oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Warning fixes from Christos Zoulas

Browse Source 
- shadowed variables
- signed/unsigned confusion
- const lossage
- incomplete structure initializations
- unused code
This commit is contained in:
Love Hornquist Astrand
2011-04-29 20:25:05 -07:00
parent 66c15e7caf
commit f5f9014c90
156 changed files with 1178 additions and 1078 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/add.c
View File

@@ -113,7 +113,7 @@ kt_add(struct add_options *opt, int argc, char **argv)
goto out;
}
if (hex_decode(opt->password_string, data, len) != len) {
if ((size_t)hex_decode(opt->password_string, data, len) != len) {
free(data);
krb5_warn(context, ENOMEM, "hex decode failed");
goto out;

21
admin/get.c
View File

@@ -90,7 +90,8 @@ kt_get(struct get_options *opt, int argc, char **argv)
void *kadm_handle = NULL;
krb5_enctype *etypes = NULL;
size_t netypes = 0;
int i, j;
size_t i;
int a, j;
unsigned int failed = 0;
if((keytab = ktutil_open_keytab()) == NULL)
@@ -120,7 +121,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
}
for(i = 0; i < argc; i++){
for(a = 0; a < argc; a++){
krb5_principal princ_ent;
kadm5_principal_ent_rec princ;
int mask = 0;
@@ -129,9 +130,9 @@ kt_get(struct get_options *opt, int argc, char **argv)
int created = 0;
krb5_keytab_entry entry;
ret = krb5_parse_name(context, argv[i], &princ_ent);
ret = krb5_parse_name(context, argv[a], &princ_ent);
if (ret) {
krb5_warn(context, ret, "can't parse principal %s", argv[i]);
krb5_warn(context, ret, "can't parse principal %s", argv[a]);
failed++;
continue;
}
@@ -161,14 +162,14 @@ kt_get(struct get_options *opt, int argc, char **argv)
if(ret == 0)
created = 1;
else if(ret != KADM5_DUP) {
krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[i]);
krb5_warn(context, ret, "kadm5_create_principal(%s)", argv[a]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
}
ret = kadm5_randkey_principal(kadm_handle, princ_ent, &keys, &n_keys);
if (ret) {
krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[i]);
krb5_warn(context, ret, "kadm5_randkey_principal(%s)", argv[a]);
krb5_free_principal(context, princ_ent);
failed++;
continue;
@@ -177,7 +178,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_PRINCIPAL | KADM5_KVNO | KADM5_ATTRIBUTES);
if (ret) {
krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[i]);
krb5_warn(context, ret, "kadm5_get_principal(%s)", argv[a]);
for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent);
@@ -185,7 +186,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
continue;
}
if(!created && (princ.attributes & KRB5_KDB_DISALLOW_ALL_TIX))
krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[i]);
krb5_warnx(context, "%s: disallow-all-tix flag set - clearing", argv[a]);
princ.attributes &= (~KRB5_KDB_DISALLOW_ALL_TIX);
mask = KADM5_ATTRIBUTES;
if(created) {
@@ -194,7 +195,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
}
ret = kadm5_modify_principal(kadm_handle, &princ, mask);
if (ret) {
krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[i]);
krb5_warn(context, ret, "kadm5_modify_principal(%s)", argv[a]);
for (j = 0; j < n_keys; j++)
krb5_free_keyblock_contents(context, &keys[j]);
krb5_free_principal(context, princ_ent);
@@ -205,7 +206,7 @@ kt_get(struct get_options *opt, int argc, char **argv)
int do_add = TRUE;
if (netypes) {
int k;
size_t k;
do_add = FALSE;
for (k = 0; k < netypes; ++k)

5
admin/ktutil.c
View File

@@ -118,8 +118,11 @@ help(void *opt, int argc, char **argv)
argv[0]);
} else {
if(c->func) {
char *fake[] = { NULL, "--help", NULL };
char shelp[] = "--help";
char *fake[3];
fake[0] = argv[0];
fake[1] = shelp;
fake[2] = NULL;
(*c->func)(2, fake);
fprintf(stderr, "\n");
}

2
admin/list.c
View File

@@ -113,7 +113,7 @@ do_list(struct list_options *opt, const char *keytab_str)
rtbl_add_column_entry_by_id(table, 3, buf);
}
if(opt->keys_flag) {
int i;
size_t i;
s = malloc(2 * entry.keyblock.keyvalue.length + 1);
if (s == NULL) {
krb5_warnx(context, "malloc failed");

2
base/dict.c
View File

@@ -77,7 +77,7 @@ struct heim_type_data dict_object = {
static size_t
isprime(size_t p)
{
int q, i;
size_t q, i;
for(i = 2 ; i < p; i++) {
q = p / i;

10
kadmin/ank.c
View File

@@ -39,21 +39,21 @@
*/
static krb5_error_code
get_default (kadm5_server_context *context,
get_default (kadm5_server_context *contextp,
krb5_principal princ,
kadm5_principal_ent_t default_ent)
{
krb5_error_code ret;
krb5_principal def_principal;
krb5_const_realm realm = krb5_principal_get_realm(context->context, princ);
krb5_const_realm realm = krb5_principal_get_realm(contextp->context, princ);
ret = krb5_make_principal (context->context, &def_principal,
ret = krb5_make_principal (contextp->context, &def_principal,
realm, "default", NULL);
if (ret)
return ret;
ret = kadm5_get_principal (context, def_principal, default_ent,
ret = kadm5_get_principal (contextp, def_principal, default_ent,
KADM5_PRINCIPAL_NORMAL_MASK);
krb5_free_principal (context->context, def_principal);
krb5_free_principal (contextp->context, def_principal);
return ret;
}

2
kadmin/check.c
View File

@@ -86,7 +86,7 @@ do_check_entry(krb5_principal principal, void *data)
ret = krb5_enctype_keysize(context,
princ.key_data[i].key_data_type[0],
&keysize);
if (ret == 0 && keysize != princ.key_data[i].key_data_length[0]) {
if (ret == 0 && keysize != (size_t)princ.key_data[i].key_data_length[0]) {
krb5_warnx(context,
"Principal %s enctype %d, wrong length: %lu\n",
name, princ.key_data[i].key_data_type[0],

57
kadmin/kadm_conn.c
View File

@@ -43,12 +43,12 @@ struct kadm_port {
} *kadm_ports;
static void
add_kadm_port(krb5_context context, const char *service, unsigned int port)
add_kadm_port(krb5_context contextp, const char *service, unsigned int port)
{
struct kadm_port *p;
p = malloc(sizeof(*p));
if(p == NULL) {
krb5_warnx(context, "failed to allocate %lu bytes\n",
krb5_warnx(contextp, "failed to allocate %lu bytes\n",
(unsigned long)sizeof(*p));
return;
}
@@ -61,9 +61,9 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port)
}
static void
add_standard_ports (krb5_context context)
add_standard_ports (krb5_context contextp)
{
add_kadm_port(context, "kerberos-adm", 749);
add_kadm_port(contextp, "kerberos-adm", 749);
}
/*
@@ -73,15 +73,15 @@ add_standard_ports (krb5_context context)
*/
void
parse_ports(krb5_context context, const char *str)
parse_ports(krb5_context contextp, const char *str)
{
char p[128];
while(strsep_copy(&str, " \t", p, sizeof(p)) != -1) {
if(strcmp(p, "+") == 0)
add_standard_ports(context);
add_standard_ports(contextp);
else
add_kadm_port(context, p, 0);
add_kadm_port(contextp, p, 0);
}
}
@@ -120,10 +120,11 @@ terminate(int sig)
}
static int
spawn_child(krb5_context context, int *socks,
spawn_child(krb5_context contextp, int *socks,
unsigned int num_socks, int this_sock)
{
int e, i;
int e;
size_t i;
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
socklen_t sa_size = sizeof(__ss);
@@ -135,20 +136,20 @@ spawn_child(krb5_context context, int *socks,
s = accept(socks[this_sock], sa, &sa_size);
if(rk_IS_BAD_SOCKET(s)) {
krb5_warn(context, rk_SOCK_ERRNO, "accept");
krb5_warn(contextp, rk_SOCK_ERRNO, "accept");
return 1;
}
e = krb5_sockaddr2address(context, sa, &addr);
e = krb5_sockaddr2address(contextp, sa, &addr);
if(e)
krb5_warn(context, e, "krb5_sockaddr2address");
krb5_warn(contextp, e, "krb5_sockaddr2address");
else {
e = krb5_print_address (&addr, buf, sizeof(buf),
&buf_len);
if(e)
krb5_warn(context, e, "krb5_print_address");
krb5_warn(contextp, e, "krb5_print_address");
else
krb5_warnx(context, "connection from %s", buf);
krb5_free_address(context, &addr);
krb5_warnx(contextp, "connection from %s", buf);
krb5_free_address(contextp, &addr);
}
pid = fork();
@@ -167,7 +168,7 @@ spawn_child(krb5_context context, int *socks,
}
static void
wait_for_connection(krb5_context context,
wait_for_connection(krb5_context contextp,
krb5_socket_t *socks, unsigned int num_socks)
{
unsigned int i;
@@ -200,13 +201,13 @@ wait_for_connection(krb5_context context,
e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
if(rk_IS_SOCKET_ERROR(e)) {
if(rk_SOCK_ERRNO != EINTR)
krb5_warn(context, rk_SOCK_ERRNO, "select");
krb5_warn(contextp, rk_SOCK_ERRNO, "select");
} else if(e == 0)
krb5_warnx(context, "select returned 0");
krb5_warnx(contextp, "select returned 0");
else {
for(i = 0; i < num_socks; i++) {
if(FD_ISSET(socks[i], &read_set))
if(spawn_child(context, socks, num_socks, i) == 0)
if(spawn_child(contextp, socks, num_socks, i) == 0)
return;
}
}
@@ -221,7 +222,7 @@ wait_for_connection(krb5_context context,
void
start_server(krb5_context context, const char *port_str)
start_server(krb5_context contextp, const char *port_str)
{
int e;
struct kadm_port *p;
@@ -233,7 +234,7 @@ start_server(krb5_context context, const char *port_str)
if (port_str == NULL)
port_str = "+";
parse_ports(context, port_str);
parse_ports(contextp, port_str);
for(p = kadm_ports; p; p = p->next) {
struct addrinfo hints, *ai, *ap;
@@ -249,7 +250,7 @@ start_server(krb5_context context, const char *port_str)
}
if(e) {
krb5_warn(context, krb5_eai_to_heim_errno(e, errno),
krb5_warn(contextp, krb5_eai_to_heim_errno(e, errno),
"%s", portstr);
continue;
}
@@ -258,7 +259,7 @@ start_server(krb5_context context, const char *port_str)
i++;
tmp = realloc(socks, (num_socks + i) * sizeof(*socks));
if(tmp == NULL) {
krb5_warnx(context, "failed to reallocate %lu bytes",
krb5_warnx(contextp, "failed to reallocate %lu bytes",
(unsigned long)(num_socks + i) * sizeof(*socks));
continue;
}
@@ -266,7 +267,7 @@ start_server(krb5_context context, const char *port_str)
for(ap = ai; ap; ap = ap->ai_next) {
krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
if(rk_IS_BAD_SOCKET(s)) {
krb5_warn(context, rk_SOCK_ERRNO, "socket");
krb5_warn(contextp, rk_SOCK_ERRNO, "socket");
continue;
}
@@ -274,12 +275,12 @@ start_server(krb5_context context, const char *port_str)
socket_set_ipv6only(s, 1);
if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
krb5_warn(context, rk_SOCK_ERRNO, "bind");
krb5_warn(contextp, rk_SOCK_ERRNO, "bind");
rk_closesocket(s);
continue;
}
if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
krb5_warn(context, rk_SOCK_ERRNO, "listen");
krb5_warn(contextp, rk_SOCK_ERRNO, "listen");
rk_closesocket(s);
continue;
}
@@ -288,7 +289,7 @@ start_server(krb5_context context, const char *port_str)
freeaddrinfo (ai);
}
if(num_socks == 0)
krb5_errx(context, 1, "no sockets to listen to - exiting");
krb5_errx(contextp, 1, "no sockets to listen to - exiting");
wait_for_connection(context, socks, num_socks);
wait_for_connection(contextp, socks, num_socks);
}

13
kadmin/kadmin.c
View File

@@ -52,9 +52,9 @@ static getarg_strings policy_libraries = { 0, NULL };
static struct getargs args[] = {
{ "principal", 'p', arg_string, &client_name,
"principal to authenticate as" },
"principal to authenticate as", NULL },
{ "keytab", 'K', arg_string, &keytab,
"keytab for authentication principal" },
"keytab for authentication principal", NULL },
{
"config-file", 'c', arg_string, &config_file,
"location of config file", "file"
@@ -75,7 +75,8 @@ static struct getargs args[] = {
"server-port", 's', arg_integer, &server_port,
"port to use", "port number"
},
{ "ad", 0, arg_flag, &ad_flag, "active directory admin mode" },
{ "ad", 0, arg_flag, &ad_flag, "active directory admin mode",
NULL },
#ifdef HAVE_DLOPEN
{ "check-library", 0, arg_string, &check_library,
"library to load password check function from", "library" },
@@ -84,9 +85,9 @@ static struct getargs args[] = {
{ "policy-libraries", 0, arg_strings, &policy_libraries,
"password check function to load", "function" },
#endif
{ "local", 'l', arg_flag, &local_flag, "local admin mode" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
{ "local", 'l', arg_flag, &local_flag, "local admin mode", NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);

9
kadmin/kadmind.c
View File

@@ -37,7 +37,8 @@ static char *check_library = NULL;
static char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL };
static char *config_file;
static char *keytab_str = "HDB:";
static char sHDB[] = "HDB:";
static char *keytab_str = sHDB;
static int help_flag;
static int version_flag;
static int debug_flag;
@@ -65,12 +66,12 @@ static struct getargs args[] = {
"password check function to load", "function" },
#endif
{ "debug", 'd', arg_flag, &debug_flag,
"enable debugging"
"enable debugging", NULL
},
{ "ports", 'p', arg_string, &port_str,
"ports to listen to", "port" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);

2
kadmin/load.c
View File

@@ -153,7 +153,7 @@ parse_keys(hdb_entry *ent, char *str)
krb5_error_code ret;
int tmp;
char *p;
int i;
size_t i;
p = strsep(&str, ":");
if (sscanf(p, "%d", &tmp) != 1)

14
kadmin/mod.c
View File

@@ -55,7 +55,7 @@ add_tl(kadm5_principal_ent_rec *princ, int type, krb5_data *data)
}
static void
add_constrained_delegation(krb5_context context,
add_constrained_delegation(krb5_context contextp,
kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
@@ -81,13 +81,13 @@ add_constrained_delegation(krb5_context context,
ext.data.u.allowed_to_delegate_to.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) {
ret = krb5_parse_name(context, strings->strings[i], &p);
ret = krb5_parse_name(contextp, strings->strings[i], &p);
if (ret)
abort();
ret = copy_Principal(p, &ext.data.u.allowed_to_delegate_to.val[i]);
if (ret)
abort();
krb5_free_principal(context, p);
krb5_free_principal(contextp, p);
}
}
@@ -103,7 +103,7 @@ add_constrained_delegation(krb5_context context,
}
static void
add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
add_aliases(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
krb5_error_code ret;
@@ -128,9 +128,9 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
ext.data.u.aliases.aliases.len = strings->num_strings;
for (i = 0; i < strings->num_strings; i++) {
ret = krb5_parse_name(context, strings->strings[i], &p);
ret = krb5_parse_name(contextp, strings->strings[i], &p);
ret = copy_Principal(p, &ext.data.u.aliases.aliases.val[i]);
krb5_free_principal(context, p);
krb5_free_principal(contextp, p);
}
}
@@ -146,7 +146,7 @@ add_aliases(krb5_context context, kadm5_principal_ent_rec *princ,
}
static void
add_pkinit_acl(krb5_context context, kadm5_principal_ent_rec *princ,
add_pkinit_acl(krb5_context contextp, kadm5_principal_ent_rec *princ,
struct getarg_strings *strings)
{
krb5_error_code ret;

