Relevant BUGIDs: none

Purpose of commit: cleanup

Commit summary:
---------------

Fix all occurrence of dereferencing type-punned pointer will break
strict-aliasing rules warnings

5 files changed, 63 insertions, 55 deletions

diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c
index 9330a551..6e8ed614 100644
--- a/modules/pam_unix/pam_unix_acct.c
+++ b/modules/pam_unix/pam_unix_acct.c
@@ -188,7 +188,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 				int argc, const char **argv)
 {
 	unsigned int ctrl;
-	const char *uname;
+	const void *uname;
 	int retval, daysleft;
 	time_t curdays;
 	struct spwd *spent;
@@ -199,7 +199,7 @@ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t * pamh, int flags,
 
 	ctrl = _set_ctrl(pamh, flags, NULL, argc, argv);
 
-	retval = pam_get_item(pamh, PAM_USER, (const void **) &uname);
+	retval = pam_get_item(pamh, PAM_USER, &uname);
 	D(("user = `%s'", uname));
 	if (retval != PAM_SUCCESS || uname == NULL) {
 		_log_err(LOG_ALERT, pamh
diff --git a/modules/pam_unix/pam_unix_auth.c b/modules/pam_unix/pam_unix_auth.c
index 39e0cde5..2ed24127 100644
--- a/modules/pam_unix/pam_unix_auth.c
+++ b/modules/pam_unix/pam_unix_auth.c
@@ -107,7 +107,8 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags
 {
 	unsigned int ctrl;
 	int retval, *ret_data = NULL;
-	const char *name, *p;
+	const char *name;
+	const void *p;
 
 	D(("called."));
 
@@ -197,7 +198,7 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
 			      ,int argc, const char **argv)
 {
 	int retval;
-	int *pretval = NULL;
+	const void *pretval = NULL;
 
 	D(("called."));
 
@@ -206,9 +207,9 @@ PAM_EXTERN int pam_sm_setcred(pam_handle_t * pamh, int flags
 	D(("recovering return code from auth call"));
 	/* We will only find something here if UNIX_LIKE_AUTH is set --
 	   don't worry about an explicit check of argv. */
-	pam_get_data(pamh, "unix_setcred_return", (const void **) &pretval);
+	pam_get_data(pamh, "unix_setcred_return", &pretval);
 	if(pretval) {
-		retval = *pretval;
+ 	        retval = *(const int *)pretval;
 		pam_set_data(pamh, "unix_setcred_return", NULL, NULL);
 		D(("recovered data indicates that old retval was %d", retval));
 	}
diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c
index 9c7cb07c..99b127a0 100644
--- a/modules/pam_unix/pam_unix_passwd.c
+++ b/modules/pam_unix/pam_unix_passwd.c
@@ -738,7 +738,8 @@ static int _update_shadow(pam_handle_t *pamh, const char *forwho, char *towhat)
     }
 }
 
-static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
+static int _do_setpass(pam_handle_t* pamh, const char *forwho,
+		       const char *fromwhat,
 		       char *towhat, unsigned int ctrl, int remember)
 {
 	struct passwd *pwd = NULL;
@@ -754,7 +755,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 		retval = PAM_AUTHTOK_ERR;
 		goto done;
 	}
-	
+
 	if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
 	    if ((master=getNISserver(pamh)) != NULL) {
 		struct timeval timeout;
@@ -777,7 +778,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 		yppwd.newpw.pw_gecos = pwd->pw_gecos;
 		yppwd.newpw.pw_dir = pwd->pw_dir;
 		yppwd.newpw.pw_shell = pwd->pw_shell;
-		yppwd.oldpass = fromwhat ? fromwhat : "";
+		yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup ("");
 		yppwd.newpw.pw_passwd = towhat;
 
 		D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho));
@@ -797,6 +798,8 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 				(xdrproc_t) xdr_int, (char *) &status,
 				timeout);
 
