Based on patch from lxs, with some changes:
authorKen Raeburn <raeburn@mit.edu>
Wed, 27 Aug 2008 16:36:00 +0000 (16:36 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 27 Aug 2008 16:36:00 +0000 (16:36 +0000)
Add several new gcc warning flags, used in the KfM build process.

Put declarations before code.

Fix a bunch of signed/unsigned type mixes, mostly by changing variable
types to unsigned int.

Fix constness in handling name of default ccache name.

Make sure functions get declared with prototypes:
krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt
krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get.

Don't shadow global names: stat accept index open encrypt.  Fix
variable shadowing in LDAP ASN.1 support.

Don't define unused krb5int_local_addresses.
Don't export internal krb5_change_set_password.
Fix error return indications from gssint_oid_to_mech.

Create and use k5-gmt_mktime.h to provide one global declaration of
krb5int_gmt_mktime, needed before we've generated krb5.h on some
platforms.

Not incorporated from initial patch: const changes in function
signatures.

ticket: 6096
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970

69 files changed:
src/aclocal.m4
src/include/k5-gmt_mktime.h [new file with mode: 0644]
src/include/k5-int.h
src/include/k5-thread.h
src/kim/lib/kim_preferences.c
src/kim/lib/mac/kim_os_string.c
src/lib/crypto/checksum_length.c
src/lib/crypto/cksumtype_to_string.c
src/lib/crypto/cksumtypes.c
src/lib/crypto/cksumtypes.h
src/lib/crypto/coll_proof_cksum.c
src/lib/crypto/des/f_parity.c
src/lib/crypto/des/string2key.c
src/lib/crypto/des/weak_key.c
src/lib/crypto/hash_provider/hash_crc32.c
src/lib/crypto/hash_provider/hash_md4.c
src/lib/crypto/hash_provider/hash_md5.c
src/lib/crypto/hash_provider/hash_sha1.c
src/lib/crypto/hmac.c
src/lib/crypto/keyed_cksum.c
src/lib/crypto/keyhash_provider/k5_md4des.c
src/lib/crypto/keyhash_provider/k5_md5des.c
src/lib/crypto/make_checksum.c
src/lib/crypto/pbkdf2.c
src/lib/crypto/sha1/shs.c
src/lib/crypto/string_to_cksumtype.c
src/lib/crypto/valid_cksumtype.c
src/lib/crypto/verify_checksum.c
src/lib/gssapi/generic/gssapiP_generic.h
src/lib/gssapi/generic/util_buffer.c
src/lib/gssapi/generic/util_errmap.c
src/lib/gssapi/gss_libinit.c
src/lib/gssapi/krb5/accept_sec_context.c
src/lib/gssapi/krb5/copy_ccache.c
src/lib/gssapi/krb5/import_sec_context.c
src/lib/gssapi/krb5/init_sec_context.c
src/lib/gssapi/krb5/inq_context.c
src/lib/gssapi/krb5/k5seal.c
src/lib/gssapi/krb5/krb5_gss_glue.c
src/lib/gssapi/krb5/set_allowable_enctypes.c
src/lib/gssapi/krb5/util_seed.c
src/lib/gssapi/mechglue/g_acquire_cred.c
src/lib/gssapi/mechglue/g_initialize.c
src/lib/gssapi/mechglue/g_inq_context.c
src/lib/gssapi/mechglue/g_rel_oid_set.c
src/lib/gssapi/mechglue/mglueP.h
src/lib/gssapi/mechglue/oid_ops.c
src/lib/gssapi/spnego/gssapiP_spnego.h
src/lib/gssapi/spnego/spnego_mech.c
src/lib/krb5/asn.1/asn1_decode.c
src/lib/krb5/asn.1/asn1_k_decode.c
src/lib/krb5/asn.1/asn1buf.c
src/lib/krb5/asn.1/asn1buf.h
src/lib/krb5/asn.1/ldap_key_seq.c
src/lib/krb5/ccache/ccdefault.c
src/lib/krb5/krb/gc_frm_kdc.c
src/lib/krb5/krb/pkinit_apple_cert_store.c
src/lib/krb5/krb/pkinit_apple_utils.c
src/lib/krb5/krb/preauth2.c
src/lib/krb5/krb/ser_ctx.c
src/lib/krb5/krb/srv_rcache.c
src/lib/krb5/krb/str_conv.c
src/lib/krb5/libkrb5.exports
src/lib/krb5/os/changepw.c
src/lib/krb5/os/gen_rname.c
src/lib/krb5/os/localaddr.c
src/lib/krb5/os/sendto_kdc.c
src/lib/krb5/rcache/rc_io.c
src/util/support/gmt_mktime.c

index eba19d51f10a642a17127c36a77390011acd69fa..d1e98522e3381e38f226d13f09a2a60602462220 100644 (file)
@@ -642,7 +642,7 @@ if test "$GCC" = yes ; then
     TRY_CC_FLAG(-Wno-format-zero-length)
     # Other flags here may not be supported on some versions of
     # gcc that people want to use.
-    for flag in overflow strict-overflow missing-format-attribute ; do
+    for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof ; do
       TRY_CC_FLAG(-W$flag)
     done
     #  old-style-definition? generates many, many warnings
diff --git a/src/include/k5-gmt_mktime.h b/src/include/k5-gmt_mktime.h
new file mode 100644 (file)
index 0000000..d9d1d1e
--- /dev/null
@@ -0,0 +1,51 @@
+/*
+ * include/k5-gmt_mktime.h
+ *
+ * Copyright 2008 Massachusetts Institute of Technology.
+ * All Rights Reserved.
+ *
+ * Export of this software from the United States of America may
+ *   require a specific license from the United States Government.
+ *   It is the responsibility of any person or organization contemplating
+ *   export to obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+ * distribute this software and its documentation for any purpose and
+ * without fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright notice and
+ * this permission notice appear in supporting documentation, and that
+ * the name of M.I.T. not be used in advertising or publicity pertaining
+ * to distribution of the software without specific, written prior
+ * permission. Furthermore if you modify this software you must label
+ * your software as modified software and not distribute it in such a
+ * fashion that it might be confused with the original M.I.T. software.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is" without express
+ * or implied warranty.
+ * 
+ *
+ * GMT struct tm conversion
+ *
+ * Because of ordering of things in the UNIX build, we can't just keep
+ * the declaration in k5-int.h and include it in
+ * util/support/gmt_mktime.c, since k5-int.h includes krb5.h which
+ * hasn't been built when gmt_mktime.c gets compiled.  Hence this
+ * silly little helper header.
+ */
+
+#ifndef K5_GMT_MKTIME_H
+#define K5_GMT_MKTIME_H
+
+#include "autoconf.h"
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+#else
+#include <time.h>
+#endif
+
+time_t krb5int_gmt_mktime (struct tm *);
+
+#endif /* K5_GMT_MKTIME_H */
index 8f9791bb90d94806d2590827d49fb2fdb1a33411..545bd983aec23468f6b91b60c740833f4dae97d4 100644 (file)
@@ -469,6 +469,8 @@ extern char *strdup (const char *);
 
 #include <stdio.h>
 
+#include "k5-gmt_mktime.h"
+
 struct addrlist;
 struct sendto_callback_info;
 
@@ -733,8 +735,6 @@ krb5_error_code krb5_crypto_us_timeofday
        (krb5_int32 *,
                krb5_int32 *);
 
-time_t krb5int_gmt_mktime (struct tm *);
-
 #endif /* KRB5_OLD_CRYPTO */
 
 /* this helper fct is in libkrb5, but it makes sense declared here. */
@@ -2195,6 +2195,13 @@ krb5_error_code krb5_decrypt_data
                krb5_pointer ivec, krb5_enc_data *data, 
                krb5_data *enc_data);
 
