From ab17e62324c48e63be3f71ef6ca07633bbc50b95 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 28 Dec 2017 14:08:37 -0700 Subject: Fix compile-time warnings --- libtac/lib/author_r.c | 1 + 1 file changed, 1 insertion(+) (limited to 'libtac/lib') diff --git a/libtac/lib/author_r.c b/libtac/lib/author_r.c index 148f7ea..fa101e6 100644 --- a/libtac/lib/author_r.c +++ b/libtac/lib/author_r.c @@ -187,6 +187,7 @@ int tac_author_read(int fd, struct areply *re) { /* XXX support optional vs mandatory arguments */ case TAC_PLUS_AUTHOR_STATUS_PASS_REPL: tac_free_attrib(&re->attr); + /*FALLTHRU*/ case TAC_PLUS_AUTHOR_STATUS_PASS_ADD: { u_char *argp; -- cgit v1.2.3 From ec797c84701ccafbfcccb836f87a1160cf86ef4c Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 28 Dec 2017 14:10:24 -0700 Subject: linux/random.h doesn't actually declare getrandom() --- configure.ac | 4 ++-- libtac/lib/magic.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'libtac/lib') diff --git a/configure.ac b/configure.ac index e34c769..b24f10d 100644 --- a/configure.ac +++ b/configure.ac @@ -47,8 +47,8 @@ esac dnl -------------------------------------------------------------------- dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h ]) -AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h linux/random.h sys/random.h]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h]) +AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index a320df5..138c6d4 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -70,10 +70,10 @@ magic() #elif defined(HAVE_GETRANDOM) -# if defined(HAVE_LINUX_RANDOM_H) -# include -# elif defined(HAVE_SYS_RANDOM_H) +# if defined(HAVE_SYS_RANDOM_H) # include +# else +# error no header containing getrandom(2) declaration # endif /* -- cgit v1.2.3 From e12a75b717ac587bbc5814cbb7f2311be99998d8 Mon Sep 17 00:00:00 2001 From: Martin Belanger Date: Thu, 21 Dec 2017 14:59:52 -0500 Subject: RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0. They tell us to use RAND_bytes() instead. Modified by Philip Prindeville --- configure.ac | 7 +++++-- libtac/lib/magic.c | 4 ++++ pam_tacplus.c | 4 ++++ tacc.c | 4 ++++ 4 files changed, 17 insertions(+), 2 deletions(-) (limited to 'libtac/lib') diff --git a/configure.ac b/configure.ac index b24f10d..ac7c692 100644 --- a/configure.ac +++ b/configure.ac @@ -36,7 +36,10 @@ dnl Checks for libraries. AC_CHECK_LIB(pam, pam_start) AC_CHECK_LIB(tac, tac_connect) AC_CHECK_LIB(crypto, MD5_Init) -AC_CHECK_LIB(crypto, RAND_pseudo_bytes) +AC_CHECK_LIB(crypto, RAND_pseudo_bytes, + [AC_DEFINE([HAVE_RAND_PSEUDO_BYTES], [1], [Define to 1 if you have the `RAND_pseudo_bytes' function.])]) +AC_CHECK_LIB(crypto, RAND_bytes, + [AC_DEFINE([HAVE_RAND_BYTES], [1], [Define to 1 if you have the `RAND_bytes' function.])]) AC_CHECK_LIB(util, logwtmp) case "$host" in @@ -51,7 +54,7 @@ AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h str AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) -AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) +AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_bytes" = "yes" || test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) dnl -------------------------------------------------------------------- dnl Checks for typedefs, structures, and compiler characteristics. diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index 138c6d4..97aa035 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -63,7 +63,11 @@ magic() { u_int32_t num; +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *)&num, sizeof(num)); +#else RAND_pseudo_bytes((unsigned char *)&num, sizeof(num)); +#endif return num; } diff --git a/pam_tacplus.c b/pam_tacplus.c index 198d096..19e2aca 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -711,7 +711,11 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, const char **argv) { #if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO) +# if defined(HAVE_RAND_BYTES) + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +# else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +# endif #else task_id=(short int) magic(); #endif diff --git a/tacc.c b/tacc.c index cba0229..5d0585c 100644 --- a/tacc.c +++ b/tacc.c @@ -319,7 +319,11 @@ int main(int argc, char **argv) { struct tac_attrib *attr = NULL; sprintf(buf, "%lu", time(0)); tac_add_attrib(&attr, "start_time", buf); +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +#else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +#endif sprintf(buf, "%hu", task_id); tac_add_attrib(&attr, "task_id", buf); tac_add_attrib(&attr, "service", service); -- cgit v1.2.3