diff options
| -rw-r--r-- | libpam/Makefile.am | 2 | ||||
| -rw-r--r-- | libpam/include/pam_cc_compat.h | 35 | ||||
| -rw-r--r-- | modules/pam_mkhomedir/pam_mkhomedir.c | 4 | ||||
| -rw-r--r-- | modules/pam_namespace/pam_namespace.c | 3 | ||||
| -rw-r--r-- | modules/pam_tty_audit/pam_tty_audit.c | 4 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_acct.c | 3 | ||||
| -rw-r--r-- | modules/pam_unix/pam_unix_passwd.c | 3 | ||||
| -rw-r--r-- | modules/pam_unix/passverify.c | 3 | ||||
| -rw-r--r-- | modules/pam_unix/support.c | 3 | ||||
| -rw-r--r-- | modules/pam_xauth/pam_xauth.c | 4 |
10 files changed, 63 insertions, 1 deletions
diff --git a/libpam/Makefile.am b/libpam/Makefile.am index d9f9e041..9d5c844d 100644 --- a/libpam/Makefile.am +++ b/libpam/Makefile.am @@ -23,7 +23,7 @@ include_HEADERS = include/security/_pam_compat.h \ include/security/pam_ext.h include/security/pam_modutil.h noinst_HEADERS = pam_prelude.h pam_private.h pam_tokens.h \ - pam_modutil_private.h + pam_modutil_private.h include/pam_cc_compat.h libpam_la_LDFLAGS = -no-undefined -version-info 84:2:84 libpam_la_LIBADD = @LIBAUDIT@ $(LIBPRELUDE_LIBS) $(ECONF_LIBS) @LIBDL@ diff --git a/libpam/include/pam_cc_compat.h b/libpam/include/pam_cc_compat.h new file mode 100644 index 00000000..a4b84c62 --- /dev/null +++ b/libpam/include/pam_cc_compat.h @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2020 Dmitry V. Levin <ldv@altlinux.org> + */ + +#ifndef PAM_CC_COMPAT_H +#define PAM_CC_COMPAT_H + +#include "config.h" +#include <security/_pam_types.h> + +#if defined __clang__ && defined __clang_major__ && defined __clang_minor__ +# define PAM_CLANG_PREREQ(maj, min) \ + ((__clang_major__ << 16) + __clang_minor__ >= ((maj) << 16) + (min)) +#else +# define PAM_CLANG_PREREQ(maj, min) 0 +#endif + +#if PAM_GNUC_PREREQ(4, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic push"); \ + _Pragma("GCC diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("GCC diagnostic pop") +#elif PAM_CLANG_PREREQ(2, 6) +# define DIAG_PUSH_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic push"); \ + _Pragma("clang diagnostic ignored \"-Wcast-qual\"") +# define DIAG_POP_IGNORE_CAST_QUAL \ + _Pragma("clang diagnostic pop") +#else +# define DIAG_PUSH_IGNORE_CAST_QUAL /* empty */ +# define DIAG_POP_IGNORE_CAST_QUAL /* empty */ +#endif + +#endif /* PAM_CC_COMPAT_H */ diff --git a/modules/pam_mkhomedir/pam_mkhomedir.c b/modules/pam_mkhomedir/pam_mkhomedir.c index aec1e7e5..1a4dab47 100644 --- a/modules/pam_mkhomedir/pam_mkhomedir.c +++ b/modules/pam_mkhomedir/pam_mkhomedir.c @@ -58,6 +58,8 @@ #include <security/pam_modutil.h> #include <security/pam_ext.h> +#include "pam_cc_compat.h" + /* argument parsing */ #define MKHOMEDIR_DEBUG 020 /* be verbose about things */ #define MKHOMEDIR_QUIET 040 /* keep quiet about things */ @@ -143,7 +145,9 @@ create_homedir (pam_handle_t *pamh, options_t *opt, args[2] = opt->umask; args[3] = opt->skeldir; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(MKHOMEDIR_HELPER, (char **)args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_namespace/pam_namespace.c b/modules/pam_namespace/pam_namespace.c index d49dc621..155d3965 100644 --- a/modules/pam_namespace/pam_namespace.c +++ b/modules/pam_namespace/pam_namespace.c @@ -34,6 +34,7 @@ #define _ATFILE_SOURCE +#include "pam_cc_compat.h" #include "pam_namespace.h" #include "argv_parse.h" @@ -2230,7 +2231,9 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags UNUSED, /* nothing to reset */ return PAM_SUCCESS; + DIAG_PUSH_IGNORE_CAST_QUAL; idata.polydirs_ptr = (void *)polyptr; + DIAG_POP_IGNORE_CAST_QUAL; if (idata.flags & PAMNS_DEBUG) pam_syslog(idata.pamh, LOG_DEBUG, "Resetting