+krb5_error_code
+krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec,
+                   const krb5_data *input, krb5_data *output);
+krb5_error_code
+krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec,
+                   const krb5_data *input, krb5_data *output);
+
 struct _krb5_kt_ops;
 struct _krb5_kt {      /* should move into k5-int.h */
     krb5_magic magic;
index c70f634d4d0d8f18b3917e518fa9f906565a76de..0450eb277d46590a462e85cc0c69cb496c045fa4 100644 (file)
@@ -245,6 +245,12 @@ typedef k5_os_nothread_mutex k5_os_mutex;
    If we find a platform with non-functional stubs and no weak
    references, we may have to resort to some hack like dlsym on the
    symbol tables of the current process.  */
+extern int krb5int_pthread_loaded(void)
+#ifdef __GNUC__
+     /* We should always get the same answer for the life of the process.  */
+     __attribute__((const))
+#endif
+     ;
 #if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS)
 # pragma weak pthread_once
 # pragma weak pthread_mutex_lock
@@ -253,12 +259,6 @@ typedef k5_os_nothread_mutex k5_os_mutex;
 # pragma weak pthread_mutex_init
 # pragma weak pthread_self
 # pragma weak pthread_equal
-extern int krb5int_pthread_loaded(void)
-#ifdef __GNUC__
-     /* We should always get the same answer for the life of the process.  */
-     __attribute__((const))
-#endif
-     ;
 # define K5_PTHREADS_LOADED    (krb5int_pthread_loaded())
 # define USE_PTHREAD_LOCK_ONLY_IF_LOADED
 
index c2805fda00eb4659d26b32f16a7c534d636c769b..d8c2dee1acc03c3b8814bb066c50ca8489bbe73b 100644 (file)
@@ -289,12 +289,14 @@ kim_error kim_favorite_identities_remove_identity (kim_favorite_identities io_fa
             err = kim_identity_compare (in_identity, identity, &found);
             
             if (!err && found) {
+                kim_error terr = KIM_NO_ERROR;
                 kim_count new_count = io_favorite_identities->count - 1;
+                
                 memmove (&io_favorite_identities->identities[i], 
                          &io_favorite_identities->identities[i + 1],
                          (new_count - i) * sizeof (*io_favorite_identities->identities));
                 
-                kim_error terr = kim_favorite_identities_resize (io_favorite_identities, new_count);
+                terr = kim_favorite_identities_resize (io_favorite_identities, new_count);
                 if (terr) {
                     kim_debug_printf ("failed to resize list to %d.  Continuing.", new_count);
                 }
index d2f2032ff5dc0157ec35bbd4b95d269ddcd5b1bf..e070bed460f8de5a9dc5303fec6e0df2dc7ae2c5 100644 (file)
@@ -35,12 +35,13 @@ CFStringEncoding kim_os_string_get_encoding (void)
 {
     typedef TextEncoding (*GetApplicationTextEncodingProcPtr) (void);
     GetApplicationTextEncodingProcPtr GetApplicationTextEncodingPtr = NULL;
+    CFBundleRef carbonBundle = NULL;
     
     if (kim_os_library_caller_is_server ()) {
         return kCFStringEncodingUTF8;  /* server only does UTF8 */
     }
     
-    CFBundleRef carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon"));
+    carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon"));
     if (carbonBundle != NULL && CFBundleIsExecutableLoaded (carbonBundle)) {
         GetApplicationTextEncodingPtr = (GetApplicationTextEncodingProcPtr) CFBundleGetFunctionPointerForName (carbonBundle,
                                                                                                                CFSTR ("GetApplicationTextEncoding"));
index 16177be09fb9701c6a192162d75d465e7f821955..28846a67165d94a6ef26831154b749f2b7987401 100644 (file)
@@ -31,7 +31,7 @@ krb5_error_code KRB5_CALLCONV
 krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype,
                       size_t *length)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == cksumtype)
index b0ac516e20e6c6f6d8ab6aa74a73d1dec6966e74..54a0f3aec519f9f63c57760294103958a92efbe4 100644 (file)
@@ -30,7 +30,7 @@
 krb5_error_code KRB5_CALLCONV
 krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == cksumtype) {
index ae7ed5f8740f7bc8bfaf82429f2c1c7ba69be469..f30d1b034cba9eaaca0d04a77278c20291bd629f 100644 (file)
@@ -94,5 +94,5 @@ const struct krb5_cksumtypes krb5_cksumtypes_list[] = {
       &krb5int_hash_sha1, 12 },
 };
 
-const int krb5_cksumtypes_length =
+const unsigned int krb5_cksumtypes_length =
 sizeof(krb5_cksumtypes_list)/sizeof(struct krb5_cksumtypes);
index dae70c8f211f08626576a72ee1e7f5dbe37d9cdf..ef23169fab1f3e32df9622b9edf15b65e86dcb99 100644 (file)
@@ -27,4 +27,4 @@
 #include "k5-int.h"
 
 extern const struct krb5_cksumtypes krb5_cksumtypes_list[];
-extern const int krb5_cksumtypes_length;
+extern const unsigned int krb5_cksumtypes_length;
index 5c3ea48d34cc1add589d42e03f155cd1fa591507..85fb57b9b2d12af6fe79b718bd72904d7c83f340 100644 (file)
@@ -30,7 +30,7 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == ctype)
index 26cf6039b4280aec3d764e8fb57010801ebfba00..4263863032566919867036b1083a9e196a03eb91 100644 (file)
@@ -23,7 +23,7 @@
 void
 mit_des_fixup_key_parity(mit_des_cblock key)
 {
-    int i;
+    unsigned int i;
     for (i=0; i<sizeof(mit_des_cblock); i++) 
       {
        key[i] &= 0xfe;
@@ -41,7 +41,7 @@ mit_des_fixup_key_parity(mit_des_cblock key)
 int
 mit_des_check_key_parity(mit_des_cblock key)
 {
-    int i;
+    unsigned int i;
     
     for (i=0; i<sizeof(mit_des_cblock); i++) 
       {
index 016ae3e201be140e7f093584e125353519809cd0..0ce41368566dc4b591717d70fa36ca08b99da70d 100644 (file)
@@ -40,7 +40,7 @@ mit_des_string_to_key_int (krb5_keyblock *key,
        krb5_ui_4 ui[4];
        mit_des_cblock cb;
     } temp;
-    int i;
+    unsigned int i;
     krb5_ui_4 x, y, z;
     unsigned char *p;
     des_key_schedule sched;
index 005b163874d0d2c442733fcacdd1c8938def85cd..2eab9f5438e163c8e5db6e858e5a6fcd0b474727 100644 (file)
@@ -73,7 +73,7 @@ static const mit_des_cblock weak[16] = {
 int
 mit_des_is_weak_key(mit_des_cblock key)
 {
-    int i;
+    unsigned int i;
     const mit_des_cblock *weak_p = weak;
 
     for (i = 0; i < (sizeof(weak)/sizeof(mit_des_cblock)); i++) {
index b48b3b3634cc2883acddf0705e79837f7d1dc82a..1df182c4933324b999448e990f860f8944424d7c 100644 (file)
@@ -33,7 +33,7 @@ k5_crc32_hash(unsigned int icount, const krb5_data *input,
              krb5_data *output)
 {
     unsigned long c, cn;
-    int i;
+    unsigned int i;
     
     if (output->length != CRC32_CKSUM_LENGTH)
        return(KRB5_CRYPTO_INTERNAL);
index 97487923b2936608ca8d44d833d6a20f0ba74b57..1fa23c214e56c2528a71b649bad5dfe6eee9bf1f 100644 (file)
@@ -33,7 +33,7 @@ k5_md4_hash(unsigned int icount, const krb5_data *input,
            krb5_data *output)
 {
     krb5_MD4_CTX ctx;
-    int i;
+    unsigned int i;
 
     if (output->length != RSA_MD4_CKSUM_LENGTH)
        return(KRB5_CRYPTO_INTERNAL);
index 408729337612aa98c61453f39de73f9498d16768..174c432a40df25c913958ade69354931b83f8a2a 100644 (file)
@@ -33,7 +33,7 @@ k5_md5_hash(unsigned int icount, const krb5_data *input,
            krb5_data *output)
 {
     krb5_MD5_CTX ctx;
-    int i;
+    unsigned int i;
 
     if (output->length != RSA_MD5_CKSUM_LENGTH)
        return(KRB5_CRYPTO_INTERNAL);
index 5fbea6a9cc792f0e84777c52ab8c3ba59e3a9f99..cdb309867a2f3da6da932de27d8fa90f7b452a46 100644 (file)
@@ -33,7 +33,7 @@ k5_sha1_hash(unsigned int icount, const krb5_data *input,
             krb5_data *output)
 {
     SHS_INFO ctx;
-    int i;
+    unsigned int i;
 