+		free (yppwd.oldpass);
+
 		if (err) {
 			_make_remark(pamh, ctrl, PAM_TEXT_INFO,
 				clnt_sperrno(err));
@@ -862,7 +865,7 @@ static int _do_setpass(pam_handle_t* pamh, const char *forwho, char *fromwhat,
 	}
 
 
-done:	
+done:
 #ifdef USE_LCKPWDF
 	ulckpwdf();
 #endif
@@ -943,7 +946,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 				  ,const char *pass_old
 				  ,const char *pass_new)
 {
-	const char *user;
+	const void *user;
 	const char *remark = NULL;
 	int retval = PAM_SUCCESS;
 
@@ -964,7 +967,7 @@ static int _pam_unix_approve_pass(pam_handle_t * pamh
 	 * checking this would be the place - AGM
 	 */
 
-	retval = pam_get_item(pamh, PAM_USER, (const void **) &user);
+	retval = pam_get_item(pamh, PAM_USER, &user);
 	if (retval != PAM_SUCCESS) {
 		if (on(UNIX_DEBUG, ctrl)) {
 			_log_err(LOG_ERR, pamh, "Can not get username");
@@ -1007,7 +1010,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 
 	/* <DO NOT free() THESE> */
 	const char *user;
-	char *pass_old, *pass_new;
+	const void *pass_old, *pass_new;
 	/* </DO NOT free() THESE> */
 
 	D(("called."));
@@ -1109,7 +1112,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 					     ,"(current) UNIX password: "
 						     ,NULL
 						     ,_UNIX_OLD_AUTHTOK
-					     ,(const char **) &pass_old);
+					     ,&pass_old);
 			free(Announce);
 
 			if (retval != PAM_SUCCESS) {
@@ -1168,10 +1171,10 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 
 		if (off(UNIX_NOT_SET_PASS, ctrl)) {
 			retval = pam_get_item(pamh, PAM_OLDAUTHTOK
-					      ,(const void **) &pass_old);
+					      ,&pass_old);
 		} else {
 			retval = pam_get_data(pamh, _UNIX_OLD_AUTHTOK
-					      ,(const void **) &pass_old);
+					      ,&pass_old);
 			if (retval == PAM_NO_MODULE_DATA) {
 				retval = PAM_SUCCESS;
 				pass_old = NULL;
@@ -1204,7 +1207,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 					     ,"Enter new UNIX password: "
 					    ,"Retype new UNIX password: "
 						     ,_UNIX_NEW_AUTHTOK
-					     ,(const char **) &pass_new);
+					     ,&pass_new);
 
 			if (retval != PAM_SUCCESS) {
 				if (on(UNIX_DEBUG, ctrl)) {
@@ -1222,7 +1225,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags,
 			 * password is acceptable.
 			 */
 
-			if (pass_new[0] == '\0') {	/* "\0" password = NULL */
+			if (*(const char *)pass_new == '\0') {	/* "\0" password = NULL */
 				pass_new = NULL;
 			}
 			retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new);
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c
index bb74987b..5368ae20 100644
--- a/modules/pam_unix/support.c
+++ b/modules/pam_unix/support.c
@@ -1,4 +1,4 @@
-/* 
+/*
  * $Id$
  *
  * Copyright information at end of file.
@@ -40,11 +40,11 @@ extern char *bigcrypt(const char *key, const char *salt);
 
 void _log_err(int err, pam_handle_t *pamh, const char *format,...)
 {
-	char *service = NULL;
+	const void *service = NULL;
 	char logname[256];
 	va_list args;
 
-	pam_get_item(pamh, PAM_SERVICE, (const void **) &service);
+	pam_get_item(pamh, PAM_SERVICE, &service);
 	if (service) {
 		strncpy(logname, service, sizeof(logname));
 		logname[sizeof(logname) - 1 - strlen("(pam_unix)")] = '\0';
@@ -67,11 +67,13 @@ static int converse(pam_handle_t * pamh, int ctrl, int nargs
 		    ,struct pam_response **response)
 {
 	int retval;
-	struct pam_conv *conv;
+	const void *void_conv;
+	const struct pam_conv *conv;
 
