
- *
+ *
* Written by Michael K. Johnson <johnsonm@redhat.com> 1996/10/24
*
*/
int fd;
char *mtmp=NULL;
char *motd_path=NULL;
- struct pam_conv *conversation;
+ const void *void_conv;
+ const struct pam_conv *conversation;
struct pam_message message;
struct pam_message *pmessage = &message;
struct pam_response *resp = NULL;
close(fd);
/* Use conversation function to give user contents of motd */
- if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation) ==
- PAM_SUCCESS && conversation) {
+ if (pam_get_item(pamh, PAM_CONV, &void_conv) ==
+ PAM_SUCCESS && void_conv) {
+ conversation = void_conv;
conversation->conv(1, (const struct pam_message **)&pmessage,
&resp, conversation->appdata_ptr);
if (resp)
char *mtmp=NULL;
struct passwd *user_pwd;
- struct pam_conv *conversation;
+ const void *void_conv;
+ const struct pam_conv *conversation;
struct pam_message message;
struct pam_message *pmessage = &message;
struct pam_response *resp = NULL;
mtmp[st.st_size] = '\000';
/*
- * Use conversation function to give user contents
+ * Use conversation function to give user contents
* of /etc/nologin
*/
- if (pam_get_item(pamh, PAM_CONV, (const void **)&conversation)
- == PAM_SUCCESS && conversation && conversation->conv) {
- (void) conversation->conv(1,
+ if (pam_get_item(pamh, PAM_CONV, &void_conv)
+ == PAM_SUCCESS && void_conv &&
+ ((const struct pam_conv *)void_conv)->conv) {
+ conversation = void_conv;
+ (void) conversation->conv(1,
(const struct pam_message **)&pmessage,
&resp, conversation->appdata_ptr);
, const char *prompt)
{
int retval;
- const char *current;
+ const void *current;
- retval = pam_get_item (pamh, PAM_RHOST, (const void **)¤t);
+ retval = pam_get_item (pamh, PAM_RHOST, ¤t);
if (retval != PAM_SUCCESS)
return retval;
const char *prompt)
{
int retval;
- const char *current;
+ const void *current;
- retval = pam_get_item (pamh, PAM_RUSER, (const void **)¤t);
+ retval = pam_get_item (pamh, PAM_RUSER, ¤t);
if (retval != PAM_SUCCESS) {
return retval;
}
struct hostent *hp;
U32 laddr;
int negate=1; /* Multiply return with this to get -1 instead of 1 */
- char **pp, *user;
+ char **pp;
+ const void *user;
/* Check nis netgroup. We assume that pam has done all needed
paranoia checking before we are handed the rhost */
negate=-1;
lhost++;
} else if (strcmp("+",lhost) == 0) {
- (void) pam_get_item(pamh, PAM_USER, (const void **)&user);
+ (void) pam_get_item(pamh, PAM_USER, &user);
D(("user %s has a `+' host entry", user));
if (opts->opt_promiscuous)
return (1); /* asking for trouble, but ok.. */
ruser is user id on remote host
rhost is the remote host name
*/
- char *user;
+ const void *user;
/* [-+]@netgroup */
if (strncmp("+@",luser,2) == 0)
/* + */
if (strcmp("+",luser) == 0) {
- (void) pam_get_item(pamh, PAM_USER, (const void **)&user);
- _pam_log(LOG_WARNING, "user %s has a `+' user entry", user);
+ (void) pam_get_item(pamh, PAM_USER, &user);
+ _pam_log(LOG_WARNING, "user %s has a `+' user entry",
+ (const char *) user);
if (opts->opt_promiscuous)
return(1);
/* If not promiscuous we handle it as a negative match */
{
int retval = PAM_AUTH_ERR;
const char *username;
- char *uttyname;
+ const char *uttyname;
+ const void *void_uttyname;
char ttyfileline[256];
char ptname[256];
struct stat ttyfileinfo;
return PAM_SUCCESS;
}
- retval = pam_get_item(pamh, PAM_TTY, (const void **)&uttyname);
+ retval = pam_get_item(pamh, PAM_TTY, &void_uttyname);
+ uttyname = void_uttyname;
if (retval != PAM_SUCCESS || uttyname == NULL) {
if (ctrl & PAM_DEBUG_ARG) {
_pam_log(LOG_WARNING, "cannot determine user's tty");
#include <selinux/selinux.h>
#include <selinux/context.h>
-static int send_text( struct pam_conv *conv, const char *text, int debug) {
+static int
+send_text (const struct pam_conv *conv, const char *text, int debug)
+{
struct pam_message message;
const struct pam_message *messages[] = {&message};
struct pam_response *responses;
* This function sends a message to the user and gets the response. The caller
* is responsible for freeing the responses.