166
kadmin/rpc.c
View File

@@ -161,7 +161,7 @@ parse_name(const unsigned char *p, size_t len,
static void
gss_error(krb5_context context,
gss_error(krb5_context contextp,
gss_OID mech, OM_uint32 type, OM_uint32 error)
{
OM_uint32 new_stat;
@@ -176,7 +176,7 @@ gss_error(krb5_context context,
mech,
&msg_ctx,
&status_string);
krb5_warnx(context, "%.*s",
krb5_warnx(contextp, "%.*s",
(int)status_string.length,
(char *)status_string.value);
gss_release_buffer (&new_stat, &status_string);
@@ -184,11 +184,11 @@ gss_error(krb5_context context,
}
static void
gss_print_errors (krb5_context context,
gss_print_errors (krb5_context contextp,
OM_uint32 maj_stat, OM_uint32 min_stat)
{
gss_error(context, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat);
gss_error(context, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat);
gss_error(contextp, GSS_C_NO_OID, GSS_C_GSS_CODE, maj_stat);
gss_error(contextp, GSS_C_NO_OID, GSS_C_MECH_CODE, min_stat);
}
static int
@@ -204,10 +204,10 @@ read_data(krb5_storage *sp, krb5_storage *msg, size_t len)
tlen = sizeof(buf);
slen = krb5_storage_read(sp, buf, tlen);
INSIST(slen == tlen);
INSIST((size_t)slen == tlen);
slen = krb5_storage_write(msg, buf, tlen);
INSIST(slen == tlen);
INSIST((size_t)slen == tlen);
len -= tlen;
}
@@ -252,7 +252,7 @@ store_data_xdr(krb5_storage *sp, krb5_data data)
static const char zero[4] = { 0, 0, 0, 0 };
ret = krb5_storage_write(sp, zero, res);
if(ret != res)
if((size_t)ret != res)
return (ret < 0)? errno : krb5_storage_get_eof_code(sp);
}
return 0;
@@ -273,7 +273,7 @@ ret_data_xdr(krb5_storage *sp, krb5_data *data)
res = 4 - (data->length % 4);
if (res != 4) {
ret = krb5_storage_read(sp, buf, res);
if(ret != res)
if((size_t)ret != res)
return (ret < 0)? errno : krb5_storage_get_eof_code(sp);
}
}
@@ -362,19 +362,19 @@ ret_string_xdr(krb5_storage *sp, char **str)
}
static int
store_principal_xdr(krb5_context context,
store_principal_xdr(krb5_context contextp,
krb5_storage *sp,
krb5_principal p)
{
char *str;
CHECK(krb5_unparse_name(context, p, &str));
CHECK(krb5_unparse_name(contextp, p, &str));
CHECK(store_string_xdr(sp, str));
free(str);
return 0;
}
static int
ret_principal_xdr(krb5_context context,
ret_principal_xdr(krb5_context contextp,
krb5_storage *sp,
krb5_principal *p)
{
@@ -382,27 +382,27 @@ ret_principal_xdr(krb5_context context,
*p = NULL;
CHECK(ret_string_xdr(sp, &str));
if (str) {
CHECK(krb5_parse_name(context, str, p));
CHECK(krb5_parse_name(contextp, str, p));
free(str);
}
return 0;
}
static int
store_principal_ent(krb5_context context,
store_principal_ent(krb5_context contextp,
krb5_storage *sp,
kadm5_principal_ent_rec *ent)
{
size_t i;
int i;
CHECK(store_principal_xdr(context, sp, ent->principal));
CHECK(store_principal_xdr(contextp, sp, ent->principal));
CHECK(krb5_store_uint32(sp, ent->princ_expire_time));
CHECK(krb5_store_uint32(sp, ent->pw_expiration));
CHECK(krb5_store_uint32(sp, ent->last_pwd_change));
CHECK(krb5_store_uint32(sp, ent->max_life));
CHECK(krb5_store_int32(sp, ent->mod_name == NULL));
if (ent->mod_name)
CHECK(store_principal_xdr(context, sp, ent->mod_name));
CHECK(store_principal_xdr(contextp, sp, ent->mod_name));
CHECK(krb5_store_uint32(sp, ent->mod_date));
CHECK(krb5_store_uint32(sp, ent->attributes));
CHECK(krb5_store_uint32(sp, ent->kvno));
@@ -443,7 +443,7 @@ store_principal_ent(krb5_context context,
}
static int
ret_principal_ent(krb5_context context,
ret_principal_ent(krb5_context contextp,
krb5_storage *sp,
kadm5_principal_ent_rec *ent)
{
@@ -452,7 +452,7 @@ ret_principal_ent(krb5_context context,
memset(ent, 0, sizeof(*ent));
CHECK(ret_principal_xdr(context, sp, &ent->principal));
CHECK(ret_principal_xdr(contextp, sp, &ent->principal));
CHECK(krb5_ret_uint32(sp, &flag));
ent->princ_expire_time = flag;
CHECK(krb5_ret_uint32(sp, &flag));
@@ -463,7 +463,7 @@ ret_principal_ent(krb5_context context,
ent->max_life = flag;
CHECK(krb5_ret_uint32(sp, &flag));
if (flag == 0)
ret_principal_xdr(context, sp, &ent->mod_name);
ret_principal_xdr(contextp, sp, &ent->mod_name);
CHECK(krb5_ret_uint32(sp, &flag));
ent->mod_date = flag;
CHECK(krb5_ret_uint32(sp, &flag));
@@ -508,13 +508,13 @@ ret_principal_ent(krb5_context context,
count++;
}
INSIST(ent->n_tl_data == count);
INSIST((size_t)ent->n_tl_data == count);
} else {
INSIST(ent->n_tl_data == 0);
}
CHECK(krb5_ret_uint32(sp, &num));
INSIST(num == ent->n_key_data);
INSIST(num == (uint32_t)ent->n_key_data);
ent->key_data = calloc(num, sizeof(ent->key_data[0]));
INSIST(ent->key_data != NULL);
@@ -538,7 +538,7 @@ ret_principal_ent(krb5_context context,
*/
static void
proc_create_principal(kadm5_server_context *context,
proc_create_principal(kadm5_server_context *contextp,
krb5_storage *in,
krb5_storage *out)
{
@@ -551,30 +551,30 @@ proc_create_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2);
CHECK(ret_principal_ent(context->context, in, &ent));
CHECK(ret_principal_ent(contextp->context, in, &ent));
CHECK(krb5_ret_uint32(in, &mask));
CHECK(ret_string_xdr(in, &password));
INSIST(ent.principal);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD, ent.principal);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD, ent.principal);
if (ret)
goto fail;
ret = kadm5_create_principal(context, &ent, mask, password);
ret = kadm5_create_principal(contextp, &ent, mask, password);
fail:
krb5_warn(context->context, ret, "create principal");
krb5_warn(contextp->context, ret, "create principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */
free(password);
kadm5_free_principal_ent(context, &ent);
kadm5_free_principal_ent(contextp, &ent);
}
static void
proc_delete_principal(kadm5_server_context *context,
proc_delete_principal(kadm5_server_context *contextp,
krb5_storage *in,
krb5_storage *out)
{
@@ -584,24 +584,24 @@ proc_delete_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ));
CHECK(ret_principal_xdr(contextp->context, in, &princ));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ);
if (ret)
goto fail;
ret = kadm5_delete_principal(context, princ);
ret = kadm5_delete_principal(contextp, princ);
fail:
krb5_warn(context->context, ret, "delete principal");
krb5_warn(contextp->context, ret, "delete principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
}
static void
proc_get_principal(kadm5_server_context *context,
proc_get_principal(kadm5_server_context *contextp,
krb5_storage *in,
krb5_storage *out)
{
@@ -614,29 +614,29 @@ proc_get_principal(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ));
CHECK(ret_principal_xdr(contextp->context, in, &princ));
CHECK(krb5_ret_uint32(in, &mask));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret)
goto fail;
ret = kadm5_get_principal(context, princ, &ent, mask);
ret = kadm5_get_principal(contextp, princ, &ent, mask);
fail:
krb5_warn(context->context, ret, "get principal principal");
krb5_warn(contextp->context, ret, "get principal principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret)); /* code */
if (ret == 0) {
CHECK(store_principal_ent(context->context, out, &ent));
CHECK(store_principal_ent(contextp->context, out, &ent));
}
krb5_free_principal(context->context, princ);
kadm5_free_principal_ent(context, &ent);
krb5_free_principal(contextp->context, princ);
kadm5_free_principal_ent(contextp, &ent);
}
static void
proc_chrand_principal_v2(kadm5_server_context *context,
proc_chrand_principal_v2(kadm5_server_context *contextp,
krb5_storage *in,
krb5_storage *out)
{
@@ -648,36 +648,36 @@ proc_chrand_principal_v2(kadm5_server_context *context,
CHECK(krb5_ret_uint32(in, &version));
INSIST(version == VERSION2);
CHECK(ret_principal_xdr(context->context, in, &princ));
CHECK(ret_principal_xdr(contextp->context, in, &princ));
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret)
goto fail;
ret = kadm5_randkey_principal(context, princ,
ret = kadm5_randkey_principal(contextp, princ,
&new_keys, &n_keys);
fail:
krb5_warn(context->context, ret, "rand key principal");
krb5_warn(contextp->context, ret, "rand key principal");
CHECK(krb5_store_uint32(out, VERSION2)); /* api version */
CHECK(krb5_store_uint32(out, ret));
if (ret == 0) {
size_t i;
int i;
CHECK(krb5_store_int32(out, n_keys));
for(i = 0; i < n_keys; i++){
CHECK(krb5_store_uint32(out, new_keys[i].keytype));
CHECK(store_data_xdr(out, new_keys[i].keyvalue));
krb5_free_keyblock_contents(context->context, &new_keys[i]);
krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
}
free(new_keys);
}
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
}
static void
proc_init(kadm5_server_context *context,
proc_init(kadm5_server_context *contextp,
krb5_storage *in,
krb5_storage *out)
{
@@ -687,7 +687,7 @@ proc_init(kadm5_server_context *context,
}
struct krb5_proc {
char *name;
const char *name;
void (*func)(kadm5_server_context *, krb5_storage *, krb5_storage *);
} procs[] = {
{ "NULL", NULL },
@@ -723,7 +723,7 @@ copyheader(krb5_storage *sp, krb5_data *data)
off = krb5_storage_seek(sp, 0, SEEK_CUR);
CHECK(krb5_data_alloc(data, off));
INSIST(off == data->length);
INSIST((size_t)off == data->length);
krb5_storage_seek(sp, 0, SEEK_SET);
sret = krb5_storage_read(sp, data->data, data->length);
INSIST(sret == off);
@@ -741,7 +741,7 @@ struct gctx {
};
static int
process_stream(krb5_context context,
process_stream(krb5_context contextp,
unsigned char *buf, size_t ilen,
krb5_storage *sp)
{
@@ -792,7 +792,7 @@ process_stream(krb5_context context,
if (ilen < 4) {
memcpy(tmp, buf, ilen);
slen = krb5_storage_read(sp, tmp + ilen, sizeof(tmp) - ilen);
INSIST(slen == sizeof(tmp) - ilen);
INSIST((size_t)slen == sizeof(tmp) - ilen);
ilen = sizeof(tmp);
buf = tmp;
@@ -809,12 +809,12 @@ process_stream(krb5_context context,
if (ilen) {
if (len < ilen) {
slen = krb5_storage_write(msg, buf, len);
INSIST(slen == len);
INSIST((size_t)slen == len);
ilen -= len;
len = 0;
} else {
slen = krb5_storage_write(msg, buf, ilen);
INSIST(slen == ilen);
INSIST((size_t)slen == ilen);
len -= ilen;
}
}
@@ -824,14 +824,14 @@ process_stream(krb5_context context,
if (!last_fragment) {
ret = collect_framents(sp, msg);
if (ret == HEIM_ERR_EOF)
krb5_errx(context, 0, "client disconnected");
krb5_errx(contextp, 0, "client disconnected");
INSIST(ret == 0);
}
} else {
ret = collect_framents(sp, msg);
if (ret == HEIM_ERR_EOF)
krb5_errx(context, 0, "client disconnected");
krb5_errx(contextp, 0, "client disconnected");
INSIST(ret == 0);
}
krb5_storage_seek(msg, 0, SEEK_SET);
@@ -873,7 +873,7 @@ process_stream(krb5_context context,
krb5_data data;
int conf_state;
uint32_t seq;
krb5_storage *sp;
krb5_storage *sp1;
INSIST(gcred.service == rpg_privacy);
@@ -892,10 +892,10 @@ process_stream(krb5_context context,
INSIST(maj_stat == GSS_S_COMPLETE);
INSIST(conf_state != 0);
sp = krb5_storage_from_mem(gout.value, gout.length);
INSIST(sp != NULL);
sp1 = krb5_storage_from_mem(gout.value, gout.length);
INSIST(sp1 != NULL);
CHECK(krb5_ret_uint32(sp, &seq));
CHECK(krb5_ret_uint32(sp1, &seq));
INSIST (seq == gcred.seq_num);
/*
@@ -905,19 +905,19 @@ process_stream(krb5_context context,
gctx.seq_num = seq;
/*
* If context is setup, priv data have the seq_num stored
* If contextp is setup, priv data have the seq_num stored
* first in the block, so add it here before users data is
* added.
*/
CHECK(krb5_store_uint32(dreply, gctx.seq_num));
if (chdr.proc >= sizeof(procs)/sizeof(procs[0])) {
krb5_warnx(context, "proc number out of array");
krb5_warnx(contextp, "proc number out of array");
} else if (procs[chdr.proc].func == NULL) {
krb5_warnx(context, "proc '%s' never implemented",
krb5_warnx(contextp, "proc '%s' never implemented",
procs[chdr.proc].name);
} else {
krb5_warnx(context, "proc %s", procs[chdr.proc].name);
krb5_warnx(contextp, "proc %s", procs[chdr.proc].name);
INSIST(server_handle != NULL);
(*procs[chdr.proc].func)(server_handle, sp, dreply);
}
@@ -957,29 +957,29 @@ process_stream(krb5_context context,
NULL,
NULL);
if (GSS_ERROR(maj_stat)) {
gss_print_errors(context, maj_stat, min_stat);
krb5_errx(context, 1, "gss error, exit");
gss_print_errors(contextp, maj_stat, min_stat);
krb5_errx(contextp, 1, "gss error, exit");
}
if ((maj_stat & GSS_S_CONTINUE_NEEDED) == 0) {
kadm5_config_params realm_params;
gss_buffer_desc buf;
gss_buffer_desc bufp;
char *client;
gctx.done = 1;
memset(&realm_params, 0, sizeof(realm_params));
maj_stat = gss_export_name(&min_stat, src_name, &buf);
maj_stat = gss_export_name(&min_stat, src_name, &bufp);
INSIST(maj_stat == GSS_S_COMPLETE);
CHECK(parse_name(buf.value, buf.length,
CHECK(parse_name(bufp.value, bufp.length,
GSS_KRB5_MECHANISM, &client));
gss_release_buffer(&min_stat, &buf);
gss_release_buffer(&min_stat, &bufp);
krb5_warnx(context, "%s connected", client);
krb5_warnx(contextp, "%s connected", client);
ret = kadm5_s_init_with_password_ctx(context,
ret = kadm5_s_init_with_password_ctx(contextp,
client,
NULL,
KADM5_ADMIN_SERVICE,
@@ -1002,9 +1002,9 @@ process_stream(krb5_context context,
break;
}
case RPG_DESTROY:
krb5_errx(context, 1, "client destroyed gss context");
krb5_errx(contextp, 1, "client destroyed gss contextp");
default:
krb5_errx(context, 1, "client sent unknown gsscode %d",
krb5_errx(contextp, 1, "client sent unknown gsscode %d",
(int)gcred.proc);
}
@@ -1026,7 +1026,7 @@ process_stream(krb5_context context,
CHECK(krb5_store_uint32(reply, 0)); /* SUCCESS */
CHECK(krb5_storage_to_data(dreply, &data));
INSIST(krb5_storage_write(reply, data.data, data.length) == data.length);
INSIST((size_t)krb5_storage_write(reply, data.data, data.length) == data.length);
krb5_data_free(&data);
} else {
@@ -1054,7 +1054,7 @@ process_stream(krb5_context context,
ssize_t sret;
gctx.inprogress = 0;
sret = krb5_storage_write(reply, data.data, data.length);
INSIST(sret == data.length);
INSIST((size_t)sret == data.length);
krb5_data_free(&data);
} else {
int conf_state;
@@ -1082,7 +1082,7 @@ process_stream(krb5_context context,
CHECK(krb5_storage_to_data(reply, &data));
CHECK(krb5_store_uint32(sp, data.length | LAST_FRAGMENT));
sret = krb5_storage_write(sp, data.data, data.length);
INSIST(sret == data.length);
INSIST((size_t)sret == data.length);
krb5_data_free(&data);
}
@@ -1091,16 +1091,16 @@ process_stream(krb5_context context,
int
handle_mit(krb5_context context, void *buf, size_t len, krb5_socket_t sock)
handle_mit(krb5_context contextp, void *buf, size_t len, krb5_socket_t sock)
{
krb5_storage *sp;
dcontext = context;
dcontext = contextp;
sp = krb5_storage_from_fd(sock);
INSIST(sp != NULL);
process_stream(context, buf, len, sp);
process_stream(contextp, buf, len, sp);
return 0;
}

235
kadmin/server.c
View File

@@ -35,14 +35,14 @@
#include <krb5-private.h>
static kadm5_ret_t
kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
krb5_data *in, krb5_data *out)
{
kadm5_ret_t ret;
int32_t cmd, mask, tmp;
kadm5_server_context *context = kadm_handle;
kadm5_server_context *contextp = kadm_handlep;
char client[128], name[128], name2[128];
char *op = "";
const char *op = "";
krb5_principal princ, princ2;
kadm5_principal_ent_rec ent;
char *password, *expression;
@@ -52,12 +52,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
int n_princs;
krb5_storage *sp;
krb5_unparse_name_fixed(context->context, context->caller,
krb5_unparse_name_fixed(contextp->context, contextp->caller,
client, sizeof(client));
sp = krb5_storage_from_data(in);
if (sp == NULL)
krb5_errx(context->context, 1, "out of memory");
krb5_errx(contextp->context, 1, "out of memory");
krb5_ret_int32(sp, &cmd);
switch(cmd){
@@ -68,26 +68,26 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_int32(sp, &mask);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
mask |= KADM5_PRINCIPAL;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_GET, princ);
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_GET, princ);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
ret = kadm5_get_principal(kadm_handle, princ, &ent, mask);
ret = kadm5_get_principal(kadm_handlep, princ, &ent, mask);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
if(ret == 0){
kadm5_store_principal_ent(sp, &ent);
kadm5_free_principal_ent(kadm_handle, &ent);
kadm5_free_principal_ent(kadm_handlep, &ent);
}
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
break;
}
case kadm_delete:{
@@ -95,15 +95,15 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
ret = krb5_ret_principal(sp, &princ);
if(ret)
goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_DELETE, princ);
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_DELETE, princ);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
ret = kadm5_delete_principal(kadm_handle, princ);
krb5_free_principal(context->context, princ);
ret = kadm5_delete_principal(kadm_handlep, princ);
krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -116,28 +116,28 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_int32(sp, &mask);
if(ret){
kadm5_free_principal_ent(context->context, &ent);
kadm5_free_principal_ent(contextp->context, &ent);
goto fail;
}
ret = krb5_ret_string(sp, &password);
if(ret){
kadm5_free_principal_ent(context->context, &ent);
kadm5_free_principal_ent(contextp->context, &ent);
goto fail;
}
krb5_unparse_name_fixed(context->context, ent.principal,
krb5_unparse_name_fixed(contextp->context, ent.principal,
name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_ADD,
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_ADD,
ent.principal);
if(ret){
kadm5_free_principal_ent(context->context, &ent);
kadm5_free_principal_ent(contextp->context, &ent);
memset(password, 0, strlen(password));
free(password);
goto fail;
}
ret = kadm5_create_principal(kadm_handle, &ent,
ret = kadm5_create_principal(kadm_handlep, &ent,
mask, password);
kadm5_free_principal_ent(kadm_handle, &ent);
kadm5_free_principal_ent(kadm_handlep, &ent);
memset(password, 0, strlen(password));
free(password);
krb5_storage_free(sp);
@@ -152,20 +152,20 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_int32(sp, &mask);
if(ret){
kadm5_free_principal_ent(context, &ent);
kadm5_free_principal_ent(contextp, &ent);
goto fail;
}
krb5_unparse_name_fixed(context->context, ent.principal,
krb5_unparse_name_fixed(contextp->context, ent.principal,
name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_MODIFY,
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_MODIFY,
ent.principal);
if(ret){
kadm5_free_principal_ent(context, &ent);
kadm5_free_principal_ent(contextp, &ent);
goto fail;
}
ret = kadm5_modify_principal(kadm_handle, &ent, mask);
kadm5_free_principal_ent(kadm_handle, &ent);
ret = kadm5_modify_principal(kadm_handlep, &ent, mask);
kadm5_free_principal_ent(kadm_handlep, &ent);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -178,27 +178,27 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_principal(sp, &princ2);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_unparse_name_fixed(context->context, princ2, name2, sizeof(name2));
krb5_warnx(context->context, "%s: %s %s -> %s",
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_unparse_name_fixed(contextp->context, princ2, name2, sizeof(name2));
krb5_warnx(contextp->context, "%s: %s %s -> %s",
client, op, name, name2);
ret = _kadm5_acl_check_permission(context,
ret = _kadm5_acl_check_permission(contextp,
KADM5_PRIV_ADD,
princ2)
|| _kadm5_acl_check_permission(context,
|| _kadm5_acl_check_permission(contextp,
KADM5_PRIV_DELETE,
princ);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(context->context, princ2);
krb5_free_principal(contextp->context, princ);
krb5_free_principal(contextp->context, princ2);
goto fail;
}
ret = kadm5_rename_principal(kadm_handle, princ, princ2);
krb5_free_principal(context->context, princ);
krb5_free_principal(context->context, princ2);
ret = kadm5_rename_principal(kadm_handlep, princ, princ2);
krb5_free_principal(contextp->context, princ);
krb5_free_principal(contextp->context, princ2);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -211,11 +211,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_string(sp, &password);
if(ret){
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/*
* The change is allowed if at least one of:
@@ -227,7 +227,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
*/
if (initial
&& krb5_principal_compare (context->context, context->caller,
&& krb5_principal_compare (contextp->context, contextp->caller,
princ))
{
krb5_data pwd_data;
@@ -236,23 +236,23 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
pwd_data.data = password;
pwd_data.length = strlen(password);
pwd_reason = kadm5_check_password_quality (context->context,
pwd_reason = kadm5_check_password_quality (contextp->context,
princ, &pwd_data);
if (pwd_reason != NULL)
ret = KADM5_PASS_Q_DICT;
else
ret = 0;
} else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) {
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password));
free(password);
goto fail;
}
ret = kadm5_chpass_principal(kadm_handle, princ, password);
krb5_free_principal(context->context, princ);
ret = kadm5_chpass_principal(kadm_handlep, princ, password);
krb5_free_principal(contextp->context, princ);
memset(password, 0, strlen(password));
free(password);
krb5_storage_free(sp);
@@ -271,21 +271,21 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
ret = krb5_ret_int32(sp, &n_key_data);
if (ret) {
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
/* n_key_data will be squeezed into an int16_t below. */
if (n_key_data < 0 || n_key_data >= 1 << 16 ||
n_key_data > UINT_MAX/sizeof(*key_data)) {
(size_t)n_key_data > UINT_MAX/sizeof(*key_data)) {
ret = ERANGE;
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
key_data = malloc (n_key_data * sizeof(*key_data));
if (key_data == NULL && n_key_data != 0) {
ret = ENOMEM;
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
@@ -294,38 +294,38 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
if (ret) {
int16_t dummy = i;
kadm5_free_key_data (context, &dummy, key_data);
kadm5_free_key_data (contextp, &dummy, key_data);
free (key_data);
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
}
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/*
* The change is only allowed if the user is on the CPW ACL,
* this it to force password quality check on the user.
*/
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) {
int16_t dummy = n_key_data;
kadm5_free_key_data (context, &dummy, key_data);
kadm5_free_key_data (contextp, &dummy, key_data);
free (key_data);
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
ret = kadm5_chpass_principal_with_key(kadm_handle, princ,
ret = kadm5_chpass_principal_with_key(kadm_handlep, princ,
n_key_data, key_data);
{
int16_t dummy = n_key_data;
kadm5_free_key_data (context, &dummy, key_data);
kadm5_free_key_data (contextp, &dummy, key_data);
}
free (key_data);
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -336,8 +336,8 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
ret = krb5_ret_principal(sp, &princ);
if(ret)
goto fail;
krb5_unparse_name_fixed(context->context, princ, name, sizeof(name));
krb5_warnx(context->context, "%s: %s %s", client, op, name);
krb5_unparse_name_fixed(contextp->context, princ, name, sizeof(name));
krb5_warnx(contextp->context, "%s: %s %s", client, op, name);
/*
* The change is allowed if at least one of:
* a) it's for the principal him/herself and this was an initial ticket
@@ -345,19 +345,19 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
*/
if (initial
&& krb5_principal_compare (context->context, context->caller,
&& krb5_principal_compare (contextp->context, contextp->caller,
princ))
ret = 0;
else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_CPW, princ);
if(ret) {
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
goto fail;
}
ret = kadm5_randkey_principal(kadm_handle, princ,
ret = kadm5_randkey_principal(kadm_handlep, princ,
&new_keys, &n_keys);
krb5_free_principal(context->context, princ);
krb5_free_principal(contextp->context, princ);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -366,7 +366,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_store_int32(sp, n_keys);
for(i = 0; i < n_keys; i++){
krb5_store_keyblock(sp, new_keys[i]);
krb5_free_keyblock_contents(context->context, &new_keys[i]);
krb5_free_keyblock_contents(contextp->context, &new_keys[i]);
}
free(new_keys);
}
@@ -374,7 +374,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
}
case kadm_get_privs:{
uint32_t privs;
ret = kadm5_get_privs(kadm_handle, &privs);
ret = kadm5_get_privs(kadm_handlep, &privs);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, ret);
@@ -393,14 +393,14 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
goto fail;
}else
expression = NULL;
krb5_warnx(context->context, "%s: %s %s", client, op,
krb5_warnx(contextp->context, "%s: %s %s", client, op,
expression ? expression : "*");
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_LIST, NULL);
ret = _kadm5_acl_check_permission(contextp, KADM5_PRIV_LIST, NULL);
if(ret){
free(expression);
goto fail;
}
ret = kadm5_get_principals(kadm_handle, expression, &princs, &n_princs);
ret = kadm5_get_principals(kadm_handlep, expression, &princs, &n_princs);
free(expression);
krb5_storage_free(sp);
sp = krb5_storage_emem();
@@ -410,12 +410,12 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_store_int32(sp, n_princs);
for(i = 0; i < n_princs; i++)
krb5_store_string(sp, princs[i]);
kadm5_free_name_list(kadm_handle, princs, &n_princs);
kadm5_free_name_list(kadm_handlep, princs, &n_princs);
}
break;
}
default:
krb5_warnx(context->context, "%s: UNKNOWN OP %d", client, cmd);
krb5_warnx(contextp->context, "%s: UNKNOWN OP %d", client, cmd);
krb5_storage_free(sp);
sp = krb5_storage_emem();
krb5_store_int32(sp, KADM5_FAILURE);
@@ -425,7 +425,7 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_storage_free(sp);
return 0;
fail:
krb5_warn(context->context, ret, "%s", op);
krb5_warn(contextp->context, ret, "%s", op);
krb5_storage_seek(sp, 0, SEEK_SET);
krb5_store_int32(sp, ret);
krb5_storage_to_data(sp, out);
@@ -434,10 +434,10 @@ fail:
}
static void
v5_loop (krb5_context context,
v5_loop (krb5_context contextp,
krb5_auth_context ac,
krb5_boolean initial,
void *kadm_handle,
void *kadm_handlep,
krb5_socket_t fd)
{
krb5_error_code ret;
@@ -447,17 +447,17 @@ v5_loop (krb5_context context,
doing_useful_work = 0;
if(term_flag)
exit(0);
ret = krb5_read_priv_message(context, ac, &fd, &in);
ret = krb5_read_priv_message(contextp, ac, &fd, &in);
if(ret == HEIM_ERR_EOF)
exit(0);
if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message");
krb5_err(contextp, 1, ret, "krb5_read_priv_message");
doing_useful_work = 1;
kadmind_dispatch(kadm_handle, initial, &in, &out);
kadmind_dispatch(kadm_handlep, initial, &in, &out);
krb5_data_free(&in);
ret = krb5_write_priv_message(context, ac, &fd, &out);
ret = krb5_write_priv_message(contextp, ac, &fd, &out);
if(ret)
krb5_err(context, 1, ret, "krb5_write_priv_message");
krb5_err(contextp, 1, ret, "krb5_write_priv_message");
}
}
@@ -467,12 +467,13 @@ match_appl_version(const void *data, const char *appl_version)
unsigned minor;
if(sscanf(appl_version, "KADM0.%u", &minor) != 1)
return 0;
*(unsigned*)data = minor;
/*XXX*/
*(unsigned*)(intptr_t)data = minor;
return 1;
}
static void
handle_v5(krb5_context context,
handle_v5(krb5_context contextp,
krb5_keytab keytab,
krb5_socket_t fd)
{
@@ -480,29 +481,29 @@ handle_v5(krb5_context context,
krb5_ticket *ticket;
char *server_name;
char *client;
void *kadm_handle;
void *kadm_handlep;
krb5_boolean initial;
krb5_auth_context ac = NULL;
unsigned kadm_version;
kadm5_config_params realm_params;
ret = krb5_recvauth_match_version(context, &ac, &fd,
ret = krb5_recvauth_match_version(contextp, &ac, &fd,
match_appl_version, &kadm_version,
NULL, KRB5_RECVAUTH_IGNORE_VERSION,
keytab, &ticket);
if(ret == KRB5_KT_NOTFOUND)
krb5_errx(context, 1, "krb5_recvauth: key not found");
krb5_errx(contextp, 1, "krb5_recvauth: key not found");
if(ret)
krb5_err(context, 1, ret, "krb5_recvauth");
krb5_err(contextp, 1, ret, "krb5_recvauth");
ret = krb5_unparse_name (context, ticket->server, &server_name);
ret = krb5_unparse_name (contextp, ticket->server, &server_name);
if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name");
krb5_err (contextp, 1, ret, "krb5_unparse_name");
if (strncmp (server_name, KADM5_ADMIN_SERVICE,
strlen(KADM5_ADMIN_SERVICE)) != 0)
krb5_errx (context, 1, "ticket for strange principal (%s)",
krb5_errx (contextp, 1, "ticket for strange principal (%s)",
server_name);
free (server_name);
@@ -511,31 +512,31 @@ handle_v5(krb5_context context,
if(kadm_version == 1) {
krb5_data params;
ret = krb5_read_priv_message(context, ac, &fd, &params);
ret = krb5_read_priv_message(contextp, ac, &fd, &params);
if(ret)
krb5_err(context, 1, ret, "krb5_read_priv_message");
_kadm5_unmarshal_params(context, &params, &realm_params);
krb5_err(contextp, 1, ret, "krb5_read_priv_message");
_kadm5_unmarshal_params(contextp, &params, &realm_params);
}
initial = ticket->ticket.flags.initial;
ret = krb5_unparse_name(context, ticket->client, &client);
ret = krb5_unparse_name(contextp, ticket->client, &client);
if (ret)
krb5_err (context, 1, ret, "krb5_unparse_name");
krb5_free_ticket (context, ticket);
ret = kadm5_s_init_with_password_ctx(context,
krb5_err (contextp, 1, ret, "krb5_unparse_name");
krb5_free_ticket (contextp, ticket);
ret = kadm5_s_init_with_password_ctx(contextp,
client,
NULL,
KADM5_ADMIN_SERVICE,
&realm_params,
0, 0,
&kadm_handle);
&kadm_handlep);
if(ret)
krb5_err (context, 1, ret, "kadm5_init_with_password_ctx");
v5_loop (context, ac, initial, kadm_handle, fd);
krb5_err (contextp, 1, ret, "kadm5_init_with_password_ctx");
v5_loop (contextp, ac, initial, kadm_handlep, fd);
}
krb5_error_code
kadmind_loop(krb5_context context,
kadmind_loop(krb5_context contextp,
krb5_keytab keytab,
krb5_socket_t sock)
{
@@ -543,30 +544,30 @@ kadmind_loop(krb5_context context,
ssize_t n;
unsigned long len;
n = krb5_net_read(context, &sock, buf, 4);
n = krb5_net_read(contextp, &sock, buf, 4);
if(n == 0)
exit(0);
if(n < 0)
krb5_err(context, 1, errno, "read");
krb5_err(contextp, 1, errno, "read");
_krb5_get_int(buf, &len, 4);
if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
n = krb5_net_read(context, &sock, buf + 4, len);
n = krb5_net_read(contextp, &sock, buf + 4, len);
if (n < 0)
krb5_err (context, 1, errno, "reading sendauth version");
krb5_err (contextp, 1, errno, "reading sendauth version");
if (n == 0)
krb5_errx (context, 1, "EOF reading sendauth version");
krb5_errx (contextp, 1, "EOF reading sendauth version");
if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
handle_v5(context, keytab, sock);
handle_v5(contextp, keytab, sock);
return 0;
}
len += 4;
} else
len = 4;
handle_mit(context, buf, len, sock);
handle_mit(contextp, buf, len, sock);
return 0;
}

