oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Warning fixes from Christos Zoulas

Browse Source 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
This commit is contained in:
Love Hornquist Astrand
2011-04-29 20:25:05 -07:00
parent 66c15e7caf
commit f5f9014c90
156 changed files with 1178 additions and 1078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/add.c
View File

@@ -113,7 +113,7 @@ kt_add(struct add_options *opt, int argc, char **argv)
goto out; goto out;
} }
if (hex_decode(opt->password_string, data, len) != len) { if ((size_t)hex_decode(opt->password_string, data, len) != len) {
free(data); free(data);
krb5_warn(context, ENOMEM, "hex decode failed"); krb5_warn(context, ENOMEM, "hex decode failed");
goto out; goto out;

21
admin/get.c
View File

@@ -90,7 +90,8 @@ kt_get(struct get_options *opt, int argc, char **argv)
void *kadm_handle = NULL; void *kadm_handle = NULL;
krb5_enctype *etypes = NULL; krb5_enctype *etypes = NULL;
size_t netypes = 0; size_t netypes = 0;
int i, j; size_t i;
int a, j;
unsigned int failed = 0; unsigned int failed = 0;
if((keytab = ktutil_open_keytab()) == NULL) if((keytab = ktutil_open_keytab()) == NULL)
@@ -120,7 +121,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
} }
for(i = 0; i < argc; i++){ for(a = 0; a < argc; a++){
krb5_principal princ_ent; krb5_principal princ_ent;
kadm5_principal_ent_rec princ; kadm5_principal_ent_rec princ;
int mask = 0; int mask = 0;
@@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv)
int created = 0; int created = 0;
krb5_keytab_entry entry; krb5_keytab_entry entry;
ret = krb5_parse_name(context, argv[i], &princ_ent); ret = krb5_parse_name(context, argv[a], &princ_ent);
if (ret) { if (ret) {
krb5_warn(context, ret, "can't parse principal %s", argv[i]); krb5_warn(context, ret, "can't parse principal %s", argv[a]);
failed++; failed++;
continue; continue;
} }
@@ -161,14 +162,14 @@ kt_get(struct get_options *opt, int argc, char **argv)
if(ret == 0) if(ret == 0)
created = 1; created = 1;
else if(ret != KADM5_DUP) { else if(ret != KADM5_DUP) {
krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]); krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
krb5_free_principal(context, princ_ent); krb5_free_principal(context, princ_ent);
failed++; failed++;
continue; continue;
} }
ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys); ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
if (ret) { if (ret) {
krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]); krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
krb5_free_principal(context, princ_ent); krb5_free_principal(context, princ_ent);
failed++; failed++;
continue; continue;
@@ -177,7 +178,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES); KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
if (ret) { if (ret) {
krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]); krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]);
for (j = 0; j < n_keys; j++) for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]); krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent); krb5_free_principal(context, princ_ent);
@@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
continue; continue;
} }
if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX)) if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]); krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]);
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX); princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
mask = KADM5_ATTRIBUTES; mask = KADM5_ATTRIBUTES;
if(created) { if(created) {
@@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
} }
ret = kadm5_modify_principal(kadm_handle, &princ, mask); ret = kadm5_modify_principal(kadm_handle, &princ, mask);
if (ret) { if (ret) {
krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]); krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]);
for (j = 0; j < n_keys; j++) for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]); krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent); krb5_free_principal(context, princ_ent);
@@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
int do_add = TRUE; int do_add = TRUE;
if (netypes) { if (netypes) {
int k; size_t k;
do_add = FALSE; do_add = FALSE;
for (k = 0; k < netypes; ++k) for (k = 0; k < netypes; ++k)

5
admin/ktutil.c
View File

@@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv)
argv[0]); argv[0]);
} else { } else {
if(c->func) { if(c->func) {
char *fake[] = { NULL, "--help", NULL }; char shelp[] = "--help";
char *fake[3];
fake[0] = argv[0]; fake[0] = argv[0];
fake[1] = shelp;
fake[2] = NULL;
(*c->func)(2, fake); (*c->func)(2, fake);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
} }

2
admin/list.c
View File

@@ -113,7 +113,7 @@ do_list(struct list_options *opt, const char *keytab_str)
rtbl_add_column_entry_by_id(table, 3, buf); rtbl_add_column_entry_by_id(table, 3, buf);
} }
if(opt->keys_flag) { if(opt->keys_flag) {
int i; size_t i;
s = malloc(2 * entry.keyblock.keyvalue.length + 1); s = malloc(2 * entry.keyblock.keyvalue.length + 1);
if (s == NULL) { if (s == NULL) {
krb5_warnx(context, "malloc failed"); krb5_warnx(context, "malloc failed");

2
base/dict.c
View File

@@ -77,7 +77,7 @@ struct heim_type_data dict_object = {
static size_t static size_t
isprime(size_t p) isprime(size_t p)
{ {
int q, i; size_t q, i;
for(i = 2 ; i < p; i++) { for(i = 2 ; i < p; i++) {
q = p / i; q = p / i;

10
kadmin/ank.c
View File

@@ -39,21 +39,21 @@
*/ */
static krb5_error_code static krb5_error_code
get_default (kadm5_server_context *context, get_default (kadm5_server_context *contextp,
krb5_principal princ, krb5_principal princ,
kadm5_principal_ent_t default_ent) kadm5_principal_ent_t default_ent)
{ {
krb5_error_code ret; krb5_error_code ret;
krb5_principal def_principal; krb5_principal def_principal;
krb5_const_realm realm = krb5_principal_get_realm(context->context, princ); krb5_const_realm realm = krb5_principal_get_realm(contextp->context, princ);
ret = krb5_make_principal (context->context, &def_principal, ret = krb5_make_principal (contextp->context, &def_principal,
realm, "default", NULL); realm, "default", NULL);
if (ret) if (ret)
return ret; return ret;
ret = kadm5_get_principal (context, def_principal, default_ent, ret = kadm5_get_principal (contextp, def_principal, default_ent,
KADM5_PRINCIPAL_NORMAL_MASK); KADM5_PRINCIPAL_NORMAL_MASK);
krb5_free_principal (context->context, def_principal); krb5_free_principal (contextp->context, def_principal);
return ret; return ret;
} }

2
kadmin/check.c
View File

@@ -86,7 +86,7 @@ do_check_entry(krb5_principal principal, void *data)
ret = krb5_enctype_keysize(context, ret = krb5_enctype_keysize(context,
princ.key_data[i].key_data_type[0], princ.key_data[i].key_data_type[0],
&keysize); &keysize);
if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) { if (ret == 0 && keysize != (size_t)princ.key_data[i].key_data_length[0]) {
krb5_warnx(context, krb5_warnx(context,
"Principal %s enctype %d, wrong length: %lu\n", "Principal %s enctype %d, wrong length: %lu\n",
name, princ.key_data[i].key_data_type[0], name, princ.key_data[i].key_data_type[0],

57
kadmin/kadm_conn.c
View File

@@ -43,12 +43,12 @@ struct kadm_port {
} *kadm_ports; } *kadm_ports;
static void static void
add_kadm_port(krb5_context context, const char *service, unsigned int port) add_kadm_port(krb5_context contextp, const char *service, unsigned int port)
{ {
struct kadm_port *p; struct kadm_port *p;
p = malloc(sizeof(*p)); p = malloc(sizeof(*p));
if(p == NULL) { if(p == NULL) {
krb5_warnx(context, "failed to allocate %lu bytes\n", krb5_warnx(contextp, "failed to allocate %lu bytes\n",
(unsigned long)sizeof(*p)); (unsigned long)sizeof(*p));
return; return;
} }
@@ -61,9 +61,9 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port)
} }
static void static void
add_standard_ports (krb5_context context) add_standard_ports (krb5_context contextp)
{ {
add_kadm_port(context, "kerberos-adm", 749); add_kadm_port(contextp, "kerberos-adm", 749);
} }
/* /*
@@ -73,15 +73,15 @@ add_standard_ports (krb5_context context)
*/ */
void void
parse_ports(krb5_context context, const char *str) parse_ports(krb5_context contextp, const char *str)
{ {
char p[128]; char p[128];
while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) { while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
if(strcmp(p, "+") == 0) if(strcmp(p, "+") == 0)
add_standard_ports(context); add_standard_ports(contextp);
else else
add_kadm_port(context, p, 0); add_kadm_port(contextp, p, 0);
} }
} }
@@ -120,10 +120,11 @@ terminate(int sig)
} }
static int static int
spawn_child(krb5_context context, int *socks, spawn_child(krb5_context contextp, int *socks,
unsigned int num_socks, int this_sock) unsigned int num_socks, int this_sock)
{ {
int e, i; int e;
size_t i;
struct sockaddr_storage __ss; struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss; struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss); socklen_t sa_size = sizeof(__ss);
@@ -135,20 +136,20 @@ spawn_child(krb5_context context, int *socks,
s = accept(socks[this_sock], sa, &sa_size); s = accept(socks[this_sock], sa, &sa_size);
if(rk_IS_BAD_SOCKET(s)) { if(rk_IS_BAD_SOCKET(s)) {
krb5_warn(context, rk_SOCK_ERRNO, "accept"); krb5_warn(contextp, rk_SOCK_ERRNO, "accept");
return 1; return 1;
} }
e = krb5_sockaddr2address(context, sa, &addr); e = krb5_sockaddr2address(contextp, sa, &addr);
if(e) if(e)
krb5_warn(context, e, "krb5_sockaddr2address"); krb5_warn(contextp, e, "krb5_sockaddr2address");
else { else {
e = krb5_print_address (&addr, buf, sizeof(buf), e = krb5_print_address (&addr, buf, sizeof(buf),
&buf_len); &buf_len);
if(e) if(e)
krb5_warn(context, e, "krb5_print_address"); krb5_warn(contextp, e, "krb5_print_address");
else else
krb5_warnx(context, "connection from %s", buf); krb5_warnx(contextp, "connection from %s", buf);
krb5_free_address(context, &addr); krb5_free_address(contextp, &addr);
} }
pid = fork(); pid = fork();
@@ -167,7 +168,7 @@ spawn_child(krb5_context context, int *socks,
} }
static void static void
wait_for_connection(krb5_context context, wait_for_connection(krb5_context contextp,
krb5_socket_t *socks, unsigned int num_socks) krb5_socket_t *socks, unsigned int num_socks)
{ {
unsigned int i; unsigned int i;
@@ -200,13 +201,13 @@ wait_for_connection(krb5_context context,
e = select(max_fd + 1, &read_set, NULL, NULL, NULL); e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
if(rk_IS_SOCKET_ERROR(e)) { if(rk_IS_SOCKET_ERROR(e)) {
if(rk_SOCK_ERRNO != EINTR) if(rk_SOCK_ERRNO != EINTR)
krb5_warn(context, rk_SOCK_ERRNO, "select"); krb5_warn(contextp, rk_SOCK_ERRNO, "select");
} else if(e == 0) } else if(e == 0)
krb5_warnx(context, "select returned 0"); krb5_warnx(contextp, "select returned 0");
else { else {
for(i = 0; i < num_socks; i++) { for(i = 0; i < num_socks; i++) {
if(FD_ISSET(socks[i], &read_set)) if(FD_ISSET(socks[i], &read_set))
if(spawn_child(context, socks, num_socks, i) == 0) if(spawn_child(contextp, socks, num_socks, i) == 0)
return; return;
} }
} }
@@ -221,7 +222,7 @@ wait_for_connection(krb5_context context,
void void
start_server(krb5_context context, const char *port_str) start_server(krb5_context contextp, const char *port_str)
{ {
int e; int e;
struct kadm_port *p; struct kadm_port *p;
@@ -233,7 +234,7 @@ start_server(krb5_context context, const char *port_str)
if (port_str == NULL) if (port_str == NULL)
port_str = "+"; port_str = "+";
parse_ports(context, port_str); parse_ports(contextp, port_str);
for(p = kadm_ports; p; p = p->next) { for(p = kadm_ports; p; p = p->next) {
struct addrinfo hints, *ai, *ap; struct addrinfo hints, *ai, *ap;
@@ -249,7 +250,7 @@ start_server(krb5_context context, const char *port_str)
} }
if(e) { if(e) {
krb5_warn(context, krb5_eai_to_heim_errno(e, errno), krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno),
"%s", portstr); "%s", portstr);
continue; continue;
} }
@@ -258,7 +259,7 @@ start_server(krb5_context context, const char *port_str)
i++; i++;
tmp = realloc(socks, (num_socks + i) * sizeof(*socks)); tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
if(tmp == NULL) { if(tmp == NULL) {
krb5_warnx(context, "failed to reallocate %lu bytes", krb5_warnx(contextp, "failed to reallocate %lu bytes",
(unsigned long)(num_socks + i) * sizeof(*socks)); (unsigned long)(num_socks + i) * sizeof(*socks));
continue; continue;
} }
@@ -266,7 +267,7 @@ start_server(krb5_context context, const char *port_str)
for(ap = ai; ap; ap = ap->ai_next) { for(ap = ai; ap; ap = ap->ai_next) {
krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
if(rk_IS_BAD_SOCKET(s)) { if(rk_IS_BAD_SOCKET(s)) {
krb5_warn(context, rk_SOCK_ERRNO, "socket"); krb5_warn(contextp, rk_SOCK_ERRNO, "socket");
continue; continue;
} }
@@ -274,12 +275,12 @@ start_server(krb5_context context, const char *port_str)
socket_set_ipv6only(s, 1); socket_set_ipv6only(s, 1);
if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) { if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
krb5_warn(context, rk_SOCK_ERRNO, "bind"); krb5_warn(contextp, rk_SOCK_ERRNO, "bind");
rk_closesocket(s); rk_closesocket(s);
continue; continue;
} }
if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) { if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
krb5_warn(context, rk_SOCK_ERRNO, "listen"); krb5_warn(contextp, rk_SOCK_ERRNO, "listen");
rk_closesocket(s); rk_closesocket(s);
continue; continue;
} }
@@ -288,7 +289,7 @@ start_server(krb5_context context, const char *port_str)
freeaddrinfo (ai); freeaddrinfo (ai);
} }
if(num_socks == 0) if(num_socks == 0)
krb5_errx(context, 1, "no sockets to listen to - exiting"); krb5_errx(contextp, 1, "no sockets to listen to - exiting");
wait_for_connection(context, socks, num_socks); wait_for_connection(contextp, socks, num_socks);
} }

13
kadmin/kadmin.c
View File

@@ -52,9 +52,9 @@ static getarg_strings policy_libraries = { 0, NULL };
static struct getargs args[] = { static struct getargs args[] = {
{ "principal", 'p', arg_string, &client_name, { "principal", 'p', arg_string, &client_name,
"principal to authenticate as" }, "principal to authenticate as", NULL },
{ "keytab", 'K', arg_string, &keytab, { "keytab", 'K', arg_string, &keytab,
"keytab for authentication principal" }, "keytab for authentication principal", NULL },
{ {
"config-file", 'c', arg_string, &config_file, "config-file", 'c', arg_string, &config_file,
"location of config file", "file" "location of config file", "file"
@@ -75,7 +75,8 @@ static struct getargs args[] = {
"server-port", 's', arg_integer, &server_port, "server-port", 's', arg_integer, &server_port,
"port to use", "port number" "port to use", "port number"
}, },
{ "ad", 0, arg_flag, &ad_flag, "active directory admin mode" }, { "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
NULL },
#ifdef HAVE_DLOPEN #ifdef HAVE_DLOPEN
{ "check-library", 0, arg_string, &check_library, { "check-library", 0, arg_string, &check_library,
"library to load password check function from", "library" }, "library to load password check function from", "library" },
@@ -84,9 +85,9 @@ static struct getargs args[] = {
{ "policy-libraries", 0, arg_strings, &policy_libraries, { "policy-libraries", 0, arg_strings, &policy_libraries,
"password check function to load", "function" }, "password check function to load", "function" },
#endif #endif
{ "local", 'l', arg_flag, &local_flag, "local admin mode" }, { "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag } { "version", 'v', arg_flag, &version_flag, NULL, NULL }
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);

9
kadmin/kadmind.c
View File

@@ -37,7 +37,8 @@ static char *check_library = NULL;
static char *check_function = NULL; static char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL }; static getarg_strings policy_libraries = { 0, NULL };
static char *config_file; static char *config_file;
static char *keytab_str = "HDB:"; static char sHDB[] = "HDB:";
static char *keytab_str = sHDB;
static int help_flag; static int help_flag;
static int version_flag; static int version_flag;
static int debug_flag; static int debug_flag;
@@ -65,12 +66,12 @@ static struct getargs args[] = {
"password check function to load", "function" }, "password check function to load", "function" },
#endif #endif
{ "debug", 'd', arg_flag, &debug_flag, { "debug", 'd', arg_flag, &debug_flag,
"enable debugging" "enable debugging", NULL
}, },
{ "ports", 'p', arg_string, &port_str, { "ports", 'p', arg_string, &port_str,
"ports to listen to", "port" }, "ports to listen to", "port" },
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag } { "version", 'v', arg_flag, &version_flag, NULL, NULL }
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);

2
kadmin/load.c
View File

@@ -153,7 +153,7 @@ parse_keys(hdb_entry *ent, char *str)
krb5_error_code ret; krb5_error_code ret;
int tmp; int tmp;
char *p; char *p;
int i; size_t i;
p = strsep(&str, ":"); p = strsep(&str, ":");
if (sscanf(p, "%d", &tmp) != 1) if (sscanf(p, "%d", &tmp) != 1)

14
kadmin/mod.c
View File

@@ -55,7 +55,7 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
} }
static void static void
add_constrained_delegation(krb5_context context, add_constrained_delegation(krb5_context contextp,
kadm5_principal_ent_rec *princ, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings) struct getarg_strings *strings)
{ {
@@ -81,13 +81,13 @@ add_constrained_delegation(krb5_context context,
ext.data.u.allowed_to_delegate_to.len = strings->num_strings; ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) { for (i = 0; i < strings->num_strings; i++) {
ret = krb5_parse_name(context, strings->strings[i], &p); ret = krb5_parse_name(contextp, strings->strings[i], &p);
if (ret) if (ret)
abort(); abort();
ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]); ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
if (ret) if (ret)
abort(); abort();
krb5_free_principal(context, p); krb5_free_principal(contextp, p);
} }
} }
@@ -103,7 +103,7 @@ add_constrained_delegation(krb5_context context,
} }
static void static void
add_aliases(krb5_context context, kadm5_principal_ent_rec *princ, add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings) struct getarg_strings *strings)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -128,9 +128,9 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
ext.data.u.aliases.aliases.len = strings->num_strings; ext.data.u.aliases.aliases.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) { for (i = 0; i < strings->num_strings; i++) {
ret = krb5_parse_name(context, strings->strings[i], &p); ret = krb5_parse_name(contextp, strings->strings[i], &p);
ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]); ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
krb5_free_principal(context, p); krb5_free_principal(contextp, p);
} }
} }
@@ -146,7 +146,7 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
} }
static void static void
add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ, add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings) struct getarg_strings *strings)
{ {
krb5_error_code ret; krb5_error_code ret;

