- (dtucker) [auth-pam.c] Bug #705: Make arguments match PAM specs, fixes

[openssh.git] / auth-pam.c

diff --git a/auth-pam.c b/auth-pam.c
index 76801ea180cef84c3ec086ff29e3331b9a95ef4a..95930a93347fb39ddbd913c244d54a04853ab6d5 100644 (file)
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -202,7 +202,7 @@ pam_getenvlist(pam_handle_t *pamh)
 #endif
 
 void
-pam_password_change_required(int reqd)
+sshpam_password_change_required(int reqd)
 {
        debug3("%s %d", __func__, reqd);
        if (sshpam_authctxt == NULL)
@@ -232,7 +232,7 @@ import_environments(Buffer *b)
 #ifndef USE_POSIX_THREADS
        /* Import variables set by do_pam_account */
        sshpam_account_status = buffer_get_int(b);
-       pam_password_change_required(buffer_get_int(b));
+       sshpam_password_change_required(buffer_get_int(b));
 
        /* Import environment from subprocess */
        num_env = buffer_get_int(b);
@@ -264,7 +264,7 @@ import_environments(Buffer *b)
  * Conversation function for authentication thread.
  */
 static int
-sshpam_thread_conv(int n, const struct pam_message **msg,
+sshpam_thread_conv(int n, struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
        Buffer buffer;
@@ -275,6 +275,10 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
        debug3("PAM: %s entering, %d messages", __func__, n);
        *resp = NULL;
 
+       if (data == NULL) {
+               error("PAM: conversation function passed a null context");
+               return (PAM_CONV_ERR);
+       }
        ctxt = data;
        if (n <= 0 || n > PAM_MAX_NUM_MSG)
                return (PAM_CONV_ERR);
@@ -358,7 +362,7 @@ sshpam_thread(void *ctxtp)
        u_int i;
        const char *pam_user;
 
-       pam_get_item(sshpam_handle, PAM_USER, (const void **)&pam_user);
+       pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
        setproctitle("%s [pam]", pam_user);
        environ[0] = NULL;
 #endif
@@ -386,7 +390,7 @@ sshpam_thread(void *ctxtp)
                            PAM_CHANGE_EXPIRED_AUTHTOK);
                        if (sshpam_err != PAM_SUCCESS)
                                goto auth_fail;
-                       pam_password_change_required(0);
+                       sshpam_password_change_required(0);
                }
        }
 
@@ -446,7 +450,7 @@ sshpam_thread_cleanup(void)
 }
 
 static int
-sshpam_null_conv(int n, const struct pam_message **msg,
+sshpam_null_conv(int n, struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
        debug3("PAM: %s entering, %d messages", __func__, n);
@@ -484,7 +488,7 @@ sshpam_init(Authctxt *authctxt)
        if (sshpam_handle != NULL) {
                /* We already have a PAM context; check if the user matches */
                sshpam_err = pam_get_item(sshpam_handle,
-                   PAM_USER, (const void **)&pam_user);
+                   PAM_USER, (void **)&pam_user);
                if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
                        return (0);
                pam_end(sshpam_handle, sshpam_err);
@@ -736,7 +740,7 @@ do_pam_account(void)
        }
 
        if (sshpam_err == PAM_NEW_AUTHTOK_REQD)
-               pam_password_change_required(1);
+               sshpam_password_change_required(1);
 
        sshpam_account_status = 1;
        return (sshpam_account_status);
@@ -782,7 +786,7 @@ do_pam_setcred(int init)
 }
 
 static int
-sshpam_tty_conv(int n, const struct pam_message **msg,
+sshpam_tty_conv(int n, struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
        char input[PAM_MAX_MSG_SIZE];
@@ -859,7 +863,7 @@ do_pam_chauthtok(void)
 }
 
 static int
-sshpam_store_conv(int n, const struct pam_message **msg,
+sshpam_store_conv(int n, struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
        struct pam_response *reply;
@@ -974,7 +978,7 @@ free_pam_environment(char **env)
  * display.
  */
 static int
-sshpam_passwd_conv(int n, const struct pam_message **msg,
+sshpam_passwd_conv(int n, struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
        struct pam_response *reply;