 	D(("begin to converse"));
 
-	retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+	retval = pam_get_item(pamh, PAM_CONV, &void_conv);
+	conv = void_conv;
 	if (retval == PAM_SUCCESS) {
 
 		retval = conv->conv(nargs, (const struct pam_message **) message
@@ -230,10 +232,10 @@ struct _pam_failed_auth {
 static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err)
 {
 	int quiet;
-	const char *service = NULL;
-	const char *ruser = NULL;
-	const char *rhost = NULL;
-	const char *tty = NULL;
+	const void *service = NULL;
+	const void *ruser = NULL;
+	const void *rhost = NULL;
+	const void *tty = NULL;
 	struct _pam_failed_auth *failure;
 
 	D(("called"));
@@ -249,13 +251,13 @@ static void _cleanup_failures(pam_handle_t * pamh, void *fl, int err)
 			/* log the number of authentication failures */
 			if (failure->count > 1) {
 				(void) pam_get_item(pamh, PAM_SERVICE,
-						    (const void **)&service);
+						    &service);
 				(void) pam_get_item(pamh, PAM_RUSER,
-						    (const void **)&ruser);
+						    &ruser);
 				(void) pam_get_item(pamh, PAM_RHOST,
-						    (const void **)&rhost);
+						    &rhost);
 				(void) pam_get_item(pamh, PAM_TTY,
-						    (const void **)&tty);
+						    &tty);
 				_log_err(LOG_NOTICE, pamh,
 				         "%d more authentication failure%s; "
 				         "logname=%s uid=%d euid=%d "
@@ -476,9 +478,9 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 
 	if (pwd != NULL) {
 		if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
-		{ /* NIS+ */                 
+		{ /* NIS+ */
 			uid_t save_euid, save_uid;
-	
+
 			save_euid = geteuid();
 			save_uid = getuid();
 			if (save_uid == pwd->pw_uid)
@@ -493,7 +495,7 @@ _unix_blankpasswd (pam_handle_t *pamh, unsigned int ctrl, const char *name)
 						return 0;
 				}
 			}
-	
+
 			spwdent = _pammodutil_getspnam (pamh, name);
 			if (save_uid == pwd->pw_uid)
 				setreuid( save_uid, save_euid );
@@ -583,7 +585,7 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd,
 	  for (i=2; i < rlim.rlim_max; i++) {
 		if (fds[0] != i)
 	  	   close(i);
-	  }	
+	  }
 	}
 	/* exec binary helper */
 	args[0] = x_strdup(CHKPWD_HELPER);
@@ -662,9 +664,9 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 
 	if (pwd != NULL) {
 		if (strcmp( pwd->pw_passwd, "*NP*" ) == 0)
-		{ /* NIS+ */                 
+		{ /* NIS+ */
 			uid_t save_euid, save_uid;
-	
+
 			save_euid = geteuid();
 			save_uid = getuid();
 			if (save_uid == pwd->pw_uid)
@@ -678,7 +680,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 						return PAM_CRED_INSUFFICIENT;
 				}
 			}
-	
+
 			spwdent = _pammodutil_getspnam (pamh, name);
 			if (save_uid == pwd->pw_uid)
 				setreuid( save_uid, save_euid );
@@ -710,7 +712,7 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 
 	retval = PAM_SUCCESS;
 	if (pwd == NULL || salt == NULL || !strcmp(salt, "x") || ((salt[0] == '#') && (salt[1] == '#') && !strcmp(salt + 2, name))) {
-	  
+
 		if (geteuid() || SELINUX_ENABLED) {
 			/* we are not root perhaps this is the reason? Run helper */
 			D(("running helper binary"));
@@ -804,6 +806,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 			if (new != NULL) {
 
 			    const char *login_name;
+			    const void *void_old;
+
 
 			    login_name = _pammodutil_getlogin(pamh);
 			    if (login_name == NULL) {
@@ -816,7 +820,8 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 				new->name = x_strdup(login_name);
 
