TRY_CC_FLAG(-Wno-format-zero-length)
# Other flags here may not be supported on some versions of
# gcc that people want to use.
- for flag in overflow strict-overflow missing-format-attribute ; do
+ for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof ; do
TRY_CC_FLAG(-W$flag)
done
# old-style-definition? generates many, many warnings
--- /dev/null
+/*
+ * include/k5-gmt_mktime.h
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ * require a specific license from the United States Government.
+ * It is the responsibility of any person or organization contemplating
+ * export to obtain such a license before exporting.
+ *
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose. It is provided "as is" without express
+ * or implied warranty.
+ *
+ *
+ * GMT struct tm conversion
+ *
+ * Because of ordering of things in the UNIX build, we can't just keep
+ * the declaration in k5-int.h and include it in
+ * util/support/gmt_mktime.c, since k5-int.h includes krb5.h which
+ * hasn't been built when gmt_mktime.c gets compiled. Hence this
+ * silly little helper header.
+ */
+
+#ifndef K5_GMT_MKTIME_H
+#define K5_GMT_MKTIME_H
+
+#include "autoconf.h"
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+#else
+#include <time.h>
+#endif
+
+time_t krb5int_gmt_mktime (struct tm *);
+
+#endif /* K5_GMT_MKTIME_H */
#include <stdio.h>
+#include "k5-gmt_mktime.h"
+
struct addrlist;
struct sendto_callback_info;
(krb5_int32 *,
krb5_int32 *);
-time_t krb5int_gmt_mktime (struct tm *);
-
#endif /* KRB5_OLD_CRYPTO */
/* this helper fct is in libkrb5, but it makes sense declared here. */
krb5_pointer ivec, krb5_enc_data *data,
krb5_data *enc_data);
+krb5_error_code
+krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
+krb5_error_code
+krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
+ const krb5_data *input, krb5_data *output);
+
struct _krb5_kt_ops;
struct _krb5_kt { /* should move into k5-int.h */
krb5_magic magic;
If we find a platform with non-functional stubs and no weak
references, we may have to resort to some hack like dlsym on the
symbol tables of the current process. */
+extern int krb5int_pthread_loaded(void)
+#ifdef __GNUC__
+ /* We should always get the same answer for the life of the process. */
+ __attribute__((const))
+#endif
+ ;
#if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS)
# pragma weak pthread_once
# pragma weak pthread_mutex_lock
# pragma weak pthread_mutex_init
# pragma weak pthread_self
# pragma weak pthread_equal
-extern int krb5int_pthread_loaded(void)
-#ifdef __GNUC__
- /* We should always get the same answer for the life of the process. */
- __attribute__((const))
-#endif
- ;
# define K5_PTHREADS_LOADED (krb5int_pthread_loaded())
# define USE_PTHREAD_LOCK_ONLY_IF_LOADED
err = kim_identity_compare (in_identity, identity, &found);
if (!err && found) {
+ kim_error terr = KIM_NO_ERROR;
kim_count new_count = io_favorite_identities->count - 1;
+
memmove (&io_favorite_identities->identities[i],
&io_favorite_identities->identities[i + 1],
(new_count - i) * sizeof (*io_favorite_identities->identities));
- kim_error terr = kim_favorite_identities_resize (io_favorite_identities, new_count);
+ terr = kim_favorite_identities_resize (io_favorite_identities, new_count);
if (terr) {
kim_debug_printf ("failed to resize list to %d. Continuing.", new_count);
}
{
typedef TextEncoding (*GetApplicationTextEncodingProcPtr) (void);
GetApplicationTextEncodingProcPtr GetApplicationTextEncodingPtr = NULL;
+ CFBundleRef carbonBundle = NULL;
if (kim_os_library_caller_is_server ()) {
return kCFStringEncodingUTF8; /* server only does UTF8 */
}
- CFBundleRef carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon"));
+ carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon"));
if (carbonBundle != NULL && CFBundleIsExecutableLoaded (carbonBundle)) {
GetApplicationTextEncodingPtr = (GetApplicationTextEncodingProcPtr) CFBundleGetFunctionPointerForName (carbonBundle,
CFSTR ("GetApplicationTextEncoding"));
krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
size_t *length)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype)
krb5_error_code KRB5_CALLCONV
krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == cksumtype) {
&krb5int_hash_sha1, 12 },
};
-const int krb5_cksumtypes_length =
+const unsigned int krb5_cksumtypes_length =
sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes);
#include "k5-int.h"
extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
-extern const int krb5_cksumtypes_length;
+extern const unsigned int krb5_cksumtypes_length;
krb5_boolean KRB5_CALLCONV
krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == ctype)
void
mit_des_fixup_key_parity(mit_des_cblock key)
{
- int i;
+ unsigned int i;
for (i=0; i<sizeof(mit_des_cblock); i++)
{
key[i] &= 0xfe;
int
mit_des_check_key_parity(mit_des_cblock key)
{
- int i;
+ unsigned int i;
for (i=0; i<sizeof(mit_des_cblock); i++)
{
krb5_ui_4 ui[4];
mit_des_cblock cb;
} temp;
- int i;
+ unsigned int i;
krb5_ui_4 x, y, z;
unsigned char *p;
des_key_schedule sched;
int
mit_des_is_weak_key(mit_des_cblock key)
{
- int i;
+ unsigned int i;
const mit_des_cblock *weak_p = weak;
for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
krb5_data *output)
{
unsigned long c, cn;
- int i;
+ unsigned int i;
if (output->length != CRC32_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
krb5_data *output)
{
krb5_MD4_CTX ctx;
- int i;
+ unsigned int i;
if (output->length != RSA_MD4_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
krb5_data *output)
{
krb5_MD5_CTX ctx;
- int i;
+ unsigned int i;
if (output->length != RSA_MD5_CKSUM_LENGTH)
return(KRB5_CRYPTO_INTERNAL);
krb5_data *output)
{
SHS_INFO ctx;
- int i;
+ unsigned int i;
if (output->length != SHS_DIGESTSIZE)
return(KRB5_CRYPTO_INTERNAL);
{
size_t hashsize, blocksize;
unsigned char *xorkey, *ihash;
- int i;
+ unsigned int i;
krb5_data *hashin, hashout;
krb5_error_code ret;
krb5_boolean KRB5_CALLCONV
krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == ctype) {
krb5_MD4_CTX ctx;
unsigned char conf[CONFLENGTH];
unsigned char xorkey[8];
- int i;
+ unsigned int i;
mit_des_key_schedule schedule;
if (key->length != 8)
krb5_MD4_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD4_CKSUM_LENGTH];
unsigned char xorkey[8];
- int i;
+ unsigned int i;
mit_des_key_schedule schedule;
int compathash = 0;
krb5_MD5_CTX ctx;
unsigned char conf[CONFLENGTH];
unsigned char xorkey[8];
- int i;
+ unsigned int i;
mit_des_key_schedule schedule;
if (key->length != 8)
krb5_MD5_CTX ctx;
unsigned char plaintext[CONFLENGTH+RSA_MD5_CKSUM_LENGTH];
unsigned char xorkey[8];
- int i;
+ unsigned int i;
mit_des_key_schedule schedule;
int compathash = 0;
const krb5_keyblock *key, krb5_keyusage usage,
const krb5_data *input, krb5_checksum *cksum)
{
- int i, e1, e2;
+ unsigned int i;
+ int e1, e2;
krb5_data data;
krb5_error_code ret;
size_t cksumlen;
static int debug_hmac = 0;
static void printd (const char *descr, krb5_data *d) {
- int i, j;
+ unsigned int i, j;
const int r = 16;
printf("%s:", descr);
{
unsigned char ibytes[4];
size_t tlen;
- int j, k;
+ unsigned int j, k;
krb5_keyblock pdata;
krb5_data sdata;
krb5_data out;
void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
{
SHS_LONG tmp;
- int dataCount, canfill;
+ unsigned int dataCount;
+ int canfill;
SHS_LONG *lp;
/* Update bitcount */
shsInfo->countHi += count >> 29;
/* Get count of bytes already in data */
- dataCount = (int) (tmp >> 3) & 0x3F;
+ dataCount = (tmp >> 3) & 0x3F;
/* Handle any leading odd-sized chunks */
if (dataCount) {
krb5_error_code KRB5_CALLCONV
krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (strcasecmp(krb5_cksumtypes_list[i].in_string, string) == 0) {
krb5_boolean KRB5_CALLCONV
krb5_c_valid_cksumtype(krb5_cksumtype ctype)
{
- int i;
+ unsigned int i;
for (i=0; i<krb5_cksumtypes_length; i++) {
if (krb5_cksumtypes_list[i].ctype == ctype)
krb5_keyusage usage, const krb5_data *data,
