diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-06-07 15:17:31 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-06-07 15:19:37 -0400 |
commit | e51c089b745161dd6e1d64998e99d065fc22377e (patch) | |
tree | 5e792dd53ed48f3c5d0a0aa78c0ce8e777f385a2 | |
parent | 4f551a7ec126c52ee1f8fea4c3954015b70987bd (diff) | |
download | krb5-e51c089b745161dd6e1d64998e99d065fc22377e.tar.gz krb5-e51c089b745161dd6e1d64998e99d065fc22377e.tar.xz krb5-e51c089b745161dd6e1d64998e99d065fc22377e.zip |
Fix various warnings
54 files changed, 177 insertions, 305 deletions
diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 98d204551..3a87fcd04 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -86,10 +86,10 @@ gss_buffer_t empty_token = &empty_token_buf; static void display_status_1(char *m, OM_uint32 code, int type); static int -write_all(int fildes, char *buf, unsigned int nbyte) +write_all(int fildes, const void *data, unsigned int nbyte) { - int ret; - char *ptr; + int ret; + const char *ptr, *buf = data; for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { ret = send(fildes, ptr, nbyte, 0); @@ -106,10 +106,10 @@ write_all(int fildes, char *buf, unsigned int nbyte) } static int -read_all(int fildes, char *buf, unsigned int nbyte) +read_all(int fildes, void *data, unsigned int nbyte) { int ret; - char *ptr; + char *ptr, *buf = data; fd_set rfds; struct timeval tv; @@ -195,7 +195,7 @@ send_token(s, flags, tok) if (ret < 0) { perror("sending token data"); return -1; - } else if (ret != tok->length) { + } else if ((size_t)ret != tok->length) { if (display_file) fprintf(display_file, "sending token data: %d of %d bytes written\n", @@ -292,7 +292,7 @@ recv_token(s, flags, tok) perror("reading token data"); free(tok->value); return -1; - } else if (ret != tok->length) { + } else if ((size_t)ret != tok->length) { fprintf(stderr, "sending token data: %d of %d bytes written\n", ret, (int) tok->length); free(tok->value); @@ -308,14 +308,14 @@ display_status_1(m, code, type) OM_uint32 code; int type; { - OM_uint32 maj_stat, min_stat; + OM_uint32 min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; msg_ctx = 0; while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, &msg_ctx, &msg); + (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, + &msg_ctx, &msg); if (display_file) fprintf(display_file, "GSS-API error %s: %s\n", m, (char *) msg.value); diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index ed78be58c..3c116dec1 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -889,13 +889,13 @@ static OM_uint32 showLocalIdentity(OM_uint32 *minor, gss_name_t name) { OM_uint32 major; - gss_buffer_desc localname; + gss_buffer_desc buf; - major = gss_localname(minor, name, GSS_C_NO_OID, &localname); + major = gss_localname(minor, name, GSS_C_NO_OID, &buf); if (major == GSS_S_COMPLETE) - printf("localname: %-*s\n", (int)localname.length, localname.value); + printf("localname: %-*s\n", (int)buf.length, (char *)buf.value); else if (major != GSS_S_UNAVAILABLE) display_status("gss_localname", major, *minor); - gss_release_buffer(minor, &localname); + gss_release_buffer(minor, &buf); return major; } diff --git a/src/include/k5-int.h b/src/include/k5-int.h index 37bd9ffb0..73f404bdf 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -1772,7 +1772,7 @@ typedef struct _krb5int_access { krb5_data **code); krb5_error_code - (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in, + (*asn1_ldap_decode_sequence_of_keys)(const krb5_data *in, ldap_seqof_key_data **); /* @@ -1814,13 +1814,12 @@ typedef struct _krb5int_access { krb5_data **code); krb5_error_code - (*encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **, + (*encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *, krb5_data **code); krb5_error_code - (*encode_krb5_td_trusted_certifiers)(const - krb5_external_principal_identifier **, - krb5_data **code); + (*encode_krb5_td_trusted_certifiers)(krb5_external_principal_identifier * + const *, krb5_data **code); krb5_error_code (*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **); diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c index cbdea16ed..96275ca7b 100644 --- a/src/kadmin/dbutil/kdb5_create.c +++ b/src/kadmin/dbutil/kdb5_create.c @@ -264,8 +264,7 @@ void kdb5_create(argc, argv) rblock.key = &master_keyblock; - seed.length = master_keyblock.length; - seed.data = master_keyblock.contents; + seed = make_data(master_keyblock.contents, master_keyblock.length); if ((retval = krb5_c_random_seed(util_context, &seed))) { com_err(progname, retval, diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c index 21f8073d3..4edacb624 100644 --- a/src/kadmin/dbutil/kdb5_mkey.c +++ b/src/kadmin/dbutil/kdb5_mkey.c @@ -73,7 +73,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, krb5_error_code retval = 0; int old_key_data_count, i; krb5_kvno new_mkey_kvno; - krb5_key_data tmp_key_data, *old_key_data; + krb5_key_data tmp_key_data; krb5_mkey_aux_node *mkey_aux_data_head = NULL, **mkey_aux_data; krb5_keylist_node *keylist_node; krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(context); @@ -84,9 +84,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry, if (use_mkvno != 0 && new_mkey_kvno != use_mkvno) return (KRB5_KDB_KVNONOMATCH); - /* save the old keydata */ old_key_data_count = master_entry->n_key_data; - old_key_data = master_entry->key_data; /* alloc enough space to hold new and existing key_data */ /* diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c index d514f8c7d..b972cc5bb 100644 --- a/src/kadmin/dbutil/ovload.c +++ b/src/kadmin/dbutil/ovload.c @@ -111,7 +111,7 @@ int process_ov_principal(kcontext, fname, filep, verbose, linenop) krb5_db_entry *kdb = NULL; char *current = 0; char *cp; - int x; + unsigned int x; char line[LINESIZE]; if (fgets(line, LINESIZE, filep) == (char *) NULL) { diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c index 008bff01e..4a25998f4 100644 --- a/src/kadmin/server/ipropd_svc.c +++ b/src/kadmin/server/ipropd_svc.c @@ -473,7 +473,7 @@ check_iprop_rpcsec_auth(struct svc_req *rqstp) gss_name_t name; krb5_principal princ; int ret, success; - krb5_data *c1, *c2, *realm; + krb5_data *c1, *realm; gss_buffer_desc gss_str; kadm5_server_handle_t handle; size_t slen; @@ -514,7 +514,6 @@ check_iprop_rpcsec_auth(struct svc_req *rqstp) goto fail_princ; c1 = krb5_princ_component(kctx, princ, 0); - c2 = krb5_princ_component(kctx, princ, 1); realm = krb5_princ_realm(kctx, princ); if (strncmp(handle->params.realm, realm->data, realm->length) == 0 && strncmp("kiprop", c1->data, c1->length) == 0) { diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c index b9212fa0f..192145c60 100644 --- a/src/kadmin/server/misc.c +++ b/src/kadmin/server/misc.c @@ -186,16 +186,15 @@ check_min_life(void *server_handle, krb5_principal principal, !