Relevant BUGIDs: 449203

Purpose of commit: new support

Commit summary:
---------------
Include some BSD changes (to the conversation function) and fix a few
gcc warnings.

6 files changed, 58 insertions, 18 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 11ccbe20..ae2fa0bc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -49,6 +49,9 @@ bug report - outstanding bugs are listed here:
 0.76: please submit patches for this section with actual code/doc
       patches!
 
+* some BSD updates and fixes from Mark Murray - including a slightly
+  more robust conversation function and some minimization of gcc
+  warnings. (Bug 449203 - agmorgan)
 * pam_unix/support.c: sample use of reentrant NSS function.  Not yet active,
   because modules do not include _pam_aconf_h! (Bug 440107 - vorlon)
 * doc/Makefile changes - use $(mandir) [courtesy Harald Welte] (Bug
diff --git a/libpam/pam_delay.c b/libpam/pam_delay.c
index 1b8d34fb..553bf72b 100644
--- a/libpam/pam_delay.c
+++ b/libpam/pam_delay.c
@@ -133,7 +133,7 @@ void _pam_await_timer(pam_handle_t *pamh, int status)
 
 int pam_fail_delay(pam_handle_t *pamh, unsigned int usec)
 {
-     int largest;
+     unsigned int largest;
 
      IF_NO_PAMH("pam_fail_delay", pamh, PAM_SYSTEM_ERR);
 
diff --git a/libpam/pam_handlers.c b/libpam/pam_handlers.c
index b2065999..8e32f8e8 100644
--- a/libpam/pam_handlers.c
+++ b/libpam/pam_handlers.c
@@ -2,7 +2,7 @@
 
 /*
  * created by Marc Ewing.
- * Currently maintained by Andrew G. Morgan <morgan@linux.kernel.org>
+ * Currently maintained by Andrew G. Morgan <morgan@kernel.org>
  *
  * $Id$
  *
@@ -25,12 +25,7 @@
 
 #include "pam_private.h"
 
-/* FreeBSD doesn't define this */
-#ifndef RTLD_NOW
-# define RTLD_NOW      1
-#endif
-
-/* If not required, define as nothing - FreeBSD needs it to be "_"... */
+/* If not required, define as nothing */
 #ifndef SHLIB_SYM_PREFIX
 # define SHLIB_SYM_PREFIX ""
 #endif
diff --git a/libpam/pam_second.c b/libpam/pam_second.c
index e764f987..31bdc6cb 100644
--- a/libpam/pam_second.c
+++ b/libpam/pam_second.c
@@ -13,6 +13,17 @@
 
 /* p 42 */
 
+/* XXX - there are actually no plans to support this function. It does
+   not appear to be very well defined */
+
+int pam_authenticate_secondary(pam_handle_t *pamh,
+			       char *target_username,
+			       char *target_module_type,
+			       char *target_authn_domain,
+			       char *target_supp_data,
+			       unsigned char *target_module_authtok,
+			       int flags);
+
 int pam_authenticate_secondary(pam_handle_t *pamh,
 			       char *target_username,
 			       char *target_module_type,
diff --git a/libpam_misc/misc_conv.c b/libpam_misc/misc_conv.c
index 7d4b1b99..fbde3735 100644
--- a/libpam_misc/misc_conv.c
+++ b/libpam_misc/misc_conv.c
@@ -57,7 +57,7 @@ void (*pam_binary_handler_free)(void *appdata, pamc_bp_t *prompt_p)
 
 /* the following code is used to get text input */
 
-volatile static int expired=0;
+static volatile int expired=0;
 
 /* return to the previous signal handling */
 static void reset_alarm(struct sigaction *o_ptr)
@@ -130,10 +130,11 @@ static int get_delay(void)
 static char *read_string(int echo, const char *prompt)
 {
     struct termios term_before, term_tmp;
-    char line[INPUTSIZE];
+    char line[INPUTSIZE], *input;
     struct sigaction old_sig;
     int delay, nc, have_term=0;
-
+    sigset_t oset, nset;
+ 
     D(("called with echo='%s', prompt='%s'.", echo ? "ON":"OFF" , prompt));
 
     if (isatty(STDIN_FILENO)) {                      /* terminal state */
@@ -149,6 +150,16 @@ static char *read_string(int echo, const char *prompt)
 	}
 	have_term = 1;
 
