Credit John Beck's fixes.

[~andy/fetchmail] / kerberos.c

diff --git a/kerberos.c b/kerberos.c
index ab8c72958f9b67a347e4e85737bc775aa98ed094..141c9e3a390fee3776c0a50e64f1a6ceb3bb075f 100644 (file)
--- a/kerberos.c
+++ b/kerberos.c
@@ -4,6 +4,9 @@
  * For license terms, see the file COPYING in this directory.
  */
 #include  "config.h"
+
+#ifdef KERBEROS_V4
+
 #include  <stdio.h>
 #include  <string.h>
 #include  <ctype.h>
@@ -12,27 +15,11 @@
 #endif
 #include  "fetchmail.h"
 #include  "socket.h"
+#include  "kerberos.h"
 
+#include <sys/types.h>
 #include <netinet/in.h>  /* for htonl/ntohl */
 
-#ifdef KERBEROS_V4
-
-#  ifdef KERBEROS_V5
-#    include <kerberosIV/des.h>
-#    include <kerberosIV/krb.h>
-#  else
-#    if defined (__bsdi__)
-#       include <des.h>
-#       define krb_get_err_text(e) (krb_err_txt[e])
-#    endif
-#    if defined(__NetBSD__) || (__FreeBSD__) || defined(__linux__)
-#       define krb_get_err_text(e) (krb_err_txt[e])
-#    endif
-#    include <krb.h>
-#  endif
-
-/* des.h might define _ for no good reason.  */
-#undef _
 #include  "i18n.h"
 
 #if SIZEOF_INT == 4
@@ -45,7 +32,7 @@ typedef       long    int32;
 #error Cannot deduce a 32-bit-type
 #endif
 
-int do_rfc1731(int sock, char *command, char *truename)
+int do_rfc1731(int sock, const char *command, const char *truename)
 /* authenticate as per RFC1731 -- note 32-bit integer requirement here */
 {
     int result = 0, len;
@@ -78,13 +65,13 @@ int do_rfc1731(int sock, char *command, char *truename)
      * in network byte order.
      */
 
-    if (result = gen_recv(sock, buf1, sizeof buf1)) {
+    if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0) {
        return result;
     }
 
-    len = from64tobits(challenge1.cstr, buf1);
+    len = from64tobits(challenge1.cstr, buf1, sizeof(challenge1.cstr));
     if (len < 0) {
-       report(stderr, _("could not decode initial BASE64 challenge\n"));
+       report(stderr, GT_("could not decode initial BASE64 challenge\n"));
        return PS_AUTHFAIL;
     }
 
@@ -109,14 +96,14 @@ int do_rfc1731(int sock, char *command, char *truename)
     strncpy(srvinst, truename, (sizeof srvinst)-1);
     srvinst[(sizeof srvinst)-1] = '\0';
     for (p = srvinst; *p; p++) {
-      if (isupper(*p)) {
-       *p = tolower(*p);
+      if (isupper((unsigned char)*p)) {
+       *p = tolower((unsigned char)*p);
       }
     }
 
     strncpy(srvrealm, (char *)krb_realmofhost(srvinst), (sizeof srvrealm)-1);
     srvrealm[(sizeof srvrealm)-1] = '\0';
-    if (p = strchr(srvinst, '.')) {
+    if ((p = strchr(srvinst, '.')) != NULL) {
       *p = '\0';
     }
 
@@ -149,7 +136,7 @@ int do_rfc1731(int sock, char *command, char *truename)
      */
     if (strcmp(tktuser, user) != 0) {
        report(stderr, 
-              _("principal %s in ticket does not match -u %s\n"), tktuser,
+              GT_("principal %s in ticket does not match -u %s\n"), tktuser,
                user);
        return PS_AUTHFAIL;
     }
@@ -157,15 +144,15 @@ int do_rfc1731(int sock, char *command, char *truename)
 
     if (tktinst[0]) {
        report(stderr, 
-              _("non-null instance (%s) might cause strange behavior\n"),
+              GT_("non-null instance (%s) might cause strange behavior\n"),
                tktinst);
-       strcat(tktuser, ".");
-       strcat(tktuser, tktinst);
+       strlcat(tktuser, ".", sizeof(tktuser));
+       strlcat(tktuser, tktinst, sizeof(tktuser));
     }
 
     if (strcmp(tktrealm, srvrealm) != 0) {
-       strcat(tktuser, "@");
-       strcat(tktuser, tktrealm);
+       strlcat(tktuser, "@", sizeof(tktuser));
+       strlcat(tktuser, tktrealm, sizeof(tktuser));
     }
 
     result = krb_mk_req(&authenticator, "imap", srvinst, srvrealm,
@@ -199,7 +186,7 @@ int do_rfc1731(int sock, char *command, char *truename)
      * checksum it previously sent.
      */
     
-    if (result = gen_recv(sock, buf1, sizeof buf1))
+    if ((result = gen_recv(sock, buf1, sizeof buf1)) != 0)
        return result;
 
     /* The client must construct data with the first four octets
@@ -221,16 +208,16 @@ int do_rfc1731(int sock, char *command, char *truename)
      * process is complete.
      */
 
-    len = from64tobits(buf2, buf1);
+    len = from64tobits(buf2, buf1, sizeof(buf2));
     if (len < 0) {
-       report(stderr, _("could not decode BASE64 ready response\n"));
+       report(stderr, GT_("could not decode BASE64 ready response\n"));
        return PS_AUTHFAIL;
     }
 
     des_ecb_encrypt((des_cblock *)buf2, (des_cblock *)buf2, schedule, 0);
     memcpy(challenge2.cstr, buf2, 4);
-    if (ntohl(challenge2.cint) != challenge1.cint + 1) {
-       report(stderr, _("challenge mismatch\n"));
+    if ((int32)ntohl(challenge2.cint) != challenge1.cint + 1) {
+       report(stderr, GT_("challenge mismatch\n"));
        return PS_AUTHFAIL;
     }      
 
@@ -249,20 +236,20 @@ int do_rfc1731(int sock, char *command, char *truename)
     authenticator.dat[4] = 1;
 
     len = strlen(tktuser);
-    strncpy(authenticator.dat+8, tktuser, len);
+    strncpy((char *)authenticator.dat+8, tktuser, len);
     authenticator.length = len + 8 + 1;
     while (authenticator.length & 7) {
        authenticator.length++;
     }
-    des_pcbc_encrypt((des_cblock *)authenticator.dat,
-           (des_cblock *)authenticator.dat, authenticator.length, schedule,
+    des_pcbc_encrypt((const unsigned char *)authenticator.dat,
+           (unsigned char *)authenticator.dat, authenticator.length, schedule,
            &session, 1);
 
     to64frombits(buf1, authenticator.dat, authenticator.length);
 
     /* ship down the response, accept the server's error/ok indication */
     suppress_tags = TRUE;
-    result = gen_transact(sock, buf1, strlen(buf1));
+    result = gen_transact(sock, "%s", buf1);
     suppress_tags = FALSE;
     if (result)
        return(result);