166
kadmin/rpc.c
View File

@@ -161,7 +161,7 @@ parse_name(const unsigned char *p, size_t len,
static void static void
gss_error(krb5_context context, gss_error(krb5_context contextp,
gss_OID mech, OM_uint32 type, OM_uint32 error) gss_OID mech, OM_uint32 type, OM_uint32 error)
{ {
OM_uint32 new_stat; OM_uint32 new_stat;
@@ -176,7 +176,7 @@ gss_error(krb5_context context,
mech, mech,
&msg_ctx, &msg_ctx,
&status_string); &status_string);
krb5_warnx(context, "%.*s", krb5_warnx(contextp, "%.*s",
(int)status_string.length, (int)status_string.length,
(char *)status_string.value); (char *)status_string.value);
gss_release_buffer (&new_stat, &status_string); gss_release_buffer (&new_stat, &status_string);
@@ -184,11 +184,11 @@ gss_error(krb5_context context,
} }
static void static void
gss_print_errors (krb5_context context, gss_print_errors (krb5_context contextp,
OM_uint32 maj_stat, OM_uint32 min_stat) OM_uint32 maj_stat, OM_uint32 min_stat)
{ {
gss_error(context, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat); gss_error(contextp, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat);
gss_error(context, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat); gss_error(contextp, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat);
} }
static int static int
@@ -204,10 +204,10 @@ read_data(krb5_storage *sp, krb5_storage *msg, size_t len)
tlen = sizeof(buf); tlen = sizeof(buf);
slen = krb5_storage_read(sp, buf, tlen); slen = krb5_storage_read(sp, buf, tlen);
INSIST(slen == tlen); INSIST((size_t)slen == tlen);
slen = krb5_storage_write(msg, buf, tlen); slen = krb5_storage_write(msg, buf, tlen);
INSIST(slen == tlen); INSIST((size_t)slen == tlen);
len -= tlen; len -= tlen;
} }
@@ -252,7 +252,7 @@ store_data_xdr(krb5_storage *sp, krb5_data data)
static const char zero[4] = { 0, 0, 0, 0 }; static const char zero[4] = { 0, 0, 0, 0 };
ret = krb5_storage_write(sp, zero, res); ret = krb5_storage_write(sp, zero, res);
if(ret != res) if((size_t)ret != res)
return (ret < 0)? errno : krb5_storage_get_eof_code(sp); return (ret < 0)? errno : krb5_storage_get_eof_code(sp);
} }
return 0; return 0;
@@ -273,7 +273,7 @@ ret_data_xdr(krb5_storage *sp, krb5_data *data)
res = 4 - (data->length % 4); res = 4 - (data->length % 4);
if (res != 4) { if (res != 4) {
ret = krb5_storage_read(sp, buf, res); ret = krb5_storage_read(sp, buf, res);
if(ret != res) if((size_t)ret != res)
return (ret < 0)? errno : krb5_storage_get_eof_code(sp); return (ret < 0)? errno : krb5_storage_get_eof_code(sp);
} }
} }
@@ -362,19 +362,19 @@ ret_string_xdr(krb5_storage *sp, char **str)
} }
static int static int
store_principal_xdr(krb5_context context, store_principal_xdr(krb5_context contextp,
krb5_storage *sp, krb5_storage *sp,
krb5_principal p) krb5_principal p)
{ {
char *str; char *str;
CHECK(krb5_unparse_name(context, p, &str)); CHECK(krb5_unparse_name(contextp, p, &str));
CHECK(store_string_xdr(sp, str)); CHECK(store_string_xdr(sp, str));
free(str); free(str);
return 0; return 0;
} }
static int static int
ret_principal_xdr(krb5_context context, ret_principal_xdr(krb5_context contextp,
krb5_storage *sp, krb5_storage *sp,
krb5_principal *p) krb5_principal *p)
{ {
@@ -382,27 +382,27 @@ ret_principal_xdr(krb5_context context,
*p = NULL; *p = NULL;
CHECK(ret_string_xdr(sp, &str)); CHECK(ret_string_xdr(sp, &str));
if (str) { if (str) {
CHECK(krb5_parse_name(context, str, p)); CHECK(krb5_parse_name(contextp, str, p));
free(str); free(str);
} }
return 0; return 0;
} }
static int static int
store_principal_ent(krb5_context context, store_principal_ent(krb5_context contextp,
krb5_storage *sp, krb5_storage *sp,
kadm5_principal_ent_rec *ent) kadm5_principal_ent_rec *ent)
{ {
size_t i; int i;
CHECK(store_principal_xdr(context, sp, ent->principal)); CHECK(store_principal_xdr(contextp, sp, ent->principal));
CHECK(krb5_store_uint32(sp, ent->princ_expire_time)); CHECK(krb5_store_uint32(sp, ent->princ_expire_time));
CHECK(krb5_store_uint32(sp, ent->pw_expiration)); CHECK(krb5_store_uint32(sp, ent->pw_expiration));
CHECK(krb5_store_uint32(sp, ent->last_pwd_change)); CHECK(krb5_store_uint32(sp, ent->last_pwd_change));
CHECK(krb5_store_uint32(sp, ent->max_life)); CHECK(krb5_store_uint32(sp, ent->max_life));
CHECK(krb5_store_int32(sp, ent->mod_name == NULL)); CHECK(krb5_store_int32(sp, ent->mod_name == NULL));
if (ent->mod_name) if (ent->mod_name)
CHECK(store_principal_xdr(context, sp, ent->mod_name)); CHECK(store_principal_xdr(contextp, sp, ent->mod_name));
CHECK(krb5_store_uint32(sp, ent->mod_date)); CHECK(krb5_store_uint32(sp, ent->mod_date));
CHECK(krb5_store_uint32(sp, ent->attributes)); CHECK(krb5_store_uint32(sp, ent->attributes));
CHECK(krb5_store_uint32(sp, ent->kvno)); CHECK(krb5_store_uint32(sp, ent->kvno));
@@ -443,7 +443,7 @@ store_principal_ent(krb5_context context,
} }
static int static int
ret_principal_ent(krb5_context context, ret_principal_ent(krb5_context contextp,
krb5_storage *sp, krb5_storage *sp,
kadm5_principal_ent_rec *ent) kadm5_principal_ent_rec *ent)
{ {
@@ -452,7 +452,7 @@ ret_principal_ent(krb5_context context,
memset(ent, 0, sizeof(*ent)); memset(ent, 0, sizeof(*ent));
CHECK(ret_principal_xdr(context, sp, &ent->principal)); CHECK(ret_principal_xdr(contextp, sp, &ent->principal));
CHECK(krb5_ret_uint32(sp, &flag)); CHECK(krb5_ret_uint32(sp, &flag));
ent->princ_expire_time = flag; ent->princ_expire_time = flag;
CHECK(krb5_ret_uint32(sp, &flag)); CHECK(krb5_ret_uint32(sp, &flag));
@@ -463,7 +463,7 @@ ret_principal_ent(krb5_context context,
ent->max_life = flag; ent->max_life = flag;
CHECK(krb5_ret_uint32(sp, &flag)); CHECK(krb5_ret_uint32(sp, &flag));
if (flag == 0) if (flag == 0)
ret_principal_xdr(context, sp, &ent->mod_name); ret_principal_xdr(contextp, sp, &ent->mod_name);
CHECK(krb5_ret_uint32(sp, &flag)); CHECK(krb5_ret_uint32(sp, &flag));
ent->mod_date = flag; ent->mod_date = flag;
CHECK(krb5_ret_uint32(sp, &flag)); CHECK(krb5_ret_uint32(sp, &flag));
@@ -508,13 +508,13 @@ ret_principal_ent(krb5_context context,
count++; count++;
} }
INSIST(ent->n_tl_data == count); INSIST((size_t)ent->n_tl_data == count);
} else { } else {
INSIST(ent->n_tl_data == 0); INSIST(ent->n_tl_data == 0);
} }
CHECK(krb5_ret_uint32(sp, &num)); CHECK(krb5_ret_uint32(sp, &num));
INSIST(num == ent->n_key_data); INSIST(num == (uint32_t)ent->n_key_data);
ent->key_data = calloc(num, sizeof(ent->key_data[0])); ent->key_data = calloc(num, sizeof(ent->key_data[0]));
INSIST(ent->key_data != NULL); INSIST(ent->key_data != NULL);
@@ -538,7 +538,7 @@ ret_principal_ent(krb5_context context,
*/ */
static void static void
proc_create_principal(kadm5_server_context *context, proc_create_principal(kadm5_server_context *contextp,
krb5_storage *in, krb5_storage *in,
krb5_storage *out) krb5_storage *out)
{ {
@@ -551,30 +551,30 @@ proc_create_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version)); CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2); INSIST(version == VERSION2);
CHECK(ret_principal_ent(context->context, in, &ent)); CHECK(ret_principal_ent(contextp->context, in, &ent));
CHECK(krb5_ret_uint32(in, &mask)); CHECK(krb5_ret_uint32(in, &mask));
CHECK(ret_string_xdr(in, &password)); CHECK(ret_string_xdr(in, &password));
INSIST(ent.principal); INSIST(ent.principal);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, ent.principal); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal);
if (ret) if (ret)
goto fail; goto fail;
ret = kadm5_create_principal(context, &ent, mask, password); ret = kadm5_create_principal(contextp, &ent, mask, password);
fail: fail:
krb5_warn(context->context, ret, "create principal"); krb5_warn(contextp->context, ret, "create principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */ CHECK(krb5_store_uint32(out, ret)); /* code */
free(password); free(password);
kadm5_free_principal_ent(context, &ent); kadm5_free_principal_ent(contextp, &ent);
} }
static void static void
proc_delete_principal(kadm5_server_context *context, proc_delete_principal(kadm5_server_context *contextp,
krb5_storage *in, krb5_storage *in,
krb5_storage *out) krb5_storage *out)
{ {
@@ -584,24 +584,24 @@ proc_delete_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version)); CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2); INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ)); CHECK(ret_principal_xdr(contextp->context, in, &princ));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ);
if (ret) if (ret)
goto fail; goto fail;
ret = kadm5_delete_principal(context, princ); ret = kadm5_delete_principal(contextp, princ);
fail: fail:
krb5_warn(context->context, ret, "delete principal"); krb5_warn(contextp->context, ret, "delete principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */ CHECK(krb5_store_uint32(out, ret)); /* code */
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
} }
static void static void
proc_get_principal(kadm5_server_context *context, proc_get_principal(kadm5_server_context *contextp,
krb5_storage *in, krb5_storage *in,
krb5_storage *out) krb5_storage *out)
{ {
@@ -614,29 +614,29 @@ proc_get_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version)); CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2); INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ)); CHECK(ret_principal_xdr(contextp->context, in, &princ));
CHECK(krb5_ret_uint32(in, &mask)); CHECK(krb5_ret_uint32(in, &mask));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret) if(ret)
goto fail; goto fail;
ret = kadm5_get_principal(context, princ, &ent, mask); ret = kadm5_get_principal(contextp, princ, &ent, mask);
fail: fail:
krb5_warn(context->context, ret, "get principal principal"); krb5_warn(contextp->context, ret, "get principal principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */ CHECK(krb5_store_uint32(out, ret)); /* code */
if (ret == 0) { if (ret == 0) {
CHECK(store_principal_ent(context->context, out, &ent)); CHECK(store_principal_ent(contextp->context, out, &ent));
} }
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
kadm5_free_principal_ent(context, &ent); kadm5_free_principal_ent(contextp, &ent);
} }
static void static void
proc_chrand_principal_v2(kadm5_server_context *context, proc_chrand_principal_v2(kadm5_server_context *contextp,
krb5_storage *in, krb5_storage *in,
krb5_storage *out) krb5_storage *out)
{ {
@@ -648,36 +648,36 @@ proc_chrand_principal_v2(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version)); CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2); INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ)); CHECK(ret_principal_xdr(contextp->context, in, &princ));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) if(ret)
goto fail; goto fail;
ret = kadm5_randkey_principal(context, princ, ret = kadm5_randkey_principal(contextp, princ,
&new_keys, &n_keys); &new_keys, &n_keys);
fail: fail:
krb5_warn(context->context, ret, "rand key principal"); krb5_warn(contextp->context, ret, "rand key principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */ CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); CHECK(krb5_store_uint32(out, ret));
if (ret == 0) { if (ret == 0) {
size_t i; int i;
CHECK(krb5_store_int32(out, n_keys)); CHECK(krb5_store_int32(out, n_keys));
for(i = 0; i < n_keys; i++){ for(i = 0; i < n_keys; i++){
CHECK(krb5_store_uint32(out, new_keys[i].keytype)); CHECK(krb5_store_uint32(out, new_keys[i].keytype));
CHECK(store_data_xdr(out, new_keys[i].keyvalue)); CHECK(store_data_xdr(out, new_keys[i].keyvalue));
krb5_free_keyblock_contents(context->context, &new_keys[i]); krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
} }
free(new_keys); free(new_keys);
} }
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
} }
static void static void
proc_init(kadm5_server_context *context, proc_init(kadm5_server_context *contextp,
krb5_storage *in, krb5_storage *in,
krb5_storage *out) krb5_storage *out)
{ {
@@ -687,7 +687,7 @@ proc_init(kadm5_server_context *context,
} }
struct krb5_proc { struct krb5_proc {
char *name; const char *name;
void (*func)(kadm5_server_context *, krb5_storage *, krb5_storage *); void (*func)(kadm5_server_context *, krb5_storage *, krb5_storage *);
} procs[] = { } procs[] = {
{ "NULL", NULL }, { "NULL", NULL },
@@ -723,7 +723,7 @@ copyheader(krb5_storage *sp, krb5_data *data)
off = krb5_storage_seek(sp, 0, SEEK_CUR); off = krb5_storage_seek(sp, 0, SEEK_CUR);
CHECK(krb5_data_alloc(data, off)); CHECK(krb5_data_alloc(data, off));
INSIST(off == data->length); INSIST((size_t)off == data->length);
krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_seek(sp, 0, SEEK_SET);
sret = krb5_storage_read(sp, data->data, data->length); sret = krb5_storage_read(sp, data->data, data->length);
INSIST(sret == off); INSIST(sret == off);
@@ -741,7 +741,7 @@ struct gctx {
}; };
static int static int
process_stream(krb5_context context, process_stream(krb5_context contextp,
unsigned char *buf, size_t ilen, unsigned char *buf, size_t ilen,
krb5_storage *sp) krb5_storage *sp)
{ {
@@ -792,7 +792,7 @@ process_stream(krb5_context context,
if (ilen < 4) { if (ilen < 4) {
memcpy(tmp, buf, ilen); memcpy(tmp, buf, ilen);
slen = krb5_storage_read(sp, tmp + ilen, sizeof(tmp) - ilen); slen = krb5_storage_read(sp, tmp + ilen, sizeof(tmp) - ilen);
INSIST(slen == sizeof(tmp) - ilen); INSIST((size_t)slen == sizeof(tmp) - ilen);
ilen = sizeof(tmp); ilen = sizeof(tmp);
buf = tmp; buf = tmp;
@@ -809,12 +809,12 @@ process_stream(krb5_context context,
if (ilen) { if (ilen) {
if (len < ilen) { if (len < ilen) {
slen = krb5_storage_write(msg, buf, len); slen = krb5_storage_write(msg, buf, len);
INSIST(slen == len); INSIST((size_t)slen == len);
ilen -= len; ilen -= len;
len = 0; len = 0;
} else { } else {
slen = krb5_storage_write(msg, buf, ilen); slen = krb5_storage_write(msg, buf, ilen);
INSIST(slen == ilen); INSIST((size_t)slen == ilen);
len -= ilen; len -= ilen;
} }
} }
@@ -824,14 +824,14 @@ process_stream(krb5_context context,
if (!last_fragment) { if (!last_fragment) {
ret = collect_framents(sp, msg); ret = collect_framents(sp, msg);
if (ret == HEIM_ERR_EOF) if (ret == HEIM_ERR_EOF)
krb5_errx(context, 0, "client disconnected"); krb5_errx(contextp, 0, "client disconnected");
INSIST(ret == 0); INSIST(ret == 0);
} }
} else { } else {
ret = collect_framents(sp, msg); ret = collect_framents(sp, msg);
if (ret == HEIM_ERR_EOF) if (ret == HEIM_ERR_EOF)
krb5_errx(context, 0, "client disconnected"); krb5_errx(contextp, 0, "client disconnected");
INSIST(ret == 0); INSIST(ret == 0);
} }
krb5_storage_seek(msg, 0, SEEK_SET); krb5_storage_seek(msg, 0, SEEK_SET);
@@ -873,7 +873,7 @@ process_stream(krb5_context context,
krb5_data data; krb5_data data;
int conf_state; int conf_state;
uint32_t seq; uint32_t seq;
krb5_storage *sp; krb5_storage *sp1;
INSIST(gcred.service == rpg_privacy); INSIST(gcred.service == rpg_privacy);
@@ -892,10 +892,10 @@ process_stream(krb5_context context,
INSIST(maj_stat == GSS_S_COMPLETE); INSIST(maj_stat == GSS_S_COMPLETE);
INSIST(conf_state != 0); INSIST(conf_state != 0);
sp = krb5_storage_from_mem(gout.value, gout.length); sp1 = krb5_storage_from_mem(gout.value, gout.length);
INSIST(sp != NULL); INSIST(sp1 != NULL);
CHECK(krb5_ret_uint32(sp, &seq)); CHECK(krb5_ret_uint32(sp1, &seq));
INSIST (seq == gcred.seq_num); INSIST (seq == gcred.seq_num);
/* /*
@@ -905,19 +905,19 @@ process_stream(krb5_context context,
gctx.seq_num = seq; gctx.seq_num = seq;
/* /*
* If context is setup, priv data have the seq_num stored * If contextp is setup, priv data have the seq_num stored
* first in the block, so add it here before users data is * first in the block, so add it here before users data is
* added. * added.
*/ */
CHECK(krb5_store_uint32(dreply, gctx.seq_num)); CHECK(krb5_store_uint32(dreply, gctx.seq_num));
if (chdr.proc >= sizeof(procs)/sizeof(procs[0])) { if (chdr.proc >= sizeof(procs)/sizeof(procs[0])) {
krb5_warnx(context, "proc number out of array"); krb5_warnx(contextp, "proc number out of array");
} else if (procs[chdr.proc].func == NULL) { } else if (procs[chdr.proc].func == NULL) {
krb5_warnx(context, "proc '%s' never implemented", krb5_warnx(contextp, "proc '%s' never implemented",
procs[chdr.proc].name); procs[chdr.proc].name);
} else { } else {
krb5_warnx(context, "proc %s", procs[chdr.proc].name); krb5_warnx(contextp, "proc %s", procs[chdr.proc].name);
INSIST(server_handle != NULL); INSIST(server_handle != NULL);
(*procs[chdr.proc].func)(server_handle, sp, dreply); (*procs[chdr.proc].func)(server_handle, sp, dreply);
} }
@@ -957,29 +957,29 @@ process_stream(krb5_context context,
NULL, NULL,
NULL); NULL);
if (GSS_ERROR(maj_stat)) { if (GSS_ERROR(maj_stat)) {
gss_print_errors(context, maj_stat, min_stat); gss_print_errors(contextp, maj_stat, min_stat);
krb5_errx(context, 1, "gss error, exit"); krb5_errx(contextp, 1, "gss error, exit");
} }
if ((maj_stat & GSS_S_CONTINUE_NEEDED) == 0) { if ((maj_stat & GSS_S_CONTINUE_NEEDED) == 0) {
kadm5_config_params realm_params; kadm5_config_params realm_params;
gss_buffer_desc buf; gss_buffer_desc bufp;
char *client; char *client;
gctx.done = 1; gctx.done = 1;
memset(&realm_params, 0, sizeof(realm_params)); memset(&realm_params, 0, sizeof(realm_params));
maj_stat = gss_export_name(&min_stat, src_name, &buf); maj_stat = gss_export_name(&min_stat, src_name, &bufp);
INSIST(maj_stat == GSS_S_COMPLETE); INSIST(maj_stat == GSS_S_COMPLETE);
CHECK(parse_name(buf.value, buf.length, CHECK(parse_name(bufp.value, bufp.length,
GSS_KRB5_MECHANISM, &client)); GSS_KRB5_MECHANISM, &client));
gss_release_buffer(&min_stat, &buf); gss_release_buffer(&min_stat, &bufp);
krb5_warnx(context, "%s connected", client); krb5_warnx(contextp, "%s connected", client);
ret = kadm5_s_init_with_password_ctx(context, ret = kadm5_s_init_with_password_ctx(contextp,
client, client,
NULL, NULL,
KADM5_ADMIN_SERVICE, KADM5_ADMIN_SERVICE,
@@ -1002,9 +1002,9 @@ process_stream(krb5_context context,
break; break;
} }
case RPG_DESTROY: case RPG_DESTROY:
krb5_errx(context, 1, "client destroyed gss context"); krb5_errx(contextp, 1, "client destroyed gss contextp");
default: default:
krb5_errx(context, 1, "client sent unknown gsscode %d", krb5_errx(contextp, 1, "client sent unknown gsscode %d",
(int)gcred.proc); (int)gcred.proc);
} }
@@ -1026,7 +1026,7 @@ process_stream(krb5_context context,
CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */ CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */
CHECK(krb5_storage_to_data(dreply, &data)); CHECK(krb5_storage_to_data(dreply, &data));
INSIST(krb5_storage_write(reply, data.data, data.length) == data.length); INSIST((size_t)krb5_storage_write(reply, data.data, data.length) == data.length);
krb5_data_free(&data); krb5_data_free(&data);
} else { } else {
@@ -1054,7 +1054,7 @@ process_stream(krb5_context context,
ssize_t sret; ssize_t sret;
gctx.inprogress = 0; gctx.inprogress = 0;
sret = krb5_storage_write(reply, data.data, data.length); sret = krb5_storage_write(reply, data.data, data.length);
INSIST(sret == data.length); INSIST((size_t)sret == data.length);
krb5_data_free(&data); krb5_data_free(&data);
} else { } else {
int conf_state; int conf_state;
@@ -1082,7 +1082,7 @@ process_stream(krb5_context context,
CHECK(krb5_storage_to_data(reply, &data)); CHECK(krb5_storage_to_data(reply, &data));
CHECK(krb5_store_uint32(sp, data.length | LAST_FRAGMENT)); CHECK(krb5_store_uint32(sp, data.length | LAST_FRAGMENT));
sret = krb5_storage_write(sp, data.data, data.length); sret = krb5_storage_write(sp, data.data, data.length);
INSIST(sret == data.length); INSIST((size_t)sret == data.length);
krb5_data_free(&data); krb5_data_free(&data);
} }
@@ -1091,16 +1091,16 @@ process_stream(krb5_context context,
int int
handle_mit(krb5_context context, void *buf, size_t len, krb5_socket_t sock) handle_mit(krb5_context contextp, void *buf, size_t len, krb5_socket_t sock)
{ {
krb5_storage *sp; krb5_storage *sp;
dcontext = context; dcontext = contextp;
sp = krb5_storage_from_fd(sock); sp = krb5_storage_from_fd(sock);
INSIST(sp != NULL); INSIST(sp != NULL);
process_stream(context, buf, len, sp); process_stream(contextp, buf, len, sp);
return 0; return 0;
} }

