Fix several portability issues affecting Solaris

Commit 1bfcf572241a4ec0e44e609e5c6b7c0b11b08eea added a trailing
semicolon to the Solaris INIT_FINI_PREP, causing a syntax error when
MAKE_SHLIB_COMMAND uses it as "$(INIT_FINI_PREP} && ${LDCOMBINE} ...".
Remove it.

Commit a575589ef525fb139cafa0de1a05382845f0afbd introduced UNIX domain
socket variables named "sun", which is defined to 1 on Solaris.  Use
"unaddr" or avoid declaring a variable.

Commit 1c87ce6c44a9de0824580a2d72a8a202237e01f4 changed
pkinit_constants.c to use char arrays for OID constants, for brevity
when including them in krb5_data initializers.  But many of the array
elements are not within the range of a signed char, causing errors
with the Solaris C compiler.  Change these constants to uint8_t arrays
and introduce a macro to shorten the krb5_data initializers.

[ghudson@mit.edu: edited for style; wrote commit message]

ticket: 9195

diff --git a/src/config/shlib.conf b/src/config/shlib.conf
index d14ededab74a9c581c0ac9c5ab16a18edc1e4654..066b10534c5eff4813ce7d57efda50981625ef91 100644 (file)
--- a/src/config/shlib.conf
+++ b/src/config/shlib.conf
@@ -239,7 +239,7 @@ mips-*-netbsd*)
                    # Did Solaris 7 and earlier have a linker option for this?
                    ;;
                *)
-                   INIT_FINI_PREP='initfini=; for f in . $(LIBINITFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-z,initarray=$${f}__auxinit"; fi; done;'
+                   INIT_FINI_PREP='initfini=; for f in . $(LIBINITFUNC); do if test $$f = .; then :; else initfini="$$initfini -Wl,-z,initarray=$${f}__auxinit"; fi; done'
                    use_linker_init_option=yes
                    ;;
                esac

diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index 9b04cfd0125fb29f5c795abf0f910abc57df63ef..e48fc7eed1aa170927c70f08ee94f015b541dfe8 100644 (file)
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -938,7 +938,7 @@ setup_addresses(verto_ctx *ctx, void *handle, const char *prog,
     size_t i;
     int err, bound_any;
     struct bind_address addr;
-    struct sockaddr_un sun;
+    struct sockaddr_un unaddr;
     struct addrinfo hints, *ai_list = NULL, *ai = NULL;
     struct sockact_list sockacts = { 0 };
     verto_callback vcb;
@@ -967,16 +967,16 @@ setup_addresses(verto_ctx *ctx, void *handle, const char *prog,
         hints.ai_socktype = bind_socktypes[addr.type];
 
         if (addr.type == UNX) {
-            sun.sun_family = AF_UNIX;
-            if (strlcpy(sun.sun_path, addr.address, sizeof(sun.sun_path)) >=
-                sizeof(sun.sun_path)) {
+            unaddr.sun_family = AF_UNIX;
+            if (strlcpy(unaddr.sun_path, addr.address,
+                        sizeof(unaddr.sun_path)) >= sizeof(unaddr.sun_path)) {
                 ret = ENAMETOOLONG;
                 krb5_klog_syslog(LOG_ERR,
                                  _("UNIX domain socket path too long: %s"),
                                  addr.address);
                 goto cleanup;
             }
-            ret = setup_socket(&addr, (struct sockaddr *)&sun, &sockacts,
+            ret = setup_socket(&addr, (struct sockaddr *)&unaddr, &sockacts,
                                handle, prog, ctx, listen_backlog,
                                verto_callbacks[addr.type],
                                bind_conn_types[addr.type]);

diff --git a/src/lib/krb5/os/addr.c b/src/lib/krb5/os/addr.c
index e351ef800eca848c1a37a1d01f80bd23b4d3a19f..c303c141459aec1d50948a746ad5b54df26dae14 100644 (file)
--- a/src/lib/krb5/os/addr.c
+++ b/src/lib/krb5/os/addr.c
@@ -62,10 +62,9 @@ k5_sockaddr_to_address(const struct sockaddr *sa, krb5_boolean local_use,
         }
 #ifndef _WIN32
     } else if (sa->sa_family == AF_UNIX && local_use) {
-        const struct sockaddr_un *sun = sa2sun(sa);
         out->addrtype = ADDRTYPE_UNIXSOCK;
-        out->length = strlen(sun->sun_path);
-        out->contents = (uint8_t *)sun->sun_path;
+        out->length = strlen(sa2sun(sa)->sun_path);
+        out->contents = (uint8_t *)sa2sun(sa)->sun_path;
 #endif
     } else {
         return KRB5_PROG_ATYPE_NOSUPP;

diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 0cceff800067079dc4ca0e27a067c5e7b65be8d8..f0743c7cf55678abed043dc4eb5a2fbbdfad4ec6 100644 (file)
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -296,16 +296,17 @@ locate_srv_conf_1(krb5_context context, const krb5_data *realm,
 
