summaryrefslogtreecommitdiff
path: root/source3/pam_smbpass
diff options
context:
space:
mode:
Diffstat (limited to 'source3/pam_smbpass')
-rw-r--r--source3/pam_smbpass/pam_smb_auth.c4
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c8
-rw-r--r--source3/pam_smbpass/support.c38
-rw-r--r--source3/pam_smbpass/support.h7
4 files changed, 42 insertions, 15 deletions
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 3dceb52c7d..b5a6a473b6 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -179,7 +179,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
retval = PAM_SUCCESS;
- pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+ _pam_get_data(pamh, "smb_setcred_return", &pretval);
if(pretval) {
retval = *pretval;
SAFE_FREE(pretval);
@@ -199,7 +199,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
int retval;
/* Get the authtok; if we don't have one, silently fail. */
- retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+ retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass );
if (retval != PAM_SUCCESS) {
_log_err( LOG_ALERT
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index b6de43ff97..dce6e01ae9 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -229,11 +229,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
*/
if (off( SMB_NOT_SET_PASS, ctrl )) {
- retval = pam_get_item( pamh, PAM_OLDAUTHTOK,
- (const void **)&pass_old );
+ retval = _pam_get_item( pamh, PAM_OLDAUTHTOK,
+ &pass_old );
} else {
- retval = pam_get_data( pamh, _SMB_OLD_AUTHTOK,
- (const void **)&pass_old );
+ retval = _pam_get_data( pamh, _SMB_OLD_AUTHTOK,
+ &pass_old );
if (retval == PAM_NO_MODULE_DATA) {
pass_old = NULL;
retval = PAM_SUCCESS;
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 1e66f40363..b6cf3a886d 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -85,7 +85,7 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs
int retval;
struct pam_conv *conv;
- retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+ retval = _pam_get_item(pamh, PAM_CONV, &conv);
if (retval == PAM_SUCCESS) {
retval = conv->conv(nargs, (const struct pam_message **) message
@@ -278,7 +278,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
/* log the number of authentication failures */
if (failure->count != 0) {
- pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
+ _pam_get_item( pamh, PAM_SERVICE, &service );
_log_err( LOG_NOTICE
, "%d authentication %s "
"from %s for service %s as %s(%d)"
@@ -334,7 +334,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
} else {
const char *service;
- pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+ _pam_get_item( pamh, PAM_SERVICE, &service );
_log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
@@ -369,7 +369,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
const char *service;
- pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+ _pam_get_item( pamh, PAM_SERVICE, &service );
if (data_name != NULL) {
struct _pam_failed_auth *newauth = NULL;
@@ -382,7 +382,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
if (newauth != NULL) {
/* any previous failures for this user ? */
- pam_get_data(pamh, data_name, (const void **) &old);
+ _pam_get_data(pamh, data_name, &old);
if (old != NULL) {
newauth->count = old->count + 1;
@@ -487,7 +487,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
/* should we obtain the password from a PAM item ? */
if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) {
- retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
+ retval = _pam_get_item( pamh, authtok_flag, &item );
if (retval != PAM_SUCCESS) {
/* very strange. */
_log_err( LOG_ALERT
@@ -580,8 +580,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
retval = pam_set_item( pamh, authtok_flag, (const void *)token );
_pam_delete( token ); /* clean it up */
if (retval != PAM_SUCCESS
- || (retval = pam_get_item( pamh, authtok_flag
- ,(const void **)&item )) != PAM_SUCCESS)
+ || (retval = _pam_get_item( pamh, authtok_flag
+ ,&item )) != PAM_SUCCESS)
{
_log_err( LOG_CRIT, "error manipulating password" );
return retval;
@@ -594,7 +594,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
retval = pam_set_data( pamh, data_name, (void *) token, _cleanup );
if (retval != PAM_SUCCESS
- || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
+ || (retval = _pam_get_data( pamh, data_name, &item ))
!= PAM_SUCCESS)
{
_log_err( LOG_CRIT, "error manipulating password data [%s]"
@@ -632,3 +632,23 @@ int _pam_smb_approve_pass(pam_handle_t * pamh,
return PAM_SUCCESS;
}
+
+/*
+ * Work around the pam API that has functions with void ** as parameters
+ * These lead to strict aliasing warnings with gcc.
+ */
+int _pam_get_item(const pam_handle_t *pamh,
+ int item_type,
+ const void *_item)
+{
+ const void **item = (const void **)_item;
+ return pam_get_item(pamh, item_type, item);
+}
+
+int _pam_get_data(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void *_data)
+{
+ const void **data = (const void **)_data;
+ return pam_get_data(pamh, module_data_name, data);
+}
diff --git a/source3/pam_smbpass/support.h b/source3/pam_smbpass/support.h
index 5ac48c3afa..87f1690a60 100644
--- a/source3/pam_smbpass/support.h
+++ b/source3/pam_smbpass/support.h
@@ -48,3 +48,10 @@ extern int _smb_read_password( pam_handle_t *, unsigned int, const char*,
extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *,
const char *);
+
+int _pam_get_item(const pam_handle_t *pamh,
+ int item_type,
+ const void *_item);
+int _pam_get_data(const pam_handle_t *pamh,
+ const char *module_data_name,
+ const void *_data);