235
kadmin/server.c
View File

@@ -35,14 +35,14 @@
#include <krb5-private.h> #include <krb5-private.h>
static kadm5_ret_t static kadm5_ret_t
kadmind_dispatch(void *kadm_handle, krb5_boolean initial, kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_data *in, krb5_data *out) krb5_data *in, krb5_data *out)
{ {
kadm5_ret_t ret; kadm5_ret_t ret;
int32_t cmd, mask, tmp; int32_t cmd, mask, tmp;
kadm5_server_context *context = kadm_handle; kadm5_server_context *contextp = kadm_handlep;
char client[128], name[128], name2[128]; char client[128], name[128], name2[128];
char *op = ""; const char *op = "";
krb5_principal princ, princ2; krb5_principal princ, princ2;
kadm5_principal_ent_rec ent; kadm5_principal_ent_rec ent;
char *password, *expression; char *password, *expression;
@@ -52,12 +52,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
int n_princs; int n_princs;
krb5_storage *sp; krb5_storage *sp;
krb5_unparse_name_fixed(context->context, context->caller, krb5_unparse_name_fixed(contextp->context, contextp->caller,
client, sizeof(client)); client, sizeof(client));
sp = krb5_storage_from_data(in); sp = krb5_storage_from_data(in);
if (sp == NULL) if (sp == NULL)
krb5_errx(context->context, 1, "out of memory"); krb5_errx(contextp->context, 1, "out of memory");
krb5_ret_int32(sp, &cmd); krb5_ret_int32(sp, &cmd);
switch(cmd){ switch(cmd){
@@ -68,26 +68,26 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_int32(sp, &mask); ret = krb5_ret_int32(sp, &mask);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
mask |= KADM5_PRINCIPAL; mask |= KADM5_PRINCIPAL;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = kadm5_get_principal(kadm_handle, princ, &ent, mask); ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
if(ret == 0){ if(ret == 0){
kadm5_store_principal_ent(sp, &ent); kadm5_store_principal_ent(sp, &ent);
kadm5_free_principal_ent(kadm_handle, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
} }
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
break; break;
} }
case kadm_delete:{ case kadm_delete:{
@@ -95,15 +95,15 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
ret = krb5_ret_principal(sp, &princ); ret = krb5_ret_principal(sp, &princ);
if(ret) if(ret)
goto fail; goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = kadm5_delete_principal(kadm_handle, princ); ret = kadm5_delete_principal(kadm_handlep, princ);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -116,28 +116,28 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_int32(sp, &mask); ret = krb5_ret_int32(sp, &mask);
if(ret){ if(ret){
kadm5_free_principal_ent(context->context, &ent); kadm5_free_principal_ent(contextp->context, &ent);
goto fail; goto fail;
} }
ret = krb5_ret_string(sp, &password); ret = krb5_ret_string(sp, &password);
if(ret){ if(ret){
kadm5_free_principal_ent(context->context, &ent); kadm5_free_principal_ent(contextp->context, &ent);
goto fail; goto fail;
} }
krb5_unparse_name_fixed(context->context, ent.principal, krb5_unparse_name_fixed(contextp->context, ent.principal,
name, sizeof(name)); name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD,
ent.principal); ent.principal);
if(ret){ if(ret){
kadm5_free_principal_ent(context->context, &ent); kadm5_free_principal_ent(contextp->context, &ent);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
free(password); free(password);
goto fail; goto fail;
} }
ret = kadm5_create_principal(kadm_handle, &ent, ret = kadm5_create_principal(kadm_handlep, &ent,
mask, password); mask, password);
kadm5_free_principal_ent(kadm_handle, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
free(password); free(password);
krb5_storage_free(sp); krb5_storage_free(sp);
@@ -152,20 +152,20 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_int32(sp, &mask); ret = krb5_ret_int32(sp, &mask);
if(ret){ if(ret){
kadm5_free_principal_ent(context, &ent); kadm5_free_principal_ent(contextp, &ent);
goto fail; goto fail;
} }
krb5_unparse_name_fixed(context->context, ent.principal, krb5_unparse_name_fixed(contextp->context, ent.principal,
name, sizeof(name)); name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY, ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_MODIFY,
ent.principal); ent.principal);
if(ret){ if(ret){
kadm5_free_principal_ent(context, &ent); kadm5_free_principal_ent(contextp, &ent);
goto fail; goto fail;
} }
ret = kadm5_modify_principal(kadm_handle, &ent, mask); ret = kadm5_modify_principal(kadm_handlep, &ent, mask);
kadm5_free_principal_ent(kadm_handle, &ent); kadm5_free_principal_ent(kadm_handlep, &ent);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -178,27 +178,27 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_principal(sp, &princ2); ret = krb5_ret_principal(sp, &princ2);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2)); krb5_unparse_name_fixed(contextp->context, princ2, name2, sizeof(name2));
krb5_warnx(context->context, "%s: %s %s -> %s", krb5_warnx(contextp->context, "%s: %s %s -> %s",
client, op, name, name2); client, op, name, name2);
ret = _kadm5_acl_check_permission(context, ret = _kadm5_acl_check_permission(contextp,
KADM5_PRIV_ADD, KADM5_PRIV_ADD,
princ2) princ2)
|| _kadm5_acl_check_permission(context, || _kadm5_acl_check_permission(contextp,
KADM5_PRIV_DELETE, KADM5_PRIV_DELETE,
princ); princ);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
krb5_free_principal(context->context, princ2); krb5_free_principal(contextp->context, princ2);
goto fail; goto fail;
} }
ret = kadm5_rename_principal(kadm_handle, princ, princ2); ret = kadm5_rename_principal(kadm_handlep, princ, princ2);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
krb5_free_principal(context->context, princ2); krb5_free_principal(contextp->context, princ2);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -211,11 +211,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_string(sp, &password); ret = krb5_ret_string(sp, &password);
if(ret){ if(ret){
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/* /*
* The change is allowed if at least one of: * The change is allowed if at least one of:
@@ -227,7 +227,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
*/ */
if (initial if (initial
&& krb5_principal_compare (context->context, context->caller, && krb5_principal_compare (contextp->context, contextp->caller,
princ)) princ))
{ {
krb5_data pwd_data; krb5_data pwd_data;
@@ -236,23 +236,23 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
pwd_data.data = password; pwd_data.data = password;
pwd_data.length = strlen(password); pwd_data.length = strlen(password);
pwd_reason = kadm5_check_password_quality (context->context, pwd_reason = kadm5_check_password_quality (contextp->context,
princ, &pwd_data); princ, &pwd_data);
if (pwd_reason != NULL) if (pwd_reason != NULL)
ret = KADM5_PASS_Q_DICT; ret = KADM5_PASS_Q_DICT;
else else
ret = 0; ret = 0;
} else } else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) { if(ret) {
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
free(password); free(password);
goto fail; goto fail;
} }
ret = kadm5_chpass_principal(kadm_handle, princ, password); ret = kadm5_chpass_principal(kadm_handlep, princ, password);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password)); memset(password, 0, strlen(password));
free(password); free(password);
krb5_storage_free(sp); krb5_storage_free(sp);
@@ -271,21 +271,21 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
ret = krb5_ret_int32(sp, &n_key_data); ret = krb5_ret_int32(sp, &n_key_data);
if (ret) { if (ret) {
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
/* n_key_data will be squeezed into an int16_t below. */ /* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 || if (n_key_data < 0 || n_key_data >= 1 << 16 ||
n_key_data > UINT_MAX/sizeof(*key_data)) { (size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
ret = ERANGE; ret = ERANGE;
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
key_data = malloc (n_key_data * sizeof(*key_data)); key_data = malloc (n_key_data * sizeof(*key_data));
if (key_data == NULL && n_key_data != 0) { if (key_data == NULL && n_key_data != 0) {
ret = ENOMEM; ret = ENOMEM;
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
@@ -294,38 +294,38 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
if (ret) { if (ret) {
int16_t dummy = i; int16_t dummy = i;
kadm5_free_key_data (context, &dummy, key_data); kadm5_free_key_data (contextp, &dummy, key_data);
free (key_data); free (key_data);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
} }
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/* /*
* The change is only allowed if the user is on the CPW ACL, * The change is only allowed if the user is on the CPW ACL,
* this it to force password quality check on the user. * this it to force password quality check on the user.
*/ */
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) { if(ret) {
int16_t dummy = n_key_data; int16_t dummy = n_key_data;
kadm5_free_key_data (context, &dummy, key_data); kadm5_free_key_data (contextp, &dummy, key_data);
free (key_data); free (key_data);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = kadm5_chpass_principal_with_key(kadm_handle, princ, ret = kadm5_chpass_principal_with_key(kadm_handlep, princ,
n_key_data, key_data); n_key_data, key_data);
{ {
int16_t dummy = n_key_data; int16_t dummy = n_key_data;
kadm5_free_key_data (context, &dummy, key_data); kadm5_free_key_data (contextp, &dummy, key_data);
} }
free (key_data); free (key_data);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -336,8 +336,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
ret = krb5_ret_principal(sp, &princ); ret = krb5_ret_principal(sp, &princ);
if(ret) if(ret)
goto fail; goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name)); krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name); krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/* /*
* The change is allowed if at least one of: * The change is allowed if at least one of:
* a) it's for the principal him/herself and this was an initial ticket * a) it's for the principal him/herself and this was an initial ticket
@@ -345,19 +345,19 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
*/ */
if (initial if (initial
&& krb5_principal_compare (context->context, context->caller, && krb5_principal_compare (contextp->context, contextp->caller,
princ)) princ))
ret = 0; ret = 0;
else else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) { if(ret) {
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
goto fail; goto fail;
} }
ret = kadm5_randkey_principal(kadm_handle, princ, ret = kadm5_randkey_principal(kadm_handlep, princ,
&new_keys, &n_keys); &new_keys, &n_keys);
krb5_free_principal(context->context, princ); krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -366,7 +366,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_store_int32(sp, n_keys); krb5_store_int32(sp, n_keys);
for(i = 0; i < n_keys; i++){ for(i = 0; i < n_keys; i++){
krb5_store_keyblock(sp, new_keys[i]); krb5_store_keyblock(sp, new_keys[i]);
krb5_free_keyblock_contents(context->context, &new_keys[i]); krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
} }
free(new_keys); free(new_keys);
} }
@@ -374,7 +374,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
} }
case kadm_get_privs:{ case kadm_get_privs:{
uint32_t privs; uint32_t privs;
ret = kadm5_get_privs(kadm_handle, &privs); ret = kadm5_get_privs(kadm_handlep, &privs);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
@@ -393,14 +393,14 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail; goto fail;
}else }else
expression = NULL; expression = NULL;
krb5_warnx(context->context, "%s: %s %s", client, op, krb5_warnx(contextp->context, "%s: %s %s", client, op,
expression ? expression : "*"); expression ? expression : "*");
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL); ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_LIST, NULL);
if(ret){ if(ret){
free(expression); free(expression);
goto fail; goto fail;
} }
ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs); ret = kadm5_get_principals(kadm_handlep, expression, &princs, &n_princs);
free(expression); free(expression);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
@@ -410,12 +410,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_store_int32(sp, n_princs); krb5_store_int32(sp, n_princs);
for(i = 0; i < n_princs; i++) for(i = 0; i < n_princs; i++)
krb5_store_string(sp, princs[i]); krb5_store_string(sp, princs[i]);
kadm5_free_name_list(kadm_handle, princs, &n_princs); kadm5_free_name_list(kadm_handlep, princs, &n_princs);
} }
break; break;
} }
default: default:
krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd); krb5_warnx(contextp->context, "%s: UNKNOWN OP %d", client, cmd);
krb5_storage_free(sp); krb5_storage_free(sp);
sp = krb5_storage_emem(); sp = krb5_storage_emem();
krb5_store_int32(sp, KADM5_FAILURE); krb5_store_int32(sp, KADM5_FAILURE);
@@ -425,7 +425,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_storage_free(sp); krb5_storage_free(sp);
return 0; return 0;
fail: fail:
krb5_warn(context->context, ret, "%s", op); krb5_warn(contextp->context, ret, "%s", op);
krb5_storage_seek(sp, 0, SEEK_SET); krb5_storage_seek(sp, 0, SEEK_SET);
krb5_store_int32(sp, ret); krb5_store_int32(sp, ret);
krb5_storage_to_data(sp, out); krb5_storage_to_data(sp, out);
@@ -434,10 +434,10 @@ fail:
} }
static void static void
v5_loop (krb5_context context, v5_loop (krb5_context contextp,
krb5_auth_context ac, krb5_auth_context ac,
krb5_boolean initial, krb5_boolean initial,
void *kadm_handle, void *kadm_handlep,
krb5_socket_t fd) krb5_socket_t fd)
{ {
krb5_error_code ret; krb5_error_code ret;
@@ -447,17 +447,17 @@ v5_loop (krb5_context context,
doing_useful_work = 0; doing_useful_work = 0;
if(term_flag) if(term_flag)
exit(0); exit(0);
ret = krb5_read_priv_message(context, ac, &fd, &in); ret = krb5_read_priv_message(contextp, ac, &fd, &in);
if(ret == HEIM_ERR_EOF) if(ret == HEIM_ERR_EOF)
exit(0); exit(0);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message"); krb5_err(contextp, 1, ret, "krb5_read_priv_message");
doing_useful_work = 1; doing_useful_work = 1;
kadmind_dispatch(kadm_handle, initial, &in, &out); kadmind_dispatch(kadm_handlep, initial, &in, &out);
krb5_data_free(&in); krb5_data_free(&in);
ret = krb5_write_priv_message(context, ac, &fd, &out); ret = krb5_write_priv_message(contextp, ac, &fd, &out);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_write_priv_message"); krb5_err(contextp, 1, ret, "krb5_write_priv_message");
} }
} }
@@ -467,12 +467,13 @@ match_appl_version(const void *data, const char *appl_version)
unsigned minor; unsigned minor;
if(sscanf(appl_version, "KADM0.%u", &minor) != 1) if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
return 0; return 0;
*(unsigned*)data = minor; /*XXX*/
*(unsigned*)(intptr_t)data = minor;
return 1; return 1;
} }
static void static void
handle_v5(krb5_context context, handle_v5(krb5_context contextp,
krb5_keytab keytab, krb5_keytab keytab,
krb5_socket_t fd) krb5_socket_t fd)
{ {
@@ -480,29 +481,29 @@ handle_v5(krb5_context context,
krb5_ticket *ticket; krb5_ticket *ticket;
char *server_name; char *server_name;
char *client; char *client;
void *kadm_handle; void *kadm_handlep;
krb5_boolean initial; krb5_boolean initial;
krb5_auth_context ac = NULL; krb5_auth_context ac = NULL;
unsigned kadm_version; unsigned kadm_version;
kadm5_config_params realm_params; kadm5_config_params realm_params;
ret = krb5_recvauth_match_version(context, &ac, &fd, ret = krb5_recvauth_match_version(contextp, &ac, &fd,
match_appl_version, &kadm_version, match_appl_version, &kadm_version,
NULL, KRB5_RECVAUTH_IGNORE_VERSION, NULL, KRB5_RECVAUTH_IGNORE_VERSION,
keytab, &ticket); keytab, &ticket);
if(ret == KRB5_KT_NOTFOUND) if(ret == KRB5_KT_NOTFOUND)
krb5_errx(context, 1, "krb5_recvauth: key not found"); krb5_errx(contextp, 1, "krb5_recvauth: key not found");
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_recvauth"); krb5_err(contextp, 1, ret, "krb5_recvauth");
ret = krb5_unparse_name (context, ticket->server, &server_name); ret = krb5_unparse_name (contextp, ticket->server, &server_name);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name"); krb5_err (contextp, 1, ret, "krb5_unparse_name");
if (strncmp (server_name, KADM5_ADMIN_SERVICE, if (strncmp (server_name, KADM5_ADMIN_SERVICE,
strlen(KADM5_ADMIN_SERVICE)) != 0) strlen(KADM5_ADMIN_SERVICE)) != 0)
krb5_errx (context, 1, "ticket for strange principal (%s)", krb5_errx (contextp, 1, "ticket for strange principal (%s)",
server_name); server_name);
free (server_name); free (server_name);
@@ -511,31 +512,31 @@ handle_v5(krb5_context context,
if(kadm_version == 1) { if(kadm_version == 1) {
krb5_data params; krb5_data params;
ret = krb5_read_priv_message(context, ac, &fd, &params); ret = krb5_read_priv_message(contextp, ac, &fd, &params);
if(ret) if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message"); krb5_err(contextp, 1, ret, "krb5_read_priv_message");
_kadm5_unmarshal_params(context, &params, &realm_params); _kadm5_unmarshal_params(contextp, &params, &realm_params);
} }
initial = ticket->ticket.flags.initial; initial = ticket->ticket.flags.initial;
ret = krb5_unparse_name(context, ticket->client, &client); ret = krb5_unparse_name(contextp, ticket->client, &client);
if (ret) if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name"); krb5_err (contextp, 1, ret, "krb5_unparse_name");
krb5_free_ticket (context, ticket); krb5_free_ticket (contextp, ticket);
ret = kadm5_s_init_with_password_ctx(context, ret = kadm5_s_init_with_password_ctx(contextp,
client, client,
NULL, NULL,
KADM5_ADMIN_SERVICE, KADM5_ADMIN_SERVICE,
&realm_params, &realm_params,
0, 0, 0, 0,
&kadm_handle); &kadm_handlep);
if(ret) if(ret)
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx"); krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx");
v5_loop (context, ac, initial, kadm_handle, fd); v5_loop (contextp, ac, initial, kadm_handlep, fd);
} }
krb5_error_code krb5_error_code
kadmind_loop(krb5_context context, kadmind_loop(krb5_context contextp,
krb5_keytab keytab, krb5_keytab keytab,
krb5_socket_t sock) krb5_socket_t sock)
{ {
@@ -543,30 +544,30 @@ kadmind_loop(krb5_context context,
ssize_t n; ssize_t n;
unsigned long len; unsigned long len;
n = krb5_net_read(context, &sock, buf, 4); n = krb5_net_read(contextp, &sock, buf, 4);
if(n == 0) if(n == 0)
exit(0); exit(0);
if(n < 0) if(n < 0)
krb5_err(context, 1, errno, "read"); krb5_err(contextp, 1, errno, "read");
_krb5_get_int(buf, &len, 4); _krb5_get_int(buf, &len, 4);
if (len == sizeof(KRB5_SENDAUTH_VERSION)) { if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
n = krb5_net_read(context, &sock, buf + 4, len); n = krb5_net_read(contextp, &sock, buf + 4, len);
if (n < 0) if (n < 0)
krb5_err (context, 1, errno, "reading sendauth version"); krb5_err (contextp, 1, errno, "reading sendauth version");
if (n == 0) if (n == 0)
krb5_errx (context, 1, "EOF reading sendauth version"); krb5_errx (contextp, 1, "EOF reading sendauth version");
if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) { if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
handle_v5(context, keytab, sock); handle_v5(contextp, keytab, sock);
return 0; return 0;
} }
len += 4; len += 4;
} else } else
len = 4; len = 4;
handle_mit(context, buf, len, sock); handle_mit(contextp, buf, len, sock);
return 0; return 0;
} }

31
kdc/config.c
View File

@@ -74,30 +74,31 @@ static struct getargs args[] = {
}, },
{ {
"require-preauth", 'p', arg_negative_flag, &require_preauth, "require-preauth", 'p', arg_negative_flag, &require_preauth,
"don't require pa-data in as-reqs" "don't require pa-data in as-reqs", NULL
}, },
{ {
"max-request", 0, arg_string, &max_request_str, "max-request", 0, arg_string, &max_request_str,
"max size for a kdc-request", "size" "max size for a kdc-request", "size"
}, },
{ "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" }, { "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support",
NULL },
{ "524", 0, arg_negative_flag, &enable_524, { "524", 0, arg_negative_flag, &enable_524,
"don't respond to 524 requests" "don't respond to 524 requests", NULL
}, },
{ {
"kaserver", 'K', arg_flag, &enable_kaserver, "kaserver", 'K', arg_flag, &enable_kaserver,
"enable kaserver support" "enable kaserver support", NULL
}, },
{ "kerberos4", 0, arg_flag, &enable_v4, { "kerberos4", 0, arg_flag, &enable_v4,
"respond to kerberos 4 requests" "respond to kerberos 4 requests", NULL
}, },
{ {
"v4-realm", 'r', arg_string, &v4_realm, "v4-realm", 'r', arg_string, &v4_realm,
"realm to serve v4-requests for" "realm to serve v4-requests for", NULL
}, },
{ "kerberos4-cross-realm", 0, arg_flag, { "kerberos4-cross-realm", 0, arg_flag,
&enable_v4_cross_realm, &enable_v4_cross_realm,
"respond to kerberos 4 requests from foreign realms" "respond to kerberos 4 requests from foreign realms", NULL
}, },
{ "ports", 'P', arg_string, rk_UNCONST(&port_str), { "ports", 'P', arg_string, rk_UNCONST(&port_str),
"ports to listen to", "portspec" "ports to listen to", "portspec"
@@ -106,29 +107,29 @@ static struct getargs args[] = {
#if DETACH_IS_DEFAULT #if DETACH_IS_DEFAULT
{ {
"detach", 'D', arg_negative_flag, &detach_from_console, "detach", 'D', arg_negative_flag, &detach_from_console,
"don't detach from console" "don't detach from console", NULL
}, },
#else #else
{ {
"detach", 0 , arg_flag, &detach_from_console, "detach", 0 , arg_flag, &detach_from_console,
"detach from console" "detach from console", NULL
}, },
#endif #endif
#endif #endif
{ "addresses", 0, arg_strings, &addresses_str, { "addresses", 0, arg_strings, &addresses_str,
"addresses to listen on", "list of addresses" }, "addresses to listen on", "list of addresses" },
{ "disable-des", 0, arg_flag, &disable_des, { "disable-des", 0, arg_flag, &disable_des,
"disable DES" }, "disable DES", NULL },
{ "builtin-hdb", 0, arg_flag, &builtin_hdb_flag, { "builtin-hdb", 0, arg_flag, &builtin_hdb_flag,
"list builtin hdb backends"}, "list builtin hdb backends", NULL},
{ "runas-user", 0, arg_string, &runas_string, { "runas-user", 0, arg_string, &runas_string,
"run as this user when connected to network" "run as this user when connected to network", NULL
}, },
{ "chroot", 0, arg_string, &chroot_string, { "chroot", 0, arg_string, &chroot_string,
"chroot directory to run in" "chroot directory to run in", NULL
}, },
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag } { "version", 'v', arg_flag, &version_flag, NULL, NULL }
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);

16
kdc/connect.c
View File

@@ -60,7 +60,7 @@ struct port_desc{
/* the current ones */ /* the current ones */
static struct port_desc *ports; static struct port_desc *ports;
static int num_ports; static size_t num_ports;
/* /*
* add `family, port, protocol' to the list with duplicate suppresion. * add `family, port, protocol' to the list with duplicate suppresion.
@@ -71,7 +71,7 @@ add_port(krb5_context context,
int family, int port, const char *protocol) int family, int port, const char *protocol)
{ {
int type; int type;
int i; size_t i;
if(strcmp(protocol, "udp") == 0) if(strcmp(protocol, "udp") == 0)
type = SOCK_DGRAM; type = SOCK_DGRAM;
@@ -324,7 +324,7 @@ init_sockets(krb5_context context,
struct descr **desc) struct descr **desc)
{ {
krb5_error_code ret; krb5_error_code ret;
int i, j; size_t i, j;
struct descr *d; struct descr *d;
int num = 0; int num = 0;
krb5_addresses addresses; krb5_addresses addresses;
@@ -478,7 +478,7 @@ handle_udp(krb5_context context,
struct descr *d) struct descr *d)
{ {
unsigned char *buf; unsigned char *buf;
int n; ssize_t n;
buf = malloc(max_request_udp); buf = malloc(max_request_udp);
if(buf == NULL){ if(buf == NULL){
@@ -493,7 +493,7 @@ handle_udp(krb5_context context,
else { else {
addr_to_string (context, d->sa, d->sock_len, addr_to_string (context, d->sa, d->sock_len,
d->addr_string, sizeof(d->addr_string)); d->addr_string, sizeof(d->addr_string));
if (n == max_request_udp) { if ((size_t)n == max_request_udp) {
krb5_data data; krb5_data data;
krb5_warn(context, errno, krb5_warn(context, errno,
"recvfrom: truncated packet from %s, asking for TCP", "recvfrom: truncated packet from %s, asking for TCP",
@@ -754,7 +754,7 @@ handle_http_tcp (krb5_context context,
return -1; return -1;
} }
} }
if (len > d->len) if ((size_t)len > d->len)
len = d->len; len = d->len;
memcpy(d->buf, data, len); memcpy(d->buf, data, len);
d->len = len; d->len = len;
@@ -864,7 +864,7 @@ loop(krb5_context context,
fd_set fds; fd_set fds;
int min_free = -1; int min_free = -1;
int max_fd = 0; int max_fd = 0;
int i; size_t i;
FD_ZERO(&fds); FD_ZERO(&fds);
for(i = 0; i < ndescr; i++) { for(i = 0; i < ndescr; i++) {
@@ -886,7 +886,7 @@ loop(krb5_context context,
#endif #endif
#endif #endif
FD_SET(d[i].s, &fds); FD_SET(d[i].s, &fds);
} else if(min_free < 0 || i < min_free) } else if(min_free < 0 || i < (size_t)min_free)
min_free = i; min_free = i;
} }
if(min_free == -1){ if(min_free == -1){

18
kdc/digest-service.c
View File

@@ -63,7 +63,7 @@ ntlm_service(void *ctx, const heim_idata *req,
NTLMReply ntp; NTLMReply ntp;
size_t size; size_t size;
int ret; int ret;
char *domain; const char *domain;
kdc_log(context, config, 1, "digest-request: uid=%d", kdc_log(context, config, 1, "digest-request: uid=%d",
(int)heim_ipc_cred_get_uid(cred)); (int)heim_ipc_cred_get_uid(cred));
@@ -184,13 +184,13 @@ ntlm_service(void *ctx, const heim_idata *req,
free(answer.data); free(answer.data);
{ {
EVP_MD_CTX *ctx; EVP_MD_CTX *ctxp;
ctx = EVP_MD_CTX_create(); ctxp = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md4(), NULL); EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
EVP_DigestUpdate(ctx, key->key.keyvalue.data, key->key.keyvalue.length); EVP_DigestUpdate(ctxp, key->key.keyvalue.data, key->key.keyvalue.length);
EVP_DigestFinal_ex(ctx, sessionkey, NULL); EVP_DigestFinal_ex(ctxp, sessionkey, NULL);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctxp);
} }
} }
@@ -218,8 +218,8 @@ static int help_flag;
static int version_flag; static int version_flag;
static struct getargs args[] = { static struct getargs args[] = {
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag } { "version", 'v', arg_flag, &version_flag, NULL, NULL }
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);

80
kdc/digest.c
View File

@@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context,
/* check the server principal in the ticket matches digest/R@R */ /* check the server principal in the ticket matches digest/R@R */
{ {
krb5_principal principal = NULL; krb5_principal principal = NULL;
const char *p, *r; const char *p, *rr;
ret = krb5_ticket_get_server(context, ticket, &principal); ret = krb5_ticket_get_server(context, ticket, &principal);
if (ret) if (ret)
@@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context,
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
goto out; goto out;
} }
r = krb5_principal_get_realm(context, principal); rr = krb5_principal_get_realm(context, principal);
if (r == NULL) { if (rr == NULL) {
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
goto out; goto out;
} }
if (strcmp(p, r) != 0) { if (strcmp(p, rr) != 0) {
krb5_free_principal(context, principal); krb5_free_principal(context, principal);
goto out; goto out;
} }
@@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context,
EVP_MD_CTX *ctx; EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH]; unsigned char md[MD5_DIGEST_LENGTH];
char *mdx; char *mdx;
char id; char idx;
if ((config->digests_allowed & CHAP_MD5) == 0) { if ((config->digests_allowed & CHAP_MD5) == 0) {
kdc_log(context, config, 0, "Digest CHAP MD5 not allowed"); kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
@@ -630,7 +630,7 @@ _kdc_do_digest(krb5_context context,
goto out; goto out;
} }
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) { if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) {
ret = EINVAL; ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier"); krb5_set_error_message(context, ret, "failed to decode identifier");
goto out; goto out;
@@ -645,7 +645,7 @@ _kdc_do_digest(krb5_context context,
ctx = EVP_MD_CTX_create(); ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md5(), NULL); EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
EVP_DigestUpdate(ctx, &id, 1); EVP_DigestUpdate(ctx, &idx, 1);
EVP_DigestUpdate(ctx, password, strlen(password)); EVP_DigestUpdate(ctx, password, strlen(password));
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
EVP_DigestFinal_ex(ctx, md, NULL); EVP_DigestFinal_ex(ctx, md, NULL);
@@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context,
const char *username; const char *username;
struct ntlm_buf answer; struct ntlm_buf answer;
Key *key = NULL; Key *key = NULL;
EVP_MD_CTX *ctx; EVP_MD_CTX *ctp;
if ((config->digests_allowed & MS_CHAP_V2) == 0) { if ((config->digests_allowed & MS_CHAP_V2) == 0) {
kdc_log(context, config, 0, "MS-CHAP-V2 not allowed"); kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -831,10 +831,10 @@ _kdc_do_digest(krb5_context context,
else else
username++; username++;
ctx = EVP_MD_CTX_create(); ctp = EVP_MD_CTX_create();
/* ChallangeHash */ /* ChallangeHash */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); EVP_DigestInit_ex(ctp, EVP_sha1(), NULL);
{ {
ssize_t ssize; ssize_t ssize;
krb5_data clientNonce; krb5_data clientNonce;
@@ -845,7 +845,7 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
"malloc: out of memory"); "malloc: out of memory");
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctp);
goto out; goto out;
} }
@@ -855,18 +855,18 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
"Failed to decode clientNonce"); "Failed to decode clientNonce");
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctp);
goto out; goto out;
} }
EVP_DigestUpdate(ctx, clientNonce.data, ssize); EVP_DigestUpdate(ctp, clientNonce.data, ssize);
free(clientNonce.data); free(clientNonce.data);
} }
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length); EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length);
EVP_DigestUpdate(ctx, username, strlen(username)); EVP_DigestUpdate(ctp, username, strlen(username));
EVP_DigestFinal_ex(ctx, challange, NULL); EVP_DigestFinal_ex(ctp, challange, NULL);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctp);
/* NtPasswordHash */ /* NtPasswordHash */
ret = krb5_parse_name(context, username, &clientprincipal); ret = krb5_parse_name(context, username, &clientprincipal);
@@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.success) { if (r.u.response.success) {
unsigned char hashhash[MD4_DIGEST_LENGTH]; unsigned char hashhash[MD4_DIGEST_LENGTH];
EVP_MD_CTX *ctx; EVP_MD_CTX *ctxp;
ctx = EVP_MD_CTX_create(); ctxp = EVP_MD_CTX_create();
/* hashhash */ /* hashhash */
{ {
EVP_DigestInit_ex(ctx, EVP_md4(), NULL); EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
EVP_DigestUpdate(ctx, EVP_DigestUpdate(ctxp,
key->key.keyvalue.data, key->key.keyvalue.data,
key->key.keyvalue.length); key->key.keyvalue.length);
EVP_DigestFinal_ex(ctx, hashhash, NULL); EVP_DigestFinal_ex(ctxp, hashhash, NULL);
} }
/* GenerateAuthenticatorResponse */ /* GenerateAuthenticatorResponse */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash)); EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash));
EVP_DigestUpdate(ctx, answer.data, answer.length); EVP_DigestUpdate(ctxp, answer.data, answer.length);
EVP_DigestUpdate(ctx, ms_chap_v2_magic1, EVP_DigestUpdate(ctxp, ms_chap_v2_magic1,
sizeof(ms_chap_v2_magic1)); sizeof(ms_chap_v2_magic1));
EVP_DigestFinal_ex(ctx, md, NULL); EVP_DigestFinal_ex(ctxp, md, NULL);
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, md, sizeof(md)); EVP_DigestUpdate(ctxp, md, sizeof(md));
EVP_DigestUpdate(ctx, challange, 8); EVP_DigestUpdate(ctxp, challange, 8);
EVP_DigestUpdate(ctx, ms_chap_v2_magic2, EVP_DigestUpdate(ctxp, ms_chap_v2_magic2,
sizeof(ms_chap_v2_magic2)); sizeof(ms_chap_v2_magic2));
EVP_DigestFinal_ex(ctx, md, NULL); EVP_DigestFinal_ex(ctxp, md, NULL);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp)); r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) { if (r.u.response.rsp == NULL) {
free(answer.data); free(answer.data);
krb5_clear_error_message(context); krb5_clear_error_message(context);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
@@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.rsp == NULL) { if (r.u.response.rsp == NULL) {
free(answer.data); free(answer.data);
krb5_clear_error_message(context); krb5_clear_error_message(context);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM; ret = ENOMEM;
goto out; goto out;
} }
/* get_master, rfc 3079 3.4 */ /* get_master, rfc 3079 3.4 */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL); EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, hashhash, 16); EVP_DigestUpdate(ctxp, hashhash, 16);
EVP_DigestUpdate(ctx, answer.data, answer.length); EVP_DigestUpdate(ctxp, answer.data, answer.length);
EVP_DigestUpdate(ctx, ms_rfc3079_magic1, EVP_DigestUpdate(ctxp, ms_rfc3079_magic1,
sizeof(ms_rfc3079_magic1)); sizeof(ms_rfc3079_magic1));
EVP_DigestFinal_ex(ctx, md, NULL); EVP_DigestFinal_ex(ctxp, md, NULL);
free(answer.data); free(answer.data);
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctxp);
r.u.response.session_key = r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key)); calloc(1, sizeof(*r.u.response.session_key));