*/
-static int query_response( struct pam_conv *conv, const char *text,
- struct pam_response **responses, int debug) {
+static int
+query_response (const struct pam_conv *conv, const char *text,
+ struct pam_response **responses, int debug)
+{
struct pam_message message;
const struct pam_message *messages[] = {&message};
select_context (pam_handle_t *pamh, security_context_t* contextlist,
int debug)
{
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
- if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS &&
- conv) {
+ if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS &&
+ void_conv) {
+ conv = void_conv;
if (conv->conv != NULL) {
struct pam_response *responses;
char *text=calloc(PATH_MAX,1);
}
static security_context_t
-manual_context (pam_handle_t *pamh, char *user, int debug)
+manual_context (pam_handle_t *pamh, const char *user, int debug)
{
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
security_context_t newcon;
context_t new_context;
int mls_enabled = is_selinux_mls_enabled();
- if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS) {
+ if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS) {
+ conv = void_conv;
if (conv && conv->conv != NULL) {
struct pam_response *responses;
static void
verbose_message(pam_handle_t *pamh, char *msg, int debug)
{
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
struct pam_message message;
const struct pam_message *messages[] = {&message};
struct pam_response *responses;
- if (pam_get_item(pamh, PAM_CONV, (const void**) &conv) == PAM_SUCCESS) {
+ if (pam_get_item(pamh, PAM_CONV, &void_conv) == PAM_SUCCESS) {
+ conv = void_conv;
if (conv && conv->conv != NULL) {
char text[PATH_MAX];
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
int i, debug = 0, ttys=1, has_tty=isatty(0), verbose=0, multiple=0, close_session=0;
- int ret=0;
- security_context_t* contextlist=NULL;
+ int ret = 0;
+ security_context_t* contextlist = NULL;
int num_contexts = 0;
- char *username=NULL;
- const char *tty=NULL;
+ const void *username = NULL;
+ const void *tty = NULL;
/* Parse arguments. */
for (i = 0; i < argc; i++) {
if (!(selinux_enabled = is_selinux_enabled()>0) )
return PAM_SUCCESS;
- if (pam_get_item(pamh, PAM_USER, (const void**)&username) != PAM_SUCCESS ||
+ if (pam_get_item(pamh, PAM_USER, &username) != PAM_SUCCESS ||
username == NULL) {
return PAM_AUTH_ERR;
}
if (has_tty) {
user_context = manual_context(pamh,username,debug);
if (user_context == NULL) {
- syslog (LOG_ERR, _("Unable to get valid context for %s"), username);
+ syslog (LOG_ERR, _("Unable to get valid context for %s"),
+ (const char *)username);
return PAM_AUTH_ERR;
}
} else {
- syslog (LOG_ERR, _("Unable to get valid context for %s, No valid tty"), username);
+ syslog (LOG_ERR,
+ _("Unable to get valid context for %s, No valid tty"),
+ (const char *)username);
return PAM_AUTH_ERR;
}
}
}
if (ttys) {
/* Get the name of the terminal. */
- if (pam_get_item(pamh, PAM_TTY, (const void**)&tty) != PAM_SUCCESS) {
+ if (pam_get_item(pamh, PAM_TTY, &tty) != PAM_SUCCESS) {
tty = NULL;
}
}
if (ret) {
syslog(LOG_ERR, _("Error! Unable to set %s executable context %s."),
- username, user_context);
+ (const char *)username, user_context);