const krb5_checksum *cksum, krb5_boolean *valid)
{
- int i;
+ unsigned int i;
size_t hashsize;
krb5_error_code ret;
krb5_data indata;
gss_OID * /* oid */
);
+int gssint_mecherrmap_init(void);
+void gssint_mecherrmap_destroy(void);
OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid);
int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
OM_uint32 *mech_minor);
make sure that buffer is consistent (release'able) when this
function exits, no matter what the exit value */
-int g_make_string_buffer(str, buffer)
- const char *str;
- gss_buffer_t buffer;
+int g_make_string_buffer(const char *str, gss_buffer_t buffer)
{
buffer->length = strlen(str);
{ "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" },
{ "{ 1 3 6 1 5 5 2 }", "spnego" },
};
- int i;
+ unsigned int i;
fprintf(f, "%lu@", (unsigned long) value.code);
#include "gssapi_err_generic.h"
#include "gssapi_err_krb5.h"
#include "gssapiP_krb5.h"
+#include "gssapiP_generic.h"
#include "gss_libinit.h"
#include "k5-platform.h"
int bigend;
krb5_gss_cred_id_t cred = 0;
krb5_data ap_rep, ap_req;
- int i;
+ unsigned int i;
krb5_error_code code;
krb5_address addr, *paddr;
krb5_authenticator *authdat = 0;
gss_cred_id_t cred_handle;
krb5_ccache out_ccache;
{
- OM_uint32 stat;
+ OM_uint32 major_status;
krb5_gss_cred_id_t k5creds;
krb5_cc_cursor cursor;
krb5_creds creds;
krb5_context context;
/* validate the cred handle */
- stat = krb5_gss_validate_cred(minor_status, cred_handle);
- if (stat)
- return(stat);
+ major_status = krb5_gss_validate_cred(minor_status, cred_handle);
+ if (major_status)
+ return(major_status);
k5creds = (krb5_gss_cred_id_t) cred_handle;
code = k5_mutex_lock(&k5creds->lock);
krb5_ser_context_init, krb5_ser_auth_context_init,
krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
};
- int i;
+ unsigned int i;
for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
if ((code = (fns[i])(context)) != 0)
krb5_context context)
{
krb5_error_code code;
- int i;
+ unsigned int i;
krb5int_access kaccess;
code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
OM_uint32
krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
acceptor_name, lifetime_rec, mech_type, ret_flags,
- locally_initiated, open)
+ locally_initiated, opened)
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_name_t *initiator_name;
gss_OID *mech_type;
OM_uint32 *ret_flags;
int *locally_initiated;
- int *open;
+ int *opened;
{
krb5_context context;
krb5_error_code code;
krb5_gss_ctx_id_rec *ctx;
- krb5_principal init, accept;
+ krb5_principal initiator, acceptor;
krb5_timestamp now;
krb5_deltat lifetime;
return(GSS_S_NO_CONTEXT);
}
- init = NULL;
- accept = NULL;
+ initiator = NULL;
+ acceptor = NULL;
context = ctx->k5_context;
if ((code = krb5_timeofday(context, &now))) {
if (initiator_name) {
if ((code = krb5_copy_principal(context,
ctx->initiate?ctx->here:ctx->there,
- &init))) {
+ &initiator))) {
*minor_status = code;
save_error_info(*minor_status, context);
return(GSS_S_FAILURE);
}
- if (! kg_save_name((gss_name_t) init)) {
- krb5_free_principal(context, init);
+ if (! kg_save_name((gss_name_t) initiator)) {
+ krb5_free_principal(context, initiator);
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
if (acceptor_name) {
if ((code = krb5_copy_principal(context,
ctx->initiate?ctx->there:ctx->here,
- &accept))) {
- if (init) krb5_free_principal(context, init);
+ &acceptor))) {
+ if (initiator) krb5_free_principal(context, initiator);
*minor_status = code;
save_error_info(*minor_status, context);
return(GSS_S_FAILURE);
}
- if (! kg_save_name((gss_name_t) accept)) {
- krb5_free_principal(context, accept);
- if (init) {
- kg_delete_name((gss_name_t) init);
- krb5_free_principal(context, init);
+ if (! kg_save_name((gss_name_t) acceptor)) {
+ krb5_free_principal(context, acceptor);
+ if (initiator) {
+ kg_delete_name((gss_name_t) initiator);
+ krb5_free_principal(context, initiator);
}
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
return(GSS_S_FAILURE);
}
if (initiator_name)
