clean up sprintf usage and many other flawfinder issues; clean up compiler warnings on Linux; remove pam_passthru from DS 7.1

19 files changed, 30 insertions, 140 deletions

diff --git a/lib/base/shexp.cpp b/lib/base/shexp.cpp
index dd7990a6..9db37ac6 100644
--- a/lib/base/shexp.cpp
+++ b/lib/base/shexp.cpp
@@ -23,7 +23,7 @@
 int valid_subexp(char *exp, char stop) 
 {
     register int x,y,t;
-    int nsc,np,tld;
+    int nsc,tld;
 
     x=0;nsc=0;tld=0;
 
diff --git a/lib/base/system.cpp b/lib/base/system.cpp
index c15c2f58..556d94a4 100644
--- a/lib/base/system.cpp
+++ b/lib/base/system.cpp
@@ -171,7 +171,6 @@ NSAPI_PUBLIC void *system_realloc_perm(void *ptr, int size)
     return realloc(ptr, size);
 #else
     int *magic, *length;
-    char *baseptr;
     char *cptr;
 
     cptr = (char *)ptr - DEBUG_MARGIN - 2 * sizeof(int);
diff --git a/lib/ldaputil/certmap.c b/lib/ldaputil/certmap.c
index 88f970ac..ade67b33 100644
--- a/lib/ldaputil/certmap.c
+++ b/lib/ldaputil/certmap.c
@@ -132,6 +132,7 @@ static long certmap_name_to_bit_pos (const char *str)
     return CERTMAP_BIT_POS_UNKNOWN;
 }
 
+#if 0 /* may need this in the future */
 static int certmap_name_to_secoid (const char *str)
 {
     if (!ldapu_strcasecmp(str, "c")) return SEC_OID_AVA_COUNTRY_NAME;
@@ -147,6 +148,7 @@ static int certmap_name_to_secoid (const char *str)
 
     return SEC_OID_AVA_UNKNOWN;	/* return invalid OID */
 }
+#endif
 
 NSAPI_PUBLIC int ldapu_list_alloc (LDAPUList_t **list)
 {
@@ -874,7 +876,7 @@ static int ldapu_cert_searchfn_default (void *cert, LDAP *ld,
 	if (rv != LDAPU_SUCCESS || !subjectDN || !*subjectDN) return rv;
 	len = strlen(certmap_info->searchAttr) + strlen(subjectDN) +
 	    strlen("=") + 1;
-	certFilter = (char *)malloc(len * sizeof(char));
+	certFilter = (char *)ldapu_malloc(len * sizeof(char));
 	if (!certFilter) return LDAPU_ERR_OUT_OF_MEMORY;
 	sprintf(certFilter, "%s=%s", certmap_info->searchAttr, subjectDN);
 	free(subjectDN);
@@ -1354,6 +1356,7 @@ NSAPI_PUBLIC CertVerifyFn_t ldapu_get_cert_verifyfn (const char *issuerDN)
     return ldapu_get_cert_verifyfn_sub(certmap_info);
 }
 
+#if 0 /* may need this in the future */
 static int ldapu_certinfo_copy (const LDAPUCertMapInfo_t *from,
 				const char *newIssuerName,
 				const char *newIssuerDN,
@@ -1374,6 +1377,7 @@ static int ldapu_certinfo_copy (const LDAPUCertMapInfo_t *from,
 
     return process_certinfo(to);
 }
+#endif
 
 NSAPI_PUBLIC int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld,
 					   const char *basedn,
@@ -1387,7 +1391,6 @@ NSAPI_PUBLIC int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld,
     CertMapFn_t mapfn;
     CertVerifyFn_t verifyfn;
     CertSearchFn_t searchfn;
-    void *entry_cert = 0;
     int rv,i,j;
 
     *res = 0;
diff --git a/lib/ldaputil/dbconf.c b/lib/ldaputil/dbconf.c
index 5832b863..ff1d8652 100644
--- a/lib/ldaputil/dbconf.c
+++ b/lib/ldaputil/dbconf.c
@@ -342,7 +342,6 @@ static int read_db_info (FILE *fp, char *buf, DBConfDBInfo_t **db_info_out,
 			 int *eof)
 {
     char *ptr;
-    int found_directive = 0;
     DBConfDBInfo_t *db_info;
     int rv;
 