31
kdc/config.c
View File

@@ -74,30 +74,31 @@ static struct getargs args[] = {
},
{
"require-preauth", 'p', arg_negative_flag, &require_preauth,
"don't require pa-data in as-reqs"
"don't require pa-data in as-reqs", NULL
},
{
"max-request", 0, arg_string, &max_request_str,
"max size for a kdc-request", "size"
},
{ "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support" },
{ "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support",
NULL },
{ "524", 0, arg_negative_flag, &enable_524,
"don't respond to 524 requests"
"don't respond to 524 requests", NULL
},
{
"kaserver", 'K', arg_flag, &enable_kaserver,
"enable kaserver support"
"enable kaserver support", NULL
},
{ "kerberos4", 0, arg_flag, &enable_v4,
"respond to kerberos 4 requests"
"respond to kerberos 4 requests", NULL
},
{
"v4-realm", 'r', arg_string, &v4_realm,
"realm to serve v4-requests for"
"realm to serve v4-requests for", NULL
},
{ "kerberos4-cross-realm", 0, arg_flag,
&enable_v4_cross_realm,
"respond to kerberos 4 requests from foreign realms"
"respond to kerberos 4 requests from foreign realms", NULL
},
{ "ports", 'P', arg_string, rk_UNCONST(&port_str),
"ports to listen to", "portspec"
@@ -106,29 +107,29 @@ static struct getargs args[] = {
#if DETACH_IS_DEFAULT
{
"detach", 'D', arg_negative_flag, &detach_from_console,
"don't detach from console"
"don't detach from console", NULL
},
#else
{
"detach", 0 , arg_flag, &detach_from_console,
"detach from console"
"detach from console", NULL
},
#endif
#endif
{ "addresses", 0, arg_strings, &addresses_str,
"addresses to listen on", "list of addresses" },
{ "disable-des", 0, arg_flag, &disable_des,
"disable DES" },
"disable DES", NULL },
{ "builtin-hdb", 0, arg_flag, &builtin_hdb_flag,
"list builtin hdb backends"},
"list builtin hdb backends", NULL},
{ "runas-user", 0, arg_string, &runas_string,
"run as this user when connected to network"
"run as this user when connected to network", NULL
},
{ "chroot", 0, arg_string, &chroot_string,
"chroot directory to run in"
"chroot directory to run in", NULL
},
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);

16
kdc/connect.c
View File

@@ -60,7 +60,7 @@ struct port_desc{
/* the current ones */
static struct port_desc *ports;
static int num_ports;
static size_t num_ports;
/*
* add `family, port, protocol' to the list with duplicate suppresion.
@@ -71,7 +71,7 @@ add_port(krb5_context context,
int family, int port, const char *protocol)
{
int type;
int i;
size_t i;
if(strcmp(protocol, "udp") == 0)
type = SOCK_DGRAM;
@@ -324,7 +324,7 @@ init_sockets(krb5_context context,
struct descr **desc)
{
krb5_error_code ret;
int i, j;
size_t i, j;
struct descr *d;
int num = 0;
krb5_addresses addresses;
@@ -478,7 +478,7 @@ handle_udp(krb5_context context,
struct descr *d)
{
unsigned char *buf;
int n;
ssize_t n;
buf = malloc(max_request_udp);
if(buf == NULL){
@@ -493,7 +493,7 @@ handle_udp(krb5_context context,
else {
addr_to_string (context, d->sa, d->sock_len,
d->addr_string, sizeof(d->addr_string));
if (n == max_request_udp) {
if ((size_t)n == max_request_udp) {
krb5_data data;
krb5_warn(context, errno,
"recvfrom: truncated packet from %s, asking for TCP",
@@ -754,7 +754,7 @@ handle_http_tcp (krb5_context context,
return -1;
}
}
if (len > d->len)
if ((size_t)len > d->len)
len = d->len;
memcpy(d->buf, data, len);
d->len = len;
@@ -864,7 +864,7 @@ loop(krb5_context context,
fd_set fds;
int min_free = -1;
int max_fd = 0;
int i;
size_t i;
FD_ZERO(&fds);
for(i = 0; i < ndescr; i++) {
@@ -886,7 +886,7 @@ loop(krb5_context context,
#endif
#endif
FD_SET(d[i].s, &fds);
} else if(min_free < 0 || i < min_free)
} else if(min_free < 0 || i < (size_t)min_free)
min_free = i;
}
if(min_free == -1){

18
kdc/digest-service.c
View File

@@ -63,7 +63,7 @@ ntlm_service(void *ctx, const heim_idata *req,
NTLMReply ntp;
size_t size;
int ret;
char *domain;
const char *domain;
kdc_log(context, config, 1, "digest-request: uid=%d",
(int)heim_ipc_cred_get_uid(cred));
@@ -184,13 +184,13 @@ ntlm_service(void *ctx, const heim_idata *req,
free(answer.data);
{
EVP_MD_CTX *ctx;
EVP_MD_CTX *ctxp;
ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
EVP_DigestUpdate(ctx, key->key.keyvalue.data, key->key.keyvalue.length);
EVP_DigestFinal_ex(ctx, sessionkey, NULL);
EVP_MD_CTX_destroy(ctx);
ctxp = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
EVP_DigestUpdate(ctxp, key->key.keyvalue.data, key->key.keyvalue.length);
EVP_DigestFinal_ex(ctxp, sessionkey, NULL);
EVP_MD_CTX_destroy(ctxp);
}
}
@@ -218,8 +218,8 @@ static int help_flag;
static int version_flag;
static struct getargs args[] = {
{ "help", 'h', arg_flag, &help_flag },
{ "version", 'v', arg_flag, &version_flag }
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 'v', arg_flag, &version_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);

80
kdc/digest.c
View File

@@ -257,7 +257,7 @@ _kdc_do_digest(krb5_context context,
/* check the server principal in the ticket matches digest/R@R */
{
krb5_principal principal = NULL;
const char *p, *r;
const char *p, *rr;
ret = krb5_ticket_get_server(context, ticket, &principal);
if (ret)
@@ -280,12 +280,12 @@ _kdc_do_digest(krb5_context context,
krb5_free_principal(context, principal);
goto out;
}
r = krb5_principal_get_realm(context, principal);
if (r == NULL) {
rr = krb5_principal_get_realm(context, principal);
if (rr == NULL) {
krb5_free_principal(context, principal);
goto out;
}
if (strcmp(p, r) != 0) {
if (strcmp(p, rr) != 0) {
krb5_free_principal(context, principal);
goto out;
}
@@ -616,7 +616,7 @@ _kdc_do_digest(krb5_context context,
EVP_MD_CTX *ctx;
unsigned char md[MD5_DIGEST_LENGTH];
char *mdx;
char id;
char idx;
if ((config->digests_allowed & CHAP_MD5) == 0) {
kdc_log(context, config, 0, "Digest CHAP MD5 not allowed");
@@ -630,7 +630,7 @@ _kdc_do_digest(krb5_context context,
goto out;
}
if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
if (hex_decode(*ireq.u.digestRequest.identifier, &idx, 1) != 1) {
ret = EINVAL;
krb5_set_error_message(context, ret, "failed to decode identifier");
goto out;
@@ -645,7 +645,7 @@ _kdc_do_digest(krb5_context context,
ctx = EVP_MD_CTX_create();
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
EVP_DigestUpdate(ctx, &id, 1);
EVP_DigestUpdate(ctx, &idx, 1);
EVP_DigestUpdate(ctx, password, strlen(password));
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
EVP_DigestFinal_ex(ctx, md, NULL);
@@ -804,7 +804,7 @@ _kdc_do_digest(krb5_context context,
const char *username;
struct ntlm_buf answer;
Key *key = NULL;
EVP_MD_CTX *ctx;
EVP_MD_CTX *ctp;
if ((config->digests_allowed & MS_CHAP_V2) == 0) {
kdc_log(context, config, 0, "MS-CHAP-V2 not allowed");
@@ -831,10 +831,10 @@ _kdc_do_digest(krb5_context context,
else
username++;
ctx = EVP_MD_CTX_create();
ctp = EVP_MD_CTX_create();
/* ChallangeHash */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
EVP_DigestInit_ex(ctp, EVP_sha1(), NULL);
{
ssize_t ssize;
krb5_data clientNonce;
@@ -845,7 +845,7 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM;
krb5_set_error_message(context, ret,
"malloc: out of memory");
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctp);
goto out;
}
@@ -855,18 +855,18 @@ _kdc_do_digest(krb5_context context,
ret = ENOMEM;
krb5_set_error_message(context, ret,
"Failed to decode clientNonce");
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctp);
goto out;
}
EVP_DigestUpdate(ctx, clientNonce.data, ssize);
EVP_DigestUpdate(ctp, clientNonce.data, ssize);
free(clientNonce.data);
}
EVP_DigestUpdate(ctx, serverNonce.data, serverNonce.length);
EVP_DigestUpdate(ctx, username, strlen(username));
EVP_DigestUpdate(ctp, serverNonce.data, serverNonce.length);
EVP_DigestUpdate(ctp, username, strlen(username));
EVP_DigestFinal_ex(ctx, challange, NULL);
EVP_DigestFinal_ex(ctp, challange, NULL);
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctp);
/* NtPasswordHash */
ret = krb5_parse_name(context, username, &clientprincipal);
@@ -923,39 +923,39 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.success) {
unsigned char hashhash[MD4_DIGEST_LENGTH];
EVP_MD_CTX *ctx;
EVP_MD_CTX *ctxp;
ctx = EVP_MD_CTX_create();
ctxp = EVP_MD_CTX_create();
/* hashhash */
{
EVP_DigestInit_ex(ctx, EVP_md4(), NULL);
EVP_DigestUpdate(ctx,
EVP_DigestInit_ex(ctxp, EVP_md4(), NULL);
EVP_DigestUpdate(ctxp,
key->key.keyvalue.data,
key->key.keyvalue.length);
EVP_DigestFinal_ex(ctx, hashhash, NULL);
EVP_DigestFinal_ex(ctxp, hashhash, NULL);
}
/* GenerateAuthenticatorResponse */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, hashhash, sizeof(hashhash));
EVP_DigestUpdate(ctx, answer.data, answer.length);
EVP_DigestUpdate(ctx, ms_chap_v2_magic1,
EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctxp, hashhash, sizeof(hashhash));
EVP_DigestUpdate(ctxp, answer.data, answer.length);
EVP_DigestUpdate(ctxp, ms_chap_v2_magic1,
sizeof(ms_chap_v2_magic1));
EVP_DigestFinal_ex(ctx, md, NULL);
EVP_DigestFinal_ex(ctxp, md, NULL);
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, md, sizeof(md));
EVP_DigestUpdate(ctx, challange, 8);
EVP_DigestUpdate(ctx, ms_chap_v2_magic2,
EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctxp, md, sizeof(md));
EVP_DigestUpdate(ctxp, challange, 8);
EVP_DigestUpdate(ctxp, ms_chap_v2_magic2,
sizeof(ms_chap_v2_magic2));
EVP_DigestFinal_ex(ctx, md, NULL);
EVP_DigestFinal_ex(ctxp, md, NULL);
r.u.response.rsp = calloc(1, sizeof(*r.u.response.rsp));
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM;
goto out;
}
@@ -964,22 +964,22 @@ _kdc_do_digest(krb5_context context,
if (r.u.response.rsp == NULL) {
free(answer.data);
krb5_clear_error_message(context);
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctxp);
ret = ENOMEM;
goto out;
}
/* get_master, rfc 3079 3.4 */
EVP_DigestInit_ex(ctx, EVP_sha1(), NULL);
EVP_DigestUpdate(ctx, hashhash, 16);
EVP_DigestUpdate(ctx, answer.data, answer.length);
EVP_DigestUpdate(ctx, ms_rfc3079_magic1,
EVP_DigestInit_ex(ctxp, EVP_sha1(), NULL);
EVP_DigestUpdate(ctxp, hashhash, 16);
EVP_DigestUpdate(ctxp, answer.data, answer.length);
EVP_DigestUpdate(ctxp, ms_rfc3079_magic1,
sizeof(ms_rfc3079_magic1));
EVP_DigestFinal_ex(ctx, md, NULL);
EVP_DigestFinal_ex(ctxp, md, NULL);
free(answer.data);
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctxp);
r.u.response.session_key =
calloc(1, sizeof(*r.u.response.session_key));

16
kdc/hprop.c
View File

@@ -133,13 +133,13 @@ struct getargs args[] = {
{ "keytab", 'k', arg_string, rk_UNCONST(&ktname),
"keytab to use for authentication", "keytab" },
{ "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use" },
{ "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys" },
{ "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys" },
{ "stdout", 'n', arg_flag, &to_stdout, "dump to stdout" },
{ "verbose", 'v', arg_flag, &verbose_flag },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
{ "v5-realm", 'R', arg_string, &local_realm, "v5 realm to use", NULL },
{ "decrypt", 'D', arg_flag, &decrypt_flag, "decrypt keys", NULL },
{ "encrypt", 'E', arg_flag, &encrypt_flag, "encrypt keys", NULL },
{ "stdout", 'n', arg_flag, &to_stdout, "dump to stdout", NULL },
{ "verbose", 'v', arg_flag, &verbose_flag, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL }
};
static int num_args = sizeof(args) / sizeof(args[0]);
@@ -213,7 +213,7 @@ struct {
static int
parse_source_type(const char *s)
{
int i;
size_t i;
for(i = 0; i < sizeof(types) / sizeof(types[0]); i++) {
if(strstr(types[i].name, s) == types[i].name)
return types[i].type;

13
kdc/hpropd.c
View File

@@ -44,19 +44,20 @@ static char *ktname = NULL;
struct getargs args[] = {
{ "database", 'd', arg_string, rk_UNCONST(&database), "database", "file" },
{ "stdin", 'n', arg_flag, &from_stdin, "read from stdin" },
{ "print", 0, arg_flag, &print_dump, "print dump to stdout" },
{ "stdin", 'n', arg_flag, &from_stdin, "read from stdin", NULL },
{ "print", 0, arg_flag, &print_dump, "print dump to stdout", NULL },
#ifdef SUPPORT_INETD
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" },
"Not started from inetd", NULL },
#endif
{ "keytab", 'k', arg_string, &ktname, "keytab to use for authentication", "keytab" },
{ "realm", 'r', arg_string, &local_realm, "realm to use" },
{ "realm", 'r', arg_string, &local_realm, "realm to use", NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL}
};
static int num_args = sizeof(args) / sizeof(args[0]);
static char unparseable_name[] = "unparseable name";
static void
usage(int ret)
@@ -194,7 +195,7 @@ main(int argc, char **argv)
char *s;
ret = krb5_unparse_name(context, c2, &s);
if (ret)
s = "unparseable name";
s = unparseable_name;
krb5_errx(context, 1, "Unauthorized connection from %s", s);
}
krb5_free_principal(context, c1);
@@ -260,7 +261,7 @@ main(int argc, char **argv)
char *s;
ret = krb5_unparse_name(context, entry.entry.principal, &s);
if (ret)
s = strdup("unparseable name");
s = strdup(unparseable_name);
krb5_warnx(context, "Entry exists: %s", s);
free(s);
} else if(ret)