     if (output->length != SHS_DIGESTSIZE)
        return(KRB5_CRYPTO_INTERNAL);
index cc46374c5299e1a643d9644c3cabbaea6507ea22..3c027264557db015638ac268aec3b0042db08320 100644 (file)
@@ -44,7 +44,7 @@ krb5_hmac(const struct krb5_hash_provider *hash, const krb5_keyblock *key,
 {
     size_t hashsize, blocksize;
     unsigned char *xorkey, *ihash;
-    int i;
+    unsigned int i;
     krb5_data *hashin, hashout;
     krb5_error_code ret;
 
index 4d50c2c4aefb180429788dec5fd917f44c667c64..023d8c6a5d2b84aa9f6bdd2a2399fb811b9a83b1 100644 (file)
@@ -30,7 +30,7 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_is_keyed_cksum(krb5_cksumtype ctype)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == ctype) {
index dc1026f23e9c6b63f2ffcbf1a0460cc590f9b2ae..9f19f4f9682bcbfe0ec599a1d2f7772e229ebe9c 100644 (file)
@@ -48,7 +48,7 @@ k5_md4des_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i
     krb5_MD4_CTX ctx;
     unsigned char conf[CONFLENGTH];
     unsigned char xorkey[8];
-    int i;
+    unsigned int i;
     mit_des_key_schedule schedule;
 
     if (key->length != 8)
@@ -111,7 +111,7 @@ k5_md4des_verify(const krb5_keyblock *key, krb5_keyusage usage,
     krb5_MD4_CTX ctx;
     unsigned char plaintext[CONFLENGTH+RSA_MD4_CKSUM_LENGTH];
     unsigned char xorkey[8];
-    int i;
+    unsigned int i;
     mit_des_key_schedule schedule;
     int compathash = 0;
 
index 6180bbca6f268f332978f32755a9642de2afa4cb..e70965b79103a181f45bc4c6909eba34ebb370a2 100644 (file)
@@ -48,7 +48,7 @@ k5_md5des_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i
     krb5_MD5_CTX ctx;
     unsigned char conf[CONFLENGTH];
     unsigned char xorkey[8];
-    int i;
+    unsigned int i;
     mit_des_key_schedule schedule;
 
     if (key->length != 8)
@@ -110,7 +110,7 @@ k5_md5des_verify(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data
     krb5_MD5_CTX ctx;
     unsigned char plaintext[CONFLENGTH+RSA_MD5_CKSUM_LENGTH];
     unsigned char xorkey[8];
-    int i;
+    unsigned int i;
     mit_des_key_schedule schedule;
     int compathash = 0;
 
index 4a2f00072af6bd69c8f8aa153ec806f923d99660..c729c1d23e372a1bd98c538bc30ebcc7e6de8422 100644 (file)
@@ -34,7 +34,8 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype,
                     const krb5_keyblock *key, krb5_keyusage usage,
                     const krb5_data *input, krb5_checksum *cksum)
 {
-    int i, e1, e2;
+    unsigned int i;
+    int e1, e2;
     krb5_data data;
     krb5_error_code ret;
     size_t cksumlen;
index 5b3286ef25574ced086f498b75e7c557f7471fd5..d897e9a7181987cb40411fb521df733d615142f4 100644 (file)
@@ -42,7 +42,7 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *,
 static int debug_hmac = 0;
 
 static void printd (const char *descr, krb5_data *d) {
-    int i, j;
+    unsigned int i, j;
     const int r = 16;
 
     printf("%s:", descr);
@@ -77,7 +77,7 @@ F(char *output, char *u_tmp1, char *u_tmp2,
 {
     unsigned char ibytes[4];
     size_t tlen;
-    int j, k;
+    unsigned int j, k;
     krb5_keyblock pdata;
     krb5_data sdata;
     krb5_data out;
index 61f5d2f733285908010b9ae18ff7fdefeb8cbb9f..d9372df39607f6daf4e36064d5924223a32de02c 100644 (file)
@@ -243,7 +243,8 @@ void SHSTransform(SHS_LONG *digest, const SHS_LONG *data)
 void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
 {
     SHS_LONG tmp;
-    int dataCount, canfill;
+    unsigned int dataCount;
+    int canfill;
     SHS_LONG *lp;
 
     /* Update bitcount */
@@ -254,7 +255,7 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count)
     shsInfo->countHi += count >> 29;
 
     /* Get count of bytes already in data */
-    dataCount = (int) (tmp >> 3) & 0x3F;
+    dataCount = (tmp >> 3) & 0x3F;
 
     /* Handle any leading odd-sized chunks */
     if (dataCount) {
index 710f26160f2d4f2c421fe802567ad529428bf005..a7968514571e3e2788bdf2b7f6339e5b1175d093 100644 (file)
@@ -30,7 +30,7 @@
 krb5_error_code KRB5_CALLCONV
 krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (strcasecmp(krb5_cksumtypes_list[i].in_string, string) == 0) {
index bc34c0b957bdf11126f9bee8a58010a573f93538..8fd9effc9f402da87ac3a054a3b52d36075f8a17 100644 (file)
@@ -30,7 +30,7 @@
 krb5_boolean KRB5_CALLCONV
 krb5_c_valid_cksumtype(krb5_cksumtype ctype)
 {
-    int i;
+    unsigned int i;
 
     for (i=0; i<krb5_cksumtypes_length; i++) {
        if (krb5_cksumtypes_list[i].ctype == ctype)
index 30c9c07c0f535e57f50e13b096d2d01f5a5efbbf..f531ee16392fe0ecbcb88a4333ce9c45570b95f1 100644 (file)
@@ -32,7 +32,7 @@ krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key,
                       krb5_keyusage usage, const krb5_data *data,
                       const krb5_checksum *cksum, krb5_boolean *valid)
 {
-    int i;
+    unsigned int i;
     size_t hashsize;
     krb5_error_code ret;
     krb5_data indata;
index 1ec5417ba8b7c705ad7ec0013ec42c005cefb6cd..c4a030d186df310a52f758b4947e7a50b72dca1a 100644 (file)
@@ -255,6 +255,8 @@ OM_uint32 generic_gss_str_to_oid
            gss_OID *           /* oid */
           );
 
+int gssint_mecherrmap_init(void);
+void gssint_mecherrmap_destroy(void);
 OM_uint32 gssint_mecherrmap_map(OM_uint32 minor, const gss_OID_desc *oid);
 int gssint_mecherrmap_get(OM_uint32 minor, gss_OID mech_oid,
                          OM_uint32 *mech_minor);
index 9b814b00a167a280d869eb55467ca266eff221be..1ce9f89471ff21922e6826abf673b0a3cc4f1912 100644 (file)
@@ -31,9 +31,7 @@
    make sure that buffer is consistent (release'able) when this
    function exits, no matter what the exit value */
 
-int g_make_string_buffer(str, buffer)
-     const char *str;
-     gss_buffer_t buffer;
+int g_make_string_buffer(const char *str, gss_buffer_t buffer)
 {
    buffer->length = strlen(str);
 
index 4142c3c06b1c565bc73f1468bb8b477774201822..9e2f7e9b3dfe8264c9948e4b49cc3cd9f8b0e58a 100644 (file)
@@ -102,7 +102,7 @@ mecherror_print(struct mecherror value, FILE *f)
        { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" },
        { "{ 1 3 6 1 5 5 2 }", "spnego" },
     };
-    int i;
+    unsigned int i;
 
     fprintf(f, "%lu@", (unsigned long) value.code);
 
index 4c1755fd26361ddf01f50653062585e0262726ab..3c26c98cd691d637f8cf5e5aa19afca959f269ef 100644 (file)
@@ -3,6 +3,7 @@
 #include "gssapi_err_generic.h"
 #include "gssapi_err_krb5.h"
 #include "gssapiP_krb5.h"
+#include "gssapiP_generic.h"
 
 #include "gss_libinit.h"
 #include "k5-platform.h"
index 6b3e0bf0eaad0d6e461ac269dda2b92fb15bfe53..3ae460e1fbd789d5232a54bbc6b77f751d576930 100644 (file)
@@ -236,7 +236,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
    int bigend;
    krb5_gss_cred_id_t cred = 0;
    krb5_data ap_rep, ap_req;
-   int i;
+   unsigned int i;
    krb5_error_code code;
    krb5_address addr, *paddr;
    krb5_authenticator *authdat = 0;
index 8ade9c5da85e015460fa1404948dc18089cc76cf..8553d92dba891340c4bb98ad609cd100fecfb02e 100644 (file)
@@ -6,7 +6,7 @@ gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache)
      gss_cred_id_t cred_handle;
      krb5_ccache out_ccache;
 {
-   OM_uint32 stat;
+   OM_uint32 major_status;
    krb5_gss_cred_id_t k5creds;
    krb5_cc_cursor cursor;
    krb5_creds creds;
@@ -14,9 +14,9 @@ gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache)
    krb5_context context;
 