 #ifndef _WIN32
         if (hostspec[0] == '/') {
-            struct sockaddr_un sun = { 0 };
+            struct sockaddr_un unaddr = { 0 };
 
-            sun.sun_family = AF_UNIX;
-            if (strlcpy(sun.sun_path, hostspec, sizeof(sun.sun_path)) >=
-                sizeof(sun.sun_path)) {
+            unaddr.sun_family = AF_UNIX;
+            if (strlcpy(unaddr.sun_path, hostspec, sizeof(unaddr.sun_path)) >=
+                sizeof(unaddr.sun_path)) {
                 code = ENAMETOOLONG;
                 goto cleanup;
             }
-            code = add_addr_to_list(serverlist, UNIXSOCK, AF_UNIX, sizeof(sun),
-                                    (struct sockaddr *)&sun);
+            code = add_addr_to_list(serverlist, UNIXSOCK, AF_UNIX,
+                                    sizeof(unaddr),
+                                    (struct sockaddr *)&unaddr);
             if (code)
                 goto cleanup;
             continue;

diff --git a/src/plugins/preauth/pkinit/pkinit_constants.c b/src/plugins/preauth/pkinit/pkinit_constants.c
index a32b373c32dd8b6f2b09b71f339da81a44745c0e..19ef23cff3ce76ba3fec1e641e23fe6c2f93cce0 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_constants.c
+++ b/src/plugins/preauth/pkinit/pkinit_constants.c
@@ -32,19 +32,27 @@
 
 #include "pkinit.h"
 
+#define DATA_FROM_ARRAY(a) { KV5M_DATA, sizeof(a), (char *)a }
+
 /* RFC 8636 id-pkinit-kdf-ah-sha1: iso(1) identified-organization(3) dod(6)
  * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha1(1) */
-static char kdf_sha1[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x01 };
+static uint8_t kdf_sha1[8] = {
+    0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x01
+};
 /* RFC 8636 id-pkinit-kdf-ah-sha256: iso(1) identified-organization(3) dod(6)
  * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha256(2) */
-static char kdf_sha256[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x02 };
+static uint8_t kdf_sha256[8] = {
+    0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x02
+};
 /* RFC 8636 id-pkinit-kdf-ah-sha512: iso(1) identified-organization(3) dod(6)
  * internet(1) security(5) kerberosv5(2) pkinit(3) kdf(6) sha512(3) */
-static char kdf_sha512[8] = { 0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x03 };
+static uint8_t kdf_sha512[8] = {
+    0x2B, 0x06, 0x01, 0x05, 0x02, 0x03, 0x06, 0x03
+};
 
-const krb5_data kdf_sha1_id = { KV5M_DATA, sizeof(kdf_sha1), kdf_sha1 };
-const krb5_data kdf_sha256_id = { KV5M_DATA, sizeof(kdf_sha256), kdf_sha256 };
-const krb5_data kdf_sha512_id = { KV5M_DATA, sizeof(kdf_sha512), kdf_sha512 };
+const krb5_data kdf_sha1_id = DATA_FROM_ARRAY(kdf_sha1);
+const krb5_data kdf_sha256_id = DATA_FROM_ARRAY(kdf_sha256);
+const krb5_data kdf_sha512_id = DATA_FROM_ARRAY(kdf_sha512);
 
 krb5_data const * const supported_kdf_alg_ids[] = {
     &kdf_sha256_id,
@@ -55,81 +63,69 @@ krb5_data const * const supported_kdf_alg_ids[] = {
 
 /* RFC 3370 sha-1: iso(1) identified-organization(3) oiw(14) secsig(3)
  * algorithm(2) 26 */
-static char cms_sha1[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a };
+static uint8_t cms_sha1[] = { 0x2b, 0x0e, 0x03, 0x02, 0x1a };
 /* RFC 5754 id-sha256: joint-iso-itu-t(2) country(16) us(840) organization(1)
  * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 */
-static char cms_sha256[] = {
+static uint8_t cms_sha256[] = {
     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01
 };
 /* RFC 5754 id-sha384: joint-iso-itu-t(2) country(16) us(840) organization(1)
  * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 */
-static char cms_sha384[] = {
+static uint8_t cms_sha384[] = {
     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02
 };
 /* RFC 5754 id-sha512: joint-iso-itu-t(2) country(16) us(840) organization(1)
  * gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 */
-static char cms_sha512[] = {
+static uint8_t cms_sha512[] = {
     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03
 };
 
