static void display_status_1(char *m, OM_uint32 code, int type);
static int
-write_all(int fildes, char *buf, unsigned int nbyte)
+write_all(int fildes, const void *data, unsigned int nbyte)
{
- int ret;
- char *ptr;
+ int ret;
+ const char *ptr, *buf = data;
for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
ret = send(fildes, ptr, nbyte, 0);
}
static int
-read_all(int fildes, char *buf, unsigned int nbyte)
+read_all(int fildes, void *data, unsigned int nbyte)
{
int ret;
- char *ptr;
+ char *ptr, *buf = data;
fd_set rfds;
struct timeval tv;
if (ret < 0) {
perror("sending token data");
return -1;
- } else if (ret != tok->length) {
+ } else if ((size_t)ret != tok->length) {
if (display_file)
fprintf(display_file,
"sending token data: %d of %d bytes written\n",
perror("reading token data");
free(tok->value);
return -1;
- } else if (ret != tok->length) {
+ } else if ((size_t)ret != tok->length) {
fprintf(stderr, "sending token data: %d of %d bytes written\n",
ret, (int) tok->length);
free(tok->value);
OM_uint32 code;
int type;
{
- OM_uint32 maj_stat, min_stat;
+ OM_uint32 min_stat;
gss_buffer_desc msg;
OM_uint32 msg_ctx;
msg_ctx = 0;
while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID, &msg_ctx, &msg);
+ (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+ &msg_ctx, &msg);
if (display_file)
fprintf(display_file, "GSS-API error %s: %s\n", m,
(char *) msg.value);
showLocalIdentity(OM_uint32 *minor, gss_name_t name)
{
OM_uint32 major;
- gss_buffer_desc localname;
+ gss_buffer_desc buf;
- major = gss_localname(minor, name, GSS_C_NO_OID, &localname);
+ major = gss_localname(minor, name, GSS_C_NO_OID, &buf);
if (major == GSS_S_COMPLETE)
- printf("localname: %-*s\n", (int)localname.length, localname.value);
+ printf("localname: %-*s\n", (int)buf.length, (char *)buf.value);
else if (major != GSS_S_UNAVAILABLE)
display_status("gss_localname", major, *minor);
- gss_release_buffer(minor, &localname);
+ gss_release_buffer(minor, &buf);
return major;
}
krb5_data **code);
krb5_error_code
- (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in,
+ (*asn1_ldap_decode_sequence_of_keys)(const krb5_data *in,
ldap_seqof_key_data **);
/*
krb5_data **code);
krb5_error_code
- (*encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+ (*encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
krb5_data **code);
krb5_error_code
- (*encode_krb5_td_trusted_certifiers)(const
- krb5_external_principal_identifier **,
- krb5_data **code);
+ (*encode_krb5_td_trusted_certifiers)(krb5_external_principal_identifier *
+ const *, krb5_data **code);
krb5_error_code
(*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **);
rblock.key = &master_keyblock;
- seed.length = master_keyblock.length;
- seed.data = master_keyblock.contents;
+ seed = make_data(master_keyblock.contents, master_keyblock.length);
if ((retval = krb5_c_random_seed(util_context, &seed))) {
com_err(progname, retval,
krb5_error_code retval = 0;
int old_key_data_count, i;
krb5_kvno new_mkey_kvno;
- krb5_key_data tmp_key_data, *old_key_data;
+ krb5_key_data tmp_key_data;
krb5_mkey_aux_node *mkey_aux_data_head = NULL, **mkey_aux_data;
krb5_keylist_node *keylist_node;
krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(context);
if (use_mkvno != 0 && new_mkey_kvno != use_mkvno)
return (KRB5_KDB_KVNONOMATCH);
- /* save the old keydata */
old_key_data_count = master_entry->n_key_data;
- old_key_data = master_entry->key_data;
/* alloc enough space to hold new and existing key_data */
/*
krb5_db_entry *kdb = NULL;
char *current = 0;
char *cp;
- int x;
+ unsigned int x;
char line[LINESIZE];
if (fgets(line, LINESIZE, filep) == (char *) NULL) {
gss_name_t name;
krb5_principal princ;
int ret, success;
- krb5_data *c1, *c2, *realm;
+ krb5_data *c1, *realm;
gss_buffer_desc gss_str;
kadm5_server_handle_t handle;
size_t slen;
goto fail_princ;
c1 = krb5_princ_component(kctx, princ, 0);
- c2 = krb5_princ_component(kctx, princ, 1);
realm = krb5_princ_realm(kctx, princ);
if (strncmp(handle->params.realm, realm->data, realm->length) == 0
&& strncmp("kiprop", c1->data, c1->length) == 0) {
!(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
if (msg_ret != NULL) {
time_t until;
- char *time_string, *ptr, *errstr;
+ char *time_string, *ptr;
+ const char *errstr;
until = princ.last_pwd_change + pol.pw_min_life;
time_string = ctime(&until);
errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
- if (strlen(errstr) + strlen(time_string) >= msg_len) {
- *errstr = '\0';
- } else {
+ if (strlen(errstr) + strlen(time_string) < msg_len) {
if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
*ptr = '\0';
snprintf(msg_ret, msg_len, errstr, time_string);
OM_uint32 code;
int type;
{
- OM_uint32 maj_stat, min_stat;
+ OM_uint32 min_stat;