    /* validate the cred handle */
-   stat = krb5_gss_validate_cred(minor_status, cred_handle);
-   if (stat)
-       return(stat);
+   major_status = krb5_gss_validate_cred(minor_status, cred_handle);
+   if (major_status)
+       return(major_status);
    
    k5creds = (krb5_gss_cred_id_t) cred_handle;
    code = k5_mutex_lock(&k5creds->lock);
index 2e73b9f521247324474210c7416caaa9d146d819..b0d71c883ff958e9eec378549972fdcd1c29f6ce 100644 (file)
@@ -60,7 +60,7 @@ krb5_gss_ser_init (krb5_context context)
        krb5_ser_context_init, krb5_ser_auth_context_init,
        krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init,
     };
-    int i;
+    unsigned int i;
 
     for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++)
        if ((code = (fns[i])(context)) != 0)
index ce4b5d78d64cbee211cd9c2089266aa410429dd2..3e3f0192abdfb6e5db14d116eeb465d02bb17093 100644 (file)
@@ -359,7 +359,7 @@ setup_enc(
    krb5_context context)
 {
    krb5_error_code code;
-   int i;
+   unsigned int i;
    krb5int_access kaccess;
 
    code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION);
index 8f46a95ad89839698e9f916af7f3268c8bc86ddf..ab9d81a4fc013e3a3e63b0808f1836874cb9f6f8 100644 (file)
@@ -25,7 +25,7 @@
 OM_uint32
 krb5_gss_inquire_context(minor_status, context_handle, initiator_name, 
                         acceptor_name, lifetime_rec, mech_type, ret_flags,
-                        locally_initiated, open)
+                        locally_initiated, opened)
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
      gss_name_t *initiator_name;
@@ -34,12 +34,12 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
      gss_OID *mech_type;
      OM_uint32 *ret_flags;
      int *locally_initiated;
-     int *open;
+     int *opened;
 {
    krb5_context context;
    krb5_error_code code;
    krb5_gss_ctx_id_rec *ctx;
-   krb5_principal init, accept;
+   krb5_principal initiator, acceptor;
    krb5_timestamp now;
    krb5_deltat lifetime;
 
@@ -61,8 +61,8 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
       return(GSS_S_NO_CONTEXT);
    }
 
-   init = NULL;
-   accept = NULL;
+   initiator = NULL;
+   acceptor = NULL;
    context = ctx->k5_context;
 
    if ((code = krb5_timeofday(context, &now))) {
@@ -77,13 +77,13 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
    if (initiator_name) {
       if ((code = krb5_copy_principal(context, 
                                      ctx->initiate?ctx->here:ctx->there,
-                                     &init))) {
+                                     &initiator))) {
         *minor_status = code;
         save_error_info(*minor_status, context);
         return(GSS_S_FAILURE);
       }
-      if (! kg_save_name((gss_name_t) init)) {
-        krb5_free_principal(context, init);
+      if (! kg_save_name((gss_name_t) initiator)) {
+        krb5_free_principal(context, initiator);
         *minor_status = (OM_uint32) G_VALIDATE_FAILED;
         return(GSS_S_FAILURE);
       }
@@ -92,17 +92,17 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
    if (acceptor_name) {
       if ((code = krb5_copy_principal(context, 
                                      ctx->initiate?ctx->there:ctx->here,
-                                     &accept))) {
-        if (init) krb5_free_principal(context, init);
+                                     &acceptor))) {
+        if (initiator) krb5_free_principal(context, initiator);
         *minor_status = code;
         save_error_info(*minor_status, context);
         return(GSS_S_FAILURE);
       }
-      if (! kg_save_name((gss_name_t) accept)) {
-        krb5_free_principal(context, accept);
-        if (init) {
-           kg_delete_name((gss_name_t) init);
-           krb5_free_principal(context, init);
+      if (! kg_save_name((gss_name_t) acceptor)) {
+        krb5_free_principal(context, acceptor);
+        if (initiator) {
+           kg_delete_name((gss_name_t) initiator);
+           krb5_free_principal(context, initiator);
         }
         *minor_status = (OM_uint32) G_VALIDATE_FAILED;
         return(GSS_S_FAILURE);
@@ -110,10 +110,10 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
    }
 
    if (initiator_name)
-      *initiator_name = (gss_name_t) init;
+      *initiator_name = (gss_name_t) initiator;
 
    if (acceptor_name)
-      *acceptor_name = (gss_name_t) accept;
+      *acceptor_name = (gss_name_t) acceptor;
 
    if (lifetime_rec)
       *lifetime_rec = lifetime;
@@ -127,8 +127,8 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name,
    if (locally_initiated)
       *locally_initiated = ctx->initiate;
 
-   if (open)
-      *open = ctx->established;
+   if (opened)
+      *opened = ctx->established;
 
    *minor_status = 0;
    return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE);
index edd3319e88859a8a516c0b64875857949ab2c599..e019e1b13f57d6453a123c5dd02178589e9b7cd6 100644 (file)
@@ -61,7 +61,7 @@ make_seal_token_v1 (krb5_context context,
                    int signalg,
                    size_t cksum_size,
                    int sealalg,
-                   int encrypt,
+                   int do_encrypt,
                    int toktype,
                    int bigend,
                    gss_OID oid)
@@ -85,10 +85,10 @@ make_seal_token_v1 (krb5_context context,
     krb5_keyusage sign_usage = KG_USAGE_SIGN;
 
 
-    assert((!encrypt) || (toktype == KG_TOK_SEAL_MSG));
+    assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG));
     /* create the token buffer */
     /* Do we need confounder? */
-    if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
+    if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
       conflen = kg_confounder_size(context, enc);
     else conflen = 0;
 
@@ -124,7 +124,7 @@ make_seal_token_v1 (krb5_context context,
     ptr[1] = (signalg >> 8) & 0xff;
 
     /* 2..3 SEAL_ALG or Filler */
-    if ((toktype == KG_TOK_SEAL_MSG) && encrypt) {
+    if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) {
       ptr[2] = sealalg & 0xff;
       ptr[3] = (sealalg >> 8) & 0xff;
     } else {
@@ -252,7 +252,7 @@ make_seal_token_v1 (krb5_context context,
       return(code);
     }
 
-    if (encrypt) {
+    if (do_encrypt) {
       switch(sealalg) {
       case SEAL_ALG_MICROSOFT_RC4:
        {
index 3b2054bd6b7103d519682f9e36aa1d9dcf296c8f..2bdac009f4f921eb052a27904c42bd7030510163 100644 (file)
@@ -439,9 +439,7 @@ static gss_mechanism krb5_mech_configs_hack[] = {
 };
 #endif
 