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) { if (msg_ret != NULL) { time_t until; - char *time_string, *ptr, *errstr; + char *time_string, *ptr; + const char *errstr; until = princ.last_pwd_change + pol.pw_min_life; time_string = ctime(&until); errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON); - if (strlen(errstr) + strlen(time_string) >= msg_len) { - *errstr = '\0'; - } else { + if (strlen(errstr) + strlen(time_string) < msg_len) { if (*(ptr = &time_string[strlen(time_string)-1]) == '\n') *ptr = '\0'; snprintf(msg_ret, msg_len, errstr, time_string); diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index dad724869..37e66316e 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -150,15 +150,14 @@ static void display_status_1(m, code, type) OM_uint32 code; int type; { - OM_uint32 maj_stat, min_stat; + OM_uint32 min_stat; gss_buffer_desc msg; OM_uint32 msg_ctx; msg_ctx = 0; while (1) { - maj_stat = gss_display_status(&min_stat, code, - type, GSS_C_NULL_OID, - &msg_ctx, &msg); + (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, + &msg_ctx, &msg); fprintf(stderr, _("GSS-API error %s: %s\n"), m, (char *)msg.value); (void) gss_release_buffer(&min_stat, &msg); @@ -223,7 +222,7 @@ int main(int argc, char *argv[]) kadm5_config_params params; char **db_args = NULL; int db_args_size = 0; - char *errmsg; + const char *errmsg; int i; int strong_random = 1; const char *pid_file = NULL; diff --git a/src/kdc/main.c b/src/kdc/main.c index 6c115a9df..950fa41d7 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -119,12 +119,10 @@ find_realm_data(struct server_handle *handle, char *rname, krb5_ui_4 rsize) kdc_realm_t * setup_server_realm(struct server_handle *handle, krb5_principal sprinc) { - krb5_error_code kret; kdc_realm_t *newrealm; kdc_realm_t **kdc_realmlist = handle->kdc_realmlist; int kdc_numrealms = handle->kdc_numrealms; - kret = 0; if (kdc_numrealms > 1) { if (!(newrealm = find_realm_data(handle, sprinc->realm.data, (krb5_ui_4) sprinc->realm.length))) diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c index f69320aad..7780b8a7d 100644 --- a/src/lib/apputils/net-server.c +++ b/src/lib/apputils/net-server.c @@ -980,52 +980,6 @@ setup_udp_port(void *P_data, struct sockaddr *addr) return setup_udp_port_1(data, addr, haddrbuf, 0); } -#if 1 -static void -klog_handler(const void *data, size_t len) -{ - static char buf[BUFSIZ]; - static int bufoffset; - void *p; - -#define flush_buf() \ - (bufoffset \ - ? (((buf[0] == 0 || buf[0] == '\n') \ - ? (fork()==0?abort():(void)0) \ - : (void)0), \ - krb5_klog_syslog(LOG_INFO, "%s", buf), \ - memset(buf, 0, sizeof(buf)), \ - bufoffset = 0) \ - : 0) - - p = memchr(data, 0, len); - if (p) - len = (const char *)p - (const char *)data; -scan_for_newlines: - if (len == 0) - return; - p = memchr(data, '\n', len); - if (p) { - if (p != data) - klog_handler(data, (size_t)((const char *)p - (const char *)data)); - flush_buf(); - len -= ((const char *)p - (const char *)data) + 1; - data = 1 + (const char *)p; - goto scan_for_newlines; - } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) { - size_t x = sizeof(buf) - len - 1; - klog_handler(data, x); - flush_buf(); - len -= x; - data = (const char *)data + x; - goto scan_for_newlines; - } else { - memcpy(buf + bufoffset, data, len); - bufoffset += len; - } -} -#endif - #ifdef HAVE_STRUCT_RT_MSGHDR #include <net/route.h> diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c index 1446d779e..23b69c174 100644 --- a/src/lib/crypto/builtin/camellia/camellia-gen.c +++ b/src/lib/crypto/builtin/camellia/camellia-gen.c @@ -21,7 +21,8 @@ camellia_ctx ctx, dctx; static void init () { - int i, j, r; + size_t i, j; + cam_rval r; srand(42); for (i = 0; i < 16; i++) @@ -40,7 +41,7 @@ static void init () static void hexdump(const unsigned char *ptr, size_t len) { - int i; + size_t i; for (i = 0; i < len; i++) printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]); } @@ -89,7 +90,7 @@ static void fips_test () static void xor (unsigned char *out, const unsigned char *a, const unsigned char *b) { - int i; + size_t i; for (i = 0; i < B; i++) out[i] = a[i] ^ b[i]; } @@ -97,7 +98,8 @@ xor (unsigned char *out, const unsigned char *a, const unsigned char *b) static void ecb_enc (unsigned char *out, unsigned char *in, unsigned int len) { - int i, r; + size_t i; + cam_rval r; for (i = 0; i < len; i += 16) { r = camellia_enc_blk (in + i, out + i, &ctx); if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); @@ -108,7 +110,8 @@ ecb_enc (unsigned char *out, unsigned char *in, unsigned int len) static void ecb_dec (unsigned char *out, unsigned char *in, unsigned int len) { - int i, r; + size_t i; + cam_rval r; for (i = 0; i < len; i += 16) { r = camellia_dec_blk (in + i, out + i, &dctx); if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1); @@ -125,7 +128,8 @@ static void cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv, unsigned int len) { - int i, r; + size_t i; + cam_rval r; unsigned char tmp[B]; D(iv); memcpy (tmp, iv, B); @@ -145,7 +149,8 @@ static void cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv, unsigned int len) { - int i, r; + size_t i; + cam_rval r; unsigned char tmp[B]; memcpy (tmp, iv, B); for (i = 0; i < len; i += B) { @@ -231,7 +236,7 @@ cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv, static void ecb_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("ECB tests:\n"); @@ -239,7 +244,7 @@ static void ecb_test () hexdump (key, sizeof(key)); for (testno = 0; testno < NTESTS; testno++) { unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); @@ -262,7 +267,7 @@ unsigned char ivec[16] = { 0 }; static void cbc_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("CBC tests:\n"); @@ -270,7 +275,7 @@ static void cbc_test () hexdump (ivec, sizeof(ivec)); for (testno = 0; testno < NTESTS; testno++) { unsigned len = (test_case_len[testno] + 15) & ~15; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); @@ -291,7 +296,7 @@ static void cbc_test () static void cts_test () { - int testno; + size_t testno; unsigned char tmp[4*B]; printf ("CTS tests:\n"); @@ -299,7 +304,7 @@ static void cts_test () hexdump (ivec, sizeof(ivec)); for (testno = 0; testno < NTESTS; testno++) { unsigned int len = test_case_len[testno]; - printf ("\ntest %d - %d