22
kdc/kerberos5.c
View File

@@ -74,9 +74,9 @@ _kdc_find_padata(const KDC_REQ *req, int *start, int type)
if (req->padata == NULL)
return NULL;
while(*start < req->padata->len){
while((size_t)*start < req->padata->len){
(*start)++;
if(req->padata->val[*start - 1].padata_type == type)
if(req->padata->val[*start - 1].padata_type == (unsigned)type)
return &req->padata->val[*start - 1];
}
return NULL;
@@ -127,7 +127,7 @@ _kdc_find_etype(krb5_context context, const hdb_entry_ex *princ,
krb5_enctype *etypes, unsigned len,
Key **ret_key)
{
int i;
size_t i;
krb5_error_code ret = KRB5KDC_ERR_ETYPE_NOSUPP;
krb5_salt def_salt;
@@ -211,7 +211,7 @@ log_patypes(krb5_context context,
{
struct rk_strpool *p = NULL;
char *str;
int i;
size_t i;
for (i = 0; i < padata->len; i++) {
switch(padata->val[i].padata_type) {
@@ -614,7 +614,7 @@ log_as_req(krb5_context context,
krb5_error_code ret;
struct rk_strpool *p;
char *str;
int i;
size_t i;
p = rk_strpoolprintf(NULL, "%s", "Client supported enctypes: ");
@@ -809,7 +809,7 @@ _kdc_check_addresses(krb5_context context,
krb5_address addr;
krb5_boolean result;
krb5_boolean only_netbios = TRUE;
int i;
size_t i;
if(config->check_ticket_addresses == 0)
return TRUE;
@@ -1035,7 +1035,7 @@ _kdc_as_rep(krb5_context context,
{
const krb5_enctype *p;
krb5_enctype clientbest = ETYPE_NULL;
int i, j;
size_t i, j;
p = krb5_kerberos_enctypes(context);
@@ -1663,7 +1663,7 @@ _kdc_as_rep(krb5_context context,
PA_ClientCanonicalized canon;
krb5_data data;
PA_DATA pa;
krb5_crypto crypto;
krb5_crypto cryptox;
size_t len;
memset(&canon, 0, sizeof(canon));
@@ -1679,18 +1679,18 @@ _kdc_as_rep(krb5_context context,
krb5_abortx(context, "internal asn.1 error");
/* sign using "returned session key" */
ret = krb5_crypto_init(context, &et.key, 0, &crypto);
ret = krb5_crypto_init(context, &et.key, 0, &cryptox);
if (ret) {
free(data.data);
goto out;
}
ret = krb5_create_checksum(context, crypto,
ret = krb5_create_checksum(context, cryptox,
KRB5_KU_CANONICALIZED_NAMES, 0,
data.data, data.length,
&canon.canon_checksum);
free(data.data);
krb5_crypto_destroy(context, crypto);
krb5_crypto_destroy(context, cryptox);
if (ret)
goto out;

15
kdc/krb5tgs.c
View File

@@ -508,7 +508,7 @@ check_constrained_delegation(krb5_context context,
{
const HDB_Ext_Constrained_delegation_acl *acl;
krb5_error_code ret;
int i;
size_t i;
/* if client delegates to itself, that ok */
if (krb5_principal_compare(context, client->entry.principal, server) == TRUE)
@@ -606,7 +606,7 @@ fix_transited_encoding(krb5_context context,
krb5_error_code ret = 0;
char **realms, **tmp;
unsigned int num_realms;
int i;
size_t i;
switch (tr->tr_type) {
case DOMAIN_X500_COMPRESS:
@@ -1131,6 +1131,7 @@ tgs_parse_request(krb5_context context,
krb5_keyblock **replykey,
int *rk_is_subkey)
{
static char failed[] = "<unparse_name failed>";
krb5_ap_req ap_req;
krb5_error_code ret;
krb5_principal princ;
@@ -1174,7 +1175,7 @@ tgs_parse_request(krb5_context context,
char *p;
ret = krb5_unparse_name(context, princ, &p);
if (ret != 0)
p = "<unparse_name failed>";
p = failed;
krb5_free_principal(context, princ);
kdc_log(context, config, 5, "Ticket-granting ticket account %s does not have secrets at this KDC, need to proxy", p);
if (ret == 0)
@@ -1186,7 +1187,7 @@ tgs_parse_request(krb5_context context,
char *p;
ret = krb5_unparse_name(context, princ, &p);
if (ret != 0)
p = "<unparse_name failed>";
p = failed;
krb5_free_principal(context, princ);
kdc_log(context, config, 0,
"Ticket-granting ticket not found in database: %s", msg);
@@ -1198,13 +1199,13 @@ tgs_parse_request(krb5_context context,
}
if(ap_req.ticket.enc_part.kvno &&
*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
(size_t)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
char *p;
ret = krb5_unparse_name (context, princ, &p);
krb5_free_principal(context, princ);
if (ret != 0)
p = "<unparse_name failed>";
p = failed;
kdc_log(context, config, 0,
"Ticket kvno = %d, DB kvno = %d (%s)",
*ap_req.ticket.enc_part.kvno,
@@ -1646,7 +1647,7 @@ server_lookup:
krb5_enctype etype;
if(b->kdc_options.enc_tkt_in_skey) {
int i;
size_t i;
ekey = &adtkt.key;
for(i = 0; i < b->etype.len; i++)
if (b->etype.val[i] == adtkt.key.keytype)

12
kdc/kstash.c
View File

@@ -46,15 +46,17 @@ static int random_key_flag;
static const char *enctype_str = "des3-cbc-sha1";
static struct getargs args[] = {
{ "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type" },
{ "enctype", 'e', arg_string, rk_UNCONST(&enctype_str), "encryption type",
NULL },
{ "key-file", 'k', arg_string, &keyfile, "master key file", "file" },
{ "convert-file", 0, arg_flag, &convert_flag,
"just convert keyfile to new format" },
"just convert keyfile to new format", NULL },
{ "master-key-fd", 0, arg_integer, &master_key_fd,
"filedescriptor to read passphrase from", "fd" },
{ "random-key", 0, arg_flag, &random_key_flag, "generate a random master key" },
{ "help", 'h', arg_flag, &help_flag },
{ "version", 0, arg_flag, &version_flag }
{ "random-key", 0, arg_flag, &random_key_flag,
"generate a random master key", NULL },
{ "help", 'h', arg_flag, &help_flag, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL }
};
int num_args = sizeof(args) / sizeof(args[0]);

10
kdc/log.c
View File

@@ -50,10 +50,12 @@ kdc_openlog(krb5_context context,
krb5_addlog_dest(context, config->logf, *p);
krb5_config_free_strings(s);
}else {
char *s;
asprintf(&s, "0-1/FILE:%s/%s", hdb_db_dir(context), KDC_LOG_FILE);
krb5_addlog_dest(context, config->logf, s);
free(s);
char *ss;
if (asprintf(&ss, "0-1/FILE:%s/%s", hdb_db_dir(context),
KDC_LOG_FILE) < 0)
err(1, NULL);
krb5_addlog_dest(context, config->logf, ss);
free(ss);
}
krb5_set_warn_dest(context, config->logf);
}

4
kdc/mit_dump.c
View File

@@ -77,7 +77,7 @@ unless no extra data
static int
hex_to_octet_string(const char *ptr, krb5_data *data)
{
int i;
size_t i;
unsigned int v;
for(i = 0; i < data->length; i++) {
if(sscanf(ptr + 2 * i, "%02x", &v) != 1)
@@ -165,7 +165,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num)
case KRB5_KDB_SALTTYPE_NOREALM:
{
size_t len;
int i;
size_t i;
char *p;
len = 0;

17
kdc/pkinit.c
View File

@@ -237,7 +237,7 @@ generate_dh_keyblock(krb5_context context,
}
dh_gen_keylen = DH_compute_key(dh_gen_key,client_params->u.dh.public_key, client_params->u.dh.key);
if (dh_gen_keylen == -1) {
if (dh_gen_keylen == (size_t)-1) {
ret = KRB5KRB_ERR_GENERIC;
krb5_set_error_message(context, ret,
"Can't compute Diffie-Hellman key");
@@ -1247,7 +1247,7 @@ _kdc_pk_mk_pa_reply(krb5_context context,
krb5_enctype enctype;
int pa_type;
hx509_cert kdc_cert = NULL;
int i;
size_t i;
if (!config->enable_pkinit) {
krb5_clear_error_message(context);
@@ -1575,7 +1575,8 @@ match_rfc_san(krb5_context context,
krb5_const_principal match)
{
hx509_octet_string_list list;
int ret, i, found = 0;
int ret, found = 0;
size_t i;
memset(&list, 0 , sizeof(list));
@@ -1709,7 +1710,7 @@ _kdc_pk_check_client(krb5_context context,
const HDB_Ext_PKINIT_cert *pc;
krb5_error_code ret;
hx509_name name;
int i;
size_t i;
if (cp->cert == NULL) {
@@ -1737,12 +1738,12 @@ _kdc_pk_check_client(krb5_context context,
ret = hdb_entry_get_pkinit_cert(&client->entry, &pc);
if (ret == 0 && pc) {
hx509_cert cert;
unsigned int i;
size_t j;
for (i = 0; i < pc->len; i++) {
for (j = 0; j < pc->len; j++) {
ret = hx509_cert_init_data(context->hx509ctx,
pc->val[i].cert.data,
pc->val[i].cert.length,
pc->val[j].cert.data,
pc->val[j].cert.length,
&cert);
if (ret)
continue;

16
kdc/string2key.c
View File

@@ -45,15 +45,17 @@ int version;
int help;
struct getargs args[] = {
{ "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key" },
{ "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key" },
{ "afs", 'a', arg_flag, &afs, "Output AFS string-to-key" },
{ "version5", '5', arg_flag, &version5, "Output Kerberos v5 string-to-key",
NULL },
{ "version4", '4', arg_flag, &version4, "Output Kerberos v4 string-to-key",
NULL },
{ "afs", 'a', arg_flag, &afs, "Output AFS string-to-key", NULL },
{ "cell", 'c', arg_string, &cell, "AFS cell to use", "cell" },
{ "password", 'w', arg_string, &password, "Password to use", "password" },
{ "principal",'p', arg_string, &principal, "Kerberos v5 principal to use", "principal" },
{ "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype" },
{ "version", 0, arg_flag, &version, "print version" },
{ "help", 0, arg_flag, &help, NULL }
{ "keytype", 'k', arg_string, rk_UNCONST(&keytype_str), "Keytype", NULL },
{ "version", 0, arg_flag, &version, "print version", NULL },
{ "help", 0, arg_flag, &help, NULL, NULL }
};
int num_args = sizeof(args) / sizeof(args[0]);
@@ -73,7 +75,7 @@ tokey(krb5_context context,
const char *label)
{
krb5_error_code ret;
int i;
size_t i;
krb5_keyblock key;
char *e;

9
kpasswd/kpasswd.c
View File

@@ -40,10 +40,11 @@ static char *admin_principal_str;
static char *cred_cache_str;
static struct getargs args[] = {
{ "admin-principal", 0, arg_string, &admin_principal_str },
{ "cache", 'c', arg_string, &cred_cache_str },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "admin-principal", 0, arg_string, &admin_principal_str, NULL,
NULL },
{ "cache", 'c', arg_string, &cred_cache_str, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void

29
kpasswd/kpasswdd.c
View File

@@ -680,11 +680,11 @@ doit (krb5_keytab keytab, int port)
krb5_errx (context, 1, "No sockets!");
while(exit_flag == 0) {
int ret;
krb5_ssize_t retx;
fd_set fdset = real_fdset;
ret = select (maxfd + 1, &fdset, NULL, NULL, NULL);
if (ret < 0) {
retx = select (maxfd + 1, &fdset, NULL, NULL, NULL);
if (retx < 0) {
if (errno == EINTR)
continue;
else
@@ -695,9 +695,9 @@ doit (krb5_keytab keytab, int port)
u_char buf[BUFSIZ];
socklen_t addrlen = sizeof(__ss);
ret = recvfrom (sockets[i], buf, sizeof(buf), 0,
retx = recvfrom(sockets[i], buf, sizeof(buf), 0,
sa, &addrlen);
if (ret < 0) {
if (retx < 0) {
if(errno == EINTR)
break;
else
@@ -707,7 +707,7 @@ doit (krb5_keytab keytab, int port)
process (realms, keytab, sockets[i],
&addrs.val[i],
sa, addrlen,
buf, ret);
buf, retx);
}
}
@@ -730,7 +730,8 @@ sigterm(int sig)
static const char *check_library = NULL;
static const char *check_function = NULL;
static getarg_strings policy_libraries = { 0, NULL };
static char *keytab_str = "HDB:";
static char sHDB[] = "HDB:";
static char *keytab_str = sHDB;
static char *realm_str;
static int version_flag;
static int help_flag;
@@ -750,11 +751,11 @@ struct getargs args[] = {
"addresses to listen on", "list of addresses" },
{ "keytab", 'k', arg_string, &keytab_str,
"keytab to get authentication key from", "kspec" },
{ "config-file", 'c', arg_string, &config_file },
{ "config-file", 'c', arg_string, &config_file, NULL, NULL },
{ "realm", 'r', arg_string, &realm_str, "default realm", "realm" },
{ "port", 'p', arg_string, &port_str, "port" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "port", 'p', arg_string, &port_str, "port", NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
int num_args = sizeof(args) / sizeof(args[0]);
@@ -836,10 +837,10 @@ main (int argc, char **argv)
explicit_addresses.len = 0;
if (addresses_str.num_strings) {
int i;
int j;
for (i = 0; i < addresses_str.num_strings; ++i)
add_one_address (addresses_str.strings[i], i == 0);
for (j = 0; j < addresses_str.num_strings; ++j)
add_one_address (addresses_str.strings[j], j == 0);
free_getarg_strings (&addresses_str);
} else {
char **foo = krb5_config_get_strings (context, NULL,

2
kuser/copy_cred_cache.c
View File

@@ -60,7 +60,7 @@ parse_ticket_flags(krb5_context context,
memset(&ff, 0, sizeof(ff));
ff.proxy = 1;
if (parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff))
if ((size_t)parse_flags("proxy", asn1_TicketFlags_units(), 0) == TicketFlags2int(ff))
ret_flags->i = flags;
else
ret_flags->i = bitswap32(flags);

4
kuser/kcc.c
View File

@@ -40,8 +40,8 @@ static int version_flag;
static int help_flag;
static struct getargs args[] = {
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void

2
kuser/kdestroy.c
View File

@@ -47,7 +47,7 @@ struct getargs args[] = {
{ "credential", 0, arg_string, rk_UNCONST(&credential),
"remove one credential", "principal" },
{ "cache", 'c', arg_string, rk_UNCONST(&cache), "cache to destroy", "cache" },
{ "all", 'A', arg_flag, &all_flag, "destroy all caches" },
{ "all", 'A', arg_flag, &all_flag, "destroy all caches", NULL },
#ifndef NO_AFS
{ "unlog", 0, arg_negative_flag, &unlog_flag,
"do not destroy tokens", NULL },

3
kuser/kdigest.c
View File

@@ -436,6 +436,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
krb5_data challenge, opaque;
struct ntlm_buf data;
char *s;
static char zero2[] = "\x00\x00";
memset(&type2, 0, sizeof(type2));
@@ -471,7 +472,7 @@ ntlm_server_init(struct ntlm_server_init_options *opt,
krb5_err(context, 1, ret, "krb5_ntlm_init_get_flags");
krb5_ntlm_init_get_targetname(context, ntlm, &type2.targetname);
type2.targetinfo.data = "\x00\x00";
type2.targetinfo.data = zero2;
type2.targetinfo.length = 2;
ret = heim_ntlm_encode_type2(&type2, &data);

12
kuser/kgetcred.c
View File

@@ -53,17 +53,17 @@ struct getargs args[] = {
{ "delegation-credential-cache",0,arg_string, &delegation_cred_str,
NP_("where to find the ticket use for delegation", ""), "cache"},
{ "canonicalize", 0, arg_flag, &canonicalize_flag,
NP_("canonicalize the principal", "") },
NP_("canonicalize the principal", ""), NULL },
{ "forwardable", 0, arg_flag, &forwardable_flag,
NP_("forwardable ticket requested", "")},
{ "transit-check", 0, arg_negative_flag, &transit_flag },
NP_("forwardable ticket requested", ""), NULL},
{ "transit-check", 0, arg_negative_flag, &transit_flag, NULL, NULL },
{ "enctype", 'e', arg_string, &etype_str,
NP_("encryption type to use", ""), "enctype"},
{ "impersonate", 0, arg_string, &impersonate_str,
NP_("client to impersonate", ""), "principal"},
{ "name-type", 0, arg_string, &nametype_str },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "name-type", 0, arg_string, &nametype_str, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void

24
kuser/kimpersonate.c
View File

@@ -44,7 +44,7 @@ static char *ccache_str = NULL;
static char *ticket_flags_str = NULL;
static TicketFlags ticket_flags;
static char *keytab_file = NULL;
static char *enc_type = "des-cbc-md5";
static const char *enc_type = "des-cbc-md5";
static int expiration_time = 3600;
static struct getarg_strings client_addresses;
static int version_flag = 0;
@@ -268,21 +268,21 @@ struct getargs args[] = {
{ "ccache", 0, arg_string, &ccache_str,
"name of kerberos 5 credential cache", "cache-name"},
{ "server", 's', arg_string, &server_principal_str,
"name of server principal" },
"name of server principal", NULL },
{ "client", 'c', arg_string, &client_principal_str,
"name of client principal" },
"name of client principal", NULL },
{ "keytab", 'k', arg_string, &keytab_file,
"name of keytab file" },
"name of keytab file", NULL },
{ "krb5", '5', arg_flag, &use_krb5,
"create a kerberos 5 ticket"},
"create a kerberos 5 ticket", NULL },
{ "expire-time", 'e', arg_integer, &expiration_time,
"lifetime of ticket in seconds" },
"lifetime of ticket in seconds", NULL },
{ "client-addresses", 'a', arg_strings, &client_addresses,
"addresses of client" },
"addresses of client", NULL },
{ "enc-type", 't', arg_string, &enc_type,
"encryption type" },
"encryption type", NULL },
{ "ticket-flags", 'f', arg_string, &ticket_flags_str,
"ticket flags for krb5 ticket" },
"ticket flags for krb5 ticket", NULL },
{ "version", 0, arg_flag, &version_flag, "Print version",
NULL },
{ "help", 0, arg_flag, &help_flag, NULL,
@@ -302,7 +302,7 @@ usage (int ret)
int
main (int argc, char **argv)
{
int optind = 0;
int optidx = 0;
krb5_error_code ret;
krb5_context context;
krb5_keytab kt;
@@ -313,8 +313,7 @@ main (int argc, char **argv)
if (ret)
errx(1, "krb5_init_context failed: %u", ret);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optidx))
usage(1);
if (help_flag)
@@ -331,5 +330,6 @@ main (int argc, char **argv)
create_krb5_tickets(context, kt);
krb5_kt_close(context, kt);
return 0;
}

48
kuser/kinit.c
View File

@@ -96,16 +96,16 @@ static struct getargs args[] = {
* 9:
*/
{ "afslog", 0 , arg_flag, &do_afslog,
NP_("obtain afs tokens", "") },
NP_("obtain afs tokens", ""), NULL },
{ "cache", 'c', arg_string, &cred_cache,
NP_("credentials cache", ""), "cachename" },
{ "forwardable", 0, arg_negative_flag, &forwardable_flag,
NP_("get tickets not forwardable", "")},
NP_("get tickets not forwardable", ""), NULL },
{ NULL, 'f', arg_flag, &forwardable_flag,
NP_("get forwardable tickets", "")},
NP_("get forwardable tickets", ""), NULL },
{ "keytab", 't', arg_string, &keytab_str,
NP_("keytab to use", ""), "keytabname" },
@@ -114,13 +114,13 @@ static struct getargs args[] = {
NP_("lifetime of tickets", ""), "time" },
{ "proxiable", 'p', arg_flag, &proxiable_flag,
NP_("get proxiable tickets", "") },
NP_("get proxiable tickets", ""), NULL },
{ "renew", 'R', arg_flag, &renew_flag,
NP_("renew TGT", "") },
NP_("renew TGT", ""), NULL },
{ "renewable", 0, arg_flag, &renewable_flag,
NP_("get renewable tickets", "") },
NP_("get renewable tickets", ""), NULL },
{ "renewable-life", 'r', arg_string, &renew_life,
NP_("renewable lifetime of tickets", ""), "time" },
@@ -132,40 +132,40 @@ static struct getargs args[] = {
NP_("when ticket gets valid", ""), "time" },
{ "use-keytab", 'k', arg_flag, &use_keytab,
NP_("get key from keytab", "") },
NP_("get key from keytab", ""), NULL },
{ "validate", 'v', arg_flag, &validate_flag,
NP_("validate TGT", "") },
NP_("validate TGT", ""), NULL },
{ "enctypes", 'e', arg_strings, &etype_str,
NP_("encryption types to use", ""), "enctypes" },
{ "fcache-version", 0, arg_integer, &fcache_version,
NP_("file cache version to create", "") },
NP_("file cache version to create", ""), NULL },
{ "addresses", 'A', arg_negative_flag, &addrs_flag,
NP_("request a ticket with no addresses", "") },
NP_("request a ticket with no addresses", ""), NULL },
{ "extra-addresses",'a', arg_strings, &extra_addresses,
NP_("include these extra addresses", ""), "addresses" },
{ "anonymous", 0, arg_flag, &anonymous_flag,
NP_("request an anonymous ticket", "") },
NP_("request an anonymous ticket", ""), NULL },
{ "request-pac", 0, arg_flag, &pac_flag,
NP_("request a Windows PAC", "") },
NP_("request a Windows PAC", ""), NULL },
{ "password-file", 0, arg_string, &password_file,
NP_("read the password from a file", "") },
NP_("read the password from a file", ""), NULL },
{ "canonicalize",0, arg_flag, &canonicalize_flag,
NP_("canonicalize client principal", "") },
NP_("canonicalize client principal", ""), NULL },
{ "enterprise",0, arg_flag, &enterprise_flag,
NP_("parse principal as a KRB5-NT-ENTERPRISE name", "") },
NP_("parse principal as a KRB5-NT-ENTERPRISE name", ""), NULL },
#ifdef PKINIT
{ "pk-enterprise", 0, arg_flag, &pk_enterprise_flag,
NP_("use enterprise name from certificate", "") },
NP_("use enterprise name from certificate", ""), NULL },
{ "pk-user", 'C', arg_string, &pk_user_id,
NP_("principal's public/private/certificate identifier", ""), "id" },
@@ -174,7 +174,7 @@ static struct getargs args[] = {
NP_("directory with CA certificates", ""), "directory" },
{ "pk-use-enckey", 0, arg_flag, &pk_use_enckey,
NP_("Use RSA encrypted reply (instead of DH)", "") },
NP_("Use RSA encrypted reply (instead of DH)", ""), NULL },
#endif
#ifndef NO_NTLM
{ "ntlm-domain", 0, arg_string, &ntlm_domain,
@@ -182,19 +182,19 @@ static struct getargs args[] = {
#endif
{ "change-default", 0, arg_negative_flag, &switch_cache_flags,
NP_("switch the default cache to the new credentials cache", "") },
NP_("switch the default cache to the new credentials cache", ""), NULL },
{ "ok-as-delegate", 0, arg_flag, &ok_as_delegate_flag,
NP_("honor ok-as-delegate on tickets", "") },
NP_("honor ok-as-delegate on tickets", ""), NULL },
{ "use-referrals", 0, arg_flag, &use_referrals_flag,
NP_("only use referrals, no dns canalisation", "") },
NP_("only use referrals, no dns canalisation", ""), NULL },
{ "windows", 0, arg_flag, &windows_flag,
NP_("get windows behavior", "") },
NP_("get windows behavior", ""), NULL },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
static void
@@ -357,7 +357,7 @@ get_new_tickets(krb5_context context,
char passwd[256];
krb5_deltat start_time = 0;
krb5_deltat renew = 0;
char *renewstr = NULL;
const char *renewstr = NULL;
krb5_enctype *enctype = NULL;
krb5_ccache tempccache;
#ifndef NO_NTLM

