From 4417118297c74cdd4f3a1cb60cb17a642a71e24b Mon Sep 17 00:00:00 2001
From: dtucker <dtucker>
Date: Thu, 26 May 2005 09:59:48 +0000
Subject: [PATCH]  - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building
 with PAM on Linux:   warning: dereferencing type-punned pointer will break
 strict-aliasing rules   warning: passing arg 3 of `pam_get_item' from
 incompatible pointer type   The type-punned pointer fix is based on a patch
 from SuSE's rpm.  ok djm@

---
 ChangeLog  |  4 ++++
 auth-pam.c | 24 +++++++++++++++++-------
 2 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2d321b0e..fda1a5e1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -97,6 +97,10 @@
      ok deraadt@, cloder@, djm@
  - (dtucker) [regress/reexec.sh] Add ${EXEEXT} so this test also works on
    Cygwin.
+ - (dtucker) [auth-pam.c] Bug #1033: Fix warnings building with PAM on Linux:
+  warning: dereferencing type-punned pointer will break strict-aliasing rules
+  warning: passing arg 3 of `pam_get_item' from incompatible pointer type
+  The type-punned pointer fix is based on a patch from SuSE's rpm.  ok djm@
 
 20050524
  - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
diff --git a/auth-pam.c b/auth-pam.c
index e1b8e783..d25cff37 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -56,6 +56,13 @@ RCSID("$Id$");
 #include <pam/pam_appl.h>
 #endif
 
+/* OpenGroup RFC86.0 and XSSO specify no "const" on arguments */
+#ifdef PAM_SUN_CODEBASE
+# define sshpam_const		/* Solaris, HP-UX, AIX */
+#else
+# define sshpam_const	const	/* LinuxPAM, OpenPAM */
+#endif
+
 #include "auth.h"
 #include "auth-pam.h"
 #include "buffer.h"
@@ -300,7 +307,7 @@ import_environments(Buffer *b)
  * Conversation function for authentication thread.
  */
 static int
-sshpam_thread_conv(int n, struct pam_message **msg,
+sshpam_thread_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
 	Buffer buffer;
@@ -399,8 +406,10 @@ sshpam_thread(void *ctxtp)
 	char **env_from_pam;
 	u_int i;
 	const char *pam_user;
+	const char **ptr_pam_user = &pam_user;
 
-	pam_get_item(sshpam_handle, PAM_USER, (void **)&pam_user);
+	pam_get_item(sshpam_handle, PAM_USER,
+	    (sshpam_const void **)ptr_pam_user);
 	environ[0] = NULL;
 
 	if (sshpam_authctxt != NULL) {
@@ -492,7 +501,7 @@ sshpam_thread_cleanup(void)
 }
 
 static int
-sshpam_null_conv(int n, struct pam_message **msg,
+sshpam_null_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
 	debug3("PAM: %s entering, %d messages", __func__, n);
@@ -502,7 +511,7 @@ sshpam_null_conv(int n, struct pam_message **msg,
 static struct pam_conv null_conv = { sshpam_null_conv, NULL };
 
 static int
-sshpam_store_conv(int n, struct pam_message **msg,
+sshpam_store_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
 	struct pam_response *reply;
@@ -571,11 +580,12 @@ sshpam_init(Authctxt *authctxt)
 {
 	extern char *__progname;
 	const char *pam_rhost, *pam_user, *user = authctxt->user;
+	const char **ptr_pam_user = &pam_user;
 
 	if (sshpam_handle != NULL) {
 		/* We already have a PAM context; check if the user matches */
 		sshpam_err = pam_get_item(sshpam_handle,
-		    PAM_USER, (void **)&pam_user);
+		    PAM_USER, (sshpam_const void **)ptr_pam_user);
 		if (sshpam_err == PAM_SUCCESS && strcmp(user, pam_user) == 0)
 			return (0);
 		pam_end(sshpam_handle, sshpam_err);
@@ -891,7 +901,7 @@ do_pam_setcred(int init)
 }
 
 static int
-sshpam_tty_conv(int n, struct pam_message **msg,
+sshpam_tty_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
 	char input[PAM_MAX_MSG_SIZE];
@@ -1050,7 +1060,7 @@ free_pam_environment(char **env)
  * display.
  */
 static int
-sshpam_passwd_conv(int n, struct pam_message **msg,
+sshpam_passwd_conv(int n, sshpam_const struct pam_message **msg,
     struct pam_response **resp, void *data)
 {
 	struct pam_response *reply;
-- 
2.45.2