freecon(user_context);
return PAM_AUTH_ERR;
} else {
if (debug)
syslog(LOG_NOTICE, _("%s: set %s security context to %s"),MODULE,
- username, user_context);
+ (const char *)username, user_context);
}
freecon(user_context);
, struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
- retval = pam_get_item(pamh,PAM_CONV,(const void **)&conv);
+ retval = pam_get_item(pamh,PAM_CONV,&void_conv);
+ conv = void_conv;
if (retval == PAM_SUCCESS && conv) {
retval = conv->conv(nargs, (const struct pam_message **) message
, response, conv->appdata_ptr);
static int stress_get_password(pam_handle_t *pamh, int flags
, int ctrl, char **password)
{
+ const void *pam_pass;
char *pass;
if ( (ctrl & (PAM_ST_TRY_PASS1|PAM_ST_USE_PASS1))
- && (pam_get_item(pamh,PAM_AUTHTOK,(const void **)&pass)
+ && (pam_get_item(pamh,PAM_AUTHTOK,&pam_pass)
== PAM_SUCCESS)
- && (pass != NULL) ) {
- if ((pass = strdup(pass)) == NULL)
+ && (pam_pass != NULL) ) {
+ if ((pass = strdup(pam_pass)) == NULL)
return PAM_BUF_ERR;
} else if ((ctrl & PAM_ST_USE_PASS1)) {
_pam_log(LOG_WARNING, "pam_stress: no forwarded password");
/* if we are debugging then we print the password */
if (ctrl & PAM_ST_DEBUG) {
- (void) pam_get_item(pamh,PAM_AUTHTOK,(const void **)&pass);
+ const void *pam_pass;
+ (void) pam_get_item(pamh,PAM_AUTHTOK,&pam_pass);
_pam_log(LOG_DEBUG,
- "pam_st_authenticate: password entered is: [%s]\n",pass);
- pass = NULL;
+ "pam_st_authenticate: password entered is: [%s]\n",pam_pass);
}
/* if we signal a fail for this function then fail */
int pam_sm_open_session(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- char *username,*service;
+ const void *username, *service;
int ctrl = _pam_parse(argc,argv);
D(("called. [post parsing]"));
_pam_report(ctrl,"pam_sm_open_session", flags, argc, argv);
- if ((pam_get_item(pamh, PAM_USER, (const void **) &username)
+ if ((pam_get_item(pamh, PAM_USER, &username)
!= PAM_SUCCESS || !username)
- || (pam_get_item(pamh, PAM_SERVICE, (const void **) &service)
+ || (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || !service)) {
_pam_log(LOG_WARNING,"pam_sm_open_session: for whom?");
return PAM_SESSION_ERR;
int pam_sm_close_session(pam_handle_t *pamh, int flags,
int argc, const char **argv)
{
- const char *username,*service;
+ const void *username, *service;
int ctrl = _pam_parse(argc,argv);
D(("called. [post parsing]"));
_pam_report(ctrl,"pam_sm_close_session", flags, argc, argv);
- if ((pam_get_item(pamh, PAM_USER, (const void **)&username)
+ if ((pam_get_item(pamh, PAM_USER, &username)
!= PAM_SUCCESS || !username)
- || (pam_get_item(pamh, PAM_SERVICE, (const void **)&service)
+ || (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || !service)) {
_pam_log(LOG_WARNING,"pam_sm_close_session: for whom?");
return PAM_SESSION_ERR;
} else if (flags & PAM_UPDATE_AUTHTOK) { /* second call */
struct pam_message msg[3],*pmsg[3];
struct pam_response *resp;
- const char *text;
+ const void *text;
char *txt=NULL;
int i;
if ( !(ctrl && PAM_ST_EXPIRED)
&& (flags & PAM_CHANGE_EXPIRED_AUTHTOK)
- && (pam_get_data(pamh,"stress_new_pwd",(const void **)&text)
+ && (pam_get_data(pamh,"stress_new_pwd", &text)
!= PAM_SUCCESS || strcmp(text,"yes"))) {
