From c401043d2bbd353c06b0e573e7afff32bfb0d865 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 13 Nov 2024 16:11:59 +0300 Subject: [PATCH] import krb5-1.21.1-4.el9_5 --- ...nate-old-style-function-declarations.patch | 10694 ++++++++++++++++ ...onnection-on-KDC_ERR_SVC_UNAVAILABLE.patch | 34 + ...uest_timeout-configuration-parameter.patch | 226 + ...-indefinitely-on-KDC-TCP-connections.patch | 138 + ...oid-strict-prototype-compiler-errors.patch | 381 + .../0021-Fix-leak-in-KDC-NDR-encoding.patch | 42 + .../0022-Fix-two-unlikely-memory-leaks.patch | 206 + ...ities-in-GSS-message-token-handling.patch} | 14 +- SOURCES/0024-Remove-PKINIT-RSA-support.patch | 1295 ++ ...s-issues-detected-by-static-analysis.patch | 175 + ...e-and-verify-message-MACs-in-libkrad.patch | 629 + SPECS/krb5.spec | 36 +- 12 files changed, 13859 insertions(+), 11 deletions(-) create mode 100644 SOURCES/0016-Eliminate-old-style-function-declarations.patch create mode 100644 SOURCES/0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch create mode 100644 SOURCES/0018-Add-request_timeout-configuration-parameter.patch create mode 100644 SOURCES/0019-Wait-indefinitely-on-KDC-TCP-connections.patch create mode 100644 SOURCES/0020-Avoid-strict-prototype-compiler-errors.patch create mode 100644 SOURCES/0021-Fix-leak-in-KDC-NDR-encoding.patch create mode 100644 SOURCES/0022-Fix-two-unlikely-memory-leaks.patch rename SOURCES/{0016-Fix-vulnerabilities-in-GSS-message-token-handling.patch => 0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch} (98%) create mode 100644 SOURCES/0024-Remove-PKINIT-RSA-support.patch create mode 100644 SOURCES/0025-Fix-various-issues-detected-by-static-analysis.patch create mode 100644 SOURCES/0026-Generate-and-verify-message-MACs-in-libkrad.patch diff --git a/SOURCES/0016-Eliminate-old-style-function-declarations.patch b/SOURCES/0016-Eliminate-old-style-function-declarations.patch new file mode 100644 index 0000000..c10f59f --- /dev/null +++ b/SOURCES/0016-Eliminate-old-style-function-declarations.patch @@ -0,0 +1,10694 @@ +From 25015e67106a77dff044421547852f0b0e0fd778 Mon Sep 17 00:00:00 2001 +From: Ken Hornstein +Date: Fri, 9 Jun 2023 23:53:53 -0400 +Subject: [PATCH] Eliminate old-style function declarations + +The C2x standard removes support for non-prototype function +declarations, and clang 15 issues warnings for them +(https://reviews.llvm.org/D122895). Add -Werror=strict-prototypes to +the build and fix all of the non-prototype declarations and +definitions. + +For RPC code, try to be consistent with libtirpc and recent *BSD +versions of rpcgen. This includes casting each time a concrete +function is used as an xdrproc_t value, since each XDR per-type +function accepts a different object pointer type. A few invocations +of xdrproc_t values pass a third argument with value LASTUNSIGNED, +even