diff options
author | markm <markm@FreeBSD.org> | 2002-02-03 15:17:57 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2002-02-03 15:17:57 +0000 |
commit | 01a4236106e1768cc0867a1cff7881d1f24eeffb (patch) | |
tree | ac2c81fb65df752ca98e7818412290f2a2e6633e /lib | |
parent | aa05461c142ad4066a0a15602416ba40936a61c9 (diff) | |
download | FreeBSD-src-01a4236106e1768cc0867a1cff7881d1f24eeffb.zip FreeBSD-src-01a4236106e1768cc0867a1cff7881d1f24eeffb.tar.gz |
WARNS=n fixes (and some stylistic issues).
Diffstat (limited to 'lib')
-rw-r--r-- | lib/libpam/modules/pam_lastlog/pam_lastlog.c | 2 | ||||
-rw-r--r-- | lib/libpam/modules/pam_login_access/login_access.c | 47 | ||||
-rw-r--r-- | lib/libpam/modules/pam_login_access/pam_login_access.c | 2 | ||||
-rw-r--r-- | lib/libpam/modules/pam_login_access/pam_login_access.h | 39 | ||||
-rw-r--r-- | lib/libpam/modules/pam_securetty/pam_securetty.c | 4 | ||||
-rw-r--r-- | lib/libpam/modules/pam_unix/pam_unix.c | 52 |
6 files changed, 91 insertions, 55 deletions
diff --git a/lib/libpam/modules/pam_lastlog/pam_lastlog.c b/lib/libpam/modules/pam_lastlog/pam_lastlog.c index d3b8860..0c6af69 100644 --- a/lib/libpam/modules/pam_lastlog/pam_lastlog.c +++ b/lib/libpam/modules/pam_lastlog/pam_lastlog.c @@ -219,7 +219,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh, int flags __unused, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; diff --git a/lib/libpam/modules/pam_login_access/login_access.c b/lib/libpam/modules/pam_login_access/login_access.c index ff2a5e5..90089d8 100644 --- a/lib/libpam/modules/pam_login_access/login_access.c +++ b/lib/libpam/modules/pam_login_access/login_access.c @@ -26,6 +26,8 @@ __FBSDID("$FreeBSD$"); #include <syslog.h> #include <unistd.h> +#include "pam_login_access.h" + #define _PATH_LOGACCESS "/etc/login.access" /* Delimiters for fields and for lists of users, ttys or hosts. */ @@ -38,19 +40,17 @@ static char sep[] = ", \t"; /* list-element separator */ #define YES 1 #define NO 0 -static int from_match __P((const char *, const char *)); -static int list_match __P((char *, const char *, - int (*)(const char *, const char *))); -static int netgroup_match __P((const char *, const char *, const char *)); -static int string_match __P((const char *, const char *)); -static int user_match __P((const char *, const char *)); +static int from_match(const char *, const char *); +static int list_match(char *, const char *, + int (*)(const char *, const char *)); +static int netgroup_match(const char *, const char *, const char *); +static int string_match(const char *, const char *); +static int user_match(const char *, const char *); /* login_access - match username/group and host/tty with access control file */ int -login_access(user, from) -const char *user; -const char *from; +login_access(const char *user, const char *from) { FILE *fp; char line[BUFSIZ]; @@ -109,10 +109,9 @@ const char *from; /* list_match - match an item against a list of tokens with exceptions */ -static int list_match(list, item, match_fn) -char *list; -const char *item; -int (*match_fn) __P((const char *, const char *)); +static int +list_match(char *list, const char *item, + int (*match_fn)(const char *, const char *)) { char *tok; int match = NO; @@ -143,10 +142,9 @@ int (*match_fn) __P((const char *, const char *)); /* netgroup_match - match group against machine or user */ -static int netgroup_match(group, machine, user) -const char *group __unused; -const char *machine __unused; -const char *user __unused; +static int +netgroup_match(const char *group __unused, + const char *machine __unused, const char *user __unused) { syslog(LOG_ERR, "NIS netgroup support not configured"); return 0; @@ -154,9 +152,8 @@ const char *user __unused; /* user_match - match a username against one token */ -static int user_match(tok, string) -const char *tok; -const char *string; +static int +user_match(const char *tok, const char *string) { struct group *group; int i; @@ -181,9 +178,8 @@ const char *string; /* from_match - match a host or tty