@@ -489,44 +488,13 @@ NSAPI_PUBLIC int dbconf_read_default_dbinfo (const char *file,
 }
 
 /*
- * ldapu_strncasecmp - is like strncasecmp on UNIX but also accepts null strings.
- */
-/* Not tested */
-static int ldapu_strncasecmp (const char *s1, const char *s2, size_t len)
-{
-    int ls1, ls2;		/* tolower values of chars in s1 & s2 resp. */
-
-    if (0 == len) return 0;
-    else if (!s1) return !s2 ? 0 : 0-tolower(*s2);
-    else if (!s2) return tolower(*s1);
-
-#ifdef XP_WIN32
-    while(len > 0 && *s1 && *s2 &&
-	  (ls1 = tolower(*s1)) == (ls2 = tolower(*s2)))
-    {
-	s1++; s2++; len--;
-    }
-
-    if (0 == len)
-	return 0;
-    else if (!*s1)
-	return *s2 ? 0-tolower(*s2) : 0;
-    else if (!*s2)
-	return tolower(*s1);
-    else
-	return ls1 - ls2;
-#else
-    return strncasecmp(s1, s2, len);
-#endif
-}
-
-
-/*
  * ldapu_strcasecmp - is like strcasecmp on UNIX but also accepts null strings.
  */
 int ldapu_strcasecmp (const char *s1, const char *s2)
 {
+#ifdef XP_WIN32
     int ls1, ls2;		/* tolower values of chars in s1 & s2 resp. */
+#endif
 
     if (!s1) return !s2 ? 0 : 0-tolower(*s2);
     else if (!s2) return tolower(*s1);
diff --git a/lib/ldaputil/init.c b/lib/ldaputil/init.c
index 4d565982..fb6aaa6b 100644
--- a/lib/ldaputil/init.c
+++ b/lib/ldaputil/init.c
@@ -44,7 +44,7 @@ static int load_server_libs (const char *dir)
 	/* Dir exists */
         while( (d = PR_ReadDir(ds, PR_SKIP_BOTH)) )  {
 	    PRLibrary *lib = 0;
-            char *libname = d->name;
+		const char *libname = d->name;
 	    int len = strlen(libname);
 	    int is_lib;
 
diff --git a/lib/ldaputil/ldapauth.c b/lib/ldaputil/ldapauth.c
index 802184fb..f915d310 100644
--- a/lib/ldaputil/ldapauth.c
+++ b/lib/ldaputil/ldapauth.c
@@ -1017,7 +1017,6 @@ int ldapu_auth_uid_attrfilter (LDAP *ld, const char *uid, const char *attrfilter
  */
 int ldapu_auth_userdn_password (LDAP *ld, const char *userdn, const char *password)
 {
-    LDAPMessage *res = 0;
     int retval;
 
     DBG_PRINT2("\tuserdn:\t\"%s\"\n", userdn);
diff --git a/lib/libaccess/acl.tab.cpp b/lib/libaccess/acl.tab.cpp
index f8eae8f2..0e499fa0 100644
--- a/lib/libaccess/acl.tab.cpp
+++ b/lib/libaccess/acl.tab.cpp
@@ -99,38 +99,6 @@ acl_set_args(ACLExprHandle_t *expr, char **args_list)
 }
 
