diff --git a/admin/add.c b/admin/add.c index 16216db4f..802782ffc 100644 --- a/admin/add.c +++ b/admin/add.c @@ -113,7 +113,7 @@ kt_add(struct add_options *opt, int argc, char **argv) goto out; } - if (hex_decode(opt->password_string, data, len) != len) { + if ((size_t)hex_decode(opt->password_string, data, len) != len) { free(data); krb5_warn(context, ENOMEM, "hex decode failed"); goto out; diff --git a/admin/get.c b/admin/get.c index ee96e5eeb..b4f808c28 100644 --- a/admin/get.c +++ b/admin/get.c @@ -90,7 +90,8 @@ kt_get(struct get_options *opt, int argc, char **argv) void *kadm_handle = NULL; krb5_enctype *etypes = NULL; size_t netypes = 0; - int i, j; + size_t i; + int a, j; unsigned int failed = 0; if((keytab = ktutil_open_keytab()) == NULL) @@ -120,7 +121,7 @@ kt_get(struct get_options *opt, int argc, char **argv) } - for(i = 0; i < argc; i++){ + for(a = 0; a < argc; a++){ krb5_principal princ_ent; kadm5_principal_ent_rec princ; int mask = 0; @@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv) int created = 0; krb5_keytab_entry entry; - ret = krb5_parse_name(context, argv[i], &princ_ent); + ret = krb5_parse_name(context, argv[a], &princ_ent); if (ret) { - krb5_warn(context, ret, "can't parse principal %s", argv[i]); + krb5_warn(context, ret, "can't parse principal %s", argv[a]); failed++; continue; } @@ -161,14 +162,14 @@ kt_get(struct get_options *opt, int argc, char **argv) if(ret == 0) created = 1; else if(ret != KADM5_DUP) { - krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]); krb5_free_principal(context, princ_ent); failed++; continue; } ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); if (ret) { - krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]); krb5_free_principal(context, princ_ent); failed++; continue; @@ -177,7 +178,7 @@ kt_get(struct get_options *opt, int argc, char **argv) ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); if (ret) { - krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]); for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); @@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv) continue; } if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) - krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); + krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); mask = KADM5_ATTRIBUTES; if(created) { @@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv) } ret = kadm5_modify_principal(kadm_handle, &princ, mask); if (ret) { - krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]); + krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]); for (j = 0; j < n_keys; j++) krb5_free_keyblock_contents(context, &keys[j]); krb5_free_principal(context, princ_ent); @@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv) int do_add = TRUE; if (netypes) { - int k; + size_t k; do_add = FALSE; for (k = 0; k < netypes; ++k) diff --git a/admin/ktutil.c b/admin/ktutil.c index 756c595f5..5e154214a 100644 --- a/admin/ktutil.c +++ b/admin/ktutil.c @@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + char shelp[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = shelp; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/admin/list.c b/admin/list.c index 1dec14627..d2f082a96 100644 --- a/admin/list.c +++ b/admin/list.c @@ -113,7 +113,7 @@ do_list(struct list_options *opt, const char *keytab_str) rtbl_add_column_entry_by_id(table, 3, buf); } if(opt->keys_flag) { - int i; + size_t i; s = malloc(2 * entry.keyblock.keyvalue.length + 1); if (s == NULL) { krb5_warnx(context, "malloc failed"); diff --git a/base/dict.c b/base/dict.c index 7522c8c1c..7b30865f3 100644 --- a/base/dict.c +++ b/base/dict.c @@ -77,7 +77,7 @@ struct heim_type_data dict_object = { static size_t isprime(size_t p) { - int q, i; + size_t q, i; for(i = 2 ; i < p; i++) { q = p / i; diff --git a/kadmin/ank.c b/kadmin/ank.c index abb564a8f..0b7ebc027 100644 --- a/kadmin/ank.c +++ b/kadmin/ank.c @@ -39,21 +39,21 @@ */ static krb5_error_code -get_default (kadm5_server_context *context, +get_default (kadm5_server_context *contextp, krb5_principal princ, kadm5_principal_ent_t default_ent) { krb5_error_code ret; krb5_principal def_principal; - krb5_const_realm realm = krb5_principal_get_realm(context->context, princ); + krb5_const_realm realm = krb5_principal_get_realm(contextp->context, princ); - ret = krb5_make_principal (context->context, &def_principal, + ret = krb5_make_principal (contextp->context, &def_principal, realm, "default", NULL); if (ret) return ret; - ret = kadm5_get_principal (context, def_principal, default_ent, + ret = kadm5_get_principal (contextp, def_principal, default_ent, KADM5_PRINCIPAL_NORMAL_MASK); - krb5_free_principal (context->context, def_principal); + krb5_free_principal (contextp->context, def_principal); return ret; } diff --git a/kadmin/check.c b/kadmin/check.c index a9a915664..b5a03854a 100644 --- a/kadmin/check.c +++ b/kadmin/check.c @@ -86,7 +86,7 @@ do_check_entry(krb5_principal principal, void *data) ret = krb5_enctype_keysize(context, princ.key_data[i].key_data_type[0], &keysize); - if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) { + if (ret == 0 && keysize != (size_t)princ.key_data[i].key_data_length[0]) { krb5_warnx(context, "Principal %s enctype %d, wrong length: %lu\n", name, princ.key_data[i].key_data_type[0], diff --git a/kadmin/kadm_conn.c b/kadmin/kadm_conn.c index aaaa37962..e959d0362 100644 --- a/kadmin/kadm_conn.c +++ b/kadmin/kadm_conn.c @@ -43,12 +43,12 @@ struct kadm_port { } *kadm_ports; static void -add_kadm_port(krb5_context context, const char *service, unsigned int port) +add_kadm_port(krb5_context contextp, const char *service, unsigned int port) { struct kadm_port *p; p = malloc(sizeof(*p)); if(p == NULL) { - krb5_warnx(context, "failed to allocate %lu bytes\n", + krb5_warnx(contextp, "failed to allocate %lu bytes\n", (unsigned long)sizeof(*p)); return; } @@ -61,9 +61,9 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port) } static void -add_standard_ports (krb5_context context) +add_standard_ports (krb5_context contextp) { - add_kadm_port(context, "kerberos-adm", 749); + add_kadm_port(contextp, "kerberos-adm", 749); } /* @@ -73,15 +73,15 @@ add_standard_ports (krb5_context context) */ void -parse_ports(krb5_context context, const char *str) +parse_ports(krb5_context contextp, const char *str) { char p[128]; while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) { if(strcmp(p, "+") == 0) - add_standard_ports(context); + add_standard_ports(contextp); else - add_kadm_port(context, p, 0); + add_kadm_port(contextp, p, 0); } } @@ -120,10 +120,11 @@ terminate(int sig) } static int -spawn_child(krb5_context context, int *socks, +spawn_child(krb5_context contextp, int *socks, unsigned int num_socks, int this_sock) { - int e, i; + int e; + size_t i; struct sockaddr_storage __ss; struct sockaddr *sa = (struct sockaddr *)&__ss; socklen_t sa_size = sizeof(__ss); @@ -135,20 +136,20 @@ spawn_child(krb5_context context, int *socks, s = accept(socks[this_sock], sa, &sa_size); if(rk_IS_BAD_SOCKET(s)) { - krb5_warn(context, rk_SOCK_ERRNO, "accept"); + krb5_warn(contextp, rk_SOCK_ERRNO, "accept"); return 1; } - e = krb5_sockaddr2address(context, sa, &addr); + e = krb5_sockaddr2address(contextp, sa, &addr); if(e) - krb5_warn(context, e, "krb5_sockaddr2address"); + krb5_warn(contextp, e, "krb5_sockaddr2address"); else { e = krb5_print_address (&addr, buf, sizeof(buf), &buf_len); if(e) - krb5_warn(context, e, "krb5_print_address"); + krb5_warn(contextp, e, "krb5_print_address"); else - krb5_warnx(context, "connection from %s", buf); - krb5_free_address(context, &addr); + krb5_warnx(contextp, "connection from %s", buf); + krb5_free_address(contextp, &addr); } pid = fork(); @@ -167,7 +168,7 @@ spawn_child(krb5_context context, int *socks, } static void -wait_for_connection(krb5_context context, +wait_for_connection(krb5_context contextp, krb5_socket_t *socks, unsigned int num_socks) { unsigned int i; @@ -200,13 +201,13 @@ wait_for_connection(krb5_context context, e = select(max_fd + 1, &read_set, NULL, NULL, NULL); if(rk_IS_SOCKET_ERROR(e)) { if(rk_SOCK_ERRNO != EINTR) - krb5_warn(context, rk_SOCK_ERRNO, "select"); + krb5_warn(contextp, rk_SOCK_ERRNO, "select"); } else if(e == 0) - krb5_warnx(context, "select returned 0"); + krb5_warnx(contextp, "select returned 0"); else { for(i = 0; i < num_socks; i++) { if(FD_ISSET(socks[i], &read_set)) - if(spawn_child(context, socks, num_socks, i) == 0) + if(spawn_child(contextp, socks, num_socks, i) == 0) return; } } @@ -221,7 +222,7 @@ wait_for_connection(krb5_context context, void -start_server(krb5_context context, const char *port_str) +start_server(krb5_context contextp, const char *port_str) { int e; struct kadm_port *p; @@ -233,7 +234,7 @@ start_server(krb5_context context, const char *port_str) if (port_str == NULL) port_str = "+"; - parse_ports(context, port_str); + parse_ports(contextp, port_str); for(p = kadm_ports; p; p = p->next) { struct addrinfo hints, *ai, *ap; @@ -249,7 +250,7 @@ start_server(krb5_context context, const char *port_str) } if(e) { - krb5_warn(context, krb5_eai_to_heim_errno(e, errno), + krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno), "%s", portstr); continue; } @@ -258,7 +259,7 @@ start_server(krb5_context context, const char *port_str) i++; tmp = realloc(socks, (num_socks + i) * sizeof(*socks)); if(tmp == NULL) { - krb5_warnx(context, "failed to reallocate %lu bytes", + krb5_warnx(contextp, "failed to reallocate %lu bytes", (unsigned long)(num_socks + i) * sizeof(*socks)); continue; } @@ -266,7 +267,7 @@ start_server(krb5_context context, const char *port_str) for(ap = ai; ap; ap = ap->ai_next) { krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); if(rk_IS_BAD_SOCKET(s)) { - krb5_warn(context, rk_SOCK_ERRNO, "socket"); + krb5_warn(contextp, rk_SOCK_ERRNO, "socket"); continue; } @@ -274,12 +275,12 @@ start_server(krb5_context context, const char *port_str) socket_set_ipv6only(s, 1); if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) { - krb5_warn(context, rk_SOCK_ERRNO, "bind"); + krb5_warn(contextp, rk_SOCK_ERRNO, "bind"); rk_closesocket(s); continue; } if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) { - krb5_warn(context, rk_SOCK_ERRNO, "listen"); + krb5_warn(contextp, rk_SOCK_ERRNO, "listen"); rk_closesocket(s); continue; } @@ -288,7 +289,7 @@ start_server(krb5_context context, const char *port_str) freeaddrinfo (ai); } if(num_socks == 0) - krb5_errx(context, 1, "no sockets to listen to - exiting"); + krb5_errx(contextp, 1, "no sockets to listen to - exiting"); - wait_for_connection(context, socks, num_socks); + wait_for_connection(contextp, socks, num_socks); } diff --git a/kadmin/kadmin.c b/kadmin/kadmin.c index 1548359a5..30ad9814d 100644 --- a/kadmin/kadmin.c +++ b/kadmin/kadmin.c @@ -52,9 +52,9 @@ static getarg_strings policy_libraries = { 0, NULL }; static struct getargs args[] = { { "principal", 'p', arg_string, &client_name, - "principal to authenticate as" }, + "principal to authenticate as", NULL }, { "keytab", 'K', arg_string, &keytab, - "keytab for authentication principal" }, + "keytab for authentication principal", NULL }, { "config-file", 'c', arg_string, &config_file, "location of config file", "file" @@ -75,7 +75,8 @@ static struct getargs args[] = { "server-port", 's', arg_integer, &server_port, "port to use", "port number" }, - { "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, + { "ad", 0, arg_flag, &ad_flag, "active directory admin mode", + NULL }, #ifdef HAVE_DLOPEN { "check-library", 0, arg_string, &check_library, "library to load password check function from", "library" }, @@ -84,9 +85,9 @@ static struct getargs args[] = { { "policy-libraries", 0, arg_strings, &policy_libraries, "password check function to load", "function" }, #endif - { "local", 'l', arg_flag, &local_flag, "local admin mode" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kadmin/kadmind.c b/kadmin/kadmind.c index f6bff9004..4708d0f6e 100644 --- a/kadmin/kadmind.c +++ b/kadmin/kadmind.c @@ -37,7 +37,8 @@ static char *check_library = NULL; static char *check_function = NULL; static getarg_strings policy_libraries = { 0, NULL }; static char *config_file; -static char *keytab_str = "HDB:"; +static char sHDB[] = "HDB:"; +static char *keytab_str = sHDB; static int help_flag; static int version_flag; static int debug_flag; @@ -65,12 +66,12 @@ static struct getargs args[] = { "password check function to load", "function" }, #endif { "debug", 'd', arg_flag, &debug_flag, - "enable debugging" + "enable debugging", NULL }, { "ports", 'p', arg_string, &port_str, "ports to listen to", "port" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kadmin/load.c b/kadmin/load.c index db5b2bb4d..e1913cb2d 100644 --- a/kadmin/load.c +++ b/kadmin/load.c @@ -153,7 +153,7 @@ parse_keys(hdb_entry *ent, char *str) krb5_error_code ret; int tmp; char *p; - int i; + size_t i; p = strsep(&str, ":"); if (sscanf(p, "%d", &tmp) != 1) diff --git a/kadmin/mod.c b/kadmin/mod.c index d0c2d681e..7fa222a00 100644 --- a/kadmin/mod.c +++ b/kadmin/mod.c @@ -55,7 +55,7 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data) } static void -add_constrained_delegation(krb5_context context, +add_constrained_delegation(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { @@ -81,13 +81,13 @@ add_constrained_delegation(krb5_context context, ext.data.u.allowed_to_delegate_to.len = strings->num_strings; for (i = 0; i < strings->num_strings; i++) { - ret = krb5_parse_name(context, strings->strings[i], &p); + ret = krb5_parse_name(contextp, strings->strings[i], &p); if (ret) abort(); ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]); if (ret) abort(); - krb5_free_principal(context, p); + krb5_free_principal(contextp, p); } } @@ -103,7 +103,7 @@ add_constrained_delegation(krb5_context context, } static void -add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, +add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { krb5_error_code ret; @@ -128,9 +128,9 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, ext.data.u.aliases.aliases.len = strings->num_strings; for (i = 0; i < strings->num_strings; i++) { - ret = krb5_parse_name(context, strings->strings[i], &p); + ret = krb5_parse_name(contextp, strings->strings[i], &p); ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]); - krb5_free_principal(context, p); + krb5_free_principal(contextp, p); } } @@ -146,7 +146,7 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, } static void -add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ, +add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ, struct getarg_strings *strings) { krb5_error_code ret; diff --git a/kadmin/rpc.c b/kadmin/rpc.c index 1f28d8fac..cd68c9a01 100644 --- a/kadmin/rpc.c +++ b/kadmin/rpc.c @@ -161,7 +161,7 @@ parse_name(const unsigned char *p, size_t len, static void -gss_error(krb5_context context, +gss_error(krb5_context contextp, gss_OID mech, OM_uint32 type, OM_uint32 error) { OM_uint32 new_stat; @@ -176,7 +176,7 @@ gss_error(krb5_context context, mech, &msg_ctx, &status_string); - krb5_warnx(context, "%.*s", + krb5_warnx(contextp, "%.*s", (int)status_string.length, (char *)status_string.value); gss_release_buffer (&new_stat, &status_string); @@ -184,11 +184,11 @@ gss_error(krb5_context context, } static void -gss_print_errors (krb5_context context, +gss_print_errors (krb5_context contextp, OM_uint32 maj_stat, OM_uint32 min_stat) { - gss_error(context, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat); - gss_error(context, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat); + gss_error(contextp, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat); + gss_error(contextp, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat); } static int @@ -204,10 +204,10 @@ read_data(krb5_storage *sp, krb5_storage *msg, size_t len) tlen = sizeof(buf); slen = krb5_storage_read(sp, buf, tlen); - INSIST(slen == tlen); + INSIST((size_t)slen == tlen); slen = krb5_storage_write(msg, buf, tlen); - INSIST(slen == tlen); + INSIST((size_t)slen == tlen); len -= tlen; } @@ -252,7 +252,7 @@ store_data_xdr(krb5_storage *sp, krb5_data data) static const char zero[4] = { 0, 0, 0, 0 }; ret = krb5_storage_write(sp, zero, res); - if(ret != res) + if((size_t)ret != res) return (ret < 0)? errno : krb5_storage_get_eof_code(sp); } return 0; @@ -273,7 +273,7 @@ ret_data_xdr(krb5_storage *sp, krb5_data *data) res = 4 - (data->length % 4); if (res != 4) { ret = krb5_storage_read(sp, buf, res); - if(ret != res) + if((size_t)ret != res) return (ret < 0)? errno : krb5_storage_get_eof_code(sp); } } @@ -362,19 +362,19 @@ ret_string_xdr(krb5_storage *sp, char **str) } static int -store_principal_xdr(krb5_context context, +store_principal_xdr(krb5_context contextp, krb5_storage *sp, krb5_principal p) { char *str; - CHECK(krb5_unparse_name(context, p, &str)); + CHECK(krb5_unparse_name(contextp, p, &str)); CHECK(store_string_xdr(sp, str)); free(str); return 0; } static int -ret_principal_xdr(krb5_context context, +ret_principal_xdr(krb5_context contextp, krb5_storage *sp, krb5_principal *p) { @@ -382,27 +382,27 @@ ret_principal_xdr(krb5_context context, *p = NULL; CHECK(ret_string_xdr(sp, &str)); if (str) { - CHECK(krb5_parse_name(context, str, p)); + CHECK(krb5_parse_name(contextp, str, p)); free(str); } return 0; } static int -store_principal_ent(krb5_context context, +store_principal_ent(krb5_context contextp, krb5_storage *sp, kadm5_principal_ent_rec *ent) { - size_t i; + int i; - CHECK(store_principal_xdr(context, sp, ent->principal)); + CHECK(store_principal_xdr(contextp, sp, ent->principal)); CHECK(krb5_store_uint32(sp, ent->princ_expire_time)); CHECK(krb5_store_uint32(sp, ent->pw_expiration)); CHECK(krb5_store_uint32(sp, ent->last_pwd_change)); CHECK(krb5_store_uint32(sp, ent->max_life)); CHECK(krb5_store_int32(sp, ent->mod_name == NULL)); if (ent->mod_name) - CHECK(store_principal_xdr(context, sp, ent->mod_name)); + CHECK(store_principal_xdr(contextp, sp, ent->mod_name)); CHECK(krb5_store_uint32(sp, ent->mod_date)); CHECK(krb5_store_uint32(sp, ent->attributes)); CHECK(krb5_store_uint32(sp, ent->kvno)); @@ -443,7 +443,7 @@ store_principal_ent(krb5_context context, } static int -ret_principal_ent(krb5_context context, +ret_principal_ent(krb5_context contextp, krb5_storage *sp, kadm5_principal_ent_rec *ent) { @@ -452,7 +452,7 @@ ret_principal_ent(krb5_context context, memset(ent, 0, sizeof(*ent)); - CHECK(ret_principal_xdr(context, sp, &ent->principal)); + CHECK(ret_principal_xdr(contextp, sp, &ent->principal)); CHECK(krb5_ret_uint32(sp, &flag)); ent->princ_expire_time = flag; CHECK(krb5_ret_uint32(sp, &flag)); @@ -463,7 +463,7 @@ ret_principal_ent(krb5_context context, ent->max_life = flag; CHECK(krb5_ret_uint32(sp, &flag)); if (flag == 0) - ret_principal_xdr(context, sp, &ent->mod_name); + ret_principal_xdr(contextp, sp, &ent->mod_name); CHECK(krb5_ret_uint32(sp, &flag)); ent->mod_date = flag; CHECK(krb5_ret_uint32(sp, &flag)); @@ -508,13 +508,13 @@ ret_principal_ent(krb5_context context, count++; } - INSIST(ent->n_tl_data == count); + INSIST((size_t)ent->n_tl_data == count); } else { INSIST(ent->n_tl_data == 0); } CHECK(krb5_ret_uint32(sp, &num)); - INSIST(num == ent->n_key_data); + INSIST(num == (uint32_t)ent->n_key_data); ent->key_data = calloc(num, sizeof(ent->key_data[0])); INSIST(ent->key_data != NULL); @@ -538,7 +538,7 @@ ret_principal_ent(krb5_context context, */ static void -proc_create_principal(kadm5_server_context *context, +proc_create_principal(kadm5_server_context *contextp, krb5_storage *in, krb5_storage *out) { @@ -551,30 +551,30 @@ proc_create_principal(kadm5_server_context *context, CHECK(krb5_ret_uint32(in, &version)); INSIST(version == VERSION2); - CHECK(ret_principal_ent(context->context, in, &ent)); + CHECK(ret_principal_ent(contextp->context, in, &ent)); CHECK(krb5_ret_uint32(in, &mask)); CHECK(ret_string_xdr(in, &password)); INSIST(ent.principal); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, ent.principal); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal); if (ret) goto fail; - ret = kadm5_create_principal(context, &ent, mask, password); + ret = kadm5_create_principal(contextp, &ent, mask, password); fail: - krb5_warn(context->context, ret, "create principal"); + krb5_warn(contextp->context, ret, "create principal"); CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, ret)); /* code */ free(password); - kadm5_free_principal_ent(context, &ent); + kadm5_free_principal_ent(contextp, &ent); } static void -proc_delete_principal(kadm5_server_context *context, +proc_delete_principal(kadm5_server_context *contextp, krb5_storage *in, krb5_storage *out) { @@ -584,24 +584,24 @@ proc_delete_principal(kadm5_server_context *context, CHECK(krb5_ret_uint32(in, &version)); INSIST(version == VERSION2); - CHECK(ret_principal_xdr(context->context, in, &princ)); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); if (ret) goto fail; - ret = kadm5_delete_principal(context, princ); + ret = kadm5_delete_principal(contextp, princ); fail: - krb5_warn(context->context, ret, "delete principal"); + krb5_warn(contextp->context, ret, "delete principal"); CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, ret)); /* code */ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); } static void -proc_get_principal(kadm5_server_context *context, +proc_get_principal(kadm5_server_context *contextp, krb5_storage *in, krb5_storage *out) { @@ -614,29 +614,29 @@ proc_get_principal(kadm5_server_context *context, CHECK(krb5_ret_uint32(in, &version)); INSIST(version == VERSION2); - CHECK(ret_principal_xdr(context->context, in, &princ)); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); CHECK(krb5_ret_uint32(in, &mask)); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); if(ret) goto fail; - ret = kadm5_get_principal(context, princ, &ent, mask); + ret = kadm5_get_principal(contextp, princ, &ent, mask); fail: - krb5_warn(context->context, ret, "get principal principal"); + krb5_warn(contextp->context, ret, "get principal principal"); CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, ret)); /* code */ if (ret == 0) { - CHECK(store_principal_ent(context->context, out, &ent)); + CHECK(store_principal_ent(contextp->context, out, &ent)); } - krb5_free_principal(context->context, princ); - kadm5_free_principal_ent(context, &ent); + krb5_free_principal(contextp->context, princ); + kadm5_free_principal_ent(contextp, &ent); } static void -proc_chrand_principal_v2(kadm5_server_context *context, +proc_chrand_principal_v2(kadm5_server_context *contextp, krb5_storage *in, krb5_storage *out) { @@ -648,36 +648,36 @@ proc_chrand_principal_v2(kadm5_server_context *context, CHECK(krb5_ret_uint32(in, &version)); INSIST(version == VERSION2); - CHECK(ret_principal_xdr(context->context, in, &princ)); + CHECK(ret_principal_xdr(contextp->context, in, &princ)); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) goto fail; - ret = kadm5_randkey_principal(context, princ, + ret = kadm5_randkey_principal(contextp, princ, &new_keys, &n_keys); fail: - krb5_warn(context->context, ret, "rand key principal"); + krb5_warn(contextp->context, ret, "rand key principal"); CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, ret)); if (ret == 0) { - size_t i; + int i; CHECK(krb5_store_int32(out, n_keys)); for(i = 0; i < n_keys; i++){ CHECK(krb5_store_uint32(out, new_keys[i].keytype)); CHECK(store_data_xdr(out, new_keys[i].keyvalue)); - krb5_free_keyblock_contents(context->context, &new_keys[i]); + krb5_free_keyblock_contents(contextp->context, &new_keys[i]); } free(new_keys); } - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); } static void -proc_init(kadm5_server_context *context, +proc_init(kadm5_server_context *contextp, krb5_storage *in, krb5_storage *out) { @@ -687,7 +687,7 @@ proc_init(kadm5_server_context *context, } struct krb5_proc { - char *name; + const char *name; void (*func)(kadm5_server_context *, krb5_storage *, krb5_storage *); } procs[] = { { "NULL", NULL }, @@ -723,7 +723,7 @@ copyheader(krb5_storage *sp, krb5_data *data) off = krb5_storage_seek(sp, 0, SEEK_CUR); CHECK(krb5_data_alloc(data, off)); - INSIST(off == data->length); + INSIST((size_t)off == data->length); krb5_storage_seek(sp, 0, SEEK_SET); sret = krb5_storage_read(sp, data->data, data->length); INSIST(sret == off); @@ -741,7 +741,7 @@ struct gctx { }; static int -process_stream(krb5_context context, +process_stream(krb5_context contextp, unsigned char *buf, size_t ilen, krb5_storage *sp) { @@ -792,7 +792,7 @@ process_stream(krb5_context context, if (ilen < 4) { memcpy(tmp, buf, ilen); slen = krb5_storage_read(sp, tmp + ilen, sizeof(tmp) - ilen); - INSIST(slen == sizeof(tmp) - ilen); + INSIST((size_t)slen == sizeof(tmp) - ilen); ilen = sizeof(tmp); buf = tmp; @@ -809,12 +809,12 @@ process_stream(krb5_context context, if (ilen) { if (len < ilen) { slen = krb5_storage_write(msg, buf, len); - INSIST(slen == len); + INSIST((size_t)slen == len); ilen -= len; len = 0; } else { slen = krb5_storage_write(msg, buf, ilen); - INSIST(slen == ilen); + INSIST((size_t)slen == ilen); len -= ilen; } } @@ -824,14 +824,14 @@ process_stream(krb5_context context, if (!last_fragment) { ret = collect_framents(sp, msg); if (ret == HEIM_ERR_EOF) - krb5_errx(context, 0, "client disconnected"); + krb5_errx(contextp, 0, "client disconnected"); INSIST(ret == 0); } } else { ret = collect_framents(sp, msg); if (ret == HEIM_ERR_EOF) - krb5_errx(context, 0, "client