-const krb5_data cms_sha1_id = { KV5M_DATA, sizeof(cms_sha1), cms_sha1 };
-const krb5_data cms_sha256_id = { KV5M_DATA, sizeof(cms_sha256), cms_sha256 };
-const krb5_data cms_sha384_id = { KV5M_DATA, sizeof(cms_sha384), cms_sha384 };
-const krb5_data cms_sha512_id = { KV5M_DATA, sizeof(cms_sha512), cms_sha512 };
+const krb5_data cms_sha1_id = DATA_FROM_ARRAY(cms_sha1);
+const krb5_data cms_sha256_id = DATA_FROM_ARRAY(cms_sha256);
+const krb5_data cms_sha384_id = DATA_FROM_ARRAY(cms_sha384);
+const krb5_data cms_sha512_id = DATA_FROM_ARRAY(cms_sha512);
 
 /* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
  * rsadsi(113549) pkcs(1) 1 11 */
-static char sha256WithRSAEncr_oid[9] = {
+static uint8_t sha256WithRSAEncr_oid[9] = {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b
 };
 /* RFC 4055 sha256WithRSAEncryption: iso(1) member-body(2) us(840)
  * rsadsi(113549) pkcs(1) 1 13 */
-static char sha512WithRSAEncr_oid[9] = {
+static uint8_t sha512WithRSAEncr_oid[9] = {
     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0d
 };
 
 /* RFC 3279 ecdsa-with-SHA1: iso(1) member-body(2) us(840) ansi-X9-62(10045)
  * signatures(4) 1 */
-static char ecdsaWithSha1_oid[] = {
+static uint8_t ecdsaWithSha1_oid[] = {
     0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x01
 };
 
 /* RFC 5758 ecdsa-with-SHA256: iso(1) member-body(2) us(840) ansi-X9-62(10045)
  * signatures(4) ecdsa-with-SHA2(3) 2 */
-static char ecdsaWithSha256_oid[] = {
+static uint8_t ecdsaWithSha256_oid[] = {
     0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02
 };
 
 /* RFC 5758 ecdsa-with-SHA384: iso(1) member-body(2) us(840) ansi-X9-62(10045)
  * signatures(4) ecdsa-with-SHA2(3) 3 */
-static char ecdsaWithSha384_oid[] = {
+static uint8_t ecdsaWithSha384_oid[] = {
     0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x03
 };
 
 /* RFC 5758 ecdsa-with-SHA512: iso(1) member-body(2) us(840) ansi-X9-62(10045)
  * signatures(4) ecdsa-with-SHA2(3) 4 */
-static char ecdsaWithSha512_oid[] = {
+static uint8_t ecdsaWithSha512_oid[] = {
     0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x04
 };
 
-const krb5_data sha256WithRSAEncr_id = {
-    KV5M_DATA, sizeof(sha256WithRSAEncr_oid), sha256WithRSAEncr_oid
-};
-const krb5_data sha512WithRSAEncr_id = {
-    KV5M_DATA, sizeof(sha512WithRSAEncr_oid), sha512WithRSAEncr_oid
-};
-const krb5_data ecdsaWithSha1_id = {
-    KV5M_DATA, sizeof(ecdsaWithSha1_oid), ecdsaWithSha1_oid
-};
-const krb5_data ecdsaWithSha256_id = {
-    KV5M_DATA, sizeof(ecdsaWithSha256_oid), ecdsaWithSha256_oid
-};
-const krb5_data ecdsaWithSha384_id = {
-    KV5M_DATA, sizeof(ecdsaWithSha384_oid), ecdsaWithSha384_oid
-};
-const krb5_data ecdsaWithSha512_id = {
-    KV5M_DATA, sizeof(ecdsaWithSha512_oid), ecdsaWithSha512_oid
-};
+const krb5_data sha256WithRSAEncr_id = DATA_FROM_ARRAY(sha256WithRSAEncr_oid);
+const krb5_data sha512WithRSAEncr_id = DATA_FROM_ARRAY(sha512WithRSAEncr_oid);
+const krb5_data ecdsaWithSha1_id = DATA_FROM_ARRAY(ecdsaWithSha1_oid);
+const krb5_data ecdsaWithSha256_id = DATA_FROM_ARRAY(ecdsaWithSha256_oid);
+const krb5_data ecdsaWithSha384_id = DATA_FROM_ARRAY(ecdsaWithSha384_oid);
+const krb5_data ecdsaWithSha512_id = DATA_FROM_ARRAY(ecdsaWithSha512_oid);
 
 krb5_data const * const supported_cms_algs[] = {
     &ecdsaWithSha512_id,