gss_buffer_desc msg;
OM_uint32 msg_ctx;
msg_ctx = 0;
while (1) {
- maj_stat = gss_display_status(&min_stat, code,
- type, GSS_C_NULL_OID,
- &msg_ctx, &msg);
+ (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+ &msg_ctx, &msg);
fprintf(stderr, _("GSS-API error %s: %s\n"), m, (char *)msg.value);
(void) gss_release_buffer(&min_stat, &msg);
kadm5_config_params params;
char **db_args = NULL;
int db_args_size = 0;
- char *errmsg;
+ const char *errmsg;
int i;
int strong_random = 1;
const char *pid_file = NULL;
kdc_realm_t *
setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
{
- krb5_error_code kret;
kdc_realm_t *newrealm;
kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
int kdc_numrealms = handle->kdc_numrealms;
- kret = 0;
if (kdc_numrealms > 1) {
if (!(newrealm = find_realm_data(handle, sprinc->realm.data,
(krb5_ui_4) sprinc->realm.length)))
return setup_udp_port_1(data, addr, haddrbuf, 0);
}
-#if 1
-static void
-klog_handler(const void *data, size_t len)
-{
- static char buf[BUFSIZ];
- static int bufoffset;
- void *p;
-
-#define flush_buf() \
- (bufoffset \
- ? (((buf[0] == 0 || buf[0] == '\n') \
- ? (fork()==0?abort():(void)0) \
- : (void)0), \
- krb5_klog_syslog(LOG_INFO, "%s", buf), \
- memset(buf, 0, sizeof(buf)), \
- bufoffset = 0) \
- : 0)
-
- p = memchr(data, 0, len);
- if (p)
- len = (const char *)p - (const char *)data;
-scan_for_newlines:
- if (len == 0)
- return;
- p = memchr(data, '\n', len);
- if (p) {
- if (p != data)
- klog_handler(data, (size_t)((const char *)p - (const char *)data));
- flush_buf();
- len -= ((const char *)p - (const char *)data) + 1;
- data = 1 + (const char *)p;
- goto scan_for_newlines;
- } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) {
- size_t x = sizeof(buf) - len - 1;
- klog_handler(data, x);
- flush_buf();
- len -= x;
- data = (const char *)data + x;
- goto scan_for_newlines;
- } else {
- memcpy(buf + bufoffset, data, len);
- bufoffset += len;
- }
-}
-#endif
-
#ifdef HAVE_STRUCT_RT_MSGHDR
#include <net/route.h>
static void init ()
{
- int i, j, r;
+ size_t i, j;
+ cam_rval r;
srand(42);
for (i = 0; i < 16; i++)
static void hexdump(const unsigned char *ptr, size_t len)
{
- int i;
+ size_t i;
for (i = 0; i < len; i++)
printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]);
}
static void
xor (unsigned char *out, const unsigned char *a, const unsigned char *b)
{
- int i;
+ size_t i;
for (i = 0; i < B; i++)
out[i] = a[i] ^ b[i];
}
static void
ecb_enc (unsigned char *out, unsigned char *in, unsigned int len)
{
- int i, r;
+ size_t i;
+ cam_rval r;
for (i = 0; i < len; i += 16) {
r = camellia_enc_blk (in + i, out + i, &ctx);
if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
static void
ecb_dec (unsigned char *out, unsigned char *in, unsigned int len)
{
- int i, r;
+ size_t i;
+ cam_rval r;
for (i = 0; i < len; i += 16) {
r = camellia_dec_blk (in + i, out + i, &dctx);
if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
unsigned int len)
{
- int i, r;
+ size_t i;
+ cam_rval r;
unsigned char tmp[B];
D(iv);
memcpy (tmp, iv, B);
cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
unsigned int len)
{
- int i, r;
+ size_t i;
+ cam_rval r;
unsigned char tmp[B];
memcpy (tmp, iv, B);
for (i = 0; i < len; i += B) {
static void ecb_test ()
{
- int testno;
+ size_t testno;
unsigned char tmp[4*B];
printf ("ECB tests:\n");
hexdump (key, sizeof(key));
for (testno = 0; testno < NTESTS; testno++) {
unsigned len = (test_case_len[testno] + 15) & ~15;
- printf ("\ntest %d - %d bytes\n", testno, len);
+ printf ("\ntest %d - %d bytes\n", (int)testno, len);
printf ("input:");
hexdump (test_case[testno].input, len);
printf ("\n");
static void cbc_test ()
{
- int testno;
+ size_t testno;
unsigned char tmp[4*B];
printf ("CBC tests:\n");
hexdump (ivec, sizeof(ivec));
for (testno = 0; testno < NTESTS; testno++) {
unsigned len = (test_case_len[testno] + 15) & ~15;
- printf ("\ntest %d - %d bytes\n", testno, len);
+ printf ("\ntest %d - %d bytes\n", (int)testno, len);
printf ("input:");
hexdump (test_case[testno].input, len);
printf ("\n");
static void cts_test ()
{
- int testno;
+ size_t testno;
unsigned char tmp[4*B];
printf ("CTS tests:\n");
hexdump (ivec, sizeof(ivec));
for (testno = 0; testno < NTESTS; testno++) {
unsigned int len = test_case_len[testno];
- printf ("\ntest %d - %d bytes\n", testno, len);
+ printf ("\ntest %d - %d bytes\n", (int)testno, len);
printf ("input:");
hexdump (test_case[testno].input, len);
printf ("\n");
static krb5_data ivec;
static void init()
{
- enc_key.contents = key;
+ enc_key.contents = (krb5_octet *)key;
enc_key.length = 16;
ivec.data = zero;
ivec.length = 16;
iov.flags = KRB5_CRYPTO_TYPE_DATA;
iov.data.data = outbuf;
- in.data = input;
+ in.data = (char *)input;
