Date: Thu, 11 Dec 2003 08:41:51 -0800 (PST) From: Dag-Erling Smorgrav <des@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 43812 for review Message-ID: <200312111641.hBBGfpfP021723@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=43812 Change 43812 by des@des.at.des.thinksec.com on 2003/12/11 08:41:17 I originally thought the XSSO was wrong to declare pam_get_data()'s final argument as void ** rather than const void **, but having seen the strict aliasing warnings gcc generates at higher -O levels, it makes a lot more sense. Change the prototype and definition back to what the XSSO specifies, and make the necessary changes to avoid warnings in code that calls pam_get_data(). Affected files ... .. //depot/projects/openpam/include/security/pam_appl.h#14 edit .. //depot/projects/openpam/lib/openpam_borrow_cred.c#11 edit .. //depot/projects/openpam/lib/openpam_restore_cred.c#10 edit .. //depot/projects/openpam/lib/pam_get_authtok.c#27 edit .. //depot/projects/openpam/lib/pam_get_data.c#13 edit .. //depot/projects/openpam/lib/pam_get_user.c#19 edit .. //depot/projects/openpam/lib/pam_vprompt.c#13 edit Differences ... ==== //depot/projects/openpam/include/security/pam_appl.h#14 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/include/security/pam_appl.h#13 $ + * $P4: //depot/projects/openpam/include/security/pam_appl.h#14 $ */ #ifndef _PAM_APPL_H_INCLUDED @@ -71,7 +71,7 @@ int pam_get_data(pam_handle_t *_pamh, const char *_module_data_name, - const void **_data); + void **_data); int pam_get_item(pam_handle_t *_pamh, ==== //depot/projects/openpam/lib/openpam_borrow_cred.c#11 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#10 $ + * $P4: //depot/projects/openpam/lib/openpam_borrow_cred.c#11 $ */ #include <sys/param.h> @@ -57,11 +57,12 @@ const struct passwd *pwd) { struct pam_saved_cred *scred; + void *scredp; int r; ENTERI(pwd->pw_uid); - r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); - if (r == PAM_SUCCESS && scred != NULL) { + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); + if (r == PAM_SUCCESS && scredp != NULL) { openpam_log(PAM_LOG_DEBUG, "already operating under borrowed credentials"); RETURNC(PAM_SYSTEM_ERR); ==== //depot/projects/openpam/lib/openpam_restore_cred.c#10 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#9 $ + * $P4: //depot/projects/openpam/lib/openpam_restore_cred.c#10 $ */ #include <sys/param.h> @@ -56,14 +56,16 @@ openpam_restore_cred(pam_handle_t *pamh) { struct pam_saved_cred *scred; + void *scredp; int r; ENTER(); - r = pam_get_data(pamh, PAM_SAVED_CRED, (const void **)&scred); + r = pam_get_data(pamh, PAM_SAVED_CRED, &scredp); if (r != PAM_SUCCESS) RETURNC(r); - if (scred == NULL) + if (scredp == NULL) RETURNC(PAM_SYSTEM_ERR); + scred = scredp; if (scred->euid != geteuid()) { if (seteuid(scred->euid) < 0 || setgroups(scred->ngroups, scred->groups) < 0 || ==== //depot/projects/openpam/lib/pam_get_authtok.c#27 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#26 $ + * $P4: //depot/projects/openpam/lib/pam_get_authtok.c#27 $ */ #include <sys/param.h> @@ -60,7 +60,7 @@ const char **authtok, const char *prompt) { - const void *oldauthtok; + const void *oldauthtok, *prevauthtok, *promptp; const char *default_prompt; char *resp, *resp2; int pitem, r, style, twice; @@ -90,16 +90,20 @@ } if (openpam_get_option(pamh, "try_first_pass") || openpam_get_option(pamh, "use_first_pass")) { - r = pam_get_item(pamh, item, (const void **)authtok); - if (r == PAM_SUCCESS && *authtok != NULL) + r = pam_get_item(pamh, item, &prevauthtok); + if (r == PAM_SUCCESS && prevauthtok != NULL) { + *authtok = prevauthtok; RETURNC(PAM_SUCCESS); + } else if (openpam_get_option(pamh, "use_first_pass")) RETURNC(r == PAM_SUCCESS ? PAM_AUTH_ERR : r); } if (prompt == NULL) { - r = pam_get_item(pamh, pitem, (const void **)&prompt); - if (r != PAM_SUCCESS || prompt == NULL) + r = pam_get_item(pamh, pitem, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) prompt = default_prompt; + else + prompt = promptp; } style = openpam_get_option(pamh, "echo_pass") ? PAM_PROMPT_ECHO_ON : PAM_PROMPT_ECHO_OFF; ==== //depot/projects/openpam/lib/pam_get_data.c#13 (text+ko) ==== @@ -31,9 +31,10 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_data.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_get_data.c#13 $ */ +#include <stdint.h> #include <string.h> #include <security/pam_appl.h> @@ -50,18 +51,19 @@ int pam_get_data(pam_handle_t *pamh, const char *module_data_name, - const void **data) + void **data) { pam_data_t *dp; ENTERS(module_data_name); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); - for (dp = pamh->module_data; dp != NULL; dp = dp->next) + for (dp = pamh->module_data; dp != NULL; dp = dp->next) { if (strcmp(dp->name, module_data_name) == 0) { - *data = dp->data; + *data = (void *)(intptr_t)dp->data; RETURNC(PAM_SUCCESS); } + } RETURNC(PAM_NO_MODULE_DATA); } ==== //depot/projects/openpam/lib/pam_get_user.c#19 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_get_user.c#18 $ + * $P4: //depot/projects/openpam/lib/pam_get_user.c#19 $ */ #include <sys/param.h> @@ -57,6 +57,7 @@ const char **user, const char *prompt) { + const void *promptp; char *resp; int r; @@ -67,9 +68,11 @@ if (r == PAM_SUCCESS && *user != NULL) RETURNC(PAM_SUCCESS); if (prompt == NULL) { - r = pam_get_item(pamh, PAM_USER_PROMPT, (const void **)&prompt); - if (r != PAM_SUCCESS || prompt == NULL) + r = pam_get_item(pamh, PAM_USER_PROMPT, &promptp); + if (r != PAM_SUCCESS || promptp == NULL) prompt = user_prompt; + else + prompt = promptp; } r = pam_prompt(pamh, PAM_PROMPT_ECHO_ON, &resp, "%s", prompt); if (r != PAM_SUCCESS) ==== //depot/projects/openpam/lib/pam_vprompt.c#13 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/lib/pam_vprompt.c#12 $ + * $P4: //depot/projects/openpam/lib/pam_vprompt.c#13 $ */ #include <stdarg.h> @@ -59,13 +59,15 @@ struct pam_message msg; const struct pam_message *msgp; struct pam_response *rsp; - struct pam_conv *conv; + const struct pam_conv *conv; + const void *convp; int r; ENTER(); - r = pam_get_item(pamh, PAM_CONV, (const void **)&conv); + r = pam_get_item(pamh, PAM_CONV, &convp); if (r != PAM_SUCCESS) RETURNC(r); + conv = convp; if (conv == NULL || conv->conv == NULL) { openpam_log(PAM_LOG_ERROR, "no conversation function"); RETURNC(PAM_SYSTEM_ERR);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312111641.hBBGfpfP021723>