16
kdc/hprop.c
View File

@@ -133,13 +133,13 @@ struct getargs args[] = {
{ "keytab", 'k', arg_string, rk_UNCONST(&ktname), { "keytab", 'k', arg_string, rk_UNCONST(&ktname),
"keytab to use for authentication", "keytab" }, "keytab to use for authentication", "keytab" },
{ "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" }, { "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use", NULL },
{ "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" }, { "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys", NULL },
{ "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" }, { "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys", NULL },
{ "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" }, { "stdout", 'n', arg_flag, &to_stdout, "dump to stdout", NULL },
{ "verbose", 'v', arg_flag, &verbose_flag }, { "verbose", 'v', arg_flag, &verbose_flag, NULL, NULL },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 'h', arg_flag, &help_flag } { "help", 'h', arg_flag, &help_flag, NULL, NULL }
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);
@@ -213,7 +213,7 @@ struct {
static int static int
parse_source_type(const char *s) parse_source_type(const char *s)
{ {
int i; size_t i;
for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) { for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
if(strstr(types[i].name, s) == types[i].name) if(strstr(types[i].name, s) == types[i].name)
return types[i].type; return types[i].type;

13
kdc/hpropd.c
View File

@@ -44,19 +44,20 @@ static char *ktname = NULL;
struct getargs args[] = { struct getargs args[] = {
{ "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" }, { "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" },
{ "stdin", 'n', arg_flag, &from_stdin, "read from stdin" }, { "stdin", 'n', arg_flag, &from_stdin, "read from stdin", NULL },
{ "print", 0, arg_flag, &print_dump, "print dump to stdout" }, { "print", 0, arg_flag, &print_dump, "print dump to stdout", NULL },
#ifdef SUPPORT_INETD #ifdef SUPPORT_INETD
{ "inetd", 'i', arg_negative_flag, &inetd_flag, { "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" }, "Not started from inetd", NULL },
#endif #endif
{ "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" }, { "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
{ "realm", 'r', arg_string, &local_realm, "realm to use" }, { "realm", 'r', arg_string, &local_realm, "realm to use", NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL} { "help", 'h', arg_flag, &help_flag, NULL, NULL}
}; };
static int num_args = sizeof(args) / sizeof(args[0]); static int num_args = sizeof(args) / sizeof(args[0]);
static char unparseable_name[] = "unparseable name";
static void static void
usage(int ret) usage(int ret)
@@ -194,7 +195,7 @@ main(int argc, char **argv)
char *s; char *s;
ret = krb5_unparse_name(context, c2, &s); ret = krb5_unparse_name(context, c2, &s);
if (ret) if (ret)
s = "unparseable name"; s = unparseable_name;
krb5_errx(context, 1, "Unauthorized connection from %s", s); krb5_errx(context, 1, "Unauthorized connection from %s", s);
} }
krb5_free_principal(context, c1); krb5_free_principal(context, c1);
@@ -260,7 +261,7 @@ main(int argc, char **argv)
char *s; char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s); ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret) if (ret)
s = strdup("unparseable name"); s = strdup(unparseable_name);
krb5_warnx(context, "Entry exists: %s", s); krb5_warnx(context, "Entry exists: %s", s);
free(s); free(s);
} else if(ret) } else if(ret)

22
kdc/kerberos5.c
View File

@@ -74,9 +74,9 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
if (req->padata == NULL) if (req->padata == NULL)
return NULL; return NULL;
while(*start < req->padata->len){ while((size_t)*start < req->padata->len){
(*start)++; (*start)++;
if(req->padata->val[*start - 1].padata_type == type) if(req->padata->val[*start - 1].padata_type == (unsigned)type)
return &req->padata->val[*start - 1]; return &req->padata->val[*start - 1];
} }
return NULL; return NULL;
@@ -127,7 +127,7 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len, krb5_enctype *etypes, unsigned len,
Key **ret_key) Key **ret_key)
{ {
int i; size_t i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP; krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
krb5_salt def_salt; krb5_salt def_salt;
@@ -211,7 +211,7 @@ log_patypes(krb5_context context,
{ {
struct rk_strpool *p = NULL; struct rk_strpool *p = NULL;
char *str; char *str;
int i; size_t i;
for (i = 0; i < padata->len; i++) { for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) { switch(padata->val[i].padata_type) {
@@ -614,7 +614,7 @@ log_as_req(krb5_context context,
krb5_error_code ret; krb5_error_code ret;
struct rk_strpool *p; struct rk_strpool *p;
char *str; char *str;
int i; size_t i;
p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: "); p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
@@ -809,7 +809,7 @@ _kdc_check_addresses(krb5_context context,
krb5_address addr; krb5_address addr;
krb5_boolean result; krb5_boolean result;
krb5_boolean only_netbios = TRUE; krb5_boolean only_netbios = TRUE;
int i; size_t i;
if(config->check_ticket_addresses == 0) if(config->check_ticket_addresses == 0)
return TRUE; return TRUE;
@@ -1035,7 +1035,7 @@ _kdc_as_rep(krb5_context context,
{ {
const krb5_enctype *p; const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL; krb5_enctype clientbest = ETYPE_NULL;
int i, j; size_t i, j;
p = krb5_kerberos_enctypes(context); p = krb5_kerberos_enctypes(context);
@@ -1663,7 +1663,7 @@ _kdc_as_rep(krb5_context context,
PA_ClientCanonicalized canon; PA_ClientCanonicalized canon;
krb5_data data; krb5_data data;
PA_DATA pa; PA_DATA pa;
krb5_crypto crypto; krb5_crypto cryptox;
size_t len; size_t len;
memset(&canon, 0, sizeof(canon)); memset(&canon, 0, sizeof(canon));
@@ -1679,18 +1679,18 @@ _kdc_as_rep(krb5_context context,
krb5_abortx(context, "internal asn.1 error"); krb5_abortx(context, "internal asn.1 error");
/* sign using "returned session key" */ /* sign using "returned session key" */
ret = krb5_crypto_init(context, &et.key, 0, &crypto); ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
if (ret) { if (ret) {
free(data.data); free(data.data);
goto out; goto out;
} }
ret = krb5_create_checksum(context, crypto, ret = krb5_create_checksum(context, cryptox,
KRB5_KU_CANONICALIZED_NAMES, 0, KRB5_KU_CANONICALIZED_NAMES, 0,
data.data, data.length, data.data, data.length,
&canon.canon_checksum); &canon.canon_checksum);
free(data.data); free(data.data);
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, cryptox);
if (ret) if (ret)
goto out; goto out;

15
kdc/krb5tgs.c
View File

@@ -508,7 +508,7 @@ check_constrained_delegation(krb5_context context,
{ {
const HDB_Ext_Constrained_delegation_acl *acl; const HDB_Ext_Constrained_delegation_acl *acl;
krb5_error_code ret; krb5_error_code ret;
int i; size_t i;
/* if client delegates to itself, that ok */ /* if client delegates to itself, that ok */
if (krb5_principal_compare(context, client->entry.principal, server) == TRUE) if (krb5_principal_compare(context, client->entry.principal, server) == TRUE)
@@ -606,7 +606,7 @@ fix_transited_encoding(krb5_context context,
krb5_error_code ret = 0; krb5_error_code ret = 0;
char **realms, **tmp; char **realms, **tmp;
unsigned int num_realms; unsigned int num_realms;
int i; size_t i;
switch (tr->tr_type) { switch (tr->tr_type) {
case DOMAIN_X500_COMPRESS: case DOMAIN_X500_COMPRESS:
@@ -1131,6 +1131,7 @@ tgs_parse_request(krb5_context context,
krb5_keyblock **replykey, krb5_keyblock **replykey,
int *rk_is_subkey) int *rk_is_subkey)
{ {
static char failed[] = "<unparse_name failed>";
krb5_ap_req ap_req; krb5_ap_req ap_req;
krb5_error_code ret; krb5_error_code ret;
krb5_principal princ; krb5_principal princ;
@@ -1174,7 +1175,7 @@ tgs_parse_request(krb5_context context,
char *p; char *p;
ret = krb5_unparse_name(context, princ, &p); ret = krb5_unparse_name(context, princ, &p);
if (ret != 0) if (ret != 0)
p = "<unparse_name failed>"; p = failed;
krb5_free_principal(context, princ); krb5_free_principal(context, princ);
kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p); kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
if (ret == 0) if (ret == 0)
@@ -1186,7 +1187,7 @@ tgs_parse_request(krb5_context context,
char *p; char *p;
ret = krb5_unparse_name(context, princ, &p); ret = krb5_unparse_name(context, princ, &p);
if (ret != 0) if (ret != 0)
p = "<unparse_name failed>"; p = failed;
krb5_free_principal(context, princ); krb5_free_principal(context, princ);
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Ticket-granting ticket not found in database: %s", msg); "Ticket-granting ticket not found in database: %s", msg);
@@ -1198,13 +1199,13 @@ tgs_parse_request(krb5_context context,
} }
if(ap_req.ticket.enc_part.kvno && if(ap_req.ticket.enc_part.kvno &&
*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){ (size_t)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
char *p; char *p;
ret = krb5_unparse_name (context, princ, &p); ret = krb5_unparse_name (context, princ, &p);
krb5_free_principal(context, princ); krb5_free_principal(context, princ);
if (ret != 0) if (ret != 0)
p = "<unparse_name failed>"; p = failed;
kdc_log(context, config, 0, kdc_log(context, config, 0,
"Ticket kvno = %d, DB kvno = %d (%s)", "Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno, *ap_req.ticket.enc_part.kvno,
@@ -1646,7 +1647,7 @@ server_lookup:
krb5_enctype etype; krb5_enctype etype;
if(b->kdc_options.enc_tkt_in_skey) { if(b->kdc_options.enc_tkt_in_skey) {
int i; size_t i;
ekey = &adtkt.key; ekey = &adtkt.key;
for(i = 0; i < b->etype.len; i++) for(i = 0; i < b->etype.len; i++)
if (b->etype.val[i] == adtkt.key.keytype) if (b->etype.val[i] == adtkt.key.keytype)

12
kdc/kstash.c
View File

@@ -46,15 +46,17 @@ static int random_key_flag;
static const char *enctype_str = "des3-cbc-sha1"; static const char *enctype_str = "des3-cbc-sha1";
static struct getargs args[] = { static struct getargs args[] = {
{ "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type" }, { "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type",
NULL },
{ "key-file", 'k', arg_string, &keyfile, "master key file", "file" }, { "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
{ "convert-file", 0, arg_flag, &convert_flag, { "convert-file", 0, arg_flag, &convert_flag,
"just convert keyfile to new format" }, "just convert keyfile to new format", NULL },
{ "master-key-fd", 0, arg_integer, &master_key_fd, { "master-key-fd", 0, arg_integer, &master_key_fd,
"filedescriptor to read passphrase from", "fd" }, "filedescriptor to read passphrase from", "fd" },
{ "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" }, { "random-key", 0, arg_flag, &random_key_flag,
{ "help", 'h', arg_flag, &help_flag }, "generate a random master key", NULL },
{ "version", 0, arg_flag, &version_flag } { "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL }
}; };
int num_args = sizeof(args) / sizeof(args[0]); int num_args = sizeof(args) / sizeof(args[0]);

10
kdc/log.c
View File

@@ -50,10 +50,12 @@ kdc_openlog(krb5_context context,
krb5_addlog_dest(context, config->logf, *p); krb5_addlog_dest(context, config->logf, *p);
krb5_config_free_strings(s); krb5_config_free_strings(s);
}else { }else {
char *s; char *ss;
asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE); if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context),
krb5_addlog_dest(context, config->logf, s); KDC_LOG_FILE) < 0)
free(s); err(1, NULL);
krb5_addlog_dest(context, config->logf, ss);
free(ss);
} }
krb5_set_warn_dest(context, config->logf); krb5_set_warn_dest(context, config->logf);
} }

4
kdc/mit_dump.c
View File

@@ -77,7 +77,7 @@ unless no extra data
static int static int
hex_to_octet_string(const char *ptr, krb5_data *data) hex_to_octet_string(const char *ptr, krb5_data *data)
{ {
int i; size_t i;
unsigned int v; unsigned int v;
for(i = 0; i < data->length; i++) { for(i = 0; i < data->length; i++) {
if(sscanf(ptr + 2 * i, "%02x", &v) != 1) if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
@@ -165,7 +165,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num)
case KRB5_KDB_SALTTYPE_NOREALM: case KRB5_KDB_SALTTYPE_NOREALM:
{ {
size_t len; size_t len;
int i; size_t i;
char *p; char *p;
len = 0; len = 0;

17
kdc/pkinit.c
View File

@@ -237,7 +237,7 @@ generate_dh_keyblock(krb5_context context,
} }
dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key); dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
if (dh_gen_keylen == -1) { if (dh_gen_keylen == (size_t)-1) {
ret = KRB5KRB_ERR_GENERIC; ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret, krb5_set_error_message(context, ret,
"Can't compute Diffie-Hellman key"); "Can't compute Diffie-Hellman key");
@@ -1247,7 +1247,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_enctype enctype; krb5_enctype enctype;
int pa_type; int pa_type;
hx509_cert kdc_cert = NULL; hx509_cert kdc_cert = NULL;
int i; size_t i;
if (!config->enable_pkinit) { if (!config->enable_pkinit) {
krb5_clear_error_message(context); krb5_clear_error_message(context);
@@ -1575,7 +1575,8 @@ match_rfc_san(krb5_context context,
krb5_const_principal match) krb5_const_principal match)
{ {
hx509_octet_string_list list; hx509_octet_string_list list;
int ret, i, found = 0; int ret, found = 0;
size_t i;
memset(&list, 0 , sizeof(list)); memset(&list, 0 , sizeof(list));
@@ -1709,7 +1710,7 @@ _kdc_pk_check_client(krb5_context context,
const HDB_Ext_PKINIT_cert *pc; const HDB_Ext_PKINIT_cert *pc;
krb5_error_code ret; krb5_error_code ret;
hx509_name name; hx509_name name;
int i; size_t i;
if (cp->cert == NULL) { if (cp->cert == NULL) {
@@ -1737,12 +1738,12 @@ _kdc_pk_check_client(krb5_context context,
ret = hdb_entry_get_pkinit_cert(&client->entry, &pc); ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
if (ret == 0 && pc) { if (ret == 0 && pc) {
hx509_cert cert; hx509_cert cert;
unsigned int i; size_t j;
for (i = 0; i < pc->len; i++) { for (j = 0; j < pc->len; j++) {
ret = hx509_cert_init_data(context->hx509ctx, ret = hx509_cert_init_data(context->hx509ctx,
pc->val[i].cert.data, pc->val[j].cert.data,
pc->val[i].cert.length, pc->val[j].cert.length,
&cert); &cert);
if (ret) if (ret)
continue; continue;

16
kdc/string2key.c
View File

@@ -45,15 +45,17 @@ int version;
int help; int help;
struct getargs args[] = { struct getargs args[] = {
{ "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key" }, { "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key",
{ "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key" }, NULL },
{ "afs", 'a', arg_flag, &afs, "Output AFS string-to-key" }, { "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key",
NULL },
{ "afs", 'a', arg_flag, &afs, "Output AFS string-to-key", NULL },
{ "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" }, { "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" },
{ "password", 'w', arg_string, &password, "Password to use", "password" }, { "password", 'w', arg_string, &password, "Password to use", "password" },
{ "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" }, { "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" },
{ "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype" }, { "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype", NULL },
{ "version", 0, arg_flag, &version, "print version" }, { "version", 0, arg_flag, &version, "print version", NULL },
{ "help", 0, arg_flag, &help, NULL } { "help", 0, arg_flag, &help, NULL, NULL }
}; };
int num_args = sizeof(args) / sizeof(args[0]); int num_args = sizeof(args) / sizeof(args[0]);
@@ -73,7 +75,7 @@ tokey(krb5_context context,
const char *label) const char *label)
{ {
krb5_error_code ret; krb5_error_code ret;
int i; size_t i;
krb5_keyblock key; krb5_keyblock key;
char *e; char *e;

9
kpasswd/kpasswd.c
View File

@@ -40,10 +40,11 @@ static char *admin_principal_str;
static char *cred_cache_str; static char *cred_cache_str;
static struct getargs args[] = { static struct getargs args[] = {
{ "admin-principal", 0, arg_string, &admin_principal_str }, { "admin-principal", 0, arg_string, &admin_principal_str, NULL,
{ "cache", 'c', arg_string, &cred_cache_str }, NULL },
{ "version", 0, arg_flag, &version_flag }, { "cache", 'c', arg_string, &cred_cache_str, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
static void static void

29
kpasswd/kpasswdd.c
View File

@@ -680,11 +680,11 @@ doit (krb5_keytab keytab, int port)
krb5_errx (context, 1, "No sockets!"); krb5_errx (context, 1, "No sockets!");
while(exit_flag == 0) { while(exit_flag == 0) {
int ret; krb5_ssize_t retx;
fd_set fdset = real_fdset; fd_set fdset = real_fdset;
ret = select (maxfd + 1, &fdset, NULL, NULL, NULL); retx = select (maxfd + 1, &fdset, NULL, NULL, NULL);
if (ret < 0) { if (retx < 0) {
if (errno == EINTR) if (errno == EINTR)
continue; continue;
else else
@@ -695,9 +695,9 @@ doit (krb5_keytab keytab, int port)
u_char buf[BUFSIZ]; u_char buf[BUFSIZ];
socklen_t addrlen = sizeof(__ss); socklen_t addrlen = sizeof(__ss);
ret = recvfrom (sockets[i], buf, sizeof(buf), 0, retx = recvfrom(sockets[i], buf, sizeof(buf), 0,
sa, &addrlen); sa, &addrlen);
if (ret < 0) { if (retx < 0) {
if(errno == EINTR) if(errno == EINTR)
break; break;
else else
@@ -707,7 +707,7 @@ doit (krb5_keytab keytab, int port)
process (realms, keytab, sockets[i], process (realms, keytab, sockets[i],
&addrs.val[i], &addrs.val[i],
sa, addrlen, sa, addrlen,
buf, ret); buf, retx);
} }
} }
@@ -730,7 +730,8 @@ sigterm(int sig)
static const char *check_library = NULL; static const char *check_library = NULL;
static const char *check_function = NULL; static const char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL }; static getarg_strings policy_libraries = { 0, NULL };
static char *keytab_str = "HDB:"; static char sHDB[] = "HDB:";
static char *keytab_str = sHDB;
static char *realm_str; static char *realm_str;
static int version_flag; static int version_flag;
static int help_flag; static int help_flag;
@@ -750,11 +751,11 @@ struct getargs args[] = {
"addresses to listen on", "list of addresses" }, "addresses to listen on", "list of addresses" },
{ "keytab", 'k', arg_string, &keytab_str, { "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication key from", "kspec" }, "keytab to get authentication key from", "kspec" },
{ "config-file", 'c', arg_string, &config_file }, { "config-file", 'c', arg_string, &config_file, NULL, NULL },
{ "realm", 'r', arg_string, &realm_str, "default realm", "realm" }, { "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
{ "port", 'p', arg_string, &port_str, "port" }, { "port", 'p', arg_string, &port_str, "port", NULL },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
int num_args = sizeof(args) / sizeof(args[0]); int num_args = sizeof(args) / sizeof(args[0]);
@@ -836,10 +837,10 @@ main (int argc, char **argv)
explicit_addresses.len = 0; explicit_addresses.len = 0;
if (addresses_str.num_strings) { if (addresses_str.num_strings) {
int i; int j;
for (i = 0; i < addresses_str.num_strings; ++i) for (j = 0; j < addresses_str.num_strings; ++j)
add_one_address (addresses_str.strings[i], i == 0); add_one_address (addresses_str.strings[j], j == 0);
free_getarg_strings (&addresses_str); free_getarg_strings (&addresses_str);
} else { } else {
char **foo = krb5_config_get_strings (context, NULL, char **foo = krb5_config_get_strings (context, NULL,

2
kuser/copy_cred_cache.c
View File

@@ -60,7 +60,7 @@ parse_ticket_flags(krb5_context context,
memset(&ff, 0, sizeof(ff)); memset(&ff, 0, sizeof(ff));
ff.proxy = 1; ff.proxy = 1;
if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff)) if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff))
ret_flags->i = flags; ret_flags->i = flags;
else else
ret_flags->i = bitswap32(flags); ret_flags->i = bitswap32(flags);

4
kuser/kcc.c
View File

@@ -40,8 +40,8 @@ static int version_flag;
static int help_flag; static int help_flag;
static struct getargs args[] = { static struct getargs args[] = {
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
static void static void

2
kuser/kdestroy.c
View File

@@ -47,7 +47,7 @@ struct getargs args[] = {
{ "credential", 0, arg_string, rk_UNCONST(&credential), { "credential", 0, arg_string, rk_UNCONST(&credential),
"remove one credential", "principal" }, "remove one credential", "principal" },
{ "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" }, { "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" },
{ "all", 'A', arg_flag, &all_flag, "destroy all caches" }, { "all", 'A', arg_flag, &all_flag, "destroy all caches", NULL },
#ifndef NO_AFS #ifndef NO_AFS
{ "unlog", 0, arg_negative_flag, &unlog_flag, { "unlog", 0, arg_negative_flag, &unlog_flag,
"do not destroy tokens", NULL }, "do not destroy tokens", NULL },

3
kuser/kdigest.c
View File

@@ -436,6 +436,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
krb5_data challenge, opaque; krb5_data challenge, opaque;
struct ntlm_buf data; struct ntlm_buf data;
char *s; char *s;
static char zero2[] = "\x00\x00";
memset(&type2, 0, sizeof(type2)); memset(&type2, 0, sizeof(type2));
@@ -471,7 +472,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags"); krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags");
krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname); krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname);
type2.targetinfo.data = "\x00\x00"; type2.targetinfo.data = zero2;
type2.targetinfo.length = 2; type2.targetinfo.length = 2;
ret = heim_ntlm_encode_type2(&type2, &data); ret = heim_ntlm_encode_type2(&type2, &data);

12
kuser/kgetcred.c
View File

@@ -53,17 +53,17 @@ struct getargs args[] = {
{ "delegation-credential-cache",0,arg_string, &delegation_cred_str, { "delegation-credential-cache",0,arg_string, &delegation_cred_str,
NP_("where to find the ticket use for delegation", ""), "cache"}, NP_("where to find the ticket use for delegation", ""), "cache"},
{ "canonicalize", 0, arg_flag, &canonicalize_flag, { "canonicalize", 0, arg_flag, &canonicalize_flag,
NP_("canonicalize the principal", "") }, NP_("canonicalize the principal", ""), NULL },
{ "forwardable", 0, arg_flag, &forwardable_flag, { "forwardable", 0, arg_flag, &forwardable_flag,
NP_("forwardable ticket requested", "")}, NP_("forwardable ticket requested", ""), NULL},
{ "transit-check", 0, arg_negative_flag, &transit_flag }, { "transit-check", 0, arg_negative_flag, &transit_flag, NULL, NULL },
{ "enctype", 'e', arg_string, &etype_str, { "enctype", 'e', arg_string, &etype_str,
NP_("encryption type to use", ""), "enctype"}, NP_("encryption type to use", ""), "enctype"},
{ "impersonate", 0, arg_string, &impersonate_str, { "impersonate", 0, arg_string, &impersonate_str,
NP_("client to impersonate", ""), "principal"}, NP_("client to impersonate", ""), "principal"},
{ "name-type", 0, arg_string, &nametype_str }, { "name-type", 0, arg_string, &nametype_str, NULL, NULL },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
static void static void