bytes\n", testno, len); + printf ("\ntest %d - %d bytes\n", (int)testno, len); printf ("input:"); hexdump (test_case[testno].input, len); printf ("\n"); diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c index 1ed033b11..a7382a48a 100644 --- a/src/lib/crypto/crypto_tests/aes-test.c +++ b/src/lib/crypto/crypto_tests/aes-test.c @@ -39,7 +39,7 @@ static krb5_keyblock enc_key; static krb5_data ivec; static void init() { - enc_key.contents = key; + enc_key.contents = (krb5_octet *)key; enc_key.length = 16; ivec.data = zero; ivec.length = 16; diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c index f2a3012b2..2b022b4ac 100644 --- a/src/lib/crypto/crypto_tests/t_cts.c +++ b/src/lib/crypto/crypto_tests/t_cts.c @@ -121,11 +121,11 @@ static void test_cts() iov.flags = KRB5_CRYPTO_TYPE_DATA; iov.data.data = outbuf; - in.data = input; + in.data = (char *)input; enciv.length = deciv.length = 16; enciv.data = encivbuf; deciv.data = decivbuf; - keyblock.contents = aeskey; + keyblock.contents = (krb5_octet *)aeskey; keyblock.length = 16; keyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96; diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c index cd79dc3ee..65efa604f 100644 --- a/src/lib/crypto/crypto_tests/t_hmac.c +++ b/src/lib/crypto/crypto_tests/t_hmac.c @@ -233,10 +233,9 @@ static void test_hmac() }; for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) { - key.contents = md5tests[i].key; + key.contents = (krb5_octet *)md5tests[i].key; key.length = md5tests[i].key_len; - in.data = md5tests[i].data; - in.length = md5tests[i].data_len; + in = make_data((char *)md5tests[i].data, md5tests[i].data_len); out.data = outbuf; out.length = 20; diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c index 935125d9d..9d4e206ab 100644 --- a/src/lib/crypto/krb/aead.c +++ b/src/lib/crypto/krb/aead.c @@ -141,7 +141,7 @@ krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length) static size_t next_iov_to_process(struct iov_cursor *cursor, size_t ind) { - krb5_crypto_iov *iov; + const krb5_crypto_iov *iov; for (; ind < cursor->iov_count; ind++) { iov = &cursor->iov[ind]; diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index ae55297d0..42ac1226b 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -441,7 +441,6 @@ kg_accept_krb5(minor_status, context_handle, char *sptr; OM_uint32 tmp; size_t md5len; - int bigend; krb5_gss_cred_id_t cred = 0; krb5_data ap_rep, ap_req; unsigned int i; @@ -698,7 +697,6 @@ kg_accept_krb5(minor_status, context_handle, } gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG; - bigend = 0; decode_req_message = 0; } else { /* gss krb5 v1 */ diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c index 04d70a64b..a1bb92dc0 100644 --- a/src/lib/gssapi/krb5/gssapi_krb5.c +++ b/src/lib/gssapi/krb5/gssapi_krb5.c @@ -405,7 +405,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status, gss_buffer_set_t *data_set) { OM_uint32 major_status = GSS_S_FAILURE; - krb5_gss_cred_id_t cred; #if 0 size_t i; #endif @@ -431,8 +430,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status, if (GSS_ERROR(major_status)) return major_status; - cred = (krb5_gss_cred_id_t) cred_handle; - #if 0 for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/ sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) { diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 81f7a3ab9..33c8c8808 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1124,7 +1124,6 @@ make_NegHints(OM_uint32 *minor_status, OM_uint32 minor; unsigned int tlen = 0; unsigned int hintNameSize = 0; - unsigned int negHintsSize = 0; unsigned char *ptr; unsigned char *t; @@ -1208,7 +1207,6 @@ make_NegHints(OM_uint32 *minor_status, /* Length of DER encoded hintName */ tlen += 1 + gssint_der_length_size(hintNameSize); - negHintsSize = tlen; t = gssalloc_malloc(tlen); if (t == NULL) { @@ -1619,7 +1617,6 @@ spnego_gss_accept_sec_context( gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER; spnego_gss_ctx_id_t sc = NULL; spnego_gss_cred_id_t spcred = NULL; - OM_uint32 mechstat = GSS_S_FAILURE; int sendTokenInit = 0, tmpret; mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; @@ -1718,15 +1715,12 @@ spnego_gss_accept_sec_context( * round-trip. RET is set to a default value according to * whether it is the first round-trip. */ - mechstat = GSS_S_FAILURE; if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) { ret = acc_ctx_call_acc(minor_status, sc, spcred, mechtok_in, mech_type, &mechtok_out, ret_flags, time_rec, delegated_cred_handle, &negState, &return_token); - } else if (negState == REQUEST_MIC) { - mechstat = GSS_S_CONTINUE_NEEDED; } /* Step 3: process or generate the MIC, if the negotiated mech is @@ -4008,10 +4002,10 @@ g_verify_neg_token_init(unsigned char **buf_in, unsigned int cur_size) * - check for a0(context specific identifier) * - get length and verify that enoughd ata exists */ - if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &seqsize) < 0) + if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &bytes) < 0) return (G_BAD_TOK_HEADER); - cur_size = seqsize; /* should indicate bytes remaining */ + cur_size = bytes; /* should indicate bytes remaining */ /* * Verify the next piece, it should identify this as diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c index adc050c95..9d51991f4 100644 --- a/src/lib/kadm5/clnt/client_init.c +++ b/src/lib/kadm5/clnt/client_init.c @@ -613,7 +613,6 @@ static kadm5_ret_t setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, char *client_name, char *full_svcname) { - kadm5_ret_t code; OM_uint32 gssstat, minor_stat; gss_buffer_desc buf; gss_name_t gss_client; @@ -622,7 +621,6 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, const char *c_ccname_orig; char *ccname_orig; - code = KADM5_GSS_ERROR; gss_client_creds = GSS_C_NO_CREDENTIAL; ccname_orig = NULL; gss_client = gss_target = GSS_C_NO_NAME; @@ -630,10 +628,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, /* Temporarily use the kadm5 cache. */ gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name, &c_ccname_orig); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } if (c_ccname_orig) ccname_orig = strdup(c_ccname_orig); else @@ -643,10 +639,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, buf.length = strlen((char *)buf.value) + 1; gssstat = gss_import_name(&minor_stat, &buf, (gss_OID) gss_nt_krb5_name, &gss_target); - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } if (client_name) { buf.value = client_name; @@ -655,16 +649,13 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in, (gss_OID) gss_nt_krb5_name, &gss_client); } else gss_client = GSS_C_NO_NAME; - if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; + if (gssstat != GSS_S_COMPLETE) goto error; - } gssstat = gss_acquire_cred(&minor_stat, gss_client, 0, GSS_C_NULL_OID_SET, GSS_C_INITIATE, &gss_client_creds, NULL, NULL); if (gssstat != GSS_S_COMPLETE) { - code = KADM5_GSS_ERROR; #if 0 /* for debugging only */ { OM_uint32 maj_status, min_status, message_context = 0; @@ -762,7 +753,7 @@ rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in, /* Use RPCSEC_GSS by default. */ if (params_in == NULL || !