- *initiator_name = (gss_name_t) init;
+ *initiator_name = (gss_name_t) initiator;
if (acceptor_name)
- *acceptor_name = (gss_name_t) accept;
+ *acceptor_name = (gss_name_t) acceptor;
if (lifetime_rec)
*lifetime_rec = lifetime;
if (locally_initiated)
*locally_initiated = ctx->initiate;
- if (open)
- *open = ctx->established;
+ if (opened)
+ *opened = ctx->established;
*minor_status = 0;
return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
int signalg,
size_t cksum_size,
int sealalg,
- int encrypt,
+ int do_encrypt,
int toktype,
int bigend,
gss_OID oid)
krb5_keyusage sign_usage = KG_USAGE_SIGN;
- assert((!encrypt) || (toktype == KG_TOK_SEAL_MSG));
+ assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG));
/* create the token buffer */
/* Do we need confounder? */
- if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
+ if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
conflen = kg_confounder_size(context, enc);
else conflen = 0;
ptr[1] = (signalg >> 8) & 0xff;
/* 2..3 SEAL_ALG or Filler */
- if ((toktype == KG_TOK_SEAL_MSG) && encrypt) {
+ if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) {
ptr[2] = sealalg & 0xff;
ptr[3] = (sealalg >> 8) & 0xff;
} else {
return(code);
}
- if (encrypt) {
+ if (do_encrypt) {
switch(sealalg) {
case SEAL_ALG_MICROSOFT_RC4:
{
};
#endif
-#if 1
#define gssint_get_mech_configs krb5_gss_get_mech_configs
-#endif
gss_mechanism *
gssint_get_mech_configs(void)
static OM_uint32
k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
lifetime_rec, mech_type, ret_flags,
- locally_initiated, open)
+ locally_initiated, opened)
void *ctx;
OM_uint32 *minor_status;
gss_ctx_id_t context_handle;
gss_OID *mech_type;
OM_uint32 *ret_flags;
int *locally_initiated;
- int *open;
+ int *opened;
{
return(krb5_gss_inquire_context(minor_status, context_handle,
initiator_name, acceptor_name, lifetime_rec,
mech_type, ret_flags, locally_initiated,
- open));
+ opened));
}
static OM_uint32
OM_uint32 num_ktypes,
krb5_enctype *ktypes)
{
- int i;
+ unsigned int i;
krb5_enctype * new_ktypes;
OM_uint32 major_status;
krb5_gss_cred_id_t cred;
{
krb5_error_code code;
krb5_keyblock *tmpkey;
- int i;
+ unsigned int i;
code = krb5_copy_keyblock(context, key, &tmpkey);
if (code)
gss_OID_set mechs;
gss_OID_desc default_OID;
gss_mechanism mech;
- int i;
+ unsigned int i;
gss_union_cred_t creds;
major = val_acq_cred_args(minor_status,
OM_uint32 *minorStatus;
gss_OID_set *mechSet;
{
- int i, j;
+ unsigned int i, j;
gss_OID curItem;
/* Initialize outputs. */
static void
free_mechSet(void)
{
- int i;
+ unsigned int i;
if (g_mechSet.count != 0) {
for (i = 0; i < g_mechSet.count; i++)
/* ensure we have fresh data */
if (k5_mutex_lock(&g_mechListLock) != 0)
- return GSS_S_FAILURE;
+ return NULL;
updateMechList();
aMech = searchMechList(oid);
(void) k5_mutex_unlock(&g_mechListLock);
static void
init_hardcoded(void)
{
- extern gss_mechanism *krb5_gss_get_mech_configs(void);
- extern gss_mechanism *spnego_gss_get_mech_configs(void);
gss_mechanism *cflist;
static int inited;
return NULL;
if (k5_mutex_lock(&g_mechListLock) != 0)
- return GSS_S_FAILURE;
+ return NULL;
/* check if the mechanism is already loaded */
if ((aMech = searchMechList(oid)) != NULL && aMech->mech) {
(void) k5_mutex_unlock(&g_mechListLock);
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
- int *open)
+ int *opened)
{
/* Initialize outputs. */
/* Last argument new for V2 */
OM_uint32 KRB5_CALLCONV
gss_inquire_context(
- minor_status,
- context_handle,
- src_name,
- targ_name,
- lifetime_rec,
- mech_type,
- ctx_flags,
- locally_initiated,
- open)
-
-OM_uint32 * minor_status;
-gss_ctx_id_t context_handle;
-gss_name_t * src_name;
-gss_name_t * targ_name;
-OM_uint32 * lifetime_rec;
-gss_OID * mech_type;
-OM_uint32 * ctx_flags;
-int * locally_initiated;
-int * open;
-
-
+ OM_uint32 *minor_status,
+ gss_ctx_id_t context_handle,
+ gss_name_t *src_name,
+ gss_name_t *targ_name,
+ OM_uint32 *lifetime_rec,
+ gss_OID *mech_type,