against a list of tokens */ -static int from_match(tok, string) -const char *tok; -const char *string; +static int +from_match(const char *tok, const char *string) { int tok_len; int str_len; @@ -217,9 +213,8 @@ const char *string; /* string_match - match a string against one token */ -static int string_match(tok, string) -const char *tok; -const char *string; +static int +string_match(const char *tok, const char *string) { /* diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.c b/lib/libpam/modules/pam_login_access/pam_login_access.c index b9ae44d..47def65 100644 --- a/lib/libpam/modules/pam_login_access/pam_login_access.c +++ b/lib/libpam/modules/pam_login_access/pam_login_access.c @@ -52,7 +52,7 @@ __FBSDID("$FreeBSD$"); #include <security/pam_modules.h> #include <pam_mod_misc.h> -extern int login_access(const char *, const char *); +#include "pam_login_access.h" PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) diff --git a/lib/libpam/modules/pam_login_access/pam_login_access.h b/lib/libpam/modules/pam_login_access/pam_login_access.h new file mode 100644 index 0000000..14a78ff --- /dev/null +++ b/lib/libpam/modules/pam_login_access/pam_login_access.h @@ -0,0 +1,39 @@ +/*- + * Copyright (c) 2001 Mark R V Murray + * All rights reserved. + * Copyright (c) 2001 Networks Associates Technologies, Inc. + * All rights reserved. + * + * Portions of this software were developed for the FreeBSD Project by + * ThinkSec AS and NAI Labs, the Security Research Division of Network + * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 + * ("CBOSS"), as part of the DARPA CHATS research program. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +extern int login_access(const char *, const char *); diff --git a/lib/libpam/modules/pam_securetty/pam_securetty.c b/lib/libpam/modules/pam_securetty/pam_securetty.c index 7318c4c..c552ccc 100644 --- a/lib/libpam/modules/pam_securetty/pam_securetty.c +++ b/lib/libpam/modules/pam_securetty/pam_securetty.c @@ -54,7 +54,7 @@ __FBSDID("$FreeBSD$"); #define TTY_PREFIX "/dev/" PAM_EXTERN int -pam_sm_authenticate(pam_handle_t * pamh, int flags __unused, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; @@ -67,7 +67,7 @@ pam_sm_authenticate(pam_handle_t * pamh, int flags __unused, int argc, const cha PAM_EXTERN int -pam_sm_setcred(pam_handle_t * pamh __unused, int flags __unused, int argc, const char **argv) +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; diff --git a/lib/libpam/modules/pam_unix/pam_unix.c b/lib/libpam/modules/pam_unix/pam_unix.c index 0457c18..6f58586 100644 --- a/lib/libpam/modules/pam_unix/pam_unix.c +++ b/lib/libpam/modules/pam_unix/pam_unix.c @@ -84,6 +84,9 @@ __FBSDID("$FreeBSD$"); #define DEFAULT_WARN (2L * 7L * 86400L) /* Two weeks */ #define MAX_TRIES 3 +static char password_prompt_def[] = PASSWORD_PROMPT; +static char password_hash[] = PASSWORD_HASH; + enum { PAM_OPT_AUTH_AS_SELF = PAM_OPT_STD_MAX, PAM_OPT_NULLOK, @@ -114,7 +117,7 @@ static int yp_passwd(const char *user, const char *pass); * authentication management */ PAM_EXTERN int -pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_authenticate(pam_handle_t *pamh, int flags __unused, int argc, const char **argv) { login_cap_t *lc; struct options options; @@ -140,7 +143,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) lc = login_getclass(NULL); password_prompt = login_getcapstr(lc, "passwd_prompt", - PASSWORD_PROMPT, PASSWORD_PROMPT); + password_prompt_def, password_prompt_def); login_close(lc); lc = NULL; @@ -166,7 +169,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } encrypted = crypt(pass, pwd->pw_passwd); if (pass[0] == '\0' && pwd->pw_passwd[0] != '\0') - encrypted = ":"; + encrypted = strdup(":"); PAM_LOG("Encrypted password 1 is: %s", encrypted); PAM_LOG("Encrypted password 2 is: %s", pwd->pw_passwd); @@ -202,7 +205,7 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_setcred(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; @@ -217,7 +220,7 @@ pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) * account