enciv.length = deciv.length = 16;
enciv.data = encivbuf;
deciv.data = decivbuf;
- keyblock.contents = aeskey;
+ keyblock.contents = (krb5_octet *)aeskey;
keyblock.length = 16;
keyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
};
for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
- key.contents = md5tests[i].key;
+ key.contents = (krb5_octet *)md5tests[i].key;
key.length = md5tests[i].key_len;
- in.data = md5tests[i].data;
- in.length = md5tests[i].data_len;
+ in = make_data((char *)md5tests[i].data, md5tests[i].data_len);
out.data = outbuf;
out.length = 20;
static size_t
next_iov_to_process(struct iov_cursor *cursor, size_t ind)
{
- krb5_crypto_iov *iov;
+ const krb5_crypto_iov *iov;
for (; ind < cursor->iov_count; ind++) {
iov = &cursor->iov[ind];
char *sptr;
OM_uint32 tmp;
size_t md5len;
- int bigend;
krb5_gss_cred_id_t cred = 0;
krb5_data ap_rep, ap_req;
unsigned int i;
}
gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
- bigend = 0;
decode_req_message = 0;
} else {
/* gss krb5 v1 */
gss_buffer_set_t *data_set)
{
OM_uint32 major_status = GSS_S_FAILURE;
- krb5_gss_cred_id_t cred;
#if 0
size_t i;
#endif
if (GSS_ERROR(major_status))
return major_status;
- cred = (krb5_gss_cred_id_t) cred_handle;
-
#if 0
for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
OM_uint32 minor;
unsigned int tlen = 0;
unsigned int hintNameSize = 0;
- unsigned int negHintsSize = 0;
unsigned char *ptr;
unsigned char *t;
/* Length of DER encoded hintName */
tlen += 1 + gssint_der_length_size(hintNameSize);
- negHintsSize = tlen;
t = gssalloc_malloc(tlen);
if (t == NULL) {
gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
spnego_gss_ctx_id_t sc = NULL;
spnego_gss_cred_id_t spcred = NULL;
- OM_uint32 mechstat = GSS_S_FAILURE;
int sendTokenInit = 0, tmpret;
mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
* round-trip. RET is set to a default value according to
* whether it is the first round-trip.
*/
- mechstat = GSS_S_FAILURE;
if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) {
ret = acc_ctx_call_acc(minor_status, sc, spcred,
mechtok_in, mech_type, &mechtok_out,
ret_flags, time_rec,
delegated_cred_handle,
&negState, &return_token);
- } else if (negState == REQUEST_MIC) {
- mechstat = GSS_S_CONTINUE_NEEDED;
}
/* Step 3: process or generate the MIC, if the negotiated mech is
* - check for a0(context specific identifier)
* - get length and verify that enoughd ata exists
*/
- if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &seqsize) < 0)
+ if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &bytes) < 0)
return (G_BAD_TOK_HEADER);
- cur_size = seqsize; /* should indicate bytes remaining */
+ cur_size = bytes; /* should indicate bytes remaining */
/*
* Verify the next piece, it should identify this as
setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
char *client_name, char *full_svcname)
{
- kadm5_ret_t code;
OM_uint32 gssstat, minor_stat;
gss_buffer_desc buf;
gss_name_t gss_client;
const char *c_ccname_orig;
char *ccname_orig;
- code = KADM5_GSS_ERROR;
gss_client_creds = GSS_C_NO_CREDENTIAL;
ccname_orig = NULL;
gss_client = gss_target = GSS_C_NO_NAME;
/* Temporarily use the kadm5 cache. */
gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name,
&c_ccname_orig);
- if (gssstat != GSS_S_COMPLETE) {
- code = KADM5_GSS_ERROR;
+ if (gssstat != GSS_S_COMPLETE)
goto error;
- }
if (c_ccname_orig)
ccname_orig = strdup(c_ccname_orig);
else
buf.length = strlen((char *)buf.value) + 1;
gssstat = gss_import_name(&minor_stat, &buf,
(gss_OID) gss_nt_krb5_name, &gss_target);
- if (gssstat != GSS_S_COMPLETE) {
- code = KADM5_GSS_ERROR;
+ if (gssstat != GSS_S_COMPLETE)
goto error;
- }
if (client_name) {
buf.value = client_name;
(gss_OID) gss_nt_krb5_name, &gss_client);
} else gss_client = GSS_C_NO_NAME;
- if (gssstat != GSS_S_COMPLETE) {
- code = KADM5_GSS_ERROR;
+ if (gssstat != GSS_S_COMPLETE)
goto error;
- }
gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
GSS_C_NULL_OID_SET, GSS_C_INITIATE,
&gss_client_creds, NULL, NULL);
if (gssstat != GSS_S_COMPLETE) {
- code = KADM5_GSS_ERROR;
#if 0 /* for debugging only */
{
OM_uint32 maj_status, min_status, message_context = 0;
/* Use RPCSEC_GSS by default. */
if (params_in == NULL ||
!(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
- sec.mech = gss_mech_krb5;
+ sec.mech = (gss_OID)gss_mech_krb5;
sec.qop = GSS_C_QOP_DEFAULT;
sec.svc = RPCSEC_GSS_SVC_PRIVACY;
sec.cred = gss_client_creds;
return (FALSE);
}
if (objp->code == KADM5_OK) {
- if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
+ if (!xdr_array(xdrs, (char **)&objp->keys,
+ (unsigned int *)&objp->n_keys, ~0,
sizeof(krb5_keyblock), xdr_krb5_keyblock))
return FALSE;
}
line_incr = 0;
for (domore = 1; domore && !feof(fp); ) {