2
kuser/klist.c
View File

@@ -124,7 +124,7 @@ print_cred(krb5_context context, krb5_creds *cred, rtbl_t ct, int do_flags)
static void
print_cred_verbose(krb5_context context, krb5_creds *cred)
{
int j;
size_t j;
char *str;
krb5_error_code ret;
krb5_timestamp sec;

4
kuser/kswitch.c
View File

@@ -35,11 +35,11 @@
#include "kcc-commands.h"
#ifdef HAVE_READLINE
char *readline(char *prompt);
char *readline(const char *prompt);
#else
static char *
readline(char *prompt)
readline(const char *prompt)
{
char buf[BUFSIZ];
printf ("%s", prompt);

2
lib/asn1/der_format.c
View File

@@ -108,7 +108,7 @@ int
der_print_heim_oid (const heim_oid *oid, char delim, char **str)
{
struct rk_strpool *p = NULL;
int i;
size_t i;
if (oid->length == 0)
return EINVAL;

4
lib/asn1/der_get.c
View File

@@ -141,9 +141,9 @@ der_get_general_string (const unsigned char *p, size_t len,
* an strings in the NEED_PREAUTH case that includes a
* trailing NUL.
*/
while (p1 - p < len && *p1 == '\0')
while ((size_t)(p1 - p) < len && *p1 == '\0')
p1++;
if (p1 - p != len)
if ((size_t)(p1 - p) != len)
return ASN1_BAD_CHARACTER;
}
if (len > len + 1)

2
lib/asn1/der_length.c
View File

@@ -86,7 +86,7 @@ static size_t
len_oid (const heim_oid *oid)
{
size_t ret = 1;
int n;
size_t n;
for (n = 2; n < oid->length; ++n) {
unsigned u = oid->components[n];

28
lib/asn1/gen_decode.c
View File

@@ -209,7 +209,8 @@ range_check(const char *name,
static int
decode_type (const char *name, const Type *t, int optional,
const char *forwstr, const char *tmpstr, const char *dertype)
const char *forwstr, const char *tmpstr, const char *dertype,
size_t depth)
{
switch (t->type) {
case TType: {
@@ -328,7 +329,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc");
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
depth + 1);
free (s);
}
@@ -369,7 +371,7 @@ decode_type (const char *name, const Type *t, int optional,
"%s = calloc(1, sizeof(*%s));\n"
"if (%s == NULL) { e = ENOMEM; %s; }\n",
s, s, s, forwstr);
decode_type (s, m->type, 0, forwstr, m->gen_name, NULL);
decode_type (s, m->type, 0, forwstr, m->gen_name, NULL, depth + 1);
free (s);
fprintf(codefile, "members |= (1 << %d);\n", memno);
@@ -442,7 +444,7 @@ decode_type (const char *name, const Type *t, int optional,
errx(1, "malloc");
if (asprintf (&sname, "%s_s_of", tmpstr) < 0 || sname == NULL)
errx(1, "malloc");
decode_type (n, t->subtype, 0, forwstr, sname, NULL);
decode_type (n, t->subtype, 0, forwstr, sname, NULL, depth + 1);
fprintf (codefile,
"(%s)->len++;\n"
"len = %s_origlen - ret;\n"
@@ -480,7 +482,7 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr, tmpstr, typestring);
if(support_ber)
fprintf(codefile,
"int is_indefinite;\n");
"int is_indefinite%zu;\n", depth);
fprintf(codefile, "e = der_match_tag_and_length(p, len, %s, &%s, %s, "
"&%s_datalen, &l);\n",
@@ -516,20 +518,20 @@ decode_type (const char *name, const Type *t, int optional,
tmpstr);
if(support_ber)
fprintf (codefile,
"if((is_indefinite = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
"if((is_indefinite%zu = _heim_fix_dce(%s_datalen, &len)) < 0)\n"
"{ e = ASN1_BAD_FORMAT; %s; }\n"
"if (is_indefinite) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
tmpstr, forwstr, forwstr);
"if (is_indefinite%zu) { if (len < 2) { e = ASN1_OVERRUN; %s; } len -= 2; }",
depth, tmpstr, forwstr, depth, forwstr);
else
fprintf(codefile,
"if (%s_datalen > len) { e = ASN1_OVERRUN; %s; }\n"
"len = %s_datalen;\n", tmpstr, forwstr, tmpstr);
if (asprintf (&tname, "%s_Tag", tmpstr) < 0 || tname == NULL)
errx(1, "malloc");
decode_type (name, t->subtype, 0, forwstr, tname, ide);
decode_type (name, t->subtype, 0, forwstr, tname, ide, depth + 1);
if(support_ber)
fprintf(codefile,
"if(is_indefinite){\n"
"if(is_indefinite%zu){\n"
"len += 2;\n"
"e = der_match_tag_and_length(p, len, "
"(Der_class)0, &%s, UT_EndOfContent, "
@@ -538,6 +540,7 @@ decode_type (const char *name, const Type *t, int optional,
"p += l; len -= l; ret += l;\n"
"if (%s != (Der_type)0) { e = ASN1_BAD_ID; %s; }\n"
"} else \n",
depth,
typestring,
tmpstr,
forwstr,
@@ -584,7 +587,8 @@ decode_type (const char *name, const Type *t, int optional,
if (asprintf (&s, "%s(%s)->u.%s", m->optional ? "" : "&",
name, m->gen_name) < 0 || s == NULL)
errx(1, "malloc");
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL);
decode_type (s, m->type, m->optional, forwstr, m->gen_name, NULL,
depth + 1);
fprintf(codefile,
"(%s)->element = %s;\n",
name, m->label);
@@ -702,7 +706,7 @@ generate_type_decode (const Symbol *s)
fprintf (codefile, "\n");
fprintf (codefile, "memset(data, 0, sizeof(*data));\n"); /* hack to avoid `unused variable' */
decode_type ("data", s->type, 0, "goto fail", "Top", NULL);
decode_type ("data", s->type, 0, "goto fail", "Top", NULL, 1);
if (preserve)
fprintf (codefile,
"data->_save.data = calloc(1, ret);\n"

8
lib/asn1/gen_encode.c
View File

@@ -302,7 +302,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name, name);
fprintf(codefile,
"for(i = 0; i < (%s)->len; i++) {\n",
"for(i = 0; i < (int)(%s)->len; i++) {\n",
name);
fprintf(codefile,
@@ -326,7 +326,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
fprintf(codefile,
"if (totallen > len) {\n"
"for (i = 0; i < (%s)->len; i++) {\n"
"for (i = 0; i < (int)(%s)->len; i++) {\n"
"free(val[i].data);\n"
"}\n"
"free(val);\n"
@@ -339,7 +339,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
name);
fprintf (codefile,
"for(i = (%s)->len - 1; i >= 0; --i) {\n"
"for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"p -= val[i].length;\n"
"ret += val[i].length;\n"
"memcpy(p + 1, val[i].data, val[i].length);\n"
@@ -355,7 +355,7 @@ encode_type (const char *name, const Type *t, const char *tmpstr)
char *n = NULL;
fprintf (codefile,
"for(i = (%s)->len - 1; i >= 0; --i) {\n"
"for(i = (int)(%s)->len - 1; i >= 0; --i) {\n"
"size_t %s_for_oldret = ret;\n"
"ret = 0;\n",
name, tmpstr);

4
lib/asn1/timegm.c
View File

@@ -56,13 +56,13 @@ time_t
_der_timegm (struct tm *tm)
{
time_t res = 0;
unsigned i;
int i;
if (tm->tm_year < 0)
return -1;
if (tm->tm_mon < 0 || tm->tm_mon > 11)
return -1;
if (tm->tm_mday < 1 || tm->tm_mday > ndays[is_leap(tm->tm_year)][tm->tm_mon])
if (tm->tm_mday < 1 || tm->tm_mday > (int)ndays[is_leap(tm->tm_year)][tm->tm_mon])
return -1;
if (tm->tm_hour < 0 || tm->tm_hour > 23)
return -1;

2
lib/gssapi/gen-oid.pl
View File

@@ -110,7 +110,7 @@ while(<>) {
printf "#define $name (&$store)\n\n";
} else {
printf "/* $name - $oid */\n";
printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, \"$data\" };\n\n";
printf "gss_OID_desc GSSAPI_LIB_VARIABLE $store = { $length, rk_UNCONST(\"$data\") };\n\n";
}
} elsif (/^desc\s+([\w]+)\s+(\w+)\s+(\"[^\"]*\")\s+(\"[^\"]*\")/) {
my ($type, $oid, $short, $long) = ($1, $2, $3, $4);

2
lib/gssapi/gsstool.c
View File

@@ -132,7 +132,7 @@ supported_mechanisms(void *argptr, int argc, char **argv)
return 0;
}
void static
static void
print_mech_attr(const char *mechname, gss_const_OID mech, gss_OID_set set)
{
gss_buffer_desc name, desc;

4
lib/gssapi/krb5/arcfour.c
View File

@@ -255,7 +255,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type)
const char *type)
{
krb5_error_code ret;
uint32_t seq_number;
@@ -270,7 +270,7 @@ _gssapi_verify_mic_arcfour(OM_uint32 * minor_status,
p = token_buffer->value;
omret = _gsskrb5_verify_header (&p,
token_buffer->length,
(u_char *)type,
type,
GSS_KRB5_MECHANISM);
if (omret)
return omret;

5
lib/gssapi/krb5/cfx.c
View File

@@ -285,7 +285,8 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
gss_iov_buffer_desc *header, *trailer, *padding;
size_t gsshsize, k5hsize;
size_t gsstsize, k5tsize;
size_t i, rrc = 0, ec = 0;
size_t rrc = 0, ec = 0;
int i;
gss_cfx_wrap_token token;
krb5_error_code ret;
int32_t seq_number;
@@ -666,7 +667,7 @@ unrotate_iov(OM_uint32 *minor_status, size_t rrc, gss_iov_buffer_desc *iov, int
q += iov[i].buffer.length;
}
}
assert((q - p) == len);
assert((size_t)(q - p) == len);
/* unrotate first part */
q = p + rrc;

24
lib/gssapi/krb5/external.c
View File

@@ -180,7 +180,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"GS2-KRB5",
rk_UNCONST("GS2-KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -188,7 +188,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"KRB5",
rk_UNCONST("KRB5"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -196,7 +196,7 @@ static gss_mo_desc krb5_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal Kerberos 5 mech",
rk_UNCONST("Heimdal Kerberos 5 mech"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -214,19 +214,19 @@ static gss_mo_desc krb5_mo[] = {
},
{
GSS_C_MA_AUTH_TARG,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_AUTH_INIT_ANON,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_DELEG_CRED,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_INTEG_PROT,
GSS_MO_MA
.flags = GSS_MO_MA
},
{
GSS_C_MA_CONF_PROT,
@@ -273,7 +273,7 @@ static gss_mo_desc krb5_mo[] = {
static gssapi_mech_interface_desc krb5_mech = {
GMI_VERSION,
"kerberos 5",
{9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" },
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") },
0,
_gsskrb5_acquire_cred,
_gsskrb5_release_cred,
@@ -323,7 +323,13 @@ static gssapi_mech_interface_desc krb5_mech = {
NULL,
NULL,
krb5_mo,
sizeof(krb5_mo) / sizeof(krb5_mo[0])
sizeof(krb5_mo) / sizeof(krb5_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
gssapi_mech_interface

11
lib/gssapi/krb5/init_sec_context.c
View File

@@ -675,7 +675,8 @@ init_auth_restart
output_token->length = outbuf.length;
} else {
ret = _gsskrb5_encapsulate (minor_status, &outbuf, output_token,
(u_char *)"\x01\x00", GSS_KRB5_MECHANISM);
(u_char *)(intptr_t)"\x01\x00",
GSS_KRB5_MECHANISM);
krb5_data_free (&outbuf);
if (ret)
goto failure;
@@ -910,20 +911,20 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_init_sec_context
return GSS_S_BAD_MECH;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
OM_uint32 ret;
OM_uint32 ret1;
if (*context_handle != GSS_C_NO_CONTEXT) {
*minor_status = 0;
return GSS_S_FAILURE | GSS_S_CALL_BAD_STRUCTURE;
}
ret = _gsskrb5_create_ctx(minor_status,
ret1 = _gsskrb5_create_ctx(minor_status,
context_handle,
context,
input_chan_bindings,
INITIATOR_START);
if (ret)
return ret;
if (ret1)
return ret1;
}
if (*context_handle == GSS_C_NO_CONTEXT) {

24
lib/gssapi/krb5/prf.c
View File

@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
krb5_crypto crypto;
krb5_data input, output;
uint32_t num;
OM_uint32 junk;
unsigned char *p;
krb5_keyblock *key = NULL;
size_t dol;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
if (desired_output_len <= 0) {
if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
*minor_status = 0;
return GSS_S_FAILURE;
}
dol = desired_output_len;
GSSAPI_KRB5_INIT (&context);
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
prf_out->value = malloc(desired_output_len);
prf_out->value = malloc(dol);
if (prf_out->value == NULL) {
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
prf_out->length = desired_output_len;
prf_out->length = dol;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
input.length = prf_in->length + 4;
input.data = malloc(prf_in->length + 4);
if (input.data == NULL) {
OM_uint32 junk;
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
num = 0;
p = prf_out->value;
while(desired_output_len > 0) {
while(dol > 0) {
size_t tsize;
_gsskrb5_encode_om_uint32(num, input.data);
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
OM_uint32 junk;
*minor_status = ret;
free(input.data);
gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
memcpy(p, output.data, min(desired_output_len, output.length));
tsize = min(dol, output.length);
memcpy(p, output.data, tsize);
p += output.length;
desired_output_len -= output.length;
dol -= tsize;
krb5_data_free(&output);
num++;
}

3
lib/gssapi/krb5/process_context_token.c
View File

@@ -52,7 +52,8 @@ OM_uint32 GSSAPI_CALLCONV _gsskrb5_process_context_token (
(gsskrb5_ctx)context_handle,
context,
token_buffer, &empty_buffer,
GSS_C_QOP_DEFAULT, "\x01\x02");
GSS_C_QOP_DEFAULT,
"\x01\x02");
if (ret == GSS_S_COMPLETE)
ret = _gsskrb5_delete_sec_context(minor_status,

2
lib/gssapi/krb5/sequence.c
View File

@@ -141,7 +141,7 @@ OM_uint32
_gssapi_msg_order_check(struct gss_msg_order *o, OM_uint32 seq_num)
{
OM_uint32 r;
int i;
size_t i;
if (o == NULL)
return GSS_S_COMPLETE;

2
lib/gssapi/krb5/unwrap.c
View File

@@ -54,7 +54,7 @@ unwrap_des
DES_key_schedule schedule;
DES_cblock deskey;
DES_cblock zero;
int i;
size_t i;
uint32_t seq_number;
size_t padlength;
OM_uint32 ret;

8
lib/gssapi/krb5/verify_mic.c
View File

@@ -44,7 +44,7 @@ verify_mic_des
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
const char *type
)
{
u_char *p;
@@ -142,7 +142,7 @@ verify_mic_des3
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
krb5_keyblock *key,
char *type
const char *type
)
{
u_char *p;
@@ -276,7 +276,7 @@ _gsskrb5_verify_mic_internal
const gss_buffer_t message_buffer,
const gss_buffer_t token_buffer,
gss_qop_t * qop_state,
char * type
const char * type
)
{
krb5_keyblock *key;
@@ -348,7 +348,7 @@ _gsskrb5_verify_mic
(gsskrb5_ctx)context_handle,
context,
message_buffer, token_buffer,
qop_state, "\x01\x01");
qop_state, (void *)(intptr_t)"\x01\x01");
return ret;
}

2
lib/gssapi/krb5/wrap.c
View File

@@ -214,7 +214,7 @@ wrap_des
EVP_CIPHER_CTX des_ctx;
DES_cblock deskey;
DES_cblock zero;
int i;
size_t i;
int32_t seq_number;
size_t len, total_len, padlength, datalen;

2
lib/gssapi/mech/gss_acquire_cred.c
View File

@@ -46,7 +46,7 @@ gss_acquire_cred(OM_uint32 *minor_status,
struct _gss_cred *cred;
struct _gss_mechanism_cred *mc;
OM_uint32 min_time, cred_time;
int i;
size_t i;
*minor_status = 0;
if (output_cred_handle == NULL)

2
lib/gssapi/mech/gss_aeap.c
View File

@@ -168,7 +168,7 @@ gss_release_iov_buffer(OM_uint32 *minor_status,
int iov_count)
{
OM_uint32 junk;
size_t i;
int i;
if (minor_status)
*minor_status = 0;

2
lib/gssapi/mech/gss_buffer_set.c
View File

@@ -100,7 +100,7 @@ GSSAPI_LIB_FUNCTION OM_uint32 GSSAPI_LIB_CALL
gss_release_buffer_set(OM_uint32 * minor_status,
gss_buffer_set_t *buffer_set)
{
int i;
size_t i;
OM_uint32 minor;
*minor_status = 0;

2
lib/gssapi/mech/gss_cred.c
View File

@@ -85,7 +85,7 @@ gss_export_cred(OM_uint32 * minor_status,
}
ret = krb5_storage_write(sp, buffer.value, buffer.length);
if (ret != buffer.length) {
if (ret < 0 || (size_t)ret != buffer.length) {
gss_release_buffer(minor_status, &buffer);
krb5_storage_free(sp);
*minor_status = EINVAL;

2
lib/gssapi/mech/gss_indicate_mechs.c
View File

@@ -35,7 +35,7 @@ gss_indicate_mechs(OM_uint32 *minor_status,
struct _gss_mech_switch *m;
OM_uint32 major_status;
gss_OID_set set;
int i;
size_t i;
_gss_load_mech();

8
lib/gssapi/mech/gss_inquire_context.c
View File

@@ -37,7 +37,7 @@ gss_inquire_context(OM_uint32 *minor_status,
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
int *open)
int *xopen)
{
OM_uint32 major_status;
struct _gss_context *ctx = (struct _gss_context *) context_handle;
@@ -47,8 +47,8 @@ gss_inquire_context(OM_uint32 *minor_status,
if (locally_initiated)
*locally_initiated = 0;
if (open)
*open = 0;
if (xopen)
*xopen = 0;
if (lifetime_rec)
*lifetime_rec = 0;
@@ -68,7 +68,7 @@ gss_inquire_context(OM_uint32 *minor_status,
mech_type,
ctx_flags,
locally_initiated,
open);
xopen);
if (major_status != GSS_S_COMPLETE) {
_gss_mg_error(m, major_status, *minor_status);

2
lib/gssapi/mech/gss_inquire_cred_by_oid.c
View File

@@ -52,7 +52,7 @@ gss_inquire_cred_by_oid (OM_uint32 *minor_status,
HEIM_SLIST_FOREACH(mc, &cred->gc_mc, gmc_link) {
gss_buffer_set_t rset = GSS_C_NO_BUFFER_SET;
int i;
size_t i;
m = mc->gmc_mech;
if (m == NULL) {

2
lib/gssapi/mech/gss_krb5.c
View File

@@ -439,7 +439,7 @@ gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_buffer_desc buffer;
krb5_storage *sp;
krb5_data data;
int i;
size_t i;
sp = krb5_storage_emem();
if (sp == NULL) {

