diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c index 9a24278dd..1a9261905 100644 --- a/lib/gssapi/spnego/accept_sec_context.c +++ b/lib/gssapi/spnego/accept_sec_context.c @@ -557,7 +557,7 @@ mech_accept(OM_uint32 *minor_status, if (gss_oid_equal(ctx->selected_mech_type, GSS_NEGOEX_MECHANISM)) { ret = _gss_negoex_accept(minor_status, ctx, - (gss_cred_id_t)acceptor_cred_handle, + (gss_cred_id_t)rk_UNCONST(acceptor_cred_handle), input_token_buffer, input_chan_bindings, output_token, @@ -569,7 +569,7 @@ mech_accept(OM_uint32 *minor_status, ret = gss_accept_sec_context(minor_status, &ctx->negotiated_ctx_id, acceptor_cred_handle, - (gss_buffer_t)input_token_buffer, + (gss_buffer_t)rk_UNCONST(input_token_buffer), input_chan_bindings, &ctx->mech_src_name, &ctx->negotiated_mech_type, diff --git a/lib/gssapi/spnego/compat.c b/lib/gssapi/spnego/compat.c index 9a16c1fad..6a5be74e1 100644 --- a/lib/gssapi/spnego/compat.c +++ b/lib/gssapi/spnego/compat.c @@ -540,8 +540,9 @@ _gss_spnego_log_mech(const char *prefix, gss_const_OID oid) if (!_gss_mg_log_level(10)) return; + /* XXX gss_oid_to_str should take gss_const_OID */ if (oid == GSS_C_NO_OID || - gss_oid_to_str(&junk, (gss_OID)oid, &oidbuf) != GSS_S_COMPLETE) { + gss_oid_to_str(&junk, rk_UNCONST(oid), &oidbuf) != GSS_S_COMPLETE) { _gss_mg_log(10, "spnego: %s (null)", prefix); return; } diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c index f75bfe926..0259d1ff5 100644 --- a/lib/gssapi/spnego/context_stubs.c +++ b/lib/gssapi/spnego/context_stubs.c @@ -45,8 +45,8 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_process_context_token if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - context = (gss_ctx_id_t)context_handle; - ctx = (gssspnego_ctx)context_handle; + context = rk_UNCONST(context_handle); + ctx = (gssspnego_ctx)context; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); @@ -91,14 +91,14 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_context_time OM_uint32 *time_rec ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -117,7 +117,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic gss_buffer_t message_token ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -125,7 +125,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_get_mic return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -143,7 +143,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic gss_qop_t * qop_state ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -151,7 +151,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_verify_mic return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -174,7 +174,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap gss_buffer_t output_message_buffer ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -182,7 +182,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -206,7 +206,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap gss_qop_t * qop_state ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -214,7 +214,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_unwrap return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -240,7 +240,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context ( int * open_context ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; OM_uint32 maj_stat; *minor_status = 0; @@ -248,7 +248,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_context ( if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; @@ -278,7 +278,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit ( OM_uint32 * max_input_size ) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -286,7 +286,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_wrap_size_limit ( return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -314,7 +314,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_export_sec_context ( if (context_handle == NULL) return GSS_S_NO_CONTEXT; - ctx = (gssspnego_ctx)*context_handle; + ctx = (gssspnego_ctx)rk_UNCONST(*context_handle); if (ctx == NULL) return GSS_S_NO_CONTEXT; @@ -410,7 +410,7 @@ _gss_spnego_wrap_iov(OM_uint32 * minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gssspnego_ctx ctx = (gssspnego_ctx)context_handle; + gssspnego_const_ctx ctx = (gssspnego_const_ctx)context_handle; *minor_status = 0; @@ -430,7 +430,7 @@ _gss_spnego_unwrap_iov(OM_uint32 *minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gssspnego_ctx ctx = (gssspnego_ctx)context_handle; + gssspnego_const_ctx ctx = (gssspnego_const_ctx)context_handle; *minor_status = 0; @@ -452,7 +452,7 @@ _gss_spnego_wrap_iov_length(OM_uint32 * minor_status, gss_iov_buffer_desc *iov, int iov_count) { - gssspnego_ctx ctx = (gssspnego_ctx)context_handle; + gssspnego_const_ctx ctx = (gssspnego_const_ctx)context_handle; *minor_status = 0; @@ -470,7 +470,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token gss_const_ctx_id_t context_handle, gss_buffer_t input_message_buffer) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -478,7 +478,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_complete_auth_token return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -496,7 +496,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid const gss_OID desired_object, gss_buffer_set_t *data_set) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; @@ -504,7 +504,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_sec_context_by_oid return GSS_S_NO_CONTEXT; } - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -536,7 +536,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_set_sec_context_option if (context_handle == NULL || *context_handle == GSS_C_NO_CONTEXT) return GSS_S_UNAVAILABLE; - ctx = (gssspnego_ctx)*context_handle; + ctx = (gssspnego_ctx)rk_UNCONST(*context_handle); if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) { return GSS_S_NO_CONTEXT; @@ -557,14 +557,14 @@ _gss_spnego_pseudo_random(OM_uint32 *minor_status, ssize_t desired_output_len, gss_buffer_t prf_out) { - gssspnego_ctx ctx; + gssspnego_const_ctx ctx; *minor_status = 0; if (context_handle == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; - ctx = (gssspnego_ctx)context_handle; + ctx = (gssspnego_const_ctx)context_handle; if (ctx->negotiated_ctx_id == GSS_C_NO_CONTEXT) return GSS_S_NO_CONTEXT; diff --git a/lib/gssapi/spnego/init_sec_context.c b/lib/gssapi/spnego/init_sec_context.c index 12ec0ea41..f0a41aaef 100644 --- a/lib/gssapi/spnego/init_sec_context.c +++ b/lib/gssapi/spnego/init_sec_context.c @@ -307,7 +307,7 @@ spnego_initial(OM_uint32 * minor_status, sub = _gss_negoex_init(&minor, &sel, ctx, - (gss_cred_id_t)cred, + (gss_cred_id_t)rk_UNCONST(cred), req_flags, time_req, input_chan_bindings, @@ -551,7 +551,7 @@ spnego_reply(OM_uint32 * minor_status, ret = _gss_negoex_init(&minor, NULL, /* no optimistic token */ ctx, - (gss_cred_id_t)cred, + (gss_cred_id_t)rk_UNCONST(cred), req_flags, time_req, input_chan_bindings, diff --git a/lib/gssapi/spnego/negoex_ctx.c b/lib/gssapi/spnego/negoex_ctx.c index 3f8aa5c3e..25440bba9 100644 --- a/lib/gssapi/spnego/negoex_ctx.c +++ b/lib/gssapi/spnego/negoex_ctx.c @@ -611,7 +611,7 @@ verify_checksum(OM_uint32 *minor, iov[1].data.length = msg->offset_in_token; iov[2].flags = KRB5_CRYPTO_TYPE_CHECKSUM; - iov[2].data.data = (uint8_t *)msg->cksum; + iov[2].data.data = rk_UNCONST(msg->cksum); iov[2].data.length = msg->cksum_len; ret = krb5_verify_checksum_iov(context, mech->verify_crypto, usage, diff --git a/lib/gssapi/spnego/negoex_util.c b/lib/gssapi/spnego/negoex_util.c index f6bb499d8..d1c7af0d1 100644 --- a/lib/gssapi/spnego/negoex_util.c +++ b/lib/gssapi/spnego/negoex_util.c @@ -284,7 +284,7 @@ parse_exchange_message(OM_uint32 *minor, krb5_storage *sp, *minor = (OM_uint32)NEGOEX_INVALID_MESSAGE_SIZE; return GSS_S_DEFECTIVE_TOKEN; } - msg->token.value = (void *)p; + msg->token.value = rk_UNCONST(p); msg->token.length = len; return GSS_S_COMPLETE; @@ -923,7 +923,8 @@ _gss_negoex_add_auth_mech(OM_uint32 *minor, return GSS_S_FAILURE; } - major = gss_duplicate_oid(minor, (gss_OID)oid, &mech->oid); + /* XXX gss_duplicate_oid should take gss_const_OID */ + major = gss_duplicate_oid(minor, (gss_OID)rk_UNCONST(oid), &mech->oid); if (major != GSS_S_COMPLETE) { free(mech); return major; diff --git a/lib/gssapi/spnego/spnego_locl.h b/lib/gssapi/spnego/spnego_locl.h index e3434f252..199c44d1b 100644 --- a/lib/gssapi/spnego/spnego_locl.h +++ b/lib/gssapi/spnego/spnego_locl.h @@ -82,6 +82,7 @@ struct gssspnego_ctx_desc; typedef struct gssspnego_ctx_desc *gssspnego_ctx; +typedef const struct gssspnego_ctx_desc *gssspnego_const_ctx; typedef OM_uint32 (*gssspnego_initiator_state)(OM_uint32 * minor_status, @@ -150,7 +151,7 @@ struct gssspnego_optimistic_ctx { #include "spnego-private.h" static inline int -gssspnego_ctx_complete_p(gssspnego_ctx ctx) +gssspnego_ctx_complete_p(gssspnego_const_ctx ctx) { return ctx->flags.open && (ctx->flags.safe_omit || (ctx->flags.sent_mic && ctx->flags.verified_mic));