/* Copy in the line, with continuations */
- for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) {
+ for (i = 0; ((i < BUFSIZ) && !feof(fp)); i++) {
int byte;
byte = fgetc(fp);
acl_buf[i] = byte;
return(ret);
}
- xdrmem_create(&xdrs, tl_data.tl_data_contents,
+ xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
tl_data.tl_data_length, XDR_DECODE);
if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
xdr_destroy(&xdrs);
}
tl_data.tl_data_type = KRB5_TL_KADM_DATA;
tl_data.tl_data_length = xdr_getpos(&xdrs);
- tl_data.tl_data_contents = xdralloc_getdata(&xdrs);
+ tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
ks_tuple = handle->params.keysalts;
}
/* Dup the requested or defaulted keysalt tuples. */
- new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple),
- &ret);
- if (new_ks_tuple == NULL)
+ new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple));
+ if (new_ks_tuple == NULL) {
+ ret = ENOMEM;
goto cleanup;
+ }
+ memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
new_n_ks_tuple = n_ks_tuple;
ret = 0;
goto cleanup;
kadm5_policy_ent_rec polent;
krb5_boolean have_polent = FALSE;
krb5_int32 now;
- krb5_tl_data *tl_data_orig, *tl_data_tail;
+ krb5_tl_data *tl_data_tail;
unsigned int ret;
kadm5_server_handle_t handle = server_handle;
krb5_keyblock *act_mkey;
if (mask & KADM5_TL_DATA) {
/* splice entry->tl_data onto the front of kdb->tl_data */
- tl_data_orig = kdb->tl_data;
for (tl_data_tail = entry->tl_data; tl_data_tail;
tl_data_tail = tl_data_tail->tl_data_next)
{
}
#endif
+void kadm5_set_use_password_server (void);
+
void
kadm5_set_use_password_server (void)
{
#pragma GCC diagnostic ignored "-Wunused-variable"
#endif
-bool_t
+static bool_t
xdr_int16_t (XDR *xdrs, int16_t *objp)
{
register int32_t *buf;
return TRUE;
}
-bool_t
-xdr_uint16_t (XDR *xdrs, uint16_t *objp)
-{
- register int32_t *buf;
-
- if (!xdr_u_short (xdrs, objp))
- return FALSE;
- return TRUE;
-}
-
-bool_t
+static bool_t
xdr_int32_t (XDR *xdrs, int32_t *objp)
{
register int32_t *buf;
return TRUE;
}
-bool_t
+static bool_t
xdr_uint32_t (XDR *xdrs, uint32_t *objp)
{
register int32_t *buf;
/* Hopefully big enough to hold a serialized credential */
#define GUESS_CRED_SIZE 4096
-#define ALLOC(NUM,TYPE) \
- (((NUM) <= (((size_t)0-1)/ sizeof(TYPE))) \
- ? (TYPE *) calloc((NUM), sizeof(TYPE)) \
- : (errno = ENOMEM,(TYPE *) 0))
-
#define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest
#define CHECK(ret) if (ret != KRB5_OK) goto errout
#define CHECK_OUT(ret) if (ret != KRB5_OK) return ret
krb5_krcc_cursor krcursor;
krb5_krcc_data *d;
unsigned int size;
- int res;
+ long res;
DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n"));
krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor));
res = keyctl_read(d->ring_id, (char *) krcursor->keys,
((d->numkeys + 1) * sizeof(key_serial_t)));
- if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) {
+ if (res < 0 || (size_t)res > ((d->numkeys + 1) * sizeof(key_serial_t))) {
DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n",
res, d->numkeys, strerror(errno)));
free(krcursor);
*/
memset(ids_buf, '\0', sizeof(ids_buf));
val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf));
- if (val > sizeof(ids_buf))
+ if (val < 0 || (size_t)val > sizeof(ids_buf))
goto out;
val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread);
if (tmpprinc == NULL)
return KRB5_CC_NOMEM;
if (length) {
- size_t msize = length;
- if (msize != length) {
- free(tmpprinc);
- return KRB5_CC_NOMEM;
- }
- tmpprinc->data = ALLOC(msize, krb5_data);
+ tmpprinc->data = calloc(length, sizeof(krb5_data));
if (tmpprinc->data == 0) {
free(tmpprinc);
return KRB5_CC_NOMEM;
if (int32 < 0)
return KRB5_CC_NOMEM;
keyblock->length = int32;
- /* Overflow check. */
- if (keyblock->length != int32)
- return KRB5_CC_NOMEM;
if (keyblock->length == 0)
return KRB5_OK;
- keyblock->contents = ALLOC(keyblock->length, krb5_octet);
+ keyblock->contents = malloc(keyblock->length);
if (keyblock->contents == NULL)
return KRB5_CC_NOMEM;
if (len < 0)
return KRB5_CC_NOMEM;
data->length = len;
- if (data->length != len || data->length + 1 == 0)
+ if (data->length + 1 == 0)
return KRB5_CC_NOMEM;
if (data->length == 0) {
* Make *addrs able to hold length pointers to krb5_address structs
* Add one extra for a null-terminated list
*/
- msize = length;
- msize += 1;
- if (msize == 0 || msize - 1 != length || length < 0)
+ msize = (size_t)length + 1;
+ if (msize == 0 || length < 0)
return KRB5_CC_NOMEM;
- *addrs = ALLOC(msize, krb5_address *);
+ *addrs = calloc(msize, sizeof(krb5_address *));
if (*addrs == NULL)
return KRB5_CC_NOMEM;
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
addr->length = int32;
- /*
- * Length field is "unsigned int", which may be smaller
- * than 32 bits.