24
lib/gssapi/mech/gss_mo.c
View File

@@ -434,28 +434,28 @@ gss_display_mech_attr(OM_uint32 * minor_status,
return GSS_S_BAD_MECH_ATTR;
if (name) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->name);
n.length = strlen(ma->name);
major = _gss_copy_buffer(minor_status, &n, name);
gss_buffer_desc bd;
bd.value = rk_UNCONST(ma->name);
bd.length = strlen(ma->name);
major = _gss_copy_buffer(minor_status, &bd, name);
if (major != GSS_S_COMPLETE)
return major;
}
if (short_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->short_desc);
n.length = strlen(ma->short_desc);
major = _gss_copy_buffer(minor_status, &n, short_desc);
gss_buffer_desc bd;
bd.value = rk_UNCONST(ma->short_desc);
bd.length = strlen(ma->short_desc);
major = _gss_copy_buffer(minor_status, &bd, short_desc);
if (major != GSS_S_COMPLETE)
return major;
}
if (long_desc) {
gss_buffer_desc n;
n.value = rk_UNCONST(ma->long_desc);
n.length = strlen(ma->long_desc);
major = _gss_copy_buffer(minor_status, &n, long_desc);
gss_buffer_desc bd;
bd.value = rk_UNCONST(ma->long_desc);
bd.length = strlen(ma->long_desc);
major = _gss_copy_buffer(minor_status, &bd, long_desc);
if (major != GSS_S_COMPLETE)
return major;
}

144
lib/gssapi/mech/gss_oid.c
View File

@@ -2,220 +2,220 @@
#include "mech_locl.h"
/* GSS_KRB5_COPY_CCACHE_X - 1.2.752.43.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x01" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_copy_ccache_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x01") };
/* GSS_KRB5_GET_TKT_FLAGS_X - 1.2.752.43.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x02" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_tkt_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x02") };
/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X - 1.2.752.43.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x03" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_extract_authz_data_from_sec_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03") };
/* GSS_KRB5_COMPAT_DES3_MIC_X - 1.2.752.43.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x04" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_compat_des3_mic_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x04") };
/* GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X - 1.2.752.43.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x05" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_register_acceptor_identity_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x05") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_X - 1.2.752.43.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x06" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06") };
/* GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X - 1.2.752.43.13.6.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, "\x2a\x85\x70\x2b\x0d\x06\x01" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_export_lucid_context_v1_x_oid_desc = { 7, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x06\x01") };
/* GSS_KRB5_SET_DNS_CANONICALIZE_X - 1.2.752.43.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x07" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_dns_canonicalize_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x07") };
/* GSS_KRB5_GET_SUBKEY_X - 1.2.752.43.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x08" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x08") };
/* GSS_KRB5_GET_INITIATOR_SUBKEY_X - 1.2.752.43.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x09" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_initiator_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x09") };
/* GSS_KRB5_GET_ACCEPTOR_SUBKEY_X - 1.2.752.43.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0a" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_acceptor_subkey_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0a") };
/* GSS_KRB5_SEND_TO_KDC_X - 1.2.752.43.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0b" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_send_to_kdc_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0b") };
/* GSS_KRB5_GET_AUTHTIME_X - 1.2.752.43.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0c" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_authtime_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0c") };
/* GSS_KRB5_GET_SERVICE_KEYBLOCK_X - 1.2.752.43.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0d" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_service_keyblock_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0d") };
/* GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X - 1.2.752.43.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0e" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_allowable_enctypes_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0e") };
/* GSS_KRB5_SET_DEFAULT_REALM_X - 1.2.752.43.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x0f" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_default_realm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x0f") };
/* GSS_KRB5_CCACHE_NAME_X - 1.2.752.43.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x10" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_ccache_name_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x10") };
/* GSS_KRB5_SET_TIME_OFFSET_X - 1.2.752.43.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x11" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_set_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x11") };
/* GSS_KRB5_GET_TIME_OFFSET_X - 1.2.752.43.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x12" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_get_time_offset_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x12") };
/* GSS_KRB5_PLUGIN_REGISTER_X - 1.2.752.43.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x13" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_plugin_register_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x13") };
/* GSS_NTLM_GET_SESSION_KEY_X - 1.2.752.43.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x14" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_get_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x14") };
/* GSS_C_NT_NTLM - 1.2.752.43.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x15" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_ntlm_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x15") };
/* GSS_C_NT_DN - 1.2.752.43.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x16" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_nt_dn_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x16") };
/* GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL - 1.2.752.43.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x17" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_nt_principal_name_referral_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x17") };
/* GSS_C_NTLM_AVGUEST - 1.2.752.43.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x18" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_avguest_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x18") };
/* GSS_C_NTLM_V1 - 1.2.752.43.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x19" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x19") };
/* GSS_C_NTLM_V2 - 1.2.752.43.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1a" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_v2_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1a") };
/* GSS_C_NTLM_SESSION_KEY - 1.2.752.43.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1b" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_session_key_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1b") };
/* GSS_C_NTLM_FORCE_V1 - 1.2.752.43.13.28 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1c" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ntlm_force_v1_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1c") };
/* GSS_KRB5_CRED_NO_CI_FLAGS_X - 1.2.752.43.13.29 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1d" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_cred_no_ci_flags_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1d") };
/* GSS_KRB5_IMPORT_CRED_X - 1.2.752.43.13.30 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x1e" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_import_cred_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x1e") };
/* GSS_C_MA_SASL_MECH_NAME - 1.2.752.43.13.100 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x64" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_sasl_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x64") };
/* GSS_C_MA_MECH_NAME - 1.2.752.43.13.101 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x65" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x65") };
/* GSS_C_MA_MECH_DESCRIPTION - 1.2.752.43.13.102 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, "\x2a\x85\x70\x2b\x0d\x66" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_description_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x66") };
/* GSS_SASL_DIGEST_MD5_MECHANISM - 1.2.752.43.14.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x01" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_sasl_digest_md5_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x01") };
/* GSS_NETLOGON_MECHANISM - 1.2.752.43.14.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x02" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_mechanism_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x02") };
/* GSS_NETLOGON_SET_SESSION_KEY_X - 1.2.752.43.14.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x03" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_session_key_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x03") };
/* GSS_NETLOGON_SET_SIGN_ALGORITHM_X - 1.2.752.43.14.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x04" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_set_sign_algorithm_x_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x04") };
/* GSS_NETLOGON_NT_NETBIOS_DNS_NAME - 1.2.752.43.14.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, "\x2a\x85\x70\x2b\x0e\x05" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_netlogon_nt_netbios_dns_name_oid_desc = { 6, rk_UNCONST("\x2a\x85\x70\x2b\x0e\x05") };
/* GSS_C_INQ_WIN2K_PAC_X - 1.2.752.43.13.3.128 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, "\x2a\x85\x70\x2b\x0d\x03\x81\x00" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_win2k_pac_x_oid_desc = { 8, rk_UNCONST("\x2a\x85\x70\x2b\x0d\x03\x81\x00") };
/* GSS_C_INQ_SSPI_SESSION_KEY - 1.2.840.113554.1.2.2.5.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_inq_sspi_session_key_oid_desc = { 11, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x05\x05") };
/* GSS_KRB5_MECHANISM - 1.2.840.113554.1.2.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_krb5_mechanism_oid_desc = { 9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
/* GSS_NTLM_MECHANISM - 1.3.6.1.4.1.311.2.2.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_ntlm_mechanism_oid_desc = { 10, rk_UNCONST("\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a") };
/* GSS_SPNEGO_MECHANISM - 1.3.6.1.5.5.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, "\x2b\x06\x01\x05\x05\x02" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_spnego_mechanism_oid_desc = { 6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") };
/* GSS_C_PEER_HAS_UPDATED_SPNEGO - 1.3.6.1.4.1.9513.19.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, "\x2b\x06\x01\x04\x01\xca\x29\x13\x05" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_peer_has_updated_spnego_oid_desc = { 9, rk_UNCONST("\x2b\x06\x01\x04\x01\xca\x29\x13\x05") };
/* GSS_C_MA_MECH_CONCRETE - 1.3.6.1.5.5.13.1 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x01" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_concrete_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x01") };
/* GSS_C_MA_MECH_PSEUDO - 1.3.6.1.5.5.13.2 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x02" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_pseudo_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x02") };
/* GSS_C_MA_MECH_COMPOSITE - 1.3.6.1.5.5.13.3 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x03" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_composite_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x03") };
/* GSS_C_MA_MECH_NEGO - 1.3.6.1.5.5.13.4 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x04" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_nego_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x04") };
/* GSS_C_MA_MECH_GLUE - 1.3.6.1.5.5.13.5 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x05" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mech_glue_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x05") };
/* GSS_C_MA_NOT_MECH - 1.3.6.1.5.5.13.6 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x06" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x06") };
/* GSS_C_MA_DEPRECATED - 1.3.6.1.5.5.13.7 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x07" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deprecated_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x07") };
/* GSS_C_MA_NOT_DFLT_MECH - 1.3.6.1.5.5.13.8 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x08" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_not_dflt_mech_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x08") };
/* GSS_C_MA_ITOK_FRAMED - 1.3.6.1.5.5.13.9 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x09" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_itok_framed_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x09") };
/* GSS_C_MA_AUTH_INIT - 1.3.6.1.5.5.13.10 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0a" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0a") };
/* GSS_C_MA_AUTH_TARG - 1.3.6.1.5.5.13.11 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0b" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0b") };
/* GSS_C_MA_AUTH_INIT_INIT - 1.3.6.1.5.5.13.12 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0c" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0c") };
/* GSS_C_MA_AUTH_TARG_INIT - 1.3.6.1.5.5.13.13 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0d" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_init_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0d") };
/* GSS_C_MA_AUTH_INIT_ANON - 1.3.6.1.5.5.13.14 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0e" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_init_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0e") };
/* GSS_C_MA_AUTH_TARG_ANON - 1.3.6.1.5.5.13.15 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x0f" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_auth_targ_anon_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x0f") };
/* GSS_C_MA_DELEG_CRED - 1.3.6.1.5.5.13.16 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x10" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_deleg_cred_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x10") };
/* GSS_C_MA_INTEG_PROT - 1.3.6.1.5.5.13.17 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x11" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_integ_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x11") };
/* GSS_C_MA_CONF_PROT - 1.3.6.1.5.5.13.18 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x12" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_conf_prot_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x12") };
/* GSS_C_MA_MIC - 1.3.6.1.5.5.13.19 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x13" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_mic_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x13") };
/* GSS_C_MA_WRAP - 1.3.6.1.5.5.13.20 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x14" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_wrap_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x14") };
/* GSS_C_MA_PROT_READY - 1.3.6.1.5.5.13.21 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x15" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_prot_ready_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x15") };
/* GSS_C_MA_REPLAY_DET - 1.3.6.1.5.5.13.22 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x16" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_replay_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x16") };
/* GSS_C_MA_OOS_DET - 1.3.6.1.5.5.13.23 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x17" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_oos_det_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x17") };
/* GSS_C_MA_CBINDINGS - 1.3.6.1.5.5.13.24 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x18" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_cbindings_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x18") };
/* GSS_C_MA_PFS - 1.3.6.1.5.5.13.25 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x19" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_pfs_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x19") };
/* GSS_C_MA_COMPRESS - 1.3.6.1.5.5.13.26 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1a" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_compress_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1a") };
/* GSS_C_MA_CTX_TRANS - 1.3.6.1.5.5.13.27 */
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, "\x2b\x06\x01\x05\x05\x0d\x1b" };
gss_OID_desc GSSAPI_LIB_VARIABLE __gss_c_ma_ctx_trans_oid_desc = { 7, rk_UNCONST("\x2b\x06\x01\x05\x05\x0d\x1b") };
struct _gss_oid_name_table _gss_ont_ma[] = {
{ GSS_C_MA_COMPRESS, "GSS_C_MA_COMPRESS", "compress", "" },

2
lib/gssapi/mech/gss_test_oid_set_member.c
View File

@@ -34,7 +34,7 @@ gss_test_oid_set_member(OM_uint32 *minor_status,
const gss_OID_set set,
int *present)
{
int i;
size_t i;
*present = 0;
for (i = 0; i < set->count; i++)

8
lib/gssapi/ntlm/accept_sec_context.c
View File

@@ -155,15 +155,15 @@ _gss_ntlm_accept_sec_context
&out);
heim_ntlm_free_type1(&type1);
if (major_status != GSS_S_COMPLETE) {
OM_uint32 junk;
_gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
OM_uint32 gunk;
_gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
return major_status;
}
output_token->value = malloc(out.length);
if (output_token->value == NULL && out.length != 0) {
OM_uint32 junk;
_gss_ntlm_delete_sec_context(&junk, context_handle, NULL);
OM_uint32 gunk;
_gss_ntlm_delete_sec_context(&gunk, context_handle, NULL);
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}

14
lib/gssapi/ntlm/external.c
View File

@@ -38,7 +38,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"NTLM",
rk_UNCONST("NTLM"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -46,7 +46,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"NTLMSPP",
rk_UNCONST("NTLMSPP"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -54,7 +54,7 @@ static gss_mo_desc ntlm_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal NTLMSSP Mechanism",
rk_UNCONST("Heimdal NTLMSSP Mechanism"),
_gss_mo_get_ctx_as_string,
NULL
}
@@ -113,7 +113,13 @@ static gssapi_mech_interface_desc ntlm_mech = {
NULL,
NULL,
ntlm_mo,
sizeof(ntlm_mo) / sizeof(ntlm_mo[0])
sizeof(ntlm_mo) / sizeof(ntlm_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
gssapi_mech_interface

13
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -316,7 +316,7 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
gss_OID_desc oid;
gss_OID oidp;
gss_OID_set mechs;
int i;
size_t i;
OM_uint32 ret, junk;
ret = der_put_oid ((unsigned char *)mechbuf + sizeof(mechbuf) - 1,
@@ -368,12 +368,13 @@ select_mech(OM_uint32 *minor_status, MechType *mechType, int verify_p,
host = getenv("GSSAPI_SPNEGO_NAME");
if (host == NULL || issuid()) {
int rv;
if (gethostname(hostname, sizeof(hostname)) != 0) {
*minor_status = errno;
return GSS_S_FAILURE;
}
i = asprintf(&str, "host@%s", hostname);
if (i < 0 || str == NULL) {
rv = asprintf(&str, "host@%s", hostname);
if (rv < 0 || str == NULL) {
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
@@ -491,7 +492,6 @@ acceptor_start
NegotiationToken nt;
size_t nt_len;
NegTokenInit *ni;
int i;
gss_buffer_desc data;
gss_buffer_t mech_input_token = GSS_C_NO_BUFFER;
gss_buffer_desc mech_output_token;
@@ -613,13 +613,14 @@ acceptor_start
*/
if (!first_ok && ni->mechToken != NULL) {
size_t j;
preferred_mech_type = GSS_C_NO_OID;
/* Call glue layer to find first mech we support */
for (i = 1; i < ni->mechTypes.len; ++i) {
for (j = 1; j < ni->mechTypes.len; ++j) {
ret = select_mech(minor_status,
&ni->mechTypes.val[i],
&ni->mechTypes.val[j],
1,
&preferred_mech_type);
if (ret == 0)

6
lib/gssapi/spnego/compat.c
View File

@@ -41,10 +41,10 @@
* Kerberos mechanism.
*/
gss_OID_desc _gss_spnego_mskrb_mechanism_oid_desc =
{9, (void *)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"};
{9, rk_UNCONST("\x2a\x86\x48\x82\xf7\x12\x01\x02\x02")};
gss_OID_desc _gss_spnego_krb5_mechanism_oid_desc =
{9, (void *)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"};
{9, rk_UNCONST("\x2a\x86\x48\x86\xf7\x12\x01\x02\x02")};
/*
* Allocate a SPNEGO context handle
@@ -241,7 +241,7 @@ _gss_spnego_indicate_mechtypelist (OM_uint32 *minor_status,
gss_OID_set supported_mechs = GSS_C_NO_OID_SET;
gss_OID first_mech = GSS_C_NO_OID;
OM_uint32 ret;
int i;
size_t i;
mechtypelist->len = 0;
mechtypelist->val = NULL;

4
lib/gssapi/spnego/context_stubs.c
View File

@@ -37,7 +37,7 @@ spnego_supported_mechs(OM_uint32 *minor_status, gss_OID_set *mechs)
{
OM_uint32 ret, junk;
gss_OID_set m;
int i;
size_t i;
ret = gss_indicate_mechs(minor_status, &m);
if (ret != GSS_S_COMPLETE)
@@ -565,7 +565,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_inquire_names_for_mech (
{
gss_OID_set mechs, names, n;
OM_uint32 ret, junk;
int i, j;
size_t i, j;
*name_types = NULL;

2
lib/gssapi/spnego/cred_stubs.c
View File

@@ -70,7 +70,7 @@ OM_uint32 GSSAPI_CALLCONV _gss_spnego_acquire_cred
OM_uint32 ret, tmp;
gss_OID_set_desc actual_desired_mechs;
gss_OID_set mechs;
int i, j;
size_t i, j;
*output_cred_handle = GSS_C_NO_CREDENTIAL;

17
lib/gssapi/spnego/external.c
View File

@@ -39,13 +39,12 @@
* negotiation token is identified by the Object Identifier
* iso.org.dod.internet.security.mechanism.snego (1.3.6.1.5.5.2).
*/
static gss_mo_desc spnego_mo[] = {
{
GSS_C_MA_SASL_MECH_NAME,
GSS_MO_MA,
"SASL mech name",
"SPNEGO",
rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -53,7 +52,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_NAME,
GSS_MO_MA,
"Mechanism name",
"SPNEGO",
rk_UNCONST("SPNEGO"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -61,7 +60,7 @@ static gss_mo_desc spnego_mo[] = {
GSS_C_MA_MECH_DESCRIPTION,
GSS_MO_MA,
"Mechanism description",
"Heimdal SPNEGO Mechanism",
rk_UNCONST("Heimdal SPNEGO Mechanism"),
_gss_mo_get_ctx_as_string,
NULL
},
@@ -78,7 +77,7 @@ static gss_mo_desc spnego_mo[] = {
static gssapi_mech_interface_desc spnego_mech = {
GMI_VERSION,
"spnego",
{6, (void *)"\x2b\x06\x01\x05\x05\x02"},
{6, rk_UNCONST("\x2b\x06\x01\x05\x05\x02") },
0,
_gss_spnego_acquire_cred,
_gss_spnego_release_cred,
@@ -128,7 +127,13 @@ static gssapi_mech_interface_desc spnego_mech = {
NULL,
NULL,
spnego_mo,
sizeof(spnego_mo) / sizeof(spnego_mo[0])
sizeof(spnego_mo) / sizeof(spnego_mo[0]),
NULL,
NULL,
NULL,
NULL,
NULL,
NULL,
};
gssapi_mech_interface

7
lib/hdb/common.c
View File

@@ -171,7 +171,7 @@ hdb_remove_aliases(krb5_context context, HDB *db, krb5_data *key)
krb5_error_code code;
hdb_entry oldentry;
krb5_data value;
int i;
size_t i;
code = db->hdb__get(context, db, *key, &value);
if (code == HDB_ERR_NOENTRY)
@@ -211,7 +211,7 @@ hdb_add_aliases(krb5_context context, HDB *db,
const HDB_Ext_Aliases *aliases;
krb5_error_code code;
krb5_data key, value;
int i;
size_t i;
code = hdb_entry_get_aliases(&entry->entry, &aliases);
if (code || aliases == NULL)
@@ -240,7 +240,8 @@ static krb5_error_code
hdb_check_aliases(krb5_context context, HDB *db, hdb_entry_ex *entry)
{
const HDB_Ext_Aliases *aliases;
int code, i;
int code;
size_t i;
/* check if new aliases already is used */

20
lib/hdb/ext.c
View File

@@ -37,7 +37,7 @@
krb5_error_code
hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
{
int i;
size_t i;
if (ent->extensions == NULL)
return 0;
@@ -63,13 +63,13 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
HDB_extension *
hdb_find_extension(const hdb_entry *entry, int type)
{
int i;
size_t i;
if (entry->extensions == NULL)
return NULL;
for (i = 0; i < entry->extensions->len; i++)
if (entry->extensions->val[i].data.element == type)
if (entry->extensions->val[i].data.element == (unsigned)type)
return &entry->extensions->val[i];
return NULL;
}
@@ -112,7 +112,7 @@ hdb_replace_extension(krb5_context context,
Der_type replace_type, list_type;
unsigned int replace_tag, list_tag;
size_t size;
int i;
size_t i;
ret = der_get_tag(ext->data.u.asn1_ellipsis.data,
ext->data.u.asn1_ellipsis.length,
@@ -180,13 +180,13 @@ hdb_clear_extension(krb5_context context,
hdb_entry *entry,
int type)
{
int i;
size_t i;
if (entry->extensions == NULL)
return 0;
for (i = 0; i < entry->extensions->len; i++) {
if (entry->extensions->val[i].data.element == type) {
if (entry->extensions->val[i].data.element == (unsigned)type) {
free_HDB_extension(&entry->extensions->val[i]);
memmove(&entry->extensions->val[i],
&entry->extensions->val[i + 1],
@@ -286,7 +286,7 @@ hdb_entry_get_password(krb5_context context, HDB *db,
ext = hdb_find_extension(entry, choice_HDB_extension_data_password);
if (ext) {
heim_utf8_string str;
heim_utf8_string xstr;
heim_octet_string pw;
if (db->hdb_master_key_set && ext->data.u.password.mkvno) {
@@ -314,13 +314,13 @@ hdb_entry_get_password(krb5_context context, HDB *db,
return ret;
}
str = pw.data;
if (str[pw.length - 1] != '\0') {
xstr = pw.data;
if (xstr[pw.length - 1] != '\0') {
krb5_set_error_message(context, EINVAL, "malformed password");
return EINVAL;
}
*p = strdup(str);
*p = strdup(xstr);
der_free_octet_string(&pw);
if (*p == NULL) {

2
lib/hdb/hdb-mitdb.c
View File

@@ -144,7 +144,7 @@ fix_salt(krb5_context context, hdb_entry *ent, int key_num)
case KRB5_KDB_SALTTYPE_NOREALM:
{
size_t len;
int i;
size_t i;
char *p;
len = 0;

