In passdb-pam.c, I found some bits about const with some PAM data types.
Rather than check for each vendor of PAM, better to check for actual
const usage ... some vendors have changed const-ness between releases.
Also, actually testing constness is great for supporting new
implementations that may come out.
Here is the autoconf test I use in pam_otp_auth:
--8<--
# Check PAM headers for brokenness
otp_CFLAGS="$CFLAGS" # save
CFLAGS="$CFLAGS $EXTRA_CFLAGS -Werror"
# Linux-PAM has (incorrectly) overdone const
AC_MSG_CHECKING(for extra const in PAM headers)
AC_TRY_COMPILE([#include <security/pam_appl.h>],
[
pam_handle_t *pamh = NULL;
char *item;
pam_get_item(pamh, PAM_SERVICE, (void **) &item);
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_GET_CONST="
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_GET_CONST=const"
])
# Solaris PAM has (incorrectly) underdone const
AC_MSG_CHECKING(for missing const in PAM headers)
AC_TRY_COMPILE([#include <security/pam_appl.h>],
[
struct pam_conv *conv = NULL;
struct pam_message *msg;
struct pam_response *resp;
conv->conv(1, &msg, &resp, conv->appdata_ptr);
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_CONV_CONST="
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_CONV_CONST=const"
])
CFLAGS="$otp_CFLAGS" # restore
--8<--
And then I do
pam_get_item(..., (PAM_GET_CONST void **) arg);
pam_get_user(..., (PAM_GET_CONST void **) arg);
conv(..., (PAM_CONV_CONST struct pam_message **) arg, ...);
-frank