though XDR per-type functions accept only two parameters. +libtirpc has removed these third arguments; do so here as well. + +[ghudson@mit.edu: added -Werror=strict-prototypes and fixed +declarations it breaks under gcc and clang; added xdrproc_t changes; +rewrote commit message; style changes] + +(cherry picked from commit 4b9d7f7c107f01a61600fddcd8cde3812d0366a2) +--- + src/aclocal.m4 | 2 +- + src/appl/gss-sample/gss-client.c | 29 +--- + src/appl/gss-sample/gss-misc.c | 26 +-- + src/appl/gss-sample/gss-server.c | 2 +- + src/appl/user_user/server.c | 5 +- + src/clients/kdestroy/kdestroy.c | 2 +- + src/clients/kinit/kinit.c | 4 +- + src/clients/klist/klist.c | 2 +- + src/clients/ksu/authorization.c | 95 ++++------ + src/clients/ksu/ccache.c | 108 ++++-------- + src/clients/ksu/heuristic.c | 94 ++++------ + src/clients/ksu/krb_auth_su.c | 49 ++---- + src/clients/ksu/main.c | 40 ++--- + src/clients/kvno/kvno.c | 2 +- + src/include/gssrpc/auth_gssapi.h | 10 +- + src/include/gssrpc/xdr.h | 3 +- + src/include/k5-int.h | 2 +- + src/include/k5-plugin.h | 2 +- + src/include/net-server.h | 6 +- + src/kadmin/cli/getdate.y | 3 - + src/kadmin/cli/kadmin.c | 6 +- + src/kadmin/cli/keytab.c | 4 +- + src/kadmin/dbutil/kdb5_create.c | 16 +- + src/kadmin/dbutil/kdb5_destroy.c | 4 +- + src/kadmin/dbutil/kdb5_stash.c | 4 +- + src/kadmin/dbutil/kdb5_util.c | 24 +-- + src/kadmin/dbutil/ovload.c | 14 +- + src/kadmin/dbutil/strtok.c | 4 +- + src/kadmin/ktutil/ktutil.c | 45 ++--- + src/kadmin/ktutil/ktutil_funcs.c | 37 ++-- + src/kadmin/server/ipropd_svc.c | 24 +-- + src/kadmin/server/kadm_rpc_svc.c | 162 +++++++++--------- + src/kadmin/server/ovsec_kadmd.c | 4 +- + src/kdc/t_ndr.c | 2 +- + src/kdc/t_replay.c | 6 +- + src/kprop/kpropd.c | 2 +- + src/kprop/kproplog.c | 4 +- + src/lib/apputils/net-server.c | 7 +- + src/lib/crypto/builtin/aes/aes-gen.c | 18 +- + .../crypto/builtin/camellia/camellia-gen.c | 18 +- + src/lib/crypto/builtin/sha1/t_shs.c | 7 +- + src/lib/crypto/builtin/sha1/t_shs3.c | 7 +- + src/lib/crypto/crypto_tests/aes-test.c | 8 +- + src/lib/crypto/crypto_tests/camellia-test.c | 8 +- + src/lib/crypto/crypto_tests/t_cf2.c | 4 +- + src/lib/crypto/crypto_tests/t_cts.c | 2 +- + src/lib/crypto/crypto_tests/t_encrypt.c | 2 +- + src/lib/crypto/crypto_tests/t_fork.c | 2 +- + src/lib/crypto/crypto_tests/t_hmac.c | 3 +- + src/lib/crypto/crypto_tests/t_mddriver.c | 25 ++- + src/lib/crypto/crypto_tests/t_nfold.c | 16 +- + src/lib/crypto/crypto_tests/t_prf.c | 2 +- + src/lib/crypto/crypto_tests/t_sha2.c | 2 +- + src/lib/gssapi/generic/t_seqstate.c | 2 +- + src/lib/gssapi/krb5/accept_sec_context.c | 76 +++----- + src/lib/gssapi/krb5/compare_name.c | 7 +- + src/lib/gssapi/krb5/context_time.c | 6 +- + src/lib/gssapi/krb5/delete_sec_context.c | 7 +- + src/lib/gssapi/krb5/disp_name.c | 9 +- + src/lib/gssapi/krb5/disp_status.c | 11 +- + src/lib/gssapi/krb5/export_sec_context.c | 7 +- + src/lib/gssapi/krb5/gssapi_krb5.c | 4 +- + src/lib/gssapi/krb5/import_name.c | 8 +- + src/lib/gssapi/krb5/import_sec_context.c | 10 +- + src/lib/gssapi/krb5/indicate_mechs.c | 4 +- + src/lib/gssapi/krb5/init_sec_context.c | 55 ++---- + src/lib/gssapi/krb5/inq_context.c | 17 +- + src/lib/gssapi/krb5/inq_cred.c | 26 +-- + src/lib/gssapi/krb5/inq_names.c | 6 +- + src/lib/gssapi/krb5/k5seal.c | 38 ++-- + src/lib/gssapi/krb5/k5unseal.c | 51 ++---- + src/lib/gssapi/krb5/process_context_token.c | 8 +- + src/lib/gssapi/krb5/rel_cred.c | 4 +- + src/lib/gssapi/krb5/rel_name.c | 4 +- + src/lib/gssapi/krb5/rel_oid.c | 8 +- + src/lib/gssapi/krb5/ser_sctx.c | 16 +- + src/lib/gssapi/krb5/util_cksum.c | 6 +- + src/lib/gssapi/krb5/util_seed.c | 5 +- + src/lib/gssapi/krb5/util_seqnum.c | 19 +- + src/lib/gssapi/krb5/val_cred.c | 4 +- + src/lib/gssapi/krb5/wrap_size_limit.c | 11 +- + .../gssapi/mechglue/g_accept_sec_context.c | 31 +--- + src/lib/gssapi/mechglue/g_acquire_cred.c | 95 +++------- + .../gssapi/mechglue/g_acquire_cred_with_pw.c | 56 ++---- + src/lib/gssapi/mechglue/g_canon_name.c | 10 +- + src/lib/gssapi/mechglue/g_compare_name.c | 12 +- + src/lib/gssapi/mechglue/g_context_time.c | 10 +- + .../gssapi/mechglue/g_delete_sec_context.c | 10 +- + src/lib/gssapi/mechglue/g_dsp_name.c | 12 +- + src/lib/gssapi/mechglue/g_dsp_status.c | 22 +-- + src/lib/gssapi/mechglue/g_dup_name.c | 8 +- + src/lib/gssapi/mechglue/g_exp_sec_context.c | 10 +- + src/lib/gssapi/mechglue/g_export_name.c | 8 +- + src/lib/gssapi/mechglue/g_glue.c | 75 +++----- + src/lib/gssapi/mechglue/g_imp_name.c | 18 +- + src/lib/gssapi/mechglue/g_imp_sec_context.c | 11 +- + src/lib/gssapi/mechglue/g_init_sec_context.c | 37 +--- + src/lib/gssapi/mechglue/g_initialize.c | 22 +-- + src/lib/gssapi/mechglue/g_inq_cred.c | 31 +--- + src/lib/gssapi/mechglue/g_inq_names.c | 8 +- + src/lib/gssapi/mechglue/g_mechname.c | 14 +- + src/lib/gssapi/mechglue/g_oid_ops.c | 27 +-- + src/lib/gssapi/mechglue/g_process_context.c | 10 +- + src/lib/gssapi/mechglue/g_rel_buffer.c | 6 +- + src/lib/gssapi/mechglue/g_rel_cred.c | 7 +- + src/lib/gssapi/mechglue/g_rel_name.c | 7 +- + src/lib/gssapi/mechglue/g_rel_oid_set.c | 6 +- + src/lib/gssapi/mechglue/g_sign.c | 29 +--- + src/lib/gssapi/mechglue/g_store_cred.c | 48 ++---- + src/lib/gssapi/mechglue/g_unseal.c | 35 +--- + src/lib/gssapi/mechglue/g_unwrap_aead.c | 19 +- + src/lib/gssapi/mechglue/g_unwrap_iov.c | 15 +- + src/lib/gssapi/mechglue/g_verify.c | 30 +--- + src/lib/gssapi/mechglue/g_wrap_aead.c | 39 ++--- + src/lib/gssapi/mechglue/g_wrap_iov.c | 43 +---- + src/lib/kadm5/clnt/client_rpc.c | 1 + + src/lib/kadm5/kadm_rpc.h | 45 ----- + src/lib/kadm5/kadm_rpc_xdr.c | 37 ++-- + src/lib/kadm5/misc_free.c | 5 +- + src/lib/kadm5/srv/adb_xdr.c | 6 +- + src/lib/kadm5/srv/svr_principal.c | 12 +- + src/lib/kadm5/str_conv.c | 18 +- + src/lib/kadm5/t_kadm5.c | 22 +-- + src/lib/kdb/kdb5.c | 8 +- + src/lib/kdb/kdb_cpw.c | 32 +--- + src/lib/kdb/keytab.c | 19 +- + src/lib/kdb/t_stringattr.c | 2 +- + src/lib/krad/packet.c | 2 +- + src/lib/krad/t_attr.c | 2 +- + src/lib/krad/t_attrset.c | 2 +- + src/lib/krad/t_code.c | 2 +- + src/lib/krb5/ccache/cc_keyring.c | 2 +- + src/lib/krb5/krb/plugin.c | 2 +- + src/lib/krb5/krb/t_authdata.c | 2 +- + src/lib/krb5/krb/t_response_items.c | 2 +- + src/lib/krb5/krb/t_ser.c | 8 +- + src/lib/krb5/krb/t_sname_match.c | 2 +- + src/lib/krb5/krb/t_valid_times.c | 2 +- + src/lib/krb5/rcache/t_memrcache.c | 2 +- + src/lib/rpc/auth_gss.c | 4 +- + src/lib/rpc/auth_gssapi.c | 14 +- + src/lib/rpc/auth_gssapi_misc.c | 4 +- + src/lib/rpc/authunix_prot.c | 3 +- + src/lib/rpc/clnt_perror.c | 1 - + src/lib/rpc/clnt_raw.c | 2 +- + src/lib/rpc/dyn.c | 85 ++++----- + src/lib/rpc/pmap_clnt.c | 9 +- + src/lib/rpc/pmap_getmaps.c | 5 +- + src/lib/rpc/pmap_getport.c | 6 +- + src/lib/rpc/pmap_prot2.c | 3 +- + src/lib/rpc/pmap_rmt.c | 10 +- + src/lib/rpc/rpc_prot.c | 4 +- + src/lib/rpc/svc.c | 4 +- + src/lib/rpc/svc_auth_gss.c | 10 +- + src/lib/rpc/svc_auth_gssapi.c | 28 +-- + src/lib/rpc/svc_simple.c | 4 +- + src/lib/rpc/unit-test/client.c | 18 +- + src/lib/rpc/unit-test/rpc_test_clnt.c | 4 +- + src/lib/rpc/unit-test/rpc_test_svc.c | 16 +- + src/lib/rpc/unit-test/server.c | 2 +- + src/lib/rpc/xdr.c | 4 +- + src/lib/rpc/xdr_array.c | 4 +- + src/lib/rpc/xdr_rec.c | 13 +- + src/lib/rpc/xdr_reference.c | 4 +- + src/lib/rpc/xdr_sizeof.c | 29 +--- + src/plugins/kdb/db2/db2_exp.c | 4 +- + src/plugins/kdb/db2/libdb2/btree/bt_close.c | 10 +- + src/plugins/kdb/db2/libdb2/btree/bt_conv.c | 13 +- + src/plugins/kdb/db2/libdb2/btree/bt_delete.c | 34 +--- + src/plugins/kdb/db2/libdb2/btree/bt_get.c | 6 +- + src/plugins/kdb/db2/libdb2/btree/bt_open.c | 12 +- + .../kdb/db2/libdb2/btree/bt_overflow.c | 16 +- + src/plugins/kdb/db2/libdb2/btree/bt_page.c | 8 +- + src/plugins/kdb/db2/libdb2/btree/bt_put.c | 11 +- + src/plugins/kdb/db2/libdb2/btree/bt_search.c | 17 +- + src/plugins/kdb/db2/libdb2/btree/bt_seq.c | 27 +-- + src/plugins/kdb/db2/libdb2/btree/bt_split.c | 42 +---- + src/plugins/kdb/db2/libdb2/btree/bt_utils.c | 18 +- + src/plugins/kdb/db2/libdb2/db/db.c | 26 ++- + src/plugins/kdb/db2/libdb2/hash/dbm.c | 50 ++---- + src/plugins/kdb/db2/libdb2/hash/hash.c | 94 +++------- + src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c | 35 +--- + src/plugins/kdb/db2/libdb2/hash/hash_func.c | 16 +- + src/plugins/kdb/db2/libdb2/hash/hash_log2.c | 3 +- + src/plugins/kdb/db2/libdb2/hash/hash_page.c | 121 ++++--------- + src/plugins/kdb/db2/libdb2/hash/hsearch.c | 9 +- + src/plugins/kdb/db2/libdb2/mpool/mpool.c | 54 ++---- + src/plugins/kdb/db2/libdb2/recno/rec_close.c | 7 +- + src/plugins/kdb/db2/libdb2/recno/rec_delete.c | 14 +- + src/plugins/kdb/db2/libdb2/recno/rec_get.c | 22 +-- + src/plugins/kdb/db2/libdb2/recno/rec_open.c | 9 +- + src/plugins/kdb/db2/libdb2/recno/rec_put.c | 12 +- + src/plugins/kdb/db2/libdb2/recno/rec_search.c | 5 +- + src/plugins/kdb/db2/libdb2/recno/rec_seq.c | 5 +- + src/plugins/kdb/db2/libdb2/recno/rec_utils.c | 6 +- + src/plugins/kdb/db2/libdb2/test/dbtest.c | 59 ++----- + src/plugins/kdb/db2/pol_xdr.c | 2 +- + .../kdb/ldap/ldap_util/kdb5_ldap_util.c | 4 +- + src/plugins/kdb/lmdb/kdb_lmdb.c | 4 +- + src/plugins/kdb/test/kdb_test.c | 4 +- + .../preauth/pkinit/pkinit_crypto_openssl.c | 4 +- + src/plugins/preauth/spake/t_vectors.c | 2 +- + src/tests/asn.1/krb5_decode_test.c | 5 +- + src/tests/asn.1/krb5_encode_test.c | 13 +- + src/tests/asn.1/t_trval.c | 14 +- + src/tests/asn.1/trval.c | 73 +++----- + src/tests/conccache.c | 4 +- + src/tests/create/kdb5_mkdums.c | 16 +- + src/tests/forward.c | 2 +- + src/tests/gss-threads/gss-client.c | 4 +- + src/tests/gss-threads/gss-server.c | 2 +- + src/tests/gssapi/reload.c | 2 +- + src/tests/gssapi/t_add_cred.c | 2 +- + src/tests/gssapi/t_enctypes.c | 2 +- + src/tests/gssapi/t_invalid.c | 4 +- + src/tests/gssapi/t_oid.c | 2 +- + src/tests/gssapi/t_spnego.c | 2 +- + src/tests/hammer/kdc5_hammer.c | 36 ++-- + src/tests/kdbtest.c | 2 +- + src/tests/misc/test_getpw.c | 2 +- + src/tests/plugorder.c | 2 +- + src/tests/shlib/t_loader.c | 2 +- + src/tests/softpkcs11/main.c | 2 +- + src/tests/t_inetd.c | 7 +- + src/tests/test1.c | 4 +- + src/tests/verify/kdb5_verify.c | 17 +- + src/util/et/error_message.c | 2 +- + src/util/et/test_et.c | 3 +- + src/util/profile/prof_init.c | 2 +- + src/util/profile/t_profile.c | 22 +-- + src/util/profile/test_load.c | 2 +- + src/util/profile/test_parse.c | 5 +- + src/util/profile/test_profile.c | 10 +- + src/util/profile/test_vtable.c | 3 +- + src/util/ss/error.c | 13 +- + src/util/ss/execute_cmd.c | 23 +-- + src/util/ss/help.c | 115 ++++++------- + src/util/ss/invocation.c | 13 +- + src/util/ss/list_rqs.c | 11 +- + src/util/ss/listen.c | 32 ++-- + src/util/ss/pager.c | 10 +- + src/util/ss/parse.c | 6 +- + src/util/ss/prompt.c | 7 +- + src/util/ss/request_tbl.c | 11 +- + src/util/ss/requests.c | 2 +- + src/util/ss/ss.h | 1 - + src/util/ss/ss_internal.h | 3 +- + src/util/support/plugins.c | 10 +- + src/util/support/t_hashtab.c | 6 +- + src/util/support/t_hex.c | 3 +- + src/util/support/t_json.c | 2 +- + src/util/support/t_k5buf.c | 16 +- + src/util/support/t_unal.c | 3 +- + 253 files changed, 1380 insertions(+), 2718 deletions(-) + +diff --git a/src/aclocal.m4 b/src/aclocal.m4 +index 3331970930..040d5bdd0c 100644 +--- a/src/aclocal.m4 ++++ b/src/aclocal.m4 +@@ -546,7 +546,7 @@ if test "$GCC" = yes ; then + TRY_WARN_CC_FLAG(-Wno-format-zero-length) + # Other flags here