 static int
-acl_set_users(ACLExprHandle_t *expr, char **user_list)
-{
-	int ii;
-	int jj;
-
-	if (expr == NULL)
-		return(-1);
-
-	for (ii = 0; ii < MAX_LIST_SIZE; ii++) {
-		if ( user_list[ii] ) {
-			if ( ACL_ExprTerm(NULL, expr, "user", CMP_OP_EQ, 
-					user_list[ii]) < 0 ) {
-				aclerror("ACL_ExprTerm() failed");
-				acl_free_args(user_list);
-				return(-1);
-			}
-		} else
-			break;
-	}
-
-	acl_free_args(user_list);
-
-	for (jj = 0; jj < ii - 1; jj++) {
-		if ( ACL_ExprOr(NULL, expr)  < 0 ) {
-			aclerror("ACL_ExprOr() failed");
-			return(-1);
-		}
-	}
-	return(0);
-}
-
-static int
 acl_set_users_or_groups(ACLExprHandle_t *expr, char **user_list)
 {
 	int ii;
@@ -1261,7 +1229,7 @@ case 24:
 			aclerror("Could not set authorization processing flags");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
@@ -1275,7 +1243,7 @@ case 26:
 			aclerror("ACL_ExprNew(auth) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
@@ -1475,7 +1443,7 @@ case 68:
 			aclerror("ACL_ExprNew(allow) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			aclerror("Could not set authorization info");
 			return(-1);
diff --git a/lib/libaccess/aclcache.cpp b/lib/libaccess/aclcache.cpp
index 37f4b0ea..1cac6388 100644
--- a/lib/libaccess/aclcache.cpp
+++ b/lib/libaccess/aclcache.cpp
@@ -150,8 +150,6 @@ ACL_ListHashUpdate(ACLListHandle_t **acllistp)
 NSAPI_PUBLIC void
 ACL_ListHashEnter(ACLListHandle_t **acllistp)
 {
-    NSErr_t *errp = 0;
-
     ACL_CritEnter();
 
     /*  Look for a matching ACL List and use it if we find one.  */
diff --git a/lib/libaccess/acltext.y b/lib/libaccess/acltext.y
index 864f70e6..1dfe6ec7 100644
--- a/lib/libaccess/acltext.y
+++ b/lib/libaccess/acltext.y
@@ -104,38 +104,6 @@ acl_set_args(ACLExprHandle_t *expr, char **args_list)
 }
 
 static int
-acl_set_users(ACLExprHandle_t *expr, char **user_list)
-{
-	int ii;
-	int jj;
-
-	if (expr == NULL)
-		return(-1);
-
-	for (ii = 0; ii < MAX_LIST_SIZE; ii++) {
-		if ( user_list[ii] ) {
-			if ( ACL_ExprTerm(NULL, expr, "user", CMP_OP_EQ, 
-					user_list[ii]) < 0 ) {
-				yyerror("ACL_ExprTerm() failed");
-				acl_free_args(user_list);
-				return(-1);
-			}
-		} else
-			break;
-	}
-
-	acl_free_args(user_list);
-
-	for (jj = 0; jj < ii - 1; jj++) {
-		if ( ACL_ExprOr(NULL, expr)  < 0 ) {
-			yyerror("ACL_ExprOr() failed");
-			return(-1);
-		}
-	}
-	return(0);
-}
-
-static int
 acl_set_users_or_groups(ACLExprHandle_t *expr, char **user_list)
 {
 	int ii;
@@ -424,7 +392,7 @@ auth_method_v2:
 			yyerror("Could not set authorization processing flags");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
@@ -438,7 +406,7 @@ auth_method_v2:
 			yyerror("ACL_ExprNew(auth) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
@@ -696,7 +664,7 @@ authenticate_statement: ACL_AUTHENTICATE_TOK
 			yyerror("ACL_ExprNew(allow) failed");
 			return(-1);
 		}
-                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, NULL, NULL);
+                curr_auth_info = PListCreate(NULL, ACL_ATTR_INDEX_MAX, 0, 0);
 		if ( ACL_ExprAddAuthInfo(curr_expr, curr_auth_info) < 0 ) {
 			yyerror("Could not set authorization info");
 			return(-1);
diff --git a/lib/libaccess/acltools.cpp b/lib/libaccess/acltools.cpp
index 5f7b00ac..907cd52a 100644
--- a/lib/libaccess/acltools.cpp
+++ b/lib/libaccess/acltools.cpp
@@ -3434,7 +3434,7 @@ ACL_InitAttr2Index(void)
 