return PAM_SUCCESS; /* the token has not expired */
}
/* set up for conversation */
if (!(flags & PAM_SILENT)) {
- char *username;
+ const void *username;
- if ( pam_get_item(pamh, PAM_USER, (const void **)&username)
+ if ( pam_get_item(pamh, PAM_USER, &username)
|| username == NULL ) {
_pam_log(LOG_ERR,"no username set");
return PAM_USER_UNKNOWN;
return PAM_AUTHTOK_ERR;
}
- if (pam_get_item(pamh,PAM_AUTHTOK,(const void **)&text)
+ if (pam_get_item(pamh,PAM_AUTHTOK,&text)
== PAM_SUCCESS) {
(void) pam_set_item(pamh,PAM_OLDAUTHTOK,text);
text = NULL;
if (ret != PAM_SUCCESS) {
return ret;
}
-
+
return cmp(l, r) ? PAM_SUCCESS : PAM_AUTH_ERR;
}
int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
- const char *prompt;
+ const void *prompt;
const char *user;
struct passwd *pwd;
int ret, i, count, use_uid, debug;
int quiet_fail, quiet_succ;
/* Get the user prompt. */
- ret = pam_get_item(pamh, PAM_USER_PROMPT, (const void**) &prompt);
+ ret = pam_get_item(pamh, PAM_USER_PROMPT, &prompt);
if ((ret != PAM_SUCCESS) || (prompt == NULL) || (strlen(prompt) == 0)) {
prompt = "login: ";
}
FILE
*TALLY = NULL;
- const char
+ const void
*remote_host = NULL,
*cur_tty = NULL;
struct fail_s fs, *fsp = &fs;
fsp->fs_faillog.fail_time = *oldtime;
}
}
- (void) pam_get_item(pamh, PAM_RHOST, (const void **)&remote_host);
+ (void) pam_get_item(pamh, PAM_RHOST, &remote_host);
if (!remote_host) {
- (void) pam_get_item(pamh, PAM_TTY, (const void **)&cur_tty);
+ (void) pam_get_item(pamh, PAM_TTY, &cur_tty);
if (!cur_tty) {
strncpy(fsp->fs_faillog.fail_line, "unknown",
sizeof(fsp->fs_faillog.fail_line) - 1);
#define PAM_TIME_BUFLEN 1000
#define FIELD_SEPARATOR ';' /* this is new as of .02 */
-#ifdef TRUE
-# undef TRUE
-#endif
-#ifdef FALSE
-# undef FALSE
+#ifdef TRUE
+# undef TRUE
+#endif
+#ifdef FALSE
+# undef FALSE
#endif
typedef enum { FALSE, TRUE } boolean;
fd = -1; /* end of file reached */
} else
*to += i;
-
+
/*
* contract the buffer. Delete any comments, and replace all
* multiple spaces with single commas
PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh,int flags,int argc
,const char **argv)
{
- const char *service=NULL, *tty=NULL;
+ const void *service=NULL, *void_tty=NULL;
+ const char *tty;
const char *user=NULL;
/* set service name */
- if (pam_get_item(pamh, PAM_SERVICE, (const void **)&service)
+ if (pam_get_item(pamh, PAM_SERVICE, &service)
!= PAM_SUCCESS || service == NULL) {
_log_err("cannot find the current service name");
return PAM_ABORT;
/* set tty name */
- if (pam_get_item(pamh, PAM_TTY, (const void **)&tty) != PAM_SUCCESS
- || tty == NULL) {
+ if (pam_get_item(pamh, PAM_TTY, &void_tty) != PAM_SUCCESS
+ || void_tty == NULL) {
D(("PAM_TTY not set, probing stdin"));
tty = ttyname(STDIN_FILENO);
if (tty == NULL) {
return PAM_ABORT;
}
}
+ else
+ tty = void_tty;
if (strncmp("/dev/",tty,5) == 0) { /* strip leading /dev/ */
tty += 5;
int argc, const char **argv)
{
unsigned int ctrl;
- const char *uname;
+ const void *uname;
int retval, daysleft;
time_t curdays;
struct spwd *spent;
ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
- retval = pam_get_item(pamh, PAM_USER, (const void **) &uname);
+ retval = pam_get_item(pamh, PAM_USER, &uname);
D(("user = `%s'", uname));
