From: Ezra Peisach Date: Sun, 18 Feb 2001 22:59:30 +0000 (+0000) Subject: * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c, X-Git-Tag: krb5-1.3-alpha1~1659 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f31504873c735c5d8dc832394968de85a0790441;p=krb5.git * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c, server_init.c, server_kdb.c, server_misc.c, svr_iters.c, svr_principal.c: Cleanup assignments in conditionals, variables sadowing one another, unused variables and declared some functions as static. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13012 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index 719693f8c..d25bbeb68 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,11 @@ +Sun Feb 18 17:40:23 2001 Ezra Peisach + + * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c, + server_init.c, server_kdb.c, server_misc.c, svr_iters.c, + svr_principal.c: Cleanup assignments in conditionals, variables + sadowing one another, unused variables and declared some functions + as static. + 2000-10-17 Ezra Peisach * svr_chpass_util.c (kadm5_chpass_principal_util): Change msg_len diff --git a/src/lib/kadm5/srv/adb_openclose.c b/src/lib/kadm5/srv/adb_openclose.c index dbbc3b698..12219cdab 100644 --- a/src/lib/kadm5/srv/adb_openclose.c +++ b/src/lib/kadm5/srv/adb_openclose.c @@ -72,23 +72,23 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, ret != EEXIST) return ret; - if (ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic)) + if ((ret = osa_adb_init_db(&fromdb, filefrom, lockfrom, magic))) return ret; - if (ret = osa_adb_init_db(&todb, fileto, lockto, magic)) { + if ((ret = osa_adb_init_db(&todb, fileto, lockto, magic))) { (void) osa_adb_fini_db(fromdb, magic); return ret; } - if (ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT)) { + if ((ret = osa_adb_get_lock(fromdb, OSA_ADB_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; } - if (ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT)) { + if ((ret = osa_adb_get_lock(todb, OSA_ADB_PERMANENT))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; } - if (rename(filefrom, fileto) < 0) { + if ((rename(filefrom, fileto) < 0)) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return errno; @@ -97,7 +97,7 @@ osa_adb_ret_t osa_adb_rename_db(char *filefrom, char *lockfrom, * Do not release the lock on fromdb because it is being renamed * out of existence; no one can ever use it again. */ - if (ret = osa_adb_release_lock(todb)) { + if ((ret = osa_adb_release_lock(todb))) { (void) osa_adb_fini_db(fromdb, magic); (void) osa_adb_fini_db(todb, magic); return ret; @@ -186,7 +186,7 @@ osa_adb_ret_t osa_adb_init_db(osa_adb_db_t *dbp, char *filename, /* now initialize lockp->lockinfo if necessary */ if (lockp->lockinfo.lockfile == NULL) { - if (code = krb5_init_context(&lockp->lockinfo.context)) { + if ((code = krb5_init_context(&lockp->lockinfo.context))) { free(db); return((osa_adb_ret_t) code); } @@ -315,8 +315,6 @@ osa_adb_ret_t osa_adb_get_lock(osa_adb_db_t db, int mode) if (perm) { if (unlink(db->lock->filename) < 0) { - int ret; - /* somehow we can't delete the file, but we already */ /* have the lock, so release it and return */ @@ -354,9 +352,9 @@ osa_adb_ret_t osa_adb_release_lock(osa_adb_db_t db) 0600); if ((db->lock->lockfile = fdopen(fd, "w+")) == NULL) return OSA_ADB_NOLOCKFILE; - } else if (ret = krb5_lock_file(db->lock->context, + } else if ((ret = krb5_lock_file(db->lock->context, fileno(db->lock->lockfile), - KRB5_LOCKMODE_UNLOCK)) + KRB5_LOCKMODE_UNLOCK))) return ret; db->lock->lockmode = 0; @@ -393,8 +391,6 @@ osa_adb_ret_t osa_adb_open_and_lock(osa_adb_princ_t db, int locktype) osa_adb_ret_t osa_adb_close_and_unlock(osa_adb_princ_t db) { - int ret; - if(db->db->close(db->db) == -1) { (void) osa_adb_release_lock(db); return OSA_ADB_FAILURE; diff --git a/src/lib/kadm5/srv/adb_policy.c