- */
- if (addr->length != int32)
- return KRB5_CC_NOMEM; /* XXX */
-
if (addr->length == 0)
return KRB5_OK;
* Make *a able to hold length pointers to krb5_authdata structs
* Add one extra for a null-terminated list
*/
- msize = length;
- msize += 1;
- if (msize == 0 || msize - 1 != length || length < 0)
+ msize = (size_t)length + 1;
+ if (msize == 0 || length < 0)
return KRB5_CC_NOMEM;
- *a = ALLOC(msize, krb5_authdata *);
+ *a = calloc(msize, sizeof(krb5_authdata *));
if (*a == NULL)
return KRB5_CC_NOMEM;
if ((int32 & VALID_INT_BITS) != int32) /* Overflow int??? */
return KRB5_CC_NOMEM;
a->length = int32;
- /*
- * Value could have gotten truncated if int is
- * smaller than 32 bits.
- */
- if (a->length != int32)
- return KRB5_CC_NOMEM; /* XXX */
-
if (a->length == 0)
return KRB5_OK;
if(kret != KRB5_OK) {
if(kret == KRB5_CC_UNKNOWN_TYPE)
return 0;
- com_err("Checking on credential type", kret,prefix);
+ com_err("Checking on credential type", kret, "%s", prefix);
fflush(stderr);
return 0;
}
kret = krb5_cc_close(context, id);
if(kret != KRB5_OK) {
- com_err("Checking on credential type - closing", kret,prefix);
+ com_err("Checking on credential type - closing", kret, "%s", prefix);
fflush(stderr);
}
};
int fail = 0;
- int i;
+ size_t i;
for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) {
krb5_deltat result;
}
}
if (fail == 0)
- printf ("Passed all %d tests.\n", i);
+ printf ("Passed all %d tests.\n", (int)i);
else
- printf ("Failed %d of %d tests.\n", fail, i);
+ printf ("Failed %d of %d tests.\n", fail, (int)i);
return fail;
}
kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
if (!kret) {
if (verbose) {
- printf("%s: externalized in %d bytes\n", msg, outlen);
+ printf("%s: externalized in %d bytes\n", msg, (int)outlen);
print_erep(outrep, outlen);
}
if (!kret) {
if (ilen)
printf("%s: %d bytes left over after internalize\n",
- msg, ilen);
+ msg, (int)ilen);
/* Now attempt to re-externalize it */
kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
if (!kret) {
{
struct localaddr_data data = { 0 };
int r;
- krb5_error_code err;
- if (use_profile) {
- err = krb5_os_localaddr_profile (context, &data);
- /* ignore err for now */
- }
+ /* Ignore errors for now. */
+ if (use_profile)
+ (void)krb5_os_localaddr_profile (context, &data);
r = foreach_localaddr (&data, count_addrs, allocate, add_addr);
if (r != 0) {
struct stat sb1, sb2;
#endif
char *dir;
- size_t dirlen;
- GETDIR;
+ dir = getdir();
if (full_pathname) {
if (!(d->fn = strdup(full_pathname)))
return KRB5_RC_IO_MALLOC;
{
struct rpc_gss_data *gd;
OM_uint32 min_stat;
- enum clnt_stat callstat;
log_debug("in authgss_destroy_context()");
if (gd->gc.gc_ctx.length != 0) {
if (gd->established) {
gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
- callstat = clnt_call(gd->clnt, NULLPROC,
- xdr_void, NULL,
- xdr_void, NULL,
- AUTH_TIMEOUT);
+ (void)clnt_call(gd->clnt, NULLPROC, xdr_void, NULL,
+ xdr_void, NULL, AUTH_TIMEOUT);
log_debug("%s",
clnt_sperror(gd->clnt,
"authgss_destroy_context"));
{
struct ifconf ifc;
struct ifreq ifreq, *ifr;
- struct sockaddr_in *sockin;
int n, i;
ifc.ifc_len = GIFCONF_BUFSIZE;
if ((ifreq.ifr_flags & IFF_BROADCAST) &&
(ifreq.ifr_flags & IFF_UP) &&
ifr->ifr_addr.sa_family == AF_INET) {
- sockin = (struct sockaddr_in *)&ifr->ifr_addr;
#ifdef SIOCGIFBRDADDR /* 4.3BSD */
if (ioctl(sock, SIOCGIFBRDADDR, (char *)&ifreq) < 0) {
addrs[i++].s_addr = INADDR_ANY;
-#if 0 /* this is uuuuugly */
- addrs[i++] = inet_makeaddr(inet_netof
-#if defined(hpux) || (defined(sun) && defined(__svr4__)) || defined(linux) || (defined(__osf__) && defined(__alpha__))
- (sockin->sin_addr),
-#else /* hpux or solaris */
- (sockin->sin_addr.s_addr),
-#endif
- INADDR_ANY);
-#endif
} else {
addrs[i++] = ((struct sockaddr_in*)
&ifreq.ifr_addr)->sin_addr;
}
#else /* 4.2 BSD */
+ struct sockaddr_in *sockin;
+ sockin = (struct sockaddr_in *)&ifr->ifr_addr;
addrs[i++] = inet_makeaddr(inet_netof
(sockin->sin_addr.s_addr), INADDR_ANY);
#endif
offset = 0 - offset;
gd->seqmask <<= offset;
offset = 0;
- }
- else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
+ } else if ((u_int)offset >= gd->win ||
+ (gd->seqmask & (1 << offset))) {
*no_dispatch = 1;
ret_freegc (RPCSEC_GSS_CTXPROBLEM);
}
register int rlen;
char *reply;
uint32_t replylen;
