From 1950e180caf707346300b83021624d586cc3776d Mon Sep 17 00:00:00 2001
From: Günther Deschner <gd@samba.org>
Date: Fri, 22 May 2009 17:56:37 +0200
Subject: s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.

Guenther
---
 source3/pam_smbpass/pam_smb_auth.c   |  4 ++--
 source3/pam_smbpass/pam_smb_passwd.c |  8 ++++----
 source3/pam_smbpass/support.c        | 38 +++++++++++++++++++++++++++---------
 source3/pam_smbpass/support.h        |  7 +++++++
 4 files changed, 42 insertions(+), 15 deletions(-)

(limited to 'source3/pam_smbpass')

diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index 3dceb52c7d..b5a6a473b6 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -179,7 +179,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
 
 	retval = PAM_SUCCESS;
 
-	pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+	_pam_get_data(pamh, "smb_setcred_return", &pretval);
 	if(pretval) {
 		retval = *pretval;
 		SAFE_FREE(pretval);
@@ -199,7 +199,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
 	int retval;
 
 	/* Get the authtok; if we don't have one, silently fail. */
-	retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+	retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass );
 
 	if (retval != PAM_SUCCESS) {
 		_log_err( LOG_ALERT
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index b6de43ff97..dce6e01ae9 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -229,11 +229,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
          */
 
         if (off( SMB_NOT_SET_PASS, ctrl )) {
-            retval = pam_get_item( pamh, PAM_OLDAUTHTOK,
-                                   (const void **)&pass_old );
+            retval = _pam_get_item( pamh, PAM_OLDAUTHTOK,
+                                   &pass_old );
         } else {
-            retval = pam_get_data( pamh, _SMB_OLD_AUTHTOK,
-                                   (const void **)&pass_old );
+            retval = _pam_get_data( pamh, _SMB_OLD_AUTHTOK,
+                                   &pass_old );
             if (retval == PAM_NO_MODULE_DATA) {
 		pass_old = NULL;
                 retval = PAM_SUCCESS;
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 1e66f40363..b6cf3a886d 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -85,7 +85,7 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs
 	int retval;
 	struct pam_conv *conv;
 
-	retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+	retval = _pam_get_item(pamh, PAM_CONV, &conv);
 	if (retval == PAM_SUCCESS) {
 
 		retval = conv->conv(nargs, (const struct pam_message **) message
@@ -278,7 +278,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
 
             /* log the number of authentication failures */
             if (failure->count != 0) {
-                pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
+                _pam_get_item( pamh, PAM_SERVICE, &service );
                 _log_err( LOG_NOTICE
                           , "%d authentication %s "
                             "from %s for service %s as %s(%d)"
@@ -334,7 +334,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
         } else {
             const char *service;
 
-            pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+            _pam_get_item( pamh, PAM_SERVICE, &service );
             _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()), service ? service : "**unknown**", name);
             return PAM_AUTH_ERR;
@@ -369,7 +369,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
 
         const char *service;
 
-        pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+        _pam_get_item( pamh, PAM_SERVICE, &service );
 
         if (data_name != NULL) {
             struct _pam_failed_auth *newauth = NULL;
@@ -382,7 +382,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
             if (newauth != NULL) {
 
                 /* any previous failures for this user ? */
-                pam_get_data(pamh, data_name, (const void **) &old);
+                _pam_get_data(pamh, data_name, &old);
 
                 if (old != NULL) {
                     newauth->count = old->count + 1;
@@ -487,7 +487,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
     /* should we obtain the password from a PAM item ? */
 
     if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) {
-        retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
+        retval = _pam_get_item( pamh, authtok_flag, &item );
         if (retval != PAM_SUCCESS) {
             /* very strange. */
             _log_err( LOG_ALERT
@@ -580,8 +580,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
         retval = pam_set_item( pamh, authtok_flag, (const void *)token );
         _pam_delete( token );		/* clean it up */
         if (retval != PAM_SUCCESS
-            || (retval = pam_get_item( pamh, authtok_flag
-                            ,(const void **)&item )) != PAM_SUCCESS)
+            || (retval = _pam_get_item( pamh, authtok_flag
+                            ,&item )) != PAM_SUCCESS)
         {
             _log_err( LOG_CRIT, "error manipulating password" );
             return retval;
@@ -594,7 +594,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
 
         retval = pam_set_data( pamh, data_name, (void *) token, _cleanup );
         if (retval != PAM_SUCCESS
-            || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
+            || (retval = _pam_get_data( pamh, data_name, &item ))
                              != PAM_SUCCESS)
         {
             _log_err( LOG_CRIT, "error manipulating password data [%s]"
@@ -632,3 +632,23 @@ int _pam_smb_approve_pass(pam_handle_t * pamh,
 
     return PAM_SUCCESS;
 }
+
+/*
+ * Work around the pam API that has functions with void ** as parameters
+ * These lead to strict aliasing warnings with gcc.
+ */
+int _pam_get_item(const pam_handle_t *pamh,
+		  int item_type,
+		  const void *_item)
+{
+	const void **item = (const void **)_item;
+	return pam_get_item(pamh, item_type, item);
+}
+
+int _pam_get_data(const pam_handle_t *pamh,
+		  const char *module_data_name,
+		  const void *_data)
+{
+	const void **data = (const void **)_data;
+	return pam_get_data(pamh, module_data_name, data);
+}
diff --git a/source3/pam_smbpass/support.h b/source3/pam_smbpass/support.h
index 5ac48c3afa..87f1690a60 100644
--- a/source3/pam_smbpass/support.h
+++ b/source3/pam_smbpass/support.h
@@ -48,3 +48,10 @@ extern int _smb_read_password( pam_handle_t *, unsigned int, const char*,
 
 extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *,
 				 const char *);
+
+int _pam_get_item(const pam_handle_t *pamh,
+		  int item_type,
+		  const void *_item);
+int _pam_get_data(const pam_handle_t *pamh,
+		  const char *module_data_name,
+		  const void *_data);
-- 
cgit