b/src/lib/kadm5/srv/adb_policy.c index bdedf1621..9f5065c2d 100644 --- a/src/lib/kadm5/srv/adb_policy.c +++ b/src/lib/kadm5/srv/adb_policy.c @@ -18,20 +18,20 @@ extern int errno; #define OPENLOCK(db, mode) \ { \ - int ret; \ + int olret; \ if (db == NULL) \ return EINVAL; \ else if (db->magic != OSA_ADB_POLICY_DB_MAGIC) \ return OSA_ADB_DBINIT; \ - else if ((ret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \ - return ret; \ + else if ((olret = osa_adb_open_and_lock(db, mode)) != OSA_ADB_OK) \ + return olret; \ } #define CLOSELOCK(db) \ { \ - int ret; \ - if ((ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \ - return ret; \ + int cl_ret; \ + if ((cl_ret = osa_adb_close_and_unlock(db)) != OSA_ADB_OK) \ + return cl_ret; \ } osa_adb_ret_t osa_adb_create_policy_db(kadm5_config_params *params) diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 04b2ce707..0ecc4cc52 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -35,6 +35,7 @@ #include "k5-int.h" #include #include +#include "adm_proto.h" #include "server_acl.h" #include @@ -277,7 +278,6 @@ acl_parse_restrictions(s, rpp) { char *sp, *tp, *ap; static const char *delims = "\t\n\f\v\r ,"; - krb5_error_code ret; krb5_deltat dt; krb5_flags flag; krb5_error_code code; @@ -287,7 +287,7 @@ acl_parse_restrictions(s, rpp) *rpp = (restriction_t *) NULL; code = 0; - if (s) + if (s) { if (!(sp = strdup(s)) /* Don't munge the original */ || !(*rpp = (restriction_t *) malloc(sizeof(restriction_t)))) { code = ENOMEM; @@ -345,6 +345,7 @@ acl_parse_restrictions(s, rpp) } } } + } if (sp) free(sp); if (*rpp && code) { @@ -481,12 +482,13 @@ acl_load_acl_file() DPRINT(DEBUG_CALLS, acl_debug_level, ("* acl_load_acl_file()\n")); /* Open the ACL file for read */ - if (afp = fopen(acl_acl_file, "r")) { + afp = fopen(acl_acl_file, "r"); + if (afp) { alineno = 1; aentpp = &acl_list_head; /* Get a non-comment line */ - while (alinep = acl_get_line(afp, &alineno)) { + while ((alinep = acl_get_line(afp, &alineno))) { /* Parse it */ *aentpp = acl_parse_line(alinep); /* If syntax error, then fall out */ @@ -503,7 +505,8 @@ acl_load_acl_file() fclose(afp); if (acl_catchall_entry) { - if (*aentpp = acl_parse_line(acl_catchall_entry)) { + *aentpp = acl_parse_line(acl_catchall_entry); + if (*aentpp) { acl_list_tail = *aentpp; } else { @@ -770,7 +773,9 @@ acl_check(kcontext, caller, opmask, principal, restrictions) return(code); retval = 0; - if (aentry = acl_find_entry(kcontext, caller_princ, principal)) { + + aentry = acl_find_entry(kcontext, caller_princ, principal); + if (aentry) { if ((aentry->ae_op_allowed & opmask) == opmask) { retval = 1; if (restrictions) { @@ -792,8 +797,6 @@ acl_check(kcontext, caller, opmask, principal, restrictions) kadm5_ret_t kadm5_get_privs(void *server_handle, long *privs) { - kadm5_server_handle_t handle = server_handle; - CHECK_HANDLE(server_handle); /* this is impossible to do with the current interface. For now, diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c index 9bee48eb9..931c8242f 100644 --- a/src/lib/kadm5/srv/server_dict.c +++ b/src/lib/kadm5/srv/server_dict.c @@ -20,12 +20,13 @@ static char *rcsid = "$Header$"; #ifdef HAVE_MEMORY_H #include #endif +#include "adm_proto.h" #include #include "server_internal.h" static char **word_list = NULL; /* list of word pointers */ static char *word_block = NULL; /* actual word data */ -static int word_count = 0; /* number of words */ +static unsigned int word_count = 0; /* number of words */ extern int errno; /* @@ -46,7 +47,7 @@ extern int errno; static int word_compare(const void *s1, const void *s2) { - return (strcasecmp(*(char **)s1, *(char **)s2)); + return (strcasecmp(*(const char **)s1, *(const char **)s2)); } /* diff --git a/src/lib/kadm5/srv/server_init.c b/src/lib/kadm5/srv/server_init.c index cb15cf903..31dd71ad8 100644 --- a/src/lib/kadm5/srv/server_init.c +++ b/src/lib/kadm5/srv/server_init.c @@ -112,7 +112,8 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ENOMEM; memset(handle, 0, sizeof(*handle)); - if (ret = (int) krb5_init_context(&(handle->context))) { + ret = (int) krb5_init_context(&(handle->context)); + if (ret) { free(handle); return(ret); } @@ -156,11 +157,10 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return KADM5_BAD_SERVER_PARAMS; } - if (ret = kadm5_get_config_params(handle->context, - (char *) NULL, - (char *) NULL, - params_in, - &handle->params)) { + ret = kadm5_get_config_params(handle->context, (char *) NULL, + (char *) NULL, params_in, + &handle->params); + if (ret) { krb5_free_context(handle->context); free(handle); return(ret); @@ -180,17 +180,19 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return KADM5_MISSING_CONF_PARAMS; } - /* - * Set the db_name based on configuration before calling - * krb5_db_init, so it will get used. - */ - if (ret = krb5_db_set_name(handle->context, - handle->params.dbname)) { + /* + * Set the db_name based on configuration before calling + * krb5_db_init, so it will get used. + */ + + ret = krb5_db_set_name(handle->context, handle->params.dbname); + if (ret) { free(handle); return(ret); } - if (ret = krb5_db_init(handle->context)) { + ret = krb5_db_init(handle->context); + if (ret) { krb5_free_context(handle->context); free(handle); return(ret); @@ -204,69 +206,73 @@ kadm5_ret_t kadm5_init(char *client_name, char *pass, return ret; } - if (! (handle->lhandle = malloc(sizeof(*handle)))) { - krb5_db_fini(handle->context); - krb5_free_context(handle->context); - free(handle); - return ENOMEM; - } - *handle->lhandle = *handle; - handle->lhandle->api_version = KADM5_API_VERSION_2; - handle->lhandle->struct_version = KADM5_STRUCT_VERSION; - handle->lhandle->lhandle = handle->lhandle; - - /* can't check the handle until current_caller is set */ - if (ret = check_handle((void *) handle)) { - free(handle); - return ret; - } - - /* - * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL - * or an empty string, reads the master password from [the stash - * file]. Otherwise, the non-NULL password is ignored and the - * user is prompted for it via the tty." However, the code was - * implemented the other way: when a non-NULL password was - * provided, the stash file was used. This is somewhat more - * sensible, as then a local or remote client that provides a - * password does not prompt the user. This code maintains the - * previous actual behavior, and not the old spec behavior, - * because that is how the unit tests are written. - * - * In KADM5_API_VERSION_2, this decision is controlled by - * params. - * - * kdb_init_master's third argument is "from_keyboard". - */ - if (ret = kdb_init_master(handle, handle->params.realm, - (handle->api_version == KADM5_API_VERSION_1 ? - ((pass == NULL) || !(strlen(pass))) : - ((handle->params.mask & - KADM5_CONFIG_MKEY_FROM_KBD) && - handle->params.mkey_from_kbd)) - )) { + if (! (handle->lhandle = malloc(sizeof(*handle)))) { krb5_db_fini(handle->context); krb5_free_context(handle->context); free(handle); - return ret; + return ENOMEM; } - - if ((ret = kdb_init_hist(handle, handle->params.realm))) { + *handle->lhandle = *handle; + handle->lhandle->api_version = KADM5_API_VERSION_2; + handle->lhandle->struct_version = KADM5_STRUCT_VERSION; + handle->lhandle->lhandle = handle->lhandle; + + /* can't check the handle until current_caller is set */ + ret = check_handle((void *) handle); + if (ret) { + free(handle); + return ret; + } + + /* + * The KADM5_API_VERSION_1 spec said "If pass (or keytab) is NULL + * or an empty string, reads the master password from [the stash + * file]. Otherwise, the non-NULL password is ignored and the + * user is prompted for it via the tty." However, the code was + * implemented the other way: when