From 8acb29c6f3259749c85985c2df6b0cbd870c52f6 Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Wed, 27 Aug 2008 16:36:00 +0000 Subject: [PATCH] Based on patch from lxs, with some changes: Add several new gcc warning flags, used in the KfM build process. Put declarations before code. Fix a bunch of signed/unsigned type mixes, mostly by changing variable types to unsigned int. Fix constness in handling name of default ccache name. Make sure functions get declared with prototypes: krb5int_pthread_loaded krb5int_gmt_mktime krb5int_aes_encrypt krb5int_aes_decrypt gssint_mecherrmap_init gssint_mecherramp_get. Don't shadow global names: stat accept index open encrypt. Fix variable shadowing in LDAP ASN.1 support. Don't define unused krb5int_local_addresses. Don't export internal krb5_change_set_password. Fix error return indications from gssint_oid_to_mech. Create and use k5-gmt_mktime.h to provide one global declaration of krb5int_gmt_mktime, needed before we've generated krb5.h on some platforms. Not incorporated from initial patch: const changes in function signatures. ticket: 6096 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20697 dc483132-0cff-0310-8789-dd5450dbe970 --- src/aclocal.m4 | 2 +- src/include/k5-gmt_mktime.h | 51 ++++++++++++++++++ src/include/k5-int.h | 11 +++- src/include/k5-thread.h | 12 ++--- src/kim/lib/kim_preferences.c | 4 +- src/kim/lib/mac/kim_os_string.c | 3 +- src/lib/crypto/checksum_length.c | 2 +- src/lib/crypto/cksumtype_to_string.c | 2 +- src/lib/crypto/cksumtypes.c | 2 +- src/lib/crypto/cksumtypes.h | 2 +- src/lib/crypto/coll_proof_cksum.c | 2 +- src/lib/crypto/des/f_parity.c | 4 +- src/lib/crypto/des/string2key.c | 2 +- src/lib/crypto/des/weak_key.c | 2 +- src/lib/crypto/hash_provider/hash_crc32.c | 2 +- src/lib/crypto/hash_provider/hash_md4.c | 2 +- src/lib/crypto/hash_provider/hash_md5.c | 2 +- src/lib/crypto/hash_provider/hash_sha1.c | 2 +- src/lib/crypto/hmac.c | 2 +- src/lib/crypto/keyed_cksum.c | 2 +- src/lib/crypto/keyhash_provider/k5_md4des.c | 4 +- src/lib/crypto/keyhash_provider/k5_md5des.c | 4 +- src/lib/crypto/make_checksum.c | 3 +- src/lib/crypto/pbkdf2.c | 4 +- src/lib/crypto/sha1/shs.c | 5 +- src/lib/crypto/string_to_cksumtype.c | 2 +- src/lib/crypto/valid_cksumtype.c | 2 +- src/lib/crypto/verify_checksum.c | 2 +- src/lib/gssapi/generic/gssapiP_generic.h | 2 + src/lib/gssapi/generic/util_buffer.c | 4 +- src/lib/gssapi/generic/util_errmap.c | 2 +- src/lib/gssapi/gss_libinit.c | 1 + src/lib/gssapi/krb5/accept_sec_context.c | 2 +- src/lib/gssapi/krb5/copy_ccache.c | 8 +-- src/lib/gssapi/krb5/import_sec_context.c | 2 +- src/lib/gssapi/krb5/init_sec_context.c | 2 +- src/lib/gssapi/krb5/inq_context.c | 38 +++++++------- src/lib/gssapi/krb5/k5seal.c | 10 ++-- src/lib/gssapi/krb5/krb5_gss_glue.c | 8 ++- src/lib/gssapi/krb5/set_allowable_enctypes.c | 2 +- src/lib/gssapi/krb5/util_seed.c | 2 +- src/lib/gssapi/mechglue/g_acquire_cred.c | 2 +- src/lib/gssapi/mechglue/g_initialize.c | 10 ++-- src/lib/gssapi/mechglue/g_inq_context.c | 36 +++++-------- src/lib/gssapi/mechglue/g_rel_oid_set.c | 8 +-- src/lib/gssapi/mechglue/mglueP.h | 5 ++ src/lib/gssapi/mechglue/oid_ops.c | 20 +++---- src/lib/gssapi/spnego/gssapiP_spnego.h | 2 +- src/lib/gssapi/spnego/spnego_mech.c | 55 ++++++++++---------- src/lib/krb5/asn.1/asn1_decode.c | 7 ++- src/lib/krb5/asn.1/asn1_k_decode.c | 2 +- src/lib/krb5/asn.1/asn1buf.c | 14 ++--- src/lib/krb5/asn.1/asn1buf.h | 6 +-- src/lib/krb5/asn.1/ldap_key_seq.c | 32 ++++++------ src/lib/krb5/ccache/ccdefault.c | 2 +- src/lib/krb5/krb/gc_frm_kdc.c | 2 +- src/lib/krb5/krb/pkinit_apple_cert_store.c | 5 +- src/lib/krb5/krb/pkinit_apple_utils.c | 6 ++- src/lib/krb5/krb/preauth2.c | 3 +- src/lib/krb5/krb/ser_ctx.c | 4 +- src/lib/krb5/krb/srv_rcache.c | 2 +- src/lib/krb5/krb/str_conv.c | 2 +- src/lib/krb5/libkrb5.exports | 1 - src/lib/krb5/os/changepw.c | 3 +- src/lib/krb5/os/gen_rname.c | 2 +- src/lib/krb5/os/localaddr.c | 5 +- src/lib/krb5/os/sendto_kdc.c | 7 +-- src/lib/krb5/rcache/rc_io.c | 2 +- src/util/support/gmt_mktime.c | 2 + 69 files changed, 263 insertions(+), 206 deletions(-) create mode 100644 src/include/k5-gmt_mktime.h diff --git a/src/aclocal.m4 b/src/aclocal.m4 index eba19d51f..d1e98522e 100644 --- a/src/aclocal.m4 +++ b/src/aclocal.m4 @@ -642,7 +642,7 @@ if test "$GCC" = yes ; then TRY_CC_FLAG(-Wno-format-zero-length) # Other flags here may not be supported on some versions of # gcc that people want to use. - for flag in overflow strict-overflow missing-format-attribute ; do + for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof ; do TRY_CC_FLAG(-W$flag) done # old-style-definition? generates many, many warnings diff --git a/src/include/k5-gmt_mktime.h b/src/include/k5-gmt_mktime.h new file mode 100644 index 000000000..d9d1d1e5a --- /dev/null +++ b/src/include/k5-gmt_mktime.h @@ -0,0 +1,51 @@ +/* + * include/k5-gmt_mktime.h + * + * Copyright 2008 Massachusetts Institute of Technology. + * All Rights Reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + * + * + * GMT struct tm conversion + * + * Because of ordering of things in the UNIX build, we can't just keep + * the declaration in k5-int.h and include it in + * util/support/gmt_mktime.c, since k5-int.h includes krb5.h which + * hasn't been built when gmt_mktime.c gets compiled. Hence this + * silly little helper header. + */ + +#ifndef K5_GMT_MKTIME_H +#define K5_GMT_MKTIME_H + +#include "autoconf.h" +#ifdef HAVE_SYS_TIME_H +#include +#ifdef TIME_WITH_SYS_TIME +#include +#endif +#else +#include +#endif + +time_t krb5int_gmt_mktime (struct tm *); + +#endif /* K5_GMT_MKTIME_H */ diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 8f9791bb9..545bd983a 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -469,6 +469,8 @@ extern char *strdup (const char *); #include +#include "k5-gmt_mktime.h" + struct addrlist; struct sendto_callback_info; @@ -733,8 +735,6 @@ krb5_error_code krb5_crypto_us_timeofday (krb5_int32 *, krb5_int32 *); -time_t krb5int_gmt_mktime (struct tm *); - #endif /* KRB5_OLD_CRYPTO */ /* this helper fct is in libkrb5, but it makes sense declared here. */ @@ -2195,6 +2195,13 @@ krb5_error_code krb5_decrypt_data krb5_pointer ivec, krb5_enc_data *data, krb5_data *enc_data); +krb5_error_code +krb5int_aes_encrypt(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, krb5_data *output); +krb5_error_code +krb5int_aes_decrypt(const krb5_keyblock *key, const krb5_data *ivec, + const krb5_data *input, krb5_data *output); + struct _krb5_kt_ops; struct _krb5_kt { /* should move into k5-int.h */ krb5_magic magic; diff --git a/src/include/k5-thread.h b/src/include/k5-thread.h index c70f634d4..0450eb277 100644 --- a/src/include/k5-thread.h +++ b/src/include/k5-thread.h @@ -245,6 +245,12 @@ typedef k5_os_nothread_mutex k5_os_mutex; If we find a platform with non-functional stubs and no weak references, we may have to resort to some hack like dlsym on the symbol tables of the current process. */ +extern int krb5int_pthread_loaded(void) +#ifdef __GNUC__ + /* We should always get the same answer for the life of the process. */ + __attribute__((const)) +#endif + ; #if defined(HAVE_PRAGMA_WEAK_REF) && !defined(NO_WEAK_PTHREADS) # pragma weak pthread_once # pragma weak pthread_mutex_lock @@ -253,12 +259,6 @@ typedef k5_os_nothread_mutex k5_os_mutex; # pragma weak pthread_mutex_init # pragma weak pthread_self # pragma weak pthread_equal -extern int krb5int_pthread_loaded(void) -#ifdef __GNUC__ - /* We should always get the same answer for the life of the process. */ - __attribute__((const)) -#endif - ; # define K5_PTHREADS_LOADED (krb5int_pthread_loaded()) # define USE_PTHREAD_LOCK_ONLY_IF_LOADED diff --git a/src/kim/lib/kim_preferences.c b/src/kim/lib/kim_preferences.c index c2805fda0..d8c2dee1a 100644 --- a/src/kim/lib/kim_preferences.c +++ b/src/kim/lib/kim_preferences.c @@ -289,12 +289,14 @@ kim_error kim_favorite_identities_remove_identity (kim_favorite_identities io_fa err = kim_identity_compare (in_identity, identity, &found); if (!err && found) { + kim_error terr = KIM_NO_ERROR; kim_count new_count = io_favorite_identities->count - 1; + memmove (&io_favorite_identities->identities[i], &io_favorite_identities->identities[i + 1], (new_count - i) * sizeof (*io_favorite_identities->identities)); - kim_error terr = kim_favorite_identities_resize (io_favorite_identities, new_count); + terr = kim_favorite_identities_resize (io_favorite_identities, new_count); if (terr) { kim_debug_printf ("failed to resize list to %d. Continuing.", new_count); } diff --git a/src/kim/lib/mac/kim_os_string.c b/src/kim/lib/mac/kim_os_string.c index d2f2032ff..e070bed46 100644 --- a/src/kim/lib/mac/kim_os_string.c +++ b/src/kim/lib/mac/kim_os_string.c @@ -35,12 +35,13 @@ CFStringEncoding kim_os_string_get_encoding (void) { typedef TextEncoding (*GetApplicationTextEncodingProcPtr) (void); GetApplicationTextEncodingProcPtr GetApplicationTextEncodingPtr = NULL; + CFBundleRef carbonBundle = NULL; if (kim_os_library_caller_is_server ()) { return kCFStringEncodingUTF8; /* server only does UTF8 */ } - CFBundleRef carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon")); + carbonBundle = CFBundleGetBundleWithIdentifier (CFSTR ("com.apple.Carbon")); if (carbonBundle != NULL && CFBundleIsExecutableLoaded (carbonBundle)) { GetApplicationTextEncodingPtr = (GetApplicationTextEncodingProcPtr) CFBundleGetFunctionPointerForName (carbonBundle, CFSTR ("GetApplicationTextEncoding")); diff --git a/src/lib/crypto/checksum_length.c b/src/lib/crypto/checksum_length.c index 16177be09..28846a671 100644 --- a/src/lib/crypto/checksum_length.c +++ b/src/lib/crypto/checksum_length.c @@ -31,7 +31,7 @@ krb5_error_code KRB5_CALLCONV krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, size_t *length) { - int i; + unsigned int i; for (i=0; ilength != CRC32_CKSUM_LENGTH) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/hash_provider/hash_md4.c b/src/lib/crypto/hash_provider/hash_md4.c index 97487923b..1fa23c214 100644 --- a/src/lib/crypto/hash_provider/hash_md4.c +++ b/src/lib/crypto/hash_provider/hash_md4.c @@ -33,7 +33,7 @@ k5_md4_hash(unsigned int icount, const krb5_data *input, krb5_data *output) { krb5_MD4_CTX ctx; - int i; + unsigned int i; if (output->length != RSA_MD4_CKSUM_LENGTH) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/hash_provider/hash_md5.c b/src/lib/crypto/hash_provider/hash_md5.c index 408729337..174c432a4 100644 --- a/src/lib/crypto/hash_provider/hash_md5.c +++ b/src/lib/crypto/hash_provider/hash_md5.c @@ -33,7 +33,7 @@ k5_md5_hash(unsigned int icount, const krb5_data *input, krb5_data *output) { krb5_MD5_CTX ctx; - int i; + unsigned int i; if (output->length != RSA_MD5_CKSUM_LENGTH) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/hash_provider/hash_sha1.c b/src/lib/crypto/hash_provider/hash_sha1.c index 5fbea6a9c..cdb309867 100644 --- a/src/lib/crypto/hash_provider/hash_sha1.c +++ b/src/lib/crypto/hash_provider/hash_sha1.c @@ -33,7 +33,7 @@ k5_sha1_hash(unsigned int icount, const krb5_data *input, krb5_data *output) { SHS_INFO ctx; - int i; + unsigned int i; if (output->length != SHS_DIGESTSIZE) return(KRB5_CRYPTO_INTERNAL); diff --git a/src/lib/crypto/hmac.c b/src/lib/crypto/hmac.c index cc46374c5..3c0272645 100644 --- a/src/lib/crypto/hmac.c +++ b/src/lib/crypto/hmac.c @@ -44,7 +44,7 @@ krb5_hmac(const struct krb5_hash_provider *hash, const krb5_keyblock *key, { size_t hashsize, blocksize; unsigned char *xorkey, *ihash; - int i; + unsigned int i; krb5_data *hashin, hashout; krb5_error_code ret; diff --git a/src/lib/crypto/keyed_cksum.c b/src/lib/crypto/keyed_cksum.c index 4d50c2c4a..023d8c6a5 100644 --- a/src/lib/crypto/keyed_cksum.c +++ b/src/lib/crypto/keyed_cksum.c @@ -30,7 +30,7 @@ krb5_boolean KRB5_CALLCONV krb5_c_is_keyed_cksum(krb5_cksumtype ctype) { - int i; + unsigned int i; for (i=0; ilength != 8) @@ -111,7 +111,7 @@ k5_md4des_verify(const krb5_keyblock *key, krb5_keyusage usage, krb5_MD4_CTX ctx; unsigned char plaintext[CONFLENGTH+RSA_MD4_CKSUM_LENGTH]; unsigned char xorkey[8]; - int i; + unsigned int i; mit_des_key_schedule schedule; int compathash = 0; diff --git a/src/lib/crypto/keyhash_provider/k5_md5des.c b/src/lib/crypto/keyhash_provider/k5_md5des.c index 6180bbca6..e70965b79 100644 --- a/src/lib/crypto/keyhash_provider/k5_md5des.c +++ b/src/lib/crypto/keyhash_provider/k5_md5des.c @@ -48,7 +48,7 @@ k5_md5des_hash(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *i krb5_MD5_CTX ctx; unsigned char conf[CONFLENGTH]; unsigned char xorkey[8]; - int i; + unsigned int