clean up sprintf usage and many other flawfinder issues; clean up compiler warnings on Linux; remove pam_passthru from DS 7.1

9 files changed, 17 insertions, 96 deletions

diff --git a/lib/libaccess/acl.tab.cpp b/lib/libaccess/acl.tab.cpp
index f8eae8f2..0e499fa0 100644
--- a/lib/libaccess/acl.tab.cpp
+++ b/lib/libaccess/acl.tab.cpp
@@ -99,38 +99,6 @@ acl_set_args(ACLExprHandle_t *expr, char **args_list)
 }
 
 static int
-acl_set_users(ACLExprHandle_t *expr, char **user_list)
-{
-	int ii;
-	int jj;
-
-	if (expr == NULL)
-		return(-1);
-
-	for (ii = 0; ii < MAX_LIST_SIZE; ii++) {
-		if ( user_list[ii] ) {
-			if ( ACL_ExprTerm(NULL, expr, "user", CMP_OP_EQ, 
-					user_list[ii]) < 0 ) {
-				aclerror("ACL_ExprTerm() failed");
-				acl_free_args(user_list);
-				return(-1);
-			}
-		} else
-			break;
-	}
-
-	acl_free_args(user_list);
-
-	for (jj = 0; jj < ii - 1; jj++) {
-		if ( ACL_ExprOr(NULL, expr)  < 0 ) {
-			aclerror("ACL_ExprOr() failed");
-			return(-1);
-		}
-	}
-	return(0);
-}
-
-static int
 acl_set_users_or_groups(ACLExprHandle_t *expr, char **user_list)
 {
 	int ii;
@@ -1261,7 +1229,7 @@ case 24:
 			aclerror("Could not set authorization processing flags");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
@@ -1275,7 +1243,7 @@ case 26:
 			aclerror("ACL_ExprNew(auth) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
@@ -1475,7 +1443,7 @@ case 68:
 			aclerror("ACL_ExprNew(allow) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
diff --git a/lib/libaccess/aclcache.cpp b/lib/libaccess/aclcache.cpp
index 37f4b0ea..1cac6388 100644
--- a/lib/libaccess/aclcache.cpp
+++ b/lib/libaccess/aclcache.cpp
@@ -150,8 +150,6 @@ ACL_ListHashUpdate(ACLListHandle_t **acllistp)
 NSAPI_PUBLIC void
 ACL_ListHashEnter(ACLListHandle_t **acllistp)
 {
-    NSErr_t *errp = 0;
-
     ACL_CritEnter();
 
     /*  Look for a matching ACL List and use it if we find one.  */
diff --git a/lib/libaccess/acltext.y b/lib/libaccess/acltext.y
index 864f70e6..1dfe6ec7 100644
--- a/lib/libaccess/acltext.y
+++ b/lib/libaccess/acltext.y
@@ -104,38 +104,6 @@ acl_set_args(ACLExprHandle_t *expr, char **args_list)
 }
 
 static int
-acl_set_users(ACLExprHandle_t *expr, char **user_list)
-{
-	int ii;
-	int jj;
-
-	if (expr == NULL)
-		return(-1);
-
-	for (ii = 0; ii < MAX_LIST_SIZE; ii++) {
-		if ( user_list[ii] ) {
-			if ( ACL_ExprTerm(NULL, expr, "user", CMP_OP_EQ, 
-					user_list[ii]) < 0 ) {
-				yyerror("ACL_ExprTerm() failed");
-				acl_free_args(user_list);
-				return(-1);
-			}
-		} else
-			break;
-	}
-
-	acl_free_args(user_list);
-
-	for (jj = 0; jj < ii - 1; jj++) {
-		if ( ACL_ExprOr(NULL, expr)  < 0 ) {
-			yyerror("ACL_ExprOr() failed");
-			return(-1);
-		}
-	}
-	return(0);
-}
-
-static int
 acl_set_users_or_groups(ACLExprHandle_t *expr, char **user_list)
 {
 	int ii;
@@ -424,7 +392,7 @@ auth_method_v2:
 			yyerror("Could not set authorization processing flags");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
@@ -438,7 +406,7 @@ auth_method_v2:
 			yyerror("ACL_ExprNew(auth) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
@@ -696,7 +664,7 @@ authenticate_statement: ACL_AUTHENTICATE_TOK
 			yyerror("ACL_ExprNew(allow) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
diff --git a/lib/libaccess/acltools.cpp b/lib/libaccess/acltools.cpp
index 5f7b00ac..907cd52a 100644
--- a/lib/libaccess/acltools.cpp
+++ b/lib/libaccess/acltools.cpp
@@ -3434,7 +3434,7 @@ ACL_InitAttr2Index(void)
 