     ACLAttr2IndexPList = PListNew(NULL);
     for (i = 1; i < ACL_ATTR_INDEX_MAX; i++) {
-        PListInitProp(ACLAttr2IndexPList, NULL, ACLAttrTable[i], (const void *)i, NULL);
+        PListInitProp(ACLAttr2IndexPList, 0, ACLAttrTable[i], (const void *)i, NULL);
     }
  
     return 0;
diff --git a/lib/libaccess/lasdns.cpp b/lib/libaccess/lasdns.cpp
index b5c37a12..0340a51f 100644
--- a/lib/libaccess/lasdns.cpp
+++ b/lib/libaccess/lasdns.cpp
@@ -259,7 +259,7 @@ LASDnsBuild(NSErr_t *errp, char *attr_pattern, LASDnsContext_t *context, int ali
 
     } while ((attr_pattern != NULL) && 
 	     (attr_pattern[0] != '\0') && 
-	     (delimiter != (int)NULL));
+	     (delimiter != 0));
 
     return 0;
 }
diff --git a/lib/libaccess/lasip.cpp b/lib/libaccess/lasip.cpp
index 9b1a9127..51d2bd58 100644
--- a/lib/libaccess/lasip.cpp
+++ b/lib/libaccess/lasip.cpp
@@ -146,7 +146,7 @@ dotdecimal(char *ipstr, char *netmaskstr, int *ip, int *netmask)
         }
     }
 
-    return (int)NULL;
+    return 0;
 }
 
 
@@ -262,12 +262,12 @@ LASIpBuild(NSErr_t *errp, char *attr_name, CmpOp_t comparator, char *attr_patter
                 return (retcode);
         }
 
-        if (LASIpAddPattern(errp, netmask, ip, treetop) != (int)NULL)
+        if (LASIpAddPattern(errp, netmask, ip, treetop) != 0)
             return LAS_EVAL_INVALID;
 
-    } while ((curptr != NULL) && (delimiter != (int)NULL));
+    } while ((curptr != NULL) && (delimiter != 0));
 
-    return (int)NULL;
+    return 0;
 }
 
 
diff --git a/lib/libaccess/ldapacl.cpp b/lib/libaccess/ldapacl.cpp
index 6f37c3e2..04582503 100644
--- a/lib/libaccess/ldapacl.cpp
+++ b/lib/libaccess/ldapacl.cpp
@@ -401,7 +401,6 @@ int acl_map_cert_to_user (NSErr_t *errp, const char *dbname,
 	/* LDAPU_REQ will reconnect & retry once if LDAP server went down */
 	/* it sets the variable rv */
 	if (rv == LDAPU_SUCCESS) {
-	    char *dn = 0;
 
 	    LDAPU_REQ(rv, ldb, ldapu_cert_to_user(cert, ldb->ld, ldb->basedn,
 						  &res, &uid));
@@ -726,7 +725,6 @@ NSAPI_PUBLIC int acl_user_exists (const char *user, const char *userdn,
     PList_t resource = 0;
     PList_t auth_info = 0;
     PList_t global_auth = NULL;
-    char *olddn = 0;
     int rv;
 
     /* Check if the userdn is available in the usr_cache */
@@ -748,9 +746,9 @@ NSAPI_PUBLIC int acl_user_exists (const char *user, const char *userdn,
     }
 
     pool = pool_create();
-    subject = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
-    resource = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
-    auth_info = PListCreate(pool, ACL_ATTR_INDEX_MAX, NULL, NULL);
+    subject = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
+    resource = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
+    auth_info = PListCreate(pool, ACL_ATTR_INDEX_MAX, 0, 0);
  
     if (!pool || !subject || !resource || !auth_info) {
 	/* ran out of memory */
diff --git a/lib/libaccess/oneeval.cpp b/lib/libaccess/oneeval.cpp
index f14b971f..9b99c996 100644
--- a/lib/libaccess/oneeval.cpp
+++ b/lib/libaccess/oneeval.cpp
@@ -35,8 +35,6 @@
 #include "oneeval.h"
 #include "permhash.h"
 
-static int acl_default_result = ACL_RES_DENY;
-
 static ACLDispatchVector_t __nsacl_vector = {
 
