In passdb-pam.c, I found some bits about const with some PAM data types. Rather than check for each vendor of PAM, better to check for actual const usage ... some vendors have changed const-ness between releases. Also, actually testing constness is great for supporting new implementations that may come out.
Here is the autoconf test I use in pam_otp_auth:
--8<-- # Check PAM headers for brokenness otp_CFLAGS="$CFLAGS" # save CFLAGS="$CFLAGS $EXTRA_CFLAGS -Werror"
# Linux-PAM has (incorrectly) overdone const
AC_MSG_CHECKING(for extra const in PAM headers)
AC_TRY_COMPILE([#include
pam_get_item(pamh, PAM_SERVICE, (void **) &item);
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_GET_CONST="
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_GET_CONST=const"
])# Solaris PAM has (incorrectly) underdone const
AC_MSG_CHECKING(for missing const in PAM headers)
AC_TRY_COMPILE([#include
conv->conv(1, &msg, &resp, conv->appdata_ptr);
],
[
AC_MSG_RESULT(yes)
DEFINES="$DEFINES -DPAM_CONV_CONST="
],
[
AC_MSG_RESULT(no)
DEFINES="$DEFINES -DPAM_CONV_CONST=const"
])CFLAGS="$otp_CFLAGS" # restore --8<--
And then I do
pam_get_item(..., (PAM_GET_CONST void **) arg); pam_get_user(..., (PAM_GET_CONST void **) arg); conv(..., (PAM_CONV_CONST struct pam_message **) arg, ...);
-frank