34
kuser/kimpersonate.c
View File

@@ -44,7 +44,7 @@ static char *ccache_str = NULL;
static char *ticket_flags_str = NULL; static char *ticket_flags_str = NULL;
static TicketFlags ticket_flags; static TicketFlags ticket_flags;
static char *keytab_file = NULL; static char *keytab_file = NULL;
static char *enc_type = "des-cbc-md5"; static const char *enc_type = "des-cbc-md5";
static int expiration_time = 3600; static int expiration_time = 3600;
static struct getarg_strings client_addresses; static struct getarg_strings client_addresses;
static int version_flag = 0; static int version_flag = 0;
@@ -268,21 +268,21 @@ struct getargs args[] = {
{ "ccache", 0, arg_string, &ccache_str, { "ccache", 0, arg_string, &ccache_str,
"name of kerberos 5 credential cache", "cache-name"}, "name of kerberos 5 credential cache", "cache-name"},
{ "server", 's', arg_string, &server_principal_str, { "server", 's', arg_string, &server_principal_str,
"name of server principal" }, "name of server principal", NULL },
{ "client", 'c', arg_string, &client_principal_str, { "client", 'c', arg_string, &client_principal_str,
"name of client principal" }, "name of client principal", NULL },
{ "keytab", 'k', arg_string, &keytab_file, { "keytab", 'k', arg_string, &keytab_file,
"name of keytab file" }, "name of keytab file", NULL },
{ "krb5", '5', arg_flag, &use_krb5, { "krb5", '5', arg_flag, &use_krb5,
"create a kerberos 5 ticket"}, "create a kerberos 5 ticket", NULL },
{ "expire-time", 'e', arg_integer, &expiration_time, { "expire-time", 'e', arg_integer, &expiration_time,
"lifetime of ticket in seconds" }, "lifetime of ticket in seconds", NULL },
{ "client-addresses", 'a', arg_strings, &client_addresses, { "client-addresses", 'a', arg_strings, &client_addresses,
"addresses of client" }, "addresses of client", NULL },
{ "enc-type", 't', arg_string, &enc_type, { "enc-type", 't', arg_string, &enc_type,
"encryption type" }, "encryption type", NULL },
{ "ticket-flags", 'f', arg_string, &ticket_flags_str, { "ticket-flags", 'f', arg_string, &ticket_flags_str,
"ticket flags for krb5 ticket" }, "ticket flags for krb5 ticket", NULL },
{ "version", 0, arg_flag, &version_flag, "Print version", { "version", 0, arg_flag, &version_flag, "Print version",
NULL }, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, { "help", 0, arg_flag, &help_flag, NULL,
@@ -302,7 +302,7 @@ usage (int ret)
int int
main (int argc, char **argv) main (int argc, char **argv)
{ {
int optind = 0; int optidx = 0;
krb5_error_code ret; krb5_error_code ret;
krb5_context context; krb5_context context;
krb5_keytab kt; krb5_keytab kt;
@@ -313,23 +313,23 @@ main (int argc, char **argv)
if (ret) if (ret)
errx(1, "krb5_init_context failed: %u", ret); errx(1, "krb5_init_context failed: %u", ret);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
&optind)) usage(1);
usage (1);
if (help_flag) if (help_flag)
usage (0); usage(0);
if (version_flag) { if (version_flag) {
print_version(NULL); print_version(NULL);
return 0; return 0;
} }
setup_env (context, &kt); setup_env(context, &kt);
if (use_krb5) if (use_krb5)
create_krb5_tickets (context, kt); create_krb5_tickets(context, kt);
krb5_kt_close(context, kt);
krb5_kt_close (context, kt);
return 0; return 0;
} }

50
kuser/kinit.c
View File

@@ -96,31 +96,31 @@ static struct getargs args[] = {
* 9: * 9:
*/ */
{ "afslog", 0 , arg_flag, &do_afslog, { "afslog", 0 , arg_flag, &do_afslog,
NP_("obtain afs tokens", "") }, NP_("obtain afs tokens", ""), NULL },
{ "cache", 'c', arg_string, &cred_cache, { "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" }, NP_("credentials cache", ""), "cachename" },
{ "forwardable", 0, arg_negative_flag, &forwardable_flag, { "forwardable", 0, arg_negative_flag, &forwardable_flag,
NP_("get tickets not forwardable", "")}, NP_("get tickets not forwardable", ""), NULL },
{ NULL, 'f', arg_flag, &forwardable_flag, { NULL, 'f', arg_flag, &forwardable_flag,
NP_("get forwardable tickets", "")}, NP_("get forwardable tickets", ""), NULL },
{ "keytab", 't', arg_string, &keytab_str, { "keytab", 't', arg_string, &keytab_str,
NP_("keytab to use", ""), "keytabname" }, NP_("keytab to use", ""), "keytabname" },
{ "lifetime", 'l', arg_string, &lifetime, { "lifetime", 'l', arg_string, &lifetime,
NP_("lifetime of tickets", ""), "time"}, NP_("lifetime of tickets", ""), "time" },
{ "proxiable", 'p', arg_flag, &proxiable_flag, { "proxiable", 'p', arg_flag, &proxiable_flag,
NP_("get proxiable tickets", "") }, NP_("get proxiable tickets", ""), NULL },
{ "renew", 'R', arg_flag, &renew_flag, { "renew", 'R', arg_flag, &renew_flag,
NP_("renew TGT", "") }, NP_("renew TGT", ""), NULL },
{ "renewable", 0, arg_flag, &renewable_flag, { "renewable", 0, arg_flag, &renewable_flag,
NP_("get renewable tickets", "") }, NP_("get renewable tickets", ""), NULL },
{ "renewable-life", 'r', arg_string, &renew_life, { "renewable-life", 'r', arg_string, &renew_life,
NP_("renewable lifetime of tickets", ""), "time" }, NP_("renewable lifetime of tickets", ""), "time" },
@@ -132,40 +132,40 @@ static struct getargs args[] = {
NP_("when ticket gets valid", ""), "time" }, NP_("when ticket gets valid", ""), "time" },
{ "use-keytab", 'k', arg_flag, &use_keytab, { "use-keytab", 'k', arg_flag, &use_keytab,
NP_("get key from keytab", "") }, NP_("get key from keytab", ""), NULL },
{ "validate", 'v', arg_flag, &validate_flag, { "validate", 'v', arg_flag, &validate_flag,
NP_("validate TGT", "") }, NP_("validate TGT", ""), NULL },
{ "enctypes", 'e', arg_strings, &etype_str, { "enctypes", 'e', arg_strings, &etype_str,
NP_("encryption types to use", ""), "enctypes" }, NP_("encryption types to use", ""), "enctypes" },
{ "fcache-version", 0, arg_integer, &fcache_version, { "fcache-version", 0, arg_integer, &fcache_version,
NP_("file cache version to create", "") }, NP_("file cache version to create", ""), NULL },
{ "addresses", 'A', arg_negative_flag, &addrs_flag, { "addresses", 'A', arg_negative_flag, &addrs_flag,
NP_("request a ticket with no addresses", "") }, NP_("request a ticket with no addresses", ""), NULL },
{ "extra-addresses",'a', arg_strings, &extra_addresses, { "extra-addresses",'a', arg_strings, &extra_addresses,
NP_("include these extra addresses", ""), "addresses" }, NP_("include these extra addresses", ""), "addresses" },
{ "anonymous", 0, arg_flag, &anonymous_flag, { "anonymous", 0, arg_flag, &anonymous_flag,
NP_("request an anonymous ticket", "") }, NP_("request an anonymous ticket", ""), NULL },
{ "request-pac", 0, arg_flag, &pac_flag, { "request-pac", 0, arg_flag, &pac_flag,
NP_("request a Windows PAC", "") }, NP_("request a Windows PAC", ""), NULL },
{ "password-file", 0, arg_string, &password_file, { "password-file", 0, arg_string, &password_file,
NP_("read the password from a file", "") }, NP_("read the password from a file", ""), NULL },
{ "canonicalize",0, arg_flag, &canonicalize_flag, { "canonicalize",0, arg_flag, &canonicalize_flag,
NP_("canonicalize client principal", "") }, NP_("canonicalize client principal", ""), NULL },
{ "enterprise",0, arg_flag, &enterprise_flag, { "enterprise",0, arg_flag, &enterprise_flag,
NP_("parse principal as a KRB5-NT-ENTERPRISE name", "") }, NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL },
#ifdef PKINIT #ifdef PKINIT
{ "pk-enterprise", 0, arg_flag, &pk_enterprise_flag, { "pk-enterprise", 0, arg_flag, &pk_enterprise_flag,
NP_("use enterprise name from certificate", "") }, NP_("use enterprise name from certificate", ""), NULL },
{ "pk-user", 'C', arg_string, &pk_user_id, { "pk-user", 'C', arg_string, &pk_user_id,
NP_("principal's public/private/certificate identifier", ""), "id" }, NP_("principal's public/private/certificate identifier", ""), "id" },
@@ -174,7 +174,7 @@ static struct getargs args[] = {
NP_("directory with CA certificates", ""), "directory" }, NP_("directory with CA certificates", ""), "directory" },
{ "pk-use-enckey", 0, arg_flag, &pk_use_enckey, { "pk-use-enckey", 0, arg_flag, &pk_use_enckey,
NP_("Use RSA encrypted reply (instead of DH)", "") }, NP_("Use RSA encrypted reply (instead of DH)", ""), NULL },
#endif #endif
#ifndef NO_NTLM #ifndef NO_NTLM
{ "ntlm-domain", 0, arg_string, &ntlm_domain, { "ntlm-domain", 0, arg_string, &ntlm_domain,
@@ -182,19 +182,19 @@ static struct getargs args[] = {
#endif #endif
{ "change-default", 0, arg_negative_flag, &switch_cache_flags, { "change-default", 0, arg_negative_flag, &switch_cache_flags,
NP_("switch the default cache to the new credentials cache", "") }, NP_("switch the default cache to the new credentials cache", ""), NULL },
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag, { "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
NP_("honor ok-as-delegate on tickets", "") }, NP_("honor ok-as-delegate on tickets", ""), NULL },
{ "use-referrals", 0, arg_flag, &use_referrals_flag, { "use-referrals", 0, arg_flag, &use_referrals_flag,
NP_("only use referrals, no dns canalisation", "") }, NP_("only use referrals, no dns canalisation", ""), NULL },
{ "windows", 0, arg_flag, &windows_flag, { "windows", 0, arg_flag, &windows_flag,
NP_("get windows behavior", "") }, NP_("get windows behavior", ""), NULL },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
static void static void
@@ -357,7 +357,7 @@ get_new_tickets(krb5_context context,
char passwd[256]; char passwd[256];
krb5_deltat start_time = 0; krb5_deltat start_time = 0;
krb5_deltat renew = 0; krb5_deltat renew = 0;
char *renewstr = NULL; const char *renewstr = NULL;
krb5_enctype *enctype = NULL; krb5_enctype *enctype = NULL;
krb5_ccache tempccache; krb5_ccache tempccache;
#ifndef NO_NTLM #ifndef NO_NTLM

2
kuser/klist.c
View File

@@ -124,7 +124,7 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
static void static void
print_cred_verbose(krb5_context context, krb5_creds *cred) print_cred_verbose(krb5_context context, krb5_creds *cred)
{ {
int j; size_t j;
char *str; char *str;
krb5_error_code ret; krb5_error_code ret;
krb5_timestamp sec; krb5_timestamp sec;

4
kuser/kswitch.c
View File

@@ -35,11 +35,11 @@
#include "kcc-commands.h" #include "kcc-commands.h"
#ifdef HAVE_READLINE #ifdef HAVE_READLINE
char *readline(char *prompt); char *readline(const char *prompt);
#else #else
static char * static char *
readline(char *prompt) readline(const char *prompt)
{ {
char buf[BUFSIZ]; char buf[BUFSIZ];
printf ("%s", prompt); printf ("%s", prompt);

2
lib/asn1/der_format.c
View File

@@ -108,7 +108,7 @@ int
der_print_heim_oid (const heim_oid *oid, char delim, char **str) der_print_heim_oid (const heim_oid *oid, char delim, char **str)
{ {
struct rk_strpool *p = NULL; struct rk_strpool *p = NULL;
int i; size_t i;
if (oid->length == 0) if (oid->length == 0)
return EINVAL; return EINVAL;

4
lib/asn1/der_get.c
View File

@@ -141,9 +141,9 @@ der_get_general_string (const unsigned char *p, size_t len,
* an strings in the NEED_PREAUTH case that includes a * an strings in the NEED_PREAUTH case that includes a
* trailing NUL. * trailing NUL.
*/ */
while (p1 - p < len && *p1 == '\0') while ((size_t)(p1 - p) < len && *p1 == '\0')
p1++; p1++;
if (p1 - p != len) if ((size_t)(p1 - p) != len)
return ASN1_BAD_CHARACTER; return ASN1_BAD_CHARACTER;
} }
if (len > len + 1) if (len > len + 1)

2
lib/asn1/der_length.c
View File

@@ -86,7 +86,7 @@ static size_t
len_oid (const heim_oid *oid) len_oid (const heim_oid *oid)
{ {
size_t ret = 1; size_t ret = 1;
int n; size_t n;
for (n = 2; n < oid->length; ++n) { for (n = 2; n < oid->length; ++n) {
unsigned u = oid->components[n]; unsigned u = oid->components[n];

28
lib/asn1/gen_decode.c
View File

@@ -209,7 +209,8 @@ range_check(const char *name,
static int static int
decode_type (const char *name, const Type *t, int optional, decode_type (const char *name, const Type *t, int optional,
const char *forwstr, const char *tmpstr, const char *dertype) const char *forwstr, const char *tmpstr, const char *dertype,
size_t depth)
{ {
switch (t->type) { switch (t->type) {
case TType: { case TType: {
@@ -328,7 +329,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&", if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL) name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc"); errx(1, "malloc");
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
depth + 1);
free (s); free (s);
} }
@@ -369,7 +371,7 @@ decode_type (const char *name, const Type *t, int optional,
"%s = calloc(1, sizeof(*%s));\n" "%s = calloc(1, sizeof(*%s));\n"
"if (%s == NULL) { e = ENOMEM; %s; }\n", "if (%s == NULL) { e = ENOMEM; %s; }\n",
s, s, s, forwstr); s, s, s, forwstr);
decode_type (s, m->type, 0, forwstr, m->gen_name, NULL); decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1);
free (s); free (s);
fprintf(codefile, "members |= (1 << %d);\n", memno); fprintf(codefile, "members |= (1 << %d);\n", memno);
@@ -442,7 +444,7 @@ decode_type (const char *name, const Type *t, int optional,
errx(1, "malloc"); errx(1, "malloc");
if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL) if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL)
errx(1, "malloc"); errx(1, "malloc");
decode_type (n, t->subtype, 0, forwstr, sname, NULL); decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1);
fprintf (codefile, fprintf (codefile,
"(%s)->len++;\n" "(%s)->len++;\n"
"len = %s_origlen - ret;\n" "len = %s_origlen - ret;\n"
@@ -480,7 +482,7 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr, tmpstr, typestring); tmpstr, tmpstr, typestring);
if(support_ber) if(support_ber)
fprintf(codefile, fprintf(codefile,
"int is_indefinite;\n"); "int is_indefinite%zu;\n", depth);
fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, " fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, "
"&%s_datalen, &l);\n", "&%s_datalen, &l);\n",
@@ -516,20 +518,20 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr); tmpstr);
if(support_ber) if(support_ber)
fprintf (codefile, fprintf (codefile,
"if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n" "if((is_indefinite%zu = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
"{ e = ASN1_BAD_FORMAT; %s; }\n" "{ e = ASN1_BAD_FORMAT; %s; }\n"
"if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }", "if (is_indefinite%zu) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
tmpstr, forwstr, forwstr); depth, tmpstr, forwstr, depth, forwstr);
else else
fprintf(codefile, fprintf(codefile,
"if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n" "if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
"len = %s_datalen;\n", tmpstr, forwstr, tmpstr); "len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL) if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL)
errx(1, "malloc"); errx(1, "malloc");
decode_type (name, t->subtype, 0, forwstr, tname, ide); decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1);
if(support_ber) if(support_ber)
fprintf(codefile, fprintf(codefile,
"if(is_indefinite){\n" "if(is_indefinite%zu){\n"
"len += 2;\n" "len += 2;\n"
"e = der_match_tag_and_length(p, len, " "e = der_match_tag_and_length(p, len, "
"(Der_class)0, &%s, UT_EndOfContent, " "(Der_class)0, &%s, UT_EndOfContent, "
@@ -538,6 +540,7 @@ decode_type (const char *name, const Type *t, int optional,
"p += l; len -= l; ret += l;\n" "p += l; len -= l; ret += l;\n"
"if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n" "if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n"
"} else \n", "} else \n",
depth,
typestring, typestring,
tmpstr, tmpstr,
forwstr, forwstr,
@@ -584,7 +587,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&", if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL) name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc"); errx(1, "malloc");
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL); decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
depth + 1);
fprintf(codefile, fprintf(codefile,
"(%s)->element = %s;\n", "(%s)->element = %s;\n",
name, m->label); name, m->label);
@@ -702,7 +706,7 @@ generate_type_decode (const Symbol *s)
fprintf (codefile, "\n"); fprintf (codefile, "\n");
fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */ fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
decode_type ("data", s->type, 0, "goto fail", "Top", NULL); decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1);
if (preserve) if (preserve)
fprintf (codefile, fprintf (codefile,
"data->_save.data = calloc(1, ret);\n" "data->_save.data = calloc(1, ret);\n"

8
lib/asn1/gen_encode.c
View File

@@ -302,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name, name); name, name);
fprintf(codefile, fprintf(codefile,
"for(i = 0; i < (%s)->len; i++) {\n", "for(i = 0; i < (int)(%s)->len; i++) {\n",
name); name);
fprintf(codefile, fprintf(codefile,
@@ -326,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
fprintf(codefile, fprintf(codefile,
"if (totallen > len) {\n" "if (totallen > len) {\n"
"for (i = 0; i < (%s)->len; i++) {\n" "for (i = 0; i < (int)(%s)->len; i++) {\n"
"free(val[i].data);\n" "free(val[i].data);\n"
"}\n" "}\n"
"free(val);\n" "free(val);\n"
@@ -339,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name); name);
fprintf (codefile, fprintf (codefile,
"for(i = (%s)->len - 1; i >= 0; --i) {\n" "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"p -= val[i].length;\n" "p -= val[i].length;\n"
"ret += val[i].length;\n" "ret += val[i].length;\n"
"memcpy(p + 1, val[i].data, val[i].length);\n" "memcpy(p + 1, val[i].data, val[i].length);\n"
@@ -355,7 +355,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
char *n = NULL; char *n = NULL;
fprintf (codefile, fprintf (codefile,
"for(i = (%s)->len - 1; i >= 0; --i) {\n" "for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"size_t %s_for_oldret = ret;\n" "size_t %s_for_oldret = ret;\n"
"ret = 0;\n", "ret = 0;\n",
name, tmpstr); name, tmpstr);

4
lib/asn1/timegm.c
View File

@@ -56,13 +56,13 @@ time_t
_der_timegm (struct tm *tm) _der_timegm (struct tm *tm)
{ {
time_t res = 0; time_t res = 0;
unsigned i; int i;
if (tm->tm_year < 0) if (tm->tm_year < 0)
return -1; return -1;
if (tm->tm_mon < 0 || tm->tm_mon > 11) if (tm->tm_mon < 0 || tm->tm_mon > 11)
return -1; return -1;
if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon]) if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
return -1; return -1;
if (tm->tm_hour < 0 || tm->tm_hour > 23) if (tm->tm_hour < 0 || tm->tm_hour > 23)
return -1; return -1;

2
lib/gssapi/gen-oid.pl
View File

@@ -110,7 +110,7 @@ while(<>) {
printf "#define $name (&$store)\n\n"; printf "#define $name (&$store)\n\n";
} else { } else {
printf "/* $name - $oid */\n"; printf "/* $name - $oid */\n";
printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, \"$data\" };\n\n"; printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, rk_UNCONST(\"$data\") };\n\n";
} }
} elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) { } elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) {
my ($type, $oid, $short, $long) = ($1, $2, $3, $4); my ($type, $oid, $short, $long) = ($1, $2, $3, $4);

2
lib/gssapi/gsstool.c
View File

@@ -132,7 +132,7 @@ supported_mechanisms(void *argptr, int argc, char **argv)
return 0; return 0;
} }
void static static void
print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set) print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set)
{ {
gss_buffer_desc name, desc; gss_buffer_desc name, desc;

4
lib/gssapi/krb5/arcfour.c
View File

@@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gss_buffer_t token_buffer, const gss_buffer_t token_buffer,
gss_qop_t * qop_state, gss_qop_t * qop_state,
krb5_keyblock *key, krb5_keyblock *key,
char *type) const char *type)
{ {
krb5_error_code ret; krb5_error_code ret;
uint32_t seq_number; uint32_t seq_number;
@@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
p = token_buffer->value; p = token_buffer->value;
omret = _gsskrb5_verify_header (&p, omret = _gsskrb5_verify_header (&p,
token_buffer->length, token_buffer->length,
(u_char *)type, type,
GSS_KRB5_MECHANISM); GSS_KRB5_MECHANISM);
if (omret) if (omret)
return omret; return omret;

5
lib/gssapi/krb5/cfx.c
View File

@@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
gss_iov_buffer_desc *header, *trailer, *padding; gss_iov_buffer_desc *header, *trailer, *padding;
size_t gsshsize, k5hsize; size_t gsshsize, k5hsize;
size_t gsstsize, k5tsize; size_t gsstsize, k5tsize;
size_t i, rrc = 0, ec = 0; size_t rrc = 0, ec = 0;
int i;
gss_cfx_wrap_token token; gss_cfx_wrap_token token;
krb5_error_code ret; krb5_error_code ret;
int32_t seq_number; int32_t seq_number;
@@ -666,7 +667,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
q += iov[i].buffer.length; q += iov[i].buffer.length;
} }
} }
assert((q - p) == len); assert((size_t)(q - p) == len);
/* unrotate first part */ /* unrotate first part */
q = p + rrc; q = p + rrc;

24
lib/gssapi/krb5/external.c
View File

@@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_SASL_MECH_NAME, GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"SASL mech name", "SASL mech name",
"GS2-KRB5", rk_UNCONST("GS2-KRB5"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_NAME, GSS_C_MA_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"Mechanism name", "Mechanism name",
"KRB5", rk_UNCONST("KRB5"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_DESCRIPTION, GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA, GSS_MO_MA,
"Mechanism description", "Mechanism description",
"Heimdal Kerberos 5 mech", rk_UNCONST("Heimdal Kerberos 5 mech"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -214,19 +214,19 @@ static gss_mo_desc krb5_mo[] = {
}, },
{ {
GSS_C_MA_AUTH_TARG, GSS_C_MA_AUTH_TARG,
GSS_MO_MA .flags = GSS_MO_MA
}, },
{ {
GSS_C_MA_AUTH_INIT_ANON, GSS_C_MA_AUTH_INIT_ANON,
GSS_MO_MA .flags = GSS_MO_MA
}, },
{ {
GSS_C_MA_DELEG_CRED, GSS_C_MA_DELEG_CRED,
GSS_MO_MA .flags = GSS_MO_MA
}, },
{ {
GSS_C_MA_INTEG_PROT, GSS_C_MA_INTEG_PROT,
GSS_MO_MA .flags = GSS_MO_MA
}, },
{ {
GSS_C_MA_CONF_PROT, GSS_C_MA_CONF_PROT,
@@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = {
static gssapi_mech_interface_desc krb5_mech = { static gssapi_mech_interface_desc krb5_mech = {
GMI_VERSION, GMI_VERSION,
"kerberos 5", "kerberos 5",
{9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }, {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
0, 0,
_gsskrb5_acquire_cred, _gsskrb5_acquire_cred,
_gsskrb5_release_cred, _gsskrb5_release_cred,
@@ -323,7 +323,13 @@ static gssapi_mech_interface_desc krb5_mech = {
NULL, NULL,
NULL, NULL,
krb5_mo, krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0]) sizeof(krb5_mo) / sizeof(krb5_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
}; };
gssapi_mech_interface gssapi_mech_interface

11
lib/gssapi/krb5/init_sec_context.c
View File

@@ -675,7 +675,8 @@ init_auth_restart
output_token->length = outbuf.length; output_token->length = outbuf.length;
} else { } else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token, ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM); (u_char *)(intptr_t)"\x01\x00",
GSS_KRB5_MECHANISM);
krb5_data_free (&outbuf); krb5_data_free (&outbuf);
if (ret) if (ret)
goto failure; goto failure;
@@ -910,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
OM_uint32 ret; OM_uint32 ret1;
if (*context_handle != GSS_C_NO_CONTEXT) { if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0; *minor_status = 0;
return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE; return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
} }
ret = _gsskrb5_create_ctx(minor_status, ret1 = _gsskrb5_create_ctx(minor_status,
context_handle, context_handle,
context, context,
input_chan_bindings, input_chan_bindings,
INITIATOR_START); INITIATOR_START);
if (ret) if (ret1)
return ret; return ret1;
} }
if (*context_handle == GSS_C_NO_CONTEXT) { if (*context_handle == GSS_C_NO_CONTEXT) {