disconnected"); + krb5_errx(contextp, 0, "client disconnected"); INSIST(ret == 0); } krb5_storage_seek(msg, 0, SEEK_SET); @@ -873,7 +873,7 @@ process_stream(krb5_context context, krb5_data data; int conf_state; uint32_t seq; - krb5_storage *sp; + krb5_storage *sp1; INSIST(gcred.service == rpg_privacy); @@ -892,10 +892,10 @@ process_stream(krb5_context context, INSIST(maj_stat == GSS_S_COMPLETE); INSIST(conf_state != 0); - sp = krb5_storage_from_mem(gout.value, gout.length); - INSIST(sp != NULL); + sp1 = krb5_storage_from_mem(gout.value, gout.length); + INSIST(sp1 != NULL); - CHECK(krb5_ret_uint32(sp, &seq)); + CHECK(krb5_ret_uint32(sp1, &seq)); INSIST (seq == gcred.seq_num); /* @@ -905,19 +905,19 @@ process_stream(krb5_context context, gctx.seq_num = seq; /* - * If context is setup, priv data have the seq_num stored + * If contextp is setup, priv data have the seq_num stored * first in the block, so add it here before users data is * added. */ CHECK(krb5_store_uint32(dreply, gctx.seq_num)); if (chdr.proc >= sizeof(procs)/sizeof(procs[0])) { - krb5_warnx(context, "proc number out of array"); + krb5_warnx(contextp, "proc number out of array"); } else if (procs[chdr.proc].func == NULL) { - krb5_warnx(context, "proc '%s' never implemented", + krb5_warnx(contextp, "proc '%s' never implemented", procs[chdr.proc].name); } else { - krb5_warnx(context, "proc %s", procs[chdr.proc].name); + krb5_warnx(contextp, "proc %s", procs[chdr.proc].name); INSIST(server_handle != NULL); (*procs[chdr.proc].func)(server_handle, sp, dreply); } @@ -957,29 +957,29 @@ process_stream(krb5_context context, NULL, NULL); if (GSS_ERROR(maj_stat)) { - gss_print_errors(context, maj_stat, min_stat); - krb5_errx(context, 1, "gss error, exit"); + gss_print_errors(contextp, maj_stat, min_stat); + krb5_errx(contextp, 1, "gss error, exit"); } if ((maj_stat & GSS_S_CONTINUE_NEEDED) == 0) { kadm5_config_params realm_params; - gss_buffer_desc buf; + gss_buffer_desc bufp; char *client; gctx.done = 1; memset(&realm_params, 0, sizeof(realm_params)); - maj_stat = gss_export_name(&min_stat, src_name, &buf); + maj_stat = gss_export_name(&min_stat, src_name, &bufp); INSIST(maj_stat == GSS_S_COMPLETE); - CHECK(parse_name(buf.value, buf.length, + CHECK(parse_name(bufp.value, bufp.length, GSS_KRB5_MECHANISM, &client)); - gss_release_buffer(&min_stat, &buf); + gss_release_buffer(&min_stat, &bufp); - krb5_warnx(context, "%s connected", client); + krb5_warnx(contextp, "%s connected", client); - ret = kadm5_s_init_with_password_ctx(context, + ret = kadm5_s_init_with_password_ctx(contextp, client, NULL, KADM5_ADMIN_SERVICE, @@ -1002,9 +1002,9 @@ process_stream(krb5_context context, break; } case RPG_DESTROY: - krb5_errx(context, 1, "client destroyed gss context"); + krb5_errx(contextp, 1, "client destroyed gss contextp"); default: - krb5_errx(context, 1, "client sent unknown gsscode %d", + krb5_errx(contextp, 1, "client sent unknown gsscode %d", (int)gcred.proc); } @@ -1026,7 +1026,7 @@ process_stream(krb5_context context, CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */ CHECK(krb5_storage_to_data(dreply, &data)); - INSIST(krb5_storage_write(reply, data.data, data.length) == data.length); + INSIST((size_t)krb5_storage_write(reply, data.data, data.length) == data.length); krb5_data_free(&data); } else { @@ -1054,7 +1054,7 @@ process_stream(krb5_context context, ssize_t sret; gctx.inprogress = 0; sret = krb5_storage_write(reply, data.data, data.length); - INSIST(sret == data.length); + INSIST((size_t)sret == data.length); krb5_data_free(&data); } else { int conf_state; @@ -1082,7 +1082,7 @@ process_stream(krb5_context context, CHECK(krb5_storage_to_data(reply, &data)); CHECK(krb5_store_uint32(sp, data.length | LAST_FRAGMENT)); sret = krb5_storage_write(sp, data.data, data.length); - INSIST(sret == data.length); + INSIST((size_t)sret == data.length); krb5_data_free(&data); } @@ -1091,16 +1091,16 @@ process_stream(krb5_context context, int -handle_mit(krb5_context context, void *buf, size_t len, krb5_socket_t sock) +handle_mit(krb5_context contextp, void *buf, size_t len, krb5_socket_t sock) { krb5_storage *sp; - dcontext = context; + dcontext = contextp; sp = krb5_storage_from_fd(sock); INSIST(sp != NULL); - process_stream(context, buf, len, sp); + process_stream(contextp, buf, len, sp); return 0; } diff --git a/kadmin/server.c b/kadmin/server.c index 33d8839d1..e9e70ae2c 100644 --- a/kadmin/server.c +++ b/kadmin/server.c @@ -35,14 +35,14 @@ #include static kadm5_ret_t -kadmind_dispatch(void *kadm_handle, krb5_boolean initial, +kadmind_dispatch(void *kadm_handlep, krb5_boolean initial, krb5_data *in, krb5_data *out) { kadm5_ret_t ret; int32_t cmd, mask, tmp; - kadm5_server_context *context = kadm_handle; + kadm5_server_context *contextp = kadm_handlep; char client[128], name[128], name2[128]; - char *op = ""; + const char *op = ""; krb5_principal princ, princ2; kadm5_principal_ent_rec ent; char *password, *expression; @@ -52,12 +52,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, int n_princs; krb5_storage *sp; - krb5_unparse_name_fixed(context->context, context->caller, + krb5_unparse_name_fixed(contextp->context, contextp->caller, client, sizeof(client)); sp = krb5_storage_from_data(in); if (sp == NULL) - krb5_errx(context->context, 1, "out of memory"); + krb5_errx(contextp->context, 1, "out of memory"); krb5_ret_int32(sp, &cmd); switch(cmd){ @@ -68,26 +68,26 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } mask |= KADM5_PRINCIPAL; - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_get_principal(kadm_handle, princ, &ent, mask); + ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); if(ret == 0){ kadm5_store_principal_ent(sp, &ent); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handlep, &ent); } - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); break; } case kadm_delete:{ @@ -95,15 +95,15 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, ret = krb5_ret_principal(sp, &princ); if(ret) goto fail; - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_delete_principal(kadm_handle, princ); - krb5_free_principal(context->context, princ); + ret = kadm5_delete_principal(kadm_handlep, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -116,28 +116,28 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); goto fail; } ret = krb5_ret_string(sp, &password); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); goto fail; } - krb5_unparse_name_fixed(context->context, ent.principal, + krb5_unparse_name_fixed(contextp->context, ent.principal, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal); if(ret){ - kadm5_free_principal_ent(context->context, &ent); + kadm5_free_principal_ent(contextp->context, &ent); memset(password, 0, strlen(password)); free(password); goto fail; } - ret = kadm5_create_principal(kadm_handle, &ent, + ret = kadm5_create_principal(kadm_handlep, &ent, mask, password); - kadm5_free_principal_ent(kadm_handle, &ent); + kadm5_free_principal_ent(kadm_handlep, &ent); memset(password, 0, strlen(password)); free(password); krb5_storage_free(sp); @@ -152,20 +152,20 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &mask); if(ret){ - kadm5_free_principal_ent(context, &ent); + kadm5_free_principal_ent(contextp, &ent); goto fail; } - krb5_unparse_name_fixed(context->context, ent.principal, + krb5_unparse_name_fixed(contextp->context, ent.principal, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY, + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_MODIFY, ent.principal); if(ret){ - kadm5_free_principal_ent(context, &ent); + kadm5_free_principal_ent(contextp, &ent); goto fail; } - ret = kadm5_modify_principal(kadm_handle, &ent, mask); - kadm5_free_principal_ent(kadm_handle, &ent); + ret = kadm5_modify_principal(kadm_handlep, &ent, mask); + kadm5_free_principal_ent(kadm_handlep, &ent); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -178,27 +178,27 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_principal(sp, &princ2); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2)); - krb5_warnx(context->context, "%s: %s %s -> %s", + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_unparse_name_fixed(contextp->context, princ2, name2, sizeof(name2)); + krb5_warnx(contextp->context, "%s: %s %s -> %s", client, op, name, name2); - ret = _kadm5_acl_check_permission(context, + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, princ2) - || _kadm5_acl_check_permission(context, + || _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ); if(ret){ - krb5_free_principal(context->context, princ); - krb5_free_principal(context->context, princ2); + krb5_free_principal(contextp->context, princ); + krb5_free_principal(contextp->context, princ2); goto fail; } - ret = kadm5_rename_principal(kadm_handle, princ, princ2); - krb5_free_principal(context->context, princ); - krb5_free_principal(context->context, princ2); + ret = kadm5_rename_principal(kadm_handlep, princ, princ2); + krb5_free_principal(contextp->context, princ); + krb5_free_principal(contextp->context, princ2); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -211,11 +211,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_string(sp, &password); if(ret){ - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is allowed if at least one of: @@ -227,7 +227,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, */ if (initial - && krb5_principal_compare (context->context, context->caller, + && krb5_principal_compare (contextp->context, contextp->caller, princ)) { krb5_data pwd_data; @@ -236,23 +236,23 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, pwd_data.data = password; pwd_data.length = strlen(password); - pwd_reason = kadm5_check_password_quality (context->context, + pwd_reason = kadm5_check_password_quality (contextp->context, princ, &pwd_data); if (pwd_reason != NULL) ret = KADM5_PASS_Q_DICT; else ret = 0; } else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); memset(password, 0, strlen(password)); free(password); goto fail; } - ret = kadm5_chpass_principal(kadm_handle, princ, password); - krb5_free_principal(context->context, princ); + ret = kadm5_chpass_principal(kadm_handlep, princ, password); + krb5_free_principal(contextp->context, princ); memset(password, 0, strlen(password)); free(password); krb5_storage_free(sp); @@ -271,21 +271,21 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; ret = krb5_ret_int32(sp, &n_key_data); if (ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } /* n_key_data will be squeezed into an int16_t below. */ if (n_key_data < 0 || n_key_data >= 1 << 16 || - n_key_data > UINT_MAX/sizeof(*key_data)) { + (size_t)n_key_data > UINT_MAX/sizeof(*key_data)) { ret = ERANGE; - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } key_data = malloc (n_key_data * sizeof(*key_data)); if (key_data == NULL && n_key_data != 0) { ret = ENOMEM; - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } @@ -294,38 +294,38 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, if (ret) { int16_t dummy = i; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } } - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is only allowed if the user is on the CPW ACL, * this it to force password quality check on the user. */ - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { int16_t dummy = n_key_data; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_chpass_principal_with_key(kadm_handle, princ, + ret = kadm5_chpass_principal_with_key(kadm_handlep, princ, n_key_data, key_data); { int16_t dummy = n_key_data; - kadm5_free_key_data (context, &dummy, key_data); + kadm5_free_key_data (contextp, &dummy, key_data); } free (key_data); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -336,8 +336,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, ret = krb5_ret_principal(sp, &princ); if(ret) goto fail; - krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); - krb5_warnx(context->context, "%s: %s %s", client, op, name); + krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name)); + krb5_warnx(contextp->context, "%s: %s %s", client, op, name); /* * The change is allowed if at least one of: * a) it's for the principal him/herself and this was an initial ticket @@ -345,19 +345,19 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, */ if (initial - && krb5_principal_compare (context->context, context->caller, + && krb5_principal_compare (contextp->context, contextp->caller, princ)) ret = 0; else - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ); if(ret) { - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); goto fail; } - ret = kadm5_randkey_principal(kadm_handle, princ, + ret = kadm5_randkey_principal(kadm_handlep, princ, &new_keys, &n_keys); - krb5_free_principal(context->context, princ); + krb5_free_principal(contextp->context, princ); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -366,7 +366,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_store_int32(sp, n_keys); for(i = 0; i < n_keys; i++){ krb5_store_keyblock(sp, new_keys[i]); - krb5_free_keyblock_contents(context->context, &new_keys[i]); + krb5_free_keyblock_contents(contextp->context, &new_keys[i]); } free(new_keys); } @@ -374,7 +374,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, } case kadm_get_privs:{ uint32_t privs; - ret = kadm5_get_privs(kadm_handle, &privs); + ret = kadm5_get_privs(kadm_handlep, &privs); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, ret); @@ -393,14 +393,14 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, goto fail; }else expression = NULL; - krb5_warnx(context->context, "%s: %s %s", client, op, + krb5_warnx(contextp->context, "%s: %s %s", client, op, expression ? expression : "*"); - ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL); + ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_LIST, NULL); if(ret){ free(expression); goto fail; } - ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs); + ret = kadm5_get_principals(kadm_handlep, expression, &princs, &n_princs); free(expression); krb5_storage_free(sp); sp = krb5_storage_emem(); @@ -410,12 +410,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_store_int32(sp, n_princs); for(i = 0; i < n_princs; i++) krb5_store_string(sp, princs[i]); - kadm5_free_name_list(kadm_handle, princs, &n_princs); + kadm5_free_name_list(kadm_handlep, princs, &n_princs); } break; } default: - krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd); + krb5_warnx(contextp->context, "%s: UNKNOWN OP %d", client, cmd); krb5_storage_free(sp); sp = krb5_storage_emem(); krb5_store_int32(sp, KADM5_FAILURE); @@ -425,7 +425,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial, krb5_storage_free(sp); return 0; fail: - krb5_warn(context->context, ret, "%s", op); + krb5_warn(contextp->context, ret, "%s", op); krb5_storage_seek(sp, 0, SEEK_SET); krb5_store_int32(sp, ret); krb5_storage_to_data(sp, out); @@ -434,10 +434,10 @@ fail: } static void -v5_loop (krb5_context context, +v5_loop (krb5_context contextp, krb5_auth_context ac, krb5_boolean initial, - void *kadm_handle, + void *kadm_handlep, krb5_socket_t fd) { krb5_error_code ret; @@ -447,17 +447,17 @@ v5_loop (krb5_context context, doing_useful_work = 0; if(term_flag) exit(0); - ret = krb5_read_priv_message(context, ac, &fd, &in); + ret = krb5_read_priv_message(contextp, ac, &fd, &in); if(ret == HEIM_ERR_EOF) exit(0); if(ret) - krb5_err(context, 1, ret, "krb5_read_priv_message"); + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); doing_useful_work = 1; - kadmind_dispatch(kadm_handle, initial, &in, &out); + kadmind_dispatch(kadm_handlep, initial, &in, &out); krb5_data_free(&in); - ret = krb5_write_priv_message(context, ac, &fd, &out); + ret = krb5_write_priv_message(contextp, ac, &fd, &out); if(ret) - krb5_err(context, 1, ret, "krb5_write_priv_message"); + krb5_err(contextp, 1, ret, "krb5_write_priv_message"); } } @@ -467,12 +467,13 @@ match_appl_version(const void *data, const char *appl_version) unsigned minor; if(sscanf(appl_version, "KADM0.%u", &minor) != 1) return 0; - *(unsigned*)data = minor; + /*XXX*/ + *(unsigned*)(intptr_t)data = minor; return 1; } static void -handle_v5(krb5_context context, +handle_v5(krb5_context contextp, krb5_keytab keytab, krb5_socket_t fd) { @@ -480,29 +481,29 @@ handle_v5(krb5_context context, krb5_ticket *ticket; char *server_name; char *client; - void *kadm_handle; + void *kadm_handlep; krb5_boolean initial; krb5_auth_context ac = NULL; unsigned kadm_version; kadm5_config_params realm_params; - ret = krb5_recvauth_match_version(context, &ac, &fd, + ret = krb5_recvauth_match_version(contextp, &ac, &fd, match_appl_version, &kadm_version, NULL, KRB5_RECVAUTH_IGNORE_VERSION, keytab, &ticket); if(ret == KRB5_KT_NOTFOUND) - krb5_errx(context, 1, "krb5_recvauth: key not found"); + krb5_errx(contextp, 1, "krb5_recvauth: key not found"); if(ret) - krb5_err(context, 1, ret, "krb5_recvauth"); + krb5_err(contextp, 1, ret, "krb5_recvauth"); - ret = krb5_unparse_name (context, ticket->server, &server_name); + ret = krb5_unparse_name (contextp, ticket->server, &server_name); if (ret) - krb5_err (context, 1, ret, "krb5_unparse_name"); + krb5_err (contextp, 1, ret, "krb5_unparse_name"); if (strncmp (server_name, KADM5_ADMIN_SERVICE, strlen(KADM5_ADMIN_SERVICE)) != 0) - krb5_errx (context, 1, "ticket for strange principal (%s)", + krb5_errx (contextp, 1, "ticket for strange principal (%s)", server_name); free (server_name); @@ -511,31 +512,31 @@ handle_v5(krb5_context context, if(kadm_version == 1) { krb5_data params; - ret = krb5_read_priv_message(context, ac, &fd, ¶ms); + ret = krb5_read_priv_message(contextp, ac, &fd, ¶ms); if(ret) - krb5_err(context, 1, ret, "krb5_read_priv_message"); - _kadm5_unmarshal_params(context, ¶ms, &realm_params); + krb5_err(contextp, 1, ret, "krb5_read_priv_message"); + _kadm5_unmarshal_params(contextp, ¶ms, &realm_params); } initial = ticket->ticket.flags.initial; - ret = krb5_unparse_name(context, ticket->client, &client); + ret = krb5_unparse_name(contextp, ticket->client, &client); if (ret) - krb5_err (context, 1, ret, "krb5_unparse_name"); - krb5_free_ticket (context, ticket); - ret = kadm5_s_init_with_password_ctx(context, + krb5_err (contextp, 1, ret, "krb5_unparse_name"); + krb5_free_ticket (contextp, ticket); + ret = kadm5_s_init_with_password_ctx(contextp, client, NULL, KADM5_ADMIN_SERVICE, &realm_params, 0, 0, - &kadm_handle); + &kadm_handlep); if(ret) - krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); - v5_loop (context, ac, initial, kadm_handle, fd); + krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx"); + v5_loop (contextp, ac, initial, kadm_handlep, fd); } krb5_error_code -kadmind_loop(krb5_context context, +kadmind_loop(krb5_context contextp, krb5_keytab keytab, krb5_socket_t sock) { @@ -543,30 +544,30 @@ kadmind_loop(krb5_context context, ssize_t n; unsigned long len; - n = krb5_net_read(context, &sock, buf, 4); + n = krb5_net_read(contextp, &sock, buf, 4); if(n == 0) exit(0); if(n < 0) - krb5_err(context, 1, errno, "read"); + krb5_err(contextp, 1, errno, "read"); _krb5_get_int(buf, &len, 4); if (len == sizeof(KRB5_SENDAUTH_VERSION)) { - n = krb5_net_read(context, &sock, buf + 4, len); + n = krb5_net_read(contextp, &sock, buf + 4, len); if (n < 0) - krb5_err (context, 1, errno, "reading sendauth version"); + krb5_err (contextp, 1, errno, "reading sendauth version"); if (n == 0) - krb5_errx (context, 1, "EOF reading sendauth version"); + krb5_errx (contextp, 1, "EOF reading sendauth version"); if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) { - handle_v5(context, keytab, sock); + handle_v5(contextp, keytab, sock); return 0; } len += 4; } else len = 4; - handle_mit(context, buf, len, sock); + handle_mit(contextp, buf, len, sock); return 0; } diff --git a/kdc/config.c b/kdc/config.c index 40d858bf0..65c6c0192 100644 --- a/kdc/config.c +++ b/kdc/config.c @@ -74,30 +74,31 @@ static struct getargs args[] = { }, { "require-preauth", 'p', arg_negative_flag, &require_preauth, - "don't require pa-data in as-reqs" + "don't require pa-data in as-reqs", NULL }, { "max-request", 0, arg_string, &max_request_str, "max size for a kdc-request", "size" }, - { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, + { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support", + NULL }, { "524", 0, arg_negative_flag, &enable_524, - "don't respond to 524 requests" + "don't respond to 524 requests", NULL }, { "kaserver", 'K', arg_flag, &enable_kaserver, - "enable kaserver support" + "enable kaserver support", NULL }, { "kerberos4", 0, arg_flag, &enable_v4, - "respond to kerberos 4 requests" + "respond to kerberos 4 requests", NULL }, { "v4-realm", 'r', arg_string, &v4_realm, - "realm to serve v4-requests for" + "realm to serve v4-requests for", NULL }, { "kerberos4-cross-realm", 0, arg_flag, &enable_v4_cross_realm, - "respond to kerberos 4 requests from foreign realms" + "respond to kerberos 4 requests from foreign realms", NULL }, { "ports", 'P', arg_string, rk_UNCONST(&port_str), "ports to listen to", "portspec" @@ -106,29 +107,29 @@ static struct getargs args[] = { #if DETACH_IS_DEFAULT { "detach", 'D', arg_negative_flag, &detach_from_console, - "don't detach from console" + "don't detach from console", NULL }, #else { "detach", 0 , arg_flag, &detach_from_console, - "detach from console" + "detach from console", NULL }, #endif #endif { "addresses", 0, arg_strings, &addresses_str, "addresses to listen on", "list of addresses" }, { "disable-des", 0, arg_flag, &disable_des, - "disable DES" }, + "disable DES", NULL }, { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag, - "list builtin hdb backends"}, + "list builtin hdb backends", NULL}, { "runas-user", 0, arg_string, &runas_string, - "run as this user when connected to network" + "run as this user when connected to network", NULL }, { "chroot", 0, arg_string, &chroot_string, - "chroot directory to run in" + "chroot directory to run in", NULL }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kdc/connect.c b/kdc/connect.c index 873628639..c6f668245 100644 --- a/kdc/connect.c +++ b/kdc/connect.c @@ -60,7 +60,7 @@ struct port_desc{ /* the current ones */ static struct port_desc *ports; -static int num_ports; +static size_t num_ports; /* * add `family, port, protocol' to the list with duplicate suppresion. @@ -71,7 +71,7 @@ add_port(krb5_context context, int family, int port, const char *protocol) { int type; - int i; + size_t i; if(strcmp(protocol, "udp") == 0) type = SOCK_DGRAM; @@ -324,7 +324,7 @@ init_sockets(krb5_context context, struct descr **desc) { krb5_error_code ret; - int i, j; + size_t i, j; struct descr *d; int num = 0; krb5_addresses addresses; @@ -478,7 +478,7 @@ handle_udp(krb5_context context, struct descr *d) { unsigned char *buf; - int n; + ssize_t n; buf = malloc(max_request_udp); if(buf == NULL){ @@ -493,7 +493,7 @@ handle_udp(krb5_context context, else { addr_to_string (context, d->sa, d->sock_len, d->addr_string, sizeof(d->addr_string)); - if (n == max_request_udp) { + if ((size_t)n == max_request_udp) { krb5_data data; krb5_warn(context, errno, "recvfrom: truncated packet from %s, asking for TCP", @@ -754,7 +754,7 @@ handle_http_tcp (krb5_context context, return -1; } } - if (len > d->len) + if ((size_t)len > d->len) len = d->len; memcpy(d->buf, data, len); d->len = len; @@ -864,7 +864,7 @@ loop(krb5_context context, fd_set fds; int min_free = -1; int max_fd = 0; - int i; + size_t i; FD_ZERO(&fds); for(i = 0; i < ndescr; i++) { @@ -886,7 +886,7 @@ loop(krb5_context context, #endif #endif FD_SET(d[i].s, &fds); - } else if(min_free < 0 || i < min_free) + } else if(min_free < 0 || i < (size_t)min_free) min_free = i; } if(min_free == -1){ diff --git a/kdc/digest-service.c b/kdc/digest-service.c index 1ba423bac..8fa3b104a 100644 --- a/kdc/digest-service.c +++ b/kdc/digest-service.c @@ -63,7 +63,7 @@ ntlm_service(void *ctx, const heim_idata *req, NTLMReply ntp; size_t size; int ret; - char *domain; + const char *domain; kdc_log(context, config, 1, "digest-request: uid=%d", (int)heim_ipc_cred_get_uid(cred)); @@ -184,13 +184,13 @@ ntlm_service(void *ctx, const heim_idata *req, free(answer.data); { - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctxp; - ctx = EVP_MD_CTX_create(); - EVP_DigestInit_ex(ctx, EVP_md4(), NULL); - EVP_DigestUpdate(ctx, key->key.keyvalue.data, key->key.keyvalue.length); - EVP_DigestFinal_ex(ctx, sessionkey, NULL); - EVP_MD_CTX_destroy(ctx); + ctxp = EVP_MD_CTX_create(); + EVP_DigestInit_ex(ctxp, EVP_md4(), NULL); + EVP_DigestUpdate(ctxp, key->key.keyvalue.data, key->key.keyvalue.length); + EVP_DigestFinal_ex(ctxp, sessionkey, NULL); + EVP_MD_CTX_destroy(ctxp); } } @@ -218,8 +218,8 @@ static int help_flag; static int version_flag; static struct getargs args[] = { - { "help", 'h', arg_flag, &help_flag }, - { "version", 'v', arg_flag, &version_flag } + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 'v', arg_flag, &version_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kdc/digest.c b/kdc/digest.c index 70b45c2af..617f12e68 100644 --- a/kdc/digest.c +++ b/kdc/digest.c @@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context, /* check the server principal in the ticket matches digest/R@R */ { krb5_principal principal = NULL; - const char *p, *r; + const char *p, *rr; ret = krb5_ticket_get_server(context, ticket, &principal); if (ret) @@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context, krb5_free_principal(context, principal); goto out; } - r = krb5_principal_get_realm(context, principal); - if (r == NULL) { + rr = krb5_principal_get_realm(context, principal); + if (rr == NULL) { krb5_free_principal(context, principal); goto out; } - if (strcmp(p, r) != 0) { + if (strcmp(p, rr) != 0) { krb5_free_principal(context, principal); goto out; } @@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context, EVP_MD_CTX *ctx; unsigned char md[MD5_DIGEST_LENGTH]; char *mdx; - char id; + char idx; if ((config->digests_allowed & CHAP_MD5) == 0) { kdc_log(context, config, 0, "Digest CHAP MD5 not allowed"); @@ -630,7 +630,7 @@ _kdc_do_digest(krb5_context context, goto out; } - if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { + if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) { ret = EINVAL; krb5_set_error_message(context, ret, "failed to decode identifier"); goto out; @@ -645,7 +645,7 @@ _kdc_do_digest(krb5_context context, ctx = EVP_MD_CTX_create(); EVP_DigestInit_ex(ctx, EVP_md5(), NULL); - EVP_DigestUpdate(ctx, &id, 1); + EVP_DigestUpdate(ctx, &idx, 1); EVP_DigestUpdate(ctx, password, strlen(password)); EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); EVP_DigestFinal_ex(ctx, md, NULL); @@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context, const char *username; struct ntlm_buf answer; Key *key = NULL; - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctp; if ((config->digests_allowed & MS_CHAP_V2) == 0) { kdc_log(context, config, 0, "MS-CHAP-V2 not allowed"); @@ -831,10 +831,10 @@ _kdc_do_digest(krb5_context context, else username++; - ctx = EVP_MD_CTX_create(); + ctp = EVP_MD_CTX_create(); /* ChallangeHash */ - EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); + EVP_DigestInit_ex(ctp, EVP_sha1(), NULL); { ssize_t ssize; krb5_data clientNonce; @@ -845,7 +845,7 @@ _kdc_do_digest(krb5_context context, ret = ENOMEM; krb5_set_error_message(context, ret, "malloc: out of memory"); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctp); goto out; } @@ -855,18 +855,18 @@ _kdc_do_digest(krb5_context context, ret = ENOMEM; krb5_set_error_message(context, ret, "Failed to decode clientNonce"); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctp); goto out; } - EVP_DigestUpdate(ctx, clientNonce.data, ssize); + EVP_DigestUpdate(ctp, clientNonce.data, ssize); free(clientNonce.data); } - EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); - EVP_DigestUpdate(ctx, username, strlen(username)); + EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length); + EVP_DigestUpdate(ctp, username, strlen(username)); - EVP_DigestFinal_ex(ctx, challange, NULL); + EVP_DigestFinal_ex(ctp, challange, NULL); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctp); /* NtPasswordHash */ ret = krb5_parse_name(context, username, &clientprincipal); @@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context, if (r.u.response.success) { unsigned char hashhash[MD4_DIGEST_LENGTH]; - EVP_MD_CTX *ctx; + EVP_MD_CTX *ctxp; - ctx = EVP_MD_CTX_create(); + ctxp = EVP_MD_CTX_create(); /* hashhash */ { - EVP_DigestInit_ex(ctx, EVP_md4(), NULL); - EVP_DigestUpdate(ctx, + EVP_DigestInit_ex(ctxp, EVP_md4(), NULL); + EVP_DigestUpdate(ctxp, key->key.keyvalue.data, key->key.keyvalue.length); - EVP_DigestFinal_ex(ctx, hashhash, NULL); + EVP_DigestFinal_ex(ctxp, hashhash, NULL); } /* GenerateAuthenticatorResponse */ - EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); - EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash)); - EVP_DigestUpdate(ctx, answer.data, answer.length); - EVP_DigestUpdate(ctx, ms_chap_v2_magic1, + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash)); + EVP_DigestUpdate(ctxp, answer.data, answer.length); + EVP_DigestUpdate(ctxp, ms_chap_v2_magic1, sizeof(ms_chap_v2_magic1)); - EVP_DigestFinal_ex(ctx, md, NULL); + EVP_DigestFinal_ex(ctxp, md, NULL); - EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); - EVP_DigestUpdate(ctx, md, sizeof(md)); - EVP_DigestUpdate(ctx, challange, 8); - EVP_DigestUpdate(ctx, ms_chap_v2_magic2, + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, md, sizeof(md)); + EVP_DigestUpdate(ctxp, challange, 8); + EVP_DigestUpdate(ctxp, ms_chap_v2_magic2, sizeof(ms_chap_v2_magic2)); - EVP_DigestFinal_ex(ctx, md, NULL); + EVP_DigestFinal_ex(ctxp, md, NULL); r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp)); if (r.u.response.rsp == NULL) { free(answer.data); krb5_clear_error_message(context); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctxp); ret = ENOMEM; goto out; } @@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context, if (r.u.response.rsp == NULL) { free(answer.data); krb5_clear_error_message(context); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctxp); ret = ENOMEM; goto out; } /* get_master, rfc 3079 3.4 */ - EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); - EVP_DigestUpdate(ctx, hashhash, 16); - EVP_DigestUpdate(ctx, answer.data, answer.length); - EVP_DigestUpdate(ctx, ms_rfc3079_magic1, + EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL); + EVP_DigestUpdate(ctxp, hashhash, 16); + EVP_DigestUpdate(ctxp, answer.data, answer.length); + EVP_DigestUpdate(ctxp, ms_rfc3079_magic1, sizeof(ms_rfc3079_magic1)); - EVP_DigestFinal_ex(ctx, md, NULL); + EVP_DigestFinal_ex(ctxp, md, NULL); free(answer.data); - EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctxp); r.u.response.session_key = calloc(1, sizeof(*r.u.response.session_key)); diff --git a/kdc/hprop.c b/kdc/hprop.c index e3846e932..290a85828 100644 --- a/kdc/hprop.c +++ b/kdc/hprop.c @@ -133,13 +133,13 @@ struct getargs args[] = { { "keytab", 'k', arg_string, rk_UNCONST(&ktname), "keytab to use for authentication", "keytab" }, - { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" }, - { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" }, - { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" }, - { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" }, - { "verbose", 'v', arg_flag, &verbose_flag }, - { "version", 0, arg_flag, &version_flag }, - { "help", 'h', arg_flag, &help_flag } + { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use", NULL }, + { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys", NULL }, + { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys", NULL }, + { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout", NULL }, + { "verbose", 'v', arg_flag, &verbose_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); @@ -213,7 +213,7 @@ struct { static int parse_source_type(const char *s) { - int i; + size_t i; for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) { if(strstr(types[i].name, s) == types[i].name) return types[i].type; diff --git a/kdc/hpropd.c b/kdc/hpropd.c index 8b360cf42..86fb891cf 100644 --- a/kdc/hpropd.c +++ b/kdc/hpropd.c @@ -44,19 +44,20 @@ static char *ktname = NULL; struct getargs args[] = { { "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" }, - { "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, - { "print", 0, arg_flag, &print_dump, "print dump to stdout" }, + { "stdin", 'n', arg_flag, &from_stdin, "read from stdin", NULL }, + { "print", 0, arg_flag, &print_dump, "print dump to stdout", NULL }, #ifdef SUPPORT_INETD { "inetd", 'i', arg_negative_flag, &inetd_flag, - "Not started from inetd" }, + "Not started from inetd", NULL }, #endif { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, - { "realm", 'r', arg_string, &local_realm, "realm to use" }, + { "realm", 'r', arg_string, &local_realm, "realm to use", NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL }, { "help", 'h', arg_flag, &help_flag, NULL, NULL} }; static int num_args = sizeof(args) / sizeof(args[0]); +static char unparseable_name[] = "unparseable name"; static void usage(int ret) @@ -194,7 +195,7 @@ main(int argc, char **argv) char *s; ret = krb5_unparse_name(context, c2, &s); if (ret) - s = "unparseable name"; + s = unparseable_name; krb5_errx(context, 1, "Unauthorized connection from %s", s); } krb5_free_principal(context, c1); @@ -260,7 +261,7 @@ main(int argc, char **argv) char *s; ret = krb5_unparse_name(context, entry.entry.principal, &s); if (ret) - s = strdup("unparseable name"); + s = strdup(unparseable_name); krb5_warnx(context, "Entry exists: %s", s); free(s); } else if(ret) diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index a437b9dbd..1d97a60ae 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -74,9 +74,9 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type) if (req->padata == NULL) return NULL; - while(*start < req->padata->len){ + while((size_t)*start < req->padata->len){ (*start)++; - if(req->padata->val[*start - 1].padata_type == type) + if(req->padata->val[*start - 1].padata_type == (unsigned)type) return &req->padata->val[*start - 1]; } return NULL; @@ -127,7 +127,7 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ, krb5_enctype *etypes, unsigned len, Key **ret_key) { - int i; + size_t i; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; krb5_salt def_salt; @@ -211,7 +211,7 @@ log_patypes(krb5_context context, { struct rk_strpool *p = NULL; char *str; - int i; + size_t i; for (i = 0; i < padata->len; i++) { switch(padata->val[i].padata_type) { @@ -614,7 +614,7 @@ log_as_req(krb5_context context, krb5_error_code ret; struct rk_strpool *p; char *str; - int i; + size_t i; p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: "); @@ -809,7 +809,7 @@ _kdc_check_addresses(krb5_context context, krb5_address addr; krb5_boolean result; krb5_boolean only_netbios = TRUE; - int i; + size_t i; if(config->check_ticket_addresses == 0) return TRUE; @@ -1035,7 +1035,7 @@ _kdc_as_rep(krb5_context context, { const krb5_enctype *p; krb5_enctype clientbest = ETYPE_NULL; - int i, j; + size_t i, j; p = krb5_kerberos_enctypes(context); @@ -1663,7 +1663,7 @@ _kdc_as_rep(krb5_context context, PA_ClientCanonicalized canon; krb5_data data; PA_DATA pa; - krb5_crypto crypto; + krb5_crypto cryptox; size_t len; memset(&canon, 0, sizeof(canon)); @@ -1679,18 +1679,18 @@ _kdc_as_rep(krb5_context context, krb5_abortx(context, "internal asn.1 error"); /* sign using "returned session key" */ - ret = krb5_crypto_init(context, &et.key, 0, &crypto); + ret = krb5_crypto_init(context, &et.key, 0, &cryptox); if (ret) { free(data.data); goto out; } - ret = krb5_create_checksum(context, crypto, + ret = krb5_create_checksum(context, cryptox, KRB5_KU_CANONICALIZED_NAMES, 0, data.data, data.length, &canon.canon_checksum); free(data.data); - krb5_crypto_destroy(context, crypto); + krb5_crypto_destroy(context, cryptox); if (ret) goto out; diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c index 3db77cde6..94e684432 100644 --- a/kdc/krb5tgs.c +++ b/kdc/krb5tgs.c @@ -508,7 +508,7 @@ check_constrained_delegation(krb5_context context, { const HDB_Ext_Constrained_delegation_acl *acl; krb5_error_code ret; - int i; + size_t i; /* if client delegates to itself, that ok */ if (krb5_principal_compare(context, client->entry.principal, server) == TRUE) @@ -606,7 +606,7 @@ fix_transited_encoding(krb5_context context, krb5_error_code ret = 0; char **realms, **tmp; unsigned int num_realms; - int i; + size_t i; switch (tr->tr_type) { case DOMAIN_X500_COMPRESS: @@ -1131,6 +1131,7 @@ tgs_parse_request(krb5_context context, krb5_keyblock **replykey, int *rk_is_subkey) { + static char failed[] = ""; krb5_ap_req ap_req; krb5_error_code ret; krb5_principal princ; @@ -1174,7 +1175,7 @@ tgs_parse_request(krb5_context context, char *p; ret = krb5_unparse_name(context, princ, &p); if (ret != 0) - p = ""; + p = failed; krb5_free_principal(context, princ); kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p); if (ret == 0) @@ -1186,7 +1187,7 @@ tgs_parse_request(krb5_context context, char *p; ret = krb5_unparse_name(context, princ, &p); if (ret != 0) - p = ""; + p = failed; krb5_free_principal(context, princ); kdc_log(context, config, 0, "Ticket-granting ticket not found in database: %s", msg); @@ -1198,13 +1199,13 @@ tgs_parse_request(krb5_context context, } if(ap_req.ticket.enc_part.kvno && - *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ + (size_t)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ char *p; ret = krb5_unparse_name (context, princ, &p); krb5_free_principal(context, princ); if (ret != 0) - p = ""; + p = failed; kdc_log(context, config, 0, "Ticket kvno = %d, DB kvno = %d (%s)", *ap_req.ticket.enc_part.kvno, @@ -1646,7 +1647,7 @@ server_lookup: krb5_enctype etype; if(b->kdc_options.enc_tkt_in_skey) { - int i; + size_t i; ekey = &adtkt.key; for(i = 0; i < b->etype.len; i++) if (b->etype.val[i] == adtkt.key.keytype) diff --git a/kdc/kstash.c b/kdc/kstash.c index c005f4239..1cd626e10 100644 --- a/kdc/kstash.c +++ b/kdc/kstash.c @@ -46,15 +46,17 @@ static int random_key_flag; static const char *enctype_str = "des3-cbc-sha1"; static struct getargs args[] = { - { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type" }, + { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type", + NULL }, { "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, { "convert-file", 0, arg_flag, &convert_flag, - "just convert keyfile to new format" }, + "just convert keyfile to new format", NULL }, { "master-key-fd", 0, arg_integer, &master_key_fd, "filedescriptor to read passphrase from", "fd" }, - { "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" }, - { "help", 'h', arg_flag, &help_flag }, - { "version", 0, arg_flag, &version_flag } + { "random-key", 0, arg_flag, &random_key_flag, + "generate a random master key", NULL }, + { "help", 'h', arg_flag, &help_flag, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); diff --git a/kdc/log.c b/kdc/log.c index 6657aca5c..6d85729f5 100644 --- a/kdc/log.c +++ b/kdc/log.c @@ -50,10 +50,12 @@ kdc_openlog(krb5_context context, krb5_addlog_dest(context, config->logf, *p); krb5_config_free_strings(s); }else { - char *s; - asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE); - krb5_addlog_dest(context, config->logf, s); - free(s); + char *ss; + if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context), + KDC_LOG_FILE) < 0) + err(1, NULL); + krb5_addlog_dest(context, config->logf, ss); + free(ss); } krb5_set_warn_dest(context, config->logf); } diff --git a/kdc/mit_dump.c b/kdc/mit_dump.c index 48e1e1763..a0c99dfd9 100644 --- a/kdc/mit_dump.c +++ b/kdc/mit_dump.c @@ -77,7 +77,7 @@ unless no extra data static int hex_to_octet_string(const char *ptr, krb5_data *data) { - int i; + size_t i; unsigned int v; for(i = 0; i < data->length; i++) { if(sscanf(ptr + 2 * i, "%02x", &v) != 1) @@ -165,7 +165,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num) case KRB5_KDB_SALTTYPE_NOREALM: { size_t len; - int i; + size_t i; char *p; len = 0; diff --git a/kdc/pkinit.c b/kdc/pkinit.c index 9c0be23b1..6a6040c26 100644 --- a/kdc/pkinit.c +++ b/kdc/pkinit.c @@ -237,7 +237,7 @@ generate_dh_keyblock(krb5_context context, } dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key); - if (dh_gen_keylen == -1) { + if (dh_gen_keylen == (size_t)-1) { ret = KRB5KRB_ERR_GENERIC; krb5_set_error_message(context, ret, "Can't compute Diffie-Hellman key"); @@ -1247,7 +1247,7 @@ _kdc_pk_mk_pa_reply(krb5_context context, krb5_enctype enctype; int pa_type; hx509_cert kdc_cert = NULL; - int i; + size_t i; if (!config->enable_pkinit) { krb5_clear_error_message(context); @@ -1575,7 +1575,8 @@ match_rfc_san(krb5_context context, krb5_const_principal match) { hx509_octet_string_list list; - int ret, i, found = 0; + int ret, found = 0; + size_t i; memset(&list, 0 , sizeof(list)); @@ -1709,7 +1710,7 @@ _kdc_pk_check_client(krb5_context context, const HDB_Ext_PKINIT_cert *pc; krb5_error_code ret; hx509_name name; - int i; + size_t i; if (cp->cert == NULL) { @@ -1737,12 +1738,12 @@ _kdc_pk_check_client(krb5_context context, ret = hdb_entry_get_pkinit_cert(&client->entry, &pc); if (ret == 0 && pc) { hx509_cert cert; - unsigned int i; + size_t j; - for (i = 0; i < pc->len; i++) { + for (j = 0; j < pc->len; j++) { ret = hx509_cert_init_data(context->hx509ctx, - pc->val[i].cert.data, - pc->val[i].cert.length, + pc->val[j].cert.data, + pc->val[j].cert.length, &cert); if (ret) continue; diff --git a/kdc/string2key.c b/kdc/string2key.c index c351271e7..c4803e414 100644 --- a/kdc/string2key.c +++ b/kdc/string2key.c @@ -45,15 +45,17 @@ int version; int help; struct getargs args[] = { - { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key" }, - { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key" }, - { "afs", 'a', arg_flag, &afs, "Output AFS string-to-key" }, + { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key", + NULL }, + { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key", + NULL }, + { "afs", 'a', arg_flag, &afs, "Output AFS string-to-key", NULL }, { "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" }, { "password", 'w', arg_string, &password, "Password to use", "password" }, { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" }, - { "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype" }, - { "version", 0, arg_flag, &version, "print version" }, - { "help", 0, arg_flag, &help, NULL } + { "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype", NULL }, + { "version", 0, arg_flag, &version, "print version", NULL }, + { "help", 0, arg_flag, &help, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -73,7 +75,7 @@ tokey(krb5_context context, const char *label) { krb5_error_code ret; - int i; + size_t i; krb5_keyblock key; char *e; diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c index 0258c1ac0..4a4bcf124 100644 --- a/kpasswd/kpasswd.c +++ b/kpasswd/kpasswd.c @@ -40,10 +40,11 @@ static char *admin_principal_str; static char *cred_cache_str; static struct getargs args[] = { - { "admin-principal", 0, arg_string, &admin_principal_str }, - { "cache", 'c', arg_string, &cred_cache_str }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "admin-principal", 0, arg_string, &admin_principal_str, NULL, + NULL }, + { "cache", 'c', arg_string, &cred_cache_str, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c index 5ba459cf3..884cc7b68 100644 --- a/kpasswd/kpasswdd.c +++ b/kpasswd/kpasswdd.c @@ -680,11 +680,11 @@ doit (krb5_keytab keytab, int port) krb5_errx (context, 1, "No sockets!"); while(exit_flag == 0) { - int ret; + krb5_ssize_t retx; fd_set fdset = real_fdset; - ret = select (maxfd + 1, &fdset, NULL, NULL, NULL); - if (ret < 0) { + retx = select (maxfd + 1, &fdset, NULL, NULL, NULL); + if (retx < 0) { if (errno == EINTR) continue; else @@ -695,9 +695,9 @@ doit (krb5_keytab keytab, int port) u_char buf[BUFSIZ]; socklen_t addrlen = sizeof(__ss); - ret = recvfrom (sockets[i], buf, sizeof(buf), 0, + retx = recvfrom(sockets[i], buf, sizeof(buf), 0, sa, &addrlen); - if (ret < 0) { + if (retx < 0) { if(errno == EINTR) break; else @@ -707,7 +707,7 @@ doit (krb5_keytab keytab, int port) process (realms, keytab, sockets[i], &addrs.val[i], sa, addrlen, - buf, ret); + buf, retx); } } @@ -730,7 +730,8 @@ sigterm(int sig) static const char *check_library = NULL; static const char *check_function = NULL; static getarg_strings policy_libraries = { 0, NULL }; -static char *keytab_str = "HDB:"; +static char sHDB[] = "HDB:"; +static char *keytab_str = sHDB; static char *realm_str; static int version_flag; static int help_flag; @@ -750,11 +751,11 @@ struct getargs args[] = { "addresses to listen on", "list of addresses" }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication key from", "kspec" }, - { "config-file", 'c', arg_string, &config_file }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, { "realm", 'r', arg_string, &realm_str, "default realm", "realm" }, - { "port", 'p', arg_string, &port_str, "port" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "port", 'p', arg_string, &port_str, "port", NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -836,10 +837,10 @@ main (int argc, char **argv) explicit_addresses.len = 0; if (addresses_str.num_strings) { - int i; + int j; - for (i = 0; i < addresses_str.num_strings; ++i) - add_one_address (addresses_str.strings[i], i == 0); + for (j = 0; j < addresses_str.num_strings; ++j) + add_one_address (addresses_str.strings[j], j == 0); free_getarg_strings (&addresses_str); } else { char **foo = krb5_config_get_strings (context, NULL, diff --git a/kuser/copy_cred_cache.c b/kuser/copy_cred_cache.c index d5bb2f0e2..21149d3b9 100644 --- a/kuser/copy_cred_cache.c +++ b/kuser/copy_cred_cache.c @@ -60,7 +60,7 @@ parse_ticket_flags(krb5_context context, memset(&ff, 0, sizeof(ff)); ff.proxy = 1; - if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) + if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) ret_flags->i = flags; else ret_flags->i = bitswap32(flags); diff --git a/kuser/kcc.c b/kuser/kcc.c index 9a392fc1c..511398c92 100644 --- a/kuser/kcc.c +++ b/kuser/kcc.c @@ -40,8 +40,8 @@ static int version_flag; static int help_flag; static struct getargs args[] = { - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kuser/kdestroy.c b/kuser/kdestroy.c index 07e113e39..fae5e5ae8 100644 --- a/kuser/kdestroy.c +++ b/kuser/kdestroy.c @@ -47,7 +47,7 @@ struct getargs args[] = { { "credential", 0, arg_string, rk_UNCONST(&credential), "remove one credential", "principal" }, { "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" }, - { "all", 'A', arg_flag, &all_flag, "destroy all caches" }, + { "all", 'A', arg_flag, &all_flag, "destroy all caches", NULL }, #ifndef NO_AFS { "unlog", 0, arg_negative_flag, &unlog_flag, "do not destroy tokens", NULL }, diff --git a/kuser/kdigest.c b/kuser/kdigest.c index 968328b38..e833b61ad 100644 --- a/kuser/kdigest.c +++ b/kuser/kdigest.c @@ -436,6 +436,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt, krb5_data challenge, opaque; struct ntlm_buf data; char *s; + static char zero2[] = "\x00\x00"; memset(&type2, 0, sizeof(type2)); @@ -471,7 +472,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt, krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags"); krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname); - type2.targetinfo.data = "\x00\x00"; + type2.targetinfo.data = zero2; type2.targetinfo.length = 2; ret = heim_ntlm_encode_type2(&type2, &data); diff --git a/kuser/kgetcred.c b/kuser/kgetcred.c index f90acbafd..77421dca6 100644 --- a/kuser/kgetcred.c +++ b/kuser/kgetcred.c @@ -53,17 +53,17 @@ struct getargs args[] = { { "delegation-credential-cache",0,arg_string, &delegation_cred_str, NP_("where to find the ticket use for delegation", ""), "cache"}, { "canonicalize", 0, arg_flag, &canonicalize_flag, - NP_("canonicalize the principal", "") }, + NP_("canonicalize the principal", ""), NULL }, { "forwardable", 0, arg_flag, &forwardable_flag, - NP_("forwardable ticket requested", "")}, - { "transit-check", 0, arg_negative_flag, &transit_flag }, + NP_("forwardable ticket requested", ""), NULL}, + { "transit-check", 0, arg_negative_flag, &transit_flag, NULL, NULL }, { "enctype", 'e', arg_string, &etype_str, NP_("encryption type to use", ""), "enctype"}, { "impersonate", 0, arg_string, &impersonate_str, NP_("client to impersonate", ""), "principal"}, - { "name-type", 0, arg_string, &nametype_str }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "name-type", 0, arg_string, &nametype_str, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void diff --git a/kuser/kimpersonate.c b/kuser/kimpersonate.c index 023f5587a..13a0fce20 100644 --- a/kuser/kimpersonate.c +++ b/kuser/kimpersonate.c @@ -44,7 +44,7 @@ static char *ccache_str = NULL; static char *ticket_flags_str = NULL; static TicketFlags ticket_flags; static char *keytab_file = NULL; -static char *enc_type = "des-cbc-md5"; +static const char *enc_type = "des-cbc-md5"; static int expiration_time = 3600; static struct getarg_strings client_addresses; static int version_flag = 0; @@ -268,21 +268,21 @@ struct getargs args[] = { { "ccache", 0, arg_string, &ccache_str, "name of kerberos 5 credential cache", "cache-name"}, { "server", 's', arg_string, &server_principal_str, - "name of server principal" }, + "name of server principal", NULL }, { "client", 'c', arg_string, &client_principal_str, - "name of client principal" }, + "name of client principal", NULL }, { "keytab", 'k', arg_string, &keytab_file, - "name of keytab file" }, + "name of keytab file", NULL }, { "krb5", '5', arg_flag, &use_krb5, - "create a kerberos 5 ticket"}, + "create a kerberos 5 ticket", NULL }, { "expire-time", 'e', arg_integer, &expiration_time, - "lifetime of ticket in seconds" }, + "lifetime of ticket in seconds", NULL }, { "client-addresses", 'a', arg_strings, &client_addresses, - "addresses of client" }, + "addresses of client", NULL }, { "enc-type", 't', arg_string, &enc_type, - "encryption type" }, + "encryption type", NULL }, { "ticket-flags", 'f', arg_string, &ticket_flags_str, - "ticket flags for krb5 ticket" }, + "ticket flags for krb5 ticket", NULL }, { "version", 0, arg_flag, &version_flag, "Print version", NULL }, { "help", 0, arg_flag, &help_flag, NULL, @@ -302,7 +302,7 @@ usage (int ret) int main (int argc, char **argv) { - int optind = 0; + int optidx = 0; krb5_error_code ret; krb5_context context; krb5_keytab kt; @@ -313,23 +313,23 @@ main (int argc, char **argv) if (ret) errx(1, "krb5_init_context failed: %u", ret); - if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) - usage (1); + if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx)) + usage(1); if (help_flag) - usage (0); + usage(0); if (version_flag) { print_version(NULL); return 0; } - setup_env (context, &kt); + setup_env(context, &kt); if (use_krb5) - create_krb5_tickets (context, kt); + create_krb5_tickets(context, kt); + + krb5_kt_close(context, kt); - krb5_kt_close (context, kt); return 0; } diff --git a/kuser/kinit.c b/kuser/kinit.c index 846232a4f..1342ebcbc 100644 --- a/kuser/kinit.c +++ b/kuser/kinit.c @@ -96,31 +96,31 @@ static struct getargs args[] = { * 9: */ { "afslog", 0 , arg_flag, &do_afslog, - NP_("obtain afs tokens", "") }, + NP_("obtain afs tokens", ""), NULL }, { "cache", 'c', arg_string, &cred_cache, NP_("credentials cache", ""), "cachename" }, { "forwardable", 0, arg_negative_flag, &forwardable_flag, - NP_("get tickets not forwardable", "")}, + NP_("get tickets not forwardable", ""), NULL }, { NULL, 'f', arg_flag, &forwardable_flag, - NP_("get forwardable tickets", "")}, + NP_("get forwardable tickets", ""), NULL }, { "keytab", 't', arg_string, &keytab_str, NP_("keytab to use", ""), "keytabname" }, { "lifetime", 'l', arg_string, &lifetime, - NP_("lifetime of tickets", ""), "time"}, + NP_("lifetime of tickets", ""), "time" }, { "proxiable", 'p', arg_flag, &proxiable_flag, - NP_("get proxiable tickets", "") }, + NP_("get proxiable tickets", ""), NULL }, { "renew", 'R', arg_flag, &renew_flag, - NP_("renew TGT", "") }, + NP_("renew TGT", ""), NULL }, { "renewable", 0, arg_flag, &renewable_flag, - NP_("get renewable tickets", "") }, + NP_("get renewable tickets", ""), NULL }, { "renewable-life", 'r', arg_string, &renew_life, NP_("renewable lifetime of tickets", ""), "time" }, @@ -132,40 +132,40 @@ static struct getargs args[] = { NP_("when ticket gets valid", ""), "time" }, { "use-keytab", 'k', arg_flag, &use_keytab, - NP_("get key from keytab", "") }, + NP_("get key from keytab", ""), NULL }, { "validate", 'v', arg_flag, &validate_flag, - NP_("validate TGT", "") }, + NP_("validate TGT", ""), NULL }, { "enctypes", 'e', arg_strings, &etype_str, NP_("encryption types to use", ""), "enctypes" }, { "fcache-version", 0, arg_integer, &fcache_version, - NP_("file cache version to create", "") }, + NP_("file cache version to create", ""), NULL }, { "addresses", 'A', arg_negative_flag, &addrs_flag, - NP_("request a ticket with no addresses", "") }, + NP_("request a ticket with no addresses", ""), NULL }, { "extra-addresses",'a', arg_strings, &extra_addresses, NP_("include these extra addresses", ""), "addresses" }, { "anonymous", 0, arg_flag, &anonymous_flag, - NP_("request an anonymous ticket", "") }, + NP_("request an anonymous ticket", ""), NULL }, { "request-pac", 0, arg_flag, &pac_flag, - NP_("request a Windows PAC", "") }, + NP_("request a Windows PAC", ""), NULL }, { "password-file", 0, arg_string, &password_file, - NP_("read the password from a file", "") }, + NP_("read the password from a file", ""), NULL }, { "canonicalize",0, arg_flag, &canonicalize_flag, - NP_("canonicalize client principal", "") }, + NP_("canonicalize client principal", ""), NULL }, { "enterprise",0, arg_flag, &enterprise_flag, - NP_("parse principal as a KRB5-NT-ENTERPRISE name", "") }, + NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL }, #ifdef PKINIT { "pk-enterprise", 0, arg_flag, &pk_enterprise_flag, - NP_("use enterprise name from certificate", "") }, + NP_("use enterprise name from certificate", ""), NULL }, { "pk-user", 'C', arg_string, &pk_user_id, NP_("principal's public/private/certificate identifier", ""), "id" }, @@ -174,7 +174,7 @@ static struct getargs args[] = { NP_("directory with CA certificates", ""), "directory" }, { "pk-use-enckey", 0, arg_flag, &pk_use_enckey, - NP_("Use RSA encrypted reply (instead of DH)", "") }, + NP_("Use RSA encrypted reply (instead of DH)", ""), NULL }, #endif #ifndef NO_NTLM { "ntlm-domain", 0, arg_string, &ntlm_domain, @@ -182,19 +182,19 @@ static struct getargs args[] = { #endif { "change-default", 0, arg_negative_flag, &switch_cache_flags, - NP_("switch the default cache to the new credentials cache", "") }, + NP_("switch the default cache to the new credentials cache", ""), NULL }, { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, - NP_("honor ok-as-delegate on tickets", "") }, + NP_("honor ok-as-delegate on tickets", ""), NULL }, { "use-referrals", 0, arg_flag, &use_referrals_flag, - NP_("only use referrals, no dns canalisation", "") }, + NP_("only use referrals, no dns canalisation", ""), NULL }, { "windows", 0, arg_flag, &windows_flag, - NP_("get windows behavior", "") }, + NP_("get windows behavior", ""), NULL }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static void @@ -357,7 +357,7 @@ get_new_tickets(krb5_context context, char passwd[256]; krb5_deltat start_time = 0; krb5_deltat renew = 0; - char *renewstr = NULL; + const char *renewstr = NULL; krb5_enctype *enctype = NULL; krb5_ccache tempccache; #ifndef NO_NTLM diff --git a/kuser/klist.c b/kuser/klist.c index aef1cf9b2..f77908a34 100644 --- a/kuser/klist.c +++ b/kuser/klist.c @@ -124,7 +124,7 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags) static void print_cred_verbose(krb5_context context, krb5_creds *cred) { - int j; + size_t j; char *str; krb5_error_code ret; krb5_timestamp sec; diff --git a/kuser/kswitch.c b/kuser/kswitch.c index c6915f7bd..b8ea7b951 100644 --- a/kuser/kswitch.c +++ b/kuser/kswitch.c @@ -35,11 +35,11 @@ #include "kcc-commands.h" #ifdef HAVE_READLINE -char *readline(char *prompt); +char *readline(const char *prompt); #else static char * -readline(char *prompt) +readline(const char *prompt) { char buf[BUFSIZ]; printf ("%s", prompt); diff --git a/lib/asn1/der_format.c b/lib/asn1/der_format.c index fc79a30b5..4f06c1b01 100644 --- a/lib/asn1/der_format.c +++ b/lib/asn1/der_format.c @@ -108,7 +108,7 @@ int der_print_heim_oid (const heim_oid *oid, char delim, char **str) { struct rk_strpool *p = NULL; - int i; + size_t i; if (oid->length == 0) return EINVAL; diff --git a/lib/asn1/der_get.c b/lib/asn1/der_get.c index 3ea0d5ea1..3112da86f 100644 --- a/lib/asn1/der_get.c +++ b/lib/asn1/der_get.c @@ -141,9 +141,9 @@ der_get_general_string (const unsigned char *p, size_t len, * an strings in the NEED_PREAUTH case that includes a * trailing NUL. */ - while (p1 - p < len && *p1 == '\0') + while ((size_t)(p1 - p) < len && *p1 == '\0') p1++; - if (p1 - p != len) + if ((size_t)(p1 - p) != len) return ASN1_BAD_CHARACTER; } if (len > len + 1) diff --git a/lib/asn1/der_length.c b/lib/asn1/der_length.c index 7a41de9d2..db8202586 100644 --- a/lib/asn1/der_length.c +++ b/lib/asn1/der_length.c @@ -86,7 +86,7 @@ static size_t len_oid (const heim_oid *oid) { size_t ret = 1; - int n; + size_t n; for (n = 2; n < oid->length; ++n) { unsigned u = oid->components[n]; diff --git a/lib/asn1/gen_decode.c b/lib/asn1/gen_decode.c index 002a471e9..082580a27 100644 --- a/lib/asn1/gen_decode.c +++ b/lib/asn1/gen_decode.c @@ -209,7 +209,8 @@ range_check(const char *name, static int decode_type (const char *name, const Type *t, int optional, - const char *forwstr, const char *tmpstr, const char *dertype) + const char *forwstr, const char *tmpstr, const char *dertype, + size_t depth) { switch (t->type) { case TType: { @@ -328,7 +329,8 @@ decode_type (const char *name, const Type *t, int optional, if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL, + depth + 1); free (s); } @@ -369,7 +371,7 @@ decode_type (const char *name, const Type *t, int optional, "%s = calloc(1, sizeof(*%s));\n" "if (%s == NULL) { e = ENOMEM; %s; }\n", s, s, s, forwstr); - decode_type (s, m->type, 0, forwstr, m->gen_name, NULL); + decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1); free (s); fprintf(codefile, "members |= (1 << %d);\n", memno); @@ -442,7 +444,7 @@ decode_type (const char *name, const Type *t, int optional, errx(1, "malloc"); if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL) errx(1, "malloc"); - decode_type (n, t->subtype, 0, forwstr, sname, NULL); + decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1); fprintf (codefile, "(%s)->len++;\n" "len = %s_origlen - ret;\n" @@ -480,7 +482,7 @@ decode_type (const char *name, const Type *t, int optional, tmpstr, tmpstr, typestring); if(support_ber) fprintf(codefile, - "int is_indefinite;\n"); + "int is_indefinite%zu;\n", depth); fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, " "&%s_datalen, &l);\n", @@ -516,20 +518,20 @@ decode_type (const char *name, const Type *t, int optional, tmpstr); if(support_ber) fprintf (codefile, - "if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n" + "if((is_indefinite%zu = _heim_fix_dce(%s_datalen, &len)) < 0)\n" "{ e = ASN1_BAD_FORMAT; %s; }\n" - "if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }", - tmpstr, forwstr, forwstr); + "if (is_indefinite%zu) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }", + depth, tmpstr, forwstr, depth, forwstr); else fprintf(codefile, "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n" "len = %s_datalen;\n", tmpstr, forwstr, tmpstr); if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL) errx(1, "malloc"); - decode_type (name, t->subtype, 0, forwstr, tname, ide); + decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1); if(support_ber) fprintf(codefile, - "if(is_indefinite){\n" + "if(is_indefinite%zu){\n" "len += 2;\n" "e = der_match_tag_and_length(p, len, " "(Der_class)0, &%s, UT_EndOfContent, " @@ -538,6 +540,7 @@ decode_type (const char *name, const Type *t, int optional, "p += l; len -= l; ret += l;\n" "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n" "} else \n", + depth, typestring, tmpstr, forwstr, @@ -584,7 +587,8 @@ decode_type (const char *name, const Type *t, int optional, if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&", name, m->gen_name) < 0 || s == NULL) errx(1, "malloc"); - decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); + decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL, + depth + 1); fprintf(codefile, "(%s)->element = %s;\n", name, m->label); @@ -702,7 +706,7 @@ generate_type_decode (const Symbol *s) fprintf (codefile, "\n"); fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ - decode_type ("data", s->type, 0, "goto fail", "Top", NULL); + decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1); if (preserve) fprintf (codefile, "data->_save.data = calloc(1, ret);\n" diff --git a/lib/asn1/gen_encode.c b/lib/asn1/gen_encode.c index 43f29c1fe..a9d2848a2 100644 --- a/lib/asn1/gen_encode.c +++ b/lib/asn1/gen_encode.c @@ -302,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) name, name); fprintf(codefile, - "for(i = 0; i < (%s)->len; i++) {\n", + "for(i = 0; i < (int)(%s)->len; i++) {\n", name); fprintf(codefile, @@ -326,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) fprintf(codefile, "if (totallen > len) {\n" - "for (i = 0; i < (%s)->len; i++) {\n" + "for (i = 0; i < (int)(%s)->len; i++) {\n" "free(val[i].data);\n" "}\n" "free(val);\n" @@ -339,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) name); fprintf (codefile, - "for(i = (%s)->len - 1; i >= 0; --i) {\n" + "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n" "p -= val[i].length;\n" "ret += val[i].length;\n" "memcpy(p + 1, val[i].data, val[i].length);\n" @@ -355,7 +355,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr) char *n = NULL; fprintf (codefile, - "for(i = (%s)->len - 1; i >= 0; --i) {\n" + "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n" "size_t %s_for_oldret = ret;\n" "ret = 0;\n", name, tmpstr); diff --git a/lib/asn1/timegm.c b/lib/asn1/timegm.c index 1b3b47fa5..cd28c5c83 100644 --- a/lib/asn1/timegm.c +++ b/lib/asn1/timegm.c @@ -56,13 +56,13 @@ time_t _der_timegm (struct tm *tm) { time_t res = 0; - unsigned i; + int i; if (tm->tm_year < 0) return -1; if (tm->tm_mon < 0 || tm->tm_mon > 11) return -1; - if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon]) + if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon]) return -1; if (tm->tm_hour < 0 || tm->tm_hour > 23) return -1; diff --git a/lib/gssapi/gen-oid.pl b/lib/gssapi/gen-oid.pl index 73549ad5e..4a519f89a 100644 --- a/lib/gssapi/gen-oid.pl +++ b/lib/gssapi/gen-oid.pl @@ -110,7 +110,7 @@ while(<>) { printf "#define $name (&$store)\n\n"; } else { printf "/* $name - $oid */\n"; - printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, \"$data\" };\n\n"; + printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, rk_UNCONST(\"$data\") };\n\n"; } } elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) { my ($type, $oid, $short, $long) = ($1, $2, $3, $4); diff --git a/lib/gssapi/gsstool.c b/lib/gssapi/gsstool.c index da043281f..d07656a33 100644 --- a/lib/gssapi/gsstool.c +++ b/lib/gssapi/gsstool.c @@ -132,7 +132,7 @@ supported_mechanisms(void *argptr, int argc, char **argv) return 0; } -void static +static void print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set) { gss_buffer_desc name, desc; diff --git a/lib/gssapi/krb5/arcfour.c b/lib/gssapi/krb5/arcfour.c index dc59e997b..5be8cbcaa 100644 --- a/lib/gssapi/krb5/arcfour.c +++ b/lib/gssapi/krb5/arcfour.c @@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type) + const char *type) { krb5_error_code ret; uint32_t seq_number; @@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status, p = token_buffer->value; omret = _gsskrb5_verify_header (&p, token_buffer->length, - (u_char *)type, + type, GSS_KRB5_MECHANISM); if (omret) return omret; diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c index 1189718ad..4d40060d2 100755 --- a/lib/gssapi/krb5/cfx.c +++ b/lib/gssapi/krb5/cfx.c @@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status, gss_iov_buffer_desc *header, *trailer, *padding; size_t gsshsize, k5hsize; size_t gsstsize, k5tsize; - size_t i, rrc = 0, ec = 0; + size_t rrc = 0, ec = 0; + int i; gss_cfx_wrap_token token; krb5_error_code ret; int32_t seq_number; @@ -666,7 +667,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int q += iov[i].buffer.length; } } - assert((q - p) == len); + assert((size_t)(q - p) == len); /* unrotate first part */ q = p + rrc; diff --git a/lib/gssapi/krb5/external.c b/lib/gssapi/krb5/external.c index d6f14a48f..c0b92c915 100644 --- a/lib/gssapi/krb5/external.c +++ b/lib/gssapi/krb5/external.c @@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = { GSS_C_MA_SASL_MECH_NAME, GSS_MO_MA, "SASL mech name", - "GS2-KRB5", + rk_UNCONST("GS2-KRB5"), _gss_mo_get_ctx_as_string, NULL }, @@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = { GSS_C_MA_MECH_NAME, GSS_MO_MA, "Mechanism name", - "KRB5", + rk_UNCONST("KRB5"), _gss_mo_get_ctx_as_string, NULL }, @@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = { GSS_C_MA_MECH_DESCRIPTION, GSS_MO_MA, "Mechanism description", - "Heimdal Kerberos 5 mech", + rk_UNCONST("Heimdal Kerberos 5 mech"), _gss_mo_get_ctx_as_string, NULL }, @@ -214,19 +214,19 @@ static gss_mo_desc krb5_mo[] = { }, { GSS_C_MA_AUTH_TARG, - GSS_MO_MA + .flags = GSS_MO_MA }, { GSS_C_MA_AUTH_INIT_ANON, - GSS_MO_MA + .flags = GSS_MO_MA }, { GSS_C_MA_DELEG_CRED, - GSS_MO_MA + .flags = GSS_MO_MA }, { GSS_C_MA_INTEG_PROT, - GSS_MO_MA + .flags = GSS_MO_MA }, { GSS_C_MA_CONF_PROT, @@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = { static gssapi_mech_interface_desc krb5_mech = { GMI_VERSION, "kerberos 5", - {9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }, 0, _gsskrb5_acquire_cred, _gsskrb5_release_cred, @@ -323,7 +323,13 @@ static gssapi_mech_interface_desc krb5_mech = { NULL, NULL, krb5_mo, - sizeof(krb5_mo) / sizeof(krb5_mo[0]) + sizeof(krb5_mo) / sizeof(krb5_mo[0]), + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 84a839aa3..4df26c48e 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -675,7 +675,8 @@ init_auth_restart output_token->length = outbuf.length; } else { ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, - (u_char *)"\x01\x00", GSS_KRB5_MECHANISM); + (u_char *)(intptr_t)"\x01\x00", + GSS_KRB5_MECHANISM); krb5_data_free (&outbuf); if (ret) goto failure; @@ -910,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context return GSS_S_BAD_MECH; if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { - OM_uint32 ret; + OM_uint32 ret1; if (*context_handle != GSS_C_NO_CONTEXT) { *minor_status = 0; return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; } - ret = _gsskrb5_create_ctx(minor_status, + ret1 = _gsskrb5_create_ctx(minor_status, context_handle, context, input_chan_bindings, INITIATOR_START); - if (ret) - return ret; + if (ret1) + return ret1; } if (*context_handle == GSS_C_NO_CONTEXT) { diff --git a/lib/gssapi/krb5/prf.c b/lib/gssapi/krb5/prf.c index 323b4cc72..162a30970 100644 --- a/lib/gssapi/krb5/prf.c +++ b/lib/gssapi/krb5/prf.c @@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, krb5_crypto crypto; krb5_data input, output; uint32_t num; + OM_uint32 junk; unsigned char *p; krb5_keyblock *key = NULL; + size_t dol; if (ctx == NULL) { *minor_status = 0; return GSS_S_NO_CONTEXT; } - if (desired_output_len <= 0) { + if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) { *minor_status = 0; return GSS_S_FAILURE; } + dol = desired_output_len; GSSAPI_KRB5_INIT (&context); @@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, return GSS_S_FAILURE; } - prf_out->value = malloc(desired_output_len); + prf_out->value = malloc(dol); if (prf_out->value == NULL) { _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; krb5_crypto_destroy(context, crypto); return GSS_S_FAILURE; } - prf_out->length = desired_output_len; + prf_out->length = dol; HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); input.length = prf_in->length + 4; input.data = malloc(prf_in->length + 4); if (input.data == NULL) { - OM_uint32 junk; _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; gss_release_buffer(&junk, prf_out); @@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } - memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length); + memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length); num = 0; p = prf_out->value; - while(desired_output_len > 0) { + while(dol > 0) { + size_t tsize; + _gsskrb5_encode_om_uint32(num, input.data); + ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { - OM_uint32 junk; *minor_status = ret; free(input.data); gss_release_buffer(&junk, prf_out); @@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); return GSS_S_FAILURE; } - memcpy(p, output.data, min(desired_output_len, output.length)); + + tsize = min(dol, output.length); + memcpy(p, output.data, tsize); p += output.length; - desired_output_len -= output.length; + dol -= tsize; krb5_data_free(&output); num++; } diff --git a/lib/gssapi/krb5/process_context_token.c b/lib/gssapi/krb5/process_context_token.c index 4feda0de0..0cc1c07cf 100644 --- a/lib/gssapi/krb5/process_context_token.c +++ b/lib/gssapi/krb5/process_context_token.c @@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token ( (gsskrb5_ctx)context_handle, context, token_buffer, &empty_buffer, - GSS_C_QOP_DEFAULT, "\x01\x02"); + GSS_C_QOP_DEFAULT, + "\x01\x02"); if (ret == GSS_S_COMPLETE) ret = _gsskrb5_delete_sec_context(minor_status, diff --git a/lib/gssapi/krb5/sequence.c b/lib/gssapi/krb5/sequence.c index fbbc5b6c7..c53b91aa6 100644 --- a/lib/gssapi/krb5/sequence.c +++ b/lib/gssapi/krb5/sequence.c @@ -141,7 +141,7 @@ OM_uint32 _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) { OM_uint32 r; - int i; + size_t i; if (o == NULL) return GSS_S_COMPLETE; diff --git a/lib/gssapi/krb5/unwrap.c b/lib/gssapi/krb5/unwrap.c index 7620d691b..3c7ba2944 100644 --- a/lib/gssapi/krb5/unwrap.c +++ b/lib/gssapi/krb5/unwrap.c @@ -54,7 +54,7 @@ unwrap_des DES_key_schedule schedule; DES_cblock deskey; DES_cblock zero; - int i; + size_t i; uint32_t seq_number; size_t padlength; OM_uint32 ret; diff --git a/lib/gssapi/krb5/verify_mic.c b/lib/gssapi/krb5/verify_mic.c index 9a5445698..3123787ff 100644 --- a/lib/gssapi/krb5/verify_mic.c +++ b/lib/gssapi/krb5/verify_mic.c @@ -44,7 +44,7 @@ verify_mic_des const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type + const char *type ) { u_char *p; @@ -142,7 +142,7 @@ verify_mic_des3 const gss_buffer_t token_buffer, gss_qop_t * qop_state, krb5_keyblock *key, - char *type + const char *type ) { u_char *p; @@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal const gss_buffer_t message_buffer, const gss_buffer_t token_buffer, gss_qop_t * qop_state, - char * type + const char * type ) { krb5_keyblock *key; @@ -348,7 +348,7 @@ _gsskrb5_verify_mic (gsskrb5_ctx)context_handle, context, message_buffer, token_buffer, - qop_state, "\x01\x01"); + qop_state, (void *)(intptr_t)"\x01\x01"); return ret; } diff --git a/lib/gssapi/krb5/wrap.c b/lib/gssapi/krb5/wrap.c index 54f92df60..efd0d82c4 100644 --- a/lib/gssapi/krb5/wrap.c +++ b/lib/gssapi/krb5/wrap.c @@ -214,7 +214,7 @@ wrap_des EVP_CIPHER_CTX des_ctx; DES_cblock deskey; DES_cblock zero; - int i; + size_t i; int32_t seq_number; size_t len, total_len, padlength, datalen; diff --git a/lib/gssapi/mech/gss_acquire_cred.c b/lib/gssapi/mech/gss_acquire_cred.c index c9900148c..ade65df8e 100644 --- a/lib/gssapi/mech/gss_acquire_cred.c +++ b/lib/gssapi/mech/gss_acquire_cred.c @@ -46,7 +46,7 @@ gss_acquire_cred(OM_uint32 *minor_status, struct _gss_cred *cred; struct _gss_mechanism_cred *mc; OM_uint32 min_time, cred_time; - int i; + size_t i; *minor_status = 0; if (output_cred_handle == NULL) diff --git a/lib/gssapi/mech/gss_aeap.c b/lib/gssapi/mech/gss_aeap.c index 141b6ae5a..99a13036b 100644 --- a/lib/gssapi/mech/gss_aeap.c +++ b/lib/gssapi/mech/gss_aeap.c @@ -168,7 +168,7 @@ gss_release_iov_buffer(OM_uint32 *minor_status, int iov_count) { OM_uint32 junk; - size_t i; + int i; if (minor_status) *minor_status = 0; diff --git a/lib/gssapi/mech/gss_buffer_set.c b/lib/gssapi/mech/gss_buffer_set.c index 3099b163b..48fb720ad 100644 --- a/lib/gssapi/mech/gss_buffer_set.c +++ b/lib/gssapi/mech/gss_buffer_set.c @@ -100,7 +100,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL gss_release_buffer_set(OM_uint32 * minor_status, gss_buffer_set_t *buffer_set) { - int i; + size_t i; OM_uint32 minor; *minor_status = 0; diff --git a/lib/gssapi/mech/gss_cred.c b/lib/gssapi/mech/gss_cred.c index b8fa11185..31885e4f0 100644 --- a/lib/gssapi/mech/gss_cred.c +++ b/lib/gssapi/mech/gss_cred.c @@ -85,7 +85,7 @@ gss_export_cred(OM_uint32 * minor_status, } ret = krb5_storage_write(sp, buffer.value, buffer.length); - if (ret != buffer.length) { + if (ret < 0 || (size_t)ret != buffer.length) { gss_release_buffer(minor_status, &buffer); krb5_storage_free(sp); *minor_status = EINVAL; diff --git a/lib/gssapi/mech/gss_indicate_mechs.c b/lib/gssapi/mech/gss_indicate_mechs.c index 59a1dcf22..475dbfba0 100644 --- a/lib/gssapi/mech/gss_indicate_mechs.c +++ b/lib/gssapi/mech/gss_indicate_mechs.c @@ -35,7 +35,7 @@ gss_indicate_mechs(OM_uint32 *minor_status, struct _gss_mech_switch *m; OM_uint32 major_status; gss_OID_set set; - int i; + size_t i; _gss_load_mech(); diff --git a/lib/gssapi/mech/gss_inquire_context.c b/lib/gssapi/mech/gss_inquire_context.c index 0658267b2..256807598 100644 --- a/lib/gssapi/mech/gss_inquire_context.c +++ b/lib/gssapi/mech/gss_inquire_context.c @@ -37,7 +37,7 @@ gss_inquire_context(OM_uint32 *minor_status, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, - int *open) + int *xopen) { OM_uint32 major_status; struct _gss_context *ctx = (struct _gss_context *) context_handle; @@ -47,8 +47,8 @@ gss_inquire_context(OM_uint32 *minor_status, if (locally_initiated) *locally_initiated = 0; - if (open) - *open = 0; + if (xopen) + *xopen = 0; if (lifetime_rec) *lifetime_rec = 0; @@ -68,7 +68,7 @@ gss_inquire_context(OM_uint32 *minor_status, mech_type, ctx_flags, locally_initiated, - open); + xopen); if (major_status != GSS_S_COMPLETE) { _gss_mg_error(m, major_status, *minor_status); diff --git a/lib/gssapi/mech/gss_inquire_cred_by_oid.c b/lib/gssapi/mech/gss_inquire_cred_by_oid.c index 900370a5d..e674dd48f 100644 --- a/lib/gssapi/mech/gss_inquire_cred_by_oid.c +++ b/lib/gssapi/mech/gss_inquire_cred_by_oid.c @@ -52,7 +52,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status, HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET; - int i; + size_t i; m = mc->gmc_mech; if (m == NULL) { diff --git a/lib/gssapi/mech/gss_krb5.c b/lib/gssapi/mech/gss_krb5.c index a88ae8112..fe88a384b 100644 --- a/lib/gssapi/mech/gss_krb5.c +++ b/lib/gssapi/mech/gss_krb5.c @@ -439,7 +439,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status, gss_buffer_desc buffer; krb5_storage *sp; krb5_data data; - int i; + size_t i; sp = krb5_storage_emem(); if (sp == NULL) { diff --git a/lib/gssapi/mech/gss_mo.c b/lib/gssapi/mech/gss_mo.c index cb24b764a..f00afb091 100644 --- a/lib/gssapi/mech/gss_mo.c +++ b/lib/gssapi/mech/gss_mo.c @@ -434,28 +434,28 @@ gss_display_mech_attr(OM_uint32 * minor_status, return GSS_S_BAD_MECH_ATTR; if (name) { - gss_buffer_desc n; - n.value = rk_UNCONST(ma->name); - n.length = strlen(ma->name); - major = _gss_copy_buffer(minor_status, &n, name); + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->name); + bd.length = strlen(ma->name); + major = _gss_copy_buffer(minor_status, &bd, name); if (major != GSS_S_COMPLETE) return major; } if (short_desc) { - gss_buffer_desc n; - n.value = rk_UNCONST(ma->short_desc); - n.length = strlen(ma->short_desc); - major = _gss_copy_buffer(minor_status, &n, short_desc); + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->short_desc); + bd.length = strlen(ma->short_desc); + major = _gss_copy_buffer(minor_status, &bd, short_desc); if (major != GSS_S_COMPLETE) return major; } if (long_desc) { - gss_buffer_desc n; - n.value = rk_UNCONST(ma->long_desc); - n.length = strlen(ma->long_desc); - major = _gss_copy_buffer(minor_status, &n, long_desc); + gss_buffer_desc bd; + bd.value = rk_UNCONST(ma->long_desc); + bd.length = strlen(ma->long_desc); + major = _gss_copy_buffer(minor_status, &bd, long_desc); if (major != GSS_S_COMPLETE) return major; } diff --git a/lib/gssapi/mech/gss_oid.c b/lib/gssapi/mech/gss_oid.c index bac97cacd..b2b7fa35a 100644 --- a/lib/gssapi/mech/gss_oid.c +++ b/lib/gssapi/mech/gss_oid.c @@ -2,220 +2,220 @@ #include "mech_locl.h" /* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") }; /* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") }; /* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") }; /* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") }; /* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") }; /* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") }; /* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") }; /* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") }; /* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") }; /* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") }; /* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") }; /* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") }; /* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") }; /* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") }; /* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") }; /* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") }; /* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") }; /* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") }; /* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") }; /* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") }; /* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") }; /* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") }; /* GSS_C_NT_DN - 1.2.752.43.13.22 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") }; /* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") }; /* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") }; /* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") }; /* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") }; /* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") }; /* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") }; /* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") }; /* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") }; /* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") }; /* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") }; /* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") }; /* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") }; /* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") }; /* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") }; /* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") }; /* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") }; /* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") }; /* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") }; /* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; /* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") }; /* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") }; /* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") }; /* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") }; /* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") }; /* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") }; /* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") }; /* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") }; /* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") }; /* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") }; /* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") }; /* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") }; /* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") }; /* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") }; /* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") }; /* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") }; /* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") }; /* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") }; /* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") }; /* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") }; /* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") }; /* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") }; /* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") }; /* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") }; /* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") }; /* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") }; /* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") }; /* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") }; /* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") }; /* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ -gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" }; +gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") }; struct _gss_oid_name_table _gss_ont_ma[] = { { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, diff --git a/lib/gssapi/mech/gss_test_oid_set_member.c b/lib/gssapi/mech/gss_test_oid_set_member.c index 4c4d34904..715d34bf0 100644 --- a/lib/gssapi/mech/gss_test_oid_set_member.c +++ b/lib/gssapi/mech/gss_test_oid_set_member.c @@ -34,7 +34,7 @@ gss_test_oid_set_member(OM_uint32 *minor_status, const gss_OID_set set, int *present) { - int i; + size_t i; *present = 0; for (i = 0; i < set->count; i++) diff --git a/lib/gssapi/ntlm/accept_sec_context.c b/lib/gssapi/ntlm/accept_sec_context.c index f65ed7606..2fd07913f 100644 --- a/lib/gssapi/ntlm/accept_sec_context.c +++ b/lib/gssapi/ntlm/accept_sec_context.c @@ -155,15 +155,15 @@ _gss_ntlm_accept_sec_context &out); heim_ntlm_free_type1(&type1); if (major_status != GSS_S_COMPLETE) { - OM_uint32 junk; - _gss_ntlm_delete_sec_context(&junk, context_handle, NULL); + OM_uint32 gunk; + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); return major_status; } output_token->value = malloc(out.length); if (output_token->value == NULL && out.length != 0) { - OM_uint32 junk; - _gss_ntlm_delete_sec_context(&junk, context_handle, NULL); + OM_uint32 gunk; + _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL); *minor_status = ENOMEM; return GSS_S_FAILURE; } diff --git a/lib/gssapi/ntlm/external.c b/lib/gssapi/ntlm/external.c index 64ee6d310..d0474f4ec 100644 --- a/lib/gssapi/ntlm/external.c +++ b/lib/gssapi/ntlm/external.c @@ -38,7 +38,7 @@ static gss_mo_desc ntlm_mo[] = { GSS_C_MA_SASL_MECH_NAME, GSS_MO_MA, "SASL mech name", - "NTLM", + rk_UNCONST("NTLM"), _gss_mo_get_ctx_as_string, NULL }, @@ -46,7 +46,7 @@ static gss_mo_desc ntlm_mo[] = { GSS_C_MA_MECH_NAME, GSS_MO_MA, "Mechanism name", - "NTLMSPP", + rk_UNCONST("NTLMSPP"), _gss_mo_get_ctx_as_string, NULL }, @@ -54,7 +54,7 @@ static gss_mo_desc ntlm_mo[] = { GSS_C_MA_MECH_DESCRIPTION, GSS_MO_MA, "Mechanism description", - "Heimdal NTLMSSP Mechanism", + rk_UNCONST("Heimdal NTLMSSP Mechanism"), _gss_mo_get_ctx_as_string, NULL } @@ -113,7 +113,13 @@ static gssapi_mech_interface_desc ntlm_mech = { NULL, NULL, ntlm_mo, - sizeof(ntlm_mo) / sizeof(ntlm_mo[0]) + sizeof(ntlm_mo) / sizeof(ntlm_mo[0]), + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface diff --git a/lib/gssapi/spnego/accept_sec_context.c b/lib/gssapi/spnego/accept_sec_context.c index 35bc56fbb..8a5dbe742 100644 --- a/lib/gssapi/spnego/accept_sec_context.c +++ b/lib/gssapi/spnego/accept_sec_context.c @@ -316,7 +316,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, gss_OID_desc oid; gss_OID oidp; gss_OID_set mechs; - int i; + size_t i; OM_uint32 ret, junk; ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, @@ -368,12 +368,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p, host = getenv("GSSAPI_SPNEGO_NAME"); if (host == NULL || issuid()) { + int rv; if (gethostname(hostname, sizeof(hostname)) != 0) { *minor_status = errno; return GSS_S_FAILURE; } - i = asprintf(&str, "host@%s", hostname); - if (i < 0 || str == NULL) { + rv = asprintf(&str, "host@%s", hostname); + if (rv < 0 || str == NULL) { *minor_status = ENOMEM; return GSS_S_FAILURE; } @@ -491,7 +492,6 @@ acceptor_start NegotiationToken nt; size_t nt_len; NegTokenInit *ni; - int i; gss_buffer_desc data; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_desc mech_output_token; @@ -613,13 +613,14 @@ acceptor_start */ if (!first_ok && ni->mechToken != NULL) { + size_t j; preferred_mech_type = GSS_C_NO_OID; /* Call glue layer to find first mech we support */ - for (i = 1; i < ni->mechTypes.len; ++i) { + for (j = 1; j < ni->mechTypes.len; ++j) { ret = select_mech(minor_status, - &ni->mechTypes.val[i], + &ni->mechTypes.val[j], 1, &preferred_mech_type); if (ret == 0) diff --git a/lib/gssapi/spnego/compat.c b/lib/gssapi/spnego/compat.c index b23658cfd..cf5ee30a8 100644 --- a/lib/gssapi/spnego/compat.c +++ b/lib/gssapi/spnego/compat.c @@ -41,10 +41,10 @@ * Kerberos mechanism. */ gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc = - {9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"}; + {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")}; gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = - {9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; + {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")}; /* * Allocate a SPNEGO context handle @@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status, gss_OID_set supported_mechs = GSS_C_NO_OID_SET; gss_OID first_mech = GSS_C_NO_OID; OM_uint32 ret; - int i; + size_t i; mechtypelist->len = 0; mechtypelist->val = NULL; diff --git a/lib/gssapi/spnego/context_stubs.c b/lib/gssapi/spnego/context_stubs.c index 18c13fe29..60b348ec4 100644 --- a/lib/gssapi/spnego/context_stubs.c +++ b/lib/gssapi/spnego/context_stubs.c @@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs) { OM_uint32 ret, junk; gss_OID_set m; - int i; + size_t i; ret = gss_indicate_mechs(minor_status, &m); if (ret != GSS_S_COMPLETE) @@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech ( { gss_OID_set mechs, names, n; OM_uint32 ret, junk; - int i, j; + size_t i, j; *name_types = NULL; diff --git a/lib/gssapi/spnego/cred_stubs.c b/lib/gssapi/spnego/cred_stubs.c index 2920f3d9b..fc43d6a4a 100644 --- a/lib/gssapi/spnego/cred_stubs.c +++ b/lib/gssapi/spnego/cred_stubs.c @@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred OM_uint32 ret, tmp; gss_OID_set_desc actual_desired_mechs; gss_OID_set mechs; - int i, j; + size_t i, j; *output_cred_handle = GSS_C_NO_CREDENTIAL; diff --git a/lib/gssapi/spnego/external.c b/lib/gssapi/spnego/external.c index 505475415..ca06d46e8 100644 --- a/lib/gssapi/spnego/external.c +++ b/lib/gssapi/spnego/external.c @@ -39,13 +39,12 @@ * negotiation token is identified by the Object Identifier * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). */ - static gss_mo_desc spnego_mo[] = { { GSS_C_MA_SASL_MECH_NAME, GSS_MO_MA, "SASL mech name", - "SPNEGO", + rk_UNCONST("SPNEGO"), _gss_mo_get_ctx_as_string, NULL }, @@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = { GSS_C_MA_MECH_NAME, GSS_MO_MA, "Mechanism name", - "SPNEGO", + rk_UNCONST("SPNEGO"), _gss_mo_get_ctx_as_string, NULL }, @@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = { GSS_C_MA_MECH_DESCRIPTION, GSS_MO_MA, "Mechanism description", - "Heimdal SPNEGO Mechanism", + rk_UNCONST("Heimdal SPNEGO Mechanism"), _gss_mo_get_ctx_as_string, NULL }, @@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = { static gssapi_mech_interface_desc spnego_mech = { GMI_VERSION, "spnego", - {6, (void *)"\x2b\x06\x01\x05\x05\x02"}, + {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") }, 0, _gss_spnego_acquire_cred, _gss_spnego_release_cred, @@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = { NULL, NULL, spnego_mo, - sizeof(spnego_mo) / sizeof(spnego_mo[0]) + sizeof(spnego_mo) / sizeof(spnego_mo[0]), + NULL, + NULL, + NULL, + NULL, + NULL, + NULL, }; gssapi_mech_interface diff --git a/lib/hdb/common.c b/lib/hdb/common.c index 55857723f..f1d011a2b 100644 --- a/lib/hdb/common.c +++ b/lib/hdb/common.c @@ -171,7 +171,7 @@ hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key) krb5_error_code code; hdb_entry oldentry; krb5_data value; - int i; + size_t i; code = db->hdb__get(context, db, *key, &value); if (code == HDB_ERR_NOENTRY) @@ -211,7 +211,7 @@ hdb_add_aliases(krb5_context context, HDB *db, const HDB_Ext_Aliases *aliases; krb5_error_code code; krb5_data key, value; - int i; + size_t i; code = hdb_entry_get_aliases(&entry->entry, &aliases); if (code || aliases == NULL) @@ -240,7 +240,8 @@ static krb5_error_code hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry) { const HDB_Ext_Aliases *aliases; - int code, i; + int code; + size_t i; /* check if new aliases already is used */ diff --git a/lib/hdb/ext.c b/lib/hdb/ext.c index fb32fdb84..d2a4373b9 100644 --- a/lib/hdb/ext.c +++ b/lib/hdb/ext.c @@ -37,7 +37,7 @@ krb5_error_code hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) { - int i; + size_t i; if (ent->extensions == NULL) return 0; @@ -63,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) HDB_extension * hdb_find_extension(const hdb_entry *entry, int type) { - int i; + size_t i; if (entry->extensions == NULL) return NULL; for (i = 0; i < entry->extensions->len; i++) - if (entry->extensions->val[i].data.element == type) + if (entry->extensions->val[i].data.element == (unsigned)type) return &entry->extensions->val[i]; return NULL; } @@ -112,7 +112,7 @@ hdb_replace_extension(krb5_context context, Der_type replace_type, list_type; unsigned int replace_tag, list_tag; size_t size; - int i; + size_t i; ret = der_get_tag(ext->data.u.asn1_ellipsis.data, ext->data.u.asn1_ellipsis.length, @@ -180,13 +180,13 @@ hdb_clear_extension(krb5_context context, hdb_entry *entry, int type) { - int i; + size_t i; if (entry->extensions == NULL) return 0; for (i = 0; i < entry->extensions->len; i++) { - if (entry->extensions->val[i].data.element == type) { + if (entry->extensions->val[i].data.element == (unsigned)type) { free_HDB_extension(&entry->extensions->val[i]); memmove(&entry->extensions->val[i], &entry->extensions->val[i + 1], @@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db, ext = hdb_find_extension(entry, choice_HDB_extension_data_password); if (ext) { - heim_utf8_string str; + heim_utf8_string xstr; heim_octet_string pw; if (db->hdb_master_key_set && ext->data.u.password.mkvno) { @@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db, return ret; } - str = pw.data; - if (str[pw.length - 1] != '\0') { + xstr = pw.data; + if (xstr[pw.length - 1] != '\0') { krb5_set_error_message(context, EINVAL, "malformed password"); return EINVAL; } - *p = strdup(str); + *p = strdup(xstr); der_free_octet_string(&pw); if (*p == NULL) { diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c index 3c0998480..5ee9f6918 100644 --- a/lib/hdb/hdb-mitdb.c +++ b/lib/hdb/hdb-mitdb.c @@ -144,7 +144,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num) case KRB5_KDB_SALTTYPE_NOREALM: { size_t len; - int i; + size_t i; char *p; len = 0; diff --git a/lib/hdb/hdb.c b/lib/hdb/hdb.c index 045f2e2cc..4ce401aae 100644 --- a/lib/hdb/hdb.c +++ b/lib/hdb/hdb.c @@ -168,7 +168,7 @@ hdb_unlock(int fd) void hdb_free_entry(krb5_context context, hdb_entry_ex *ent) { - int i; + size_t i; if (ent->free_entry) (*ent->free_entry)(context, ent); @@ -217,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db) if (ret) return ret; - tag.data = HDB_DB_FORMAT_ENTRY; + tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); ret = (*db->hdb__get)(context, db, tag, &version); ret2 = db->hdb_unlock(context, db); @@ -250,7 +250,7 @@ hdb_init_db(krb5_context context, HDB *db) if (ret) return ret; - tag.data = HDB_DB_FORMAT_ENTRY; + tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY; tag.length = strlen(tag.data); snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); version.data = ver; diff --git a/lib/hdb/keys.c b/lib/hdb/keys.c index 63f254d00..4f724e741 100644 --- a/lib/hdb/keys.c +++ b/lib/hdb/keys.c @@ -256,8 +256,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, char **ktypes, **kp; krb5_error_code ret; Key *k, *key_set; - int i, j; - char *default_keytypes[] = { + size_t i, j; + static const char *default_keytypes[] = { "aes256-cts-hmac-sha1-96:pw-salt", "des3-cbc-sha1:pw-salt", "arcfour-hmac-md5:pw-salt", @@ -267,7 +267,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, ktypes = krb5_config_get_strings(context, NULL, "kadmin", "default_keys", NULL); if (ktypes == NULL) - ktypes = default_keytypes; + ktypes = (char **)(intptr_t)default_keytypes; *ret_key_set = key_set = NULL; *nkeyset = 0; @@ -337,7 +337,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal, *ret_key_set = key_set; out: - if (ktypes != default_keytypes) + if (ktypes != (char **)(intptr_t)default_keytypes) krb5_config_free_strings(ktypes); if (ret) { @@ -364,7 +364,7 @@ hdb_generate_key_set_password(krb5_context context, Key **keys, size_t *num_keys) { krb5_error_code ret; - int i; + size_t i; ret = hdb_generate_key_set(context, principal, keys, num_keys, 0); diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c index 05b78dafc..c3445986f 100644 --- a/lib/hdb/keytab.c +++ b/lib/hdb/keytab.c @@ -184,7 +184,7 @@ hdb_get_entry(krb5_context context, const char *mkey = d->mkey; char *fdbname = NULL, *fmkey = NULL; HDB *db; - int i; + size_t i; memset(&ent, 0, sizeof(ent)); @@ -222,7 +222,7 @@ hdb_get_entry(krb5_context context, }else if(ret) goto out; - if(kvno && ent.entry.kvno != kvno) { + if(kvno && (krb5_kvno)ent.entry.kvno != kvno) { hdb_free_entry(context, &ent); ret = KRB5_KT_NOTFOUND; goto out; @@ -382,7 +382,7 @@ hdb_next_entry(krb5_context context, * next entry */ - if (c->key_idx == c->hdb_entry.entry.keys.len) { + if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) { hdb_free_entry(context, &c->hdb_entry); c->next = TRUE; c->key_idx = 0; diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c index 760eccfd4..87d939f42 100644 --- a/lib/hdb/mkey.c +++ b/lib/hdb/mkey.c @@ -372,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey) if(mkvno == NULL) { if(ret == NULL || mkey->keytab.vno > ret->keytab.vno) ret = mkey; - } else if(mkey->keytab.vno == *mkvno) + } else if((uint32_t)mkey->keytab.vno == *mkvno) return mkey; mkey = mkey->next; } @@ -459,7 +459,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) krb5_error_code hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) { - int i; + size_t i; for(i = 0; i < ent->keys.len; i++){ krb5_error_code ret; @@ -526,7 +526,7 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey) krb5_error_code hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) { - int i; + size_t i; for(i = 0; i < ent->keys.len; i++){ krb5_error_code ret; diff --git a/lib/hdb/print.c b/lib/hdb/print.c index fff27d03e..510d53bbe 100644 --- a/lib/hdb/print.c +++ b/lib/hdb/print.c @@ -78,7 +78,8 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...) static krb5_error_code append_hex(krb5_context context, krb5_storage *sp, krb5_data *data) { - int i, printable = 1; + int printable = 1; + size_t i; char *p; p = data->data; @@ -126,7 +127,7 @@ static krb5_error_code entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) { char *p; - int i; + size_t i; krb5_error_code ret; /* --- principal */ diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index 492064d86..3faf54621 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -266,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context, } if (flags & HX509_CA_TEMPLATE_EKU) { ExtKeyUsage eku; - int i; + size_t i; ret = _hx509_cert_get_eku(context, cert, &eku); if (ret) return ret; @@ -689,7 +689,7 @@ add_utf8_san(hx509_context context, const heim_oid *oid, const char *string) { - const PKIXXmppAddr ustring = (const PKIXXmppAddr)string; + const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string; heim_octet_string os; size_t size; int ret; diff --git a/lib/hx509/cms.c b/lib/hx509/cms.c index 6e4eefaa1..2c6226398 100644 --- a/lib/hx509/cms.c +++ b/lib/hx509/cms.c @@ -362,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context, heim_octet_string *params, params_data; heim_octet_string ivec; size_t size; - int ret, i, matched = 0, findflags = 0; + int ret, matched = 0, findflags = 0; + size_t i; memset(&key, 0, sizeof(key)); @@ -718,7 +719,8 @@ out: static int any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) { - int ret, i; + int ret; + size_t i; if (sd->certificates == NULL) return 0; @@ -744,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) static const Attribute * find_attribute(const CMSAttributes *attr, const heim_oid *oid) { - int i; + size_t i; for (i = 0; i < attr->len; i++) if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0) return &attr->val[i]; @@ -790,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context, hx509_certs certs = NULL; SignedData sd; size_t size; - int ret, i, found_valid_sig; + int ret, found_valid_sig; + size_t i; *signer_certs = NULL; content->data = NULL; diff --git a/lib/hx509/collector.c b/lib/hx509/collector.c index 0cb186399..91d1d0f1b 100644 --- a/lib/hx509/collector.c +++ b/lib/hx509/collector.c @@ -253,7 +253,8 @@ _hx509_collector_collect_certs(hx509_context context, hx509_certs *ret_certs) { hx509_certs certs; - int ret, i; + int ret; + size_t i; *ret_certs = NULL; @@ -286,7 +287,7 @@ _hx509_collector_collect_private_keys(hx509_context context, struct hx509_collector *c, hx509_private_key **keys) { - int i, nkeys; + size_t i, nkeys; *keys = NULL; @@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context, void _hx509_collector_free(struct hx509_collector *c) { - int i; + size_t i; if (c->unenvelop_certs) hx509_certs_free(&c->unenvelop_certs); diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c index c69ddfb5d..ef8651a23 100644 --- a/lib/hx509/crypto.c +++ b/lib/hx509/crypto.c @@ -589,7 +589,7 @@ rsa_verify_signature(hx509_context context, } /* Check for extra data inside the sigature */ - if (size != retsize) { + if (size != (size_t)retsize) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); goto out; @@ -620,7 +620,7 @@ rsa_verify_signature(hx509_context context, data, &di.digest); } else { - if (retsize != data->length || + if ((size_t)retsize != data->length || ct_memcmp(to, data->data, retsize) != 0) { ret = HX509_CRYPTO_SIG_INVALID_FORMAT; @@ -739,7 +739,7 @@ rsa_create_signature(hx509_context context, "RSA private encrypt failed: %d", ret); return ret; } - if (ret > sig->length) + if ((size_t)ret > sig->length) _hx509_abort("RSA signature prelen longer the output len"); sig->length = ret; @@ -1256,7 +1256,8 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg pkcs1_rsa_sha1_alg = { @@ -1269,7 +1270,8 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha512_alg = { @@ -1282,7 +1284,8 @@ static const struct signature_alg rsa_with_sha512_alg = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha384_alg = { @@ -1295,7 +1298,8 @@ static const struct signature_alg rsa_with_sha384_alg = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha256_alg = { @@ -1308,7 +1312,8 @@ static const struct signature_alg rsa_with_sha256_alg = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha1_alg = { @@ -1321,7 +1326,8 @@ static const struct signature_alg rsa_with_sha1_alg = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_sha1_alg_secsig = { @@ -1334,7 +1340,8 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = { 0, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg rsa_with_md5_alg = { @@ -1347,7 +1354,8 @@ static const struct signature_alg rsa_with_md5_alg = { 1230739889, NULL, rsa_verify_signature, - rsa_create_signature + rsa_create_signature, + 0 }; static const struct signature_alg dsa_sha1_alg = { @@ -1361,6 +1369,7 @@ static const struct signature_alg dsa_sha1_alg = { NULL, dsa_verify_signature, /* create_signature */ NULL, + 0 }; static const struct signature_alg sha512_alg = { @@ -1373,7 +1382,8 @@ static const struct signature_alg sha512_alg = { 0, EVP_sha512, evp_md_verify_signature, - evp_md_create_signature + evp_md_create_signature, + 0 }; static const struct signature_alg sha384_alg = { @@ -1386,7 +1396,8 @@ static const struct signature_alg sha384_alg = { 0, EVP_sha384, evp_md_verify_signature, - evp_md_create_signature + evp_md_create_signature, + 0 }; static const struct signature_alg sha256_alg = { @@ -1399,7 +1410,8 @@ static const struct signature_alg sha256_alg = { 0, EVP_sha256, evp_md_verify_signature, - evp_md_create_signature + evp_md_create_signature, + 0 }; static const struct signature_alg sha1_alg = { @@ -1412,7 +1424,8 @@ static const struct signature_alg sha1_alg = { 0, EVP_sha1, evp_md_verify_signature, - evp_md_create_signature + evp_md_create_signature, + 0 }; static const struct signature_alg md5_alg = { @@ -1425,7 +1438,8 @@ static const struct signature_alg md5_alg = { 0, EVP_md5, evp_md_verify_signature, - NULL + NULL, + 0 }; /* @@ -1748,7 +1762,7 @@ hx509_private_key_private_decrypt(hx509_context context, "Failed to decrypt using private key: %d", ret); return HX509_CRYPTO_RSA_PRIVATE_DECRYPT; } - if (cleartext->length < ret) + if (cleartext->length < (size_t)ret) _hx509_abort("internal rsa decryption failure: ret > tosize"); cleartext->length = ret; @@ -2339,7 +2353,7 @@ static const struct hx509cipher ciphers[] = { static const struct hx509cipher * find_cipher_by_oid(const heim_oid *oid) { - int i; + size_t i; for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0) @@ -2351,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid) static const struct hx509cipher * find_cipher_by_name(const char *name) { - int i; + size_t i; for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) if (strcasecmp(name, ciphers[i].name) == 0) @@ -2461,7 +2475,7 @@ hx509_crypto_set_padding(hx509_crypto crypto, int padding_type) int hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) { - if (EVP_CIPHER_key_length(crypto->c) > length) + if (EVP_CIPHER_key_length(crypto->c) > (int)length) return HX509_CRYPTO_INTERNAL_ERROR; if (crypto->key.data) { @@ -2558,7 +2572,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, (crypto->flags & ALLOW_WEAK) == 0) return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; - assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length); + assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length); EVP_CIPHER_CTX_init(&evp); @@ -2598,7 +2612,7 @@ hx509_crypto_encrypt(hx509_crypto crypto, memcpy((*ciphertext)->data, data, length); if (padsize) { - int i; + size_t i; unsigned char *p = (*ciphertext)->data; p += length; for (i = 0; i < padsize; i++) @@ -2647,7 +2661,7 @@ hx509_crypto_decrypt(hx509_crypto crypto, (crypto->flags & ALLOW_WEAK) == 0) return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; - if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length) + if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length) return HX509_CRYPTO_INTERNAL_ERROR; if (crypto->key.data == NULL) @@ -2683,7 +2697,7 @@ hx509_crypto_decrypt(hx509_crypto crypto, unsigned char *p; int j, bsize = EVP_CIPHER_block_size(crypto->c); - if (clear->length < bsize) { + if ((int)clear->length < bsize) { ret = HX509_CMS_PADDING_ERROR; goto out; } @@ -2854,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context, const EVP_CIPHER *c; const EVP_MD *md; PBE_string2key_func s2k; - int i, ret = 0; + int ret = 0; + size_t i; memset(&key, 0, sizeof(key)); memset(&iv, 0, sizeof(iv)); diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c index 1770b6095..7cb4462d2 100644 --- a/lib/hx509/hxtool.c +++ b/lib/hx509/hxtool.c @@ -45,9 +45,9 @@ static int version_flag; static int help_flag; struct getargs args[] = { - { "statistic-file", 0, arg_string, &stat_file_string }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "statistic-file", 0, arg_string, &stat_file_string, NULL, NULL }, + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; int num_args = sizeof(args) / sizeof(args[0]); @@ -80,15 +80,15 @@ lock_strings(hx509_lock lock, getarg_strings *pass) */ static void -certs_strings(hx509_context context, const char *type, hx509_certs certs, +certs_strings(hx509_context contextp, const char *type, hx509_certs certs, hx509_lock lock, const getarg_strings *s) { int i, ret; for (i = 0; i < s->num_strings; i++) { - ret = hx509_certs_append(context, certs, lock, s->strings[i]); + ret = hx509_certs_append(contextp, certs, lock, s->strings[i]); if (ret) - hx509_err(context, 1, ret, + hx509_err(contextp, 1, ret, "hx509_certs_append: %s %s", type, s->strings[i]); } } @@ -114,16 +114,16 @@ parse_oid(const char *str, const heim_oid *def, heim_oid *oid) */ static void -peer_strings(hx509_context context, +peer_strings(hx509_context contextp, hx509_peer_info *peer, const getarg_strings *s) { AlgorithmIdentifier *val; int ret, i; - ret = hx509_peer_info_alloc(context, peer); + ret = hx509_peer_info_alloc(contextp, peer); if (ret) - hx509_err(context, 1, ret, "hx509_peer_info_alloc"); + hx509_err(contextp, 1, ret, "hx509_peer_info_alloc"); val = calloc(s->num_strings, sizeof(*val)); if (val == NULL) @@ -132,9 +132,9 @@ peer_strings(hx509_context context, for (i = 0; i < s->num_strings; i++) parse_oid(s->strings[i], NULL, &val[i].algorithm); - ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings); + ret = hx509_peer_info_set_cms_algs(contextp, *peer, val, s->num_strings); if (ret) - hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs"); + hx509_err(contextp, 1, ret, "hx509_peer_info_set_cms_algs"); for (i = 0; i < s->num_strings; i++) free_AlgorithmIdentifier(&val[i]); @@ -151,7 +151,7 @@ struct pem_data { }; static int -pem_reader(hx509_context context, const char *type, +pem_reader(hx509_context contextp, const char *type, const hx509_pem_header *headers, const void *data , size_t length, void *ctx) { @@ -211,22 +211,22 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) certs_strings(context, "store", store, lock, &opt->certificate_strings); if (opt->pem_flag) { - struct pem_data p; + struct pem_data pd; FILE *f; - p.os = &co; - p.detached_data = 0; + pd.os = &co; + pd.detached_data = 0; f = fopen(argv[0], "r"); if (f == NULL) err(1, "Failed to open file %s", argv[0]); - ret = hx509_pem_read(context, f, pem_reader, &p); + ret = hx509_pem_read(context, f, pem_reader, &pd); fclose(f); if (ret) errx(1, "PEM reader failed: %d", ret); - if (p.detached_data && opt->signed_content_string == NULL) { + if (pd.detached_data && opt->signed_content_string == NULL) { char *r = strrchr(argv[0], '.'); if (r && strcasecmp(r, ".pem") == 0) { char *s = strdup(argv[0]); @@ -331,7 +331,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv) } static int -print_signer(hx509_context context, void *ctx, hx509_cert cert) +print_signer(hx509_context contextp, void *ctx, hx509_cert cert) { hx509_pem_header **header = ctx; char *signer_name = NULL; @@ -801,10 +801,10 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv) hx509_err(context, 1, ret, "hx509_certs_init"); while(argc-- > 1) { - int ret; - ret = hx509_certs_append(context, certs, inlock, argv[0]); - if (ret) - hx509_err(context, 1, ret, "hx509_certs_append"); + int retx; + retx = hx509_certs_append(context, certs, inlock, argv[0]); + if (retx) + hx509_err(context, 1, retx, "hx509_certs_append"); argv++; } @@ -1534,7 +1534,7 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv) len = hex_decode(p, buf2, strlen(p)); if (len < 0) errx(1, "hex_decode failed"); - if (fwrite(buf2, 1, len, stdout) != len) + if (fwrite(buf2, 1, len, stdout) != (size_t)len) errx(1, "fwrite failed"); } } else { @@ -1558,38 +1558,38 @@ struct cert_type_opt { static int -https_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +https_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { - return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth); + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth); } static int -https_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +https_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { - return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_clientAuth); + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_clientAuth); } static int -peap_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +peap_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { - return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth); + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth); } static int -pkinit_kdc(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +pkinit_kdc(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { opt->pkinit++; - return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkkdcekuoid); + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkkdcekuoid); } static int -pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +pkinit_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { int ret; opt->pkinit++; - ret = hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkekuoid); + ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkekuoid); if (ret) return ret; @@ -1601,9 +1601,9 @@ pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt } static int -email_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) +email_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt) { - return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_emailProtection); + return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_emailProtection); } struct { @@ -1663,12 +1663,13 @@ print_eval_types(FILE *out) } static int -eval_types(hx509_context context, +eval_types(hx509_context contextp, hx509_ca_tbs tbs, const struct certificate_sign_options *opt) { struct cert_type_opt ctopt; - unsigned i, j; + int i; + size_t j; int ret; memset(&ctopt, 0, sizeof(ctopt)); @@ -1678,9 +1679,9 @@ eval_types(hx509_context context, for (j = 0; j < sizeof(certtypes)/sizeof(certtypes[0]); j++) { if (strcasecmp(type, certtypes[j].type) == 0) { - ret = (*certtypes[j].eval)(context, tbs, &ctopt); + ret = (*certtypes[j].eval)(contextp, tbs, &ctopt); if (ret) - hx509_err(context, 1, ret, + hx509_err(contextp, 1, ret, "Failed to evaluate cert type %s", type); break; } @@ -1697,47 +1698,47 @@ eval_types(hx509_context context, if (!ctopt.pkinit) errx(1, "pk-init principal given but no pk-init oid"); - ret = hx509_ca_tbs_add_san_pkinit(context, tbs, + ret = hx509_ca_tbs_add_san_pkinit(contextp, tbs, opt->pk_init_principal_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_pkinit"); } if (opt->ms_upn_string) { if (!ctopt.pkinit) errx(1, "MS upn given but no pk-init oid"); - ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string); + ret = hx509_ca_tbs_add_san_ms_upn(contextp, tbs, opt->ms_upn_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_ms_upn"); } for (i = 0; i < opt->hostname_strings.num_strings; i++) { const char *hostname = opt->hostname_strings.strings[i]; - ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname); + ret = hx509_ca_tbs_add_san_hostname(contextp, tbs, hostname); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname"); } for (i = 0; i < opt->email_strings.num_strings; i++) { const char *email = opt->email_strings.strings[i]; - ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email); + ret = hx509_ca_tbs_add_san_rfc822name(contextp, tbs, email); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname"); - ret = hx509_ca_tbs_add_eku(context, tbs, + ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_emailProtection); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_eku"); } if (opt->jid_string) { - ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string); + ret = hx509_ca_tbs_add_san_jid(contextp, tbs, opt->jid_string); if (ret) - hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid"); + hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_jid"); } return 0; diff --git a/lib/hx509/ks_dir.c b/lib/hx509/ks_dir.c index 8c8c6e50c..94d44b712 100644 --- a/lib/hx509/ks_dir.c +++ b/lib/hx509/ks_dir.c @@ -202,16 +202,12 @@ dir_iter_end(hx509_context context, static struct hx509_keyset_ops keyset_dir = { - "DIR", - 0, - dir_init, - NULL, - dir_free, - NULL, - NULL, - dir_iter_start, - dir_iter, - dir_iter_end + .name = "DIR", + .init = dir_init, + .free = dir_free, + .iter_start = dir_iter_start, + .iter = dir_iter, + .iter_end = dir_iter_end, }; void diff --git a/lib/hx509/ks_file.c b/lib/hx509/ks_file.c index ecd3a6eda..d8927eb1e 100644 --- a/lib/hx509/ks_file.c +++ b/lib/hx509/ks_file.c @@ -177,7 +177,8 @@ parse_pem_private_key(hx509_context context, const char *fn, const EVP_CIPHER *cipher; const struct _hx509_password *pw; hx509_lock lock; - int i, decrypted = 0; + int decrypted = 0; + size_t i; lock = _hx509_collector_get_lock(c); if (lock == NULL) { @@ -329,7 +330,8 @@ pem_func(hx509_context context, const char *type, const void *data, size_t len, void *ctx) { struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx; - int ret = 0, j; + int ret = 0; + size_t j; for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { const char *q = formats[j].name; @@ -436,7 +438,7 @@ file_init_common(hx509_context context, else if (ret == HX509_PARSING_KEY_FAILED) { size_t length; void *ptr; - int i; + size_t i; ret = rk_undumpdata(p, &ptr, &length); if (ret) { diff --git a/lib/hx509/ks_p11.c b/lib/hx509/ks_p11.c index 30f5343b0..5a21ca8cc 100644 --- a/lib/hx509/ks_p11.c +++ b/lib/hx509/ks_p11.c @@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen, } ret = P11FUNC(p11rsa->p, Sign, - (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize)); p11_put_session(p11rsa->p, p11rsa->slot, session); if (ret != CKR_OK) return -1; @@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to, } ret = P11FUNC(p11rsa->p, Decrypt, - (session, (CK_BYTE *)from, flen, to, &ck_sigsize)); + (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize)); p11_put_session(p11rsa->p, p11rsa->slot, session); if (ret != CKR_OK) return -1; @@ -878,7 +878,8 @@ p11_init(hx509_context context, { CK_SLOT_ID_PTR slot_ids; - int i, num_tokens = 0; + int num_tokens = 0; + size_t i; slot_ids = malloc(p->num_slots * sizeof(*slot_ids)); if (slot_ids == NULL) { @@ -933,7 +934,7 @@ p11_init(hx509_context context, static void p11_release_module(struct p11_module *p) { - int i; + size_t i; if (p->ref == 0) _hx509_abort("pkcs11 ref to low"); @@ -957,7 +958,7 @@ p11_release_module(struct p11_module *p) free(p->slot[i].mechs.list); if (p->slot[i].mechs.infos) { - int j; + size_t j; for (j = 0 ; j < p->slot[i].mechs.num ; j++) free(p->slot[i].mechs.infos[j]); @@ -981,7 +982,7 @@ static int p11_free(hx509_certs certs, void *data) { struct p11_module *p = data; - int i; + size_t i; for (i = 0; i < p->num_slots; i++) { if (p->slot[i].certs) @@ -1002,7 +1003,8 @@ p11_iter_start(hx509_context context, { struct p11_module *p = data; struct p11_cursor *c; - int ret, i; + int ret; + size_t i; c = malloc(sizeof(*c)); if (c == NULL) { @@ -1103,7 +1105,7 @@ p11_printinfo(hx509_context context, void *ctx) { struct p11_module *p = data; - int i, j; + size_t i, j; _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", p->num_slots, p->num_slots > 1 ? "s" : ""); diff --git a/lib/hx509/ks_p12.c b/lib/hx509/ks_p12.c index 704cf071d..31ed88345 100644 --- a/lib/hx509/ks_p12.c +++ b/lib/hx509/ks_p12.c @@ -56,7 +56,7 @@ parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *, static const PKCS12_Attribute * find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) { - int i; + size_t i; if (attrs == NULL) return NULL; for (i = 0; i < attrs->len; i++) @@ -168,7 +168,7 @@ certBag_parser(hx509_context context, const heim_oid *oids[] = { &asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName }; - int i; + size_t i; for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { const heim_oid *oid = oids[i]; @@ -190,7 +190,8 @@ parse_safe_content(hx509_context context, const unsigned char *p, size_t len) { PKCS12_SafeContents sc; - int ret, i; + int ret; + size_t i; memset(&sc, 0, sizeof(sc)); @@ -310,7 +311,7 @@ parse_pkcs12_type(hx509_context context, const void *data, size_t length, const PKCS12_Attributes *attrs) { - int i; + size_t i; for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0) @@ -327,7 +328,8 @@ p12_init(hx509_context context, void *buf; PKCS12_PFX pfx; PKCS12_AuthenticatedSafe as; - int ret, i; + int ret; + size_t i; struct hx509_collector *c; *data = NULL; diff --git a/lib/hx509/lock.c b/lib/hx509/lock.c index 07e9d3612..b72d45962 100644 --- a/lib/hx509/lock.c +++ b/lib/hx509/lock.c @@ -121,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock) void hx509_lock_reset_passwords(hx509_lock lock) { - int i; + size_t i; for (i = 0; i < lock->password.len; i++) free(lock->password.val[i]); free(lock->password.val); diff --git a/lib/hx509/name.c b/lib/hx509/name.c index 83b8f86d4..492f5f367 100644 --- a/lib/hx509/name.c +++ b/lib/hx509/name.c @@ -66,17 +66,17 @@ static const struct { const heim_oid *o; wind_profile_flags flags; } no[] = { - { "C", &asn1_oid_id_at_countryName }, - { "CN", &asn1_oid_id_at_commonName }, - { "DC", &asn1_oid_id_domainComponent }, - { "L", &asn1_oid_id_at_localityName }, - { "O", &asn1_oid_id_at_organizationName }, - { "OU", &asn1_oid_id_at_organizationalUnitName }, - { "S", &asn1_oid_id_at_stateOrProvinceName }, - { "STREET", &asn1_oid_id_at_streetAddress }, - { "UID", &asn1_oid_id_Userid }, - { "emailAddress", &asn1_oid_id_pkcs9_emailAddress }, - { "serialNumber", &asn1_oid_id_at_serialNumber } + { "C", &asn1_oid_id_at_countryName, 0 }, + { "CN", &asn1_oid_id_at_commonName, 0 }, + { "DC", &asn1_oid_id_domainComponent, 0 }, + { "L", &asn1_oid_id_at_localityName, 0 }, + { "O", &asn1_oid_id_at_organizationName, 0 }, + { "OU", &asn1_oid_id_at_organizationalUnitName, 0 }, + { "S", &asn1_oid_id_at_stateOrProvinceName, 0 }, + { "STREET", &asn1_oid_id_at_streetAddress, 0 }, + { "UID", &asn1_oid_id_Userid, 0 }, + { "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 }, + { "serialNumber", &asn1_oid_id_at_serialNumber, 0 } }; static char * @@ -159,7 +159,8 @@ oidtostring(const heim_oid *type) static int stringtooid(const char *name, size_t len, heim_oid *oid) { - int i, ret; + int ret; + size_t i; char *s; memset(oid, 0, sizeof(*oid)); @@ -200,14 +201,16 @@ int _hx509_Name_to_string(const Name *n, char **str) { size_t total_len = 0; - int i, j, ret; + size_t i, j, m; + int ret; *str = strdup(""); if (*str == NULL) return ENOMEM; - for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) { + for (m = n->u.rdnSequence.len; m > 0; m--) { size_t len; + i = m - 1; for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value; @@ -438,7 +441,8 @@ _hx509_name_ds_cmp(const DirectoryString *ds1, int _hx509_name_cmp(const Name *n1, const Name *n2, int *c) { - int ret, i, j; + int ret; + size_t i, j; *c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; if (*c) @@ -610,7 +614,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name) goto out; } - if ((q - p) > len) { + if ((size_t)(q - p) > len) { ret = HX509_PARSING_NAME_FAILED; hx509_set_error_string(context, 0, ret, " = after , in %s", p); goto out; @@ -727,7 +731,7 @@ hx509_name_expand(hx509_context context, hx509_env env) { Name *n = &name->der_name; - int i, j; + size_t i, j; if (env == NULL) return 0; diff --git a/lib/hx509/print.c b/lib/hx509/print.c index 56e4f7211..998816d80 100644 --- a/lib/hx509/print.c +++ b/lib/hx509/print.c @@ -163,7 +163,7 @@ void hx509_bitstring_print(const heim_bit_string *b, hx509_vprint_func func, void *ctx) { - int i; + size_t i; print_func(func, ctx, "\tlength: %d\n\t", b->length); for (i = 0; i < (b->length + 7) / 8; i++) print_func(func, ctx, "%02x%s%s", @@ -481,7 +481,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx, { CRLDistributionPoints dp; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); @@ -499,7 +500,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx, if (dp.val[i].distributionPoint) { DistributionPointName dpname; heim_any *data = dp.val[i].distributionPoint; - int j; + size_t j; ret = decode_DistributionPointName(data->data, data->length, &dpname, NULL); @@ -565,7 +566,8 @@ check_altName(hx509_validate_ctx ctx, { GeneralNames gn; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); @@ -717,7 +719,8 @@ check_authorityInfoAccess(hx509_validate_ctx ctx, { AuthorityInfoAccessSyntax aia; size_t size; - int ret, i; + int ret; + size_t i; check_Null(ctx, status, cf, e); @@ -773,7 +776,7 @@ struct { { ext(certificateIssuer, Null), M_C }, { ext(nameConstraints, Null), M_C }, { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C }, - { ext(certificatePolicies, Null) }, + { ext(certificatePolicies, Null), 0 }, { ext(policyMappings, Null), M_N_C }, { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C }, { ext(policyConstraints, Null), D_C }, @@ -789,7 +792,7 @@ struct { check_Null, D_C }, { "Netscape cert comment", &asn1_oid_id_netscape_cert_comment, check_Null, D_C }, - { NULL } + { NULL, NULL, NULL, 0 } }; /** @@ -936,7 +939,7 @@ hx509_validate_cert(hx509_context context, free(str); if (t->extensions) { - int i, j; + size_t i, j; if (t->extensions->len == 0) { validate_print(ctx, diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c index 6d2cac4af..715438d4b 100644 --- a/lib/hx509/revoke.c +++ b/lib/hx509/revoke.c @@ -349,7 +349,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp) } if (basic.certs) { - int i; + size_t i; ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, NULL, &certs); @@ -760,8 +760,7 @@ hx509_revoke_verify(hx509_context context, if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) continue; - } else - /* Should force a refetch, but can we ? */; + } /* else should force a refetch, but can we ? */ return 0; } @@ -1076,7 +1075,8 @@ int hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) { struct revoke_ocsp ocsp; - int ret, i; + int ret; + size_t i; if (out == NULL) out = stdout; @@ -1141,7 +1141,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) status = "element unknown"; } - fprintf(out, "\t%d. status: %s\n", i, status); + fprintf(out, "\t%zu. status: %s\n", i, status); fprintf(out, "\tthisUpdate: %s\n", printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); @@ -1188,7 +1188,8 @@ hx509_ocsp_verify(hx509_context context, { const Certificate *c = _hx509_get_cert(cert); OCSPBasicOCSPResponse basic; - int ret, i; + int ret; + size_t i; if (now == 0) now = time(NULL); diff --git a/lib/hx509/sel.c b/lib/hx509/sel.c index 561818c9f..00adc457e 100644 --- a/lib/hx509/sel.c +++ b/lib/hx509/sel.c @@ -223,7 +223,7 @@ _hx509_expr_parse(const char *buf) } void -_hx509_sel_yyerror (char *s) +_hx509_sel_yyerror (const char *s) { if (_hx509_expr_input.error) free(_hx509_expr_input.error); diff --git a/lib/hx509/sel.h b/lib/hx509/sel.h index 1dfc41818..177ec0a65 100644 --- a/lib/hx509/sel.h +++ b/lib/hx509/sel.h @@ -78,5 +78,5 @@ extern struct hx_expr_input _hx509_expr_input; int _hx509_sel_yyparse(void); int _hx509_sel_yylex(void); -void _hx509_sel_yyerror(char *); +void _hx509_sel_yyerror(const char *); diff --git a/lib/hx509/softp11.c b/lib/hx509/softp11.c index 0496b35b7..496423205 100644 --- a/lib/hx509/softp11.c +++ b/lib/hx509/softp11.c @@ -140,9 +140,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) va_start(ap, fmt); len = vsnprintf(str, size, fmt, ap); va_end(ap); - if (len < 0 || len > size) + if (len < 0 || (size_t)len > size) return; - while(len < size) + while ((size_t)len < size) str[len++] = fillchar; } @@ -152,9 +152,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...) #define VERIFY_SESSION_HANDLE(s, state) \ { \ - CK_RV ret; \ - ret = verify_session_handle(s, state); \ - if (ret != CKR_OK) { \ + CK_RV xret; \ + xret = verify_session_handle(s, state); \ + if (xret != CKR_OK) { \ /* return CKR_OK */; \ } \ } @@ -163,7 +163,7 @@ static CK_RV verify_session_handle(CK_SESSION_HANDLE hSession, struct session_state **state) { - int i; + size_t i; for (i = 0; i < MAX_NUM_SESSION; i++){ if (soft_token.state[i].session_handle == hSession) @@ -421,6 +421,7 @@ struct foo { static int add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) { + static char empty[] = ""; struct foo *foo = (struct foo *)ctx; struct st_object *o = NULL; CK_OBJECT_CLASS type; @@ -520,8 +521,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); - add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ - add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ + add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */ + add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); mech_type = CKM_RSA_X_509; @@ -557,8 +558,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); - add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ - add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ + add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */ + add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */ add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); mech_type = CKM_RSA_X_509; @@ -859,7 +860,7 @@ C_Initialize(CK_VOID_PTR a) { CK_C_INITIALIZE_ARGS_PTR args = a; CK_RV ret; - int i; + size_t i; st_logf("Initialize\n"); @@ -916,7 +917,7 @@ C_Initialize(CK_VOID_PTR a) CK_RV C_Finalize(CK_VOID_PTR args) { - int i; + size_t i; INIT_CONTEXT(); @@ -1112,7 +1113,7 @@ C_OpenSession(CK_SLOT_ID slotID, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession) { - int i; + size_t i; INIT_CONTEXT(); st_logf("OpenSession: slot: %d\n", (int)slotID); @@ -1155,7 +1156,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession) CK_RV C_CloseAllSessions(CK_SLOT_ID slotID) { - int i; + size_t i; INIT_CONTEXT(); st_logf("CloseAllSessions\n"); @@ -1429,7 +1430,7 @@ commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len, static CK_RV -dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) +dup_mechanism(CK_MECHANISM_PTR *dp, const CK_MECHANISM_PTR pMechanism) { CK_MECHANISM_PTR p; @@ -1437,9 +1438,9 @@ dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) if (p == NULL) return CKR_DEVICE_MEMORY; - if (*dup) - free(*dup); - *dup = p; + if (*dp) + free(*dp); + *dp = p; memcpy(p, pMechanism, sizeof(*p)); return CKR_OK; diff --git a/lib/ipc/client.c b/lib/ipc/client.c index a99c852b3..a9d4798e2 100644 --- a/lib/ipc/client.c +++ b/lib/ipc/client.c @@ -393,7 +393,7 @@ unix_socket_ipc(void *ctx, if (net_write(s->fd, &len, sizeof(len)) != sizeof(len)) return -1; - if (net_write(s->fd, req->data, req->length) != req->length) + if (net_write(s->fd, req->data, req->length) != (ssize_t)req->length) return -1; if (net_read(s->fd, &len, sizeof(len)) != sizeof(len)) @@ -407,7 +407,7 @@ unix_socket_ipc(void *ctx, rep->data = malloc(rep->length); if (rep->data == NULL) return -1; - if (net_read(s->fd, rep->data, rep->length) != rep->length) + if (net_read(s->fd, rep->data, rep->length) != (ssize_t)rep->length) return -1; } else rep->data = NULL; @@ -489,9 +489,9 @@ struct hipc_ops ipcs[] = { { "MACH", mach_init, mach_release, mach_ipc, mach_async }, #endif #ifdef HAVE_DOOR - { "DOOR", door_init, common_release, door_ipc } + { "DOOR", door_init, common_release, door_ipc, NULL } #endif - { "UNIX", unix_socket_init, common_release, unix_socket_ipc } + { "UNIX", unix_socket_init, common_release, unix_socket_ipc, NULL } }; struct heim_ipc { @@ -546,29 +546,29 @@ heim_ipc_free_context(heim_ipc ctx) } int -heim_ipc_call(heim_ipc ctx, const heim_idata *send, heim_idata *recv, +heim_ipc_call(heim_ipc ctx, const heim_idata *snd, heim_idata *rcv, heim_icred *cred) { if (cred) *cred = NULL; - return (ctx->ops->ipc)(ctx->ctx, send, recv, cred); + return (ctx->ops->ipc)(ctx->ctx, snd, rcv, cred); } int -heim_ipc_async(heim_ipc ctx, const heim_idata *send, void *userctx, +heim_ipc_async(heim_ipc ctx, const heim_idata *snd, void *userctx, void (*func)(void *, int, heim_idata *, heim_icred)) { if (ctx->ops->async == NULL) { - heim_idata recv; + heim_idata rcv; heim_icred cred = NULL; int ret; - ret = (ctx->ops->ipc)(ctx->ctx, send, &recv, &cred); - (*func)(userctx, ret, &recv, cred); + ret = (ctx->ops->ipc)(ctx->ctx, snd, &rcv, &cred); + (*func)(userctx, ret, &rcv, cred); heim_ipc_free_cred(cred); - free(recv.data); + free(rcv.data); return ret; } else { - return (ctx->ops->async)(ctx->ctx, send, userctx, func); + return (ctx->ops->async)(ctx->ctx, snd, userctx, func); } } diff --git a/lib/ipc/server.c b/lib/ipc/server.c index 4e425247a..bfa3c937a 100644 --- a/lib/ipc/server.c +++ b/lib/ipc/server.c @@ -557,7 +557,7 @@ update_client_creds(struct client *c) #endif #if defined(SOCKCREDSIZE) && defined(SCM_CREDS) /* NetBSD */ - if (c->unixrights.uid == -1) { + if (c->unixrights.uid == (uid_t)-1) { struct msghdr msg; socklen_t crmsgsize; void *crmsg; @@ -959,7 +959,7 @@ handle_write(struct client *c) if (len <= 0) { c->flags |= WAITING_CLOSE; c->flags &= ~(WAITING_WRITE); - } else if (c->olen != len) { + } else if (c->olen != (size_t)len) { memmove(&c->outmsg[0], &c->outmsg[len], c->olen - len); c->olen -= len; } else { diff --git a/lib/kadm5/acl.c b/lib/kadm5/acl.c index 382c0e288..5e263a325 100644 --- a/lib/kadm5/acl.c +++ b/lib/kadm5/acl.c @@ -44,7 +44,7 @@ static struct units acl_units[] = { { "modify", KADM5_PRIV_MODIFY }, { "add", KADM5_PRIV_ADD }, { "get", KADM5_PRIV_GET }, - { NULL } + { NULL, 0 } }; kadm5_ret_t diff --git a/lib/kadm5/get_s.c b/lib/kadm5/get_s.c index 9e6ae1c90..0372e6f84 100644 --- a/lib/kadm5/get_s.c +++ b/lib/kadm5/get_s.c @@ -142,7 +142,7 @@ kadm5_s_get_principal(void *server_handle, if(mask & KADM5_KVNO) out->kvno = ent.entry.kvno; if(mask & KADM5_MKVNO) { - int n; + size_t n; out->mkvno = 0; /* XXX */ for(n = 0; n < ent.entry.keys.len; n++) if(ent.entry.keys.val[n].mkvno) { @@ -169,7 +169,7 @@ kadm5_s_get_principal(void *server_handle, out->max_renewable_life = INT_MAX; } if(mask & KADM5_KEY_DATA){ - int i; + size_t i; Key *key; krb5_key_data *kd; krb5_salt salt; diff --git a/lib/kadm5/iprop-log.c b/lib/kadm5/iprop-log.c index deebef90c..b201de66d 100644 --- a/lib/kadm5/iprop-log.c +++ b/lib/kadm5/iprop-log.c @@ -124,7 +124,7 @@ print_entry(kadm5_server_context *server_context, strftime(t, sizeof(t), "%Y-%m-%d %H:%M:%S", localtime(×tamp)); - if(op < kadm_get || op > kadm_nop) { + if((int)op < (int)kadm_get || (int)op > (int)kadm_nop) { printf("unknown op: %d\n", op); krb5_storage_seek(sp, end, SEEK_SET); return; @@ -350,8 +350,8 @@ apply_entry(kadm5_server_context *server_context, struct replay_options *opt = ctx; krb5_error_code ret; - if((opt->start_version_integer != -1 && ver < opt->start_version_integer) || - (opt->end_version_integer != -1 && ver > opt->end_version_integer)) { + if((opt->start_version_integer != -1 && ver < (uint32_t)opt->start_version_integer) || + (opt->end_version_integer != -1 && ver > (uint32_t)opt->end_version_integer)) { /* XXX skip this entry */ krb5_storage_seek(sp, len, SEEK_CUR); return; @@ -426,8 +426,11 @@ help(void *opt, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + static char shelp[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = shelp; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/lib/kadm5/ipropd_master.c b/lib/kadm5/ipropd_master.c index d48caf205..7243af3c5 100644 --- a/lib/kadm5/ipropd_master.c +++ b/lib/kadm5/ipropd_master.c @@ -575,7 +575,7 @@ process_msg (krb5_context context, slave *s, int log_fd, } /* new started slave that have old log */ if (s->version == 0 && tmp != 0) { - if (current_version < tmp) { + if (current_version < (uint32_t)tmp) { krb5_warnx (context, "Slave %s (version %lu) have later version " "the master (version %lu) OUT OF SYNC", s->name, (unsigned long)tmp, @@ -583,7 +583,7 @@ process_msg (krb5_context context, slave *s, int log_fd, } s->version = tmp; } - if (tmp < s->version) { + if ((uint32_t)tmp < s->version) { krb5_warnx (context, "Slave claims to not have " "version we already sent to it"); } else { @@ -720,10 +720,11 @@ write_stats(krb5_context context, slave *slaves, uint32_t current_version) } +static char sHDB[] = "HDB:"; static char *realm; static int version_flag; static int help_flag; -static char *keytab_str = "HDB:"; +static char *keytab_str = sHDB; static char *database; static char *config_file; static char *port_str; @@ -732,8 +733,8 @@ static int detach_from_console = 0; #endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "database", 'd', arg_string, &database, "database", "file"}, @@ -747,12 +748,12 @@ static struct getargs args[] = { "port ipropd will listen to", "port"}, #ifdef SUPPORT_DETACH { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, + "detach from console", NULL }, #endif { "hostname", 0, arg_string, rk_UNCONST(&master_hostname), "hostname of master (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/kadm5/ipropd_slave.c b/lib/kadm5/ipropd_slave.c index 306428705..69c8bae88 100644 --- a/lib/kadm5/ipropd_slave.c +++ b/lib/kadm5/ipropd_slave.c @@ -38,7 +38,8 @@ RCSID("$Id$"); static const char *config_name = "ipropd-slave"; static krb5_log_facility *log_facility; -static char *server_time_lost = "5 min"; +static char five_min[] = "5 min"; +static char *server_time_lost = five_min; static int time_before_lost; const char *slave_str = NULL; @@ -198,9 +199,9 @@ receive_loop (krb5_context context, krb5_ret_int32 (sp, &tmp); op = tmp; krb5_ret_int32 (sp, &len); - if (vers <= server_context->log_context.version) + if ((uint32_t)vers <= server_context->log_context.version) krb5_storage_seek(sp, len + 8, SEEK_CUR); - } while(vers <= server_context->log_context.version); + } while((uint32_t)vers <= server_context->log_context.version); /* * Read up rest of the entires into the memory... @@ -460,8 +461,8 @@ static int detach_from_console = 0; #endif static struct getargs args[] = { - { "config-file", 'c', arg_string, &config_file }, - { "realm", 'r', arg_string, &realm }, + { "config-file", 'c', arg_string, &config_file, NULL, NULL }, + { "realm", 'r', arg_string, &realm, NULL, NULL }, { "keytab", 'k', arg_string, &keytab_str, "keytab to get authentication from", "kspec" }, { "time-lost", 0, arg_string, &server_time_lost, @@ -470,12 +471,12 @@ static struct getargs args[] = { "port ipropd-slave will connect to", "port"}, #ifdef SUPPORT_DETACH { "detach", 0, arg_flag, &detach_from_console, - "detach from console" }, + "detach from console", NULL }, #endif { "hostname", 0, arg_string, rk_UNCONST(&slave_str), "hostname of slave (if not same as hostname)", "hostname" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } + { "version", 0, arg_flag, &version_flag, NULL, NULL }, + { "help", 0, arg_flag, &help_flag, NULL, NULL } }; static int num_args = sizeof(args) / sizeof(args[0]); diff --git a/lib/kadm5/keys.c b/lib/kadm5/keys.c index 9a8415d84..d46b8db73 100644 --- a/lib/kadm5/keys.c +++ b/lib/kadm5/keys.c @@ -70,7 +70,7 @@ _kadm5_init_keys (Key *keys, int len) int _kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2) { - unsigned int i, j; + int i, j; for (i = 0; i < len1; ++i) { for (j = 0; j < len2; j++) { diff --git a/lib/kadm5/log.c b/lib/kadm5/log.c index 425e0df0c..05b84b1e0 100644 --- a/lib/kadm5/log.c +++ b/lib/kadm5/log.c @@ -193,12 +193,12 @@ kadm5_log_flush (kadm5_log_context *log_context, { krb5_data data; size_t len; - int ret; + ssize_t ret; krb5_storage_to_data(sp, &data); len = data.length; ret = write (log_context->log_fd, data.data, len); - if (ret != len) { + if (ret < 0 || (size_t)ret != len) { krb5_data_free(&data); return errno; } @@ -696,7 +696,7 @@ kadm5_log_replay_modify (kadm5_server_context *context, } if (mask & KADM5_KEY_DATA) { size_t num; - int i; + size_t i; for (i = 0; i < ent.entry.keys.len; ++i) free_Key(&ent.entry.keys.val[i]); @@ -880,7 +880,7 @@ kadm5_log_previous (krb5_context context, ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *ver) { + if ((uint32_t)tmp != *ver) { krb5_storage_seek(sp, oldoff, SEEK_SET); krb5_set_error_message(context, KADM5_BAD_DB, "kadm5_log_previous: log entry " @@ -901,7 +901,7 @@ kadm5_log_previous (krb5_context context, ret = krb5_ret_int32 (sp, &tmp); if (ret) goto end_of_storage; - if (tmp != *len) { + if ((uint32_t)tmp != *len) { krb5_storage_seek(sp, oldoff, SEEK_SET); krb5_set_error_message(context, KADM5_BAD_DB, "kadm5_log_previous: log entry " diff --git a/lib/kadm5/password_quality.c b/lib/kadm5/password_quality.c index cb82567f5..e632e25e9 100644 --- a/lib/kadm5/password_quality.c +++ b/lib/kadm5/password_quality.c @@ -95,8 +95,8 @@ char_class_passwd_quality (krb5_context context, "1234567890", "!@#$%^&*()/?<>,.{[]}\\|'~`\" " }; - int i, counter = 0, req_classes; - size_t len; + int counter = 0, req_classes; + size_t i, len; char *pw; req_classes = krb5_config_get_int_default(context, NULL, 3, @@ -234,7 +234,7 @@ struct kadm5_pw_policy_check_func builtin_funcs[] = { { "minimum-length", min_length_passwd_quality }, { "character-class", char_class_passwd_quality }, { "external-check", external_passwd_quality }, - { NULL } + { NULL, NULL } }; struct kadm5_pw_policy_verifier builtin_verifier = { "builtin", diff --git a/lib/kadm5/rename_s.c b/lib/kadm5/rename_s.c index c29292bad..08351290c 100644 --- a/lib/kadm5/rename_s.c +++ b/lib/kadm5/rename_s.c @@ -62,7 +62,7 @@ kadm5_s_rename_principal(void *server_handle, goto out2; { /* fix salt */ - int i; + size_t i; Salt salt; krb5_salt salt2; memset(&salt, 0, sizeof(salt)); diff --git a/lib/kadm5/set_keys.c b/lib/kadm5/set_keys.c index 760173490..ea0b816c1 100644 --- a/lib/kadm5/set_keys.c +++ b/lib/kadm5/set_keys.c @@ -201,8 +201,8 @@ _kadm5_set_keys_randomly (kadm5_server_context *context, { krb5_keyblock *kblock = NULL; kadm5_ret_t ret = 0; - int i, des_keyblock; - size_t num_keys; + int des_keyblock; + size_t i, num_keys; Key *keys; ret = hdb_generate_key_set(context->context, ent->principal, diff --git a/lib/kafs/kafs.h b/lib/kafs/kafs.h index e80882bf6..dd20cab52 100644 --- a/lib/kafs/kafs.h +++ b/lib/kafs/kafs.h @@ -89,8 +89,8 @@ struct ViceIoctl { caddr_t in, out; - short in_size; - short out_size; + unsigned short in_size; + unsigned short out_size; }; struct ClearToken { diff --git a/lib/krb5/acache.c b/lib/krb5/acache.c index 6f20cdcf6..b7a5a0654 100644 --- a/lib/krb5/acache.c +++ b/lib/krb5/acache.c @@ -78,7 +78,7 @@ static const struct { static krb5_error_code translate_cc_error(krb5_context context, cc_int32 error) { - int i; + size_t i; krb5_clear_error_message(context); for(i = 0; i < sizeof(cc_errors)/sizeof(cc_errors[0]); i++) if (cc_errors[i].error == error) @@ -337,7 +337,7 @@ make_ccred_from_cred(krb5_context context, cc_credentials_v5_t *cred) { krb5_error_code ret; - int i; + size_t i; memset(cred, 0, sizeof(*cred)); @@ -1114,7 +1114,9 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops = { acc_move, acc_get_default_name, acc_set_default, - acc_lastchange + acc_lastchange, + NULL, + NULL, }; #endif diff --git a/lib/krb5/addr_families.c b/lib/krb5/addr_families.c index 23c4e8ef7..768d77628 100644 --- a/lib/krb5/addr_families.c +++ b/lib/krb5/addr_families.c @@ -354,7 +354,7 @@ ipv6_print_addr (const krb5_address *addr, char *str, size_t len) if(inet_ntop(AF_INET6, addr->address.data, buf, sizeof(buf)) == NULL) { /* XXX this is pretty ugly, but better than abort() */ - int i; + size_t i; unsigned char *p = addr->address.data; buf[0] = '\0'; for(i = 0; i < addr->address.length; i++) { @@ -821,7 +821,7 @@ find_af(int af) } static struct addr_operations * -find_atype(int atype) +find_atype(krb5_address_type atype) { struct addr_operations *a; @@ -1111,17 +1111,17 @@ krb5_print_address (const krb5_address *addr, if (a == NULL || a->print_addr == NULL) { char *s; int l; - int i; + size_t i; s = str; l = snprintf(s, len, "TYPE_%d:", addr->addr_type); - if (l < 0 || l >= len) + if (l < 0 || (size_t)l >= len) return EINVAL; s += l; len -= l; for(i = 0; i < addr->address.length; i++) { l = snprintf(s, len, "%02x", ((char*)addr->address.data)[i]); - if (l < 0 || l >= len) + if (l < 0 || (size_t)l >= len) return EINVAL; len -= l; s += l; @@ -1307,7 +1307,7 @@ krb5_address_search(krb5_context context, const krb5_address *addr, const krb5_addresses *addrlist) { - int i; + size_t i; for (i = 0; i < addrlist->len; ++i) if (krb5_address_compare (context, addr, &addrlist->val[i])) @@ -1355,7 +1355,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_free_addresses(krb5_context context, krb5_addresses *addresses) { - int i; + size_t i; for(i = 0; i < addresses->len; i++) krb5_free_address(context, &addresses->val[i]); free(addresses->val); @@ -1406,7 +1406,7 @@ krb5_copy_addresses(krb5_context context, const krb5_addresses *inaddr, krb5_addresses *outaddr) { - int i; + size_t i; ALLOC_SEQ(outaddr, inaddr->len); if(inaddr->len > 0 && outaddr->val == NULL) return ENOMEM; @@ -1435,7 +1435,7 @@ krb5_append_addresses(krb5_context context, { krb5_address *tmp; krb5_error_code ret; - int i; + size_t i; if(source->len > 0) { tmp = realloc(dest->val, (dest->len + source->len) * sizeof(*tmp)); if(tmp == NULL) { diff --git a/lib/krb5/changepw.c b/lib/krb5/changepw.c index 22a7c87ef..4373f700b 100644 --- a/lib/krb5/changepw.c +++ b/lib/krb5/changepw.c @@ -276,7 +276,7 @@ process_reply (krb5_context context, { krb5_error_code ret; u_char reply[1024 * 3]; - ssize_t len; + size_t len; uint16_t pkt_len, pkt_ver; krb5_data ap_rep_data; int save_errno; @@ -328,7 +328,7 @@ process_reply (krb5_context context, if (len < 6) { str2data (result_string, "server %s sent to too short message " - "(%ld bytes)", host, (long)len); + "(%zu bytes)", host, len); *result_code = KRB5_KPASSWD_MALFORMED; return 0; } @@ -496,7 +496,7 @@ static struct kpwd_proc { chgpw_send_request, process_reply }, - { NULL } + { NULL, 0, NULL, NULL } }; /* diff --git a/lib/krb5/config_file.c b/lib/krb5/config_file.c index 89f778823..09d9e19d4 100644 --- a/lib/krb5/config_file.c +++ b/lib/krb5/config_file.c @@ -63,7 +63,7 @@ config_fgets(char *str, size_t len, struct fileptr *ptr) p = ptr->s + strcspn(ptr->s, "\n"); if(*p == '\n') p++; - l = min(len, p - ptr->s); + l = min(len, (size_t)(p - ptr->s)); if(len > 0) { memcpy(str, ptr->s, l); str[l] = '\0'; @@ -91,7 +91,7 @@ _krb5_config_get_entry(krb5_config_section **parent, const char *name, int type) for(q = parent; *q != NULL; q = &(*q)->next) if(type == krb5_config_list && - type == (*q)->type && + (unsigned)type == (*q)->type && strcmp(name, (*q)->name) == 0) return *q; *q = calloc(1, sizeof(**q)); @@ -635,7 +635,7 @@ vget_next(krb5_context context, const char *p = va_arg(args, const char *); while(b != NULL) { if(strcmp(b->name, name) == 0) { - if(b->type == type && p == NULL) { + if(b->type == (unsigned)type && p == NULL) { *pointer = b; return b->u.generic; } else if(b->type == krb5_config_list && p != NULL) { @@ -675,7 +675,7 @@ _krb5_config_vget_next (krb5_context context, /* we were called again, so just look for more entries with the same name and type */ for (b = (*pointer)->next; b != NULL; b = b->next) { - if(strcmp(b->name, (*pointer)->name) == 0 && b->type == type) { + if(strcmp(b->name, (*pointer)->name) == 0 && b->type == (unsigned)type) { *pointer = b; return b->u.generic; } @@ -865,7 +865,7 @@ krb5_config_get_string_default (krb5_context context, } static char * -next_component_string(char * begin, char * delims, char **state) +next_component_string(char * begin, const char * delims, char **state) { char * end; diff --git a/lib/krb5/crypto-des.c b/lib/krb5/crypto-des.c index 1c062b5e6..63ce901d9 100644 --- a/lib/krb5/crypto-des.c +++ b/lib/krb5/crypto-des.c @@ -77,7 +77,9 @@ static struct _krb5_key_type keytype_des_old = { krb5_DES_random_key, krb5_DES_schedule_old, _krb5_des_salt, - krb5_DES_random_to_key + krb5_DES_random_to_key, + NULL, + NULL }; static struct _krb5_key_type keytype_des = { diff --git a/lib/krb5/crypto-evp.c b/lib/krb5/crypto-evp.c index 3f9cd57bb..e8fb1caf6 100644 --- a/lib/krb5/crypto-evp.c +++ b/lib/krb5/crypto-evp.c @@ -98,7 +98,7 @@ _krb5_evp_encrypt_cts(krb5_context context, { size_t i, blocksize; struct _krb5_evp_schedule *ctx = key->schedule->data; - char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; + unsigned char tmp[EVP_MAX_BLOCK_LENGTH], ivec2[EVP_MAX_BLOCK_LENGTH]; EVP_CIPHER_CTX *c; unsigned char *p; @@ -142,7 +142,7 @@ _krb5_evp_encrypt_cts(krb5_context context, if (ivec) memcpy(ivec, p, blocksize); } else { - char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH]; + unsigned char tmp2[EVP_MAX_BLOCK_LENGTH], tmp3[EVP_MAX_BLOCK_LENGTH]; p = data; if (len > blocksize * 2) { diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 5d274e9af..a8a3df9cd 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -180,7 +180,7 @@ _krb5_internal_hmac(krb5_context context, unsigned char *ipad, *opad; unsigned char *key; size_t key_len; - int i; + size_t i; ipad = malloc(cm->blocksize + len); if (ipad == NULL) @@ -311,7 +311,7 @@ get_checksum_key(krb5_context context, if(ct->flags & F_DERIVED) ret = _get_derived_key(context, crypto, usage, key); else if(ct->flags & F_VARIANT) { - int i; + size_t i; *key = _new_derived_key(crypto, 0xff/* KRB5_KU_RFC1510_VARIANT */); if(*key == NULL) { @@ -1160,9 +1160,9 @@ decrypt_internal_special(krb5_context context, } static krb5_crypto_iov * -find_iv(krb5_crypto_iov *data, int num_data, int type) +find_iv(krb5_crypto_iov *data, size_t num_data, unsigned type) { - int i; + size_t i; for (i = 0; i < num_data; i++) if (data[i].flags == type) return &data[i]; @@ -1403,11 +1403,6 @@ krb5_decrypt_iov_ivec(krb5_context context, struct _krb5_encryption_type *et = crypto->et; krb5_crypto_iov *tiv, *hiv; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1545,15 +1540,10 @@ krb5_create_checksum_iov(krb5_context context, Checksum cksum; krb5_crypto_iov *civ; krb5_error_code ret; - int i; + size_t i; size_t len; char *p, *q; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1629,15 +1619,10 @@ krb5_verify_checksum_iov(krb5_context context, Checksum cksum; krb5_crypto_iov *civ; krb5_error_code ret; - int i; + size_t i; size_t len; char *p, *q; - if (num_data < 0) { - krb5_clear_error_message(context); - return KRB5_CRYPTO_INTERNAL; - } - if(!derived_crypto(context, crypto)) { krb5_clear_error_message(context); return KRB5_CRYPTO_INTERNAL; @@ -1730,7 +1715,7 @@ krb5_crypto_length_iov(krb5_context context, unsigned int num_data) { krb5_error_code ret; - int i; + size_t i; for (i = 0; i < num_data; i++) { ret = krb5_crypto_length(context, crypto, diff --git a/lib/krb5/digest.c b/lib/krb5/digest.c index c6733efc9..3b2973d36 100644 --- a/lib/krb5/digest.c +++ b/lib/krb5/digest.c @@ -727,8 +727,10 @@ krb5_digest_request(krb5_context context, ireq.u.digestRequest.type = digest->init.type; } - if (ireq.u.digestRequest.digest == NULL) - ireq.u.digestRequest.digest = "md5"; + if (ireq.u.digestRequest.digest == NULL) { + static char md5[] = "md5"; + ireq.u.digestRequest.digest = md5; + } ret = digest_request(context, realm, ccache, KRB5_KU_DIGEST_ENCRYPT, &ireq, &irep); diff --git a/lib/krb5/fcache.c b/lib/krb5/fcache.c index 218bd2cdb..b3bbfaab0 100644 --- a/lib/krb5/fcache.c +++ b/lib/krb5/fcache.c @@ -155,7 +155,7 @@ write_storage(krb5_context context, krb5_storage *sp, int fd) return ret; } sret = write(fd, data.data, data.length); - ret = (sret != data.length); + ret = (sret != (ssize_t)data.length); krb5_data_free(&data); if (ret) { ret = errno; @@ -220,7 +220,7 @@ scrub_file (int fd) return errno; memset(buf, 0, sizeof(buf)); while(pos > 0) { - ssize_t tmp = write(fd, buf, min(sizeof(buf), pos)); + ssize_t tmp = write(fd, buf, min((off_t)sizeof(buf), pos)); if (tmp < 0) return errno; @@ -334,11 +334,11 @@ fcc_gen_new(krb5_context context, krb5_ccache *id) fd = mkstemp(exp_file); if(fd < 0) { - int ret = errno; - krb5_set_error_message(context, ret, N_("mkstemp %s failed", ""), exp_file); + int xret = errno; + krb5_set_error_message(context, xret, N_("mkstemp %s failed", ""), exp_file); free(f); free(exp_file); - return ret; + return xret; } close(fd); f->filename = exp_file; diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 7f2b57247..d4b56cf01 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -235,7 +235,7 @@ init_tgs_req (krb5_context context, goto fail; } { - int i; + size_t i; for (i = 0; i < padata->len; i++) { ret = copy_PA_DATA(&padata->val[i], &t->padata->val[i + 1]); if (ret) { diff --git a/lib/krb5/get_host_realm.c b/lib/krb5/get_host_realm.c index 7aee02734..ed7f54b3d 100644 --- a/lib/krb5/get_host_realm.c +++ b/lib/krb5/get_host_realm.c @@ -109,7 +109,7 @@ dns_find_realm(krb5_context context, domain++; for (i = 0; labels[i] != NULL; i++) { ret = snprintf(dom, sizeof(dom), "%s.%s.", labels[i], domain); - if(ret < 0 || ret >= sizeof(dom)) { + if(ret < 0 || (size_t)ret >= sizeof(dom)) { if (config_labels) krb5_config_free_strings(config_labels); return -1; diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 15cbfba89..631fda119 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -103,7 +103,7 @@ add_padata(krb5_context context, PA_DATA *pa2; krb5_salt salt2; krb5_enctype *ep; - int i; + size_t i; if(salt == NULL) { /* default to standard salt */ @@ -247,7 +247,7 @@ init_as_req (krb5_context context, a->req_body.additional_tickets = NULL; if(preauth != NULL) { - int i; + size_t i; ALLOC(a->padata, 1); if(a->padata == NULL) { ret = ENOMEM; @@ -258,7 +258,7 @@ init_as_req (krb5_context context, a->padata->len = 0; for(i = 0; i < preauth->len; i++) { if(preauth->val[i].type == KRB5_PADATA_ENC_TIMESTAMP){ - int j; + size_t j; for(j = 0; j < preauth->val[i].info.len; j++) { krb5_salt *sp = &salt; @@ -331,7 +331,7 @@ set_ptypes(krb5_context context, if(error->e_data) { METHOD_DATA md; - int i; + size_t i; decode_METHOD_DATA(error->e_data->data, error->e_data->length, &md, diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index 29b882d05..6e34c4923 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -759,7 +759,7 @@ pa_etype_info2(krb5_context context, krb5_error_code ret; ETYPE_INFO2 e; size_t sz; - int i, j; + size_t i, j; memset(&e, 0, sizeof(e)); ret = decode_ETYPE_INFO2(data->data, data->length, &e, &sz); @@ -808,7 +808,7 @@ pa_etype_info(krb5_context context, krb5_error_code ret; ETYPE_INFO e; size_t sz; - int i, j; + size_t i, j; memset(&e, 0, sizeof(e)); ret = decode_ETYPE_INFO(data->data, data->length, &e, &sz); @@ -889,9 +889,9 @@ static struct pa_info pa_prefs[] = { }; static PA_DATA * -find_pa_data(const METHOD_DATA *md, int type) +find_pa_data(const METHOD_DATA *md, unsigned type) { - int i; + size_t i; if (md == NULL) return NULL; for (i = 0; i < md->len; i++) @@ -908,7 +908,7 @@ process_pa_info(krb5_context context, METHOD_DATA *md) { struct pa_info_data *p = NULL; - int i; + size_t i; for (i = 0; p == NULL && i < sizeof(pa_prefs)/sizeof(pa_prefs[0]); i++) { PA_DATA *pa = find_pa_data(md, pa_prefs[i].type); @@ -989,7 +989,7 @@ add_enc_ts_padata(krb5_context context, krb5_error_code ret; krb5_salt salt2; krb5_enctype *ep; - int i; + size_t i; if(salt == NULL) { /* default to standard salt */ diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c index 1fe15d806..b661d67ac 100644 --- a/lib/krb5/kcm.c +++ b/lib/krb5/kcm.c @@ -1155,7 +1155,9 @@ KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops = { kcm_move, kcm_get_default_name_api, kcm_set_default, - kcm_lastchange + kcm_lastchange, + NULL, + NULL }; diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c index 2b9ea7f11..309b9b951 100644 --- a/lib/krb5/keytab_file.c +++ b/lib/krb5/keytab_file.c @@ -101,7 +101,7 @@ krb5_kt_store_data(krb5_context context, if(ret < 0) return ret; ret = krb5_storage_write(sp, data.data, data.length); - if(ret != data.length){ + if(ret != (int)data.length){ if(ret < 0) return errno; return KRB5_KT_END; @@ -119,7 +119,7 @@ krb5_kt_store_string(krb5_storage *sp, if(ret < 0) return ret; ret = krb5_storage_write(sp, data, len); - if(ret != len){ + if(ret != (int)len){ if(ret < 0) return errno; return KRB5_KT_END; @@ -182,7 +182,7 @@ krb5_kt_ret_principal(krb5_context context, krb5_storage *sp, krb5_principal *princ) { - int i; + size_t i; int ret; krb5_principal p; int16_t len; @@ -262,7 +262,7 @@ krb5_kt_store_principal(krb5_context context, krb5_storage *sp, krb5_principal p) { - int i; + size_t i; int ret; if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS)) @@ -699,7 +699,7 @@ fkt_add_entry(krb5_context context, } if(len < 0) { len = -len; - if(len >= keytab.length) { + if(len >= (int)keytab.length) { krb5_storage_seek(sp, -4, SEEK_CUR); break; } @@ -749,8 +749,9 @@ fkt_remove_entry(krb5_context context, krb5_store_int32(cursor.sp, -len); memset(buf, 0, sizeof(buf)); while(len > 0) { - krb5_storage_write(cursor.sp, buf, min(len, sizeof(buf))); - len -= min(len, sizeof(buf)); + krb5_storage_write(cursor.sp, buf, + min((size_t)len, sizeof(buf))); + len -= min((size_t)len, sizeof(buf)); } } krb5_kt_free_entry(context, &e); diff --git a/lib/krb5/misc.c b/lib/krb5/misc.c index f90624cfc..e1fd68252 100644 --- a/lib/krb5/misc.c +++ b/lib/krb5/misc.c @@ -42,7 +42,7 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, krb5_ssize_t ssize; krb5_storage *sp; size_t size; - int i; + size_t i; sp = krb5_storage_emem(); if (sp == NULL) { @@ -56,20 +56,20 @@ _krb5_s4u2self_to_checksumdata(krb5_context context, for (i = 0; i < self->name.name_string.len; i++) { size = strlen(self->name.name_string.val[i]); ssize = krb5_storage_write(sp, self->name.name_string.val[i], size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } } size = strlen(self->realm); ssize = krb5_storage_write(sp, self->realm, size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } size = strlen(self->auth); ssize = krb5_storage_write(sp, self->auth, size); - if (ssize != size) { + if (ssize != (krb5_ssize_t)size) { ret = ENOMEM; goto out; } diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c index a837b5e29..c0a82ae26 100644 --- a/lib/krb5/mk_error.c +++ b/lib/krb5/mk_error.c @@ -75,7 +75,8 @@ krb5_mk_error(krb5_context context, msg.realm = server->realm; msg.sname = server->name; }else{ - msg.realm = ""; + static char unspec[] = ""; + msg.realm = unspec; } if(client){ msg.crealm = &client->realm; diff --git a/lib/krb5/pac.c b/lib/krb5/pac.c index 046a89cc6..ea09d1f19 100644 --- a/lib/krb5/pac.c +++ b/lib/krb5/pac.c @@ -464,7 +464,7 @@ verify_checksum(krb5_context context, goto out; } ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); - if (ret != cksum.checksum.length) { + if (ret != (int)cksum.checksum.length) { ret = EINVAL; krb5_set_error_message(context, ret, "PAC checksum missing checksum"); goto out; @@ -546,7 +546,7 @@ create_checksum(krb5_context context, * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx * for Microsoft's explaination */ - if (cksumtype == CKSUMTYPE_HMAC_MD5) { + if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) { ret = HMAC_MD5_any_checksum(context, key, data, datalen, KRB5_KU_OTHER_CKSUM, &cksum); } else { @@ -748,7 +748,7 @@ build_logon_name(krb5_context context, ret = krb5_storage_write(sp, s2, len * 2); free(s2); - if (ret != len * 2) { + if (ret != (int)(len * 2)) { ret = krb5_enomem(context); goto out; } @@ -932,7 +932,8 @@ _krb5_pac_sign(krb5_context context, size_t server_size, priv_size; uint32_t server_offset = 0, priv_offset = 0; uint32_t server_cksumtype = 0, priv_cksumtype = 0; - int i, num = 0; + int num = 0; + size_t i; krb5_data logon, d; krb5_data_zero(&logon); @@ -1049,7 +1050,7 @@ _krb5_pac_sign(krb5_context context, end += len; e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; - if (end != e) { + if ((int32_t)end != e) { CHECK(ret, fill_zeros(context, spdata, e - end), out); } end = e; @@ -1066,7 +1067,7 @@ _krb5_pac_sign(krb5_context context, goto out; } ret = krb5_storage_write(sp, d.data, d.length); - if (ret != d.length) { + if (ret != (int)d.length) { krb5_data_free(&d); ret = krb5_enomem(context); goto out; diff --git a/lib/krb5/padata.c b/lib/krb5/padata.c index 98420a733..babe22cb3 100644 --- a/lib/krb5/padata.c +++ b/lib/krb5/padata.c @@ -36,8 +36,8 @@ KRB5_LIB_FUNCTION PA_DATA * KRB5_LIB_CALL krb5_find_padata(PA_DATA *val, unsigned len, int type, int *idx) { - for(; *idx < len; (*idx)++) - if(val[*idx].padata_type == type) + for(; *idx < (int)len; (*idx)++) + if(val[*idx].padata_type == (unsigned)type) return val + *idx; return NULL; } diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 7a8502727..a63e33f27 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -188,7 +188,8 @@ find_cert(krb5_context context, struct krb5_pk_identity *id, { "MS EKU" }, { "any (or no)" } }; - int i, ret, start = 1; + int ret; + size_t i, start; unsigned oids[] = { 1, 2, 840, 113635, 100, 3, 2, 1 }; const heim_oid mobileMe = { sizeof(oids)/sizeof(oids[0]), oids }; @@ -536,7 +537,7 @@ build_auth_pack(krb5_context context, #ifdef HAVE_OPENSSL ECParameters ecp; unsigned char *p; - int len; + int xlen; /* copy in public key, XXX find the best curve that the server support or use the clients curve if possible */ @@ -551,11 +552,11 @@ build_auth_pack(krb5_context context, free_ECParameters(&ecp); return ENOMEM; } - ASN1_MALLOC_ENCODE(ECParameters, p, len, &ecp, &size, ret); + ASN1_MALLOC_ENCODE(ECParameters, p, xlen, &ecp, &size, ret); free_ECParameters(&ecp); if (ret) return ret; - if (size != len) + if ((int)size != xlen) krb5_abortx(context, "asn1 internal error"); a->clientPublicValue->algorithm.parameters->data = p; @@ -578,18 +579,18 @@ build_auth_pack(krb5_context context, /* encode onto dhkey */ - len = i2o_ECPublicKey(ctx->u.eckey, NULL); - if (len <= 0) + xlen = i2o_ECPublicKey(ctx->u.eckey, NULL); + if (xlen <= 0) abort(); - dhbuf.data = malloc(len); + dhbuf.data = malloc(xlen); if (dhbuf.data == NULL) abort(); - dhbuf.length = len; + dhbuf.length = xlen; p = dhbuf.data; - len = i2o_ECPublicKey(ctx->u.eckey, &p); - if (len <= 0) + xlen = i2o_ECPublicKey(ctx->u.eckey, &p); + if (xlen <= 0) abort(); /* XXX verify that this is right with RFC3279 */ @@ -607,7 +608,8 @@ build_auth_pack(krb5_context context, if (a->supportedCMSTypes == NULL) return ENOMEM; - ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, NULL, + ret = hx509_crypto_available(context->hx509ctx, HX509_SELECT_ALL, + ctx->id->cert, &a->supportedCMSTypes->val, &a->supportedCMSTypes->len); if (ret) @@ -968,7 +970,7 @@ get_reply_key_win(krb5_context context, return ret; } - if (key_pack.nonce != nonce) { + if ((unsigned)key_pack.nonce != nonce) { krb5_set_error_message(context, ret, N_("PKINIT enckey nonce is wrong", "")); free_ReplyKeyPack_Win2k(&key_pack); @@ -1081,7 +1083,7 @@ pk_verify_host(krb5_context context, } if (ctx->require_krbtgt_otherName) { hx509_octet_string_list list; - int i; + size_t i; ret = hx509_cert_find_subjectAltName_otherName(context->hx509ctx, host->cert, @@ -1433,7 +1435,7 @@ pk_rd_pa_reply_dh(krb5_context context, N_("PKINIT: Can't compute Diffie-Hellman key", "")); goto out; } - if (dh_gen_keylen < size) { + if (dh_gen_keylen < (int)size) { size -= dh_gen_keylen; memmove(dh_gen_key + size, dh_gen_key, dh_gen_keylen); memset(dh_gen_key, 0, size); diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c index 42169fc2f..869889318 100644 --- a/lib/krb5/principal.c +++ b/lib/krb5/principal.c @@ -426,7 +426,7 @@ unparse_name_fixed(krb5_context context, int flags) { size_t idx = 0; - int i; + size_t i; int short_form = (flags & KRB5_PRINCIPAL_UNPARSE_SHORT) != 0; int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0; int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0; @@ -549,7 +549,7 @@ unparse_name(krb5_context context, int flags) { size_t len = 0, plen; - int i; + size_t i; krb5_error_code ret; /* count length */ if (princ_realm(principal)) { @@ -917,7 +917,7 @@ krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) { - int i; + size_t i; if(princ_num_comp(princ1) != princ_num_comp(princ2)) return FALSE; for(i = 0; i < princ_num_comp(princ1); i++){ @@ -932,7 +932,7 @@ _krb5_principal_compare_PrincipalName(krb5_context context, krb5_const_principal princ1, PrincipalName *princ2) { - int i; + size_t i; if (princ_num_comp(princ1) != princ2->name_string.len) return FALSE; for(i = 0; i < princ_num_comp(princ1); i++){ @@ -1001,7 +1001,7 @@ krb5_principal_match(krb5_context context, krb5_const_principal princ, krb5_const_principal pattern) { - int i; + size_t i; if(princ_num_comp(princ) != princ_num_comp(pattern)) return FALSE; if(fnmatch(princ_realm(pattern), princ_realm(princ), 0) != 0) @@ -1096,7 +1096,7 @@ static const struct { { "ENT_PRINCIPAL_AND_ID", KRB5_NT_ENT_PRINCIPAL_AND_ID }, { "MS_PRINCIPAL", KRB5_NT_MS_PRINCIPAL }, { "MS_PRINCIPAL_AND_ID", KRB5_NT_MS_PRINCIPAL_AND_ID }, - { NULL } + { NULL, 0 } }; /** diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index 094f748b9..3473244bc 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -65,7 +65,7 @@ krb5_rd_cred(krb5_context context, EncKrbCredPart enc_krb_cred_part; krb5_data enc_krb_cred_part_data; krb5_crypto crypto; - int i; + size_t i; memset(&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 8ce6570de..b78c2c40b 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -466,7 +466,7 @@ krb5_verify_ap_req2(krb5_context context, ac->keytype = ETYPE_NULL; if (etypes.val) { - int i; + size_t i; for (i = 0; i < etypes.len; i++) { if (krb5_enctype_valid(context, etypes.val[i]) == 0) { diff --git a/lib/krb5/salt-des.c b/lib/krb5/salt-des.c index 6939b6b50..56b285f72 100644 --- a/lib/krb5/salt-des.c +++ b/lib/krb5/salt-des.c @@ -52,7 +52,7 @@ krb5_DES_AFS3_CMU_string_to_key (krb5_data pw, DES_cblock *key) { char password[8+1]; /* crypt is limited to 8 chars anyway */ - int i; + size_t i; for(i = 0; i < 8; i++) { char c = ((i < pw.length) ? ((char*)pw.data)[i] : 0) ^ @@ -89,7 +89,7 @@ krb5_DES_AFS3_Transarc_string_to_key (krb5_data pw, memcpy(password, pw.data, min(pw.length, sizeof(password))); if(pw.length < sizeof(password)) { int len = min(cell.length, sizeof(password) - pw.length); - int i; + size_t i; memcpy(password + pw.length, cell.data, len); for (i = pw.length; i < pw.length + len; ++i) @@ -138,7 +138,7 @@ static void DES_string_to_key_int(unsigned char *data, size_t length, DES_cblock *key) { DES_key_schedule schedule; - int i; + size_t i; int reverse = 0; unsigned char *p; diff --git a/lib/krb5/salt.c b/lib/krb5/salt.c index 6f1830874..5a2115f95 100644 --- a/lib/krb5/salt.c +++ b/lib/krb5/salt.c @@ -98,7 +98,7 @@ krb5_get_pw_salt(krb5_context context, krb5_salt *salt) { size_t len; - int i; + size_t i; krb5_error_code ret; char *p; diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index 2ae8153c8..b0a4674b6 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -88,7 +88,7 @@ recv_loop (krb5_socket_t fd, return 0; if (limit) - nbytes = min(nbytes, limit - rep->length); + nbytes = min((size_t)nbytes, limit - rep->length); tmp = realloc (rep->data, rep->length + nbytes); if (tmp == NULL) { @@ -371,7 +371,7 @@ krb5_sendto (krb5_context context, { krb5_error_code ret; krb5_socket_t fd; - int i; + size_t i; krb5_data_zero(receive); @@ -602,7 +602,7 @@ krb5_sendto_context(krb5_context context, type = KRB5_KRBHST_KDC; } - if (send_data->length > context->large_msg_size) + if ((int)send_data->length > context->large_msg_size) ctx->flags |= KRB5_KRBHST_FLAGS_LARGE_MSG; /* loop until we get back a appropriate response */ diff --git a/lib/krb5/store-int.c b/lib/krb5/store-int.c index 0a18d0ddd..d57762971 100644 --- a/lib/krb5/store-int.c +++ b/lib/krb5/store-int.c @@ -50,7 +50,7 @@ _krb5_get_int(void *buffer, unsigned long *value, size_t size) { unsigned char *p = buffer; unsigned long v = 0; - int i; + size_t i; for (i = 0; i < size; i++) v = (v << 8) + p[i]; *value = v; diff --git a/lib/krb5/store.c b/lib/krb5/store.c index 0dedba3d7..555496625 100644 --- a/lib/krb5/store.c +++ b/lib/krb5/store.c @@ -262,10 +262,11 @@ krb5_storage_to_data(krb5_storage *sp, krb5_data *data) pos = sp->seek(sp, 0, SEEK_CUR); if (pos < 0) return HEIM_ERR_NOT_SEEKABLE; - size = (size_t)sp->seek(sp, 0, SEEK_END); - if (size > (size_t)-1) + size = sp->seek(sp, 0, SEEK_END); + /* don't allocate unresonable amount of memory */ + if (size > UINT_MAX/8) return HEIM_ERR_TOO_BIG; - ret = krb5_data_alloc (data, size); + ret = krb5_data_alloc(data, size); if (ret) { sp->seek(sp, pos, SEEK_SET); return ret; @@ -290,8 +291,10 @@ krb5_store_int(krb5_storage *sp, return EINVAL; _krb5_put_int(v, value, len); ret = sp->store(sp, v, len); - if (ret != len) - return (ret<0)?errno:sp->eof_code; + if (ret < 0) + return errno; + if ((size_t)ret != len) + return sp->eof_code; return 0; } @@ -346,8 +349,10 @@ krb5_ret_int(krb5_storage *sp, unsigned char v[4]; unsigned long w; ret = sp->fetch(sp, v, len); - if(ret != len) - return (ret<0)?errno:sp->eof_code; + if (ret < 0) + return errno; + if ((size_t)ret != len) + return sp->eof_code; _krb5_get_int(v, &w, len); *value = w; return 0; @@ -612,11 +617,10 @@ krb5_store_data(krb5_storage *sp, if(ret < 0) return ret; ret = sp->store(sp, data.data, data.length); - if(ret != data.length){ - if(ret < 0) - return errno; + if(ret < 0) + return errno; + if((size_t)ret != data.length) return sp->eof_code; - } return 0; } @@ -722,12 +726,10 @@ krb5_store_stringz(krb5_storage *sp, const char *s) ssize_t ret; ret = sp->store(sp, s, len); - if(ret != len) { - if(ret < 0) - return ret; - else - return sp->eof_code; - } + if(ret < 0) + return ret; + if((size_t)ret != len) + return sp->eof_code; return 0; } @@ -782,12 +784,10 @@ krb5_store_stringnl(krb5_storage *sp, const char *s) ssize_t ret; ret = sp->store(sp, s, len); - if(ret != len) { - if(ret < 0) - return ret; - else - return sp->eof_code; - } + if(ret < 0) + return ret; + if((size_t)ret != len) + return sp->eof_code; ret = sp->store(sp, "\n", 1); if(ret != 1) { if(ret < 0) @@ -860,7 +860,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_principal(krb5_storage *sp, krb5_const_principal p) { - int i; + size_t i; int ret; if(!krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE)) { @@ -1122,7 +1122,7 @@ krb5_ret_address(krb5_storage *sp, krb5_address *adr) KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_addrs(krb5_storage *sp, krb5_addresses p) { - int i; + size_t i; int ret; ret = krb5_store_int32(sp, p.len); if(ret) return ret; @@ -1147,7 +1147,7 @@ krb5_store_addrs(krb5_storage *sp, krb5_addresses p) KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_ret_addrs(krb5_storage *sp, krb5_addresses *adr) { - int i; + size_t i; int ret; int32_t tmp; @@ -1179,7 +1179,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_store_authdata(krb5_storage *sp, krb5_authdata auth) { krb5_error_code ret; - int i; + size_t i; ret = krb5_store_int32(sp, auth.len); if(ret) return ret; for(i = 0; i < auth.len; i++){ diff --git a/lib/krb5/store_emem.c b/lib/krb5/store_emem.c index ccda751af..acd61f2e5 100644 --- a/lib/krb5/store_emem.c +++ b/lib/krb5/store_emem.c @@ -45,7 +45,7 @@ static ssize_t emem_fetch(krb5_storage *sp, void *data, size_t size) { emem_storage *s = (emem_storage*)sp->data; - if(s->base + s->len - s->ptr < size) + if((size_t)(s->base + s->len - s->ptr) < size) size = s->base + s->len - s->ptr; memmove(data, s->ptr, size); sp->seek(sp, size, SEEK_CUR); @@ -56,7 +56,7 @@ static ssize_t emem_store(krb5_storage *sp, const void *data, size_t size) { emem_storage *s = (emem_storage*)sp->data; - if(size > s->base + s->size - s->ptr){ + if(size > (size_t)(s->base + s->size - s->ptr)){ void *base; size_t sz, off; off = s->ptr - s->base; @@ -81,12 +81,12 @@ emem_seek(krb5_storage *sp, off_t offset, int whence) emem_storage *s = (emem_storage*)sp->data; switch(whence){ case SEEK_SET: - if(offset > s->size) + if((size_t)offset > s->size) offset = s->size; if(offset < 0) offset = 0; s->ptr = s->base + offset; - if(offset > s->len) + if((size_t)offset > s->len) s->len = offset; break; case SEEK_CUR: @@ -115,14 +115,14 @@ emem_trunc(krb5_storage *sp, off_t offset) s->size = 0; s->base = NULL; s->ptr = NULL; - } else if (offset > s->size || (s->size / 2) > offset) { + } else if ((size_t)offset > s->size || (s->size / 2) > (size_t)offset) { void *base; size_t off; off = s->ptr - s->base; base = realloc(s->base, offset); if(base == NULL) return ENOMEM; - if (offset > s->size) + if ((size_t)offset > s->size) memset((char *)base + s->size, 0, offset - s->size); s->size = offset; s->base = base; diff --git a/lib/krb5/store_mem.c b/lib/krb5/store_mem.c index b79bc1915..a6a8b96a5 100644 --- a/lib/krb5/store_mem.c +++ b/lib/krb5/store_mem.c @@ -44,7 +44,7 @@ static ssize_t mem_fetch(krb5_storage *sp, void *data, size_t size) { mem_storage *s = (mem_storage*)sp->data; - if(size > s->base + s->size - s->ptr) + if(size > (size_t)(s->base + s->size - s->ptr)) size = s->base + s->size - s->ptr; memmove(data, s->ptr, size); sp->seek(sp, size, SEEK_CUR); @@ -55,7 +55,7 @@ static ssize_t mem_store(krb5_storage *sp, const void *data, size_t size) { mem_storage *s = (mem_storage*)sp->data; - if(size > s->base + s->size - s->ptr) + if(size > (size_t)(s->base + s->size - s->ptr)) size = s->base + s->size - s->ptr; memmove(s->ptr, data, size); sp->seek(sp, size, SEEK_CUR); @@ -74,7 +74,7 @@ mem_seek(krb5_storage *sp, off_t offset, int whence) mem_storage *s = (mem_storage*)sp->data; switch(whence){ case SEEK_SET: - if(offset > s->size) + if((size_t)offset > s->size) offset = s->size; if(offset < 0) offset = 0; @@ -95,7 +95,7 @@ static int mem_trunc(krb5_storage *sp, off_t offset) { mem_storage *s = (mem_storage*)sp->data; - if(offset > s->size) + if((size_t)offset > s->size) return ERANGE; s->size = offset; if ((s->ptr - s->base) > offset) diff --git a/lib/krb5/ticket.c b/lib/krb5/ticket.c index 869852282..3e2bc4918 100644 --- a/lib/krb5/ticket.c +++ b/lib/krb5/ticket.c @@ -195,7 +195,7 @@ find_type_in_ad(krb5_context context, int level) { krb5_error_code ret = 0; - int i; + size_t i; if (level > 9) { ret = ENOENT; /* XXX */ @@ -748,7 +748,7 @@ _krb5_extract_ticket(krb5_context context, /* compare nonces */ - if (nonce != rep->enc_part.nonce) { + if (nonce != (unsigned)rep->enc_part.nonce) { ret = KRB5KRB_AP_ERR_MODIFIED; krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); goto out; diff --git a/lib/krb5/transited.c b/lib/krb5/transited.c index a72adc035..c3988642b 100644 --- a/lib/krb5/transited.c +++ b/lib/krb5/transited.c @@ -370,7 +370,7 @@ krb5_domain_x500_decode(krb5_context context, (*num_realms)++; } } - if (*num_realms < 0 || *num_realms + 1 > UINT_MAX/sizeof(**realms)) + if (*num_realms + 1 > UINT_MAX/sizeof(**realms)) return ERANGE; { @@ -431,7 +431,7 @@ krb5_check_transited(krb5_context context, { char **tr_realms; char **p; - int i; + size_t i; if(num_realms == 0) return 0; @@ -467,7 +467,7 @@ krb5_check_transited_realms(krb5_context context, unsigned int num_realms, int *bad_realm) { - int i; + size_t i; int ret = 0; char **bad_realms = krb5_config_get_strings(context, NULL, "libdefaults", diff --git a/lib/ntlm/ntlm.c b/lib/ntlm/ntlm.c index 6dad519d4..62674b528 100644 --- a/lib/ntlm/ntlm.c +++ b/lib/ntlm/ntlm.c @@ -109,8 +109,12 @@ static const unsigned char ntlmsigature[8] = "NTLMSSP\x00"; #define CHECK(f, e) \ do { \ - ret = f ; if (ret != (e)) { ret = HNTLM_ERR_DECODE; goto out; } } \ - while(0) + ret = f; \ + if (ret != (ssize_t)(e)) { \ + ret = HNTLM_ERR_DECODE; \ + goto out; \ + } \ + } while(/*CONSTCOND*/0) static struct units ntlm_flag_units[] = { #define ntlm_flag(x) { #x, NTLM_##x } @@ -1399,7 +1403,7 @@ static time_t nt2unixtime(uint64_t t) { t = ((t - (uint64_t)NTTIME_EPOCH) / (uint64_t)10000000); - if (t > (((time_t)(~(uint64_t)0)) >> 1)) + if (t > (((uint64_t)(time_t)(~(uint64_t)0)) >> 1)) return 0; return (time_t)t; } diff --git a/lib/roken/dumpdata.c b/lib/roken/dumpdata.c index f30f0e54c..844360187 100644 --- a/lib/roken/dumpdata.c +++ b/lib/roken/dumpdata.c @@ -81,7 +81,7 @@ rk_undumpdata(const char *filename, void **buf, size_t *size) sret = net_read(fd, *buf, *size); if (sret < 0) ret = errno; - else if (sret != *size) { + else if (sret != (ssize_t)*size) { ret = EINVAL; free(*buf); *buf = NULL; diff --git a/lib/roken/getaddrinfo_hostspec.c b/lib/roken/getaddrinfo_hostspec.c index b18c54fb6..17a18b082 100644 --- a/lib/roken/getaddrinfo_hostspec.c +++ b/lib/roken/getaddrinfo_hostspec.c @@ -57,9 +57,9 @@ roken_getaddrinfo_hostspec2(const char *hostspec, } *hstp, hst[] = { { "http://", SOCK_STREAM, IPPROTO_TCP, 80 }, { "http/", SOCK_STREAM, IPPROTO_TCP, 80 }, - { "tcp/", SOCK_STREAM, IPPROTO_TCP }, - { "udp/", SOCK_DGRAM, IPPROTO_UDP }, - { NULL } + { "tcp/", SOCK_STREAM, IPPROTO_TCP, 0 }, + { "udp/", SOCK_DGRAM, IPPROTO_UDP, 0 }, + { NULL, 0, 0, 0 } }; memset(&hints, 0, sizeof(hints)); diff --git a/lib/roken/getarg.c b/lib/roken/getarg.c index a96e5c85b..1a7321878 100644 --- a/lib/roken/getarg.c +++ b/lib/roken/getarg.c @@ -352,7 +352,7 @@ static int arg_match_long(struct getargs *args, size_t num_args, char *argv, int argc, char **rargv, int *goptind) { - int i; + size_t i; char *goptarg = NULL; int negate = 0; int partial_match = 0; @@ -477,7 +477,7 @@ static int arg_match_short (struct getargs *args, size_t num_args, char *argv, int argc, char **rargv, int *goptind) { - int j, k; + size_t j, k; for(j = 1; j > 0 && j < strlen(rargv[*goptind]); j++) { for(k = 0; k < num_args; k++) { @@ -500,9 +500,11 @@ arg_match_short (struct getargs *args, size_t num_args, } if(args[k].type == arg_collect) { struct getarg_collect_info *c = args[k].value; + int a = (int)j; - if((*c->func)(TRUE, argc, rargv, goptind, &j, c->data)) + if((*c->func)(TRUE, argc, rargv, goptind, &a, c->data)) return ARG_ERR_BAD_ARG; + j = a; break; } diff --git a/lib/roken/hex.c b/lib/roken/hex.c index 91590dd49..d9bc9f1c0 100644 --- a/lib/roken/hex.c +++ b/lib/roken/hex.c @@ -37,7 +37,7 @@ #include #include "hex.h" -const static char hexchar[] = "0123456789ABCDEF"; +static const char hexchar[16] = "0123456789ABCDEF"; static int pos(char c) diff --git a/lib/roken/parse_units.c b/lib/roken/parse_units.c index d2857cfa0..8b3cdf40e 100644 --- a/lib/roken/parse_units.c +++ b/lib/roken/parse_units.c @@ -267,7 +267,7 @@ ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL print_units_table (const struct units *units, FILE *f) { const struct units *u, *u2; - int max_sz = 0; + size_t max_sz = 0; for (u = units; u->name; ++u) { max_sz = max(max_sz, strlen(u->name)); @@ -288,7 +288,7 @@ print_units_table (const struct units *units, FILE *f) if (u2->name == NULL) --u2; unparse_units (u->mult, u2, buf, sizeof(buf)); - fprintf (f, "1 %*s = %s\n", max_sz, u->name, buf); + fprintf (f, "1 %*s = %s\n", (int)max_sz, u->name, buf); } else { fprintf (f, "1 %s\n", u->name); } diff --git a/lib/roken/resolve.c b/lib/roken/resolve.c index 03715e5ff..df3f5c625 100644 --- a/lib/roken/resolve.c +++ b/lib/roken/resolve.c @@ -194,7 +194,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 2 > size) { + if ((size_t)status + 2 > size) { dns_free_rr(rr); return -1; } @@ -217,7 +217,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 6 > size) { + if ((size_t)status + 6 > size) { dns_free_rr(rr); return -1; } @@ -237,7 +237,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, break; } case rk_ns_t_txt:{ - if(size == 0 || size < *p + 1) { + if(size == 0 || size < (unsigned)(*p + 1)) { dns_free_rr(rr); return -1; } @@ -284,7 +284,7 @@ parse_record(const unsigned char *data, const unsigned char *end_data, dns_free_rr(rr); return -1; } - if (status + 18 > size) { + if ((size_t)status + 18 > size) { dns_free_rr(rr); return -1; } @@ -409,7 +409,7 @@ parse_reply(const unsigned char *data, size_t len) { const unsigned char *p; int status; - int i; + size_t i; char host[MAXDNAME]; const unsigned char *end_data = data + len; struct rk_dns_reply *r; diff --git a/lib/roken/roken_gethostby.c b/lib/roken/roken_gethostby.c index 1d6c8ffe8..327a7b392 100644 --- a/lib/roken/roken_gethostby.c +++ b/lib/roken/roken_gethostby.c @@ -142,6 +142,7 @@ roken_gethostby(const char *hostname) int offset = 0; int n; char *p, *foo; + size_t len; if(dns_addr.sin_family == 0) return NULL; /* no configured host */ @@ -160,7 +161,9 @@ roken_gethostby(const char *hostname) free(request); return NULL; } - if(write(s, request, strlen(request)) != strlen(request)) { + + len = strlen(request); + if(write(s, request, len) != (ssize_t)len) { close(s); free(request); return NULL; diff --git a/lib/roken/strsep_copy.c b/lib/roken/strsep_copy.c index 9624b5a46..1228f1a45 100644 --- a/lib/roken/strsep_copy.c +++ b/lib/roken/strsep_copy.c @@ -49,7 +49,7 @@ strsep_copy(const char **stringp, const char *delim, char *buf, size_t len) if(save == NULL) return -1; *stringp = *stringp + strcspn(*stringp, delim); - l = min(len, *stringp - save); + l = min(len, (size_t)(*stringp - save)); if(len > 0) { memcpy(buf, save, l); buf[l] = '\0'; diff --git a/lib/sl/sl.c b/lib/sl/sl.c index bc225a87e..c2ecbab00 100644 --- a/lib/sl/sl.c +++ b/lib/sl/sl.c @@ -371,8 +371,11 @@ sl_slc_help (SL_cmd *cmds, int argc, char **argv) argv[0]); } else { if(c->func) { - char *fake[] = { NULL, "--help", NULL }; + static char help[] = "--help"; + char *fake[3]; fake[0] = argv[0]; + fake[1] = help; + fake[2] = NULL; (*c->func)(2, fake); fprintf(stderr, "\n"); } diff --git a/lib/sl/sl.h b/lib/sl/sl.h index 85f254846..09225b0a5 100644 --- a/lib/sl/sl.h +++ b/lib/sl/sl.h @@ -41,10 +41,10 @@ typedef int (*cmd_func)(int, char **); struct sl_cmd { - char *name; + const char *name; cmd_func func; - char *usage; - char *help; + const char *usage; + const char *help; }; typedef struct sl_cmd SL_cmd; diff --git a/lib/sl/slc-gram.y b/lib/sl/slc-gram.y index ae5f96054..fb93508a9 100644 --- a/lib/sl/slc-gram.y +++ b/lib/sl/slc-gram.y @@ -394,7 +394,7 @@ static void defval_neg_flag(const char *name, struct assignment *defval) static void defval_string(const char *name, struct assignment *defval) { if(defval != NULL) - cprint(1, "opt.%s = \"%s\";\n", name, defval->u.value); + cprint(1, "opt.%s = (char *)(unsigned long)\"%s\";\n", name, defval->u.value); else cprint(1, "opt.%s = NULL;\n", name); } diff --git a/lib/wind/stringprep.c b/lib/wind/stringprep.c index ec4657665..002bc7259 100644 --- a/lib/wind/stringprep.c +++ b/lib/wind/stringprep.c @@ -111,7 +111,7 @@ wind_stringprep(const uint32_t *in, size_t in_len, return ret; } -const static struct { +static const struct { const char *name; wind_profile_flags flags; } profiles[] = {