+ socklen_t addrlen;
again:
memset(&dummy, 0, sizeof(dummy));
return (FALSE);
}
- xprt->xp_addrlen = sizeof(struct sockaddr_in);
+ addrlen = sizeof(struct sockaddr_in);
rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz,
- 0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen));
+ 0, (struct sockaddr *)&(xprt->xp_raddr), &addrlen);
if (rlen == -1 && errno == EINTR)
goto again;
if (rlen < (int) (4*sizeof(uint32_t)))
return (FALSE);
+ xprt->xp_addrlen = addrlen;
xdrs->x_op = XDR_DECODE;
XDR_SETPOS(xdrs, 0);
if (! xdr_callmsg(xdrs, msg))
CLIENT *clnt;
AUTH *tmp_auth;
struct rpc_err e;
- int i, auth_once, sock, use_tcp;
- unsigned int count;
+ int auth_once, sock, use_tcp;
+ unsigned int count, i;
extern int optind;
extern char *optarg;
extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi;
xdrmem_getbytes(XDR *xdrs, caddr_t addr, u_int len)
{
- if (xdrs->x_handy < len)
+ if ((u_int)xdrs->x_handy < len)
return (FALSE);
else
xdrs->x_handy -= len;
xdrmem_putbytes(XDR *xdrs, caddr_t addr, u_int len)
{
- if (xdrs->x_handy < len)
+ if ((u_int)xdrs->x_handy < len)
return (FALSE);
else
xdrs->x_handy -= len;
xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len)
{
register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
- register int current;
+ register u_int current;
while (len > 0) {
current = rstrm->fbtbc;
return (FALSE);
continue;
}
- current = (len < current) ? len : current;
+ current = ((size_t)len < current) ? (size_t)len : current;
memmove(addr, rstrm->in_finger, current);
rstrm->in_finger += current;
addr += current;
return (FALSE);
}
-static long *
+static rpc_inline_t *
x_inline(xdrs, len)
XDR *xdrs;
int len;
if (len < (int) xdrs->x_base) {
/* x_private was already allocated */
xdrs->x_handy += len;
- return ((long *) xdrs->x_private);
+ return ((rpc_inline_t *) xdrs->x_private);
} else {
/* Free the earlier space and allocate new area */
if (xdrs->x_private)
}
xdrs->x_base = (caddr_t) len;
xdrs->x_handy += len;
- return ((long *) xdrs->x_private);
+ return ((rpc_inline_t *) xdrs->x_private);
}
}
bool_t stat;
/* to stop ANSI-C compiler from complaining */
typedef bool_t (* dummyfunc1)(XDR *, long *);
- typedef bool_t (* dummyfunc2)(XDR *, caddr_t, int);
+ typedef bool_t (* dummyfunc2)(XDR *, caddr_t, u_int);
ops.x_putlong = x_putlong;
ops.x_putbytes = x_putbytes;
char **dlist = NULL, **tmplist = NULL;
const char **slist = NULL;
int dcount = 0, scount = 0, copycount = 0;
- int found = 0;
if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
return;
* from the destination list */
for (slist = sourcelist; *slist != NULL; slist++) {
for (dlist = *destlist; *dlist != NULL; dlist++) {
- found = 0; /* value not found */
/* DN is case insensitive string */
if (strcasecmp(*dlist, *slist) == 0) {
- found = 1;
free(*dlist);
/* Advance the rest of the entries by one */
for (tmplist = dlist; *tmplist != NULL; tmplist++) {
is_principal_in_realm(krb5_ldap_context *ldap_context,
krb5_const_principal searchfor)
{
- size_t defrealmlen=0;
char *defrealm=NULL;
#define FIND_MAX(a,b) ((a) > (b) ? (a) : (b))
- defrealmlen = strlen(ldap_context->lrparams->realm_name);
defrealm = ldap_context->lrparams->realm_name;
/*
{
krb5_error_code st = 0;
unsigned int mask = 0;
+ int val;
krb5_boolean attr_present = FALSE;
char **values = NULL, *policydn = NULL, *pwdpolicydn = NULL;
char *polname = NULL, *tktpolname = NULL;
mask |= KDB_LAST_FAILED_ATTR;
/* KRBLOGINFAILEDCOUNT */
- if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount",
- &(entry->fail_auth_count)) == 0)
+ if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount", &val) == 0) {
+ entry->fail_auth_count = val;
mask |= KDB_FAIL_AUTH_COUNT_ATTR;
+ }
/* KRBMAXTICKETLIFE */
if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
goto cleanup;
if (entry->mask & KADM5_LOAD) {
- int tree = 0, ntrees = 0, numlentries = 0;
+ unsigned int tree = 0, ntrees = 0;
+ int numlentries = 0;
char **subtreelist = NULL, *filter = NULL;
/* A load operation is special, will do a mix-in (add krbprinc
*/
if (xargs.dn_from_kbd == TRUE) {
/* make sure the DN falls in the subtree */
- int tre=0, dnlen=0, subtreelen=0, ntrees=0;
+ unsigned int tre=0, ntrees=0;
+ int dnlen=0, subtreelen=0;
char **subtreelist=NULL;
char *dn=NULL;
krb5_boolean outofsubtree=TRUE;