24
lib/gssapi/krb5/prf.c
View File

@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
krb5_crypto crypto; krb5_crypto crypto;
krb5_data input, output; krb5_data input, output;
uint32_t num; uint32_t num;
OM_uint32 junk;
unsigned char *p; unsigned char *p;
krb5_keyblock *key = NULL; krb5_keyblock *key = NULL;
size_t dol;
if (ctx == NULL) { if (ctx == NULL) {
*minor_status = 0; *minor_status = 0;
return GSS_S_NO_CONTEXT; return GSS_S_NO_CONTEXT;
} }
if (desired_output_len <= 0) { if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
*minor_status = 0; *minor_status = 0;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
dol = desired_output_len;
GSSAPI_KRB5_INIT (&context); GSSAPI_KRB5_INIT (&context);
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
prf_out->value = malloc(desired_output_len); prf_out->value = malloc(dol);
if (prf_out->value == NULL) { if (prf_out->value == NULL) {
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto); krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
prf_out->length = desired_output_len; prf_out->length = dol;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
input.length = prf_in->length + 4; input.length = prf_in->length + 4;
input.data = malloc(prf_in->length + 4); input.data = malloc(prf_in->length + 4);
if (input.data == NULL) { if (input.data == NULL) {
OM_uint32 junk;
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory"); _gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG; *minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out); gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length); memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
num = 0; num = 0;
p = prf_out->value; p = prf_out->value;
while(desired_output_len > 0) { while(dol > 0) {
size_t tsize;
_gsskrb5_encode_om_uint32(num, input.data); _gsskrb5_encode_om_uint32(num, input.data);
ret = krb5_crypto_prf(context, crypto, &input, &output); ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) { if (ret) {
OM_uint32 junk;
*minor_status = ret; *minor_status = ret;
free(input.data); free(input.data);
gss_release_buffer(&junk, prf_out); gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex); HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
memcpy(p, output.data, min(desired_output_len, output.length));
tsize = min(dol, output.length);
memcpy(p, output.data, tsize);
p += output.length; p += output.length;
desired_output_len -= output.length; dol -= tsize;
krb5_data_free(&output); krb5_data_free(&output);
num++; num++;
} }

3
lib/gssapi/krb5/process_context_token.c
View File

@@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
(gsskrb5_ctx)context_handle, (gsskrb5_ctx)context_handle,
context, context,
token_buffer, &empty_buffer, token_buffer, &empty_buffer,
GSS_C_QOP_DEFAULT, "\x01\x02"); GSS_C_QOP_DEFAULT,
"\x01\x02");
if (ret == GSS_S_COMPLETE) if (ret == GSS_S_COMPLETE)
ret = _gsskrb5_delete_sec_context(minor_status, ret = _gsskrb5_delete_sec_context(minor_status,

2
lib/gssapi/krb5/sequence.c
View File

@@ -141,7 +141,7 @@ OM_uint32
_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num) _gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
{ {
OM_uint32 r; OM_uint32 r;
int i; size_t i;
if (o == NULL) if (o == NULL)
return GSS_S_COMPLETE; return GSS_S_COMPLETE;

2
lib/gssapi/krb5/unwrap.c
View File

@@ -54,7 +54,7 @@ unwrap_des
DES_key_schedule schedule; DES_key_schedule schedule;
DES_cblock deskey; DES_cblock deskey;
DES_cblock zero; DES_cblock zero;
int i; size_t i;
uint32_t seq_number; uint32_t seq_number;
size_t padlength; size_t padlength;
OM_uint32 ret; OM_uint32 ret;

8
lib/gssapi/krb5/verify_mic.c
View File

@@ -44,7 +44,7 @@ verify_mic_des
const gss_buffer_t token_buffer, const gss_buffer_t token_buffer,
gss_qop_t * qop_state, gss_qop_t * qop_state,
krb5_keyblock *key, krb5_keyblock *key,
char *type const char *type
) )
{ {
u_char *p; u_char *p;
@@ -142,7 +142,7 @@ verify_mic_des3
const gss_buffer_t token_buffer, const gss_buffer_t token_buffer,
gss_qop_t * qop_state, gss_qop_t * qop_state,
krb5_keyblock *key, krb5_keyblock *key,
char *type const char *type
) )
{ {
u_char *p; u_char *p;
@@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal
const gss_buffer_t message_buffer, const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer, const gss_buffer_t token_buffer,
gss_qop_t * qop_state, gss_qop_t * qop_state,
char * type const char * type
) )
{ {
krb5_keyblock *key; krb5_keyblock *key;
@@ -348,7 +348,7 @@ _gsskrb5_verify_mic
(gsskrb5_ctx)context_handle, (gsskrb5_ctx)context_handle,
context, context,
message_buffer, token_buffer, message_buffer, token_buffer,
qop_state, "\x01\x01"); qop_state, (void *)(intptr_t)"\x01\x01");
return ret; return ret;
} }

2
lib/gssapi/krb5/wrap.c
View File

@@ -214,7 +214,7 @@ wrap_des
EVP_CIPHER_CTX des_ctx; EVP_CIPHER_CTX des_ctx;
DES_cblock deskey; DES_cblock deskey;
DES_cblock zero; DES_cblock zero;
int i; size_t i;
int32_t seq_number; int32_t seq_number;
size_t len, total_len, padlength, datalen; size_t len, total_len, padlength, datalen;

2
lib/gssapi/mech/gss_acquire_cred.c
View File

@@ -46,7 +46,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
struct _gss_cred *cred; struct _gss_cred *cred;
struct _gss_mechanism_cred *mc; struct _gss_mechanism_cred *mc;
OM_uint32 min_time, cred_time; OM_uint32 min_time, cred_time;
int i; size_t i;
*minor_status = 0; *minor_status = 0;
if (output_cred_handle == NULL) if (output_cred_handle == NULL)

2
lib/gssapi/mech/gss_aeap.c
View File

@@ -168,7 +168,7 @@ gss_release_iov_buffer(OM_uint32 *minor_status,
int iov_count) int iov_count)
{ {
OM_uint32 junk; OM_uint32 junk;
size_t i; int i;
if (minor_status) if (minor_status)
*minor_status = 0; *minor_status = 0;

2
lib/gssapi/mech/gss_buffer_set.c
View File

@@ -100,7 +100,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_release_buffer_set(OM_uint32 * minor_status, gss_release_buffer_set(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set) gss_buffer_set_t *buffer_set)
{ {
int i; size_t i;
OM_uint32 minor; OM_uint32 minor;
*minor_status = 0; *minor_status = 0;

2
lib/gssapi/mech/gss_cred.c
View File

@@ -85,7 +85,7 @@ gss_export_cred(OM_uint32 * minor_status,
} }
ret = krb5_storage_write(sp, buffer.value, buffer.length); ret = krb5_storage_write(sp, buffer.value, buffer.length);
if (ret != buffer.length) { if (ret < 0 || (size_t)ret != buffer.length) {
gss_release_buffer(minor_status, &buffer); gss_release_buffer(minor_status, &buffer);
krb5_storage_free(sp); krb5_storage_free(sp);
*minor_status = EINVAL; *minor_status = EINVAL;

2
lib/gssapi/mech/gss_indicate_mechs.c
View File

@@ -35,7 +35,7 @@ gss_indicate_mechs(OM_uint32 *minor_status,
struct _gss_mech_switch *m; struct _gss_mech_switch *m;
OM_uint32 major_status; OM_uint32 major_status;
gss_OID_set set; gss_OID_set set;
int i; size_t i;
_gss_load_mech(); _gss_load_mech();

8
lib/gssapi/mech/gss_inquire_context.c
View File

@@ -37,7 +37,7 @@ gss_inquire_context(OM_uint32 *minor_status,
gss_OID *mech_type, gss_OID *mech_type,
OM_uint32 *ctx_flags, OM_uint32 *ctx_flags,
int *locally_initiated, int *locally_initiated,
int *open) int *xopen)
{ {
OM_uint32 major_status; OM_uint32 major_status;
struct _gss_context *ctx = (struct _gss_context *) context_handle; struct _gss_context *ctx = (struct _gss_context *) context_handle;
@@ -47,8 +47,8 @@ gss_inquire_context(OM_uint32 *minor_status,
if (locally_initiated) if (locally_initiated)
*locally_initiated = 0; *locally_initiated = 0;
if (open) if (xopen)
*open = 0; *xopen = 0;
if (lifetime_rec) if (lifetime_rec)
*lifetime_rec = 0; *lifetime_rec = 0;
@@ -68,7 +68,7 @@ gss_inquire_context(OM_uint32 *minor_status,
mech_type, mech_type,
ctx_flags, ctx_flags,
locally_initiated, locally_initiated,
open); xopen);
if (major_status != GSS_S_COMPLETE) { if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status); _gss_mg_error(m, major_status, *minor_status);

2
lib/gssapi/mech/gss_inquire_cred_by_oid.c
View File

@@ -52,7 +52,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) { HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET; gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET;
int i; size_t i;
m = mc->gmc_mech; m = mc->gmc_mech;
if (m == NULL) { if (m == NULL) {

2
lib/gssapi/mech/gss_krb5.c
View File

@@ -439,7 +439,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_buffer_desc buffer; gss_buffer_desc buffer;
krb5_storage *sp; krb5_storage *sp;
krb5_data data; krb5_data data;
int i; size_t i;
sp = krb5_storage_emem(); sp = krb5_storage_emem();
if (sp == NULL) { if (sp == NULL) {

24
lib/gssapi/mech/gss_mo.c
View File

@@ -434,28 +434,28 @@ gss_display_mech_attr(OM_uint32 * minor_status,
return GSS_S_BAD_MECH_ATTR; return GSS_S_BAD_MECH_ATTR;
if (name) { if (name) {
gss_buffer_desc n; gss_buffer_desc bd;
n.value = rk_UNCONST(ma->name); bd.value = rk_UNCONST(ma->name);
n.length = strlen(ma->name); bd.length = strlen(ma->name);
major = _gss_copy_buffer(minor_status, &n, name); major = _gss_copy_buffer(minor_status, &bd, name);
if (major != GSS_S_COMPLETE) if (major != GSS_S_COMPLETE)
return major; return major;
} }
if (short_desc) { if (short_desc) {
gss_buffer_desc n; gss_buffer_desc bd;
n.value = rk_UNCONST(ma->short_desc); bd.value = rk_UNCONST(ma->short_desc);
n.length = strlen(ma->short_desc); bd.length = strlen(ma->short_desc);
major = _gss_copy_buffer(minor_status, &n, short_desc); major = _gss_copy_buffer(minor_status, &bd, short_desc);
if (major != GSS_S_COMPLETE) if (major != GSS_S_COMPLETE)
return major; return major;
} }
if (long_desc) { if (long_desc) {
gss_buffer_desc n; gss_buffer_desc bd;
n.value = rk_UNCONST(ma->long_desc); bd.value = rk_UNCONST(ma->long_desc);
n.length = strlen(ma->long_desc); bd.length = strlen(ma->long_desc);
major = _gss_copy_buffer(minor_status, &n, long_desc); major = _gss_copy_buffer(minor_status, &bd, long_desc);
if (major != GSS_S_COMPLETE) if (major != GSS_S_COMPLETE)
return major; return major;
} }

144
lib/gssapi/mech/gss_oid.c
View File

@@ -2,220 +2,220 @@
#include "mech_locl.h" #include "mech_locl.h"
/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */ /* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") };
/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */ /* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") };
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */ /* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") };
/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */ /* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") };
/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */ /* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */ /* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */ /* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") };
/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */ /* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") };
/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */ /* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") };
/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */ /* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") };
/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */ /* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") };
/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */ /* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") };
/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */ /* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") };
/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */ /* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") };
/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */ /* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") };
/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */ /* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") };
/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */ /* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") };
/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */ /* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") };
/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */ /* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") };
/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */ /* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") };
/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */ /* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") };
/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */ /* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") };
/* GSS_C_NT_DN - 1.2.752.43.13.22 */ /* GSS_C_NT_DN - 1.2.752.43.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") };
/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */ /* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") };
/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */ /* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") };
/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */ /* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") };
/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */ /* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") };
/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */ /* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") };
/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */ /* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") };
/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */ /* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") };
/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */ /* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") };
/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */ /* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") };
/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */ /* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") };
/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */ /* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */ /* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */ /* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") };
/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */ /* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") };
/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */ /* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") };
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */ /* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") };
/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */ /* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") };
/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */ /* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */ /* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */ /* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */ /* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") };
/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */ /* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */ /* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */ /* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") };
/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */ /* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") };
/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */ /* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") };
/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */ /* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") };
/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */ /* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") };
/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */ /* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") };
/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */ /* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") };
/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */ /* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") };
/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */ /* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") };
/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */ /* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") };
/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */ /* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") };
/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */ /* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") };
/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */ /* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") };
/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */ /* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") };
/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */ /* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") };
/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */ /* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") };
/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */ /* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") };
/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */ /* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") };
/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */ /* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") };
/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */ /* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") };
/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */ /* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") };
/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */ /* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") };
/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */ /* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") };
/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */ /* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") };
/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */ /* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") };
/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */ /* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" }; gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") };
struct _gss_oid_name_table _gss_ont_ma[] = { struct _gss_oid_name_table _gss_ont_ma[] = {
{ GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" }, { GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },

2
lib/gssapi/mech/gss_test_oid_set_member.c
View File

@@ -34,7 +34,7 @@ gss_test_oid_set_member(OM_uint32 *minor_status,
const gss_OID_set set, const gss_OID_set set,
int *present) int *present)
{ {
int i; size_t i;
*present = 0; *present = 0;
for (i = 0; i < set->count; i++) for (i = 0; i < set->count; i++)

8
lib/gssapi/ntlm/accept_sec_context.c
View File

@@ -155,15 +155,15 @@ _gss_ntlm_accept_sec_context
&out); &out);
heim_ntlm_free_type1(&type1); heim_ntlm_free_type1(&type1);
if (major_status != GSS_S_COMPLETE) { if (major_status != GSS_S_COMPLETE) {
OM_uint32 junk; OM_uint32 gunk;
_gss_ntlm_delete_sec_context(&junk, context_handle, NULL); _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
return major_status; return major_status;
} }
output_token->value = malloc(out.length); output_token->value = malloc(out.length);
if (output_token->value == NULL && out.length != 0) { if (output_token->value == NULL && out.length != 0) {
OM_uint32 junk; OM_uint32 gunk;
_gss_ntlm_delete_sec_context(&junk, context_handle, NULL); _gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
*minor_status = ENOMEM; *minor_status = ENOMEM;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }

14
lib/gssapi/ntlm/external.c
View File

@@ -38,7 +38,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_SASL_MECH_NAME, GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"SASL mech name", "SASL mech name",
"NTLM", rk_UNCONST("NTLM"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -46,7 +46,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_MECH_NAME, GSS_C_MA_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"Mechanism name", "Mechanism name",
"NTLMSPP", rk_UNCONST("NTLMSPP"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -54,7 +54,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_MECH_DESCRIPTION, GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA, GSS_MO_MA,
"Mechanism description", "Mechanism description",
"Heimdal NTLMSSP Mechanism", rk_UNCONST("Heimdal NTLMSSP Mechanism"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
} }
@@ -113,7 +113,13 @@ static gssapi_mech_interface_desc ntlm_mech = {
NULL, NULL,
NULL, NULL,
ntlm_mo, ntlm_mo,
sizeof(ntlm_mo) / sizeof(ntlm_mo[0]) sizeof(ntlm_mo) / sizeof(ntlm_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
}; };
gssapi_mech_interface gssapi_mech_interface

13
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -316,7 +316,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
gss_OID_desc oid; gss_OID_desc oid;
gss_OID oidp; gss_OID oidp;
gss_OID_set mechs; gss_OID_set mechs;
int i; size_t i;
OM_uint32 ret, junk; OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1, ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -368,12 +368,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
host = getenv("GSSAPI_SPNEGO_NAME"); host = getenv("GSSAPI_SPNEGO_NAME");
if (host == NULL || issuid()) { if (host == NULL || issuid()) {
int rv;
if (gethostname(hostname, sizeof(hostname)) != 0) { if (gethostname(hostname, sizeof(hostname)) != 0) {
*minor_status = errno; *minor_status = errno;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
i = asprintf(&str, "host@%s", hostname); rv = asprintf(&str, "host@%s", hostname);
if (i < 0 || str == NULL) { if (rv < 0 || str == NULL) {
*minor_status = ENOMEM; *minor_status = ENOMEM;
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
@@ -491,7 +492,6 @@ acceptor_start
NegotiationToken nt; NegotiationToken nt;
size_t nt_len; size_t nt_len;
NegTokenInit *ni; NegTokenInit *ni;
int i;
gss_buffer_desc data; gss_buffer_desc data;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER; gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_desc mech_output_token; gss_buffer_desc mech_output_token;
@@ -613,13 +613,14 @@ acceptor_start
*/ */
if (!first_ok && ni->mechToken != NULL) { if (!first_ok && ni->mechToken != NULL) {
size_t j;
preferred_mech_type = GSS_C_NO_OID; preferred_mech_type = GSS_C_NO_OID;
/* Call glue layer to find first mech we support */ /* Call glue layer to find first mech we support */
for (i = 1; i < ni->mechTypes.len; ++i) { for (j = 1; j < ni->mechTypes.len; ++j) {
ret = select_mech(minor_status, ret = select_mech(minor_status,
&ni->mechTypes.val[i], &ni->mechTypes.val[j],
1, 1,
&preferred_mech_type); &preferred_mech_type);
if (ret == 0) if (ret == 0)

6
lib/gssapi/spnego/compat.c
View File

@@ -41,10 +41,10 @@
* Kerberos mechanism. * Kerberos mechanism.
*/ */
gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc = gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
{9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"}; {9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")};
gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc = gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"}; {9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
/* /*
* Allocate a SPNEGO context handle * Allocate a SPNEGO context handle
@@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET; gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
gss_OID first_mech = GSS_C_NO_OID; gss_OID first_mech = GSS_C_NO_OID;
OM_uint32 ret; OM_uint32 ret;
int i; size_t i;
mechtypelist->len = 0; mechtypelist->len = 0;
mechtypelist->val = NULL; mechtypelist->val = NULL;

4
lib/gssapi/spnego/context_stubs.c
View File

@@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
{ {
OM_uint32 ret, junk; OM_uint32 ret, junk;
gss_OID_set m; gss_OID_set m;
int i; size_t i;
ret = gss_indicate_mechs(minor_status, &m); ret = gss_indicate_mechs(minor_status, &m);
if (ret != GSS_S_COMPLETE) if (ret != GSS_S_COMPLETE)
@@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
{ {
gss_OID_set mechs, names, n; gss_OID_set mechs, names, n;
OM_uint32 ret, junk; OM_uint32 ret, junk;
int i, j; size_t i, j;
*name_types = NULL; *name_types = NULL;

2
lib/gssapi/spnego/cred_stubs.c
View File

@@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
OM_uint32 ret, tmp; OM_uint32 ret, tmp;
gss_OID_set_desc actual_desired_mechs; gss_OID_set_desc actual_desired_mechs;
gss_OID_set mechs; gss_OID_set mechs;
int i, j; size_t i, j;
*output_cred_handle = GSS_C_NO_CREDENTIAL; *output_cred_handle = GSS_C_NO_CREDENTIAL;

17
lib/gssapi/spnego/external.c
View File

@@ -39,13 +39,12 @@
* negotiation token is identified by the Object Identifier * negotiation token is identified by the Object Identifier
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2). * iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/ */
static gss_mo_desc spnego_mo[] = { static gss_mo_desc spnego_mo[] = {
{ {
GSS_C_MA_SASL_MECH_NAME, GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"SASL mech name", "SASL mech name",
"SPNEGO", rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_NAME, GSS_C_MA_MECH_NAME,
GSS_MO_MA, GSS_MO_MA,
"Mechanism name", "Mechanism name",
"SPNEGO", rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_DESCRIPTION, GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA, GSS_MO_MA,
"Mechanism description", "Mechanism description",
"Heimdal SPNEGO Mechanism", rk_UNCONST("Heimdal SPNEGO Mechanism"),
_gss_mo_get_ctx_as_string, _gss_mo_get_ctx_as_string,
NULL NULL
}, },
@@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = {
static gssapi_mech_interface_desc spnego_mech = { static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION, GMI_VERSION,
"spnego", "spnego",
{6, (void *)"\x2b\x06\x01\x05\x05\x02"}, {6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
0, 0,
_gss_spnego_acquire_cred, _gss_spnego_acquire_cred,
_gss_spnego_release_cred, _gss_spnego_release_cred,
@@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = {
NULL, NULL,
NULL, NULL,
spnego_mo, spnego_mo,
sizeof(spnego_mo) / sizeof(spnego_mo[0]) sizeof(spnego_mo) / sizeof(spnego_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
}; };
gssapi_mech_interface gssapi_mech_interface

7
lib/hdb/common.c
View File

@@ -171,7 +171,7 @@ hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
krb5_error_code code; krb5_error_code code;
hdb_entry oldentry; hdb_entry oldentry;
krb5_data value; krb5_data value;
int i; size_t i;
code = db->hdb__get(context, db, *key, &value); code = db->hdb__get(context, db, *key, &value);
if (code == HDB_ERR_NOENTRY) if (code == HDB_ERR_NOENTRY)
@@ -211,7 +211,7 @@ hdb_add_aliases(krb5_context context, HDB *db,
const HDB_Ext_Aliases *aliases; const HDB_Ext_Aliases *aliases;
krb5_error_code code; krb5_error_code code;
krb5_data key, value; krb5_data key, value;
int i; size_t i;
code = hdb_entry_get_aliases(&entry->entry, &aliases); code = hdb_entry_get_aliases(&entry->entry, &aliases);
if (code || aliases == NULL) if (code || aliases == NULL)
@@ -240,7 +240,8 @@ static krb5_error_code
hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry) hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry)
{ {
const HDB_Ext_Aliases *aliases; const HDB_Ext_Aliases *aliases;
int code, i; int code;
size_t i;
/* check if new aliases already is used */ /* check if new aliases already is used */

20
lib/hdb/ext.c
View File

@@ -37,7 +37,7 @@
krb5_error_code krb5_error_code
hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent) hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
{ {
int i; size_t i;
if (ent->extensions == NULL) if (ent->extensions == NULL)
return 0; return 0;
@@ -63,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
HDB_extension * HDB_extension *
hdb_find_extension(const hdb_entry *entry, int type) hdb_find_extension(const hdb_entry *entry, int type)
{ {
int i; size_t i;
if (entry->extensions == NULL) if (entry->extensions == NULL)
return NULL; return NULL;
for (i = 0; i < entry->extensions->len; i++) for (i = 0; i < entry->extensions->len; i++)
if (entry->extensions->val[i].data.element == type) if (entry->extensions->val[i].data.element == (unsigned)type)
return &entry->extensions->val[i]; return &entry->extensions->val[i];
return NULL; return NULL;
} }
@@ -112,7 +112,7 @@ hdb_replace_extension(krb5_context context,
Der_type replace_type, list_type; Der_type replace_type, list_type;
unsigned int replace_tag, list_tag; unsigned int replace_tag, list_tag;
size_t size; size_t size;
int i; size_t i;
ret = der_get_tag(ext->data.u.asn1_ellipsis.data, ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
ext->data.u.asn1_ellipsis.length, ext->data.u.asn1_ellipsis.length,
@@ -180,13 +180,13 @@ hdb_clear_extension(krb5_context context,
hdb_entry *entry, hdb_entry *entry,
int type) int type)
{ {
int i; size_t i;
if (entry->extensions == NULL) if (entry->extensions == NULL)
return 0; return 0;
for (i = 0; i < entry->extensions->len; i++) { for (i = 0; i < entry->extensions->len; i++) {
if (entry->extensions->val[i].data.element == type) { if (entry->extensions->val[i].data.element == (unsigned)type) {
free_HDB_extension(&entry->extensions->val[i]); free_HDB_extension(&entry->extensions->val[i]);
memmove(&entry->extensions->val[i], memmove(&entry->extensions->val[i],
&entry->extensions->val[i + 1], &entry->extensions->val[i + 1],
@@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
ext = hdb_find_extension(entry, choice_HDB_extension_data_password); ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
if (ext) { if (ext) {
heim_utf8_string str; heim_utf8_string xstr;
heim_octet_string pw; heim_octet_string pw;
if (db->hdb_master_key_set && ext->data.u.password.mkvno) { if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
@@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return ret; return ret;
} }
str = pw.data; xstr = pw.data;
if (str[pw.length - 1] != '\0') { if (xstr[pw.length - 1] != '\0') {
krb5_set_error_message(context, EINVAL, "malformed password"); krb5_set_error_message(context, EINVAL, "malformed password");
return EINVAL; return EINVAL;
} }
*p = strdup(str); *p = strdup(xstr);
der_free_octet_string(&pw); der_free_octet_string(&pw);
if (*p == NULL) { if (*p == NULL) {

2
lib/hdb/hdb-mitdb.c
View File

@@ -144,7 +144,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num)
case KRB5_KDB_SALTTYPE_NOREALM: case KRB5_KDB_SALTTYPE_NOREALM:
{ {
size_t len; size_t len;
int i; size_t i;
char *p; char *p;
len = 0; len = 0;