6
lib/hdb/hdb.c
View File

@@ -168,7 +168,7 @@ hdb_unlock(int fd)
void
hdb_free_entry(krb5_context context, hdb_entry_ex *ent)
{
int i;
size_t i;
if (ent->free_entry)
(*ent->free_entry)(context, ent);
@@ -217,7 +217,7 @@ hdb_check_db_format(krb5_context context, HDB *db)
if (ret)
return ret;
tag.data = HDB_DB_FORMAT_ENTRY;
tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data);
ret = (*db->hdb__get)(context, db, tag, &version);
ret2 = db->hdb_unlock(context, db);
@@ -250,7 +250,7 @@ hdb_init_db(krb5_context context, HDB *db)
if (ret)
return ret;
tag.data = HDB_DB_FORMAT_ENTRY;
tag.data = (void *)(intptr_t)HDB_DB_FORMAT_ENTRY;
tag.length = strlen(tag.data);
snprintf(ver, sizeof(ver), "%u", HDB_DB_FORMAT);
version.data = ver;

10
lib/hdb/keys.c
View File

@@ -256,8 +256,8 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
char **ktypes, **kp;
krb5_error_code ret;
Key *k, *key_set;
int i, j;
char *default_keytypes[] = {
size_t i, j;
static const char *default_keytypes[] = {
"aes256-cts-hmac-sha1-96:pw-salt",
"des3-cbc-sha1:pw-salt",
"arcfour-hmac-md5:pw-salt",
@@ -267,7 +267,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
ktypes = krb5_config_get_strings(context, NULL, "kadmin",
"default_keys", NULL);
if (ktypes == NULL)
ktypes = default_keytypes;
ktypes = (char **)(intptr_t)default_keytypes;
*ret_key_set = key_set = NULL;
*nkeyset = 0;
@@ -337,7 +337,7 @@ hdb_generate_key_set(krb5_context context, krb5_principal principal,
*ret_key_set = key_set;
out:
if (ktypes != default_keytypes)
if (ktypes != (char **)(intptr_t)default_keytypes)
krb5_config_free_strings(ktypes);
if (ret) {
@@ -364,7 +364,7 @@ hdb_generate_key_set_password(krb5_context context,
Key **keys, size_t *num_keys)
{
krb5_error_code ret;
int i;
size_t i;
ret = hdb_generate_key_set(context, principal,
keys, num_keys, 0);

6
lib/hdb/keytab.c
View File

@@ -184,7 +184,7 @@ hdb_get_entry(krb5_context context,
const char *mkey = d->mkey;
char *fdbname = NULL, *fmkey = NULL;
HDB *db;
int i;
size_t i;
memset(&ent, 0, sizeof(ent));
@@ -222,7 +222,7 @@ hdb_get_entry(krb5_context context,
}else if(ret)
goto out;
if(kvno && ent.entry.kvno != kvno) {
if(kvno && (krb5_kvno)ent.entry.kvno != kvno) {
hdb_free_entry(context, &ent);
ret = KRB5_KT_NOTFOUND;
goto out;
@@ -382,7 +382,7 @@ hdb_next_entry(krb5_context context,
* next entry
*/
if (c->key_idx == c->hdb_entry.entry.keys.len) {
if ((size_t)c->key_idx == c->hdb_entry.entry.keys.len) {
hdb_free_entry(context, &c->hdb_entry);
c->next = TRUE;
c->key_idx = 0;

6
lib/hdb/mkey.c
View File

@@ -372,7 +372,7 @@ _hdb_find_master_key(uint32_t *mkvno, hdb_master_key mkey)
if(mkvno == NULL) {
if(ret == NULL || mkey->keytab.vno > ret->keytab.vno)
ret = mkey;
} else if(mkey->keytab.vno == *mkvno)
} else if((uint32_t)mkey->keytab.vno == *mkvno)
return mkey;
mkey = mkey->next;
}
@@ -459,7 +459,7 @@ hdb_unseal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
krb5_error_code
hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{
int i;
size_t i;
for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret;
@@ -526,7 +526,7 @@ hdb_seal_key_mkey(krb5_context context, Key *k, hdb_master_key mkey)
krb5_error_code
hdb_seal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
{
int i;
size_t i;
for(i = 0; i < ent->keys.len; i++){
krb5_error_code ret;

5
lib/hdb/print.c
View File

@@ -78,7 +78,8 @@ append_string(krb5_context context, krb5_storage *sp, const char *fmt, ...)
static krb5_error_code
append_hex(krb5_context context, krb5_storage *sp, krb5_data *data)
{
int i, printable = 1;
int printable = 1;
size_t i;
char *p;
p = data->data;
@@ -126,7 +127,7 @@ static krb5_error_code
entry2string_int (krb5_context context, krb5_storage *sp, hdb_entry *ent)
{
char *p;
int i;
size_t i;
krb5_error_code ret;
/* --- principal */

4
lib/hx509/ca.c
View File

@@ -266,7 +266,7 @@ hx509_ca_tbs_set_template(hx509_context context,
}
if (flags & HX509_CA_TEMPLATE_EKU) {
ExtKeyUsage eku;
int i;
size_t i;
ret = _hx509_cert_get_eku(context, cert, &eku);
if (ret)
return ret;
@@ -689,7 +689,7 @@ add_utf8_san(hx509_context context,
const heim_oid *oid,
const char *string)
{
const PKIXXmppAddr ustring = (const PKIXXmppAddr)string;
const PKIXXmppAddr ustring = (const PKIXXmppAddr)(intptr_t)string;
heim_octet_string os;
size_t size;
int ret;

11
lib/hx509/cms.c
View File

@@ -362,7 +362,8 @@ hx509_cms_unenvelope(hx509_context context,
heim_octet_string *params, params_data;
heim_octet_string ivec;
size_t size;
int ret, i, matched = 0, findflags = 0;
int ret, matched = 0, findflags = 0;
size_t i;
memset(&key, 0, sizeof(key));
@@ -718,7 +719,8 @@ out:
static int
any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
{
int ret, i;
int ret;
size_t i;
if (sd->certificates == NULL)
return 0;
@@ -744,7 +746,7 @@ any_to_certs(hx509_context context, const SignedData *sd, hx509_certs certs)
static const Attribute *
find_attribute(const CMSAttributes *attr, const heim_oid *oid)
{
int i;
size_t i;
for (i = 0; i < attr->len; i++)
if (der_heim_oid_cmp(&attr->val[i].type, oid) == 0)
return &attr->val[i];
@@ -790,7 +792,8 @@ hx509_cms_verify_signed(hx509_context context,
hx509_certs certs = NULL;
SignedData sd;
size_t size;
int ret, i, found_valid_sig;
int ret, found_valid_sig;
size_t i;
*signer_certs = NULL;
content->data = NULL;

7
lib/hx509/collector.c
View File

@@ -253,7 +253,8 @@ _hx509_collector_collect_certs(hx509_context context,
hx509_certs *ret_certs)
{
hx509_certs certs;
int ret, i;
int ret;
size_t i;
*ret_certs = NULL;
@@ -286,7 +287,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
struct hx509_collector *c,
hx509_private_key **keys)
{
int i, nkeys;
size_t i, nkeys;
*keys = NULL;
@@ -315,7 +316,7 @@ _hx509_collector_collect_private_keys(hx509_context context,
void
_hx509_collector_free(struct hx509_collector *c)
{
int i;
size_t i;
if (c->unenvelop_certs)
hx509_certs_free(&c->unenvelop_certs);

65
lib/hx509/crypto.c
View File

@@ -589,7 +589,7 @@ rsa_verify_signature(hx509_context context,
}
/* Check for extra data inside the sigature */
if (size != retsize) {
if (size != (size_t)retsize) {
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
hx509_set_error_string(context, 0, ret, "size from decryption mismatch");
goto out;
@@ -620,7 +620,7 @@ rsa_verify_signature(hx509_context context,
data,
&di.digest);
} else {
if (retsize != data->length ||
if ((size_t)retsize != data->length ||
ct_memcmp(to, data->data, retsize) != 0)
{
ret = HX509_CRYPTO_SIG_INVALID_FORMAT;
@@ -739,7 +739,7 @@ rsa_create_signature(hx509_context context,
"RSA private encrypt failed: %d", ret);
return ret;
}
if (ret > sig->length)
if ((size_t)ret > sig->length)
_hx509_abort("RSA signature prelen longer the output len");
sig->length = ret;
@@ -1256,7 +1256,8 @@ static const struct signature_alg heim_rsa_pkcs1_x509 = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg pkcs1_rsa_sha1_alg = {
@@ -1269,7 +1270,8 @@ static const struct signature_alg pkcs1_rsa_sha1_alg = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_sha512_alg = {
@@ -1282,7 +1284,8 @@ static const struct signature_alg rsa_with_sha512_alg = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_sha384_alg = {
@@ -1295,7 +1298,8 @@ static const struct signature_alg rsa_with_sha384_alg = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_sha256_alg = {
@@ -1308,7 +1312,8 @@ static const struct signature_alg rsa_with_sha256_alg = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_sha1_alg = {
@@ -1321,7 +1326,8 @@ static const struct signature_alg rsa_with_sha1_alg = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_sha1_alg_secsig = {
@@ -1334,7 +1340,8 @@ static const struct signature_alg rsa_with_sha1_alg_secsig = {
0,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg rsa_with_md5_alg = {
@@ -1347,7 +1354,8 @@ static const struct signature_alg rsa_with_md5_alg = {
1230739889,
NULL,
rsa_verify_signature,
rsa_create_signature
rsa_create_signature,
0
};
static const struct signature_alg dsa_sha1_alg = {
@@ -1361,6 +1369,7 @@ static const struct signature_alg dsa_sha1_alg = {
NULL,
dsa_verify_signature,
/* create_signature */ NULL,
0
};
static const struct signature_alg sha512_alg = {
@@ -1373,7 +1382,8 @@ static const struct signature_alg sha512_alg = {
0,
EVP_sha512,
evp_md_verify_signature,
evp_md_create_signature
evp_md_create_signature,
0
};
static const struct signature_alg sha384_alg = {
@@ -1386,7 +1396,8 @@ static const struct signature_alg sha384_alg = {
0,
EVP_sha384,
evp_md_verify_signature,
evp_md_create_signature
evp_md_create_signature,
0
};
static const struct signature_alg sha256_alg = {
@@ -1399,7 +1410,8 @@ static const struct signature_alg sha256_alg = {
0,
EVP_sha256,
evp_md_verify_signature,
evp_md_create_signature
evp_md_create_signature,
0
};
static const struct signature_alg sha1_alg = {
@@ -1412,7 +1424,8 @@ static const struct signature_alg sha1_alg = {
0,
EVP_sha1,
evp_md_verify_signature,
evp_md_create_signature
evp_md_create_signature,
0
};
static const struct signature_alg md5_alg = {
@@ -1425,7 +1438,8 @@ static const struct signature_alg md5_alg = {
0,
EVP_md5,
evp_md_verify_signature,
NULL
NULL,
0
};
/*
@@ -1748,7 +1762,7 @@ hx509_private_key_private_decrypt(hx509_context context,
"Failed to decrypt using private key: %d", ret);
return HX509_CRYPTO_RSA_PRIVATE_DECRYPT;
}
if (cleartext->length < ret)
if (cleartext->length < (size_t)ret)
_hx509_abort("internal rsa decryption failure: ret > tosize");
cleartext->length = ret;
@@ -2339,7 +2353,7 @@ static const struct hx509cipher ciphers[] = {
static const struct hx509cipher *
find_cipher_by_oid(const heim_oid *oid)
{
int i;
size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (der_heim_oid_cmp(oid, ciphers[i].oid) == 0)
@@ -2351,7 +2365,7 @@ find_cipher_by_oid(const heim_oid *oid)
static const struct hx509cipher *
find_cipher_by_name(const char *name)
{
int i;
size_t i;
for (i = 0; i < sizeof(ciphers)/sizeof(ciphers[0]); i++)
if (strcasecmp(name, ciphers[i].name) == 0)
@@ -2461,7 +2475,7 @@ hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
int
hx509_crypto_set_key_data(hx509_crypto crypto, const void *data, size_t length)
{
if (EVP_CIPHER_key_length(crypto->c) > length)
if (EVP_CIPHER_key_length(crypto->c) > (int)length)
return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data) {
@@ -2558,7 +2572,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
assert(EVP_CIPHER_iv_length(crypto->c) == ivec->length);
assert(EVP_CIPHER_iv_length(crypto->c) == (int)ivec->length);
EVP_CIPHER_CTX_init(&evp);
@@ -2598,7 +2612,7 @@ hx509_crypto_encrypt(hx509_crypto crypto,
memcpy((*ciphertext)->data, data, length);
if (padsize) {
int i;
size_t i;
unsigned char *p = (*ciphertext)->data;
p += length;
for (i = 0; i < padsize; i++)
@@ -2647,7 +2661,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
(crypto->flags & ALLOW_WEAK) == 0)
return HX509_CRYPTO_ALGORITHM_BEST_BEFORE;
if (ivec && EVP_CIPHER_iv_length(crypto->c) < ivec->length)
if (ivec && EVP_CIPHER_iv_length(crypto->c) < (int)ivec->length)
return HX509_CRYPTO_INTERNAL_ERROR;
if (crypto->key.data == NULL)
@@ -2683,7 +2697,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
unsigned char *p;
int j, bsize = EVP_CIPHER_block_size(crypto->c);
if (clear->length < bsize) {
if ((int)clear->length < bsize) {
ret = HX509_CMS_PADDING_ERROR;
goto out;
}
@@ -2854,7 +2868,8 @@ _hx509_pbe_decrypt(hx509_context context,
const EVP_CIPHER *c;
const EVP_MD *md;
PBE_string2key_func s2k;
int i, ret = 0;
int ret = 0;
size_t i;
memset(&key, 0, sizeof(key));
memset(&iv, 0, sizeof(iv));

103
lib/hx509/hxtool.c
View File

@@ -45,9 +45,9 @@ static int version_flag;
static int help_flag;
struct getargs args[] = {
{ "statistic-file", 0, arg_string, &stat_file_string },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
{ "statistic-file", 0, arg_string, &stat_file_string, NULL, NULL },
{ "version", 0, arg_flag, &version_flag, NULL, NULL },
{ "help", 0, arg_flag, &help_flag, NULL, NULL }
};
int num_args = sizeof(args) / sizeof(args[0]);
@@ -80,15 +80,15 @@ lock_strings(hx509_lock lock, getarg_strings *pass)
*/
static void
certs_strings(hx509_context context, const char *type, hx509_certs certs,
certs_strings(hx509_context contextp, const char *type, hx509_certs certs,
hx509_lock lock, const getarg_strings *s)
{
int i, ret;
for (i = 0; i < s->num_strings; i++) {
ret = hx509_certs_append(context, certs, lock, s->strings[i]);
ret = hx509_certs_append(contextp, certs, lock, s->strings[i]);
if (ret)
hx509_err(context, 1, ret,
hx509_err(contextp, 1, ret,
"hx509_certs_append: %s %s", type, s->strings[i]);
}
}
@@ -114,16 +114,16 @@ parse_oid(const char *str, const heim_oid *def, heim_oid *oid)
*/
static void
peer_strings(hx509_context context,
peer_strings(hx509_context contextp,
hx509_peer_info *peer,
const getarg_strings *s)
{
AlgorithmIdentifier *val;
int ret, i;
ret = hx509_peer_info_alloc(context, peer);
ret = hx509_peer_info_alloc(contextp, peer);
if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_alloc");
hx509_err(contextp, 1, ret, "hx509_peer_info_alloc");
val = calloc(s->num_strings, sizeof(*val));
if (val == NULL)
@@ -132,9 +132,9 @@ peer_strings(hx509_context context,
for (i = 0; i < s->num_strings; i++)
parse_oid(s->strings[i], NULL, &val[i].algorithm);
ret = hx509_peer_info_set_cms_algs(context, *peer, val, s->num_strings);
ret = hx509_peer_info_set_cms_algs(contextp, *peer, val, s->num_strings);
if (ret)
hx509_err(context, 1, ret, "hx509_peer_info_set_cms_algs");
hx509_err(contextp, 1, ret, "hx509_peer_info_set_cms_algs");
for (i = 0; i < s->num_strings; i++)
free_AlgorithmIdentifier(&val[i]);
@@ -151,7 +151,7 @@ struct pem_data {
};
static int
pem_reader(hx509_context context, const char *type,
pem_reader(hx509_context contextp, const char *type,
const hx509_pem_header *headers,
const void *data , size_t length, void *ctx)
{
@@ -211,22 +211,22 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
certs_strings(context, "store", store, lock, &opt->certificate_strings);
if (opt->pem_flag) {
struct pem_data p;
struct pem_data pd;
FILE *f;
p.os = &co;
p.detached_data = 0;
pd.os = &co;
pd.detached_data = 0;
f = fopen(argv[0], "r");
if (f == NULL)
err(1, "Failed to open file %s", argv[0]);
ret = hx509_pem_read(context, f, pem_reader, &p);
ret = hx509_pem_read(context, f, pem_reader, &pd);
fclose(f);
if (ret)
errx(1, "PEM reader failed: %d", ret);
if (p.detached_data && opt->signed_content_string == NULL) {
if (pd.detached_data && opt->signed_content_string == NULL) {
char *r = strrchr(argv[0], '.');
if (r && strcasecmp(r, ".pem") == 0) {
char *s = strdup(argv[0]);
@@ -331,7 +331,7 @@ cms_verify_sd(struct cms_verify_sd_options *opt, int argc, char **argv)
}
static int
print_signer(hx509_context context, void *ctx, hx509_cert cert)
print_signer(hx509_context contextp, void *ctx, hx509_cert cert)
{
hx509_pem_header **header = ctx;
char *signer_name = NULL;
@@ -801,10 +801,10 @@ certificate_copy(struct certificate_copy_options *opt, int argc, char **argv)
hx509_err(context, 1, ret, "hx509_certs_init");
while(argc-- > 1) {
int ret;
ret = hx509_certs_append(context, certs, inlock, argv[0]);
if (ret)
hx509_err(context, 1, ret, "hx509_certs_append");
int retx;
retx = hx509_certs_append(context, certs, inlock, argv[0]);
if (retx)
hx509_err(context, 1, retx, "hx509_certs_append");
argv++;
}
@@ -1534,7 +1534,7 @@ hxtool_hex(struct hex_options *opt, int argc, char **argv)
len = hex_decode(p, buf2, strlen(p));
if (len < 0)
errx(1, "hex_decode failed");
if (fwrite(buf2, 1, len, stdout) != len)
if (fwrite(buf2, 1, len, stdout) != (size_t)len)
errx(1, "fwrite failed");
}
} else {
@@ -1558,38 +1558,38 @@ struct cert_type_opt {
static int
https_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
https_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth);
return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
}
static int
https_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
https_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_clientAuth);
return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_clientAuth);
}
static int
peap_server(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
peap_server(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_serverAuth);
return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_serverAuth);
}
static int
pkinit_kdc(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
pkinit_kdc(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
opt->pkinit++;
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkkdcekuoid);
return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkkdcekuoid);
}
static int
pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
pkinit_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
int ret;
opt->pkinit++;
ret = hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkekuoid);
ret = hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkekuoid);
if (ret)
return ret;
@@ -1601,9 +1601,9 @@ pkinit_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt
}
static int
email_client(hx509_context context, hx509_ca_tbs tbs, struct cert_type_opt *opt)
email_client(hx509_context contextp, hx509_ca_tbs tbs, struct cert_type_opt *opt)
{
return hx509_ca_tbs_add_eku(context, tbs, &asn1_oid_id_pkix_kp_emailProtection);
return hx509_ca_tbs_add_eku(contextp, tbs, &asn1_oid_id_pkix_kp_emailProtection);
}
struct {
@@ -1663,12 +1663,13 @@ print_eval_types(FILE *out)
}
static int
eval_types(hx509_context context,
eval_types(hx509_context contextp,
hx509_ca_tbs tbs,
const struct certificate_sign_options *opt)
{
struct cert_type_opt ctopt;
unsigned i, j;
int i;
size_t j;
int ret;
memset(&ctopt, 0, sizeof(ctopt));
@@ -1678,9 +1679,9 @@ eval_types(hx509_context context,
for (j = 0; j < sizeof(certtypes)/sizeof(certtypes[0]); j++) {
if (strcasecmp(type, certtypes[j].type) == 0) {
ret = (*certtypes[j].eval)(context, tbs, &ctopt);
ret = (*certtypes[j].eval)(contextp, tbs, &ctopt);
if (ret)
hx509_err(context, 1, ret,
hx509_err(contextp, 1, ret,
"Failed to evaluate cert type %s", type);
break;
}
@@ -1697,47 +1698,47 @@ eval_types(hx509_context context,
if (!ctopt.pkinit)
errx(1, "pk-init principal given but no pk-init oid");
ret = hx509_ca_tbs_add_san_pkinit(context, tbs,
ret = hx509_ca_tbs_add_san_pkinit(contextp, tbs,
opt->pk_init_principal_string);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_pkinit");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_pkinit");
}
if (opt->ms_upn_string) {
if (!ctopt.pkinit)
errx(1, "MS upn given but no pk-init oid");
ret = hx509_ca_tbs_add_san_ms_upn(context, tbs, opt->ms_upn_string);
ret = hx509_ca_tbs_add_san_ms_upn(contextp, tbs, opt->ms_upn_string);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_ms_upn");
}
for (i = 0; i < opt->hostname_strings.num_strings; i++) {
const char *hostname = opt->hostname_strings.strings[i];
ret = hx509_ca_tbs_add_san_hostname(context, tbs, hostname);
ret = hx509_ca_tbs_add_san_hostname(contextp, tbs, hostname);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname");
}
for (i = 0; i < opt->email_strings.num_strings; i++) {
const char *email = opt->email_strings.strings[i];
ret = hx509_ca_tbs_add_san_rfc822name(context, tbs, email);
ret = hx509_ca_tbs_add_san_rfc822name(contextp, tbs, email);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_hostname");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_hostname");
ret = hx509_ca_tbs_add_eku(context, tbs,
ret = hx509_ca_tbs_add_eku(contextp, tbs,
&asn1_oid_id_pkix_kp_emailProtection);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_eku");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_eku");
}
if (opt->jid_string) {
ret = hx509_ca_tbs_add_san_jid(context, tbs, opt->jid_string);
ret = hx509_ca_tbs_add_san_jid(contextp, tbs, opt->jid_string);
if (ret)
hx509_err(context, 1, ret, "hx509_ca_tbs_add_san_jid");
hx509_err(contextp, 1, ret, "hx509_ca_tbs_add_san_jid");
}
return 0;