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) { - sec.mech = gss_mech_krb5; + sec.mech = (gss_OID)gss_mech_krb5; sec.qop = GSS_C_QOP_DEFAULT; sec.svc = RPCSEC_GSS_SVC_PRIVACY; sec.cred = gss_client_creds; diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index 153b96297..42ac783ad 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -819,7 +819,8 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) return (FALSE); } if (objp->code == KADM5_OK) { - if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0, + if (!xdr_array(xdrs, (char **)&objp->keys, + (unsigned int *)&objp->n_keys, ~0, sizeof(krb5_keyblock), xdr_krb5_keyblock)) return FALSE; } diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 7094f49a8..b2aeb7daa 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -112,7 +112,7 @@ kadm5int_acl_get_line(fp, lnp) line_incr = 0; for (domore = 1; domore && !feof(fp); ) { /* Copy in the line, with continuations */ - for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) { + for (i = 0; ((i < BUFSIZ) && !feof(fp)); i++) { int byte; byte = fgetc(fp); acl_buf[i] = byte; diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c index f4217dd49..23661448a 100644 --- a/src/lib/kadm5/srv/server_kdb.c +++ b/src/lib/kadm5/srv/server_kdb.c @@ -282,7 +282,7 @@ kdb_get_entry(kadm5_server_handle_t handle, return(ret); } - xdrmem_create(&xdrs, tl_data.tl_data_contents, + xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents, tl_data.tl_data_length, XDR_DECODE); if (! xdr_osa_princ_ent_rec(&xdrs, adb)) { xdr_destroy(&xdrs); @@ -373,7 +373,7 @@ kdb_put_entry(kadm5_server_handle_t handle, } tl_data.tl_data_type = KRB5_TL_KADM_DATA; tl_data.tl_data_length = xdr_getpos(&xdrs); - tl_data.tl_data_contents = xdralloc_getdata(&xdrs); + tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs); ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data); diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 6d90628dc..6c7a2c0d5 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -245,10 +245,12 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy, ks_tuple = handle->params.keysalts; } /* Dup the requested or defaulted keysalt tuples. */ - new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple), - &ret); - if (new_ks_tuple == NULL) + new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple)); + if (new_ks_tuple == NULL) { + ret = ENOMEM; goto cleanup; + } + memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple)); new_n_ks_tuple = n_ks_tuple; ret = 0; goto cleanup; @@ -363,7 +365,7 @@ kadm5_create_principal_3(void *server_handle, kadm5_policy_ent_rec polent; krb5_boolean have_polent = FALSE; krb5_int32 now; - krb5_tl_data *tl_data_orig, *tl_data_tail; + krb5_tl_data *tl_data_tail; unsigned int ret; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; @@ -487,7 +489,6 @@ kadm5_create_principal_3(void *server_handle, if (mask & KADM5_TL_DATA) { /* splice entry->tl_data onto the front of kdb->tl_data */ - tl_data_orig = kdb->tl_data; for (tl_data_tail = entry->tl_data; tl_data_tail; tl_data_tail = tl_data_tail->tl_data_next) { @@ -1265,6 +1266,8 @@ kadm5_use_password_server (void) } #endif +void kadm5_set_use_password_server (void); + void kadm5_set_use_password_server (void) { diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c index 2ab59f570..8bf2c89e6 100644 --- a/src/lib/kdb/iprop_xdr.c +++ b/src/lib/kdb/iprop_xdr.c @@ -9,7 +9,7 @@ #pragma GCC diagnostic ignored "-Wunused-variable" #endif -bool_t +static bool_t xdr_int16_t (XDR *xdrs, int16_t *objp) { register int32_t *buf; @@ -19,17 +19,7 @@ xdr_int16_t (XDR *xdrs, int16_t *objp) return TRUE; } -bool_t -xdr_uint16_t (XDR *xdrs, uint16_t *objp) -{ - register int32_t *buf; - - if (!xdr_u_short (xdrs, objp)) - return FALSE; - return TRUE; -} - -bool_t +static bool_t xdr_int32_t (XDR *xdrs, int32_t *objp) { register int32_t *buf; @@ -39,7 +29,7 @@ xdr_int32_t (XDR *xdrs, int32_t *objp) return TRUE; } -bool_t +static bool_t xdr_uint32_t (XDR *xdrs, uint32_t *objp) { register int32_t *buf; diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c index bbe2a2e6d..3828c5949 100644 --- a/src/lib/krb5/ccache/cc_keyring.c +++ b/src/lib/krb5/ccache/cc_keyring.c @@ -144,11 +144,6 @@ debug_print(char *fmt, ...) /* Hopefully big enough to hold a serialized credential */ #define GUESS_CRED_SIZE 4096 -#define ALLOC(NUM,TYPE) \ - (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \ - ? (TYPE *) calloc((NUM), sizeof(TYPE)) \ - : (errno = ENOMEM,(TYPE *) 0)) - #define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest #define CHECK(ret) if (ret != KRB5_OK) goto errout #define CHECK_OUT(ret) if (ret != KRB5_OK) return ret @@ -651,7 +646,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, krb5_krcc_cursor krcursor; krb5_krcc_data *d; unsigned int size; - int res; + long res; DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n")); @@ -676,7 +671,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id, krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor)); res = keyctl_read(d->ring_id, (char *) krcursor->keys, ((d->numkeys + 1) * sizeof(key_serial_t))); - if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) { + if (res < 0 || (size_t)res > ((d->numkeys + 1) * sizeof(key_serial_t))) { DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n", res, d->numkeys, strerror(errno))); free(krcursor); @@ -1213,7 +1208,7 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p) */ memset(ids_buf, '\0', sizeof(ids_buf)); val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf)); - if (val > sizeof(ids_buf)) + if (val < 0 || (size_t)val > sizeof(ids_buf)) goto out; val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread); @@ -1359,12 +1354,7 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id, if (tmpprinc == NULL) return KRB5_CC_NOMEM; if (length) { - size_t msize = length; - if (msize != length) { - free(tmpprinc); - return KRB5_CC_NOMEM; - } - tmpprinc->data = ALLOC(msize, krb5_data); + tmpprinc->data = calloc(length, sizeof(krb5_data)); if (tmpprinc->data == 0) { free(tmpprinc); return KRB5_CC_NOMEM; @@ -1415,12 +1405,9 @@ krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id, if (int32 < 0) return KRB5_CC_NOMEM; keyblock->length = int32; - /* Overflow check. */ - if (keyblock->length != int32) - return KRB5_CC_NOMEM; if (keyblock->length == 0) return KRB5_OK; - keyblock->contents = ALLOC(keyblock->length, krb5_octet); + keyblock->contents = malloc(keyblock->length); if (keyblock->contents == NULL) return KRB5_CC_NOMEM; @@ -1478,7 +1465,7 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id, if (len < 0) return KRB5_CC_NOMEM; data->length = len; - if (data->length != len || data->length + 1 == 0) + if (data->length + 1 == 0) return KRB5_CC_NOMEM; if (data->length == 0) { @@ -1542,11 +1529,10 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id, * Make *addrs able to hold length pointers to krb5_address structs * Add one extra for a null-terminated list */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + msize = (size_t)length + 1; + if (msize == 0 || length < 0) return KRB5_CC_NOMEM; - *addrs = ALLOC(msize, krb5_address *); + *addrs = calloc(msize, sizeof(krb5_address *)); if (*addrs == NULL) return KRB5_CC_NOMEM; @@ -1587,13 +1573,6 @@ krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr, if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; addr->length = int32; - /* - * Length field is "unsigned int", which may be smaller - * than 32 bits. - */ - if (addr->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - if (addr->length == 0) return KRB5_OK; @@ -1633,11 +1612,10 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id, * Make *a able to hold length pointers to krb5_authdata structs * Add one extra for a null-terminated list */ - msize = length; - msize += 1; - if (msize == 0 || msize - 1 != length || length < 0) + msize = (size_t)length + 1; + if (msize == 0 || length < 0) return KRB5_CC_NOMEM; - *a = ALLOC(msize, krb5_authdata *); + *a = calloc(msize, sizeof(krb5_authdata *)); if (*a == NULL) return KRB5_CC_NOMEM; @@ -1680,13 +1658,6 @@ krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id, if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */ return KRB5_CC_NOMEM; a->length = int32; - /* - * Value could have gotten truncated if int is - * smaller than 32 bits. - */ - if (a->length != int32) - return KRB5_CC_NOMEM; /* XXX */ - if (a->length == 0) return KRB5_OK; diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c index 1c112725e..991cef025 100644 --- a/src/lib/krb5/ccache/t_cc.c +++ b/src/lib/krb5/ccache/t_cc.c @@ -332,14 +332,14 @@ check_registered(krb5_context context, const char *prefix) if(kret != KRB5_OK) { if(kret == KRB5_CC_UNKNOWN_TYPE) return 0; - com_err("Checking on credential type", kret,prefix); + com_err("Checking on credential type", kret, "%s", prefix); fflush(stderr); return 0; } kret = krb5_cc_close(context, id); if(kret != KRB5_OK) { - com_err("Checking on credential type - closing", kret,prefix); + com_err("Checking on credential type - closing", kret, "%s", prefix); fflush(stderr); } diff --git a/src/lib/krb5/krb/t_deltat.c b/src/lib/krb5/krb/t_deltat.c index 8a50c6905..e519ee804 100644 --- a/src/lib/krb5/krb/t_deltat.c +++ b/src/lib/krb5/krb/t_deltat.c @@ -126,7 +126,7 @@ main (void) }; int fail = 0; - int i; + size_t i; for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) { krb5_deltat result; @@ -150,8 +150,8 @@ main (void) } } if (fail == 0) - printf ("Passed all %d tests.\n", i); + printf ("Passed all %d tests.\n", (int)i); else - printf ("Failed %d of %d tests.\n", fail, i); + printf ("Failed %d of %d tests.\n", fail, (int)i); return fail; } diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c index 692d89d78..9cdf5e641 100644 --- a/src/lib/krb5/krb/t_ser.c +++ b/src/lib/krb5/krb/t_ser.c @@ -95,7 +95,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen); if (!kret) { if (verbose) { - printf("%s: externalized in %d bytes\n", msg, outlen); + printf("%s: externalized in %d bytes\n", msg, (int)outlen); print_erep(outrep, outlen); } @@ -110,7 +110,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype) if (!kret) { if (ilen) printf("%s: %d bytes left over after internalize\n", - msg, ilen); + msg, (int)ilen); /* Now attempt to re-externalize it */ kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2); if (!kret) { diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index f894d05a3..f7eb2d240 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1346,12 +1346,10 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile) { struct localaddr_data data = { 0 }; int r; - krb5_error_code err; - if (use_profile) { - err = krb5_os_localaddr_profile (context, &data); - /* ignore err for now */ - } + /* Ignore errors for now. */ + if (use_profile) + (void)krb5_os_localaddr_profile (context, &data); r = foreach_localaddr (&data, count_addrs, allocate, add_addr); if (r != 0) { diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index ef7ce0b9d..1930d7e9d 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -223,9 +223,8 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, struct stat sb1, sb2; #endif char *dir; - size_t dirlen; - GETDIR; + dir = getdir(); if (full_pathname) { if (!(d->fn = strdup(full_pathname))) return KRB5_RC_IO_MALLOC; diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c index ab161c17d..319bc759b 100644 --- a/src/lib/rpc/auth_gss.c +++ b/src/lib/rpc/auth_gss.c @@ -546,7 +546,6 @@ authgss_destroy_context(AUTH *auth) { struct rpc_gss_data *gd; OM_uint32 min_stat; - enum clnt_stat callstat; log_debug("in authgss_destroy_context()"); @@ -555,10 +554,8 @@ authgss_destroy_context(AUTH *auth) if (gd->gc.gc_ctx.length != 0) { if (gd->established) { gd->gc.gc_proc = RPCSEC_GSS_DESTROY; - callstat = clnt_call(gd->clnt, NULLPROC, - xdr_void, NULL, - xdr_void, NULL, - AUTH_TIMEOUT); + (void)clnt_call(gd->clnt, NULLPROC, xdr_void, NULL, + xdr_void, NULL, AUTH_TIMEOUT); log_debug("%s", clnt_sperror(gd->clnt, "authgss_destroy_context")); diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 66edf572a..10d9e3f62 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -188,7 +188,6 @@ getbroadcastnets( { struct ifconf ifc; struct ifreq ifreq, *ifr; - struct sockaddr_in *sockin; int n, i; ifc.ifc_len = GIFCONF_BUFSIZE; @@ -208,24 +207,16 @@ getbroadcastnets( if ((ifreq.ifr_flags & IFF_BROADCAST) && (ifreq.ifr_flags & IFF_UP) && ifr->ifr_addr.sa_family == AF_INET) { - sockin = (struct sockaddr_in *)&ifr->ifr_addr; #ifdef