     ACLAttr2IndexPList = PListNew(NULL);
     for (i = 1; i < ACL_ATTR_INDEX_MAX; i++) {
-        PListInitProp(ACLAttr2IndexPList, NULL, ACLAttrTable[i], (const void *)i, NULL);
+        PListInitProp(ACLAttr2IndexPList, 0, ACLAttrTable[i], (const void *)i, NULL);
     }
  
     return 0;
diff --git a/lib/libaccess/lasdns.cpp b/lib/libaccess/lasdns.cpp
index b5c37a12..0340a51f 100644
--- a/lib/libaccess/lasdns.cpp
+++ b/lib/libaccess/lasdns.cpp
@@ -259,7 +259,7 @@ LASDnsBuild(NSErr_t *errp, char *attr_pattern, LASDnsContext_t *context, int ali
 
     } while ((attr_pattern != NULL) && 
 	     (attr_pattern[0] != '\0') && 
-	     (delimiter != (int)NULL));
+	     (delimiter != 0));
 
     return 0;
 }
diff --git a/lib/libaccess/lasip.cpp b/lib/libaccess/lasip.cpp
index 9b1a9127..51d2bd58 100644
--- a/lib/libaccess/lasip.cpp
+++ b/lib/libaccess/lasip.cpp
@@ -146,7 +146,7 @@ dotdecimal(char *ipstr, char *netmaskstr, int *ip, int *netmask)
         }
     }
 
-    return (int)NULL;
+    return 0;
 }
 
 
@@ -262,12 +262,12 @@ LASIpBuild(NSErr_t *errp, char *attr_name, CmpOp_t comparator, char *attr_patter
                 return (retcode);
         }
 
-        if (LASIpAddPattern(errp, netmask, ip, treetop) != (int)NULL)
+        if (LASIpAddPattern(errp, netmask, ip, treetop) != 0)
             return LAS_EVAL_INVALID;
 
-    } while ((curptr != NULL) && (delimiter != (int)NULL));
+    } while ((curptr != NULL) && (delimiter != 0));
 
-    return (int)NULL;
+    return 0;
 }
 
 
diff --git a/lib/libaccess/ldapacl.cpp b/lib/libaccess/ldapacl.cpp
index 6f37c3e2..04582503 100644
--- a/lib/libaccess/ldapacl.cpp
+++ b/lib/libaccess/ldapacl.cpp
@@ -401,7 +401,6 @@ int acl_map_cert_to_user (NSErr_t *errp, const char *dbname,
 	/* LDAPU_REQ will reconnect & retry once if LDAP server went down */
 	/* it sets the variable rv */
 	if (rv == LDAPU_SUCCESS) {
-	    char *dn = 0;
 
 	    LDAPU_REQ(rv, ldb, ldapu_cert_to_user(cert, ldb->ld, ldb->basedn,
 						  &res, &uid));
@@ -726,7 +725,6 @@ NSAPI_PUBLIC int acl_user_exists (const char *user, const char *userdn,
     PList_t resource = 0;
     PList_t auth_info = 0;
     PList_t global_auth = NULL;
-    char *olddn = 0;
     int rv;
 
     /* Check if the userdn is available in the usr_cache */
@@ -748,9 +746,9 @@ NSAPI_PUBLIC int acl_user_exists (const char *user, const char *userdn,
     }
 
     pool = pool_create();
-    subject = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
-    resource = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
-    auth_info = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
+    subject = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
+    resource = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
+    auth_info = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
  
     if (!pool || !subject || !resource || !auth_info) {
 	/* ran out of memory */
diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp
index f14b971f..9b99c996 100644
--- a/lib/libaccess/oneeval.cpp
+++ b/lib/libaccess/oneeval.cpp
@@ -35,8 +35,6 @@
 #include "oneeval.h"
 #include "permhash.h"
 
-static int acl_default_result = ACL_RES_DENY;
-
 static ACLDispatchVector_t __nsacl_vector = {
 
     /* Error frame stack support */
@@ -470,10 +468,10 @@ ACLEvalBuildContext(
 		    if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0)
 		    {
 			/*  Save pointer to the property list  */
-			PListInitProp(curauthplist, NULL, *argp, ace->expr_auth,
+			PListInitProp(curauthplist, 0, *argp, ace->expr_auth,
 				      ace->expr_auth);
                         if (IS_ABSOLUTE(ace->expr_flags))
-			    PListInitProp(absauthplist, NULL, *argp, NULL,
+			    PListInitProp(absauthplist, 0, *argp, NULL,
 			    NULL);
 		    }
 
diff --git a/lib/libaccess/usrcache.cpp b/lib/libaccess/usrcache.cpp
index 87b7afe7..dbc6624a 100644
--- a/lib/libaccess/usrcache.cpp
+++ b/lib/libaccess/usrcache.cpp
@@ -451,15 +451,6 @@ int acl_usr_cache_passwd_check (const char *uid, const char *dbname,
     return rv;
 }
 
-
-static int group_check_helper (UserCacheObj *usrobj, void *val)
-{
-    if (usrobj->group && !strcmp(usrobj->group, (char *)val))
-	return LAS_EVAL_TRUE;
-    else
-	return LAS_EVAL_FALSE;
-}
-
 int acl_usr_cache_group_check (const char *uid, const char *dbname,
 			       const char *group, const time_t time)
 {