+ OM_uint32 *ctx_flags,
+ int *locally_initiated,
+ int *opened)
{
gss_union_ctx_id_t ctx;
gss_mechanism mech;
src_name, targ_name,
lifetime_rec,
mech_type, ctx_flags,
- locally_initiated, open);
+ locally_initiated, opened);
if (status != GSS_S_COMPLETE)
return (status);
NULL,
ctx_flags,
locally_initiated,
- open);
+ opened);
if (status != GSS_S_COMPLETE) {
map_error(minor_status, mech);
OM_uint32 * minor_status;
gss_OID_set * set;
{
- OM_uint32 index;
+ OM_uint32 i;
gss_OID oid;
if (minor_status)
*minor_status = 0;
- if (set ==NULL)
+ if (set == NULL)
return GSS_S_COMPLETE;
if (*set == GSS_C_NULL_OID_SET)
return(GSS_S_COMPLETE);
- for (index=0; index<(*set)->count; index++) {
- oid = &(*set)->elements[index];
+ for (i=0; i<(*set)->count; i++) {
+ oid = &(*set)->elements[i];
free(oid->elements);
}
free((*set)->elements);
struct gss_mech_config *next; /* next element in the list */
} *gss_mech_info;
+/* Mechanisms defined within our library */
+
+extern gss_mechanism *krb5_gss_get_mech_configs(void);
+extern gss_mechanism *spnego_gss_get_mech_configs(void);
+
/********************************************************/
/* Internal mechglue routines */
long numbuf;
long onumbuf;
OM_uint32 nbytes;
- int index;
+ int i;
unsigned char *op;
if (minor_status != NULL)
}
numbuf = onumbuf;
op += nbytes;
- index = -1;
+ i = -1;
while (numbuf) {
- op[index] = (unsigned char) numbuf & 0x7f;
- if (index != -1)
- op[index] |= 0x80;
- index--;
+ op[i] = (unsigned char) numbuf & 0x7f;
+ if (i != -1)
+ op[i] |= 0x80;
+ i--;
numbuf >>= 7;
}
while (isdigit(*bp))
gss_OID_set_desc *copy;
OM_uint32 minor = 0;
OM_uint32 major = GSS_S_COMPLETE;
- OM_uint32 index;
+ OM_uint32 i;
if (minor_status != NULL)
*minor_status = 0;
}
copy->count = oidset->count;
- for (index = 0; index < copy->count; index++) {
- gss_OID_desc *out = ©->elements[index];
- gss_OID_desc *in = &oidset->elements[index];
+ for (i = 0; i < copy->count; i++) {
+ gss_OID_desc *out = ©->elements[i];
+ gss_OID_desc *in = &oidset->elements[i];
if ((out->elements = (void *) malloc(in->length)) == NULL) {
major = GSS_S_FAILURE;
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
- int *open
+ int *opened
);
OM_uint32 spnego_gss_wrap_size_limit
&spnego_mechanism, NULL
};
-#if 1
#define gssint_get_mech_configs spnego_gss_get_mech_configs
-#endif
gss_mechanism *
gssint_get_mech_configs(void)
gss_OID *mech_type,
OM_uint32 *ctx_flags,
int *locally_initiated,
- int *open)
+ int *opened)
{
OM_uint32 ret = GSS_S_COMPLETE;
mech_type,
ctx_flags,
locally_initiated,
- open);
+ opened);
return (ret);
}
gss_name_t name, gss_cred_usage_t usage,
gss_cred_id_t *creds, gss_OID_set *rmechs)
{
- int i;
+ unsigned int i;
int found = 0;
- OM_uint32 stat = GSS_S_COMPLETE, tmpmin;
+ OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
gss_OID_set mechs, goodmechs;
- stat = gss_indicate_mechs(minor_status, &mechs);
+ major_status = gss_indicate_mechs(minor_status, &mechs);
- if (stat != GSS_S_COMPLETE) {
- return (stat);
+ if (major_status != GSS_S_COMPLETE) {
+ return (major_status);
}
- stat = gss_create_empty_oid_set(minor_status, rmechs);
+ major_status = gss_create_empty_oid_set(minor_status, rmechs);
- if (stat != GSS_S_COMPLETE) {
+ if (major_status != GSS_S_COMPLETE) {
(void) gss_release_oid_set(minor_status, &mechs);
- return (stat);
+ return (major_status);
}
- for (i = 0; i < mechs->count && stat == GSS_S_COMPLETE; i++) {
+ for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
if ((mechs->elements[i].length
!= spnego_mechanism.mech_type.length) ||
memcmp(mechs->elements[i].elements,
spnego_mechanism.mech_type.elements,
spnego_mechanism.mech_type.length)) {
- stat = gss_add_oid_set_member(minor_status,
- &mechs->elements[i],
- rmechs);
- if (stat == GSS_S_COMPLETE)
+ major_status = gss_add_oid_set_member(minor_status,
+ &mechs->elements[i],
+ rmechs);
+ if (major_status == GSS_S_COMPLETE)
found++;
}
}
* trim the list of mechanisms down to only those
* for which the creds are valid.
