From ab17e62324c48e63be3f71ef6ca07633bbc50b95 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 28 Dec 2017 14:08:37 -0700 Subject: Fix compile-time warnings --- libtac/lib/author_r.c | 1 + 1 file changed, 1 insertion(+) (limited to 'libtac') diff --git a/libtac/lib/author_r.c b/libtac/lib/author_r.c index 148f7ea..fa101e6 100644 --- a/libtac/lib/author_r.c +++ b/libtac/lib/author_r.c @@ -187,6 +187,7 @@ int tac_author_read(int fd, struct areply *re) { /* XXX support optional vs mandatory arguments */ case TAC_PLUS_AUTHOR_STATUS_PASS_REPL: tac_free_attrib(&re->attr); + /*FALLTHRU*/ case TAC_PLUS_AUTHOR_STATUS_PASS_ADD: { u_char *argp; -- cgit v1.2.3 From ec797c84701ccafbfcccb836f87a1160cf86ef4c Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Thu, 28 Dec 2017 14:10:24 -0700 Subject: linux/random.h doesn't actually declare getrandom() --- configure.ac | 4 ++-- libtac/lib/magic.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'libtac') diff --git a/configure.ac b/configure.ac index e34c769..b24f10d 100644 --- a/configure.ac +++ b/configure.ac @@ -47,8 +47,8 @@ esac dnl -------------------------------------------------------------------- dnl Checks for header files. AC_HEADER_STDC -AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h ]) -AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h linux/random.h sys/random.h]) +AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/socket.h sys/time.h]) +AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index a320df5..138c6d4 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -70,10 +70,10 @@ magic() #elif defined(HAVE_GETRANDOM) -# if defined(HAVE_LINUX_RANDOM_H) -# include -# elif defined(HAVE_SYS_RANDOM_H) +# if defined(HAVE_SYS_RANDOM_H) # include +# else +# error no header containing getrandom(2) declaration # endif /* -- cgit v1.2.3 From e12a75b717ac587bbc5814cbb7f2311be99998d8 Mon Sep 17 00:00:00 2001 From: Martin Belanger Date: Thu, 21 Dec 2017 14:59:52 -0500 Subject: RAND_pseudo_bytes() has been deprecated in OpenSSL 1.1.0. They tell us to use RAND_bytes() instead. Modified by Philip Prindeville --- configure.ac | 7 +++++-- libtac/lib/magic.c | 4 ++++ pam_tacplus.c | 4 ++++ tacc.c | 4 ++++ 4 files changed, 17 insertions(+), 2 deletions(-) (limited to 'libtac') diff --git a/configure.ac b/configure.ac index b24f10d..ac7c692 100644 --- a/configure.ac +++ b/configure.ac @@ -36,7 +36,10 @@ dnl Checks for libraries. AC_CHECK_LIB(pam, pam_start) AC_CHECK_LIB(tac, tac_connect) AC_CHECK_LIB(crypto, MD5_Init) -AC_CHECK_LIB(crypto, RAND_pseudo_bytes) +AC_CHECK_LIB(crypto, RAND_pseudo_bytes, + [AC_DEFINE([HAVE_RAND_PSEUDO_BYTES], [1], [Define to 1 if you have the `RAND_pseudo_bytes' function.])]) +AC_CHECK_LIB(crypto, RAND_bytes, + [AC_DEFINE([HAVE_RAND_BYTES], [1], [Define to 1 if you have the `RAND_bytes' function.])]) AC_CHECK_LIB(util, logwtmp) case "$host" in @@ -51,7 +54,7 @@ AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h str AC_CHECK_HEADERS([syslog.h unistd.h openssl/md5.h openssl/rand.h sys/random.h]) AC_CHECK_HEADER(security/pam_appl.h, [], [AC_MSG_ERROR([PAM libraries missing. Install with "yum install pam-devel" or "apt-get install libpam-dev".])] ) AM_CONDITIONAL(MY_MD5, [test "$ac_cv_header_openssl_md5_h" = "no" ]) -AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) +AM_CONDITIONAL(TACC, [test "$ac_cv_lib_crypto_RAND_bytes" = "yes" || test "$ac_cv_lib_crypto_RAND_pseudo_bytes" = "yes"]) dnl -------------------------------------------------------------------- dnl Checks for typedefs, structures, and compiler characteristics. diff --git a/libtac/lib/magic.c b/libtac/lib/magic.c index 138c6d4..97aa035 