WARNS=n fixes (and some stylistic issues).

6 files changed, 91 insertions, 55 deletions

diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.c b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
index d3b8860..0c6af69 100644
--- a/lib/libpam/modules/pam_lastlog/pam_lastlog.c
+++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.c
@@ -219,7 +219,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 }
 
 PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags __unused, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c
index ff2a5e5..90089d8 100644
--- a/lib/libpam/modules/pam_login_access/login_access.c
+++ b/lib/libpam/modules/pam_login_access/login_access.c
@@ -26,6 +26,8 @@ __FBSDID("$FreeBSD$");
 #include <syslog.h>
 #include <unistd.h>
 
+#include "pam_login_access.h"
+
 #define _PATH_LOGACCESS		"/etc/login.access"
 
  /* Delimiters for fields and for lists of users, ttys or hosts. */
@@ -38,19 +40,17 @@ static char sep[] = ", \t";		/* list-element separator */
 #define YES             1
 #define NO              0
 
-static int	from_match __P((const char *, const char *));
-static int	list_match __P((char *, const char *,
-				int (*)(const char *, const char *)));
-static int	netgroup_match __P((const char *, const char *, const char *));
-static int	string_match __P((const char *, const char *));
-static int	user_match __P((const char *, const char *));
+static int	from_match(const char *, const char *);
+static int	list_match(char *, const char *,
+				int (*)(const char *, const char *));
+static int	netgroup_match(const char *, const char *, const char *);
+static int	string_match(const char *, const char *);
+static int	user_match(const char *, const char *);
 
 /* login_access - match username/group and host/tty with access control file */
 
 int
-login_access(user, from)
-const char   *user;
-const char   *from;
+login_access(const char *user, const char *from)
 {
     FILE   *fp;
     char    line[BUFSIZ];
@@ -109,10 +109,9 @@ const char   *from;
 
 /* list_match - match an item against a list of tokens with exceptions */
 
-static int list_match(list, item, match_fn)
-char         *list;
-const char   *item;
-int         (*match_fn) __P((const char *, const char *));
+static int
+list_match(char *list, const char *item,
+    int (*match_fn)(const char *, const char *))
 {
     char   *tok;
     int     match = NO;
@@ -143,10 +142,9 @@ int         (*match_fn) __P((const char *, const char *));
 
 /* netgroup_match - match group against machine or user */
 
-static int netgroup_match(group, machine, user)
-const char   *group __unused;
-const char   *machine __unused;
-const char   *user __unused;
+static int
+netgroup_match(const char *group __unused,
+    const char *machine __unused, const char *user __unused)
 {
     syslog(LOG_ERR, "NIS netgroup support not configured");
     return 0;
@@ -154,9 +152,8 @@ const char   *user __unused;
 
 /* user_match - match a username against one token */
 
-static int user_match(tok, string)
-const char   *tok;
-const char   *string;
+static int
+user_match(const char *tok, const char *string)
 {
     struct group *group;
     int     i;
@@ -181,9 +178,8 @@ const char   *string;
 
 /* from_match - match a host or tty against a list of tokens */
 
-static int from_match(tok, string)
-const char   *tok;
-const char   *string;
+static int
+from_match(const char *tok, const char *string)
 {
     int     tok_len;
     int     str_len;
@@ -217,9 +213,8 @@ const char   *string;
 
 /* string_match - match a string against one token */
 
-static int string_match(tok, string)
-const char   *tok;
-const char   *string;
+static int
+string_match(const char *tok, const char *string)
 {
 
     /*
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c
index b9ae44d..47def65 100644
--- a/lib/libpam/modules/pam_login_access/pam_login_access.c
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.c
@@ -52,7 +52,7 @@ __FBSDID("$FreeBSD$");
 #include <security/pam_modules.h>
 #include <pam_mod_misc.h>
 
-extern int login_access(const char *, const char *);
+#include "pam_login_access.h"
 