a non-NULL password was + * provided, the stash file was used. This is somewhat more + * sensible, as then a local or remote client that provides a + * password does not prompt the user. This code maintains the + * previous actual behavior, and not the old spec behavior, + * because that is how the unit tests are written. + * + * In KADM5_API_VERSION_2, this decision is controlled by + * params. + * + * kdb_init_master's third argument is "from_keyboard". + */ + ret = kdb_init_master(handle, handle->params.realm, + (handle->api_version == KADM5_API_VERSION_1 ? + ((pass == NULL) || !(strlen(pass))) : + ((handle->params.mask & KADM5_CONFIG_MKEY_FROM_KBD) + && handle->params.mkey_from_kbd) + )); + if (ret) { + krb5_db_fini(handle->context); + krb5_free_context(handle->context); + free(handle); + return ret; + } + + ret = kdb_init_hist(handle, handle->params.realm); + if (ret) { krb5_db_fini(handle->context); krb5_free_context(handle->context); free(handle); return ret; } - if (ret = init_dict(&handle->params)) { - krb5_db_fini(handle->context); + ret = init_dict(&handle->params); + if (ret) { + krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); free(handle); return ret; } - if (ret = adb_policy_init(handle)) { + ret = adb_policy_init(handle); + if (ret) { krb5_db_fini(handle->context); krb5_free_principal(handle->context, handle->current_caller); krb5_free_context(handle->context); diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index 2487f88e0..231fcb3ef 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -31,7 +31,10 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, { int ret = 0; char *realm; - krb5_keyblock tmk; + krb5_boolean from_kbd = FALSE; + + if (from_keyboard) + from_kbd = TRUE; if (r == NULL) { if ((ret = krb5_get_default_realm(handle->context, &realm))) @@ -47,13 +50,14 @@ krb5_error_code kdb_init_master(kadm5_server_handle_t handle, master_keyblock.enctype = handle->params.enctype; - if (ret = krb5_db_fetch_mkey(handle->context, master_princ, - master_keyblock.enctype, from_keyboard, - FALSE /* only prompt once */, - handle->params.stash_file, - NULL /* I'm not sure about this, - but it's what the kdc does --marc */, - &master_keyblock)) + ret = krb5_db_fetch_mkey(handle->context, master_princ, + master_keyblock.enctype, from_kbd, + FALSE /* only prompt once */, + handle->params.stash_file, + NULL /* I'm not sure about this, + but it's what the kdc does --marc */, + &master_keyblock); + if (ret) goto done; if ((ret = krb5_db_init(handle->context)) != KSUCCESS) @@ -141,11 +145,11 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) hist_kvno = 2; - if (ret = kadm5_create_principal(handle, &ent, - (KADM5_PRINCIPAL | - KADM5_MAX_LIFE | - KADM5_ATTRIBUTES), - "to-be-random")) + ret = kadm5_create_principal(handle, &ent, + (KADM5_PRINCIPAL | KADM5_MAX_LIFE | + KADM5_ATTRIBUTES), + "to-be-random"); + if (ret) goto done; /* this won't let us randomize the hist_princ. So we cheat. */ @@ -167,16 +171,14 @@ krb5_error_code kdb_init_hist(kadm5_server_handle_t handle, char *r) } - if (ret = krb5_dbe_find_enctype(handle->context, - &hist_db, - handle->params.enctype, - -1, - -1, - &key_data)) + ret = krb5_dbe_find_enctype(handle->context, &hist_db, + handle->params.enctype, -1, -1, &key_data); + if (ret) goto done; - if (ret = krb5_dbekd_decrypt_key_data(handle->context, &master_keyblock, - key_data, &hist_key, NULL)) + ret = krb5_dbekd_decrypt_key_data(handle->context, &master_keyblock, + key_data, &hist_key, NULL); + if (ret) goto done; hist_kvno = key_data->key_data_kvno; @@ -217,8 +219,9 @@ kdb_get_entry(kadm5_server_handle_t handle, krb5_tl_data tl_data; XDR xdrs; - if (ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, - &more)) + ret = krb5_db_get_principal(handle->context, principal, kdb, &nprincs, + &more); + if (ret) return(ret); if (more) { @@ -327,11 +330,13 @@ kdb_put_entry(kadm5_server_handle_t handle, krb5_tl_data tl_data; int one; - if (ret = krb5_timeofday(handle->context, &now)) + ret = krb5_timeofday(handle->context, &now); + if (ret) return(ret); - if (ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, - handle->current_caller)) + ret = krb5_dbe_update_mod_princ_data(handle->context, kdb, now, + handle->current_caller); + if (ret) return(ret); xdralloc_create(&xdrs, XDR_ENCODE); @@ -352,7 +357,8 @@ kdb_put_entry(kadm5_server_handle_t handle, one = 1; - if (ret = krb5_db_put_principal(handle->context, kdb, &one)) + ret = krb5_db_put_principal(handle->context, kdb, &one); + if (ret) return(ret); return(0); @@ -394,7 +400,8 @@ kdb_iter_entry(kadm5_server_handle_t handle, id.func = iter_fct; id.data = data; - if (ret = krb5_db_iterate(handle->context, kdb_iter_func, &id)) + ret = krb5_db_iterate(handle->context, kdb_iter_func, &id); + if (ret) return(ret); return(0); diff --git a/src/lib/kadm5/srv/server_misc.c b/src/lib/kadm5/srv/server_misc.c index c85557cab..fac47bb2f 100644 --- a/src/lib/kadm5/srv/server_misc.c +++ b/src/lib/kadm5/srv/server_misc.c @@ -41,6 +41,7 @@ adb_policy_close(kadm5_server_handle_t handle) return KADM5_OK; } +#ifdef HESIOD /* stolen from v4sever/kadm_funcs.c */ static char * reverse(str) @@ -61,7 +62,9 @@ reverse(str) return(newstr); } +#endif /* HESIOD */ +#if 0 static int lower(str) char *str; @@ -77,7 +80,9 @@ lower(str) } return(effect); } +#endif +#ifdef HESIOD static int str_check_gecos(gecos, pwstr) char *gecos; @@ -110,6 +115,7 @@ str_check_gecos(gecos, pwstr) } return 0; } +#endif /* HESIOD */ /* some of this is stolen from gatekeeper ... */ kadm5_ret_t @@ -156,13 +162,12 @@ passwd_check(kadm5_server_handle_t handle, if((find_word(password) == KADM5_OK)) return KADM5_PASS_Q_DICT; else { - char *cp; - int c, n = krb5_princ_size(handle->context, principal); + int i, n = krb5_princ_size(handle->context, principal); cp = krb5_princ_realm(handle->context, principal)->data; if (strcasecmp(cp, password) == 0) return KADM5_PASS_Q_DICT; - for (c = 0; c < n ; c++) { - cp = krb5_princ_component(handle->context, principal, c)->data; + for (i = 0; i < n ; i++) { + cp = krb5_princ_component(handle->context, principal, i)->data; if (strcasecmp(cp, password) == 0) return KADM5_PASS_Q_DICT; #ifdef HESIOD diff --git a/src/lib/kadm5/srv/svr_iters.c b/src/lib/kadm5/srv/svr_iters.c index 706e77821..1397254e5 100644 --- a/src/lib/kadm5/srv/svr_iters.c +++ b/src/lib/kadm5/srv/svr_iters.c @@ -72,7 +72,7 @@ struct iter_data { * other characters are copied * regexp is anchored with ^ and $ */ -kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) +static kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) { int append_realm; char *p; @@ -127,7 +127,7 @@ kadm5_ret_t glob_to_regexp(char *glob, char *realm, char **regexp) return KADM5_OK; } -void get_either_iter(struct iter_data *data, char *name) +static void get_either_iter(struct iter_data *data, char *name) { if ( #ifdef SOLARIS_REGEXPS @@ -146,7 +146,7 @@ void get_either_iter(struct iter_data *data, char *name) free(name); } -void get_pols_iter(void *data, osa_policy_ent_t entry) +static void get_pols_iter(void *data, osa_policy_ent_t entry) { char *name; @@ -155,7 +155,7 @@ void get_pols_iter(void *data, osa_policy_ent_t entry) get_either_iter(data, name); } -void get_princs_iter(void *data, krb5_principal princ) +static void get_princs_iter(void *data, krb5_principal princ) { struct iter_data *id = (struct iter_data *) data; char *name; @@ -172,7 +172,10 @@ kadm5_ret_t kadm5_get_either(int princ, int *count) { struct iter_data data; - char *msg, *regexp; +#ifdef BSD_REGEXPS + char *msg; +#endif + char *regexp; int ret; kadm5_server_handle_t handle = server_handle; diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 4981703b4..f4bcc0685 