6
lib/hdb/hdb.c
View File

@@ -168,7 +168,7 @@ hdb_unlock(int fd)
void void
hdb_free_entry(krb5_context context, hdb_entry_ex *ent) hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{ {
int i; size_t i;
if (ent->free_entry) if (ent->free_entry)
(*ent->free_entry)(context, ent); (*ent->free_entry)(context, ent);
@@ -217,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db)
if (ret) if (ret)
return ret; return ret;
tag.data = HDB_DB_FORMAT_ENTRY; tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data); tag.length = strlen(tag.data);
ret = (*db->hdb__get)(context, db, tag, &version); ret = (*db->hdb__get)(context, db, tag, &version);
ret2 = db->hdb_unlock(context, db); ret2 = db->hdb_unlock(context, db);
@@ -250,7 +250,7 @@ hdb_init_db(krb5_context context, HDB *db)
if (ret) if (ret)
return ret; return ret;
tag.data = HDB_DB_FORMAT_ENTRY; tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data); tag.length = strlen(tag.data);
snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT); snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
version.data = ver; version.data = ver;

10
lib/hdb/keys.c
View File

@@ -256,8 +256,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
char **ktypes, **kp; char **ktypes, **kp;
krb5_error_code ret; krb5_error_code ret;
Key *k, *key_set; Key *k, *key_set;
int i, j; size_t i, j;
char *default_keytypes[] = { static const char *default_keytypes[] = {
"aes256-cts-hmac-sha1-96:pw-salt", "aes256-cts-hmac-sha1-96:pw-salt",
"des3-cbc-sha1:pw-salt", "des3-cbc-sha1:pw-salt",
"arcfour-hmac-md5:pw-salt", "arcfour-hmac-md5:pw-salt",
@@ -267,7 +267,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
ktypes = krb5_config_get_strings(context, NULL, "kadmin", ktypes = krb5_config_get_strings(context, NULL, "kadmin",
"default_keys", NULL); "default_keys", NULL);
if (ktypes == NULL) if (ktypes == NULL)
ktypes = default_keytypes; ktypes = (char **)(intptr_t)default_keytypes;
*ret_key_set = key_set = NULL; *ret_key_set = key_set = NULL;
*nkeyset = 0; *nkeyset = 0;
@@ -337,7 +337,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
*ret_key_set = key_set; *ret_key_set = key_set;
out: out:
if (ktypes != default_keytypes) if (ktypes != (char **)(intptr_t)default_keytypes)
krb5_config_free_strings(ktypes); krb5_config_free_strings(ktypes);
if (ret) { if (ret) {
@@ -364,7 +364,7 @@ hdb_generate_key_set_password(krb5_context context,
Key **keys, size_t *num_keys) Key **keys, size_t *num_keys)
{ {
krb5_error_code ret; krb5_error_code ret;
int i; size_t i;
ret = hdb_generate_key_set(context, principal, ret = hdb_generate_key_set(context, principal,
keys, num_keys, 0); keys, num_keys, 0);

6
lib/hdb/keytab.c
View File

@@ -184,7 +184,7 @@ hdb_get_entry(krb5_context context,
const char *mkey = d->mkey; const char *mkey = d->mkey;
char *fdbname = NULL, *fmkey = NULL; char *fdbname = NULL, *fmkey = NULL;
HDB *db; HDB *db;
int i; size_t i;
memset(&ent, 0, sizeof(ent)); memset(&ent, 0, sizeof(ent));
@@ -222,7 +222,7 @@ hdb_get_entry(krb5_context context,
}else if(ret) }else if(ret)
goto out; goto out;
if(kvno && ent.entry.kvno != kvno) { if(kvno && (krb5_kvno)ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent); hdb_free_entry(context, &ent);
ret = KRB5_KT_NOTFOUND; ret = KRB5_KT_NOTFOUND;
goto out; goto out;
@@ -382,7 +382,7 @@ hdb_next_entry(krb5_context context,
* next entry * next entry
*/ */
if (c->key_idx == c->hdb_entry.entry.keys.len) { if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) {
hdb_free_entry(context, &c->hdb_entry); hdb_free_entry(context, &c->hdb_entry);
c->next = TRUE; c->next = TRUE;
c->key_idx = 0; c->key_idx = 0;

6
lib/hdb/mkey.c
View File

@@ -372,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
if(mkvno == NULL) { if(mkvno == NULL) {
if(ret == NULL || mkey->keytab.vno > ret->keytab.vno) if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
ret = mkey; ret = mkey;
} else if(mkey->keytab.vno == *mkvno) } else if((uint32_t)mkey->keytab.vno == *mkvno)
return mkey; return mkey;
mkey = mkey->next; mkey = mkey->next;
} }
@@ -459,7 +459,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
krb5_error_code krb5_error_code
hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{ {
int i; size_t i;
for(i = 0; i < ent->keys.len; i++){ for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret; krb5_error_code ret;
@@ -526,7 +526,7 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
krb5_error_code krb5_error_code
hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey) hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{ {
int i; size_t i;
for(i = 0; i < ent->keys.len; i++){ for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret; krb5_error_code ret;

5
lib/hdb/print.c
View File

@@ -78,7 +78,8 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
static krb5_error_code static krb5_error_code
append_hex(krb5_context context, krb5_storage *sp, krb5_data *data) append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
{ {
int i, printable = 1; int printable = 1;
size_t i;
char *p; char *p;
p = data->data; p = data->data;
@@ -126,7 +127,7 @@ static krb5_error_code
entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent) entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
{ {
char *p; char *p;
int i; size_t i;
krb5_error_code ret; krb5_error_code ret;
/* --- principal */ /* --- principal */

4
lib/hx509/ca.c
View File

@@ -266,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context,
} }
if (flags & HX509_CA_TEMPLATE_EKU) { if (flags & HX509_CA_TEMPLATE_EKU) {
ExtKeyUsage eku; ExtKeyUsage eku;
int i; size_t i;
ret = _hx509_cert_get_eku(context, cert, &eku); ret = _hx509_cert_get_eku(context, cert, &eku);
if (ret) if (ret)
return ret; return ret;
@@ -689,7 +689,7 @@ add_utf8_san(hx509_context context,
const heim_oid *oid, const heim_oid *oid,
const char *string) const char *string)
{ {
const PKIXXmppAddr ustring = (const PKIXXmppAddr)string; const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string;
heim_octet_string os; heim_octet_string os;
size_t size; size_t size;
int ret; int ret;

11
lib/hx509/cms.c
View File

@@ -362,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context,
heim_octet_string *params, params_data; heim_octet_string *params, params_data;
heim_octet_string ivec; heim_octet_string ivec;
size_t size; size_t size;
int ret, i, matched = 0, findflags = 0; int ret, matched = 0, findflags = 0;
size_t i;
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
@@ -718,7 +719,8 @@ out:
static int static int
any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs) any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
{ {
int ret, i; int ret;
size_t i;
if (sd->certificates == NULL) if (sd->certificates == NULL)
return 0; return 0;
@@ -744,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
static const Attribute * static const Attribute *
find_attribute(const CMSAttributes *attr, const heim_oid *oid) find_attribute(const CMSAttributes *attr, const heim_oid *oid)
{ {
int i; size_t i;
for (i = 0; i < attr->len; i++) for (i = 0; i < attr->len; i++)
if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0) if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
return &attr->val[i]; return &attr->val[i];
@@ -790,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context,
hx509_certs certs = NULL; hx509_certs certs = NULL;
SignedData sd; SignedData sd;
size_t size; size_t size;
int ret, i, found_valid_sig; int ret, found_valid_sig;
size_t i;
*signer_certs = NULL; *signer_certs = NULL;
content->data = NULL; content->data = NULL;

7
lib/hx509/collector.c
View File

@@ -253,7 +253,8 @@ _hx509_collector_collect_certs(hx509_context context,
hx509_certs *ret_certs) hx509_certs *ret_certs)
{ {
hx509_certs certs; hx509_certs certs;
int ret, i; int ret;
size_t i;
*ret_certs = NULL; *ret_certs = NULL;
@@ -286,7 +287,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
struct hx509_collector *c, struct hx509_collector *c,
hx509_private_key **keys) hx509_private_key **keys)
{ {
int i, nkeys; size_t i, nkeys;
*keys = NULL; *keys = NULL;
@@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
void void
_hx509_collector_free(struct hx509_collector *c) _hx509_collector_free(struct hx509_collector *c)
{ {
int i; size_t i;
if (c->unenvelop_certs) if (c->unenvelop_certs)
hx509_certs_free(&c->unenvelop_certs); hx509_certs_free(&c->unenvelop_certs);

65
lib/hx509/crypto.c
View File

@@ -589,7 +589,7 @@ rsa_verify_signature(hx509_context context,
} }
/* Check for extra data inside the sigature */ /* Check for extra data inside the sigature */
if (size != retsize) { if (size != (size_t)retsize) {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT; ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
hx509_set_error_string(context, 0, ret, "size from decryption mismatch"); hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
goto out; goto out;
@@ -620,7 +620,7 @@ rsa_verify_signature(hx509_context context,
data, data,
&di.digest); &di.digest);
} else { } else {
if (retsize != data->length || if ((size_t)retsize != data->length ||
ct_memcmp(to, data->data, retsize) != 0) ct_memcmp(to, data->data, retsize) != 0)
{ {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT; ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
@@ -739,7 +739,7 @@ rsa_create_signature(hx509_context context,
"RSA private encrypt failed: %d", ret); "RSA private encrypt failed: %d", ret);
return ret; return ret;
} }
if (ret > sig->length) if ((size_t)ret > sig->length)
_hx509_abort("RSA signature prelen longer the output len"); _hx509_abort("RSA signature prelen longer the output len");
sig->length = ret; sig->length = ret;
@@ -1256,7 +1256,8 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg pkcs1_rsa_sha1_alg = { static const struct signature_alg pkcs1_rsa_sha1_alg = {
@@ -1269,7 +1270,8 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_sha512_alg = { static const struct signature_alg rsa_with_sha512_alg = {
@@ -1282,7 +1284,8 @@ static const struct signature_alg rsa_with_sha512_alg = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_sha384_alg = { static const struct signature_alg rsa_with_sha384_alg = {
@@ -1295,7 +1298,8 @@ static const struct signature_alg rsa_with_sha384_alg = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_sha256_alg = { static const struct signature_alg rsa_with_sha256_alg = {
@@ -1308,7 +1312,8 @@ static const struct signature_alg rsa_with_sha256_alg = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_sha1_alg = { static const struct signature_alg rsa_with_sha1_alg = {
@@ -1321,7 +1326,8 @@ static const struct signature_alg rsa_with_sha1_alg = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_sha1_alg_secsig = { static const struct signature_alg rsa_with_sha1_alg_secsig = {
@@ -1334,7 +1340,8 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = {
0, 0,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg rsa_with_md5_alg = { static const struct signature_alg rsa_with_md5_alg = {
@@ -1347,7 +1354,8 @@ static const struct signature_alg rsa_with_md5_alg = {
1230739889, 1230739889,
NULL, NULL,
rsa_verify_signature, rsa_verify_signature,
rsa_create_signature rsa_create_signature,
0
}; };
static const struct signature_alg dsa_sha1_alg = { static const struct signature_alg dsa_sha1_alg = {
@@ -1361,6 +1369,7 @@ static const struct signature_alg dsa_sha1_alg = {
NULL, NULL,
dsa_verify_signature, dsa_verify_signature,
/* create_signature */ NULL, /* create_signature */ NULL,
0
}; };
static const struct signature_alg sha512_alg = { static const struct signature_alg sha512_alg = {
@@ -1373,7 +1382,8 @@ static const struct signature_alg sha512_alg = {
0, 0,
EVP_sha512, EVP_sha512,
evp_md_verify_signature, evp_md_verify_signature,
evp_md_create_signature evp_md_create_signature,
0
}; };
static const struct signature_alg sha384_alg = { static const struct signature_alg sha384_alg = {
@@ -1386,7 +1396,8 @@ static const struct signature_alg sha384_alg = {
0, 0,
EVP_sha384, EVP_sha384,
evp_md_verify_signature, evp_md_verify_signature,
evp_md_create_signature evp_md_create_signature,
0
}; };
static const struct signature_alg sha256_alg = { static const struct signature_alg sha256_alg = {
@@ -1399,7 +1410,8 @@ static const struct signature_alg sha256_alg = {
0, 0,
EVP_sha256, EVP_sha256,
evp_md_verify_signature, evp_md_verify_signature,
evp_md_create_signature evp_md_create_signature,
0
}; };
static const struct signature_alg sha1_alg = { static const struct signature_alg sha1_alg = {
@@ -1412,7 +1424,8 @@ static const struct signature_alg sha1_alg = {
0, 0,
EVP_sha1, EVP_sha1,
evp_md_verify_signature, evp_md_verify_signature,
evp_md_create_signature evp_md_create_signature,
0
}; };
static const struct signature_alg md5_alg = { static const struct signature_alg md5_alg = {
@@ -1425,7 +1438,8 @@ static const struct signature_alg md5_alg = {
0, 0,
EVP_md5, EVP_md5,
evp_md_verify_signature, evp_md_verify_signature,
NULL NULL,
0
}; };
/* /*
@@ -1748,7 +1762,7 @@ hx509_private_key_private_decrypt(hx509_context context,
"Failed to decrypt using private key: %d", ret); "Failed to decrypt using private key: %d", ret);
return HX509_CRYPTO_RSA_PRIVATE_DECRYPT; return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
} }
if (cleartext->length < ret) if (cleartext->length < (size_t)ret)
_hx509_abort("internal rsa decryption failure: ret > tosize"); _hx509_abort("internal rsa decryption failure: ret > tosize");
cleartext->length = ret; cleartext->length = ret;
@@ -2339,7 +2353,7 @@ static const struct hx509cipher ciphers[] = {
static const struct hx509cipher * static const struct hx509cipher *
find_cipher_by_oid(const heim_oid *oid) find_cipher_by_oid(const heim_oid *oid)
{ {
int i; size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0) if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
@@ -2351,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid)
static const struct hx509cipher * static const struct hx509cipher *
find_cipher_by_name(const char *name) find_cipher_by_name(const char *name)
{ {
int i; size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++) for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (strcasecmp(name, ciphers[i].name) == 0) if (strcasecmp(name, ciphers[i].name) == 0)
@@ -2461,7 +2475,7 @@ hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
int int
hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length) hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
{ {
if (EVP_CIPHER_key_length(crypto->c) > length) if (EVP_CIPHER_key_length(crypto->c) > (int)length)
return HX509_CRYPTO_INTERNAL_ERROR; return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data) { if (crypto->key.data) {
@@ -2558,7 +2572,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0) (crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length); assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
EVP_CIPHER_CTX_init(&evp); EVP_CIPHER_CTX_init(&evp);
@@ -2598,7 +2612,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
memcpy((*ciphertext)->data, data, length); memcpy((*ciphertext)->data, data, length);
if (padsize) { if (padsize) {
int i; size_t i;
unsigned char *p = (*ciphertext)->data; unsigned char *p = (*ciphertext)->data;
p += length; p += length;
for (i = 0; i < padsize; i++) for (i = 0; i < padsize; i++)
@@ -2647,7 +2661,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0) (crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE; return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length) if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
return HX509_CRYPTO_INTERNAL_ERROR; return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data == NULL) if (crypto->key.data == NULL)
@@ -2683,7 +2697,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
unsigned char *p; unsigned char *p;
int j, bsize = EVP_CIPHER_block_size(crypto->c); int j, bsize = EVP_CIPHER_block_size(crypto->c);
if (clear->length < bsize) { if ((int)clear->length < bsize) {
ret = HX509_CMS_PADDING_ERROR; ret = HX509_CMS_PADDING_ERROR;
goto out; goto out;
} }
@@ -2854,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context,
const EVP_CIPHER *c; const EVP_CIPHER *c;
const EVP_MD *md; const EVP_MD *md;
PBE_string2key_func s2k; PBE_string2key_func s2k;
int i, ret = 0; int ret = 0;
size_t i;
memset(&key, 0, sizeof(key)); memset(&key, 0, sizeof(key));
memset(&iv, 0, sizeof(iv)); memset(&iv, 0, sizeof(iv));

103
lib/hx509/hxtool.c
View File

@@ -45,9 +45,9 @@ static int version_flag;
static int help_flag; static int help_flag;
struct getargs args[] = { struct getargs args[] = {
{ "statistic-file", 0, arg_string, &stat_file_string }, { "statistic-file", 0, arg_string, &stat_file_string, NULL, NULL },
{ "version", 0, arg_flag, &version_flag }, { "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag } { "help", 0, arg_flag, &help_flag, NULL, NULL }
}; };
int num_args = sizeof(args) / sizeof(args[0]); int num_args = sizeof(args) / sizeof(args[0]);
@@ -80,15 +80,15 @@ lock_strings(hx509_lock lock, getarg_strings *pass)
*/ */
static void static void
certs_strings(hx509_context context, const char *type, hx509_certs certs, certs_strings(hx509_context contextp, const char *type, hx509_certs certs,
hx509_lock lock, const getarg_strings *s) hx509_lock lock, const getarg_strings *s)
{ {
int i, ret; int i, ret;
for (i = 0; i < s->num_strings; i++) { for (i = 0; i < s->num_strings; i++) {
ret = hx509_certs_append(context, certs, lock, s->strings[i]); ret = hx509_certs_append(contextp, certs, lock, s->strings[i]);
if (ret) if (ret)
hx509_err(context, 1, ret, hx509_err(contextp, 1, ret,
"hx509_certs_append: %s %s", type, s->strings[i]); "hx509_certs_append: %s %s", type, s->strings[i]);
} }
} }
@@ -114,16 +114,16 @@ parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
*/ */
static void static void
peer_strings(hx509_context context, peer_strings(hx509_context contextp,
hx509_peer_info *peer, hx509_peer_info *peer,
const getarg_strings *s) const getarg_strings *s)
{ {
AlgorithmIdentifier *val; AlgorithmIdentifier *val;
int ret, i; int ret, i;
ret = hx509_peer_info_alloc(context, peer); ret = hx509_peer_info_alloc(contextp, peer);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_alloc"); hx509_err(contextp, 1, ret, "hx509_peer_info_alloc");
val = calloc(s->num_strings, sizeof(*val)); val = calloc(s->num_strings, sizeof(*val));
if (val == NULL) if (val == NULL)
@@ -132,9 +132,9 @@ peer_strings(hx509_context context,
for (i = 0; i < s->num_strings; i++) for (i = 0; i < s->num_strings; i++)
parse_oid(s->strings[i], NULL, &val[i].algorithm); parse_oid(s->strings[i], NULL, &val[i].algorithm);
ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings); ret = hx509_peer_info_set_cms_algs(contextp, *peer, val, s->num_strings);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs"); hx509_err(contextp, 1, ret, "hx509_peer_info_set_cms_algs");
for (i = 0; i < s->num_strings; i++) for (i = 0; i < s->num_strings; i++)
free_AlgorithmIdentifier(&val[i]); free_AlgorithmIdentifier(&val[i]);
@@ -151,7 +151,7 @@ struct pem_data {
}; };
static int static int
pem_reader(hx509_context context, const char *type, pem_reader(hx509_context contextp, const char *type,
const hx509_pem_header *headers, const hx509_pem_header *headers,
const void *data , size_t length, void *ctx) const void *data , size_t length, void *ctx)
{ {
@@ -211,22 +211,22 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
certs_strings(context, "store", store, lock, &opt->certificate_strings); certs_strings(context, "store", store, lock, &opt->certificate_strings);
if (opt->pem_flag) { if (opt->pem_flag) {
struct pem_data p; struct pem_data pd;
FILE *f; FILE *f;
p.os = &co; pd.os = &co;
p.detached_data = 0; pd.detached_data = 0;
f = fopen(argv[0], "r"); f = fopen(argv[0], "r");
if (f == NULL) if (f == NULL)
err(1, "Failed to open file %s", argv[0]); err(1, "Failed to open file %s", argv[0]);
ret = hx509_pem_read(context, f, pem_reader, &p); ret = hx509_pem_read(context, f, pem_reader, &pd);
fclose(f); fclose(f);
if (ret) if (ret)
errx(1, "PEM reader failed: %d", ret); errx(1, "PEM reader failed: %d", ret);
if (p.detached_data && opt->signed_content_string == NULL) { if (pd.detached_data && opt->signed_content_string == NULL) {
char *r = strrchr(argv[0], '.'); char *r = strrchr(argv[0], '.');
if (r && strcasecmp(r, ".pem") == 0) { if (r && strcasecmp(r, ".pem") == 0) {
char *s = strdup(argv[0]); char *s = strdup(argv[0]);
@@ -331,7 +331,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
} }
static int static int
print_signer(hx509_context context, void *ctx, hx509_cert cert) print_signer(hx509_context contextp, void *ctx, hx509_cert cert)
{ {
hx509_pem_header **header = ctx; hx509_pem_header **header = ctx;
char *signer_name = NULL; char *signer_name = NULL;
@@ -801,10 +801,10 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
hx509_err(context, 1, ret, "hx509_certs_init"); hx509_err(context, 1, ret, "hx509_certs_init");
while(argc-- > 1) { while(argc-- > 1) {
int ret; int retx;
ret = hx509_certs_append(context, certs, inlock, argv[0]); retx = hx509_certs_append(context, certs, inlock, argv[0]);
if (ret) if (retx)
hx509_err(context, 1, ret, "hx509_certs_append"); hx509_err(context, 1, retx, "hx509_certs_append");
argv++; argv++;
} }
@@ -1534,7 +1534,7 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv)
len = hex_decode(p, buf2, strlen(p)); len = hex_decode(p, buf2, strlen(p));
if (len < 0) if (len < 0)
errx(1, "hex_decode failed"); errx(1, "hex_decode failed");
if (fwrite(buf2, 1, len, stdout) != len) if (fwrite(buf2, 1, len, stdout) != (size_t)len)
errx(1, "fwrite failed"); errx(1, "fwrite failed");
} }
} else { } else {
@@ -1558,38 +1558,38 @@ struct cert_type_opt {
static int static int
https_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) https_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth); return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
} }
static int static int
https_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) https_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_clientAuth); return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_clientAuth);
} }
static int static int
peap_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) peap_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth); return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
} }
static int static int
pkinit_kdc(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) pkinit_kdc(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
opt->pkinit++; opt->pkinit++;
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkkdcekuoid); return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkkdcekuoid);
} }
static int static int
pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) pkinit_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
int ret; int ret;
opt->pkinit++; opt->pkinit++;
ret = hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkekuoid); ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkekuoid);
if (ret) if (ret)
return ret; return ret;
@@ -1601,9 +1601,9 @@ pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt
} }
static int static int
email_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt) email_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{ {
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_emailProtection); return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_emailProtection);
} }
struct { struct {
@@ -1663,12 +1663,13 @@ print_eval_types(FILE *out)
} }
static int static int
eval_types(hx509_context context, eval_types(hx509_context contextp,
hx509_ca_tbs tbs, hx509_ca_tbs tbs,
const struct certificate_sign_options *opt) const struct certificate_sign_options *opt)
{ {
struct cert_type_opt ctopt; struct cert_type_opt ctopt;
unsigned i, j; int i;
size_t j;
int ret; int ret;
memset(&ctopt, 0, sizeof(ctopt)); memset(&ctopt, 0, sizeof(ctopt));
@@ -1678,9 +1679,9 @@ eval_types(hx509_context context,
for (j = 0; j < sizeof(certtypes)/sizeof(certtypes[0]); j++) { for (j = 0; j < sizeof(certtypes)/sizeof(certtypes[0]); j++) {
if (strcasecmp(type, certtypes[j].type) == 0) { if (strcasecmp(type, certtypes[j].type) == 0) {
ret = (*certtypes[j].eval)(context, tbs, &ctopt); ret = (*certtypes[j].eval)(contextp, tbs, &ctopt);
if (ret) if (ret)
hx509_err(context, 1, ret, hx509_err(contextp, 1, ret,
"Failed to evaluate cert type %s", type); "Failed to evaluate cert type %s", type);
break; break;
} }
@@ -1697,47 +1698,47 @@ eval_types(hx509_context context,
if (!ctopt.pkinit) if (!ctopt.pkinit)
errx(1, "pk-init principal given but no pk-init oid"); errx(1, "pk-init principal given but no pk-init oid");
ret = hx509_ca_tbs_add_san_pkinit(context, tbs, ret = hx509_ca_tbs_add_san_pkinit(contextp, tbs,
opt->pk_init_principal_string); opt->pk_init_principal_string);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_pkinit");
} }
if (opt->ms_upn_string) { if (opt->ms_upn_string) {
if (!ctopt.pkinit) if (!ctopt.pkinit)
errx(1, "MS upn given but no pk-init oid"); errx(1, "MS upn given but no pk-init oid");
ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string); ret = hx509_ca_tbs_add_san_ms_upn(contextp, tbs, opt->ms_upn_string);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
} }
for (i = 0; i < opt->hostname_strings.num_strings; i++) { for (i = 0; i < opt->hostname_strings.num_strings; i++) {
const char *hostname = opt->hostname_strings.strings[i]; const char *hostname = opt->hostname_strings.strings[i];
ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname); ret = hx509_ca_tbs_add_san_hostname(contextp, tbs, hostname);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname");
} }
for (i = 0; i < opt->email_strings.num_strings; i++) { for (i = 0; i < opt->email_strings.num_strings; i++) {
const char *email = opt->email_strings.strings[i]; const char *email = opt->email_strings.strings[i];
ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email); ret = hx509_ca_tbs_add_san_rfc822name(contextp, tbs, email);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname");
ret = hx509_ca_tbs_add_eku(context, tbs, ret = hx509_ca_tbs_add_eku(contextp, tbs,
&asn1_oid_id_pkix_kp_emailProtection); &asn1_oid_id_pkix_kp_emailProtection);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_eku");
} }
if (opt->jid_string) { if (opt->jid_string) {
ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string); ret = hx509_ca_tbs_add_san_jid(contextp, tbs, opt->jid_string);
if (ret) if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid"); hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_jid");
} }
return 0; return 0;