100644 --- a/libtac/lib/magic.c +++ b/libtac/lib/magic.c @@ -63,7 +63,11 @@ magic() { u_int32_t num; +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *)&num, sizeof(num)); +#else RAND_pseudo_bytes((unsigned char *)&num, sizeof(num)); +#endif return num; } diff --git a/pam_tacplus.c b/pam_tacplus.c index 198d096..19e2aca 100644 --- a/pam_tacplus.c +++ b/pam_tacplus.c @@ -711,7 +711,11 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t * pamh, int flags, int argc, const char **argv) { #if defined(HAVE_OPENSSL_RAND_H) && defined(HAVE_LIBCRYPTO) +# if defined(HAVE_RAND_BYTES) + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +# else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +# endif #else task_id=(short int) magic(); #endif diff --git a/tacc.c b/tacc.c index cba0229..5d0585c 100644 --- a/tacc.c +++ b/tacc.c @@ -319,7 +319,11 @@ int main(int argc, char **argv) { struct tac_attrib *attr = NULL; sprintf(buf, "%lu", time(0)); tac_add_attrib(&attr, "start_time", buf); +#ifdef HAVE_RAND_BYTES + RAND_bytes((unsigned char *) &task_id, sizeof(task_id)); +#else RAND_pseudo_bytes((unsigned char *) &task_id, sizeof(task_id)); +#endif sprintf(buf, "%hu", task_id); tac_add_attrib(&attr, "task_id", buf); tac_add_attrib(&attr, "service", service); -- cgit v1.2.3 From 22d1e39948304e5852325088cf04c74deba53fa4 Mon Sep 17 00:00:00 2001 From: Philip Prindeville Date: Sun, 31 Dec 2017 13:34:51 -0700 Subject: Fix 'unused' warnings when building with clang/llvm --- libtac/include/libtac.h | 12 ++++++++++++ support.c | 4 +--- tacc.c | 12 +++--------- 3 files changed, 16 insertions(+), 12 deletions(-) (limited to 'libtac') diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h index c872ff7..23cdc28 100644 --- a/libtac/include/libtac.h +++ b/libtac/include/libtac.h @@ -44,6 +44,18 @@ extern "C" { #endif #include "tacplus.h" +#if defined(__clang__) +#define __CLANG_PREREQ(maj, min) ((__clang_major__ > (maj)) || (__clang_major__ == (maj) && __clang_minor__ >= (min))) +#else +#define __CLANG_PREREQ(maj, min) (0) +#endif + +#if __GNUC_PREREQ(3, 2) || __CLANG_PREREQ(4, 0) +#define __Unused __attribute__ ((unused)) +#else +#define __Unused /* unused */ +#endif + #if defined(DEBUGTAC) && !defined(TACDEBUG) # ifdef __GNUC__ #define TACDEBUG(level, fmt, ...) syslog(level, fmt, ## __VA_ARGS__) diff --git a/support.c b/support.c index 2406b32..ad45580 100644 --- a/support.c +++ b/support.c @@ -109,14 +109,12 @@ int converse(pam_handle_t * pamh, int nargs, const struct pam_message *message, } /* stolen from pam_stress */ -int tacacs_get_password (pam_handle_t * pamh, int flags, +int tacacs_get_password (pam_handle_t * pamh, int flags __Unused, int ctrl, char **password) { const void *pam_pass; char *pass = NULL; - flags = flags; /* unused */ - if (ctrl & PAM_TAC_DEBUG) syslog (LOG_DEBUG, "%s: called", __FUNCTION__); diff --git a/tacc.c b/tacc.c index 5d0585c..2914c8a 100644 --- a/tacc.c +++ b/tacc.c @@ -444,9 +444,7 @@ int main(int argc, char **argv) { exit(EXIT_OK); } -void sighandler(int sig) { - sig = sig; /* unused */ - +void sighandler(int sig __Unused) { TACDEBUG(LOG_DEBUG, "caught signal %d", sig); } @@ -572,19 +570,15 @@ unsigned long getservername(char *serv) { return (-1); } -void timeout_handler(int signum) { - signum = signum; /* unused */ - +void timeout_handler(int signum __Unused) { syslog(LOG_ERR, "timeout reading password from user %s", user); } #ifdef TACDEBUG_AT_RUNTIME -void logmsg(int level, const char *fmt, ...) +void logmsg(int level __Unused, const char *fmt, ...) { va_list ap; - level = level; /* unused */ - va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); -- cgit v1.2.3