if (retval != PAM_SUCCESS || uname == NULL) {
_log_err(LOG_ALERT, pamh
{
unsigned int ctrl;
int retval, *ret_data = NULL;
- const char *name, *p;
+ const char *name;
+ const void *p;
D(("called."));
,int argc, const char **argv)
{
int retval;
- int *pretval = NULL;
+ const void *pretval = NULL;
D(("called."));
D(("recovering return code from auth call"));
/* We will only find something here if UNIX_LIKE_AUTH is set --
don't worry about an explicit check of argv. */
- pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval);
+ pam_get_data(pamh, "unix_setcred_return", &pretval);
if(pretval) {
- retval = *pretval;
+ retval = *(const int *)pretval;
pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
D(("recovered data indicates that old retval was %d", retval));
}
}
}
-static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
+static int _do_setpass(pam_handle_t* pamh, const char *forwho,
+ const char *fromwhat,
char *towhat, unsigned int ctrl, int remember)
{
struct passwd *pwd = NULL;
retval = PAM_AUTHTOK_ERR;
goto done;
}
-
+
if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
if ((master=getNISserver(pamh)) != NULL) {
struct timeval timeout;
yppwd.newpw.pw_gecos = pwd->pw_gecos;
yppwd.newpw.pw_dir = pwd->pw_dir;
yppwd.newpw.pw_shell = pwd->pw_shell;
- yppwd.oldpass = fromwhat ? fromwhat : "";
+ yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup ("");
yppwd.newpw.pw_passwd = towhat;
D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho));
(xdrproc_t) xdr_int, (char *) &status,
timeout);
+ free (yppwd.oldpass);
+
if (err) {
_make_remark(pamh, ctrl, PAM_TEXT_INFO,
clnt_sperrno(err));
}
-done:
+done:
#ifdef USE_LCKPWDF
ulckpwdf();
#endif
,const char *pass_old
,const char *pass_new)
{
- const char *user;
+ const void *user;
const char *remark = NULL;
int retval = PAM_SUCCESS;
* checking this would be the place - AGM
*/
- retval = pam_get_item(pamh, PAM_USER, (const void **) &user);
+ retval = pam_get_item(pamh, PAM_USER, &user);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
_log_err(LOG_ERR, pamh, "Can not get username");
/* <DO NOT free() THESE> */
const char *user;
- char *pass_old, *pass_new;
+ const void *pass_old, *pass_new;
/* </DO NOT free() THESE> */
D(("called."));
,"(current) UNIX password: "
,NULL
,_UNIX_OLD_AUTHTOK
- ,(const char **) &pass_old);
+ ,&pass_old);
free(Announce);
if (retval != PAM_SUCCESS) {
if (off(UNIX_NOT_SET_PASS, ctrl)) {
retval = pam_get_item(pamh, PAM_OLDAUTHTOK
- ,(const void **) &pass_old);
+ ,&pass_old);
} else {
retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK
- ,(const void **) &pass_old);
+ ,&pass_old);
if (retval == PAM_NO_MODULE_DATA) {
retval = PAM_SUCCESS;
pass_old = NULL;
,"Enter new UNIX password: "
,"Retype new UNIX password: "
,_UNIX_NEW_AUTHTOK
- ,(const char **) &pass_new);
+ ,&pass_new);
if (retval != PAM_SUCCESS) {
if (on(UNIX_DEBUG, ctrl)) {
* password is acceptable.
*/
- if (pass_new[0] == '\0') { /* "\0" password = NULL */
+ if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */
pass_new = NULL;
}
retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
-/*
+/*
* $Id$
*
* Copyright information at end of file.
void _log_err(int err, pam_handle_t *pamh, const char *format,...)