-#if 1
 #define gssint_get_mech_configs krb5_gss_get_mech_configs
-#endif
 
 gss_mechanism *
 gssint_get_mech_configs(void)
@@ -729,7 +727,7 @@ k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle,
 static OM_uint32
 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name,
                    lifetime_rec, mech_type, ret_flags,
-                   locally_initiated, open)
+                   locally_initiated, opened)
     void *ctx;
      OM_uint32 *minor_status;
      gss_ctx_id_t context_handle;
@@ -739,12 +737,12 @@ k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, accept
      gss_OID *mech_type;
      OM_uint32 *ret_flags;
      int *locally_initiated;
-     int *open;
+     int *opened;
 {
    return(krb5_gss_inquire_context(minor_status, context_handle,
                                   initiator_name, acceptor_name, lifetime_rec,
                                   mech_type, ret_flags, locally_initiated,
-                                  open));
+                                  opened));
 }
 
 static OM_uint32
index f573d7dfcc54c1353b15e3a34163a6b8a7cc63b4..396a6f645880dff8fff9f2f8173b4966aaa41fff 100644 (file)
@@ -64,7 +64,7 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status,
                                   OM_uint32 num_ktypes,
                                   krb5_enctype *ktypes)
 {
-    int i;
+    unsigned int i;
     krb5_enctype * new_ktypes;
     OM_uint32 major_status;
     krb5_gss_cred_id_t cred;
index 9d39e493708981fd6c4e9a11145911dfeab00b38..06a5c2aa9b2284deb2363ecc2c20146d4c947213 100644 (file)
@@ -35,7 +35,7 @@ kg_make_seed(context, key, seed)
 {
    krb5_error_code code;
    krb5_keyblock *tmpkey;
-   int i;
+   unsigned int i;
 
    code = krb5_copy_keyblock(context, key, &tmpkey);
    if (code)
index fbe66681f4b6c0e9a6c34cbaf912ca0a7f6bb3e4..f2e8cd1b78a39fa17d9f82953dd1e66354d9e402 100644 (file)
@@ -145,7 +145,7 @@ OM_uint32 *         time_rec;
     gss_OID_set mechs;
     gss_OID_desc default_OID;
     gss_mechanism mech;
-    int i;
+    unsigned int i;
     gss_union_cred_t creds;
 
     major = val_acq_cred_args(minor_status,
index 518eeede4fa6da9b940954388db328d7a0685928..f2f12266beb3819d2169ad796dbf137666352cd9 100644 (file)
@@ -146,7 +146,7 @@ gss_indicate_mechs(minorStatus, mechSet)
 OM_uint32 *minorStatus;
 gss_OID_set *mechSet;
 {
-       int i, j;
+       unsigned int i, j;
        gss_OID curItem;
 
        /* Initialize outputs. */
@@ -232,7 +232,7 @@ gss_OID_set *mechSet;
 static void
 free_mechSet(void)
 {
-       int i;
+       unsigned int i;
 
        if (g_mechSet.count != 0) {
                for (i = 0; i < g_mechSet.count; i++)
@@ -415,7 +415,7 @@ gssint_oid_to_mech(const gss_OID oid)
 
        /* ensure we have fresh data */
        if (k5_mutex_lock(&g_mechListLock) != 0)
-               return GSS_S_FAILURE;
+               return NULL;
        updateMechList();
        aMech = searchMechList(oid);
        (void) k5_mutex_unlock(&g_mechListLock);
@@ -539,8 +539,6 @@ register_mech(gss_mechanism mech, const char *namestr, void *dl_handle)
 static void
 init_hardcoded(void)
 {
-       extern gss_mechanism *krb5_gss_get_mech_configs(void);
-       extern gss_mechanism *spnego_gss_get_mech_configs(void);
        gss_mechanism *cflist;
        static int inited;
 
@@ -579,7 +577,7 @@ gssint_get_mechanism(gss_OID oid)
                return NULL;
 
        if (k5_mutex_lock(&g_mechListLock) != 0)
-               return GSS_S_FAILURE;
+               return NULL;
        /* check if the mechanism is already loaded */
        if ((aMech = searchMechList(oid)) != NULL && aMech->mech) {
                (void) k5_mutex_unlock(&g_mechListLock);
index a473834d51ffeccaf9bdba898c9fbbf8e3fa7087..201c8bb4a7fb6fae230ffe226a3b8354213d11fe 100644 (file)
@@ -41,7 +41,7 @@ val_inq_ctx_args(
     gss_OID *mech_type,
     OM_uint32 *ctx_flags,
     int *locally_initiated,
-    int *open)
+    int *opened)
 {
 
     /* Initialize outputs. */
@@ -73,27 +73,15 @@ val_inq_ctx_args(
 /* Last argument new for V2 */
 OM_uint32 KRB5_CALLCONV
 gss_inquire_context(
-           minor_status,
-           context_handle,
-           src_name,
-           targ_name,
-           lifetime_rec,
-           mech_type,
-           ctx_flags,
-           locally_initiated,
-           open)
-
-OM_uint32 *    minor_status;
-gss_ctx_id_t   context_handle;
-gss_name_t *   src_name;
-gss_name_t *   targ_name;
-OM_uint32 *    lifetime_rec;
-gss_OID *      mech_type;
-OM_uint32 *    ctx_flags;
-int *           locally_initiated;
-int *          open;
-
-
+           OM_uint32 *minor_status,
+           gss_ctx_id_t context_handle,
+           gss_name_t *src_name,
+           gss_name_t *targ_name,
+           OM_uint32 *lifetime_rec,
+           gss_OID *mech_type,
+           OM_uint32 *ctx_flags,
+           int *locally_initiated,
+           int *opened)
 {
     gss_union_ctx_id_t ctx;
     gss_mechanism      mech;
@@ -105,7 +93,7 @@ int *                open;
                              src_name, targ_name,
                              lifetime_rec,
                              mech_type, ctx_flags,
-                             locally_initiated, open);
+                             locally_initiated, opened);
     if (status != GSS_S_COMPLETE)
        return (status);
 
@@ -132,7 +120,7 @@ int *               open;
                        NULL,
                        ctx_flags,
                        locally_initiated,
-                       open);
+                       opened);
 
     if (status != GSS_S_COMPLETE) {
        map_error(minor_status, mech);
index f712a891a13298c0f168eb7d697b4c320564fe4e..f55c907ec460cd6bf196d213e5dc9f06f37b1c34 100644 (file)
@@ -39,19 +39,19 @@ gss_release_oid_set (minor_status,
 OM_uint32 *            minor_status;
 gss_OID_set *          set;
 {
-    OM_uint32 index;
+    OM_uint32 i;
     gss_OID oid;
     if (minor_status)
        *minor_status = 0;
 
-    if (set ==NULL)
+    if (set == NULL)
        return GSS_S_COMPLETE;
 
     if (*set == GSS_C_NULL_OID_SET)
        return(GSS_S_COMPLETE);
 
-    for (index=0; index<(*set)->count; index++) {
-      oid = &(*set)->elements[index];
+    for (i=0; i<(*set)->count; i++) {
+      oid = &(*set)->elements[i];
       free(oid->elements);
     }
     free((*set)->elements);
index a2470fb9eb12a5f5f54436247f3a6693cd6eadc1..1f14ee2178aec54ee8f2420d7d2fe6cff6f0f1da 100644 (file)
@@ -390,6 +390,11 @@ typedef struct gss_mech_config {
        struct gss_mech_config *next;   /* next element in the list */
 } *gss_mech_info;
 
+/* Mechanisms defined within our library */
+
+extern gss_mechanism *krb5_gss_get_mech_configs(void);
+extern gss_mechanism *spnego_gss_get_mech_configs(void);
+
 /********************************************************/
 /* Internal mechglue routines */
 
index 4a79028e0749cfee57f935615f1f07aac236c9a6..11a5099847e616c90085bc9969c62ab9573029bf 100644 (file)
@@ -310,7 +310,7 @@ generic_gss_str_to_oid(minor_status, oid_str, oid)
     long       numbuf;
     long       onumbuf;
     OM_uint32  nbytes;
-    int                index;
+    int                i;
     unsigned char *op;
 
     if (minor_status != NULL)
@@ -412,12 +412,12 @@ generic_gss_str_to_oid(minor_status, oid_str, oid)
                }
                numbuf = onumbuf;
                op += nbytes;
-               index = -1;
+               i = -1;
                while (numbuf) {
-                   op[index] = (unsigned char) numbuf & 0x7f;
-                   if (index != -1)
-                       op[index] |= 0x80;
-                   index--;
+                   op[i] = (unsigned char) numbuf & 0x7f;
+                   if (i != -1)
+                       op[i] |= 0x80;
+                   i--;
                    numbuf >>= 7;
                }
                while (isdigit(*bp))
@@ -466,7 +466,7 @@ gssint_copy_oid_set(
     gss_OID_set_desc *copy;
     OM_uint32 minor = 0;
     OM_uint32 major = GSS_S_COMPLETE;
-    OM_uint32 index;
+    OM_uint32 i;
 
     if (minor_status != NULL)
        *minor_status = 0;
@@ -492,9 +492,9 @@ gssint_copy_oid_set(
     }
     copy->count = oidset->count;
 