 				/* any previous failures for this user ? */
-				pam_get_data(pamh, data_name, (const void **) &old);
+				pam_get_data(pamh, data_name, &void_old);
+				old = void_old;
 
 				if (old != NULL) {
 					new->count = old->count + 1;
@@ -824,19 +829,19 @@ int _unix_verify_password(pam_handle_t * pamh, const char *name
 						retval = PAM_MAXTRIES;
 					}
 				} else {
-					const char *service=NULL;
-					const char *ruser=NULL;
-					const char *rhost=NULL;
-					const char *tty=NULL;
+					const void *service=NULL;
+					const void *ruser=NULL;
+					const void *rhost=NULL;
+					const void *tty=NULL;
 
 					(void) pam_get_item(pamh, PAM_SERVICE,
-							    (const void **)&service);
+							    &service);
 					(void) pam_get_item(pamh, PAM_RUSER,
-							    (const void **)&ruser);
+							    &ruser);
 					(void) pam_get_item(pamh, PAM_RHOST,
-							    (const void **)&rhost);
+							    &rhost);
 					(void) pam_get_item(pamh, PAM_TTY,
-							    (const void **)&tty);
+							    &tty);
 
 					_log_err(LOG_NOTICE, pamh,
 					         "authentication failure; "
@@ -886,7 +891,7 @@ int _unix_read_password(pam_handle_t * pamh
 			,const char *prompt1
 			,const char *prompt2
 			,const char *data_name
-			,const char **pass)
+			,const void **pass)
 {
 	int authtok_flag;
 	int retval;
@@ -911,7 +916,7 @@ int _unix_read_password(pam_handle_t * pamh
 	 */
 
 	if (on(UNIX_TRY_FIRST_PASS, ctrl) || on(UNIX_USE_FIRST_PASS, ctrl)) {
-		retval = pam_get_item(pamh, authtok_flag, (const void **) pass);
+		retval = pam_get_item(pamh, authtok_flag, pass);
 		if (retval != PAM_SUCCESS) {
 			/* very strange. */
 			_log_err(LOG_ALERT, pamh
@@ -1016,8 +1021,7 @@ int _unix_read_password(pam_handle_t * pamh
 		retval = pam_set_item(pamh, authtok_flag, token);
 		_pam_delete(token);	/* clean it up */
 		if (retval != PAM_SUCCESS
-		    || (retval = pam_get_item(pamh, authtok_flag
-					      ,(const void **) pass))
+		    || (retval = pam_get_item(pamh, authtok_flag, pass))
 		    != PAM_SUCCESS) {
 
 			*pass = NULL;
@@ -1079,13 +1083,13 @@ int _unix_shadowed(const struct passwd *pwd)
  * 3. The name of the author may not be used to endorse or promote
  *    products derived from this software without specific prior
  *    written permission.
- * 
+ *
  * ALTERNATIVELY, this product may be distributed under the terms of
  * the GNU Public License, in which case the provisions of the GPL are
  * required INSTEAD OF the above restrictions.  (This clause is
  * necessary due to a potential bad interaction between the GPL and
  * the restrictions contained in a BSD-style copyright.)
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
diff --git a/modules/pam_unix/support.h b/modules/pam_unix/support.h
index 5f55911a..9cf21136 100644
--- a/modules/pam_unix/support.h
+++ b/modules/pam_unix/support.h
@@ -149,7 +149,7 @@ extern int _unix_read_password(pam_handle_t * pamh
 			,const char *prompt1
 			,const char *prompt2
 			,const char *data_name
-			,const char **pass);
+			,const void **pass);
 extern int _unix_shadowed(const struct passwd *pwd);
 
 extern struct spwd *_unix_run_verify_binary(pam_handle_t *pamh, unsigned int ctrl, const char *user);