{
- char *service = NULL;
+ const void *service = NULL;
char logname[256];
va_list args;
- pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+ pam_get_item(pamh, PAM_SERVICE, &service);
if (service) {
strncpy(logname, service, sizeof(logname));
logname[sizeof(logname) - 1 - strlen("(pam_unix)")] = '\0';
,struct pam_response **response)
{
int retval;
- struct pam_conv *conv;
+ const void *void_conv;
+ const struct pam_conv *conv;
D(("begin to converse"));
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+ conv = void_conv;
if (retval == PAM_SUCCESS) {
retval = conv->conv(nargs, (const struct pam_message **) message
static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err)
{
int quiet;
- const char *service = NULL;
- const char *ruser = NULL;
- const char *rhost = NULL;
- const char *tty = NULL;
+ const void *service = NULL;
+ const void *ruser = NULL;
+ const void *rhost = NULL;
+ const void *tty = NULL;
struct _pam_failed_auth *failure;
D(("called"));
/* log the number of authentication failures */
if (failure->count > 1) {
(void) pam_get_item(pamh, PAM_SERVICE,
- (const void **)&service);
+ &service);
(void) pam_get_item(pamh, PAM_RUSER,
- (const void **)&ruser);
+ &ruser);
(void) pam_get_item(pamh, PAM_RHOST,
- (const void **)&rhost);
+ &rhost);
(void) pam_get_item(pamh, PAM_TTY,
- (const void **)&tty);
+ &tty);
_log_err(LOG_NOTICE, pamh,
"%d more authentication failure%s; "
"logname=%s uid=%d euid=%d "
if (pwd != NULL) {
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
- { /* NIS+ */
+ { /* NIS+ */
uid_t save_euid, save_uid;
-
+
save_euid = geteuid();
save_uid = getuid();
if (save_uid == pwd->pw_uid)
return 0;
}
}
-
+
spwdent = _pammodutil_getspnam (pamh, name);
if (save_uid == pwd->pw_uid)
setreuid( save_uid, save_euid );
for (i=2; i < rlim.rlim_max; i++) {
if (fds[0] != i)
close(i);
- }
+ }
}
/* exec binary helper */
args[0] = x_strdup(CHKPWD_HELPER);
if (pwd != NULL) {
if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
- { /* NIS+ */
+ { /* NIS+ */
uid_t save_euid, save_uid;
-
+
save_euid = geteuid();
save_uid = getuid();
if (save_uid == pwd->pw_uid)
return PAM_CRED_INSUFFICIENT;
}
}
-
+
spwdent = _pammodutil_getspnam (pamh, name);
if (save_uid == pwd->pw_uid)
setreuid( save_uid, save_euid );
retval = PAM_SUCCESS;
if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) {
-
+
if (geteuid() || SELINUX_ENABLED) {
/* we are not root perhaps this is the reason? Run helper */
D(("running helper binary"));
if (new != NULL) {
const char *login_name;
+ const void *void_old;
+
login_name = _pammodutil_getlogin(pamh);
if (login_name == NULL) {
new->name = x_strdup(login_name);
/* any previous failures for this user ? */
- pam_get_data(pamh, data_name, (const void **) &old);
+ pam_get_data(pamh, data_name, &void_old);
+ old = void_old;
if (old != NULL) {
new->count = old->count + 1;
retval = PAM_MAXTRIES;
}
} else {
- const char *service=NULL;
- const char *ruser=NULL;
- const char *rhost=NULL;
- const char *tty=NULL;
+ const void *service=NULL;
+ const void *ruser=NULL;
+ const void *rhost=NULL;
+ const void *tty=NULL;
(void) pam_get_item(pamh, PAM_SERVICE,
- (const void **)&service);
+ &service);
(void) pam_get_item(pamh, PAM_RUSER,
- (const void **)&ruser);
+ &ruser);
(void) pam_get_item(pamh, PAM_RHOST,
- (const void **)&rhost);
+ &rhost);
(void) pam_get_item(pamh, PAM_TTY,
- (const void **)&tty);
+ &tty);
_log_err(LOG_NOTICE, pamh,
"authentication failure; "
,const char *prompt1
,const char *prompt2
,const char *data_name
- ,const char **pass)
+ ,const void **pass)
{
int authtok_flag;
int retval;
*/
if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) {
- retval = pam_get_item(pamh, authtok_flag, (const void **) pass);
+ retval = pam_get_item(pamh, authtok_flag, pass);
if (retval != PAM_SUCCESS) {
/* very strange. */
_log_err(LOG_ALERT, pamh
retval = pam_set_item(pamh, authtok_flag, token);
_pam_delete(token); /* clean it up */
if (retval != PAM_SUCCESS
- || (retval = pam_get_item(pamh, authtok_flag
- ,(const void **) pass))
+ || (retval = pam_get_item(pamh, authtok_flag, pass))
!= PAM_SUCCESS) {
*pass = NULL;
* 3. The name of the author may not be used to endorse or promote
* products derived from this software without specific prior
* written permission.
- *
+ *
* ALTERNATIVELY, this product may be distributed under the terms of
* the GNU Public License, in which case the provisions of the GPL are
* required INSTEAD OF the above restrictions. (This clause is
* necessary due to a potential bad interaction between the GPL and
* the restrictions contained in a BSD-style copyright.)