krb5_db_entry *entries, char *policy)
{
krb5_error_code st=0;
- unsigned int mask=0, omask=0;
+ int mask=0, omask=0;
int tkt_mask=(KDB_MAX_LIFE_ATTR | KDB_MAX_RLIFE_ATTR | KDB_TKT_FLAGS_ATTR);
krb5_ldap_policy_params *tktpoldnparam=NULL;
return(st);
}
+static void
+get_ui4(LDAP *ld, LDAPMessage *ent, char *name, krb5_ui_4 *out)
+{
+ int val;
+
+ krb5_ldap_get_value(ld, ent, name, &val);
+ *out = val;
+}
+
static krb5_error_code
populate_policy(krb5_context context,
LDAP *ld,
CHECK_NULL(pol_entry->name);
pol_entry->version = 1;
- krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(pol_entry->pw_max_life));
- krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(pol_entry->pw_min_life));
- krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(pol_entry->pw_min_classes));
- krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(pol_entry->pw_min_length));
- krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(pol_entry->pw_history_num));
-
- krb5_ldap_get_value(ld, ent, "krbpwdmaxfailure", &(pol_entry->pw_max_fail));
- krb5_ldap_get_value(ld, ent, "krbpwdfailurecountinterval", &(pol_entry->pw_failcnt_interval));
- krb5_ldap_get_value(ld, ent, "krbpwdlockoutduration", &(pol_entry->pw_lockout_duration));
- krb5_ldap_get_value(ld, ent, "krbpwdattributes", &(pol_entry->attributes));
- krb5_ldap_get_value(ld, ent, "krbpwdmaxlife", &(pol_entry->max_life));
- krb5_ldap_get_value(ld, ent, "krbpwdmaxrenewablelife",
- &(pol_entry->max_renewable_life));
+ get_ui4(ld, ent, "krbmaxpwdlife", &pol_entry->pw_max_life);
+ get_ui4(ld, ent, "krbminpwdlife", &pol_entry->pw_min_life);
+ get_ui4(ld, ent, "krbpwdmindiffchars", &pol_entry->pw_min_classes);
+ get_ui4(ld, ent, "krbpwdminlength", &pol_entry->pw_min_length);
+ get_ui4(ld, ent, "krbpwdhistorylength", &pol_entry->pw_history_num);
+ get_ui4(ld, ent, "krbpwdmaxfailure", &pol_entry->pw_max_fail);
+ get_ui4(ld, ent, "krbpwdfailurecountinterval",
+ &pol_entry->pw_failcnt_interval);
+ get_ui4(ld, ent, "krbpwdlockoutduration", &pol_entry->pw_lockout_duration);
+ get_ui4(ld, ent, "krbpwdattributes", &pol_entry->attributes);
+ get_ui4(ld, ent, "krbpwdmaxlife", &pol_entry->max_life);
+ get_ui4(ld, ent, "krbpwdmaxrenewablelife", &pol_entry->max_renewable_life);
st = krb5_ldap_get_string(ld, ent, "krbpwdallowedkeysalts",
&(pol_entry->allowed_keysalts), NULL);
char **values=NULL, **subtrees=NULL, **policy=NULL;
LDAPMessage **result_arr=NULL, *result = NULL, *ent = NULL;
krb5_principal principal;
- int l=0, ntree=0, i=0, j=0, mask=0;
+ unsigned int l=0, ntree=0;
+ int i=0, j=0, mask=0;
kdb5_dal_handle *dal_handle = NULL;
krb5_ldap_context *ldap_context = NULL;
krb5_ldap_server_handle *ldap_server_handle = NULL;
krb5_error_code st=0;
char **strval=NULL, *strvalprc[5]={NULL};
LDAPMod **mods = NULL;
- int oldmask=0, objectmask=0,k=0;
+ int objectmask=0,k=0;
kdb5_dal_handle *dal_handle=NULL;
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
/* get ldap handle */
GET_HANDLE ();
- /* get the oldmask obtained from the krb5_ldap_read_realm_params */
- {
- void *voidptr=NULL;
-
- if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
- oldmask = *((int *) voidptr);
- free (voidptr);
- } else {
- st = EINVAL;
- krb5_set_error_message(context, st, _("tl_data not available"));
- return st;
- }
- }
-
-
/* SUBTREE ATTRIBUTE */
if (mask & LDAP_REALM_SUBTREE) {
if ( rparams->subtree!=NULL) {
int entryfound=0;
krb5_error_code st=0;
char line[RECORDLEN]="0", *start=NULL, *file=NULL;
- char errbuf[1024];
FILE *fptr=NULL;
*password = NULL;
int
tohex(krb5_data in, krb5_data *ret)
{
- int i=0, err = 0;
+ unsigned int i=0;
+ int err = 0;
ret->length = 0;
ret->data = NULL;
XDR xdrs;
- xdrmem_create(&xdrs, tl_data->tl_data_contents,
+ xdrmem_create(&xdrs, (caddr_t)tl_data->tl_data_contents,
tl_data->tl_data_length, XDR_DECODE);
if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
xdr_destroy(&xdrs);
krb5_data **code);
krb5_error_code
-(*k5int_encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+(*k5int_encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
krb5_data **code);
krb5_error_code
(*k5int_decode_krb5_td_dh_parameters)(const krb5_data *,
krb5_error_code
(*k5int_encode_krb5_td_trusted_certifiers)
-(const krb5_external_principal_identifier **, krb5_data **code);