i; mit_des_key_schedule schedule; if (key->length != 8) @@ -110,7 +110,7 @@ k5_md5des_verify(const krb5_keyblock *key, krb5_keyusage usage, const krb5_data krb5_MD5_CTX ctx; unsigned char plaintext[CONFLENGTH+RSA_MD5_CKSUM_LENGTH]; unsigned char xorkey[8]; - int i; + unsigned int i; mit_des_key_schedule schedule; int compathash = 0; diff --git a/src/lib/crypto/make_checksum.c b/src/lib/crypto/make_checksum.c index 4a2f00072..c729c1d23 100644 --- a/src/lib/crypto/make_checksum.c +++ b/src/lib/crypto/make_checksum.c @@ -34,7 +34,8 @@ krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *input, krb5_checksum *cksum) { - int i, e1, e2; + unsigned int i; + int e1, e2; krb5_data data; krb5_error_code ret; size_t cksumlen; diff --git a/src/lib/crypto/pbkdf2.c b/src/lib/crypto/pbkdf2.c index 5b3286ef2..d897e9a71 100644 --- a/src/lib/crypto/pbkdf2.c +++ b/src/lib/crypto/pbkdf2.c @@ -42,7 +42,7 @@ krb5int_pbkdf2 (krb5_error_code (*prf)(krb5_keyblock *, krb5_data *, static int debug_hmac = 0; static void printd (const char *descr, krb5_data *d) { - int i, j; + unsigned int i, j; const int r = 16; printf("%s:", descr); @@ -77,7 +77,7 @@ F(char *output, char *u_tmp1, char *u_tmp2, { unsigned char ibytes[4]; size_t tlen; - int j, k; + unsigned int j, k; krb5_keyblock pdata; krb5_data sdata; krb5_data out; diff --git a/src/lib/crypto/sha1/shs.c b/src/lib/crypto/sha1/shs.c index 61f5d2f73..d9372df39 100644 --- a/src/lib/crypto/sha1/shs.c +++ b/src/lib/crypto/sha1/shs.c @@ -243,7 +243,8 @@ void SHSTransform(SHS_LONG *digest, const SHS_LONG *data) void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count) { SHS_LONG tmp; - int dataCount, canfill; + unsigned int dataCount; + int canfill; SHS_LONG *lp; /* Update bitcount */ @@ -254,7 +255,7 @@ void shsUpdate(SHS_INFO *shsInfo, const SHS_BYTE *buffer, unsigned int count) shsInfo->countHi += count >> 29; /* Get count of bytes already in data */ - dataCount = (int) (tmp >> 3) & 0x3F; + dataCount = (tmp >> 3) & 0x3F; /* Handle any leading odd-sized chunks */ if (dataCount) { diff --git a/src/lib/crypto/string_to_cksumtype.c b/src/lib/crypto/string_to_cksumtype.c index 710f26160..a79685145 100644 --- a/src/lib/crypto/string_to_cksumtype.c +++ b/src/lib/crypto/string_to_cksumtype.c @@ -30,7 +30,7 @@ krb5_error_code KRB5_CALLCONV krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep) { - int i; + unsigned int i; for (i=0; ilength = strlen(str); diff --git a/src/lib/gssapi/generic/util_errmap.c b/src/lib/gssapi/generic/util_errmap.c index 4142c3c06..9e2f7e9b3 100644 --- a/src/lib/gssapi/generic/util_errmap.c +++ b/src/lib/gssapi/generic/util_errmap.c @@ -102,7 +102,7 @@ mecherror_print(struct mecherror value, FILE *f) { "{ 1 2 840 48018 1 2 2 }", "krb5-microsoft" }, { "{ 1 3 6 1 5 5 2 }", "spnego" }, }; - int i; + unsigned int i; fprintf(f, "%lu@", (unsigned long) value.code); diff --git a/src/lib/gssapi/gss_libinit.c b/src/lib/gssapi/gss_libinit.c index 4c1755fd2..3c26c98cd 100644 --- a/src/lib/gssapi/gss_libinit.c +++ b/src/lib/gssapi/gss_libinit.c @@ -3,6 +3,7 @@ #include "gssapi_err_generic.h" #include "gssapi_err_krb5.h" #include "gssapiP_krb5.h" +#include "gssapiP_generic.h" #include "gss_libinit.h" #include "k5-platform.h" diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 6b3e0bf0e..3ae460e1f 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -236,7 +236,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, int bigend; krb5_gss_cred_id_t cred = 0; krb5_data ap_rep, ap_req; - int i; + unsigned int i; krb5_error_code code; krb5_address addr, *paddr; krb5_authenticator *authdat = 0; diff --git a/src/lib/gssapi/krb5/copy_ccache.c b/src/lib/gssapi/krb5/copy_ccache.c index 8ade9c5da..8553d92db 100644 --- a/src/lib/gssapi/krb5/copy_ccache.c +++ b/src/lib/gssapi/krb5/copy_ccache.c @@ -6,7 +6,7 @@ gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache) gss_cred_id_t cred_handle; krb5_ccache out_ccache; { - OM_uint32 stat; + OM_uint32 major_status; krb5_gss_cred_id_t k5creds; krb5_cc_cursor cursor; krb5_creds creds; @@ -14,9 +14,9 @@ gss_krb5int_copy_ccache(minor_status, cred_handle, out_ccache) krb5_context context; /* validate the cred handle */ - stat = krb5_gss_validate_cred(minor_status, cred_handle); - if (stat) - return(stat); + major_status = krb5_gss_validate_cred(minor_status, cred_handle); + if (major_status) + return(major_status); k5creds = (krb5_gss_cred_id_t) cred_handle; code = k5_mutex_lock(&k5creds->lock); diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c index 2e73b9f52..b0d71c883 100644 --- a/src/lib/gssapi/krb5/import_sec_context.c +++ b/src/lib/gssapi/krb5/import_sec_context.c @@ -60,7 +60,7 @@ krb5_gss_ser_init (krb5_context context) krb5_ser_context_init, krb5_ser_auth_context_init, krb5_ser_ccache_init, krb5_ser_rcache_init, krb5_ser_keytab_init, }; - int i; + unsigned int i; for (i = 0; i < sizeof(fns)/sizeof(fns[0]); i++) if ((code = (fns[i])(context)) != 0) diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index ce4b5d78d..3e3f0192a 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -359,7 +359,7 @@ setup_enc( krb5_context context) { krb5_error_code code; - int i; + unsigned int i; krb5int_access kaccess; code = krb5int_accessor (&kaccess, KRB5INT_ACCESS_VERSION); diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c index 8f46a95ad..ab9d81a4f 100644 --- a/src/lib/gssapi/krb5/inq_context.c +++ b/src/lib/gssapi/krb5/inq_context.c @@ -25,7 +25,7 @@ OM_uint32 krb5_gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, - locally_initiated, open) + locally_initiated, opened) OM_uint32 *minor_status; gss_ctx_id_t context_handle; gss_name_t *initiator_name; @@ -34,12 +34,12 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, gss_OID *mech_type; OM_uint32 *ret_flags; int *locally_initiated; - int *open; + int *opened; { krb5_context context; krb5_error_code code; krb5_gss_ctx_id_rec *ctx; - krb5_principal init, accept; + krb5_principal initiator, acceptor; krb5_timestamp now; krb5_deltat lifetime; @@ -61,8 +61,8 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, return(GSS_S_NO_CONTEXT); } - init = NULL; - accept = NULL; + initiator = NULL; + acceptor = NULL; context = ctx->k5_context; if ((code = krb5_timeofday(context, &now))) { @@ -77,13 +77,13 