gssapi/krb5: Sprinkle some const, but mostly label unconst abuse.

2023-06-20 02:00:37 +00:00
parent d17fed0c7f
commit 80545251a0
16 changed files with 23 additions and 20 deletions
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -377,7 +377,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
    krb5_keytab keytab = NULL;
    int is_cfx = 0;
    int close_kt = 0;
-    const gsskrb5_cred acceptor_cred = (gsskrb5_cred)acceptor_cred_handle;
+    gsskrb5_const_cred acceptor_cred =
+	(gsskrb5_const_cred)acceptor_cred_handle;

    /*
     * We may, or may not, have an escapsulation.
--- a/lib/gssapi/krb5/authorize_localname.c
+++ b/lib/gssapi/krb5/authorize_localname.c
@@ -39,7 +39,7 @@ _gsskrb5_authorize_localname(OM_uint32 *minor_status,
                             gss_const_OID user_name_type)
 {
    krb5_context context;
-    krb5_principal princ = (krb5_principal)input_name;
+    krb5_const_principal princ = (krb5_const_principal)input_name;
    char *user;
    int user_ok;

@@ -58,7 +58,8 @@ _gsskrb5_authorize_localname(OM_uint32 *minor_status,
    user[user_name->length] = '\0';

    *minor_status = 0;
-    user_ok = krb5_kuserok(context, princ, user);
+    /* XXX krb5_kuserok should take krb5_const_principal */
+    user_ok = krb5_kuserok(context, rk_UNCONST(princ), user);

    free(user);

--- a/lib/gssapi/krb5/context_time.c
+++ b/lib/gssapi/krb5/context_time.c
@@ -72,7 +72,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_context_time
    krb5_context context;
    OM_uint32 endtime;
    OM_uint32 major_status;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+    gsskrb5_ctx ctx = rk_UNCONST(context_handle);

    GSSAPI_KRB5_INIT (&context);

--- a/lib/gssapi/krb5/duplicate_cred.c
+++ b/lib/gssapi/krb5/duplicate_cred.c
@@ -72,7 +72,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_duplicate_cred (

    *output_cred_handle = (gss_cred_id_t)dup; /* making sure to release on error */

-    cred = (gsskrb5_cred)input_cred_handle;
+    cred = rk_UNCONST(input_cred_handle);
    HEIMDAL_MUTEX_lock(&cred->cred_id_mutex);

    dup->destination_realm = NULL;
--- a/lib/gssapi/krb5/get_mic.c
+++ b/lib/gssapi/krb5/get_mic.c
@@ -42,7 +42,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_get_mic
           )
 {
  krb5_context context;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+  const gsskrb5_ctx ctx = rk_UNCONST(context_handle);
  krb5_keyblock *key;
  OM_uint32 ret;

--- a/lib/gssapi/krb5/gsskrb5_locl.h
+++ b/lib/gssapi/krb5/gsskrb5_locl.h
@@ -95,7 +95,7 @@ IS_DCE_STYLE(gsskrb5_ctx ctx)
  return (ctx->flags & GSS_C_DCE_STYLE) != 0;
 }

-typedef struct {
+typedef struct gsskrb5_cred {
  krb5_principal principal;
  char *destination_realm;  /* Realm of acceptor service, if delegated */
  int cred_flags;
@@ -109,6 +109,7 @@ typedef struct {
  HEIMDAL_MUTEX cred_id_mutex;
  krb5_enctype *enctypes;
 } *gsskrb5_cred;
+typedef const struct gsskrb5_cred *gsskrb5_const_cred;

 typedef struct Principal *gsskrb5_name;

--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -367,7 +367,7 @@ do_delegation (krb5_context context,
 static OM_uint32
 init_auth
 (OM_uint32 * minor_status,
- gsskrb5_cred cred,
+ gsskrb5_const_cred cred,
 gsskrb5_ctx ctx,
 krb5_context context,
 gss_const_name_t name,
@@ -478,7 +478,7 @@ failure:
 static OM_uint32
 init_auth_restart
 (OM_uint32 * minor_status,
- gsskrb5_cred cred,
+ gsskrb5_const_cred cred,
 gsskrb5_ctx ctx,
 krb5_context context,
 OM_uint32 req_flags,
@@ -875,7 +875,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
    )
 {
    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
+    gsskrb5_const_cred cred = (gsskrb5_const_cred)cred_handle;
    gsskrb5_ctx ctx;
    OM_uint32 ret;

