In passdb-pam.c, I found some bits about const with some PAM data types. Rather than check for each vendor of PAM, better to check for actual const usage ... some vendors have changed const-ness between releases. Also, actually testing constness is great for supporting new implementations that may come out.
Here is the autoconf test I use in pam_otp_auth:
--8<-- # Check PAM headers for brokenness otp_CFLAGS="$CFLAGS" # save CFLAGS="$CFLAGS $EXTRA_CFLAGS -Werror"
# Linux-PAM has (incorrectly) overdone const AC_MSG_CHECKING(for extra const in PAM headers) AC_TRY_COMPILE([#include <security/pam_appl.h>], [ pam_handle_t *pamh = NULL; char *item;
pam_get_item(pamh, PAM_SERVICE, (void **) &item);
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_GET_CONST="
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_GET_CONST=const"
])# Solaris PAM has (incorrectly) underdone const AC_MSG_CHECKING(for missing const in PAM headers) AC_TRY_COMPILE([#include <security/pam_appl.h>], [ struct pam_conv *conv = NULL; struct pam_message *msg; struct pam_response *resp;
conv->conv(1, &msg, &resp, conv->appdata_ptr);
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_CONV_CONST="
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_CONV_CONST=const"
])CFLAGS="$otp_CFLAGS" # restore --8<--
And then I do
pam_get_item(..., (PAM_GET_CONST void **) arg); pam_get_user(..., (PAM_GET_CONST void **) arg); conv(..., (PAM_CONV_CONST struct pam_message **) arg, ...);
-frank