*/
- if (found > 0 && stat == GSS_S_COMPLETE && creds != NULL) {
- stat = gss_acquire_cred(minor_status,
- name, GSS_C_INDEFINITE, *rmechs, usage, creds,
- &goodmechs, NULL);
+ if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) {
+ major_status = gss_acquire_cred(minor_status,
+ name, GSS_C_INDEFINITE,
+ *rmechs, usage, creds,
+ &goodmechs, NULL);
/*
* Drop the old list in favor of the new
* "trimmed" list.
*/
(void) gss_release_oid_set(&tmpmin, rmechs);
- if (stat == GSS_S_COMPLETE) {
+ if (major_status == GSS_S_COMPLETE) {
(void) gssint_copy_oid_set(&tmpmin,
goodmechs, rmechs);
(void) gss_release_oid_set(&tmpmin, &goodmechs);
}
(void) gss_release_oid_set(&tmpmin, &mechs);
- if (found == 0 || stat != GSS_S_COMPLETE) {
+ if (found == 0 || major_status != GSS_S_COMPLETE) {
*minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
map_errcode(minor_status);
- if (stat == GSS_S_COMPLETE)
- stat = GSS_S_FAILURE;
+ if (major_status == GSS_S_COMPLETE)
+ major_status = GSS_S_FAILURE;
}
- return (stat);
+ return (major_status);
}
/* following are token creation and reading routines */
put_mech_set(gss_OID_set mechSet, gss_buffer_t buf)
{
unsigned char *ptr;
- int i;
+ unsigned int i;
unsigned int tlen, ilen;
tlen = ilen = 0;
gss_OID returned_mech;
OM_uint32 status;
int present;
- int i;
+ unsigned int i;
for (i = 0; i < mechset->count; i++) {
gss_test_oid_set_member(minor_status, &mechset->elements[i],
*/
/* ASN.1 primitive decoders */
+#include "k5-int.h" /* for krb5int_gmt_mktime */
#include "asn1_decode.h"
#include "asn1_get.h"
#include <stdio.h>
#define cleanup()\
return 0
-extern time_t krb5int_gmt_mktime (struct tm *);
-
asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val)
{
setup();
asn1_octet o;
long n = 0; /* initialize to keep gcc happy */
- int i;
+ unsigned int i;
tag(ASN1_INTEGER);
setup();
asn1_octet o;
unsigned long n;
- int i;
+ unsigned int i;
tag(ASN1_INTEGER);
asn1_error_code retval;
asn1_octet unused, o;
taginfo t;
- int i;
+ unsigned int i;
krb5_flags f=0;
unsigned int length;
asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, const krb5_octet *s)
{
asn1_error_code retval;
- int length;
+ unsigned int length;
retval = asn1buf_ensure_space(buf,len);
if(retval) return retval;
asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, const char *s)
{
asn1_error_code retval;
- int length;
+ unsigned int length;
retval = asn1buf_ensure_space(buf,len);
if(retval) return retval;
asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s)
{
- int i;
+ unsigned int i;
if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
if (len == 0) {
asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s)
{
- int i;
+ unsigned int i;
if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
if (len == 0) {
asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code)
{
- int i;
+ unsigned int i;
*code = (krb5_data*)calloc(1,sizeof(krb5_data));
if(*code == NULL) return ENOMEM;
(*code)->magic = KV5M_DATA;
strcpy(*s,"<EMPTY>");
}else{
unsigned int length = asn1buf_len(buf);
- int i;
+ unsigned int i;
*s = calloc(length+1, sizeof(char));
if(*s == NULL) return ENOMEM;
}
#undef asn1buf_free
-int asn1buf_free(const asn1buf *buf)
+unsigned int asn1buf_free(const asn1buf *buf)
{
if(buf == NULL || buf->base == NULL) return 0;
else return buf->bound - buf->next + 1;
? 0 \
: ((buf)->bound - (buf)->base + 1))
-int asn1buf_free
+unsigned int asn1buf_free
(const asn1buf *buf);
/* requires *buf is allocated
effects Returns the number of unused, allocated octets in *buf. */
#define asn1buf_free(buf) \
(((buf) == NULL || (buf)->base == NULL) \
- ? 0 \
- : ((buf)->bound - (buf)->next + 1))
+ ? 0U \
+ : (unsigned int)((buf)->bound - (buf)->next + 1))
asn1_error_code asn1buf_ensure_space
/* Decode the Principal's keys */
/************************************************************************/
-#define safe_syncbuf(outer,inner) \