--- a/lib/gssapi/krb5/inquire_context.c
+++ b/lib/gssapi/krb5/inquire_context.c
@@ -47,7 +47,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_context (
 {
    krb5_context context;
    OM_uint32 ret;
-    gsskrb5_ctx ctx = (gsskrb5_ctx)context_handle;
+    gsskrb5_ctx ctx = rk_UNCONST(context_handle);
    gss_name_t name;

    if (src_name)
--- a/lib/gssapi/krb5/inquire_cred.c
+++ b/lib/gssapi/krb5/inquire_cred.c
@@ -45,7 +45,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred
    krb5_context context;
    gss_cred_id_t aqcred_init = GSS_C_NO_CREDENTIAL;
    gss_cred_id_t aqcred_accept = GSS_C_NO_CREDENTIAL;
-    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
+    gsskrb5_cred cred = rk_UNCONST(cred_handle);
    gss_OID_set amechs = GSS_C_NO_OID_SET;
    gss_OID_set imechs = GSS_C_NO_OID_SET;
    OM_uint32 junk;
--- a/lib/gssapi/krb5/inquire_cred_by_oid.c
+++ b/lib/gssapi/krb5/inquire_cred_by_oid.c
@@ -39,7 +39,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_cred_by_oid
 	    gss_buffer_set_t *data_set)
 {
    krb5_context context;
-    gsskrb5_cred cred = (gsskrb5_cred)cred_handle;
+    gsskrb5_cred cred = rk_UNCONST(cred_handle);
    krb5_error_code ret;
    gss_buffer_desc buffer;
    char *str;
--- a/lib/gssapi/krb5/inquire_sec_context_by_oid.c
+++ b/lib/gssapi/krb5/inquire_sec_context_by_oid.c
@@ -533,7 +533,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_inquire_sec_context_by_oid
            gss_buffer_set_t *data_set)
 {
    krb5_context context;
-    const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+    const gsskrb5_ctx ctx = rk_UNCONST(context_handle);
    unsigned suffix;

    if (ctx == NULL) {
--- a/lib/gssapi/krb5/process_context_token.c
+++ b/lib/gssapi/krb5/process_context_token.c
@@ -49,7 +49,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
    GSSAPI_KRB5_INIT (&context);

    ret = _gsskrb5_verify_mic_internal(minor_status,
-				       (gsskrb5_ctx)context_handle,
+				       rk_UNCONST(context_handle),
 				       context,
 				       token_buffer, &empty_buffer,
 				       GSS_C_QOP_DEFAULT,
--- a/lib/gssapi/krb5/store_cred.c
+++ b/lib/gssapi/krb5/store_cred.c
@@ -203,7 +203,7 @@ _gsskrb5_store_cred_into2(OM_uint32         *minor_status,
 	return GSS_S_BAD_MECH;
    if (input_cred_handle == GSS_C_NO_CREDENTIAL)
 	return GSS_S_CALL_INACCESSIBLE_READ;
-    input_cred = (gsskrb5_cred)input_cred_handle;
+    input_cred = rk_UNCONST(input_cred_handle);

    /* Sanity check the input_cred */
    if (input_cred->usage != cred_usage && input_cred->usage != GSS_C_BOTH) {
--- a/lib/gssapi/krb5/unwrap.c
+++ b/lib/gssapi/krb5/unwrap.c
@@ -45,7 +45,7 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_unwrap
  krb5_keyblock *key;
  krb5_context context;
  OM_uint32 ret;
-  gsskrb5_ctx ctx = (gsskrb5_ctx) context_handle;
+  gsskrb5_ctx ctx = rk_UNCONST(context_handle);

  output_message_buffer->value = NULL;
  output_message_buffer->length = 0;
--- a/lib/gssapi/krb5/verify_mic.c
+++ b/lib/gssapi/krb5/verify_mic.c
@@ -104,7 +104,7 @@ _gsskrb5_verify_mic
 	*qop_state = GSS_C_QOP_DEFAULT;

    ret = _gsskrb5_verify_mic_internal(minor_status,
-				       (gsskrb5_ctx)context_handle,
+				       rk_UNCONST(context_handle),
 				       context,
 				       message_buffer, token_buffer,
 				       qop_state, (void *)(intptr_t)"\x01\x01");
--- a/lib/gssapi/krb5/wrap.c
+++ b/lib/gssapi/krb5/wrap.c
@@ -147,7 +147,7 @@ _gsskrb5_wrap_size_limit (
  krb5_context context;
  krb5_keyblock *key;
  OM_uint32 ret;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+  const gsskrb5_ctx ctx = rk_UNCONST(context_handle);

  GSSAPI_KRB5_INIT (&context);

@@ -207,7 +207,7 @@ _gsskrb5_wrap
  krb5_context context;
  krb5_keyblock *key;
  OM_uint32 ret;
-  const gsskrb5_ctx ctx = (const gsskrb5_ctx) context_handle;
+  const gsskrb5_ctx ctx = rk_UNCONST(context_handle);

  output_message_buffer->value = NULL;
  output_message_buffer->length = 0;