 PAM_EXTERN int
 pam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.h b/lib/libpam/modules/pam_login_access/pam_login_access.h
new file mode 100644
index 0000000..14a78ff
--- /dev/null
+++ b/lib/libpam/modules/pam_login_access/pam_login_access.h
@@ -0,0 +1,39 @@
+/*-
+ * Copyright (c) 2001 Mark R V Murray
+ * All rights reserved.
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * Portions of this software were developed for the FreeBSD Project by
+ * ThinkSec AS and NAI Labs, the Security Research Division of Network
+ * Associates, Inc.  under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $FreeBSD$
+ */
+
+extern int login_access(const char *, const char *);
diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c
index 7318c4c..c552ccc 100644
--- a/lib/libpam/modules/pam_securetty/pam_securetty.c
+++ b/lib/libpam/modules/pam_securetty/pam_securetty.c
@@ -54,7 +54,7 @@ __FBSDID("$FreeBSD$");
 #define TTY_PREFIX	"/dev/"
 
 PAM_EXTERN int 
-pam_sm_authenticate(pam_handle_t * pamh, int flags __unused, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
@@ -67,7 +67,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused, int argc, const cha
 
 PAM_EXTERN
 int 
-pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, int argc, const char **argv)
+pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c
index 0457c18..6f58586 100644
--- a/lib/libpam/modules/pam_unix/pam_unix.c
+++ b/lib/libpam/modules/pam_unix/pam_unix.c
@@ -84,6 +84,9 @@ __FBSDID("$FreeBSD$");
 #define DEFAULT_WARN		(2L * 7L * 86400L)  /* Two weeks */
 #define	MAX_TRIES		3
 
+static char password_prompt_def[] = PASSWORD_PROMPT;
+static char password_hash[] = PASSWORD_HASH;
+
 enum {
 	PAM_OPT_AUTH_AS_SELF	= PAM_OPT_STD_MAX,
 	PAM_OPT_NULLOK,
@@ -114,7 +117,7 @@ static int yp_passwd(const char *user, const char *pass);
  * authentication management
  */
 PAM_EXTERN int
-pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char **argv)
 {
 	login_cap_t *lc;
 	struct options options;
@@ -140,7 +143,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
 	lc = login_getclass(NULL);
 	password_prompt = login_getcapstr(lc, "passwd_prompt",
-	    PASSWORD_PROMPT, PASSWORD_PROMPT);
+	    password_prompt_def, password_prompt_def);
 	login_close(lc);
 	lc = NULL;
 
@@ -166,7 +169,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		}
 		encrypted = crypt(pass, pwd->pw_passwd);
 		if (pass[0] == '\0' && pwd->pw_passwd[0] != '\0')
-			encrypted = ":";
+			encrypted = strdup(":");
 
 		PAM_LOG("Encrypted password 1 is: %s", encrypted);
 		PAM_LOG("Encrypted password 2 is: %s", pwd->pw_passwd);
@@ -202,7 +205,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
 }
 
 PAM_EXTERN int
-pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
@@ -217,7 +220,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
  * account management
  */
 PAM_EXTERN int
-pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, int argc, const char **argv)
 {
 	struct addrinfo hints, *res;
 	struct options options;
@@ -340,7 +343,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv)
  * logging only
  */
 PAM_EXTERN int
-pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_open_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
@@ -352,7 +355,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
 }
 
 PAM_EXTERN int
-pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
+pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv)
 {
 	struct options options;
 
@@ -414,7 +417,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 		}
 		encrypted = crypt(pass, pwd->pw_passwd);
 		if (pass[0] == '\0' && pwd->pw_passwd[0] != '\0')
-			encrypted = ":";
+			encrypted = strdup(":");
 
 		PAM_LOG("Encrypted password 1 is: %s", encrypted);
 		PAM_LOG("Encrypted password 2 is: %s", pwd->pw_passwd);
@@ -455,7 +458,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 			    NEW_PASSWORD_PROMPT_1, &new_pass);
 
 			if (new_pass == NULL)
-				new_pass = "";
+				new_pass = strdup("");
 
 			if (retval == PAM_SUCCESS) {
 				new_pass_ = NULL;
@@ -463,7 +466,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 				    NEW_PASSWORD_PROMPT_2, &new_pass_);
 
 				if (new_pass_ == NULL)
-					new_pass_ = "";
+					new_pass_ = strdup("");
 
 				if (retval == PAM_SUCCESS) {
 					if (strcmp(new_pass, new_pass_) == 0) {
@@ -485,7 +488,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
 