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (initiator_name) { if ((code = krb5_copy_principal(context, ctx->initiate?ctx->here:ctx->there, - &init))) { + &initiator))) { *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } - if (! kg_save_name((gss_name_t) init)) { - krb5_free_principal(context, init); + if (! kg_save_name((gss_name_t) initiator)) { + krb5_free_principal(context, initiator); *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); } @@ -92,17 +92,17 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (acceptor_name) { if ((code = krb5_copy_principal(context, ctx->initiate?ctx->there:ctx->here, - &accept))) { - if (init) krb5_free_principal(context, init); + &acceptor))) { + if (initiator) krb5_free_principal(context, initiator); *minor_status = code; save_error_info(*minor_status, context); return(GSS_S_FAILURE); } - if (! kg_save_name((gss_name_t) accept)) { - krb5_free_principal(context, accept); - if (init) { - kg_delete_name((gss_name_t) init); - krb5_free_principal(context, init); + if (! kg_save_name((gss_name_t) acceptor)) { + krb5_free_principal(context, acceptor); + if (initiator) { + kg_delete_name((gss_name_t) initiator); + krb5_free_principal(context, initiator); } *minor_status = (OM_uint32) G_VALIDATE_FAILED; return(GSS_S_FAILURE); @@ -110,10 +110,10 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, } if (initiator_name) - *initiator_name = (gss_name_t) init; + *initiator_name = (gss_name_t) initiator; if (acceptor_name) - *acceptor_name = (gss_name_t) accept; + *acceptor_name = (gss_name_t) acceptor; if (lifetime_rec) *lifetime_rec = lifetime; @@ -127,8 +127,8 @@ krb5_gss_inquire_context(minor_status, context_handle, initiator_name, if (locally_initiated) *locally_initiated = ctx->initiate; - if (open) - *open = ctx->established; + if (opened) + *opened = ctx->established; *minor_status = 0; return((lifetime == 0)?GSS_S_CONTEXT_EXPIRED:GSS_S_COMPLETE); diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c index edd3319e8..e019e1b13 100644 --- a/src/lib/gssapi/krb5/k5seal.c +++ b/src/lib/gssapi/krb5/k5seal.c @@ -61,7 +61,7 @@ make_seal_token_v1 (krb5_context context, int signalg, size_t cksum_size, int sealalg, - int encrypt, + int do_encrypt, int toktype, int bigend, gss_OID oid) @@ -85,10 +85,10 @@ make_seal_token_v1 (krb5_context context, krb5_keyusage sign_usage = KG_USAGE_SIGN; - assert((!encrypt) || (toktype == KG_TOK_SEAL_MSG)); + assert((!do_encrypt) || (toktype == KG_TOK_SEAL_MSG)); /* create the token buffer */ /* Do we need confounder? */ - if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG))) + if (do_encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG))) conflen = kg_confounder_size(context, enc); else conflen = 0; @@ -124,7 +124,7 @@ make_seal_token_v1 (krb5_context context, ptr[1] = (signalg >> 8) & 0xff; /* 2..3 SEAL_ALG or Filler */ - if ((toktype == KG_TOK_SEAL_MSG) && encrypt) { + if ((toktype == KG_TOK_SEAL_MSG) && do_encrypt) { ptr[2] = sealalg & 0xff; ptr[3] = (sealalg >> 8) & 0xff; } else { @@ -252,7 +252,7 @@ make_seal_token_v1 (krb5_context context, return(code); } - if (encrypt) { + if (do_encrypt) { switch(sealalg) { case SEAL_ALG_MICROSOFT_RC4: { diff --git a/src/lib/gssapi/krb5/krb5_gss_glue.c b/src/lib/gssapi/krb5/krb5_gss_glue.c index 3b2054bd6..2bdac009f 100644 --- a/src/lib/gssapi/krb5/krb5_gss_glue.c +++ b/src/lib/gssapi/krb5/krb5_gss_glue.c @@ -439,9 +439,7 @@ static gss_mechanism krb5_mech_configs_hack[] = { }; #endif -#if 1 #define gssint_get_mech_configs krb5_gss_get_mech_configs -#endif gss_mechanism * gssint_get_mech_configs(void) @@ -729,7 +727,7 @@ k5glue_init_sec_context(ctx, minor_status, claimant_cred_handle, context_handle, static OM_uint32 k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, - locally_initiated, open) + locally_initiated, opened) void *ctx; OM_uint32 *minor_status; gss_ctx_id_t context_handle; @@ -739,12 +737,12 @@ k5glue_inquire_context(ctx, minor_status, context_handle, initiator_name, accept gss_OID *mech_type; OM_uint32 *ret_flags; int *locally_initiated; - int *open; + int *opened; { return(krb5_gss_inquire_context(minor_status, context_handle, initiator_name, acceptor_name, lifetime_rec, mech_type, ret_flags, locally_initiated, - open)); + opened)); } static OM_uint32 diff --git a/src/lib/gssapi/krb5/set_allowable_enctypes.c b/src/lib/gssapi/krb5/set_allowable_enctypes.c index f573d7dfc..396a6f645 100644 --- a/src/lib/gssapi/krb5/set_allowable_enctypes.c +++ b/src/lib/gssapi/krb5/set_allowable_enctypes.c @@ -64,7 +64,7 @@ gss_krb5int_set_allowable_enctypes(OM_uint32 *minor_status, OM_uint32 num_ktypes, krb5_enctype *ktypes) { - int i; + unsigned int i; krb5_enctype * new_ktypes; OM_uint32 major_status; krb5_gss_cred_id_t cred; diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c index 9d39e4937..06a5c2aa9 100644 --- a/src/lib/gssapi/krb5/util_seed.c +++ b/src/lib/gssapi/krb5/util_seed.c @@ -35,7 +35,7 @@ kg_make_seed(context, key, seed) { krb5_error_code code; krb5_keyblock *tmpkey; - int i; + unsigned int i; code = krb5_copy_keyblock(context, key, &tmpkey); if (code) diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c index fbe66681f..f2e8cd1b7 100644 --- a/src/lib/gssapi/mechglue/g_acquire_cred.c +++ b/src/lib/gssapi/mechglue/g_acquire_cred.c @@ -145,7 +145,7 @@ OM_uint32 * time_rec; gss_OID_set mechs; gss_OID_desc default_OID; gss_mechanism mech; - int i; + unsigned int i; gss_union_cred_t creds; major = val_acq_cred_args(minor_status, diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c index 518eeede4..f2f12266b 100644 --- a/src/lib/gssapi/mechglue/g_initialize.c +++ b/src/lib/gssapi/mechglue/g_initialize.c @@ -146,7 +146,7 @@ gss_indicate_mechs(minorStatus, mechSet) OM_uint32 *minorStatus; gss_OID_set *mechSet; { - int i, j; + unsigned int i, j; gss_OID curItem; /* Initialize outputs. */ @@ -232,7 +232,7 @@ gss_OID_set *mechSet; static void free_mechSet(void) { - int i; + unsigned int i; if (g_mechSet.count != 0) { for (i = 0; i < g_mechSet.count; i++) @@ -415,7 +415,7 @@ gssint_oid_to_mech(const gss_OID oid) /* ensure we have fresh data */ if (k5_mutex_lock(&g_mechListLock) != 0) - return GSS_S_FAILURE; + return NULL; updateMechList(); aMech = searchMechList(oid); (void) k5_mutex_unlock(&g_mechListLock); @@ -539,8 +539,6 @@ register_mech(gss_mechanism mech, const char *namestr, void *dl_handle) static void init_hardcoded(void) { - extern gss_mechanism *krb5_gss_get_mech_configs(void); - extern gss_mechanism *spnego_gss_get_mech_configs(void); gss_mechanism *cflist; static int inited; @@ -579,7 +577,7 @@ gssint_get_mechanism(gss_OID oid) return NULL; if (k5_mutex_lock(&g_mechListLock) != 0) - return GSS_S_FAILURE; + return NULL; /* check if the mechanism is already loaded */ if ((aMech = searchMechList(oid)) != NULL && aMech->mech) { (void) k5_mutex_unlock(&g_mechListLock); diff --git a/src/lib/gssapi/mechglue/g_inq_context.c b/src/lib/gssapi/mechglue/g_inq_context.c index a473834d5..201c8bb4a 100644 --- a/src/lib/gssapi/mechglue/g_inq_context.c +++ b/src/lib/gssapi/mechglue/g_inq_context.c @@ -41,7 +41,7 @@ val_inq_ctx_args( gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, - int *open) + int *opened) { /* Initialize outputs. */ @@ -73,27 +73,15 @@ val_inq_ctx_args( /* Last argument new for V2 */ OM_uint32 KRB5_CALLCONV gss_inquire_context( - minor_status, - context_handle, - src_name, - targ_name, - lifetime_rec, - mech_type, - ctx_flags, - locally_initiated, - open) - -OM_uint32 * minor_status; -gss_ctx_id_t context_handle; -gss_name_t * src_name; -gss_name_t * targ_name; -OM_uint32 * lifetime_rec; -gss_OID * mech_type; -OM_uint32 * ctx_flags; -int * locally_initiated; -int * open; - - + OM_uint32 *minor_status, + gss_ctx_id_t context_handle, + gss_name_t *src_name, + gss_name_t *targ_name, + OM_uint32 *lifetime_rec, + gss_OID *mech_type, + OM_uint32 *ctx_flags, + int *locally_initiated, + int *opened) { gss_union_ctx_id_t ctx; gss_mechanism mech; @@ -105,7 +93,7 @@ int * open; src_name, targ_name, lifetime_rec, mech_type, ctx_flags, - locally_initiated, open); + locally_initiated, opened); if (status != GSS_S_COMPLETE) return (status); @@ -132,7 +120,7 @@ int * open; NULL, ctx_flags, locally_initiated, - open); + opened); if (status != GSS_S_COMPLETE) { map_error(minor_status, mech); diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c index f712a891a..f55c907ec 100644 --- a/src/lib/gssapi/mechglue/g_rel_oid_set.c +++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c @@ -39,19 +39,19 @@ gss_release_oid_set (minor_status, OM_uint32 * minor_status; gss_OID_set * set; { - OM_uint32 index; + OM_uint32 i; gss_OID oid; if (minor_status) *minor_status = 0; - if (set ==NULL) + if (set == NULL) return GSS_S_COMPLETE; if (*set == GSS_C_NULL_OID_SET) return(GSS_S_COMPLETE); - for (index=0; index<(*set)->count; index++) { - oid = &(*set)->elements[index]; + for (i=0; i<(*set)->count; i++) { + oid = &(*set)->elements[i]; free(oid->elements); } free((*set)->elements); diff --git a/src/lib/gssapi/mechglue/mglueP.h b/src/lib/gssapi/mechglue/mglueP.h index a2470fb9e..1f14ee217 100644 --- a/src/lib/gssapi/mechglue/mglueP.h +++ b/src/lib/gssapi/mechglue/mglueP.h @@ -390,6 +390,11 @@ typedef struct gss_mech_config { struct gss_mech_config *next; /* next element in the list */ } *gss_mech_info; +/* Mechanisms defined within our library */ + +extern gss_mechanism *krb5_gss_get_mech_configs(void); +extern gss_mechanism *spnego_gss_get_mech_configs(void); + /********************************************************/ /* Internal mechglue routines */ diff --git a/src/lib/gssapi/mechglue/oid_ops.c b/src/lib/gssapi/mechglue/oid_ops.c index 4a79028e0..11a509984 100644 --- a/src/lib/gssapi/mechglue/oid_ops.c +++ b/src/lib/gssapi/mechglue/oid_ops.c @@ -310,7 +310,7 @@ generic_gss_str_to_oid(minor_status, oid_str, oid) long numbuf; long onumbuf; OM_uint32 nbytes; - int index; + int i; unsigned char *op; if (minor_status != NULL) @@ -412,12 +412,12 @@ generic_gss_str_to_oid(minor_status, oid_str, oid) } numbuf = onumbuf; op += nbytes; - index = -1; + i = -1; while (numbuf) { - op[index] = (unsigned char) numbuf & 0x7f; - if (index != -1) - op[index] |= 0x80; - index--; + op[i] = (unsigned char) numbuf & 0x7f; + if (i != -1) + op[i] |= 0x80; + i--; numbuf >>= 7; } while (isdigit(*bp)) @@ -466,7 +466,7 @@ gssint_copy_oid_set( gss_OID_set_desc *copy; OM_uint32 minor = 0; OM_uint32 major = GSS_S_COMPLETE; - OM_uint32 index; + OM_uint32 i; if (minor_status != NULL) *minor_status = 0; @@ -492,9 +492,9 @@ gssint_copy_oid_set( } copy->count = oidset->count; - for (index = 0; index < copy->count; index++) { - gss_OID_desc *out = ©->elements[index]; - gss_OID_desc *in = &oidset->elements[index]; + for (i = 0; i < copy->count; i++) { + gss_OID_desc *out = ©->elements[i]; + gss_OID_desc *in = &oidset->elements[i]; if ((out->elements = (void *) malloc(in->length)) == NULL) { major = GSS_S_FAILURE; diff --git a/src/lib/gssapi/spnego/gssapiP_spnego.h b/src/lib/gssapi/spnego/gssapiP_spnego.h index 717181c6b..6d7d4c40c 100644 --- a/src/lib/gssapi/spnego/gssapiP_spnego.h +++ b/src/lib/gssapi/spnego/gssapiP_spnego.h @@ -307,7 +307,7 @@ OM_uint32 spnego_gss_inquire_context gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, - int *open + int *opened ); OM_uint32 spnego_gss_wrap_size_limit diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 775306f0b..b0dc70b2c 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -205,9 +205,7 @@ static gss_mechanism spnego_mech_configs[] = { &spnego_mechanism, NULL }; -#if 1 #define gssint_get_mech_configs spnego_gss_get_mech_configs -#endif gss_mechanism * gssint_get_mech_configs(void) @@ -1580,7 +1578,7 @@ spnego_gss_inquire_context(void *context, gss_OID *mech_type, OM_uint32 *ctx_flags, int *locally_initiated, - int *open) + int *opened) { OM_uint32 ret = GSS_S_COMPLETE; @@ -1592,7 +1590,7 @@ spnego_gss_inquire_context(void *context, mech_type, ctx_flags, locally_initiated, - open); + opened); return (ret); } @@ -1696,35 +1694,35 @@ get_available_mechs(OM_uint32 *minor_status, gss_name_t name, gss_cred_usage_t usage, gss_cred_id_t *creds, gss_OID_set *rmechs) { - int i; + unsigned int i; int found = 0; - OM_uint32 stat = GSS_S_COMPLETE, tmpmin; + OM_uint32 major_status = GSS_S_COMPLETE, tmpmin; gss_OID_set mechs, goodmechs; - stat = gss_indicate_mechs(minor_status, &mechs); + major_status = gss_indicate_mechs(minor_status, &mechs); - if (stat != GSS_S_COMPLETE) { - return (stat); + if (major_status != GSS_S_COMPLETE) { + return (major_status); } - stat = gss_create_empty_oid_set(minor_status, rmechs); + major_status = gss_create_empty_oid_set(minor_status, rmechs); - if (stat != GSS_S_COMPLETE) { + if (major_status != GSS_S_COMPLETE) { (void) gss_release_oid_set(minor_status, &mechs); - return (stat); + return (major_status); } - for (i = 0; i < mechs->count && stat == GSS_S_COMPLETE; i++) { + for (i = 0; i < mechs->count && major_status == GSS_S_COMPLETE; i++) { if ((mechs->elements[i].length != spnego_mechanism.mech_type.length) || memcmp(mechs->elements[i].elements, spnego_mechanism.mech_type.elements, spnego_mechanism.mech_type.length)) { - stat = gss_add_oid_set_member(minor_status, - &mechs->elements[i], - rmechs); - if (stat == GSS_S_COMPLETE) + major_status = gss_add_oid_set_member(minor_status, + &mechs->elements[i], + rmechs); + if (major_status == GSS_S_COMPLETE) found++; } } @@ -1734,17 +1732,18 @@ get_available_mechs(OM_uint32 *minor_status, * trim the list of mechanisms down to only those * for which the creds are valid. */ - if (found > 0 && stat == GSS_S_COMPLETE && creds != NULL) { - stat = gss_acquire_cred(minor_status, - name, GSS_C_INDEFINITE, *rmechs, usage, creds, - &goodmechs, NULL); + if (found > 0 && major_status == GSS_S_COMPLETE && creds != NULL) { + major_status = gss_acquire_cred(minor_status, + name, GSS_C_INDEFINITE, + *rmechs, usage, creds, + &goodmechs, NULL); /* * Drop the old list in favor of the new * "trimmed" list. */ (void) gss_release_oid_set(&tmpmin, rmechs); - if (stat == GSS_S_COMPLETE) { + if (major_status == GSS_S_COMPLETE) { (void) gssint_copy_oid_set(&tmpmin, goodmechs, rmechs); (void) gss_release_oid_set(&tmpmin, &goodmechs); @@ -1752,14 +1751,14 @@ get_available_mechs(OM_uint32 *minor_status, } (void) gss_release_oid_set(&tmpmin, &mechs); - if (found == 0 || stat != GSS_S_COMPLETE) { + if (found == 0 || major_status != GSS_S_COMPLETE) { *minor_status = ERR_SPNEGO_NO_MECHS_AVAILABLE; map_errcode(minor_status); - if (stat == GSS_S_COMPLETE) - stat = GSS_S_FAILURE; + if (major_status == GSS_S_COMPLETE) + major_status = GSS_S_FAILURE; } - return (stat); + return (major_status); } /* following are token creation and reading routines */ @@ -1939,7 +1938,7 @@ static int put_mech_set(gss_OID_set mechSet, gss_buffer_t buf) { unsigned char *ptr; - int i; + unsigned int i; unsigned int tlen, ilen; tlen = ilen = 0; @@ -2236,7 +2235,7 @@ negotiate_mech_type(OM_uint32 *minor_status, gss_OID returned_mech; OM_uint32 status; int present; - int i; + unsigned int i; for (i = 0; i < mechset->count; i++) { gss_test_oid_set_member(minor_status, &mechset->elements[i], diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index aa4be3263..5fc1cc3ec 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -25,6 +25,7 @@ */ /* ASN.1 primitive decoders */ +#include "k5-int.h" /* for krb5int_gmt_mktime */ #include "asn1_decode.h" #include "asn1_get.h" #include @@ -55,14 +56,12 @@ if(asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\ #define cleanup()\ return 0 -extern time_t krb5int_gmt_mktime (struct tm *); - asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val) { setup(); asn1_octet o; long n = 0; /* initialize to keep gcc happy */ - int i; + unsigned int i; tag(ASN1_INTEGER); @@ -87,7 +86,7 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va setup(); asn1_octet o; unsigned long n; - int i; + unsigned int i; tag(ASN1_INTEGER); diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 213bb3b1e..b332e1392 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -502,7 +502,7 @@ asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) asn1_error_code retval; asn1_octet unused, o; taginfo t; - int i; + unsigned int i; krb5_flags f=0; unsigned int length; diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index c78f4b966..43ef97ca8 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -167,7 +167,7 @@ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o) asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, const krb5_octet *s) { asn1_error_code retval; - int length; + unsigned int length; retval = asn1buf_ensure_space(buf,len); if(retval) return retval; @@ -179,7 +179,7 @@ asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, const char *s) { asn1_error_code retval; - int length; + unsigned int length; retval = asn1buf_ensure_space(buf,len); if(retval) return retval; @@ -198,7 +198,7 @@ asn1_error_code asn1buf_remove_octet(asn1buf *buf, asn1_octet *o) asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_octet **s) { - int i; + unsigned int i; if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; if (len == 0) { @@ -216,7 +216,7 @@ asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, char **s) { - int i; + unsigned int i; if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; if (len == 0) { @@ -247,7 +247,7 @@ int asn1buf_remains(asn1buf *buf, int indef) asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) { - int i; + unsigned int i; *code = (krb5_data*)calloc(1,sizeof(krb5_data)); if(*code == NULL) return ENOMEM; (*code)->magic = KV5M_DATA; @@ -284,7 +284,7 @@ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) strcpy(*s,""); }else{ unsigned int length = asn1buf_len(buf); - int i; + unsigned int i; *s = calloc(length+1, sizeof(char)); if(*s == NULL) return ENOMEM; @@ -338,7 +338,7 @@ int asn1buf_size(const asn1buf *buf) } #undef asn1buf_free -int asn1buf_free(const asn1buf *buf) +unsigned int asn1buf_free(const asn1buf *buf) { if(buf == NULL || buf->base == NULL) return 0; else return buf->bound - buf->next + 1; diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index 4936ed670..b24ce68a6 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -22,14 +22,14 @@ int asn1buf_size ? 0 \ : ((buf)->bound - (buf)->base + 1)) -int asn1buf_free +unsigned int asn1buf_free (const asn1buf *buf); /* requires *buf is allocated effects Returns the number of unused, allocated octets in *buf. */ #define asn1buf_free(buf) \ (((buf) == NULL || (buf)->base == NULL) \ - ? 0 \ - : ((buf)->bound - (buf)->next + 1)) + ? 