SIOCGIFBRDADDR /* 4.3BSD */ if (ioctl(sock, SIOCGIFBRDADDR, (char *)&ifreq) < 0) { addrs[i++].s_addr = INADDR_ANY; -#if 0 /* this is uuuuugly */ - addrs[i++] = inet_makeaddr(inet_netof -#if defined(hpux) || (defined(sun) && defined(__svr4__)) || defined(linux) || (defined(__osf__) && defined(__alpha__)) - (sockin->sin_addr), -#else /* hpux or solaris */ - (sockin->sin_addr.s_addr), -#endif - INADDR_ANY); -#endif } else { addrs[i++] = ((struct sockaddr_in*) &ifreq.ifr_addr)->sin_addr; } #else /* 4.2 BSD */ + struct sockaddr_in *sockin; + sockin = (struct sockaddr_in *)&ifr->ifr_addr; addrs[i++] = inet_makeaddr(inet_netof (sockin->sin_addr.s_addr), INADDR_ANY); #endif diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c index c3d52dc89..68498daa8 100644 --- a/src/lib/rpc/svc_auth_gss.c +++ b/src/lib/rpc/svc_auth_gss.c @@ -486,8 +486,8 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, offset = 0 - offset; gd->seqmask <<= offset; offset = 0; - } - else if (offset >= gd->win || (gd->seqmask & (1 << offset))) { + } else if ((u_int)offset >= gd->win || + (gd->seqmask & (1 << offset))) { *no_dispatch = 1; ret_freegc (RPCSEC_GSS_CTXPROBLEM); } diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index a38f35d7d..0b0152730 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -198,6 +198,7 @@ svcudp_recv( register int rlen; char *reply; uint32_t replylen; + socklen_t addrlen; again: memset(&dummy, 0, sizeof(dummy)); @@ -215,13 +216,14 @@ svcudp_recv( return (FALSE); } - xprt->xp_addrlen = sizeof(struct sockaddr_in); + addrlen = sizeof(struct sockaddr_in); rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz, - 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen)); + 0, (struct sockaddr *)&(xprt->xp_raddr), &addrlen); if (rlen == -1 && errno == EINTR) goto again; if (rlen < (int) (4*sizeof(uint32_t))) return (FALSE); + xprt->xp_addrlen = addrlen; xdrs->x_op = XDR_DECODE; XDR_SETPOS(xdrs, 0); if (! xdr_callmsg(xdrs, msg)) diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c index 6ab45347f..646477f3d 100644 --- a/src/lib/rpc/unit-test/client.c +++ b/src/lib/rpc/unit-test/client.c @@ -58,8 +58,8 @@ main(argc, argv) CLIENT *clnt; AUTH *tmp_auth; struct rpc_err e; - int i, auth_once, sock, use_tcp; - unsigned int count; + int auth_once, sock, use_tcp; + unsigned int count, i; extern int optind; extern char *optarg; extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi; diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c index febb8be44..f3eb047b1 100644 --- a/src/lib/rpc/xdr_mem.c +++ b/src/lib/rpc/xdr_mem.c @@ -125,7 +125,7 @@ static bool_t xdrmem_getbytes(XDR *xdrs, caddr_t addr, u_int len) { - if (xdrs->x_handy < len) + if ((u_int)xdrs->x_handy < len) return (FALSE); else xdrs->x_handy -= len; @@ -138,7 +138,7 @@ static bool_t xdrmem_putbytes(XDR *xdrs, caddr_t addr, u_int len) { - if (xdrs->x_handy < len) + if ((u_int)xdrs->x_handy < len) return (FALSE); else xdrs->x_handy -= len; diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c index cb839b68b..058788257 100644 --- a/src/lib/rpc/xdr_rec.c +++ b/src/lib/rpc/xdr_rec.c @@ -244,7 +244,7 @@ static bool_t /* must manage buffers, fragments, and records */ xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len) { register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private); - register int current; + register u_int current; while (len > 0) { current = rstrm->fbtbc; @@ -519,7 +519,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len) return (FALSE); continue; } - current = (len < current) ? len : current; + current = ((size_t)len < current) ? (size_t)len : current; memmove(addr, rstrm->in_finger, current); rstrm->in_finger += current; addr += current; diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c index a9b16e214..145e38755 100644 --- a/src/lib/rpc/xdr_sizeof.c +++ b/src/lib/rpc/xdr_sizeof.c @@ -80,7 +80,7 @@ x_setpostn(xdrs, pos) return (FALSE); } -static long * +static rpc_inline_t * x_inline(xdrs, len) XDR *xdrs; int len; @@ -94,7 +94,7 @@ x_inline(xdrs, len) if (len < (int) xdrs->x_base) { /* x_private was already allocated */ xdrs->x_handy += len; - return ((long *) xdrs->x_private); + return ((rpc_inline_t *) xdrs->x_private); } else { /* Free the earlier space and allocate new area */ if (xdrs->x_private) @@ -105,7 +105,7 @@ x_inline(xdrs, len) } xdrs->x_base = (caddr_t) len; xdrs->x_handy += len; - return ((long *) xdrs->x_private); + return ((rpc_inline_t *) xdrs->x_private); } } @@ -139,7 +139,7 @@ xdr_sizeof(func, data) bool_t stat; /* to stop ANSI-C compiler from complaining */ typedef bool_t (* dummyfunc1)(XDR *, long *); - typedef bool_t (* dummyfunc2)(XDR *, caddr_t, int); + typedef bool_t (* dummyfunc2)(XDR *, caddr_t, u_int); ops.x_putlong = x_putlong; ops.x_putbytes = x_putbytes; diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c index 38e470ffb..940281378 100644 --- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c +++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c @@ -156,7 +156,6 @@ list_modify_str_array(char ***destlist, const char **sourcelist, int mode) char **dlist = NULL, **tmplist = NULL; const char **slist = NULL; int dcount = 0, scount = 0, copycount = 0; - int found = 0; if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL)) return; @@ -192,10 +191,8 @@ list_modify_str_array(char ***destlist, const char **sourcelist, int mode) * from the destination list */ for (slist = sourcelist; *slist != NULL; slist++) { for (dlist = *destlist; *dlist != NULL; dlist++) { - found = 0; /* value not found */ /* DN is case insensitive string */ if (strcasecmp(*dlist, *slist) == 0) { - found = 1; free(*dlist); /* Advance the rest of the entries by one */ for (tmplist = dlist; *tmplist != NULL; tmplist++) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index 3fac3c7d3..8776ab513 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -536,12 +536,10 @@ krb5_error_code is_principal_in_realm(krb5_ldap_context *ldap_context, krb5_const_principal searchfor) { - size_t defrealmlen=0; char *defrealm=NULL; #define FIND_MAX(a,b) ((a) > (b) ? (a) : (b)) - defrealmlen = strlen(ldap_context->lrparams->realm_name); defrealm = ldap_context->lrparams->realm_name; /* @@ -1646,6 +1644,7 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, { krb5_error_code st = 0; unsigned int mask = 0; + int val; krb5_boolean attr_present = FALSE; char **values = NULL, *policydn = NULL, *pwdpolicydn = NULL; char *polname = NULL, *tktpolname = NULL; @@ -1720,9 +1719,10 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context, mask |= KDB_LAST_FAILED_ATTR; /* KRBLOGINFAILEDCOUNT */ - if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount", - &(entry->fail_auth_count)) == 0) + if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount", &val) == 0) { + entry->fail_auth_count = val; mask |= KDB_FAIL_AUTH_COUNT_ATTR; + } /* KRBMAXTICKETLIFE */ if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 527873c1f..bcdc1dc47 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -555,7 +555,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, goto cleanup; if (entry->mask & KADM5_LOAD) { - int tree = 0, ntrees = 0, numlentries = 0; + unsigned int tree = 0, ntrees = 0; + int numlentries = 0; char **subtreelist = NULL, *filter = NULL; /* A load operation is special, will do a mix-in (add krbprinc @@ -695,7 +696,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, */ if (xargs.dn_from_kbd == TRUE) { /* make sure the DN falls in the subtree */ - int tre=0, dnlen=0, subtreelen=0, ntrees=0; + unsigned int tre=0, ntrees=0; + int dnlen=0, subtreelen=0; char **subtreelist=NULL; char *dn=NULL; krb5_boolean outofsubtree=TRUE; @@ -1293,7 +1295,7 @@ krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context, krb5_db_entry *entries, char *policy) { krb5_error_code st=0; - unsigned int mask=0, omask=0; + int mask=0, omask=0; int tkt_mask=(KDB_MAX_LIFE_ATTR | KDB_MAX_RLIFE_ATTR | KDB_TKT_FLAGS_ATTR); krb5_ldap_policy_params *tktpoldnparam=NULL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c index 2169aaae1..4d7d6739e 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c @@ -232,6 +232,15 @@ cleanup: return(st); } +static void +get_ui4(LDAP *ld, LDAPMessage *ent, char *name, krb5_ui_4 *out) +{ + int val; + + krb5_ldap_get_value(ld, ent, name, &val); + *out = val; +} + static krb5_error_code populate_policy(krb5_context context, LDAP *ld, @@ -245,19 +254,18 @@ populate_policy(krb5_context context, CHECK_NULL(pol_entry->name); pol_entry->version = 1; - krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(pol_entry->pw_max_life)); - krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(pol_entry->pw_min_life)); - krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(pol_entry->pw_min_classes)); - krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(pol_entry->pw_min_length)); - krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(pol_entry->pw_history_num)); - - krb5_ldap_get_value(ld, ent, "krbpwdmaxfailure", &(pol_entry->pw_max_fail)); - krb5_ldap_get_value(ld, ent, "krbpwdfailurecountinterval", &(pol_entry->pw_failcnt_interval)); - krb5_ldap_get_value(ld, ent, "krbpwdlockoutduration", &(pol_entry->pw_lockout_duration)); - krb5_ldap_get_value(ld, ent, "krbpwdattributes", &(pol_entry->attributes)); - krb5_ldap_get_value(ld, ent, "krbpwdmaxlife", &(pol_entry->max_life)); - krb5_ldap_get_value(ld, ent, "krbpwdmaxrenewablelife", - &(pol_entry->max_renewable_life)); + get_ui4(ld, ent, "krbmaxpwdlife", &pol_entry->pw_max_life); + get_ui4(ld, ent, "krbminpwdlife", &pol_entry->pw_min_life); + get_ui4(ld, ent, "krbpwdmindiffchars", &pol_entry->pw_min_classes); + get_ui4(ld, ent, "krbpwdminlength", &pol_entry->pw_min_length); + get_ui4(ld, ent, "krbpwdhistorylength", &pol_entry->pw_history_num); + get_ui4(ld, ent, "krbpwdmaxfailure", &pol_entry->pw_max_fail); + get_ui4(ld, ent, "krbpwdfailurecountinterval", + &pol_entry->pw_failcnt_interval); + get_ui4(ld, ent, "krbpwdlockoutduration", &pol_entry->pw_lockout_duration); + get_ui4(ld, ent, "krbpwdattributes", &pol_entry->attributes); + get_ui4(ld, ent, "krbpwdmaxlife", &pol_entry->max_life); + get_ui4(ld, ent, "krbpwdmaxrenewablelife", &pol_entry->max_renewable_life); st = krb5_ldap_get_string(ld, ent, "krbpwdallowedkeysalts", &(pol_entry->allowed_keysalts), NULL); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index e5c1f598f..032be6f97 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -209,7 +209,8 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm) char **values=NULL, **subtrees=NULL, **policy=NULL; LDAPMessage **result_arr=NULL, *result = NULL, *ent = NULL; krb5_principal principal; - int l=0, ntree=0, i=0, j=0, mask=0; + unsigned int l=0, ntree=0; + int i=0, j=0, mask=0; kdb5_dal_handle *dal_handle = NULL; krb5_ldap_context *ldap_context = NULL; krb5_ldap_server_handle *ldap_server_handle = NULL; @@ -342,7 +343,7 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams, krb5_error_code st=0; char **strval=NULL, *strvalprc[5]={NULL}; LDAPMod **mods = NULL; - int oldmask=0, objectmask=0,k=0; + int objectmask=0,k=0; kdb5_dal_handle *dal_handle=NULL; krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; @@ -371,21 +372,6 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams, /* get ldap handle */ GET_HANDLE (); - /* get the oldmask obtained from the krb5_ldap_read_realm_params */ - { - void *voidptr=NULL; - - if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) { - oldmask = *((int *) voidptr); - free (voidptr); - } else { - st = EINVAL; - krb5_set_error_message(context, st, _("tl_data not available")); - return st; - } - } - - /* SUBTREE ATTRIBUTE */ if (mask & LDAP_REALM_SUBTREE) { if ( rparams->subtree!=NULL) { diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c index f412290ae..32e2af005 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c @@ -84,7 +84,6 @@ krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context, int entryfound=0; krb5_error_code st=0; char line[RECORDLEN]="0", *start=NULL, *file=NULL; - char errbuf[1024]; FILE *fptr=NULL; *password = NULL; @@ -166,7 +165,8 @@ rp_exit: int tohex(krb5_data in, krb5_data *ret) { - int i=0, err = 0; + unsigned int i=0; + int err = 0; ret->length = 0; ret->data = NULL; diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c index 760bfd31a..5ae8672c4 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c @@ -187,7 +187,7 @@ krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry) XDR xdrs; - xdrmem_create(&xdrs, tl_data->tl_data_contents, + xdrmem_create(&xdrs, (caddr_t)tl_data->tl_data_contents, tl_data->tl_data_length, XDR_DECODE); if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) { xdr_destroy(&xdrs); diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.c b/src/plugins/preauth/pkinit/pkinit_accessor.c index 15a3e49f3..6bae94969 100644 --- a/src/plugins/preauth/pkinit/pkinit_accessor.c +++ b/src/plugins/preauth/pkinit/pkinit_accessor.c @@ -58,7 +58,7 @@ krb5_error_code krb5_data **code); krb5_error_code -(*k5int_encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **, +(*k5int_encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *, krb5_data **code); krb5_error_code (*k5int_decode_krb5_td_dh_parameters)(const krb5_data *, @@ -66,7 +66,7 @@ krb5_error_code krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers) -(const krb5_external_principal_identifier **, krb5_data **code); +(krb5_external_principal_identifier *const *, krb5_data **code); krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers) diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.h b/src/plugins/preauth/pkinit/pkinit_accessor.h index 21402ad83..dcee3db53 100644 --- a/src/plugins/preauth/pkinit/pkinit_accessor.h +++ b/src/plugins/preauth/pkinit/pkinit_accessor.h @@ -61,12 +61,12 @@ extern krb5_error_code (*k5int_encode_krb5_pa_pk_as_rep_draft9) (const krb5_pa_pk_as_rep_draft9 *, krb5_data **code); extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters) - (const krb5_algorithm_identifier **, krb5_data **code); + (krb5_algorithm_identifier *const *, krb5_data **code); extern krb5_error_code (*k5int_decode_krb5_td_dh_parameters) (const krb5_data *, krb5_algorithm_identifier ***); extern krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers) - (const krb5_external_principal_identifier **, krb5_data **code); + (krb5_external_principal_identifier *const *, krb5_data **code); extern krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers) (const krb5_data *, krb5_external_principal_identifier ***); diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 45f44e0e1..4b0245c9b 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -3416,7 +3416,7 @@ pkinit_create_td_dh_parameters(krb5_context context, SECItem tmp, *oid; krb5_algorithm_identifier id[sizeof(oakley_groups) / sizeof(oakley_groups[0])]; - const krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1]; + krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1]; unsigned int i, j; krb5_data *data; krb5_pa_data **typed_data; @@ -3525,7 +3525,7 @@ pkinit_create_td_invalid_certificate(krb5_context context, { CERTCertificate *invalid; krb5_external_principal_identifier id; - const krb5_external_principal_identifier *ids[2]; + krb5_external_principal_identifier *ids[2]; struct issuer_and_serial_number isn; krb5_data *data; SECItem item; @@ -3591,7 +3591,7 @@ pkinit_create_td_trusted_certifiers(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, krb5_pa_data ***pa_data) { - const krb5_external_principal_identifier **ids; + krb5_external_principal_identifier **ids; krb5_external_principal_identifier *id; struct issuer_and_serial_number isn; krb5_data *data; diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c index a70691197..ae4efc343 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c @@ -1677,7 +1677,7 @@ cms_signeddata_verify(krb5_context context, goto cleanup; } - retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_verified_chain, &authz); + retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_verified_chain, &authz); if (retval) { pkiDebug("encode_krb5_td_trusted_certifiers failed\n"); goto cleanup; @@ -3063,7 +3063,7 @@ pkinit_create_sequence_of_principal_identifiers( goto cleanup; } - retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_trusted_certifiers, &td_certifiers); + retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_trusted_certifiers, &td_certifiers); if (retval) { pkiDebug("encode_krb5_td_trusted_certifiers failed\n"); goto cleanup; @@ -3244,7 +3244,7 @@ pkinit_create_td_dh_parameters(krb5_context context, algId[0]->algorithm = dh_oid; } - retval = k5int_encode_krb5_td_dh_parameters((const krb5_algorithm_identifier **)algId, &encoded_algId); + retval = k5int_encode_krb5_td_dh_parameters((krb5_algorithm_identifier *const *)algId, &encoded_algId); if (retval) goto cleanup; #ifdef DEBUG_ASN1 diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 540d14bfd..acdca0a5a 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -532,14 +532,14 @@ xmit_database(context, auth_context, my_creds, fd, database_fd, int database_fd; int in_database_size; { - krb5_int32 sent_size, n; + krb5_int32 n; krb5_data inbuf, outbuf; char buf[KPROP_BUFSIZ]; krb5_error_code retval; krb5_error *error; /* These must be 4 bytes */ krb5_ui_4 database_size = in_database_size; - krb5_ui_4 send_size; + krb5_ui_4 send_size, sent_size; /* * Send over the size diff --git a/src/tests/dejagnu/t_inetd.c b/src/tests/dejagnu/t_inetd.c index 5e9a0b1b2..abcde50fa 100644 --- a/src/tests/dejagnu/t_inetd.c +++ b/src/tests/dejagnu/t_inetd.c @@ -75,7 +75,7 @@ main(argc, argv) int sock, acc; int one = 1; struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */ - int namelen = sizeof(f_inaddr); + socklen_t namelen = sizeof(f_inaddr); #ifdef POSIX_SIGNALS struct sigaction csig; #endif diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c index 61558a006..5e8ffda8c 100644 --- a/src/tests/gssapi/common.c +++ b/src/tests/gssapi/common.c @@ -44,12 +44,12 @@ gss_OID_set_desc mechset_iakerb = { 1, &mech_iakerb }; static void display_status(const char *msg, OM_uint32 code, int type) { - OM_uint32 maj_stat, min_stat, msg_ctx = 0; + OM_uint32 min_stat, msg_ctx = 0; gss_buffer_desc buf; do { - maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, - &msg_ctx, &buf); + (void)gss_display_status(&min_stat, code, type, GSS_C_NULL_OID, + &msg_ctx, &buf); fprintf(stderr, "%s: %.*s\n", msg, (int)buf.length, (char *)buf.value); (void)gss_release_buffer(&min_stat, &buf); } while (msg_ctx != 0); diff --git a/src/util/profile/test_profile.c b/src/util/profile/test_profile.c index ea7113dae..6f6fcc7ac 100644 --- a/src/util/profile/test_profile.c +++ b/src/util/profile/test_profile.c @@ -24,9 +24,9 @@ static void do_batchmode(profile) { errcode_t retval; int argc, ret; - char **argv, **values, **cpp; + char **argv, **values, *value, **cpp; char buf[256]; - const char **names, *value; + const char **names, *name; char *cmd; int print_status; @@ -76,11 +76,10 @@ static void do_batchmode(profile) retval = profile_rename_section(profile, names+1, *names); } else if (!strcmp(cmd, "add")) { - value = *names; - if (strcmp(value, "NULL") == 0) - value = NULL; - retval = profile_add_relation(profile, names+1, - value); + name = *names; + if (strcmp(name, "NULL") == 0) + name = NULL; + retval = profile_add_relation(profile, names+1, name); } else if (!strcmp(cmd, "flush")) { retval = profile_flush(profile); } else { @@ -116,8 +115,7 @@ int main(argc, argv) { profile_t profile; long retval; - char **values, **cpp; - const char *value; + char **values, *value, **cpp; const char **names; char *cmd; int print_value = 0; |