 #ifdef YP
 		/* If NIS is set in the passwd database, use it */
-		res = use_yp((char *)user, 0, 0);
+		res = use_yp(user, 0, 0);
 		if (res == USER_YP_ONLY) {
 			if (!pam_test_option(&options, PAM_OPT_LOCAL_PASS,
 			    NULL))
@@ -567,20 +570,19 @@ local_passwd(const char *user, const char *pass)
 	pwd->pw_change = 0;
 	lc = login_getclass(NULL);
 	crypt_type = login_getcapstr(lc, "passwd_format",
-		PASSWORD_HASH, PASSWORD_HASH);
+		password_hash, password_hash);
 	if (login_setcryptfmt(lc, crypt_type, NULL) == NULL)
 		syslog(LOG_ERR, "cannot set password cipher");
 	login_close(lc);
 	/* Salt suitable for anything */
-	srandomdev();
 	gettimeofday(&tv, 0);
-	to64(&salt[0], random(), 3);
-	to64(&salt[3], tv.tv_usec, 3);
-	to64(&salt[6], tv.tv_sec, 2);
-	to64(&salt[8], random(), 5);
-	to64(&salt[13], random(), 5);
-	to64(&salt[17], random(), 5);
-	to64(&salt[22], random(), 5);
+	to64(&salt[0], (tv.tv_sec ^ random()) * tv.tv_usec, 3);
+	to64(&salt[3], (getpid() ^ random()) * tv.tv_usec, 2);
+	to64(&salt[5], (getppid() ^ random()) * tv.tv_usec, 3);
+	to64(&salt[8], (getuid() ^ random()) * tv.tv_usec, 5);
+	to64(&salt[13], (getgid() ^ random()) * tv.tv_usec, 5);
+	to64(&salt[17], random() * tv.tv_usec, 5);
+	to64(&salt[22], random() * tv.tv_usec, 5);
 	salt[27] = '\0';
 
 	pwd->pw_passwd = crypt(pass, salt);
@@ -589,7 +591,7 @@ local_passwd(const char *user, const char *pass)
 	tfd = pw_tmp();
 	pw_copy(pfd, tfd, pwd);
 
-	if (!pw_mkdb((char *)user))
+	if (!pw_mkdb(user))
 		pw_error((char *)NULL, 0, 1);
 
 	return PAM_SUCCESS;
@@ -613,7 +615,7 @@ yp_passwd(const char *user, const char *pass)
 	login_cap_t *lc;
 	int    *status;
 	uid_t	uid;
-	char   *master, *sockname = YP_SOCKNAME, salt[32];
+	char   *master, sockname[] = YP_SOCKNAME, salt[32];
 
 	_use_yp = 1;
 
@@ -648,8 +650,8 @@ yp_passwd(const char *user, const char *pass)
 		master_yppasswd.newpw.pw_dir = strdup(pwd->pw_dir);
 		master_yppasswd.newpw.pw_shell = strdup(pwd->pw_shell);
 		master_yppasswd.newpw.pw_class = pwd->pw_class != NULL ?
-					strdup(pwd->pw_class) : "";
-		master_yppasswd.oldpass = "";
+					strdup(pwd->pw_class) : strdup("");
+		master_yppasswd.oldpass = strdup("");
 		master_yppasswd.domain = yp_domain;
 	} else {
 		yppasswd.newpw.pw_passwd = strdup(pwd->pw_passwd);
@@ -659,7 +661,7 @@ yp_passwd(const char *user, const char *pass)
 		yppasswd.newpw.pw_gecos = strdup(pwd->pw_gecos);
 		yppasswd.newpw.pw_dir = strdup(pwd->pw_dir);
 		yppasswd.newpw.pw_shell = strdup(pwd->pw_shell);
-		yppasswd.oldpass = "";
+		yppasswd.oldpass = strdup("");
 	}
 
 	if (login_setcryptfmt(lc, "md5", NULL) == NULL)