+#define safe_syncbuf(outer,inner,buflen) \
if (! ((inner)->next == (inner)->bound + 1 && \
(inner)->next == (outer)->next + buflen)) \
cleanup (ASN1_BAD_LENGTH); \
ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
ret = asn1_decode_integer(&subbuf, val); checkerr;
- safe_syncbuf(&tmp, &subbuf);
+ safe_syncbuf(&tmp, &subbuf, buflen);
*buf = tmp;
last:
ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr;
- safe_syncbuf(&tmp, &subbuf);
+ safe_syncbuf(&tmp, &subbuf, buflen);
*buf = tmp;
last:
ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
ret = asn1_decode_octetstring (&subbuf, len, val); checkerr;
- safe_syncbuf(&tmp, &subbuf);
+ safe_syncbuf(&tmp, &subbuf, buflen);
*buf = tmp;
last:
static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
{
- int buflen, seqindef;
+ int full_buflen, seqindef;
unsigned int length;
asn1_error_code ret;
asn1buf subbuf;
key->key_data_contents[1] = NULL;
ret = asn1_get_sequence(buf, &length, &seqindef); checkerr;
- buflen = length;
+ full_buflen = length;
ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr;
asn1_get_tag_2(&subbuf, &t);
/* Salt */
if (t.tagnum == 0) {
- int buflen;
+ int salt_buflen;
asn1buf slt;
unsigned long keytype;
int keylen;
key->key_data_ver = 2;
asn1_get_sequence(&subbuf, &length, &seqindef);
- buflen = length;
+ salt_buflen = length;
asn1buf_imbed(&slt, &subbuf, length, seqindef);
ret = decode_tagged_integer (&slt, 0, &keytype);
&key->key_data_contents[1]); checkerr;
} else
keylen = 0;
- safe_syncbuf (&subbuf, &slt);
+ safe_syncbuf (&subbuf, &slt, salt_buflen);
key->key_data_length[1] = keylen; /* XXX range check?? */
ret = asn1_get_tag_2(&subbuf, &t); checkerr;
/* Key */
{
- int buflen;
+ int key_buflen;
asn1buf kbuf;
long lval;
int ival;
cleanup (ASN1_MISSING_FIELD);
ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
- buflen = length;
+ key_buflen = length;
ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr;
ret = decode_tagged_integer (&kbuf, 0, &lval);
&key->key_data_contents[0]); checkerr;
key->key_data_length[0] = ival; /* XXX range check? */
- safe_syncbuf (&subbuf, &kbuf);
+ safe_syncbuf (&subbuf, &kbuf, key_buflen);
}
- safe_syncbuf (buf, &subbuf);
+ safe_syncbuf (buf, &subbuf, full_buflen);
last:
if (ret != 0) {
/* Sequence of keys */
{
- int i, buflen;
+ int i, seq_buflen;
asn1buf keyseq;
if (t.tagnum != 4)
cleanup (ASN1_MISSING_FIELD);
ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
- buflen = length;
+ seq_buflen = length;
ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr;
for (i = 1, *out = NULL; ; i++) {
krb5_key_data *tmp;
if (asn1buf_remains(&keyseq, 0) == 0)
break; /* Not freeing the last key structure */
}
- safe_syncbuf (&subbuf, &keyseq);
+ safe_syncbuf (&subbuf, &keyseq, seq_buflen);
}
/*
/* This function tries to get tickets and put them in the specified
cache, however, if the cache does not exist, it may choose to put
them elsewhere (ie: the system default) so we set that here */
- char * ccdefname = krb5_cc_default_name (context);
+ const char * ccdefname = krb5_cc_default_name (context);
if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) {
krb5_cc_set_default_name (context, outCacheName);
}
krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS];
krb5_boolean old_use_conf_ktypes;
char **hrealms;
- int referral_count, i;
+ unsigned int referral_count, i;
/*
* Set up client and server pointers. Make a fresh and modifyable
SecIdentityRef idRef = NULL;
OSStatus ortn;
CFDictionaryRef theDict = NULL;
+ CFStringRef cfPrinc = NULL;
krb5_error_code ourRtn = 0;
if(principal == NULL) {
}
/* Entry in the dictionary for specified principal? */
- CFStringRef cfPrinc = CFStringCreateWithCString(NULL, principal,
- kCFStringEncodingASCII);
+ cfPrinc = CFStringCreateWithCString(NULL, principal,
+ kCFStringEncodingASCII);
issuerSerial = (CFDataRef)CFDictionaryGetValue(theDict, cfPrinc);
CFRelease(cfPrinc);
if(issuerSerial == NULL) {