-    for (index = 0; index < copy->count; index++) {
-       gss_OID_desc *out = &copy->elements[index];
-       gss_OID_desc *in = &oidset->elements[index];
+    for (i = 0; i < copy->count; i++) {
+       gss_OID_desc *out = &copy->elements[i];
+       gss_OID_desc *in = &oidset->elements[i];
 
        if ((out->elements = (void *) malloc(in->length)) == NULL) {
            major = GSS_S_FAILURE;
index 717181c6b2d1987390e2c265b86e7d042d5d4dca..6d7d4c40c92ed43a5bf20260b8ba5b873c44803e 100644 (file)
@@ -307,7 +307,7 @@ OM_uint32 spnego_gss_inquire_context
        gss_OID         *mech_type,
        OM_uint32       *ctx_flags,
        int             *locally_initiated,
-       int             *open
+       int             *opened
 );
 
 OM_uint32 spnego_gss_wrap_size_limit
index 775306f0bec7dff4e75e48c801eef970e9909f75..b0dc70b2c605466b4ee6631fcce52911020d6477 100644 (file)
@@ -205,9 +205,7 @@ static gss_mechanism spnego_mech_configs[] = {
        &spnego_mechanism, NULL
 };
 
-#if 1
 #define gssint_get_mech_configs spnego_gss_get_mech_configs
-#endif
 
 gss_mechanism *
 gssint_get_mech_configs(void)
@@ -1580,7 +1578,7 @@ spnego_gss_inquire_context(void *context,
                        gss_OID         *mech_type,
                        OM_uint32       *ctx_flags,
                        int             *locally_initiated,
-                       int             *open)
+                       int             *opened)
 {
        OM_uint32 ret = GSS_S_COMPLETE;
 
@@ -1592,7 +1590,7 @@ spnego_gss_inquire_context(void *context,
                                mech_type,
                                ctx_flags,
                                locally_initiated,
-                               open);
+                               opened);
 
        return (ret);
 }
@@ -1696,35 +1694,35 @@ get_available_mechs(OM_uint32 *minor_status,
        gss_name_t name, gss_cred_usage_t usage,
        gss_cred_id_t *creds, gss_OID_set *rmechs)
 {
-       int             i;
+       unsigned int    i;
        int             found = 0;
-       OM_uint32 stat = GSS_S_COMPLETE, tmpmin;
+       OM_uint32 major_status = GSS_S_COMPLETE, tmpmin;
        gss_OID_set mechs, goodmechs;
 
-       stat = gss_indicate_mechs(minor_status, &mechs);
+       major_status = gss_indicate_mechs(minor_status, &mechs);
 
-       if (stat != GSS_S_COMPLETE) {
-               return (stat);
+       if (major_status != GSS_S_COMPLETE) {
+               return (major_status);
        }
 
-       stat = gss_create_empty_oid_set(minor_status, rmechs);
+       major_status = gss_create_empty_oid_set(minor_status, rmechs);
 
-       if (stat != GSS_S_COMPLETE) {
+       if (major_status != GSS_S_COMPLETE) {
                (void) gss_release_oid_set(minor_status, &mechs);
-               return (stat);
+               return (major_status);
        }
 
-       for (i = 0; i < mechs->count && stat == GSS_S_COMPLETE; i++) {
+       for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) {
                if ((mechs->elements[i].length
                    != spnego_mechanism.mech_type.length) ||
                    memcmp(mechs->elements[i].elements,
                        spnego_mechanism.mech_type.elements,
                        spnego_mechanism.mech_type.length)) {
 
-                       stat = gss_add_oid_set_member(minor_status,
-                                           &mechs->elements[i],
-                                           rmechs);
-                       if (stat == GSS_S_COMPLETE)
+                       major_status = gss_add_oid_set_member(minor_status,
+                                                             &mechs->elements[i],
+                                                             rmechs);
+                       if (major_status == GSS_S_COMPLETE)
                                found++;
                }
        }
@@ -1734,17 +1732,18 @@ get_available_mechs(OM_uint32 *minor_status,
         * trim the list of mechanisms down to only those
         * for which the creds are valid.
         */
-       if (found > 0 && stat == GSS_S_COMPLETE && creds != NULL) {
-               stat = gss_acquire_cred(minor_status,
-                       name, GSS_C_INDEFINITE, *rmechs, usage, creds,
-                       &goodmechs, NULL);
+       if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) {
+               major_status = gss_acquire_cred(minor_status,
+                                               name, GSS_C_INDEFINITE, 
+                                               *rmechs, usage, creds,
+                                               &goodmechs, NULL);
 
                /*
                 * Drop the old list in favor of the new
                 * "trimmed" list.
                 */
                (void) gss_release_oid_set(&tmpmin, rmechs);
-               if (stat == GSS_S_COMPLETE) {
+               if (major_status == GSS_S_COMPLETE) {
                        (void) gssint_copy_oid_set(&tmpmin,
                                        goodmechs, rmechs);
                        (void) gss_release_oid_set(&tmpmin, &goodmechs);
@@ -1752,14 +1751,14 @@ get_available_mechs(OM_uint32 *minor_status,
        }
 
        (void) gss_release_oid_set(&tmpmin, &mechs);
-       if (found == 0 || stat != GSS_S_COMPLETE) {
+       if (found == 0 || major_status != GSS_S_COMPLETE) {
                *minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE;
                map_errcode(minor_status);
-               if (stat == GSS_S_COMPLETE)
-                       stat = GSS_S_FAILURE;
+               if (major_status == GSS_S_COMPLETE)
+                       major_status = GSS_S_FAILURE;
        }
 
-       return (stat);
+       return (major_status);
 }
 
 /* following are token creation and reading routines */
@@ -1939,7 +1938,7 @@ static int
 put_mech_set(gss_OID_set mechSet, gss_buffer_t buf)
 {
        unsigned char *ptr;
-       int i;
+       unsigned int i;
        unsigned int tlen, ilen;
 
        tlen = ilen = 0;
@@ -2236,7 +2235,7 @@ negotiate_mech_type(OM_uint32 *minor_status,
        gss_OID returned_mech;
        OM_uint32 status;
        int present;
-       int i;
+       unsigned int i;
 
        for (i = 0; i < mechset->count; i++) {
                gss_test_oid_set_member(minor_status, &mechset->elements[i],
index aa4be3263c8f8cdb4eda4c30221e9d0a72f9f66d..5fc1cc3ecee33b4b9eedf477fc2a5b3d5c69dd1b 100644 (file)
@@ -25,6 +25,7 @@
  */
 
 /* ASN.1 primitive decoders */
+#include "k5-int.h" /* for krb5int_gmt_mktime */
 #include "asn1_decode.h"
 #include "asn1_get.h"
 #include <stdio.h>
@@ -55,14 +56,12 @@ if(asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\
 #define cleanup()\
 return 0
 
-extern time_t krb5int_gmt_mktime (struct tm *);
-
 asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val)
 {
   setup();
   asn1_octet o;
   long n = 0; /* initialize to keep gcc happy */
-  int i;
+  unsigned int i;
 
   tag(ASN1_INTEGER);
 
@@ -87,7 +86,7 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va
   setup();
   asn1_octet o;
   unsigned long n;
-  int i;
+  unsigned int i;
 
   tag(ASN1_INTEGER);
 
index 213bb3b1ea56a7c852f9854a0818cc4a771f4a2f..b332e13925a4f05faa52d55a570e66c61e136dfa 100644 (file)
@@ -502,7 +502,7 @@ asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val)
   asn1_error_code retval;
   asn1_octet unused, o;
   taginfo t;
-  int i;
+  unsigned int i;
   krb5_flags f=0;
   unsigned int length;
 
index c78f4b96633d8c8a868920a014a07eed0e122679..43ef97ca830b64d7ffa548cf49e79f2deab66892 100644 (file)
@@ -167,7 +167,7 @@ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o)
 asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, const krb5_octet *s)
 {
   asn1_error_code retval;
-  int length;
+  unsigned int length;
 
   retval = asn1buf_ensure_space(buf,len);
   if(retval) return retval;
@@ -179,7 +179,7 @@ asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len,
 asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, const char *s)
 {
   asn1_error_code retval;
-  int length;
+  unsigned int length;
 
   retval = asn1buf_ensure_space(buf,len);
   if(retval) return retval;
@@ -198,7 +198,7 @@ asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o)
 
 asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s)
 {
-  int i;
+  unsigned int i;
 