+(krb5_external_principal_identifier *const *, krb5_data **code);
krb5_error_code
(*k5int_decode_krb5_td_trusted_certifiers)
(const krb5_pa_pk_as_rep_draft9 *, krb5_data **code);
extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
- (const krb5_algorithm_identifier **, krb5_data **code);
+ (krb5_algorithm_identifier *const *, krb5_data **code);
extern krb5_error_code (*k5int_decode_krb5_td_dh_parameters)
(const krb5_data *, krb5_algorithm_identifier ***);
extern krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers)
- (const krb5_external_principal_identifier **, krb5_data **code);
+ (krb5_external_principal_identifier *const *, krb5_data **code);
extern krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers)
(const krb5_data *, krb5_external_principal_identifier ***);
SECItem tmp, *oid;
krb5_algorithm_identifier id[sizeof(oakley_groups) /
sizeof(oakley_groups[0])];
- const krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1];
+ krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1];
unsigned int i, j;
krb5_data *data;
krb5_pa_data **typed_data;
{
CERTCertificate *invalid;
krb5_external_principal_identifier id;
- const krb5_external_principal_identifier *ids[2];
+ krb5_external_principal_identifier *ids[2];
struct issuer_and_serial_number isn;
krb5_data *data;
SECItem item;
pkinit_identity_crypto_context
id_cryptoctx, krb5_pa_data ***pa_data)
{
- const krb5_external_principal_identifier **ids;
+ krb5_external_principal_identifier **ids;
krb5_external_principal_identifier *id;
struct issuer_and_serial_number isn;
krb5_data *data;
goto cleanup;
}
- retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_verified_chain, &authz);
+ retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_verified_chain, &authz);
if (retval) {
pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
goto cleanup;
goto cleanup;
}
- retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_trusted_certifiers, &td_certifiers);
+ retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_trusted_certifiers, &td_certifiers);
if (retval) {
pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
goto cleanup;
algId[0]->algorithm = dh_oid;
}
- retval = k5int_encode_krb5_td_dh_parameters((const krb5_algorithm_identifier **)algId, &encoded_algId);
+ retval = k5int_encode_krb5_td_dh_parameters((krb5_algorithm_identifier *const *)algId, &encoded_algId);
if (retval)
goto cleanup;
#ifdef DEBUG_ASN1
int database_fd;
int in_database_size;
{
- krb5_int32 sent_size, n;
+ krb5_int32 n;
krb5_data inbuf, outbuf;
char buf[KPROP_BUFSIZ];
krb5_error_code retval;
krb5_error *error;
/* These must be 4 bytes */
krb5_ui_4 database_size = in_database_size;
- krb5_ui_4 send_size;
+ krb5_ui_4 send_size, sent_size;
/*
* Send over the size
int sock, acc;
int one = 1;
struct sockaddr_in l_inaddr, f_inaddr; /* local, foreign address */
- int namelen = sizeof(f_inaddr);
+ socklen_t namelen = sizeof(f_inaddr);
#ifdef POSIX_SIGNALS
struct sigaction csig;
#endif
static void
display_status(const char *msg, OM_uint32 code, int type)
{
- OM_uint32 maj_stat, min_stat, msg_ctx = 0;
+ OM_uint32 min_stat, msg_ctx = 0;
gss_buffer_desc buf;
do {
- maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
- &msg_ctx, &buf);
+ (void)gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+ &msg_ctx, &buf);
fprintf(stderr, "%s: %.*s\n", msg, (int)buf.length, (char *)buf.value);
(void)gss_release_buffer(&min_stat, &buf);
} while (msg_ctx != 0);
{
errcode_t retval;
int argc, ret;
- char **argv, **values, **cpp;
+ char **argv, **values, *value, **cpp;
char buf[256];
- const char **names, *value;
+ const char **names, *name;
char *cmd;
int print_status;
retval = profile_rename_section(profile, names+1,
*names);
} else if (!strcmp(cmd, "add")) {
- value = *names;
- if (strcmp(value, "NULL") == 0)
- value = NULL;
- retval = profile_add_relation(profile, names+1,
- value);
+ name = *names;
+ if (strcmp(name, "NULL") == 0)
+ name = NULL;
+ retval = profile_add_relation(profile, names+1, name);
} else if (!strcmp(cmd, "flush")) {
retval = profile_flush(profile);
} else {
{
profile_t profile;
long retval;
- char **values, **cpp;
- const char *value;
+ char **values, *value, **cpp;
const char **names;
char *cmd;
int print_value = 0;
projects / thirdparty / krb5.git / commitdiff