     /* Error frame stack support */
@@ -470,10 +468,10 @@ ACLEvalBuildContext(
 		    if (PListFindValue(absauthplist, *argp, NULL, NULL) < 0)
 		    {
 			/*  Save pointer to the property list  */
-			PListInitProp(curauthplist, NULL, *argp, ace->expr_auth,
+			PListInitProp(curauthplist, 0, *argp, ace->expr_auth,
 				      ace->expr_auth);
                         if (IS_ABSOLUTE(ace->expr_flags))
-			    PListInitProp(absauthplist, NULL, *argp, NULL,
+			    PListInitProp(absauthplist, 0, *argp, NULL,
 			    NULL);
 		    }
 
diff --git a/lib/libaccess/usrcache.cpp b/lib/libaccess/usrcache.cpp
index 87b7afe7..dbc6624a 100644
--- a/lib/libaccess/usrcache.cpp
+++ b/lib/libaccess/usrcache.cpp
@@ -451,15 +451,6 @@ int acl_usr_cache_passwd_check (const char *uid, const char *dbname,
     return rv;
 }
 
-
-static int group_check_helper (UserCacheObj *usrobj, void *val)
-{
-    if (usrobj->group && !strcmp(usrobj->group, (char *)val))
-	return LAS_EVAL_TRUE;
-    else
-	return LAS_EVAL_FALSE;
-}
-
 int acl_usr_cache_group_check (const char *uid, const char *dbname,
 			       const char *group, const time_t time)
 {
diff --git a/lib/libadmin/Makefile b/lib/libadmin/Makefile
index 7a80d1de..d6a72db7 100644
--- a/lib/libadmin/Makefile
+++ b/lib/libadmin/Makefile
@@ -26,7 +26,7 @@ OBJS=$(addprefix $(OBJDEST)/, error.o \
                               template.o util.o \
                               authdb.o $(OSOBJS))
 
-# moved files [to libadminutil] : form_post.o strlist.o distadm.o cron_conf.o 
+# moved files [to libadminutil] : form_post.o distadm.o cron_conf.o 
 # candidate for moing: admlog.o error.o admserv.o
 # replaced files: error.o [by libadminutil/errRpt.c]
 # removed for lack of ndbm support from binary release of libdbm.... userdb.o
diff --git a/lib/libsi18n/acclanglist.c b/lib/libsi18n/acclanglist.c
index 0e9f25a8..2d24f80d 100644
--- a/lib/libsi18n/acclanglist.c
+++ b/lib/libsi18n/acclanglist.c
@@ -77,7 +77,7 @@ AcceptLangList(const char* AcceptLanguage,
     cPtr = strtok(input,",");
     while (cPtr) {
       qvalue[countLang] = 1.0f;
-      if (cPtr1 = strchr(cPtr,';')) {
+      if ((cPtr1 = strchr(cPtr,';'))) {
         sscanf(cPtr1,";q=%f",&qvalue[countLang]);
         *cPtr1 = '\0';
       }
diff --git a/lib/libsi18n/makstrdb.c b/lib/libsi18n/makstrdb.c
index 788edfa9..25fe84a9 100644
--- a/lib/libsi18n/makstrdb.c
+++ b/lib/libsi18n/makstrdb.c
@@ -125,7 +125,6 @@ XP_MakeStringProperties(void)
 {
     int j;
     char* LibraryName;
-    char* cptr;
     RESOURCE_TABLE* table;
     FILE *hresfile;
     char buffer[2000];
@@ -145,7 +144,7 @@ XP_MakeStringProperties(void)
     }
  
     j = 0;
-    while (table=allxpstr[j++].restable) {
+    while ((table=allxpstr[j++].restable)) {
         LibraryName = table->str;
         fprintf(hresfile, "\n");
         fprintf(hresfile, "#######################################\n");
diff --git a/lib/libsi18n/propset.c b/lib/libsi18n/propset.c
index 4f5ab66d..75173a7b 100644
--- a/lib/libsi18n/propset.c
+++ b/lib/libsi18n/propset.c
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
+#include <ctype.h>
 #include "i18n.h"
 
 #include "txtfile.h"