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
@@ -216,7 +216,7 @@ asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len,
 
 asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s)
 {
-  int i;
+  unsigned int i;
 
   if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN;
   if (len == 0) {
@@ -247,7 +247,7 @@ int asn1buf_remains(asn1buf *buf, int indef)
 
 asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code)
 {
-  int i;
+  unsigned int i;
   *code = (krb5_data*)calloc(1,sizeof(krb5_data));
   if(*code == NULL) return ENOMEM;
   (*code)->magic = KV5M_DATA;
@@ -284,7 +284,7 @@ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s)
     strcpy(*s,"<EMPTY>");
   }else{
     unsigned int length = asn1buf_len(buf);
-    int i;
+    unsigned int i;
 
     *s = calloc(length+1, sizeof(char));
     if(*s == NULL) return ENOMEM;
@@ -338,7 +338,7 @@ int asn1buf_size(const asn1buf *buf)
 }
 
 #undef asn1buf_free
-int asn1buf_free(const asn1buf *buf)
+unsigned int asn1buf_free(const asn1buf *buf)
 {
   if(buf == NULL || buf->base == NULL) return 0;
   else return buf->bound - buf->next + 1;
index 4936ed670ccd8479145062cdd64489a699722759..b24ce68a627cbc40fb2594502d1ca2bab7c20bd4 100644 (file)
@@ -22,14 +22,14 @@ int asn1buf_size
    ? 0 \
    : ((buf)->bound - (buf)->base + 1))
 
-int asn1buf_free
+unsigned int asn1buf_free
        (const asn1buf *buf);
 /* requires  *buf is allocated
    effects   Returns the number of unused, allocated octets in *buf. */
 #define asn1buf_free(buf) \
   (((buf) == NULL || (buf)->base == NULL) \
-   ? 0 \
-   : ((buf)->bound - (buf)->next + 1))
+   ? 0U \
+   : (unsigned int)((buf)->bound - (buf)->next + 1))
 
 
 asn1_error_code asn1buf_ensure_space
index 07e7f25b727d76dc96fe5c8f705ad0cb9b72416d..7518b16e5fa72bf669e63ff95271a9cb2d397979 100644 (file)
@@ -219,7 +219,7 @@ last:
 /* Decode the Principal's keys                                         */
 /************************************************************************/
 
-#define safe_syncbuf(outer,inner)                                      \
+#define safe_syncbuf(outer,inner,buflen)                               \
        if (! ((inner)->next == (inner)->bound + 1 &&                   \
               (inner)->next == (outer)->next + buflen))                \
            cleanup (ASN1_BAD_LENGTH);                                  \
@@ -243,7 +243,7 @@ decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val)
     ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
     ret = asn1_decode_integer(&subbuf, val); checkerr;
 
-    safe_syncbuf(&tmp, &subbuf);
+    safe_syncbuf(&tmp, &subbuf, buflen);
     *buf = tmp;
 
 last:
@@ -269,7 +269,7 @@ decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *va
     ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
     ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr;
 
-    safe_syncbuf(&tmp, &subbuf);
+    safe_syncbuf(&tmp, &subbuf, buflen);
     *buf = tmp;
 
 last:
@@ -298,7 +298,7 @@ decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len,
     ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr;
     ret = asn1_decode_octetstring (&subbuf, len, val); checkerr;
 
-    safe_syncbuf(&tmp, &subbuf);
+    safe_syncbuf(&tmp, &subbuf, buflen);
     *buf = tmp;
 
 last:
@@ -309,7 +309,7 @@ last:
 
 static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
 {
-    int buflen, seqindef;
+    int full_buflen, seqindef;
     unsigned int length;
     asn1_error_code ret;
     asn1buf subbuf;
@@ -319,20 +319,20 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
     key->key_data_contents[1] = NULL;
 
     ret = asn1_get_sequence(buf, &length, &seqindef); checkerr;
-    buflen = length;
+    full_buflen = length;
     ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr;
 
     asn1_get_tag_2(&subbuf, &t);
     /* Salt */
     if (t.tagnum == 0) {
-       int buflen;
+       int salt_buflen;
        asn1buf slt;
        unsigned long keytype;
        int keylen;
 
        key->key_data_ver = 2;
        asn1_get_sequence(&subbuf, &length, &seqindef);
-       buflen = length;
+       salt_buflen = length;
        asn1buf_imbed(&slt, &subbuf, length, seqindef);
 
        ret = decode_tagged_integer (&slt, 0, &keytype);
@@ -344,7 +344,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
                    &key->key_data_contents[1]); checkerr;
        } else
            keylen = 0;
-       safe_syncbuf (&subbuf, &slt);
+       safe_syncbuf (&subbuf, &slt, salt_buflen);
        key->key_data_length[1] = keylen; /* XXX range check?? */
 
        ret = asn1_get_tag_2(&subbuf, &t); checkerr;
@@ -353,7 +353,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
 
     /* Key */
     {
-       int buflen;
+       int key_buflen;
        asn1buf kbuf;
        long lval;
        int ival;
@@ -362,7 +362,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
            cleanup (ASN1_MISSING_FIELD);
 
        ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
-       buflen = length;
+       key_buflen = length;
        ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr;
 
        ret = decode_tagged_integer (&kbuf, 0, &lval);
@@ -373,10 +373,10 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key)
                                         &key->key_data_contents[0]); checkerr;
        key->key_data_length[0] = ival; /* XXX range check? */
 
-       safe_syncbuf (&subbuf, &kbuf);
+       safe_syncbuf (&subbuf, &kbuf, key_buflen);
     }
 
-    safe_syncbuf (buf, &subbuf);
+    safe_syncbuf (buf, &subbuf, full_buflen);
 
 last:
     if (ret != 0) {
@@ -433,12 +433,12 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in,
 
     /* Sequence of keys */
     {
-       int i, buflen;
+       int i, seq_buflen;
        asn1buf keyseq;
        if (t.tagnum != 4)
            cleanup (ASN1_MISSING_FIELD);
        ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr;
-       buflen = length;
+       seq_buflen = length;
        ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr;
        for (i = 1, *out = NULL; ; i++) {
            krb5_key_data *tmp;
@@ -452,7 +452,7 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in,
            if (asn1buf_remains(&keyseq, 0) == 0)
                break; /* Not freeing the last key structure */
        }
-       safe_syncbuf (&subbuf, &keyseq);
+       safe_syncbuf (&subbuf, &keyseq, seq_buflen);
     }
 
     /*
index db308b8ec5d04c78205e1035493f4f9ba6bec725..d6a2597dbdece37d94f9e9cfb45a1e922aa96cd3 100644 (file)
@@ -90,7 +90,7 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache)
             /* This function tries to get tickets and put them in the specified 
             cache, however, if the cache does not exist, it may choose to put 
             them elsewhere (ie: the system default) so we set that here */
-            char * ccdefname = krb5_cc_default_name (context);
+            const char * ccdefname = krb5_cc_default_name (context);
             if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) {
                 krb5_cc_set_default_name (context, outCacheName);
             }
index 506538ca45051e73f1b0bd32c62227511a656b17..90a49d6a6e5561bd54a35b0e9a445fe303bfa945 100644 (file)
@@ -788,7 +788,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
     krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS];
     krb5_boolean old_use_conf_ktypes;
     char **hrealms;
-    int referral_count, i;
+    unsigned int referral_count, i;
 
     /* 
      * Set up client and server pointers.  Make a fresh and modifyable
index 0b5420b0ce139afbbfb58c13e38b08060fdfaeda..be0ea73abbb03415ef55974530eff352ccadc3a6 100644 (file)
@@ -261,6 +261,7 @@ krb5_error_code krb5_pkinit_get_client_cert(
     SecIdentityRef idRef = NULL;
     OSStatus ortn;
     CFDictionaryRef theDict = NULL;
+    CFStringRef cfPrinc = NULL;
     krb5_error_code ourRtn = 0;
     
     if(principal == NULL) {
@@ -274,8 +275,8 @@ krb5_error_code krb5_pkinit_get_client_cert(
     }
     
