krb5: Sprinkle const and rk_UNCONST to pacify -Wwrite-strings.

Mostly for read-only iov or krb5_data.

lib/krb5/aname_to_localname.c

@@ -222,7 +222,7 @@ an2ln_local_names(krb5_context context,
  */
 static krb5_error_code
 an2ln_default(krb5_context context,
-	      char *rule,
+	      const char *rule,
 	      krb5_const_principal aname,
 	      size_t lnsize, char *lname)
 {

lib/krb5/crypto-aes-sha2.c

@@ -160,7 +160,7 @@ AES_SHA2_PRF(krb5_context context,
     if (ret)
 	return ret;
 
-    label.data = "prf";
+    label.data = rk_UNCONST("prf");
     label.length = 3;
 
     ret = krb5_data_alloc(out, EVP_MD_size(md));

lib/krb5/dcache.c

@@ -146,7 +146,7 @@ set_default_cache(krb5_context context, krb5_dcache *dc, const char *residual)
 
     iov[0].iov_base = rk_UNCONST(residual);
     iov[0].iov_len = len;
-    iov[1].iov_base = "\n";
+    iov[1].iov_base = rk_UNCONST("\n");
     iov[1].iov_len = 1;
 
     if (writev(fd, iov, sizeof(iov)/sizeof(iov[0])) != len + 1) {

lib/krb5/init_creds_pw.c

@@ -1802,9 +1802,10 @@ enc_chal_step(krb5_context context,
 
     krb5_crypto_getenctype(context, ctx->fast_state.armor_crypto, &aenctype);
 
-    pepper1.data = rep ? "kdcchallengearmor" : "clientchallengearmor";
+    pepper1.data =
+	rk_UNCONST(rep ? "kdcchallengearmor" : "clientchallengearmor");
     pepper1.length = strlen(pepper1.data);
-    pepper2.data = "challengelongterm";
+    pepper2.data = rk_UNCONST("challengelongterm");
     pepper2.length = strlen(pepper2.data);
 
     ret = krb5_crypto_fx_cf2(context, ctx->fast_state.armor_crypto, crypto,

lib/krb5/kx509.c

@@ -517,10 +517,10 @@ store_kx509_disabled(krb5_context context, const char *realm, krb5_ccache cc)
     if (!cc)
         return;
 
-    data.data = (void *)(uintptr_t)realm;
+    data.data = rk_UNCONST(realm);
     data.length = strlen(realm);
     krb5_cc_set_config(context, cc, NULL, "kx509_service_realm", &data);
-    data.data = "disabled";
+    data.data = rk_UNCONST("disabled");
     data.length = strlen(data.data);
     krb5_cc_set_config(context, cc, NULL, "kx509_service_status", &data);
 }

lib/krb5/pac.c

@@ -590,7 +590,8 @@ static const struct {
     uint32_t type;
     krb5_data name;
 } pac_buffer_name_map[] = {
-#define PAC_MAP_ENTRY(type, name) { PAC_##type, { sizeof(name) - 1, name } }
+#define PAC_MAP_ENTRY(type, name) \
+    { PAC_##type, { sizeof(name) - 1, rk_UNCONST(name) } }
     PAC_MAP_ENTRY(LOGON_INFO,		    "logon-info"	),
     PAC_MAP_ENTRY(CREDENTIALS_INFO,	    "credentials-info"  ),
     PAC_MAP_ENTRY(SERVER_CHECKSUM,	    "server-checksum"   ),

lib/krb5/pkinit.c

@@ -1592,8 +1592,8 @@ _krb5_pk_kx_confirm(krb5_context context,
     krb5_crypto rk_crypto = NULL;
     size_t len;
     krb5_data data;
-    krb5_data p1 = { sizeof("PKINIT") - 1, "PKINIT" };
-    krb5_data p2 = { sizeof("KEYEXCHANGE") - 1, "KEYEXCHANGE" };
+    krb5_data p1 = { sizeof("PKINIT") - 1, rk_UNCONST("PKINIT") };
+    krb5_data p2 = { sizeof("KEYEXCHANGE") - 1, rk_UNCONST("KEYEXCHANGE") };
 
     heim_assert(ctx != NULL, "PKINIT context is non-NULL");
     heim_assert(reply_key != NULL, "reply key is non-NULL");

lib/krb5/principal.c

@@ -1432,7 +1432,8 @@ krb5_sname_to_principal(krb5_context context,
 			int32_t type,
 			krb5_principal *ret_princ)
 {
-    char *realm, *remote_host;
+    const char *realm;
+    char *remote_host;
     krb5_error_code ret;
     register char *cp;
     char localname[MAXHOSTNAMELEN];

lib/krb5/sp800-108-kdf.c

@@ -89,7 +89,7 @@ _krb5_SP800_108_HMAC_KDF(krb5_context context,
 	_krb5_put_int(tmp, i + 1, 4);
 	EVP_MAC_update(ctx, tmp, 4);
 	EVP_MAC_update(ctx, kdf_label->data, kdf_label->length);
-	EVP_MAC_update(ctx, (unsigned char *)"", 1);
+	EVP_MAC_update(ctx, (unsigned char *)rk_UNCONST(""), 1);
 	if (kdf_context)
 	    EVP_MAC_update(ctx, kdf_context->data, kdf_context->length);
 	_krb5_put_int(tmp, L * 8, 4);