management */ PAM_EXTERN int -pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_acct_mgmt(pam_handle_t *pamh, int flags __unused, int argc, const char **argv) { struct addrinfo hints, *res; struct options options; @@ -340,7 +343,7 @@ pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) * logging only */ PAM_EXTERN int -pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_open_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; @@ -352,7 +355,7 @@ pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) } PAM_EXTERN int -pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) +pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused, int argc, const char **argv) { struct options options; @@ -414,7 +417,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) } encrypted = crypt(pass, pwd->pw_passwd); if (pass[0] == '\0' && pwd->pw_passwd[0] != '\0') - encrypted = ":"; + encrypted = strdup(":"); PAM_LOG("Encrypted password 1 is: %s", encrypted); PAM_LOG("Encrypted password 2 is: %s", pwd->pw_passwd); @@ -455,7 +458,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) NEW_PASSWORD_PROMPT_1, &new_pass); if (new_pass == NULL) - new_pass = ""; + new_pass = strdup(""); if (retval == PAM_SUCCESS) { new_pass_ = NULL; @@ -463,7 +466,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) NEW_PASSWORD_PROMPT_2, &new_pass_); if (new_pass_ == NULL) - new_pass_ = ""; + new_pass_ = strdup(""); if (retval == PAM_SUCCESS) { if (strcmp(new_pass, new_pass_) == 0) { @@ -485,7 +488,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) #ifdef YP /* If NIS is set in the passwd database, use it */ - res = use_yp((char *)user, 0, 0); + res = use_yp(user, 0, 0); if (res == USER_YP_ONLY) { if (!pam_test_option(&options, PAM_OPT_LOCAL_PASS, NULL)) @@ -567,20 +570,19 @@ local_passwd(const char *user, const char *pass) pwd->pw_change = 0; lc = login_getclass(NULL); crypt_type = login_getcapstr(lc, "passwd_format", - PASSWORD_HASH, PASSWORD_HASH); + password_hash, password_hash); if (login_setcryptfmt(lc, crypt_type, NULL) == NULL) syslog(LOG_ERR, "cannot set password cipher"); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(&tv, 0); - to64(&salt[0], random(), 3); - to64(&salt[3], tv.tv_usec, 3); - to64(&salt[6], tv.tv_sec, 2); - to64(&salt[8], random(), 5); - to64(&salt[13], random(), 5); - to64(&salt[17], random(), 5); - to64(&salt[22], random(), 5); + to64(&salt[0], (tv.tv_sec ^ random()) * tv.tv_usec, 3); + to64(&salt[3], (getpid() ^ random()) * tv.tv_usec, 2); + to64(&salt[5], (getppid() ^ random()) * tv.tv_usec, 3); + to64(&salt[8], (getuid() ^ random()) * tv.tv_usec, 5); + to64(&salt[13], (getgid() ^ random()) * tv.tv_usec, 5); + to64(&salt[17], random() * tv.tv_usec, 5); + to64(&salt[22], random() * tv.tv_usec, 5); salt[27] = '\0'; pwd->pw_passwd = crypt(pass, salt); @@ -589,7 +591,7 @@ local_passwd(const char *user, const char *pass) tfd = pw_tmp(); pw_copy(pfd, tfd, pwd); - if (!pw_mkdb((char *)user)) + if (!pw_mkdb(user)) pw_error((char *)NULL, 0, 1); return PAM_SUCCESS; @@ -613,7 +615,7 @@ yp_passwd(const char *user, const char *pass) login_cap_t *lc; int *status; uid_t uid; - char *master, *sockname = YP_SOCKNAME, salt[32]; + char *master, sockname[] = YP_SOCKNAME, salt[32]; _use_yp = 1; @@ -648,8 +650,8 @@ yp_passwd(const char *user, const char *pass) master_yppasswd.newpw.pw_dir = strdup(pwd->pw_dir); master_yppasswd.newpw.pw_shell = strdup(pwd->pw_shell); master_yppasswd.newpw.pw_class = pwd->pw_class != NULL ? - strdup(pwd->pw_class) : ""; - master_yppasswd.oldpass = ""; + strdup(pwd->pw_class) : strdup(""); + master_yppasswd.oldpass = strdup(""); master_yppasswd.domain = yp_domain; } else { yppasswd.newpw.pw_passwd = strdup(pwd->pw_passwd); @@ -659,7 +661,7 @@ yp_passwd(const char *user, const char *pass) yppasswd.newpw.pw_gecos = strdup(pwd->pw_gecos); yppasswd.newpw.pw_dir = strdup(pwd->pw_dir); yppasswd.newpw.pw_shell = strdup(pwd->pw_shell); - yppasswd.oldpass = ""; + yppasswd.oldpass = strdup(""); } if (login_setcryptfmt(lc, "md5", NULL) == NULL) |