16
lib/hx509/ks_dir.c
View File

@@ -202,16 +202,12 @@ dir_iter_end(hx509_context context,
static struct hx509_keyset_ops keyset_dir = { static struct hx509_keyset_ops keyset_dir = {
"DIR", .name = "DIR",
0, .init = dir_init,
dir_init, .free = dir_free,
NULL, .iter_start = dir_iter_start,
dir_free, .iter = dir_iter,
NULL, .iter_end = dir_iter_end,
NULL,
dir_iter_start,
dir_iter,
dir_iter_end
}; };
void void

8
lib/hx509/ks_file.c
View File

@@ -177,7 +177,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
const EVP_CIPHER *cipher; const EVP_CIPHER *cipher;
const struct _hx509_password *pw; const struct _hx509_password *pw;
hx509_lock lock; hx509_lock lock;
int i, decrypted = 0; int decrypted = 0;
size_t i;
lock = _hx509_collector_get_lock(c); lock = _hx509_collector_get_lock(c);
if (lock == NULL) { if (lock == NULL) {
@@ -329,7 +330,8 @@ pem_func(hx509_context context, const char *type,
const void *data, size_t len, void *ctx) const void *data, size_t len, void *ctx)
{ {
struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx; struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
int ret = 0, j; int ret = 0;
size_t j;
for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) { for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
const char *q = formats[j].name; const char *q = formats[j].name;
@@ -436,7 +438,7 @@ file_init_common(hx509_context context,
else if (ret == HX509_PARSING_KEY_FAILED) { else if (ret == HX509_PARSING_KEY_FAILED) {
size_t length; size_t length;
void *ptr; void *ptr;
int i; size_t i;
ret = rk_undumpdata(p, &ptr, &length); ret = rk_undumpdata(p, &ptr, &length);
if (ret) { if (ret) {

18
lib/hx509/ks_p11.c
View File

@@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen,
} }
ret = P11FUNC(p11rsa->p, Sign, ret = P11FUNC(p11rsa->p, Sign,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize)); (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session); p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK) if (ret != CKR_OK)
return -1; return -1;
@@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
} }
ret = P11FUNC(p11rsa->p, Decrypt, ret = P11FUNC(p11rsa->p, Decrypt,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize)); (session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session); p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK) if (ret != CKR_OK)
return -1; return -1;
@@ -878,7 +878,8 @@ p11_init(hx509_context context,
{ {
CK_SLOT_ID_PTR slot_ids; CK_SLOT_ID_PTR slot_ids;
int i, num_tokens = 0; int num_tokens = 0;
size_t i;
slot_ids = malloc(p->num_slots * sizeof(*slot_ids)); slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
if (slot_ids == NULL) { if (slot_ids == NULL) {
@@ -933,7 +934,7 @@ p11_init(hx509_context context,
static void static void
p11_release_module(struct p11_module *p) p11_release_module(struct p11_module *p)
{ {
int i; size_t i;
if (p->ref == 0) if (p->ref == 0)
_hx509_abort("pkcs11 ref to low"); _hx509_abort("pkcs11 ref to low");
@@ -957,7 +958,7 @@ p11_release_module(struct p11_module *p)
free(p->slot[i].mechs.list); free(p->slot[i].mechs.list);
if (p->slot[i].mechs.infos) { if (p->slot[i].mechs.infos) {
int j; size_t j;
for (j = 0 ; j < p->slot[i].mechs.num ; j++) for (j = 0 ; j < p->slot[i].mechs.num ; j++)
free(p->slot[i].mechs.infos[j]); free(p->slot[i].mechs.infos[j]);
@@ -981,7 +982,7 @@ static int
p11_free(hx509_certs certs, void *data) p11_free(hx509_certs certs, void *data)
{ {
struct p11_module *p = data; struct p11_module *p = data;
int i; size_t i;
for (i = 0; i < p->num_slots; i++) { for (i = 0; i < p->num_slots; i++) {
if (p->slot[i].certs) if (p->slot[i].certs)
@@ -1002,7 +1003,8 @@ p11_iter_start(hx509_context context,
{ {
struct p11_module *p = data; struct p11_module *p = data;
struct p11_cursor *c; struct p11_cursor *c;
int ret, i; int ret;
size_t i;
c = malloc(sizeof(*c)); c = malloc(sizeof(*c));
if (c == NULL) { if (c == NULL) {
@@ -1103,7 +1105,7 @@ p11_printinfo(hx509_context context,
void *ctx) void *ctx)
{ {
struct p11_module *p = data; struct p11_module *p = data;
int i, j; size_t i, j;
_hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s", _hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
p->num_slots, p->num_slots > 1 ? "s" : ""); p->num_slots, p->num_slots > 1 ? "s" : "");

12
lib/hx509/ks_p12.c
View File

@@ -56,7 +56,7 @@ parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
static const PKCS12_Attribute * static const PKCS12_Attribute *
find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid) find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
{ {
int i; size_t i;
if (attrs == NULL) if (attrs == NULL)
return NULL; return NULL;
for (i = 0; i < attrs->len; i++) for (i = 0; i < attrs->len; i++)
@@ -168,7 +168,7 @@ certBag_parser(hx509_context context,
const heim_oid *oids[] = { const heim_oid *oids[] = {
&asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName &asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName
}; };
int i; size_t i;
for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) { for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
const heim_oid *oid = oids[i]; const heim_oid *oid = oids[i];
@@ -190,7 +190,8 @@ parse_safe_content(hx509_context context,
const unsigned char *p, size_t len) const unsigned char *p, size_t len)
{ {
PKCS12_SafeContents sc; PKCS12_SafeContents sc;
int ret, i; int ret;
size_t i;
memset(&sc, 0, sizeof(sc)); memset(&sc, 0, sizeof(sc));
@@ -310,7 +311,7 @@ parse_pkcs12_type(hx509_context context,
const void *data, size_t length, const void *data, size_t length,
const PKCS12_Attributes *attrs) const PKCS12_Attributes *attrs)
{ {
int i; size_t i;
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++) for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0) if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0)
@@ -327,7 +328,8 @@ p12_init(hx509_context context,
void *buf; void *buf;
PKCS12_PFX pfx; PKCS12_PFX pfx;
PKCS12_AuthenticatedSafe as; PKCS12_AuthenticatedSafe as;
int ret, i; int ret;
size_t i;
struct hx509_collector *c; struct hx509_collector *c;
*data = NULL; *data = NULL;

2
lib/hx509/lock.c
View File

@@ -121,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock)
void void
hx509_lock_reset_passwords(hx509_lock lock) hx509_lock_reset_passwords(hx509_lock lock)
{ {
int i; size_t i;
for (i = 0; i < lock->password.len; i++) for (i = 0; i < lock->password.len; i++)
free(lock->password.val[i]); free(lock->password.val[i]);
free(lock->password.val); free(lock->password.val);

38
lib/hx509/name.c
View File

@@ -66,17 +66,17 @@ static const struct {
const heim_oid *o; const heim_oid *o;
wind_profile_flags flags; wind_profile_flags flags;
} no[] = { } no[] = {
{ "C", &asn1_oid_id_at_countryName }, { "C", &asn1_oid_id_at_countryName, 0 },
{ "CN", &asn1_oid_id_at_commonName }, { "CN", &asn1_oid_id_at_commonName, 0 },
{ "DC", &asn1_oid_id_domainComponent }, { "DC", &asn1_oid_id_domainComponent, 0 },
{ "L", &asn1_oid_id_at_localityName }, { "L", &asn1_oid_id_at_localityName, 0 },
{ "O", &asn1_oid_id_at_organizationName }, { "O", &asn1_oid_id_at_organizationName, 0 },
{ "OU", &asn1_oid_id_at_organizationalUnitName }, { "OU", &asn1_oid_id_at_organizationalUnitName, 0 },
{ "S", &asn1_oid_id_at_stateOrProvinceName }, { "S", &asn1_oid_id_at_stateOrProvinceName, 0 },
{ "STREET", &asn1_oid_id_at_streetAddress }, { "STREET", &asn1_oid_id_at_streetAddress, 0 },
{ "UID", &asn1_oid_id_Userid }, { "UID", &asn1_oid_id_Userid, 0 },
{ "emailAddress", &asn1_oid_id_pkcs9_emailAddress }, { "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 },
{ "serialNumber", &asn1_oid_id_at_serialNumber } { "serialNumber", &asn1_oid_id_at_serialNumber, 0 }
}; };
static char * static char *
@@ -159,7 +159,8 @@ oidtostring(const heim_oid *type)
static int static int
stringtooid(const char *name, size_t len, heim_oid *oid) stringtooid(const char *name, size_t len, heim_oid *oid)
{ {
int i, ret; int ret;
size_t i;
char *s; char *s;
memset(oid, 0, sizeof(*oid)); memset(oid, 0, sizeof(*oid));
@@ -200,14 +201,16 @@ int
_hx509_Name_to_string(const Name *n, char **str) _hx509_Name_to_string(const Name *n, char **str)
{ {
size_t total_len = 0; size_t total_len = 0;
int i, j, ret; size_t i, j, m;
int ret;
*str = strdup(""); *str = strdup("");
if (*str == NULL) if (*str == NULL)
return ENOMEM; return ENOMEM;
for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) { for (m = n->u.rdnSequence.len; m > 0; m--) {
size_t len; size_t len;
i = m - 1;
for (j = 0; j < n->u.rdnSequence.val[i].len; j++) { for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value; DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
@@ -438,7 +441,8 @@ _hx509_name_ds_cmp(const DirectoryString *ds1,
int int
_hx509_name_cmp(const Name *n1, const Name *n2, int *c) _hx509_name_cmp(const Name *n1, const Name *n2, int *c)
{ {
int ret, i, j; int ret;
size_t i, j;
*c = n1->u.rdnSequence.len - n2->u.rdnSequence.len; *c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
if (*c) if (*c)
@@ -610,7 +614,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
goto out; goto out;
} }
if ((q - p) > len) { if ((size_t)(q - p) > len) {
ret = HX509_PARSING_NAME_FAILED; ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret, " = after , in %s", p); hx509_set_error_string(context, 0, ret, " = after , in %s", p);
goto out; goto out;
@@ -727,7 +731,7 @@ hx509_name_expand(hx509_context context,
hx509_env env) hx509_env env)
{ {
Name *n = &name->der_name; Name *n = &name->der_name;
int i, j; size_t i, j;
if (env == NULL) if (env == NULL)
return 0; return 0;

19
lib/hx509/print.c
View File

@@ -163,7 +163,7 @@ void
hx509_bitstring_print(const heim_bit_string *b, hx509_bitstring_print(const heim_bit_string *b,
hx509_vprint_func func, void *ctx) hx509_vprint_func func, void *ctx)
{ {
int i; size_t i;
print_func(func, ctx, "\tlength: %d\n\t", b->length); print_func(func, ctx, "\tlength: %d\n\t", b->length);
for (i = 0; i < (b->length + 7) / 8; i++) for (i = 0; i < (b->length + 7) / 8; i++)
print_func(func, ctx, "%02x%s%s", print_func(func, ctx, "%02x%s%s",
@@ -481,7 +481,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
{ {
CRLDistributionPoints dp; CRLDistributionPoints dp;
size_t size; size_t size;
int ret, i; int ret;
size_t i;
check_Null(ctx, status, cf, e); check_Null(ctx, status, cf, e);
@@ -499,7 +500,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
if (dp.val[i].distributionPoint) { if (dp.val[i].distributionPoint) {
DistributionPointName dpname; DistributionPointName dpname;
heim_any *data = dp.val[i].distributionPoint; heim_any *data = dp.val[i].distributionPoint;
int j; size_t j;
ret = decode_DistributionPointName(data->data, data->length, ret = decode_DistributionPointName(data->data, data->length,
&dpname, NULL); &dpname, NULL);
@@ -565,7 +566,8 @@ check_altName(hx509_validate_ctx ctx,
{ {
GeneralNames gn; GeneralNames gn;
size_t size; size_t size;
int ret, i; int ret;
size_t i;
check_Null(ctx, status, cf, e); check_Null(ctx, status, cf, e);
@@ -717,7 +719,8 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
{ {
AuthorityInfoAccessSyntax aia; AuthorityInfoAccessSyntax aia;
size_t size; size_t size;
int ret, i; int ret;
size_t i;
check_Null(ctx, status, cf, e); check_Null(ctx, status, cf, e);
@@ -773,7 +776,7 @@ struct {
{ ext(certificateIssuer, Null), M_C }, { ext(certificateIssuer, Null), M_C },
{ ext(nameConstraints, Null), M_C }, { ext(nameConstraints, Null), M_C },
{ ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C }, { ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
{ ext(certificatePolicies, Null) }, { ext(certificatePolicies, Null), 0 },
{ ext(policyMappings, Null), M_N_C }, { ext(policyMappings, Null), M_N_C },
{ ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C }, { ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
{ ext(policyConstraints, Null), D_C }, { ext(policyConstraints, Null), D_C },
@@ -789,7 +792,7 @@ struct {
check_Null, D_C }, check_Null, D_C },
{ "Netscape cert comment", &asn1_oid_id_netscape_cert_comment, { "Netscape cert comment", &asn1_oid_id_netscape_cert_comment,
check_Null, D_C }, check_Null, D_C },
{ NULL } { NULL, NULL, NULL, 0 }
}; };
/** /**
@@ -936,7 +939,7 @@ hx509_validate_cert(hx509_context context,
free(str); free(str);
if (t->extensions) { if (t->extensions) {
int i, j; size_t i, j;
if (t->extensions->len == 0) { if (t->extensions->len == 0) {
validate_print(ctx, validate_print(ctx,

13
lib/hx509/revoke.c
View File

@@ -349,7 +349,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
} }
if (basic.certs) { if (basic.certs) {
int i; size_t i;
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0, ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
NULL, &certs); NULL, &certs);
@@ -760,8 +760,7 @@ hx509_revoke_verify(hx509_context context,
if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) { if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now) if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
continue; continue;
} else } /* else should force a refetch, but can we ? */
/* Should force a refetch, but can we ? */;
return 0; return 0;
} }
@@ -1076,7 +1075,8 @@ int
hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out) hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
{ {
struct revoke_ocsp ocsp; struct revoke_ocsp ocsp;
int ret, i; int ret;
size_t i;
if (out == NULL) if (out == NULL)
out = stdout; out = stdout;
@@ -1141,7 +1141,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
status = "element unknown"; status = "element unknown";
} }
fprintf(out, "\t%d. status: %s\n", i, status); fprintf(out, "\t%zu. status: %s\n", i, status);
fprintf(out, "\tthisUpdate: %s\n", fprintf(out, "\tthisUpdate: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate)); printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
@@ -1188,7 +1188,8 @@ hx509_ocsp_verify(hx509_context context,
{ {
const Certificate *c = _hx509_get_cert(cert); const Certificate *c = _hx509_get_cert(cert);
OCSPBasicOCSPResponse basic; OCSPBasicOCSPResponse basic;
int ret, i; int ret;
size_t i;
if (now == 0) if (now == 0)
now = time(NULL); now = time(NULL);

2
lib/hx509/sel.c
View File

@@ -223,7 +223,7 @@ _hx509_expr_parse(const char *buf)
} }
void void
_hx509_sel_yyerror (char *s) _hx509_sel_yyerror (const char *s)
{ {
if (_hx509_expr_input.error) if (_hx509_expr_input.error)
free(_hx509_expr_input.error); free(_hx509_expr_input.error);

2
lib/hx509/sel.h
View File

@@ -78,5 +78,5 @@ extern struct hx_expr_input _hx509_expr_input;
int _hx509_sel_yyparse(void); int _hx509_sel_yyparse(void);
int _hx509_sel_yylex(void); int _hx509_sel_yylex(void);
void _hx509_sel_yyerror(char *); void _hx509_sel_yyerror(const char *);

37
lib/hx509/softp11.c
View File

@@ -140,9 +140,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
va_start(ap, fmt); va_start(ap, fmt);
len = vsnprintf(str, size, fmt, ap); len = vsnprintf(str, size, fmt, ap);
va_end(ap); va_end(ap);
if (len < 0 || len > size) if (len < 0 || (size_t)len > size)
return; return;
while(len < size) while ((size_t)len < size)
str[len++] = fillchar; str[len++] = fillchar;
} }
@@ -152,9 +152,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
#define VERIFY_SESSION_HANDLE(s, state) \ #define VERIFY_SESSION_HANDLE(s, state) \
{ \ { \
CK_RV ret; \ CK_RV xret; \
ret = verify_session_handle(s, state); \ xret = verify_session_handle(s, state); \
if (ret != CKR_OK) { \ if (xret != CKR_OK) { \
/* return CKR_OK */; \ /* return CKR_OK */; \
} \ } \
} }
@@ -163,7 +163,7 @@ static CK_RV
verify_session_handle(CK_SESSION_HANDLE hSession, verify_session_handle(CK_SESSION_HANDLE hSession,
struct session_state **state) struct session_state **state)
{ {
int i; size_t i;
for (i = 0; i < MAX_NUM_SESSION; i++){ for (i = 0; i < MAX_NUM_SESSION; i++){
if (soft_token.state[i].session_handle == hSession) if (soft_token.state[i].session_handle == hSession)
@@ -421,6 +421,7 @@ struct foo {
static int static int
add_cert(hx509_context hxctx, void *ctx, hx509_cert cert) add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
{ {
static char empty[] = "";
struct foo *foo = (struct foo *)ctx; struct foo *foo = (struct foo *)ctx;
struct st_object *o = NULL; struct st_object *o = NULL;
CK_OBJECT_CLASS type; CK_OBJECT_CLASS type;
@@ -520,8 +521,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
mech_type = CKM_RSA_X_509; mech_type = CKM_RSA_X_509;
@@ -557,8 +558,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type)); add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id)); add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */ add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */ add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false)); add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
mech_type = CKM_RSA_X_509; mech_type = CKM_RSA_X_509;
@@ -859,7 +860,7 @@ C_Initialize(CK_VOID_PTR a)
{ {
CK_C_INITIALIZE_ARGS_PTR args = a; CK_C_INITIALIZE_ARGS_PTR args = a;
CK_RV ret; CK_RV ret;
int i; size_t i;
st_logf("Initialize\n"); st_logf("Initialize\n");
@@ -916,7 +917,7 @@ C_Initialize(CK_VOID_PTR a)
CK_RV CK_RV
C_Finalize(CK_VOID_PTR args) C_Finalize(CK_VOID_PTR args)
{ {
int i; size_t i;
INIT_CONTEXT(); INIT_CONTEXT();
@@ -1112,7 +1113,7 @@ C_OpenSession(CK_SLOT_ID slotID,
CK_NOTIFY Notify, CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession) CK_SESSION_HANDLE_PTR phSession)
{ {
int i; size_t i;
INIT_CONTEXT(); INIT_CONTEXT();
st_logf("OpenSession: slot: %d\n", (int)slotID); st_logf("OpenSession: slot: %d\n", (int)slotID);
@@ -1155,7 +1156,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession)
CK_RV CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID) C_CloseAllSessions(CK_SLOT_ID slotID)
{ {
int i; size_t i;
INIT_CONTEXT(); INIT_CONTEXT();
st_logf("CloseAllSessions\n"); st_logf("CloseAllSessions\n");
@@ -1429,7 +1430,7 @@ commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
static CK_RV static CK_RV
dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism) dup_mechanism(CK_MECHANISM_PTR *dp, const CK_MECHANISM_PTR pMechanism)
{ {
CK_MECHANISM_PTR p; CK_MECHANISM_PTR p;
@@ -1437,9 +1438,9 @@ dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
if (p == NULL) if (p == NULL)
return CKR_DEVICE_MEMORY; return CKR_DEVICE_MEMORY;
if (*dup) if (*dp)
free(*dup); free(*dp);
*dup = p; *dp = p;
memcpy(p, pMechanism, sizeof(*p)); memcpy(p, pMechanism, sizeof(*p));
return CKR_OK; return CKR_OK;

24
lib/ipc/client.c
View File

@@ -393,7 +393,7 @@ unix_socket_ipc(void *ctx,
if (net_write(s->fd, &len, sizeof(len)) != sizeof(len)) if (net_write(s->fd, &len, sizeof(len)) != sizeof(len))
return -1; return -1;
if (net_write(s->fd, req->data, req->length) != req->length) if (net_write(s->fd, req->data, req->length) != (ssize_t)req->length)
return -1; return -1;
if (net_read(s->fd, &len, sizeof(len)) != sizeof(len)) if (net_read(s->fd, &len, sizeof(len)) != sizeof(len))
@@ -407,7 +407,7 @@ unix_socket_ipc(void *ctx,
rep->data = malloc(rep->length); rep->data = malloc(rep->length);
if (rep->data == NULL) if (rep->data == NULL)
return -1; return -1;
if (net_read(s->fd, rep->data, rep->length) != rep->length) if (net_read(s->fd, rep->data, rep->length) != (ssize_t)rep->length)
return -1; return -1;
} else } else
rep->data = NULL; rep->data = NULL;
@@ -489,9 +489,9 @@ struct hipc_ops ipcs[] = {
{ "MACH", mach_init, mach_release, mach_ipc, mach_async }, { "MACH", mach_init, mach_release, mach_ipc, mach_async },
#endif #endif
#ifdef HAVE_DOOR #ifdef HAVE_DOOR
{ "DOOR", door_init, common_release, door_ipc } { "DOOR", door_init, common_release, door_ipc, NULL }
#endif #endif
{ "UNIX", unix_socket_init, common_release, unix_socket_ipc } { "UNIX", unix_socket_init, common_release, unix_socket_ipc, NULL }
}; };
struct heim_ipc { struct heim_ipc {
@@ -546,29 +546,29 @@ heim_ipc_free_context(heim_ipc ctx)
} }
int int
heim_ipc_call(heim_ipc ctx, const heim_idata *send, heim_idata *recv, heim_ipc_call(heim_ipc ctx, const heim_idata *snd, heim_idata *rcv,
heim_icred *cred) heim_icred *cred)
{ {
if (cred) if (cred)
*cred = NULL; *cred = NULL;
return (ctx->ops->ipc)(ctx->ctx, send, recv, cred); return (ctx->ops->ipc)(ctx->ctx, snd, rcv, cred);
} }
int int
heim_ipc_async(heim_ipc ctx, const heim_idata *send, void *userctx, heim_ipc_async(heim_ipc ctx, const heim_idata *snd, void *userctx,
void (*func)(void *, int, heim_idata *, heim_icred)) void (*func)(void *, int, heim_idata *, heim_icred))
{ {
if (ctx->ops->async == NULL) { if (ctx->ops->async == NULL) {
heim_idata recv; heim_idata rcv;
heim_icred cred = NULL; heim_icred cred = NULL;
int ret; int ret;
ret = (ctx->ops->ipc)(ctx->ctx, send, &recv, &cred); ret = (ctx->ops->ipc)(ctx->ctx, snd, &rcv, &cred);
(*func)(userctx, ret, &recv, cred); (*func)(userctx, ret, &rcv, cred);
heim_ipc_free_cred(cred); heim_ipc_free_cred(cred);
free(recv.data); free(rcv.data);
return ret; return ret;
} else { } else {
return (ctx->ops->async)(ctx->ctx, send, userctx, func); return (ctx->ops->async)(ctx->ctx, snd, userctx, func);
} }
} }

4
lib/ipc/server.c
View File

@@ -557,7 +557,7 @@ update_client_creds(struct client *c)
#endif #endif
#if defined(SOCKCREDSIZE) && defined(SCM_CREDS) #if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
/* NetBSD */ /* NetBSD */
if (c->unixrights.uid == -1) { if (c->unixrights.uid == (uid_t)-1) {
struct msghdr msg; struct msghdr msg;
socklen_t crmsgsize; socklen_t crmsgsize;
void *crmsg; void *crmsg;
@@ -959,7 +959,7 @@ handle_write(struct client *c)
if (len <= 0) { if (len <= 0) {
c->flags |= WAITING_CLOSE; c->flags |= WAITING_CLOSE;
c->flags &= ~(WAITING_WRITE); c->flags &= ~(WAITING_WRITE);
} else if (c->olen != len) { } else if (c->olen != (size_t)len) {
memmove(&c->outmsg[0], &c->outmsg[len], c->olen - len); memmove(&c->outmsg[0], &c->outmsg[len], c->olen - len);
c->olen -= len; c->olen -= len;
} else { } else {

Some files were not shown because too many files have changed in this diff Show More