0U \ + : (unsigned int)((buf)->bound - (buf)->next + 1)) asn1_error_code asn1buf_ensure_space diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index 07e7f25b7..7518b16e5 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -219,7 +219,7 @@ last: /* Decode the Principal's keys */ /************************************************************************/ -#define safe_syncbuf(outer,inner) \ +#define safe_syncbuf(outer,inner,buflen) \ if (! ((inner)->next == (inner)->bound + 1 && \ (inner)->next == (outer)->next + buflen)) \ cleanup (ASN1_BAD_LENGTH); \ @@ -243,7 +243,7 @@ decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val) ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; ret = asn1_decode_integer(&subbuf, val); checkerr; - safe_syncbuf(&tmp, &subbuf); + safe_syncbuf(&tmp, &subbuf, buflen); *buf = tmp; last: @@ -269,7 +269,7 @@ decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *va ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; ret = asn1_decode_unsigned_integer(&subbuf, val); checkerr; - safe_syncbuf(&tmp, &subbuf); + safe_syncbuf(&tmp, &subbuf, buflen); *buf = tmp; last: @@ -298,7 +298,7 @@ decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len, ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; ret = asn1_decode_octetstring (&subbuf, len, val); checkerr; - safe_syncbuf(&tmp, &subbuf); + safe_syncbuf(&tmp, &subbuf, buflen); *buf = tmp; last: @@ -309,7 +309,7 @@ last: static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) { - int buflen, seqindef; + int full_buflen, seqindef; unsigned int length; asn1_error_code ret; asn1buf subbuf; @@ -319,20 +319,20 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) key->key_data_contents[1] = NULL; ret = asn1_get_sequence(buf, &length, &seqindef); checkerr; - buflen = length; + full_buflen = length; ret = asn1buf_imbed(&subbuf, buf, length, seqindef); checkerr; asn1_get_tag_2(&subbuf, &t); /* Salt */ if (t.tagnum == 0) { - int buflen; + int salt_buflen; asn1buf slt; unsigned long keytype; int keylen; key->key_data_ver = 2; asn1_get_sequence(&subbuf, &length, &seqindef); - buflen = length; + salt_buflen = length; asn1buf_imbed(&slt, &subbuf, length, seqindef); ret = decode_tagged_integer (&slt, 0, &keytype); @@ -344,7 +344,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) &key->key_data_contents[1]); checkerr; } else keylen = 0; - safe_syncbuf (&subbuf, &slt); + safe_syncbuf (&subbuf, &slt, salt_buflen); key->key_data_length[1] = keylen; /* XXX range check?? */ ret = asn1_get_tag_2(&subbuf, &t); checkerr; @@ -353,7 +353,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) /* Key */ { - int buflen; + int key_buflen; asn1buf kbuf; long lval; int ival; @@ -362,7 +362,7 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) cleanup (ASN1_MISSING_FIELD); ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - buflen = length; + key_buflen = length; ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr; ret = decode_tagged_integer (&kbuf, 0, &lval); @@ -373,10 +373,10 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) &key->key_data_contents[0]); checkerr; key->key_data_length[0] = ival; /* XXX range check? */ - safe_syncbuf (&subbuf, &kbuf); + safe_syncbuf (&subbuf, &kbuf, key_buflen); } - safe_syncbuf (buf, &subbuf); + safe_syncbuf (buf, &subbuf, full_buflen); last: if (ret != 0) { @@ -433,12 +433,12 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, /* Sequence of keys */ { - int i, buflen; + int i, seq_buflen; asn1buf keyseq; if (t.tagnum != 4) cleanup (ASN1_MISSING_FIELD); ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - buflen = length; + seq_buflen = length; ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr; for (i = 1, *out = NULL; ; i++) { krb5_key_data *tmp; @@ -452,7 +452,7 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, if (asn1buf_remains(&keyseq, 0) == 0) break; /* Not freeing the last key structure */ } - safe_syncbuf (&subbuf, &keyseq); + safe_syncbuf (&subbuf, &keyseq, seq_buflen); } /* diff --git a/src/lib/krb5/ccache/ccdefault.c b/src/lib/krb5/ccache/ccdefault.c index db308b8ec..d6a2597db 100644 --- a/src/lib/krb5/ccache/ccdefault.c +++ b/src/lib/krb5/ccache/ccdefault.c @@ -90,7 +90,7 @@ krb5int_cc_default(krb5_context context, krb5_ccache *ccache) /* This function tries to get tickets and put them in the specified cache, however, if the cache does not exist, it may choose to put them elsewhere (ie: the system default) so we set that here */ - char * ccdefname = krb5_cc_default_name (context); + const char * ccdefname = krb5_cc_default_name (context); if (!ccdefname || strcmp (ccdefname, outCacheName) != 0) { krb5_cc_set_default_name (context, outCacheName); } diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c index 506538ca4..90a49d6a6 100644 --- a/src/lib/krb5/krb/gc_frm_kdc.c +++ b/src/lib/krb5/krb/gc_frm_kdc.c @@ -788,7 +788,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache, krb5_creds tgtq, cc_tgt, *tgtptr, *referral_tgts[KRB5_REFERRAL_MAXHOPS]; krb5_boolean old_use_conf_ktypes; char **hrealms; - int referral_count, i; + unsigned int referral_count, i; /* * Set up client and server pointers. Make a fresh and modifyable diff --git a/src/lib/krb5/krb/pkinit_apple_cert_store.c b/src/lib/krb5/krb/pkinit_apple_cert_store.c index 0b5420b0c..be0ea73ab 100644 --- a/src/lib/krb5/krb/pkinit_apple_cert_store.c +++ b/src/lib/krb5/krb/pkinit_apple_cert_store.c @@ -261,6 +261,7 @@ krb5_error_code krb5_pkinit_get_client_cert( SecIdentityRef idRef = NULL; OSStatus ortn; CFDictionaryRef theDict = NULL; + CFStringRef cfPrinc = NULL; krb5_error_code ourRtn = 0; if(principal == NULL) { @@ -274,8 +275,8 @@ krb5_error_code krb5_pkinit_get_client_cert( } /* Entry in the dictionary for specified principal? */ - CFStringRef cfPrinc = CFStringCreateWithCString(NULL, principal, - kCFStringEncodingASCII); + cfPrinc = CFStringCreateWithCString(NULL, principal, + kCFStringEncodingASCII); issuerSerial = (CFDataRef)CFDictionaryGetValue(theDict, cfPrinc); CFRelease(cfPrinc); if(issuerSerial == NULL) { diff --git a/src/lib/krb5/krb/pkinit_apple_utils.c b/src/lib/krb5/krb/pkinit_apple_utils.c index a4578336b..dc006e912 100644 --- a/src/lib/krb5/krb/pkinit_apple_utils.c +++ b/src/lib/krb5/krb/pkinit_apple_utils.c @@ -158,6 +158,7 @@ krb5_error_code pkiDataToInt( krb5_ui_4 len; krb5_int32 rtn = 0; krb5_ui_4 dex; + uint8 *cp = NULL; if((cdata->Length == 0) || (cdata->Data == NULL)) { *i = 0; @@ -168,7 +169,7 @@ krb5_error_code pkiDataToInt( return ASN1_BAD_LENGTH; } - uint8 *cp = cdata->Data; + cp = cdata->Data; for(dex=0; dextm_min > 59 || utc->tm_sec > 59) { return ASN1_BAD_GMTIME; } - char *outStr = (char *)malloc(16); + outStr = (char *)malloc(16); if(outStr == NULL) { return ENOMEM; } diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index fd7d5483a..85e353216 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -1773,7 +1773,8 @@ krb5_do_preauth(krb5_context context, krb5_preauth_client_rock *get_data_rock, krb5_gic_opt_ext *opte) { - int h, i, j, out_pa_list_size; + unsigned int h; + int i, j, out_pa_list_size; int seen_etype_info2 = 0; krb5_pa_data *out_pa = NULL, **out_pa_list = NULL; krb5_data scratch; diff --git a/src/lib/krb5/krb/ser_ctx.c b/src/lib/krb5/krb/ser_ctx.c index 6a1fb1b49..12051d7c4 100644 --- a/src/lib/krb5/krb/ser_ctx.c +++ b/src/lib/krb5/krb/ser_ctx.c @@ -170,7 +170,7 @@ krb5_context_externalize(krb5_context kcontext, krb5_pointer arg, krb5_octet **b size_t required; krb5_octet *bp; size_t remain; - int i; + unsigned int i; required = 0; bp = *buffer; @@ -333,7 +333,7 @@ krb5_context_internalize(krb5_context kcontext, krb5_pointer *argp, krb5_octet * krb5_int32 ibuf; krb5_octet *bp; size_t remain; - int i; + unsigned int i; bp = *buffer; remain = *lenremain; diff --git a/src/lib/krb5/krb/srv_rcache.c b/src/lib/krb5/krb/srv_rcache.c index c8cbe72bc..f3ea3ee5a 100644 --- a/src/lib/krb5/krb/srv_rcache.c +++ b/src/lib/krb5/krb/srv_rcache.c @@ -41,7 +41,7 @@ krb5_get_server_rcache(krb5_context context, const krb5_data *piece, char *cachename = 0, *cachetype; char tmp[4]; krb5_error_code retval; - int p, i; + unsigned int p, i; unsigned int len; #ifdef HAVE_GETEUID diff --git a/src/lib/krb5/krb/str_conv.c b/src/lib/krb5/krb/str_conv.c index fdc4d727e..986274d40 100644 --- a/src/lib/krb5/krb/str_conv.c +++ b/src/lib/krb5/krb/str_conv.c @@ -251,7 +251,7 @@ krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen "%x %X", /* locale-dependent short format */ "%d/%m/%Y %R" /* dd/mm/yyyy hh:mm */ }; - static const int sftime_format_table_nents = + static const unsigned int sftime_format_table_nents = sizeof(sftime_format_table)/sizeof(sftime_format_table[0]); #ifdef HAVE_LOCALTIME_R diff --git a/src/lib/krb5/libkrb5.exports b/src/lib/krb5/libkrb5.exports index 3dad7f049..2d503b851 100644 --- a/src/lib/krb5/libkrb5.exports +++ b/src/lib/krb5/libkrb5.exports @@ -149,7 +149,6 @@ krb5_cccol_cursor_new krb5_cccol_cursor_next krb5_change_cache krb5_change_password -krb5_change_set_password krb5_check_transited_list krb5_chpw_result_code_string krb5_clear_error_message diff --git a/src/lib/krb5/os/changepw.c b/src/lib/krb5/os/changepw.c index 1de5a217a..710a3fcf5 100644 --- a/src/lib/krb5/os/changepw.c +++ b/src/lib/krb5/os/changepw.c @@ -50,7 +50,6 @@ struct sendto_callback_context { krb5_data ap_req; }; - /* * Wrapper function for the two backends */ @@ -190,7 +189,7 @@ cleanup: ** if set_password_for is NULL, then a password change is performed, ** otherwise, the password is set for the principal indicated in set_password_for */ -krb5_error_code KRB5_CALLCONV +static krb5_error_code KRB5_CALLCONV krb5_change_set_password(krb5_context context, krb5_creds *creds, char *newpw, krb5_principal set_password_for, int *result_code, krb5_data *result_code_string, diff --git a/src/lib/krb5/os/gen_rname.c b/src/lib/krb5/os/gen_rname.c index a0e46d05e..a8a07d951 100644 --- a/src/lib/krb5/os/gen_rname.c +++ b/src/lib/krb5/os/gen_rname.c @@ -35,7 +35,7 @@ krb5_error_code krb5_gen_replay_name(krb5_context context, const krb5_address *address, const char *uniq, char **string) { char * tmp; - int i; + unsigned int i; unsigned int len; len = strlen(uniq) + (address->length * 2) + 1; diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index ce9674401..d884b8cd4 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -27,8 +27,7 @@ * Return the protocol addresses supported by this host. * Exports from this file: * krb5int_foreach_localaddr (does callbacks) - * krb5int_local_addresses (includes krb5.conf extra_addresses) - * krb5_os_localaddr (doesn't) + * krb5_os_localaddr (doesn't include krb5.conf extra_addresses) * * XNS support is untested, but "Should just work". (Hah!) */ @@ -1334,11 +1333,13 @@ krb5_os_localaddr(krb5_context context, krb5_address ***addr) return get_localaddrs(context, addr, 1); } +#if 0 /* not actually used anywhere currently */ krb5_error_code krb5int_local_addresses(krb5_context context, krb5_address ***addr) { return get_localaddrs(context, addr, 0); } +#endif static krb5_error_code get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile) diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 658b42136..218748273 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -1087,7 +1087,7 @@ service_fds (krb5_context context, e = 0; while (selstate->nfds > 0) { - int i; + unsigned int i; e = krb5int_cm_call_select(selstate, seltemp, &selret); if (e == EINTR) @@ -1102,7 +1102,7 @@ service_fds (krb5_context context, return 0; /* Got something on a socket, process it. */ - for (i = 0; i <= selstate->max && selret > 0 && i < n_conns; i++) { + for (i = 0; i <= (unsigned int)selstate->max && selret > 0 && i < n_conns; i++) { int ssflags; if (conns[i].fd == INVALID_SOCKET) @@ -1185,7 +1185,8 @@ krb5int_sendto (krb5_context context, const krb5_data *message, int (*msg_handler)(krb5_context, const krb5_data *, void *), void *msg_handler_data) { - int i, pass; + unsigned int i; + int pass; int delay_this_pass = 2; krb5_error_code retval; struct conn_state *conns; diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index b942d5141..6692ae145 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -442,7 +442,7 @@ krb5_rc_io_read(krb5_context context, krb5_rc_iostuff *d, krb5_pointer buf, strerror(errno)); return KRB5_RC_IO_UNKNOWN; } - if (count != num) + if (count < 0 || (unsigned int)count != num) return KRB5_RC_IO_EOF; return 0; } diff --git a/src/util/support/gmt_mktime.c b/src/util/support/gmt_mktime.c index 65ab87349..c6ec60201 100644 --- a/src/util/support/gmt_mktime.c +++ b/src/util/support/gmt_mktime.c @@ -15,6 +15,8 @@ #include #endif +#include "k5-gmt_mktime.h" + /* take a struct tm, return seconds from GMT epoch */ /* like mktime, this ignores tm_wday and tm_yday. */ /* unlike mktime, this does not set them... it only passes a return value. */ -- 2.26.2