Index: projects/clang360-import/contrib/openpam/CREDITS =================================================================== --- projects/clang360-import/contrib/openpam/CREDITS (revision 277839) +++ projects/clang360-import/contrib/openpam/CREDITS (revision 277840) @@ -1,51 +1,52 @@ _Ἀπόδοτε οὖν τὰ Καίσαρος Καίσαρι καὶ τὰ τοῦ Θεοῦ τῷ Θεῷ_ The OpenPAM library was developed for the FreeBSD Project by ThinkSec AS and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. Principal design and development by: Dag-Erling Smørgrav The following persons (in alphabetical order) have contributed, directly or indirectly, with patches, criticism, suggestions, or ideas: Andrew Morgan Ankita Pal Baptiste Daroussin Brian Fundakowski Feldman Christos Zoulas Daniel Richard G. Darren J. Moffat + Dimitry Andric Dmitry V. Levin Don Lewis Emmanuel Dreyfus Eric Melville Espen Grøndahl Gary Winiger Gavin Atkinson Gleb Smirnoff Hubert Feyrer Jason Evans Joe Marcus Clarke Jörg Sonnenberger Juli Mallett Larry Baird Maëlle Lesage Mark Murray Matthias Drochner Mike Petullo Mikhail Teterin Mikko Työläjärvi Nick Hibma Robert Watson Ruslan Ermilov Sebastian Krahmer Solar Designer Takanori Saneto Wojciech A. Koszek Yar Tikhiy Index: projects/clang360-import/contrib/openpam/configure.ac =================================================================== --- projects/clang360-import/contrib/openpam/configure.ac (revision 277839) +++ projects/clang360-import/contrib/openpam/configure.ac (revision 277840) @@ -1,141 +1,141 @@ dnl $Id: configure.ac 816 2014-09-12 07:50:22Z des $ AC_PREREQ([2.62]) AC_REVISION([$Id: configure.ac 816 2014-09-12 07:50:22Z des $]) AC_INIT([OpenPAM], [20140912], [des@des.no], [openpam], [http://www.openpam.org/]) AC_CONFIG_SRCDIR([lib/libpam/pam_start.c]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([foreign]) AM_CONFIG_HEADER([config.h]) # C compiler and features AC_LANG(C) AC_PROG_CC AC_PROG_CC_STDC AC_PROG_CPP AC_GNU_SOURCE AC_C_CONST AC_C_RESTRICT AC_C_VOLATILE # libtool LT_PREREQ([2.2.6]) LT_INIT([disable-static dlopen]) # other programs AC_PROG_INSTALL LIB_MAJ=2 AC_SUBST(LIB_MAJ) AC_DEFINE_UNQUOTED(LIB_MAJ, $LIB_MAJ, [OpenPAM library major number]) AC_ARG_ENABLE([debug], AC_HELP_STRING([--enable-debug], [turn debugging macros on]), AC_DEFINE(OPENPAM_DEBUG, 1, [Turn debugging macros on])) AC_ARG_ENABLE([unversioned-modules], AC_HELP_STRING([--disable-unversioned-modules], [support loading of unversioned modules]), [AS_IF([test x"$enableval" = x"no"], [ AC_DEFINE(DISABLE_UNVERSIONED_MODULES, 1, [Whether loading unversioned modules support is disabled]) ])]) AC_ARG_WITH([modules-dir], AC_HELP_STRING([--with-modules-dir=DIR], [OpenPAM modules directory]), [AS_IF([test x"$withval" != x"no"], [ OPENPAM_MODULES_DIR="$withval" AC_DEFINE_UNQUOTED(OPENPAM_MODULES_DIR, "${OPENPAM_MODULES_DIR%/}", [OpenPAM modules directory]) ])]) AC_SUBST(OPENPAM_MODULES_DIR) AM_CONDITIONAL([CUSTOM_MODULES_DIR], [test x"$OPENPAM_MODULES_DIR" != x""]) AC_ARG_WITH([doc], AC_HELP_STRING([--without-doc], [do not build documentation]), [], [with_doc=yes]) AM_CONDITIONAL([WITH_DOC], [test x"$with_doc" = x"yes"]) AC_ARG_WITH([pam-unix], AC_HELP_STRING([--with-pam-unix], [compile sample pam_unix(8) module]), [], [with_pam_unix=no]) AM_CONDITIONAL([WITH_PAM_UNIX], [test x"$with_pam_unix" = x"yes"]) AC_ARG_WITH(pamtest, AC_HELP_STRING([--with-pamtest], [compile