namespace for pid %d", diff --git a/modules/pam_tty_audit/pam_tty_audit.c b/modules/pam_tty_audit/pam_tty_audit.c index 79e5d511..7dbcada2 100644 --- a/modules/pam_tty_audit/pam_tty_audit.c +++ b/modules/pam_tty_audit/pam_tty_audit.c @@ -54,6 +54,8 @@ #include <security/pam_modules.h> #include <security/pam_modutil.h> +#include "pam_cc_compat.h" + #define DATANAME "pam_tty_audit_last_state" /* Open an audit netlink socket */ @@ -79,7 +81,9 @@ nl_send (int fd, unsigned type, unsigned flags, const void *data, size_t size) nlm.nlmsg_pid = 0; iov[0].iov_base = &nlm; iov[0].iov_len = sizeof (nlm); + DIAG_PUSH_IGNORE_CAST_QUAL; iov[1].iov_base = (void *)data; + DIAG_POP_IGNORE_CAST_QUAL; iov[1].iov_len = size; addr.nl_family = AF_NETLINK; addr.nl_pid = 0; diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c index e99c2d03..36f68eff 100644 --- a/modules/pam_unix/pam_unix_acct.c +++ b/modules/pam_unix/pam_unix_acct.c @@ -59,6 +59,7 @@ #include <security/pam_ext.h> #include <security/pam_modutil.h> +#include "pam_cc_compat.h" #include "support.h" #include "passverify.h" @@ -127,7 +128,9 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, args[1] = user; args[2] = "chkexpiry"; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(CHKPWD_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; pam_syslog(pamh, LOG_ERR, "helper binary execve failed: %m"); /* should not get here: exit with error */ diff --git a/modules/pam_unix/pam_unix_passwd.c b/modules/pam_unix/pam_unix_passwd.c index 93300f46..636ace97 100644 --- a/modules/pam_unix/pam_unix_passwd.c +++ b/modules/pam_unix/pam_unix_passwd.c @@ -70,6 +70,7 @@ #include <security/pam_ext.h> #include <security/pam_modutil.h> +#include "pam_cc_compat.h" #include "md5.h" #include "support.h" #include "passverify.h" @@ -293,7 +294,9 @@ static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, snprintf(buffer, sizeof(buffer), "%d", remember); args[4] = buffer; + DIAG_PUSH_IGNORE_CAST_QUAL; execve(UPDATE_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c index 67f9e6f7..65307e11 100644 --- a/modules/pam_unix/passverify.c +++ b/modules/pam_unix/passverify.c @@ -25,6 +25,7 @@ #include <crypt.h> #endif +#include "pam_cc_compat.h" #include "md5.h" #include "bigcrypt.h" #include "passverify.h" @@ -1020,7 +1021,9 @@ PAMH_ARG_DECL(int unix_update_shadow, fclose(opwfile); if (!wroteentry && !err) { + DIAG_PUSH_IGNORE_CAST_QUAL; spwdent.sp_namp = (char *)forwho; + DIAG_POP_IGNORE_CAST_QUAL; spwdent.sp_pwdp = towhat; spwdent.sp_lstchg = time(NULL) / (60 * 60 * 24); if (spwdent.sp_lstchg == 0) diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index 814d4c08..33761840 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -28,6 +28,7 @@ #include <security/pam_ext.h> #include <security/pam_modutil.h> +#include "pam_cc_compat.h" #include "support.h" #include "passverify.h" @@ -526,7 +527,9 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, args[2]="nonull"; } + DIAG_PUSH_IGNORE_CAST_QUAL; execve(CHKPWD_HELPER, (char *const *) args, envp); + DIAG_POP_IGNORE_CAST_QUAL; /* should not get here: exit with error */ D(("helper binary is not available")); diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 3339def8..61e98253 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -65,6 +65,8 @@ #include <sys/stat.h> #endif +#include "pam_cc_compat.h" + #define DATANAME "pam_xauth_cookie_file" #define XAUTHENV "XAUTHORITY" #define HOMEENV "HOME" @@ -179,7 +181,9 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, } } /* Run the command. */ + DIAG_PUSH_IGNORE_CAST_QUAL; execv(command, (char *const *) args); + DIAG_POP_IGNORE_CAST_QUAL; /* Never reached. */ _exit(1); } |