16
lib/hx509/ks_dir.c
View File

@@ -202,16 +202,12 @@ dir_iter_end(hx509_context context,
static struct hx509_keyset_ops keyset_dir = {
"DIR",
0,
dir_init,
NULL,
dir_free,
NULL,
NULL,
dir_iter_start,
dir_iter,
dir_iter_end
.name = "DIR",
.init = dir_init,
.free = dir_free,
.iter_start = dir_iter_start,
.iter = dir_iter,
.iter_end = dir_iter_end,
};
void

8
lib/hx509/ks_file.c
View File

@@ -177,7 +177,8 @@ parse_pem_private_key(hx509_context context, const char *fn,
const EVP_CIPHER *cipher;
const struct _hx509_password *pw;
hx509_lock lock;
int i, decrypted = 0;
int decrypted = 0;
size_t i;
lock = _hx509_collector_get_lock(c);
if (lock == NULL) {
@@ -329,7 +330,8 @@ pem_func(hx509_context context, const char *type,
const void *data, size_t len, void *ctx)
{
struct pem_ctx *pem_ctx = (struct pem_ctx*)ctx;
int ret = 0, j;
int ret = 0;
size_t j;
for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
const char *q = formats[j].name;
@@ -436,7 +438,7 @@ file_init_common(hx509_context context,
else if (ret == HX509_PARSING_KEY_FAILED) {
size_t length;
void *ptr;
int i;
size_t i;
ret = rk_undumpdata(p, &ptr, &length);
if (ret) {

18
lib/hx509/ks_p11.c
View File

@@ -152,7 +152,7 @@ p11_rsa_private_encrypt(int flen,
}
ret = P11FUNC(p11rsa->p, Sign,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize));
(session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
return -1;
@@ -190,7 +190,7 @@ p11_rsa_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
}
ret = P11FUNC(p11rsa->p, Decrypt,
(session, (CK_BYTE *)from, flen, to, &ck_sigsize));
(session, (CK_BYTE *)(intptr_t)from, flen, to, &ck_sigsize));
p11_put_session(p11rsa->p, p11rsa->slot, session);
if (ret != CKR_OK)
return -1;
@@ -878,7 +878,8 @@ p11_init(hx509_context context,
{
CK_SLOT_ID_PTR slot_ids;
int i, num_tokens = 0;
int num_tokens = 0;
size_t i;
slot_ids = malloc(p->num_slots * sizeof(*slot_ids));
if (slot_ids == NULL) {
@@ -933,7 +934,7 @@ p11_init(hx509_context context,
static void
p11_release_module(struct p11_module *p)
{
int i;
size_t i;
if (p->ref == 0)
_hx509_abort("pkcs11 ref to low");
@@ -957,7 +958,7 @@ p11_release_module(struct p11_module *p)
free(p->slot[i].mechs.list);
if (p->slot[i].mechs.infos) {
int j;
size_t j;
for (j = 0 ; j < p->slot[i].mechs.num ; j++)
free(p->slot[i].mechs.infos[j]);
@@ -981,7 +982,7 @@ static int
p11_free(hx509_certs certs, void *data)
{
struct p11_module *p = data;
int i;
size_t i;
for (i = 0; i < p->num_slots; i++) {
if (p->slot[i].certs)
@@ -1002,7 +1003,8 @@ p11_iter_start(hx509_context context,
{
struct p11_module *p = data;
struct p11_cursor *c;
int ret, i;
int ret;
size_t i;
c = malloc(sizeof(*c));
if (c == NULL) {
@@ -1103,7 +1105,7 @@ p11_printinfo(hx509_context context,
void *ctx)
{
struct p11_module *p = data;
int i, j;
size_t i, j;
_hx509_pi_printf(func, ctx, "pkcs11 driver with %d slot%s",
p->num_slots, p->num_slots > 1 ? "s" : "");

12
lib/hx509/ks_p12.c
View File

@@ -56,7 +56,7 @@ parse_pkcs12_type(hx509_context, struct hx509_collector *, const heim_oid *,
static const PKCS12_Attribute *
find_attribute(const PKCS12_Attributes *attrs, const heim_oid *oid)
{
int i;
size_t i;
if (attrs == NULL)
return NULL;
for (i = 0; i < attrs->len; i++)
@@ -168,7 +168,7 @@ certBag_parser(hx509_context context,
const heim_oid *oids[] = {
&asn1_oid_id_pkcs_9_at_localKeyId, &asn1_oid_id_pkcs_9_at_friendlyName
};
int i;
size_t i;
for (i = 0; i < sizeof(oids)/sizeof(oids[0]); i++) {
const heim_oid *oid = oids[i];
@@ -190,7 +190,8 @@ parse_safe_content(hx509_context context,
const unsigned char *p, size_t len)
{
PKCS12_SafeContents sc;
int ret, i;
int ret;
size_t i;
memset(&sc, 0, sizeof(sc));
@@ -310,7 +311,7 @@ parse_pkcs12_type(hx509_context context,
const void *data, size_t length,
const PKCS12_Attributes *attrs)
{
int i;
size_t i;
for (i = 0; i < sizeof(bagtypes)/sizeof(bagtypes[0]); i++)
if (der_heim_oid_cmp(bagtypes[i].oid, oid) == 0)
@@ -327,7 +328,8 @@ p12_init(hx509_context context,
void *buf;
PKCS12_PFX pfx;
PKCS12_AuthenticatedSafe as;
int ret, i;
int ret;
size_t i;
struct hx509_collector *c;
*data = NULL;

2
lib/hx509/lock.c
View File

@@ -121,7 +121,7 @@ _hx509_lock_unlock_certs(hx509_lock lock)
void
hx509_lock_reset_passwords(hx509_lock lock)
{
int i;
size_t i;
for (i = 0; i < lock->password.len; i++)
free(lock->password.val[i]);
free(lock->password.val);

38
lib/hx509/name.c
View File

@@ -66,17 +66,17 @@ static const struct {
const heim_oid *o;
wind_profile_flags flags;
} no[] = {
{ "C", &asn1_oid_id_at_countryName },
{ "CN", &asn1_oid_id_at_commonName },
{ "DC", &asn1_oid_id_domainComponent },
{ "L", &asn1_oid_id_at_localityName },
{ "O", &asn1_oid_id_at_organizationName },
{ "OU", &asn1_oid_id_at_organizationalUnitName },
{ "S", &asn1_oid_id_at_stateOrProvinceName },
{ "STREET", &asn1_oid_id_at_streetAddress },
{ "UID", &asn1_oid_id_Userid },
{ "emailAddress", &asn1_oid_id_pkcs9_emailAddress },
{ "serialNumber", &asn1_oid_id_at_serialNumber }
{ "C", &asn1_oid_id_at_countryName, 0 },
{ "CN", &asn1_oid_id_at_commonName, 0 },
{ "DC", &asn1_oid_id_domainComponent, 0 },
{ "L", &asn1_oid_id_at_localityName, 0 },
{ "O", &asn1_oid_id_at_organizationName, 0 },
{ "OU", &asn1_oid_id_at_organizationalUnitName, 0 },
{ "S", &asn1_oid_id_at_stateOrProvinceName, 0 },
{ "STREET", &asn1_oid_id_at_streetAddress, 0 },
{ "UID", &asn1_oid_id_Userid, 0 },
{ "emailAddress", &asn1_oid_id_pkcs9_emailAddress, 0 },
{ "serialNumber", &asn1_oid_id_at_serialNumber, 0 }
};
static char *
@@ -159,7 +159,8 @@ oidtostring(const heim_oid *type)
static int
stringtooid(const char *name, size_t len, heim_oid *oid)
{
int i, ret;
int ret;
size_t i;
char *s;
memset(oid, 0, sizeof(*oid));
@@ -200,14 +201,16 @@ int
_hx509_Name_to_string(const Name *n, char **str)
{
size_t total_len = 0;
int i, j, ret;
size_t i, j, m;
int ret;
*str = strdup("");
if (*str == NULL)
return ENOMEM;
for (i = n->u.rdnSequence.len - 1 ; i >= 0 ; i--) {
for (m = n->u.rdnSequence.len; m > 0; m--) {
size_t len;
i = m - 1;
for (j = 0; j < n->u.rdnSequence.val[i].len; j++) {
DirectoryString *ds = &n->u.rdnSequence.val[i].val[j].value;
@@ -438,7 +441,8 @@ _hx509_name_ds_cmp(const DirectoryString *ds1,
int
_hx509_name_cmp(const Name *n1, const Name *n2, int *c)
{
int ret, i, j;
int ret;
size_t i, j;
*c = n1->u.rdnSequence.len - n2->u.rdnSequence.len;
if (*c)
@@ -610,7 +614,7 @@ hx509_parse_name(hx509_context context, const char *str, hx509_name *name)
goto out;
}
if ((q - p) > len) {
if ((size_t)(q - p) > len) {
ret = HX509_PARSING_NAME_FAILED;
hx509_set_error_string(context, 0, ret, " = after , in %s", p);
goto out;
@@ -727,7 +731,7 @@ hx509_name_expand(hx509_context context,
hx509_env env)
{
Name *n = &name->der_name;
int i, j;
size_t i, j;
if (env == NULL)
return 0;

19
lib/hx509/print.c
View File

@@ -163,7 +163,7 @@ void
hx509_bitstring_print(const heim_bit_string *b,
hx509_vprint_func func, void *ctx)
{
int i;
size_t i;
print_func(func, ctx, "\tlength: %d\n\t", b->length);
for (i = 0; i < (b->length + 7) / 8; i++)
print_func(func, ctx, "%02x%s%s",
@@ -481,7 +481,8 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
{
CRLDistributionPoints dp;
size_t size;
int ret, i;
int ret;
size_t i;
check_Null(ctx, status, cf, e);
@@ -499,7 +500,7 @@ check_CRLDistributionPoints(hx509_validate_ctx ctx,
if (dp.val[i].distributionPoint) {
DistributionPointName dpname;
heim_any *data = dp.val[i].distributionPoint;
int j;
size_t j;
ret = decode_DistributionPointName(data->data, data->length,
&dpname, NULL);
@@ -565,7 +566,8 @@ check_altName(hx509_validate_ctx ctx,
{
GeneralNames gn;
size_t size;
int ret, i;
int ret;
size_t i;
check_Null(ctx, status, cf, e);
@@ -717,7 +719,8 @@ check_authorityInfoAccess(hx509_validate_ctx ctx,
{
AuthorityInfoAccessSyntax aia;
size_t size;
int ret, i;
int ret;
size_t i;
check_Null(ctx, status, cf, e);
@@ -773,7 +776,7 @@ struct {
{ ext(certificateIssuer, Null), M_C },
{ ext(nameConstraints, Null), M_C },
{ ext(cRLDistributionPoints, CRLDistributionPoints), S_N_C },
{ ext(certificatePolicies, Null) },
{ ext(certificatePolicies, Null), 0 },
{ ext(policyMappings, Null), M_N_C },
{ ext(authorityKeyIdentifier, authorityKeyIdentifier), M_N_C },
{ ext(policyConstraints, Null), D_C },
@@ -789,7 +792,7 @@ struct {
check_Null, D_C },
{ "Netscape cert comment", &asn1_oid_id_netscape_cert_comment,
check_Null, D_C },
{ NULL }
{ NULL, NULL, NULL, 0 }
};
/**
@@ -936,7 +939,7 @@ hx509_validate_cert(hx509_context context,
free(str);
if (t->extensions) {
int i, j;
size_t i, j;
if (t->extensions->len == 0) {
validate_print(ctx,

13
lib/hx509/revoke.c
View File

@@ -349,7 +349,7 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
}
if (basic.certs) {
int i;
size_t i;
ret = hx509_certs_init(context, "MEMORY:ocsp-certs", 0,
NULL, &certs);
@@ -760,8 +760,7 @@ hx509_revoke_verify(hx509_context context,
if (ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate) {
if (*ocsp->ocsp.tbsResponseData.responses.val[j].nextUpdate < now)
continue;
} else
/* Should force a refetch, but can we ? */;
} /* else should force a refetch, but can we ? */
return 0;
}
@@ -1076,7 +1075,8 @@ int
hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
{
struct revoke_ocsp ocsp;
int ret, i;
int ret;
size_t i;
if (out == NULL)
out = stdout;
@@ -1141,7 +1141,7 @@ hx509_revoke_ocsp_print(hx509_context context, const char *path, FILE *out)
status = "element unknown";
}
fprintf(out, "\t%d. status: %s\n", i, status);
fprintf(out, "\t%zu. status: %s\n", i, status);
fprintf(out, "\tthisUpdate: %s\n",
printable_time(ocsp.ocsp.tbsResponseData.responses.val[i].thisUpdate));
@@ -1188,7 +1188,8 @@ hx509_ocsp_verify(hx509_context context,
{
const Certificate *c = _hx509_get_cert(cert);
OCSPBasicOCSPResponse basic;
int ret, i;
int ret;
size_t i;
if (now == 0)
now = time(NULL);

2
lib/hx509/sel.c
View File

@@ -223,7 +223,7 @@ _hx509_expr_parse(const char *buf)
}
void
_hx509_sel_yyerror (char *s)
_hx509_sel_yyerror (const char *s)
{
if (_hx509_expr_input.error)
free(_hx509_expr_input.error);

2
lib/hx509/sel.h
View File

@@ -78,5 +78,5 @@ extern struct hx_expr_input _hx509_expr_input;
int _hx509_sel_yyparse(void);
int _hx509_sel_yylex(void);
void _hx509_sel_yyerror(char *);
void _hx509_sel_yyerror(const char *);

37
lib/hx509/softp11.c
View File

@@ -140,9 +140,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
va_start(ap, fmt);
len = vsnprintf(str, size, fmt, ap);
va_end(ap);
if (len < 0 || len > size)
if (len < 0 || (size_t)len > size)
return;
while(len < size)
while ((size_t)len < size)
str[len++] = fillchar;
}
@@ -152,9 +152,9 @@ snprintf_fill(char *str, size_t size, char fillchar, const char *fmt, ...)
#define VERIFY_SESSION_HANDLE(s, state) \
{ \
CK_RV ret; \
ret = verify_session_handle(s, state); \
if (ret != CKR_OK) { \
CK_RV xret; \
xret = verify_session_handle(s, state); \
if (xret != CKR_OK) { \
/* return CKR_OK */; \
} \
}
@@ -163,7 +163,7 @@ static CK_RV
verify_session_handle(CK_SESSION_HANDLE hSession,
struct session_state **state)
{
int i;
size_t i;
for (i = 0; i < MAX_NUM_SESSION; i++){
if (soft_token.state[i].session_handle == hSession)
@@ -421,6 +421,7 @@ struct foo {
static int
add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
{
static char empty[] = "";
struct foo *foo = (struct foo *)ctx;
struct st_object *o = NULL;
CK_OBJECT_CLASS type;
@@ -520,8 +521,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
mech_type = CKM_RSA_X_509;
@@ -557,8 +558,8 @@ add_cert(hx509_context hxctx, void *ctx, hx509_cert cert)
add_object_attribute(o, 0, CKA_KEY_TYPE, &key_type, sizeof(key_type));
add_object_attribute(o, 0, CKA_ID, foo->id, strlen(foo->id));
add_object_attribute(o, 0, CKA_START_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, "", 1); /* XXX */
add_object_attribute(o, 0, CKA_START_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_END_DATE, empty, 1); /* XXX */
add_object_attribute(o, 0, CKA_DERIVE, &bool_false, sizeof(bool_false));
add_object_attribute(o, 0, CKA_LOCAL, &bool_false, sizeof(bool_false));
mech_type = CKM_RSA_X_509;
@@ -859,7 +860,7 @@ C_Initialize(CK_VOID_PTR a)
{
CK_C_INITIALIZE_ARGS_PTR args = a;
CK_RV ret;
int i;
size_t i;
st_logf("Initialize\n");
@@ -916,7 +917,7 @@ C_Initialize(CK_VOID_PTR a)
CK_RV
C_Finalize(CK_VOID_PTR args)
{
int i;
size_t i;
INIT_CONTEXT();
@@ -1112,7 +1113,7 @@ C_OpenSession(CK_SLOT_ID slotID,
CK_NOTIFY Notify,
CK_SESSION_HANDLE_PTR phSession)
{
int i;
size_t i;
INIT_CONTEXT();
st_logf("OpenSession: slot: %d\n", (int)slotID);
@@ -1155,7 +1156,7 @@ C_CloseSession(CK_SESSION_HANDLE hSession)
CK_RV
C_CloseAllSessions(CK_SLOT_ID slotID)
{
int i;
size_t i;
INIT_CONTEXT();
st_logf("CloseAllSessions\n");
@@ -1429,7 +1430,7 @@ commonInit(CK_ATTRIBUTE *attr_match, int attr_match_len,
static CK_RV
dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
dup_mechanism(CK_MECHANISM_PTR *dp, const CK_MECHANISM_PTR pMechanism)
{
CK_MECHANISM_PTR p;
@@ -1437,9 +1438,9 @@ dup_mechanism(CK_MECHANISM_PTR *dup, const CK_MECHANISM_PTR pMechanism)
if (p == NULL)
return CKR_DEVICE_MEMORY;
if (*dup)
free(*dup);
*dup = p;
if (*dp)
free(*dp);
*dp = p;
memcpy(p, pMechanism, sizeof(*p));
return CKR_OK;

24
lib/ipc/client.c
View File

@@ -393,7 +393,7 @@ unix_socket_ipc(void *ctx,
if (net_write(s->fd, &len, sizeof(len)) != sizeof(len))
return -1;
if (net_write(s->fd, req->data, req->length) != req->length)
if (net_write(s->fd, req->data, req->length) != (ssize_t)req->length)
return -1;
if (net_read(s->fd, &len, sizeof(len)) != sizeof(len))
@@ -407,7 +407,7 @@ unix_socket_ipc(void *ctx,
rep->data = malloc(rep->length);
if (rep->data == NULL)
return -1;
if (net_read(s->fd, rep->data, rep->length) != rep->length)
if (net_read(s->fd, rep->data, rep->length) != (ssize_t)rep->length)
return -1;
} else
rep->data = NULL;
@@ -489,9 +489,9 @@ struct hipc_ops ipcs[] = {
{ "MACH", mach_init, mach_release, mach_ipc, mach_async },
#endif
#ifdef HAVE_DOOR
{ "DOOR", door_init, common_release, door_ipc }
{ "DOOR", door_init, common_release, door_ipc, NULL }
#endif
{ "UNIX", unix_socket_init, common_release, unix_socket_ipc }
{ "UNIX", unix_socket_init, common_release, unix_socket_ipc, NULL }
};
struct heim_ipc {
@@ -546,29 +546,29 @@ heim_ipc_free_context(heim_ipc ctx)
}
int
heim_ipc_call(heim_ipc ctx, const heim_idata *send, heim_idata *recv,
heim_ipc_call(heim_ipc ctx, const heim_idata *snd, heim_idata *rcv,
heim_icred *cred)
{
if (cred)
*cred = NULL;
return (ctx->ops->ipc)(ctx->ctx, send, recv, cred);
return (ctx->ops->ipc)(ctx->ctx, snd, rcv, cred);
}
int
heim_ipc_async(heim_ipc ctx, const heim_idata *send, void *userctx,
heim_ipc_async(heim_ipc ctx, const heim_idata *snd, void *userctx,
void (*func)(void *, int, heim_idata *, heim_icred))
{
if (ctx->ops->async == NULL) {
heim_idata recv;
heim_idata rcv;
heim_icred cred = NULL;
int ret;
ret = (ctx->ops->ipc)(ctx->ctx, send, &recv, &cred);
(*func)(userctx, ret, &recv, cred);
ret = (ctx->ops->ipc)(ctx->ctx, snd, &rcv, &cred);
(*func)(userctx, ret, &rcv, cred);
heim_ipc_free_cred(cred);
free(recv.data);
free(rcv.data);
return ret;
} else {
return (ctx->ops->async)(ctx->ctx, send, userctx, func);
return (ctx->ops->async)(ctx->ctx, snd, userctx, func);
}
}

4
lib/ipc/server.c
View File

@@ -557,7 +557,7 @@ update_client_creds(struct client *c)
#endif
#if defined(SOCKCREDSIZE) && defined(SCM_CREDS)
/* NetBSD */
if (c->unixrights.uid == -1) {
if (c->unixrights.uid == (uid_t)-1) {
struct msghdr msg;
socklen_t crmsgsize;
void *crmsg;
@@ -959,7 +959,7 @@ handle_write(struct client *c)
if (len <= 0) {
c->flags |= WAITING_CLOSE;
c->flags &= ~(WAITING_WRITE);
} else if (c->olen != len) {
} else if (c->olen != (size_t)len) {
memmove(&c->outmsg[0], &c->outmsg[len], c->olen - len);
c->olen -= len;
} else {

Some files were not shown because too many files have changed in this diff Show More