krb5_ui_4 len;
krb5_int32 rtn = 0;
krb5_ui_4 dex;
+ uint8 *cp = NULL;
if((cdata->Length == 0) || (cdata->Data == NULL)) {
*i = 0;
return ASN1_BAD_LENGTH;
}
- uint8 *cp = cdata->Data;
+ cp = cdata->Data;
for(dex=0; dex<len; dex++) {
rtn = (rtn << 8) | *cp++;
}
krb5_timestamp kts,
char **str) /* mallocd and RETURNED */
{
+ char *outStr = NULL;
time_t gmt_time = kts;
struct tm *utc = gmtime(&gmt_time);
if (utc == NULL ||
utc->tm_min > 59 || utc->tm_sec > 59) {
return ASN1_BAD_GMTIME;
}
- char *outStr = (char *)malloc(16);
+ outStr = (char *)malloc(16);
if(outStr == NULL) {
return ENOMEM;
}
krb5_preauth_client_rock *get_data_rock,
krb5_gic_opt_ext *opte)
{
- int h, i, j, out_pa_list_size;
+ unsigned int h;
+ int i, j, out_pa_list_size;
int seen_etype_info2 = 0;
krb5_pa_data *out_pa = NULL, **out_pa_list = NULL;
krb5_data scratch;
size_t required;
krb5_octet *bp;
size_t remain;
- int i;
+ unsigned int i;
required = 0;
bp = *buffer;
krb5_int32 ibuf;
krb5_octet *bp;
size_t remain;
- int i;
+ unsigned int i;
bp = *buffer;
remain = *lenremain;
char *cachename = 0, *cachetype;
char tmp[4];
krb5_error_code retval;
- int p, i;
+ unsigned int p, i;
unsigned int len;
#ifdef HAVE_GETEUID
"%x %X", /* locale-dependent short format */
"%d/%m/%Y %R" /* dd/mm/yyyy hh:mm */
};
- static const int sftime_format_table_nents =
+ static const unsigned int sftime_format_table_nents =
sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
#ifdef HAVE_LOCALTIME_R
krb5_cccol_cursor_next
krb5_change_cache
krb5_change_password
-krb5_change_set_password
krb5_check_transited_list
krb5_chpw_result_code_string
krb5_clear_error_message
krb5_data ap_req;
};
-
/*
* Wrapper function for the two backends
*/
** if set_password_for is NULL, then a password change is performed,
** otherwise, the password is set for the principal indicated in set_password_for
*/
-krb5_error_code KRB5_CALLCONV
+static krb5_error_code KRB5_CALLCONV
krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
krb5_principal set_password_for,
int *result_code, krb5_data *result_code_string,
krb5_gen_replay_name(krb5_context context, const krb5_address *address, const char *uniq, char **string)
{
char * tmp;
- int i;
+ unsigned int i;
unsigned int len;
len = strlen(uniq) + (address->length * 2) + 1;
* Return the protocol addresses supported by this host.
* Exports from this file:
* krb5int_foreach_localaddr (does callbacks)
- * krb5int_local_addresses (includes krb5.conf extra_addresses)
- * krb5_os_localaddr (doesn't)
+ * krb5_os_localaddr (doesn't include krb5.conf extra_addresses)
*
* XNS support is untested, but "Should just work". (Hah!)
*/
return get_localaddrs(context, addr, 1);
}
+#if 0 /* not actually used anywhere currently */
krb5_error_code
krb5int_local_addresses(krb5_context context, krb5_address ***addr)
{
return get_localaddrs(context, addr, 0);
}
+#endif
static krb5_error_code
get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
e = 0;
while (selstate->nfds > 0) {
- int i;
+ unsigned int i;
e = krb5int_cm_call_select(selstate, seltemp, &selret);
if (e == EINTR)
return 0;
/* Got something on a socket, process it. */
- for (i = 0; i <= selstate->max && selret > 0 && i < n_conns; i++) {
+ for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) {
int ssflags;
if (conns[i].fd == INVALID_SOCKET)
int (*msg_handler)(krb5_context, const krb5_data *, void *),
void *msg_handler_data)
{
- int i, pass;
+ unsigned int i;
+ int pass;
int delay_this_pass = 2;
krb5_error_code retval;
struct conn_state *conns;
strerror(errno));
return KRB5_RC_IO_UNKNOWN;
}
- if (count != num)
+ if (count < 0 || (unsigned int)count != num)
return KRB5_RC_IO_EOF;
return 0;
}
#include <time.h>
#endif
+#include "k5-gmt_mktime.h"
+
/* take a struct tm, return seconds from GMT epoch */
/* like mktime, this ignores tm_wday and tm_yday. */
/* unlike mktime, this does not set them... it only passes a return value. */