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -170,8 +170,8 @@ kadm5_create_principal_3(void *server_handle, return ret; } } - if (ret = passwd_check(handle, password, (mask & KADM5_POLICY), - &polent, entry->principal)) { + if ((ret = passwd_check(handle, password, (mask & KADM5_POLICY), + &polent, entry->principal))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return ret; @@ -181,10 +181,10 @@ kadm5_create_principal_3(void *server_handle, * "defaults" for fields that were not specified by the * mask. */ - if (ret = krb5_timeofday(handle->context, &now)) { - if (mask & KADM5_POLICY) - (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return ret; + if ((ret = krb5_timeofday(handle->context, &now))) { + if (mask & KADM5_POLICY) + (void) kadm5_free_policy_ent(handle->lhandle, &polent); + return ret; } kdb.magic = KRB5_KDB_MAGIC_NUMBER; @@ -228,28 +228,28 @@ kadm5_create_principal_3(void *server_handle, to free the entire kdb entry, and that will try to free the principal. */ - if (ret = krb5_copy_principal(handle->context, - entry->principal, &(kdb.princ))) { + if ((ret = krb5_copy_principal(handle->context, + entry->principal, &(kdb.princ)))) { if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); return(ret); } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) { - krb5_dbe_free_contents(handle->context, &kdb); - if (mask & KADM5_POLICY) + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) { + krb5_dbe_free_contents(handle->context, &kdb); + if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); - return(ret); + return(ret); } /* initialize the keys */ - if (ret = krb5_dbe_cpw(handle->context, &master_keyblock, - n_ks_tuple?ks_tuple:handle->params.keysalts, - n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, - password, - (mask & KADM5_KVNO)?entry->kvno:1, - FALSE, &kdb)) { + if ((ret = krb5_dbe_cpw(handle->context, &master_keyblock, + n_ks_tuple?ks_tuple:handle->params.keysalts, + n_ks_tuple?n_ks_tuple:handle->params.num_keysalts, + password, + (mask & KADM5_KVNO)?entry->kvno:1, + FALSE, &kdb))) { krb5_dbe_free_contents(handle->context, &kdb); if (mask & KADM5_POLICY) (void) kadm5_free_policy_ent(handle->lhandle, &polent); @@ -346,7 +346,7 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) if (principal == NULL) return EINVAL; - if (ret = kdb_get_entry(handle, principal, &kdb, &adb)) + if ((ret = kdb_get_entry(handle, principal, &kdb, &adb))) return(ret); if ((adb.aux_attributes & KADM5_POLICY)) { @@ -362,9 +362,9 @@ kadm5_delete_principal(void *server_handle, krb5_principal principal) return(ret); } } - if (ret = kadm5_free_policy_ent(handle->lhandle, &polent)) { - kdb_free_entry(handle, &kdb, &adb); - return ret; + if ((ret = kadm5_free_policy_ent(handle->lhandle, &polent))) { + kdb_free_entry(handle, &kdb, &adb); + return ret; } } @@ -383,7 +383,7 @@ kadm5_modify_principal(void *server_handle, kadm5_policy_ent_rec npol, opol; int have_npol = 0, have_opol = 0; krb5_db_entry kdb; - krb5_tl_data *tl_data_orig, *tl_data_tail; + krb5_tl_data *tl_data_orig; osa_princ_ent_rec adb; kadm5_server_handle_t handle = server_handle; @@ -737,7 +737,7 @@ kadm5_get_principal(void *server_handle, krb5_principal principal, if (mask & KADM5_FAIL_AUTH_COUNT) entry->fail_auth_count = kdb.fail_auth_count; if (mask & KADM5_TL_DATA) { - krb5_tl_data td, *tl, *tl2; + krb5_tl_data *tl, *tl2; entry->tl_data = NULL; @@ -907,6 +907,7 @@ check_pw_reuse(krb5_context context, * in hist_key, and added to hist->key_data. hist->n_key_data is * set to n_key_data. */ +static int create_history_entry(krb5_context context, int n_key_data, krb5_key_data *key_data, osa_pw_hist_ent *hist) { @@ -939,6 +940,7 @@ int create_history_entry(krb5_context context, int n_key_data, return 0; } +static int free_history_entry(krb5_context context, osa_pw_hist_ent *hist) { int i; @@ -979,8 +981,8 @@ static kadm5_ret_t add_to_history(krb5_context context, kadm5_policy_ent_t pol, osa_pw_hist_ent *pw) { - osa_pw_hist_ent hist, *histp; - int ret, i; + osa_pw_hist_ent *histp; + int i; /* A history of 1 means just check the current password */ if (pol->pw_history_num == 1) @@ -1037,7 +1039,7 @@ kadm5_chpass_principal_3(void *server_handle, kadm5_policy_ent_rec pol; osa_princ_ent_rec adb; krb5_db_entry kdb, kdb_save; - int ret, ret2, last_pwd, i, hist_added; + int ret, ret2, last_pwd, hist_added; int have_pol = 0; kadm5_server_handle_t handle = server_handle; osa_pw_hist_ent hist; @@ -1186,7 +1188,6 @@ kadm5_randkey_principal_3(void *server_handle, krb5_int32 now; kadm5_policy_ent_rec pol; krb5_key_data *key_data; - krb5_keyblock *keyblock; int ret, last_pwd, have_pol = 0; kadm5_server_handle_t handle = server_handle; @@ -1312,10 +1313,11 @@ kadm5_setv4key_principal(void *server_handle, osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_rec pol; - krb5_key_data *key_data; krb5_keysalt keysalt; - int i, kvno, ret, last_pwd, have_pol = 0; - int deskeys; + int i, kvno, ret, have_pol = 0; +#if 0 + int last_pwd; +#endif kadm5_server_handle_t handle = server_handle; CHECK_HANDLE(server_handle); @@ -1452,7 +1454,10 @@ kadm5_setkey_principal_3(void *server_handle, kadm5_policy_ent_rec pol; krb5_key_data *old_key_data; int n_old_keys; - int i, j, kvno, ret, last_pwd, have_pol = 0; + int i, j, kvno, ret, have_pol = 0; +#if 0 + int last_pwd; +#endif kadm5_server_handle_t handle = server_handle; krb5_boolean similar; krb5_keysalt keysalt; @@ -1468,17 +1473,18 @@ kadm5_setkey_principal_3(void *server_handle, for (i = 0; i < n_keys; i++) { for (j = i+1; j < n_keys; j++) { - if (ret = krb5_c_enctype_compare(handle->context, - keyblocks[i].enctype, - keyblocks[j].enctype, - &similar)) + if ((ret = krb5_c_enctype_compare(handle->context, + keyblocks[i].enctype, + keyblocks[j].enctype, + &similar))) return(ret); - if (similar) + if (similar) { if (n_ks_tuple) { if (ks_tuple[i].ks_salttype == ks_tuple[j].ks_salttype) return KADM5_SETKEY_DUP_ENCTYPES; } else return KADM5_SETKEY_DUP_ENCTYPES; + } } } @@ -1542,7 +1548,7 @@ kadm5_setkey_principal_3(void *server_handle, /* assert(kdb.n_key_data == n_keys + n_old_keys) */ kdb.attributes &= ~KRB5_KDB_REQUIRES_PWCHANGE; - if (ret = krb5_timeofday(handle->context, &now)) + if ((ret = krb5_timeofday(handle->context, &now))) goto done; if ((adb.aux_attributes & KADM5_POLICY)) { @@ -1593,8 +1599,8 @@ kadm5_setkey_principal_3(void *server_handle, kdb.pw_expiration = 0; } - if (ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now)) - goto done; + if ((ret = krb5_dbe_update_last_pwd_change(handle->context, &kdb, now))) + goto done; if ((ret = kdb_put_entry(handle, &kdb, &adb))) goto done; @@ -1627,10 +1633,10 @@ static int decrypt_key_data(krb5_context context, memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); for (i = 0; i < n_key_data; i++) { - if (ret = krb5_dbekd_decrypt_key_data(context, - &master_keyblock, - &key_data[i], - &keys[i], NULL)) { + ret = krb5_dbekd_decrypt_key_data(context, &master_keyblock, + &key_data[i], + &keys[i], NULL); + if (ret) { memset((char *) keys, 0, n_key_data*sizeof(krb5_keyblock)); free(keys); @@ -1694,13 +1700,13 @@ kadm5_ret_t kadm5_decrypt_key(void *server_handle, /* find_enctype only uses these two fields */ dbent.n_key_data = entry->n_key_data; dbent.key_data = entry->key_data; - if (ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype, - stype, kvno, &key_data)) + if ((ret = krb5_dbe_find_enctype(handle->context, &dbent, ktype, + stype, kvno, &key_data))) return ret; - if (ret = krb5_dbekd_decrypt_key_data(handle->context, - &master_keyblock, key_data, - keyblock, keysalt)) + if ((ret = krb5_dbekd_decrypt_key_data(handle->context, + &master_keyblock, key_data, + keyblock, keysalt))) return ret; if (kvnop)