test application]), [], [with_pamtest=no]) AM_CONDITIONAL([WITH_PAMTEST], [test x"$with_pamtest" = x"yes"]) AC_ARG_WITH(su, AC_HELP_STRING([--with-su], [compile sample su(1) implementation]), [], [with_su=no]) AM_CONDITIONAL([WITH_SU], [test x"$with_su" = x"yes"]) AC_CHECK_HEADERS([crypt.h]) AC_CHECK_FUNCS([asprintf vasprintf]) AC_CHECK_FUNCS([dlfunc fdlopen]) AC_CHECK_FUNCS([fpurge]) AC_CHECK_FUNCS([setlogmask]) AC_CHECK_FUNCS([strlcat strlcmp strlcpy strlset]) saved_LIBS="${LIBS}" LIBS="" AC_CHECK_LIB([dl], [dlopen]) DL_LIBS="${LIBS}" LIBS="${saved_LIBS}" AC_SUBST(DL_LIBS) saved_LIBS="${LIBS}" LIBS="" AC_CHECK_LIB([crypt], [crypt]) CRYPT_LIBS="${LIBS}" LIBS="${saved_LIBS}" AC_SUBST(CRYPT_LIBS) saved_LIBS="${LIBS}" LIBS="" AC_CHECK_LIB([crypto], [HMAC_CTX_init]) CRYPTO_LIBS="${LIBS}" LIBS="${saved_LIBS}" AC_SUBST(CRYPTO_LIBS) AC_ARG_ENABLE([developer-warnings], AS_HELP_STRING([--enable-developer-warnings], [enable strict warnings (default is NO)]), - [CFLAGS="${CFLAGS} -Wall -Wextra"]) + [CFLAGS="${CFLAGS} -Wall -Wextra -Wcast-qual"]) AC_ARG_ENABLE([debugging-symbols], AS_HELP_STRING([--enable-debugging-symbols], [enable debugging symbols (default is NO)]), [CFLAGS="${CFLAGS} -O0 -g -fno-inline"]) AC_ARG_ENABLE([werror], AS_HELP_STRING([--enable-werror], [use -Werror (default is NO)]), [CFLAGS="${CFLAGS} -Werror"]) AC_CONFIG_FILES([ Makefile bin/Makefile bin/openpam_dump_policy/Makefile bin/pamtest/Makefile bin/su/Makefile doc/Makefile doc/man/Makefile include/Makefile include/security/Makefile lib/Makefile lib/libpam/Makefile modules/Makefile modules/pam_deny/Makefile modules/pam_permit/Makefile modules/pam_unix/Makefile t/Makefile ]) AC_CONFIG_FILES([pamgdb],[chmod +x pamgdb]) AC_CONFIG_FILES([mkpkgng],[chmod +x mkpkgng]) AC_OUTPUT Index: projects/clang360-import/contrib/openpam/lib/libpam/openpam_dispatch.c =================================================================== --- projects/clang360-import/contrib/openpam/lib/libpam/openpam_dispatch.c (revision 277839) +++ projects/clang360-import/contrib/openpam/lib/libpam/openpam_dispatch.c (revision 277840) @@ -1,254 +1,254 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: openpam_dispatch.c 807 2014-09-09 09:41:32Z des $ */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #include "openpam_impl.h" #if !defined(OPENPAM_RELAX_CHECKS) static void openpam_check_error_code(int, int); #else #define openpam_check_error_code(a, b) #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* * OpenPAM internal * * Execute a module chain */ int openpam_dispatch(pam_handle_t *pamh, int primitive, int flags) { pam_chain_t *chain; int err, fail, nsuccess, r; int debug; ENTER(); if (pamh == NULL) RETURNC(PAM_SYSTEM_ERR); /* prevent recursion */ if (pamh->current != NULL) { openpam_log(PAM_LOG_ERROR, "%s() called while %s::%s() is in progress", pam_func_name[primitive], pamh->current->module->path, pam_sm_func_name[pamh->primitive]); RETURNC(PAM_ABORT); } /* pick a chain */ switch (primitive) { case PAM_SM_AUTHENTICATE: case PAM_SM_SETCRED: chain = pamh->chains[PAM_AUTH]; break; case PAM_SM_ACCT_MGMT: chain = pamh->chains[PAM_ACCOUNT]; break; case PAM_SM_OPEN_SESSION: case PAM_SM_CLOSE_SESSION: chain = pamh->chains[PAM_SESSION]; break; case PAM_SM_CHAUTHTOK: chain = pamh->chains[PAM_PASSWORD]; break; default: RETURNC(PAM_SYSTEM_ERR); } /* execute */ err = PAM_SUCCESS; fail = nsuccess = 0; for (; chain != NULL; chain = chain->next) { if (chain->module->func[primitive] == NULL) { openpam_log(PAM_LOG_ERROR, "%s: no %s()", chain->module->path, pam_sm_func_name[primitive]); r = PAM_SYSTEM_ERR; } else { pamh->primitive = primitive; pamh->current = chain; debug = (openpam_get_option(pamh, "debug") != NULL); if (debug) ++openpam_debug; openpam_log(PAM_LOG_LIBDEBUG, "calling %s() in %s", pam_sm_func_name[primitive], chain->module->path); r = (chain->module->func[primitive])(pamh, flags, - chain->optc, (const char **)chain->optv); + chain->optc, (const char **)(intptr_t)chain->optv); pamh->current = NULL; openpam_log(PAM_LOG_LIBDEBUG, "%s: %s(): %s", chain->module->path, pam_sm_func_name[primitive], pam_strerror(pamh, r)); if (debug) --openpam_debug; } if (r == PAM_IGNORE) continue; if (r == PAM_SUCCESS) { ++nsuccess; /* * For pam_setcred() and pam_chauthtok() with the * PAM_PRELIM_CHECK flag, treat "sufficient" as * "optional". */ if ((chain->flag == PAM_SUFFICIENT || chain->flag == PAM_BINDING) && !fail && primitive != PAM_SM_SETCRED && !(primitive == PAM_SM_CHAUTHTOK && (flags & PAM_PRELIM_CHECK))) break; continue; } openpam_check_error_code(primitive, r); /* * Record the return code from the first module to * fail. If a required module fails, record the * return code from the first required module to fail. */ if (err == PAM_SUCCESS) err = r; if ((chain->flag == PAM_REQUIRED || chain->flag == PAM_BINDING) && !fail) { openpam_log(PAM_LOG_LIBDEBUG, "required module failed"); fail = 1; err = r; } /* * If a requisite module fails, terminate the chain * immediately. */ if (chain->flag == PAM_REQUISITE) { openpam_log(PAM_LOG_LIBDEBUG, "requisite module failed"); fail = 1; break; } } if (!fail && err != PAM_NEW_AUTHTOK_REQD) err = PAM_SUCCESS; /* * Require the chain to be non-empty, and at least one module * in the chain to be successful, so that we don't fail open. */ if (err == PAM_SUCCESS && nsuccess < 1) { openpam_log(PAM_LOG_ERROR, "all modules were unsuccessful for %s()", pam_sm_func_name[primitive]); err = PAM_SYSTEM_ERR; } RETURNC(err); } #if !defined(OPENPAM_RELAX_CHECKS) static void openpam_check_error_code(int primitive, int r) { /* common error codes */ if (r == PAM_SUCCESS || r == PAM_SYSTEM_ERR || r == PAM_SERVICE_ERR || r == PAM_BUF_ERR || r == PAM_CONV_ERR || r == PAM_PERM_DENIED || r == PAM_ABORT) return; /* specific error codes */ switch (primitive) { case PAM_SM_AUTHENTICATE: if (r == PAM_AUTH_ERR || r == PAM_CRED_INSUFFICIENT || r == PAM_AUTHINFO_UNAVAIL || r == PAM_USER_UNKNOWN || r == PAM_MAXTRIES) return; break; case PAM_SM_SETCRED: if (r == PAM_CRED_UNAVAIL || r == PAM_CRED_EXPIRED || r == PAM_USER_UNKNOWN || r == PAM_CRED_ERR) return; break; case PAM_SM_ACCT_MGMT: if (r == PAM_USER_UNKNOWN || r == PAM_AUTH_ERR || r == PAM_NEW_AUTHTOK_REQD || r == PAM_ACCT_EXPIRED) return; break; case PAM_SM_OPEN_SESSION: case PAM_SM_CLOSE_SESSION: if (r == PAM_SESSION_ERR) return; break; case PAM_SM_CHAUTHTOK: if (r == PAM_PERM_DENIED || r == PAM_AUTHTOK_ERR || r == PAM_AUTHTOK_RECOVERY_ERR || r == PAM_AUTHTOK_LOCK_BUSY || r == PAM_AUTHTOK_DISABLE_AGING || r == PAM_TRY_AGAIN) return; break; } openpam_log(PAM_LOG_ERROR, "%s(): unexpected return value %d", pam_sm_func_name[primitive], r); } #endif /* !defined(OPENPAM_RELAX_CHECKS) */ /* * NODOC * * Error codes: */ Index: projects/clang360-import/contrib/openpam/modules/pam_unix/pam_unix.c =================================================================== --- projects/clang360-import/contrib/openpam/modules/pam_unix/pam_unix.c (revision 277839) +++ projects/clang360-import/contrib/openpam/modules/pam_unix/pam_unix.c (revision 277840) @@ -1,196 +1,196 @@ /*- * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * Copyright (c) 2004-2011 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and * Network Associates Laboratories, the Security Research Division of * Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 * ("CBOSS"), as part of the DARPA CHATS research program. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote * products derived from this software without specific prior written * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * $Id: pam_unix.c 648 2013-03-05 17:54:27Z des $ */ #ifdef HAVE_CONFIG_H # include "config.h" #endif #include #include #include #include #include #include #ifdef HAVE_CRYPT_H # include #endif #include #include #ifndef OPENPAM static char password_prompt[] = "Password:"; #endif #ifndef PAM_EXTERN #define PAM_EXTERN #endif PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { #ifndef OPENPAM struct pam_conv *conv; struct pam_message msg; const struct pam_message *msgp; struct pam_response *resp; #endif struct passwd *pwd; const char *user; - char *crypt_password, *password; + const char *crypt_password, *password; int pam_err, retry; (void)argc; (void)argv; /* identify user */ if ((pam_err = pam_get_user(pamh, &user, NULL)) != PAM_SUCCESS) return (pam_err); if ((pwd = getpwnam(user)) == NULL) return (PAM_USER_UNKNOWN); /* get password */ #ifndef OPENPAM pam_err = pam_get_item(pamh, PAM_CONV, (const void **)&conv); if (pam_err != PAM_SUCCESS) return (PAM_SYSTEM_ERR); msg.msg_style = PAM_PROMPT_ECHO_OFF; msg.msg = password_prompt; msgp = &msg; #endif for (retry = 0; retry < 3; ++retry) { #ifdef OPENPAM pam_err = pam_get_authtok(pamh, PAM_AUTHTOK, - (const char **)&password, NULL); + &password, NULL); #else resp = NULL; pam_err = (*conv->conv)(1, &msgp, &resp, conv->appdata_ptr); if (resp != NULL) { if (pam_err == PAM_SUCCESS) password = resp->resp; else free(resp->resp); free(resp); } #endif if (pam_err == PAM_SUCCESS) break; } if (pam_err == PAM_CONV_ERR) return (pam_err); if (pam_err != PAM_SUCCESS) return (PAM_AUTH_ERR); /* compare passwords */ if ((!pwd->pw_passwd[0] && (flags & PAM_DISALLOW_NULL_AUTHTOK)) || (crypt_password = crypt(password, pwd->pw_passwd)) == NULL || strcmp(crypt_password, pwd->pw_passwd) != 0) pam_err = PAM_AUTH_ERR; else pam_err = PAM_SUCCESS; #ifndef OPENPAM free(password); #endif return (pam_err); } PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { (void)pamh; (void)flags; (void)argc; (void)argv; return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { (void)pamh; (void)flags; (void)argc; (void)argv; return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { (void)pamh; (void)flags; (void)argc; (void)argv; return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { (void)pamh; (void)flags; (void)argc; (void)argv; return (PAM_SUCCESS); } PAM_EXTERN int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char *argv[]) { (void)pamh; (void)flags; (void)argc; (void)argv; return (PAM_SERVICE_ERR); } #ifdef PAM_MODULE_ENTRY PAM_MODULE_ENTRY("pam_unix"); #endif