- *
+ *
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
,const char *prompt1
,const char *prompt2
,const char *data_name
- ,const char **pass);
+ ,const void **pass);
extern int _unix_shadowed(const struct passwd *pwd);
extern struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user);
struct pam_response **response)
{
int retval;
+ const void* void_conv;
const struct pam_conv *conv;
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv ) ;
+ retval = pam_get_item(pamh, PAM_CONV, &void_conv ) ;
+ conv = void_conv;
if (retval == PAM_SUCCESS)
retval = conv->conv(1, (const struct pam_message **)message,
response, conv->appdata_ptr);
-
+
return retval; /* propagate error status */
}
struct pam_response *resp;
int retval;
char * token = NULL;
-
+
pmsg[0] = &msg[0];
msg[0].msg_style = PAM_PROMPT_ECHO_OFF;
msg[0].msg = "Password: ";
retval = converse(pamh, pmsg, &resp);
if (resp != NULL) {
- const char * item;
+ const void *item;
/* interpret the response */
if (retval == PAM_SUCCESS) { /* a good conversation */
token = x_strdup(resp[0].resp);
retval = pam_set_item(pamh, PAM_AUTHTOK, token);
token = _pam_delete(token); /* clean it up */
if ( (retval != PAM_SUCCESS) ||
- (retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&item))
+ (retval = pam_get_item(pamh, PAM_AUTHTOK, &item))
!= PAM_SUCCESS ) {
return retval;
}
-
+
_pam_drop_reply(resp, 1);
} else {
retval = (retval == PAM_SUCCESS)
int argc, const char **argv)
{
const char *username;
- const char *password;
+ const void *password;
char *database = NULL;
char *cryptmode = NULL;
int retval = PAM_AUTH_ERR, ctrl;
* user anyway, so check for one and handle a failure for that case. If
* use_authtok wasn't specified, then we've already asked once and needn't
* do so again. */
- retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **) &password);
+ retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
if ((retval != PAM_SUCCESS) && ((ctrl & PAM_USE_AUTHTOK_ARG) != 0)) {
retval = conversation(pamh);
if (retval != PAM_SUCCESS) {
}
/* Get the password */
- retval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password);
+ retval = pam_get_item(pamh, PAM_AUTHTOK, &password);
if (retval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "Could not retrieve user's password");
return -2;
/* some syslogging */
#define OBTAIN(item, value, default_value) do { \
- (void) pam_get_item(pamh, item, (const void **) &value); \
+ (void) pam_get_item(pamh, item, &value); \
value = value ? value : default_value ; \
} while (0)
static void log_items(pam_handle_t *pamh, const char *function)
{
- const char *service=NULL, *user=NULL, *terminal=NULL,
+ const void *service=NULL, *user=NULL, *terminal=NULL,
*rhost=NULL, *ruser=NULL;
OBTAIN(PAM_SERVICE, service, "<unknown>");
const char *_pammodutil_getlogin(pam_handle_t *pamh)
{
int status;
- char *logname;
+ const void *logname;
+ const void *void_curr_tty;
const char *curr_tty;
char *curr_user;
struct utmp *ut, line;
- status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN,
- (const void **) &logname);
+ status = pam_get_data(pamh, _PAMMODUTIL_GETLOGIN, &logname);
if (status == PAM_SUCCESS) {
return logname;
}
- status = pam_get_item(pamh, PAM_TTY, (const void **) &curr_tty);
- if ((status != PAM_SUCCESS) || (curr_tty == NULL)) {
- curr_tty = ttyname(0);
- }
+ status = pam_get_item(pamh, PAM_TTY, &void_curr_tty);
+ if ((status != PAM_SUCCESS) || (void_curr_tty == NULL))
+ curr_tty = ttyname(0);
+ else
+ curr_tty = (const char*)void_curr_tty;
if ((curr_tty == NULL) || memcmp(curr_tty, "/dev/", 5)) {
return NULL;
goto clean_up_and_go_home;
}
- strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
+ strncpy(curr_user, ut->ut_user, sizeof(ut->ut_user));
/* calloc already zeroed the memory */
status = pam_set_data(pamh, _PAMMODUTIL_GETLOGIN, curr_user,
projects / linux-pam / commitdiff