+	/*
+	 * We make a simple attempt to block TTY signals from terminating
+	 * the conversation without giving PAM a chance to clean up.
+	 */
+
+	sigemptyset(&nset); 
+	sigaddset(&nset, SIGINT); 
+	sigaddset(&nset, SIGTSTP); 
+	(void) sigprocmask(SIG_BLOCK, &nset, &oset);
+
     } else if (!echo) {
 	D(("<warning: cannot turn echo off>"));
     }
@@ -180,7 +191,6 @@ static char *read_string(int echo, const char *prompt)
 	    if (expired) {
 		delay = get_delay();
 	    } else if (nc > 0) {                 /* we got some user input */
-		char *input;
 
 		if (nc > 0 && line[nc-1] == '\n') {     /* <NUL> terminate */
 		    line[--nc] = '\0';
@@ -190,25 +200,46 @@ static char *read_string(int echo, const char *prompt)
 		input = x_strdup(line);
 		_pam_overwrite(line);
 
-		return input;                  /* return malloc()ed string */
+		goto cleanexit;                /* return malloc()ed string */
 	    } else if (nc == 0) {                                /* Ctrl-D */
 		D(("user did not want to type anything"));
+
+		input = x_strdup("");
 		fprintf(stderr, "\n");
-		break;
+		goto cleanexit;                /* return malloc()ed "" */
 	    }
 	}
     }
 
     /* getting here implies that the timer expired */
-    if (have_term)
+    input = NULL;
+    _pam_overwrite(line);
+
+ cleanexit:
+
+    if (have_term) {
+	(void) sigprocmask(SIG_SETMASK, &oset, NULL);
 	(void) tcsetattr(STDIN_FILENO, TCSADRAIN, &term_before);
+    }
 
-    memset(line, 0, INPUTSIZE);                      /* clean up */
     return NULL;
 }
 
 /* end of read_string functions */
 
+/*
+ * This conversation function is supposed to be a generic PAM one.
+ * Unfortunately, it is _not_ completely compatible with the Solaris PAM
+ * codebase.
+ *
+ * Namely, for msgm's that contain multiple prompts, this function
+ * interprets "const struct pam_message **msgm" as equivalent to
+ * "const struct pam_message *msgm[]". The Solaris module
+ * implementation interprets the **msgm object as a pointer to a
+ * pointer to an array of "struct pam_message" objects (that is, a
+ * confusing amount of pointer indirection).
+ */
+
 int misc_conv(int num_msg, const struct pam_message **msgm,
 	      struct pam_response **response, void *appdata_ptr)
 {
diff --git a/libpamc/include/security/pam_client.h b/libpamc/include/security/pam_client.h
index 16a2c1b1..2afddd77 100644
--- a/libpamc/include/security/pam_client.h
+++ b/libpamc/include/security/pam_client.h
@@ -140,7 +140,7 @@ do {                                                                       \
 
 #define PAM_BP_FILL(prmpt, offset, length, data)                           \
 do {                                                                       \
-    int bp_length;                                                         \
+    size_t bp_length;                                                      \
     __u8 *prompt = (__u8 *) (prmpt);                                       \
     bp_length = PAM_BP_LENGTH(prompt);                                     \
     if (bp_length < ((length)+(offset))) {                                 \
@@ -151,7 +151,7 @@ do {                                                                       \
 
 #define PAM_BP_EXTRACT(prmpt, offset, length, data)                        \
 do {                                                                       \
-    int __bp_length;                                                       \
+    size_t __bp_length;                                                    \
     const __u8 *__prompt = (const __u8 *) (prmpt);                         \
     __bp_length = PAM_BP_LENGTH(__prompt);                                 \
     if (((offset) < 0) || (__bp_length < ((length)+(offset)))              \