Note Earl's regression fix for SSL_CTX_clear_options() on older OpenSSL.

[~andy/fetchmail] / kerberos.c

diff --git a/kerberos.c b/kerberos.c
index 2cbfe8c1c2eef90045ed3240d6f76ddf8df1e975..141c9e3a390fee3776c0a50e64f1a6ceb3bb075f 100644 (file)
--- a/kerberos.c
+++ b/kerberos.c
@@ -32,7 +32,7 @@ typedef       long    int32;
 #error Cannot deduce a 32-bit-type
 #endif
 
-int do_rfc1731(int sock, char *command, char *truename)
+int do_rfc1731(int sock, const char *command, const char *truename)
 /* authenticate as per RFC1731 -- note 32-bit integer requirement here */
 {
     int result = 0, len;
@@ -65,7 +65,7 @@ int do_rfc1731(int sock, char *command, char *truename)
      * in network byte order.
      */
 
-    if (result = gen_recv(sock, buf1, sizeof buf1)) {
+    if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0) {
        return result;
     }
 
@@ -96,14 +96,14 @@ int do_rfc1731(int sock, char *command, char *truename)
     strncpy(srvinst, truename, (sizeof srvinst)-1);
     srvinst[(sizeof srvinst)-1] = '\0';
     for (p = srvinst; *p; p++) {
-      if (isupper(*p)) {
-       *p = tolower(*p);
+      if (isupper((unsigned char)*p)) {
+       *p = tolower((unsigned char)*p);
       }
     }
 
     strncpy(srvrealm, (char *)krb_realmofhost(srvinst), (sizeof srvrealm)-1);
     srvrealm[(sizeof srvrealm)-1] = '\0';
-    if (p = strchr(srvinst, '.')) {
+    if ((p = strchr(srvinst, '.')) != NULL) {
       *p = '\0';
     }
 
@@ -186,7 +186,7 @@ int do_rfc1731(int sock, char *command, char *truename)
      * checksum it previously sent.
      */
     
-    if (result = gen_recv(sock, buf1, sizeof buf1))
+    if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0)
        return result;
 
     /* The client must construct data with the first four octets
@@ -216,7 +216,7 @@ int do_rfc1731(int sock, char *command, char *truename)
 
     des_ecb_encrypt((des_cblock *)buf2, (des_cblock *)buf2, schedule, 0);
     memcpy(challenge2.cstr, buf2, 4);
-    if (ntohl(challenge2.cint) != challenge1.cint + 1) {
+    if ((int32)ntohl(challenge2.cint) != challenge1.cint + 1) {
        report(stderr, GT_("challenge mismatch\n"));
        return PS_AUTHFAIL;
     }      
@@ -236,20 +236,20 @@ int do_rfc1731(int sock, char *command, char *truename)
     authenticator.dat[4] = 1;
 
     len = strlen(tktuser);
-    strncpy(authenticator.dat+8, tktuser, len);
+    strncpy((char *)authenticator.dat+8, tktuser, len);
     authenticator.length = len + 8 + 1;
     while (authenticator.length & 7) {
        authenticator.length++;
     }
-    des_pcbc_encrypt((des_cblock *)authenticator.dat,
-           (des_cblock *)authenticator.dat, authenticator.length, schedule,
+    des_pcbc_encrypt((const unsigned char *)authenticator.dat,
+           (unsigned char *)authenticator.dat, authenticator.length, schedule,
            &session, 1);
 
     to64frombits(buf1, authenticator.dat, authenticator.length);
 
     /* ship down the response, accept the server's error/ok indication */
     suppress_tags = TRUE;
-    result = gen_transact(sock, buf1, strlen(buf1));
+    result = gen_transact(sock, "%s", buf1);
     suppress_tags = FALSE;
     if (result)
        return(result);