     /* Entry in the dictionary for specified principal? */
-    CFStringRef cfPrinc = CFStringCreateWithCString(NULL, principal, 
-       kCFStringEncodingASCII);
+    cfPrinc = CFStringCreateWithCString(NULL, principal, 
+                                        kCFStringEncodingASCII);
     issuerSerial = (CFDataRef)CFDictionaryGetValue(theDict, cfPrinc);
     CFRelease(cfPrinc);
     if(issuerSerial == NULL) {
index a4578336bcb3b3ce8e718bf3452aa38ef0e414fd..dc006e912be88580d7a81c48013ba04083faddab 100644 (file)
@@ -158,6 +158,7 @@ krb5_error_code pkiDataToInt(
     krb5_ui_4 len;
     krb5_int32 rtn = 0;
     krb5_ui_4 dex;
+    uint8 *cp = NULL;
     
     if((cdata->Length == 0) || (cdata->Data == NULL)) {
        *i = 0;
@@ -168,7 +169,7 @@ krb5_error_code pkiDataToInt(
        return ASN1_BAD_LENGTH;
     }
     
-    uint8 *cp = cdata->Data;
+    cp = cdata->Data;
     for(dex=0; dex<len; dex++) {
        rtn = (rtn << 8) | *cp++;
     }
@@ -291,6 +292,7 @@ krb5_error_code pkiKrbTimestampToStr(
     krb5_timestamp kts,
     char **str)                    /* mallocd and RETURNED */
 {
+    char *outStr = NULL;
     time_t gmt_time = kts;
     struct tm *utc = gmtime(&gmt_time);
     if (utc == NULL ||
@@ -299,7 +301,7 @@ krb5_error_code pkiKrbTimestampToStr(
        utc->tm_min > 59 || utc->tm_sec > 59) {
        return ASN1_BAD_GMTIME;
     }
-    char *outStr = (char *)malloc(16);
+    outStr = (char *)malloc(16);
     if(outStr == NULL) {
        return ENOMEM;
     }
index fd7d5483a28f0ceb8107ad1d6054cda65b52e97e..85e3532162683ff82fde3c3a25bc64fb7c9fb145 100644 (file)
@@ -1773,7 +1773,8 @@ krb5_do_preauth(krb5_context context,
                krb5_preauth_client_rock *get_data_rock,
                krb5_gic_opt_ext *opte)
 {
-    int h, i, j, out_pa_list_size;
+    unsigned int h;
+    int i, j, out_pa_list_size;
     int seen_etype_info2 = 0;
     krb5_pa_data *out_pa = NULL, **out_pa_list = NULL;
     krb5_data scratch;
index 6a1fb1b49876ad693080158e629f204b7fbe6778..12051d7c4a29ea3a1da2e3cee119fd1c6c1b8fc1 100644 (file)
@@ -170,7 +170,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b
     size_t             required;
     krb5_octet         *bp;
     size_t             remain;
-    int                        i;
+    unsigned int       i;
 
     required = 0;
     bp = *buffer;
@@ -333,7 +333,7 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet *
     krb5_int32         ibuf;
     krb5_octet         *bp;
     size_t             remain;
-    int                        i;
+    unsigned int       i;
 
     bp = *buffer;
     remain = *lenremain;
index c8cbe72bc0fd7b1e5fa0bbaf080ba53ebef07563..f3ea3ee5ab92b171daba6680feccb17bb9db8f43 100644 (file)
@@ -41,7 +41,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece,
     char *cachename = 0, *cachetype;
     char tmp[4];
     krb5_error_code retval;
-    int p, i;
+    unsigned int p, i;
     unsigned int len;
 
 #ifdef HAVE_GETEUID
index fdc4d727eb9ea494f530aa8208355a814e5c5e2e..986274d40b6fa180146b2e128507afbb24faa374 100644 (file)
@@ -251,7 +251,7 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen
        "%x %X",                /* locale-dependent short format        */
        "%d/%m/%Y %R"           /* dd/mm/yyyy hh:mm                     */
     };
-    static const int sftime_format_table_nents =
+    static const unsigned int sftime_format_table_nents =
        sizeof(sftime_format_table)/sizeof(sftime_format_table[0]);
 
 #ifdef HAVE_LOCALTIME_R
index 3dad7f04995c325ed0643e2741ca5b8c2b78738d..2d503b85108f3ef1ec7d7c256684d258680fcb70 100644 (file)
@@ -149,7 +149,6 @@ krb5_cccol_cursor_new
 krb5_cccol_cursor_next
 krb5_change_cache
 krb5_change_password
-krb5_change_set_password
 krb5_check_transited_list
 krb5_chpw_result_code_string
 krb5_clear_error_message
index 1de5a217ab29e9c867737bd369690317872b3584..710a3fcf568c933dff3e3c724cc221dc0d20ad01 100644 (file)
@@ -50,7 +50,6 @@ struct sendto_callback_context {
     krb5_data          ap_req;
 };
 
-
 /*
  * Wrapper function for the two backends
  */
@@ -190,7 +189,7 @@ cleanup:
 **     if set_password_for is NULL, then a password change is performed,
 **  otherwise, the password is set for the principal indicated in set_password_for
 */
-krb5_error_code KRB5_CALLCONV
+static krb5_error_code KRB5_CALLCONV
 krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw,
                         krb5_principal set_password_for,
                         int *result_code, krb5_data *result_code_string,
index a0e46d05e6dea6ea34991a580078b3a3d25b34dc..a8a07d951d9b7e7e143c42344a313f58a817ae70 100644 (file)
@@ -35,7 +35,7 @@ krb5_error_code
 krb5_gen_replay_name(krb5_context context, const krb5_address *address, const char *uniq, char **string)
 {
     char * tmp;
-    int i;
+    unsigned int i;
     unsigned int len;
 
     len = strlen(uniq) + (address->length * 2) + 1;
index ce9674401e75b019cb84a098a32a201a842b99ea..d884b8cd474aa655e0e77ce5f7523266739c667a 100644 (file)
@@ -27,8 +27,7 @@
  * Return the protocol addresses supported by this host.
  * Exports from this file:
  *   krb5int_foreach_localaddr (does callbacks)
- *   krb5int_local_addresses (includes krb5.conf extra_addresses)
- *   krb5_os_localaddr (doesn't)
+ *   krb5_os_localaddr (doesn't include krb5.conf extra_addresses)
  *
  * XNS support is untested, but "Should just work".  (Hah!)
  */
@@ -1334,11 +1333,13 @@ krb5_os_localaddr(krb5_context context, krb5_address ***addr)
     return get_localaddrs(context, addr, 1);
 }
 
+#if 0 /* not actually used anywhere currently */
 krb5_error_code
 krb5int_local_addresses(krb5_context context, krb5_address ***addr)
 {
     return get_localaddrs(context, addr, 0);
 }
+#endif
 
 static krb5_error_code
 get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
index 658b42136c1b55d7a1ec44c4737f12a2426b2f4d..218748273e8b27828470a2fd97d1515f9b2360b5 100644 (file)
@@ -1087,7 +1087,7 @@ service_fds (krb5_context context,
 
     e = 0;
     while (selstate->nfds > 0) {
-       int i;
+       unsigned int i;
 
        e = krb5int_cm_call_select(selstate, seltemp, &selret);
        if (e == EINTR)
@@ -1102,7 +1102,7 @@ service_fds (krb5_context context,
            return 0;
 
        /* Got something on a socket, process it.  */
-       for (i = 0; i <= selstate->max && selret > 0 && i < n_conns; i++) {
+       for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) {
            int ssflags;
 
            if (conns[i].fd == INVALID_SOCKET)
@@ -1185,7 +1185,8 @@ krb5int_sendto (krb5_context context, const krb5_data *message,
                int (*msg_handler)(krb5_context, const krb5_data *, void *),
                void *msg_handler_data)
 {
-    int i, pass;
+    unsigned int i;
+    int pass;
     int delay_this_pass = 2;
     krb5_error_code retval;
     struct conn_state *conns;
index b942d5141b060191779957863c442aeb37219519..6692ae1459894fb3b47c82711f7f3041dc548ad6 100644 (file)
@@ -442,7 +442,7 @@ krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf,
                                   strerror(errno));
            return KRB5_RC_IO_UNKNOWN;
        }
-    if (count != num)
+    if (count < 0 || (unsigned int)count != num)
        return KRB5_RC_IO_EOF;
     return 0;
 }
index 65ab87349bdff6d5ace1df929103507264e93c95..c6ec60201646efdf228c671805512ee45ace78cf 100644 (file)
@@ -15,6 +15,8 @@
 #include <time.h>
 #endif
 
+#include "k5-gmt_mktime.h"
+
 /* take a struct tm, return seconds from GMT epoch */
 /* like mktime, this ignores tm_wday and tm_yday. */
 /* unlike mktime, this does not set them... it only passes a return value. */