may not be supported on some versions of + # gcc that people want to use. +- for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized no-maybe-uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int ; do ++ for flag in overflow strict-overflow missing-format-attribute missing-prototypes return-type missing-braces parentheses switch unused-function unused-label unused-variable unused-value unknown-pragmas sign-compare newline-eof error=uninitialized no-maybe-uninitialized error=pointer-arith error=int-conversion error=incompatible-pointer-types error=discarded-qualifiers error=implicit-int error=strict-prototypes; do + TRY_WARN_CC_FLAG(-W$flag) + done + # old-style-definition? generates many, many warnings +diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c +index 6e2aa33690..0722ae196f 100644 +--- a/src/appl/gss-sample/gss-client.c ++++ b/src/appl/gss-sample/gss-client.c +@@ -75,7 +75,7 @@ static gss_OID_desc gss_spnego_mechanism_oid_desc = + {6, (void *)"\x2b\x06\x01\x05\x05\x02"}; + + static void +-usage() ++usage(void) + { + fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] " + "[-spnego] [-d]\n"); +@@ -359,9 +359,7 @@ client_establish_context(int s, char *service_name, OM_uint32 gss_flags, + } + + static void +-read_file(file_name, in_buf) +- char *file_name; +- gss_buffer_t in_buf; ++read_file(char *file_name, gss_buffer_t in_buf) + { + int fd, count; + struct stat stat_buf; +@@ -431,21 +429,10 @@ read_file(file_name, in_buf) + * verifies it with gss_verify. -1 is returned if any step fails, + * otherwise 0 is returned. */ + static int +-call_server(host, port, oid, service_name, gss_flags, auth_flag, +- wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, +- mcount, username, password) +- char *host; +- u_short port; +- gss_OID oid; +- char *service_name; +- OM_uint32 gss_flags; +- int auth_flag, wrap_flag, encrypt_flag, mic_flag; +- int v1_format; +- char *msg; +- int use_file; +- int mcount; +- char *username; +- char *password; ++call_server(char *host, u_short port, gss_OID oid, char *service_name, ++ OM_uint32 gss_flags, int auth_flag, int wrap_flag, ++ int encrypt_flag, int mic_flag, int v1_format, char *msg, ++ int use_file, int mcount, char *username, char *password) + { + gss_ctx_id_t context = GSS_C_NO_CONTEXT; + gss_buffer_desc in_buf, out_buf; +@@ -774,9 +761,7 @@ worker_bee(void *unused) + } + + int +-main(argc, argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + int i; + +diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c +index 1d051edf1e..7eb4c7971d 100644 +--- a/src/appl/gss-sample/gss-misc.c ++++ b/src/appl/gss-sample/gss-misc.c +@@ -157,10 +157,7 @@ read_all(int fildes, void *data, unsigned int nbyte) + * if an error occurs or if it could not write all the data. + */ + int +-send_token(s, flags, tok) +- int s; +- int flags; +- gss_buffer_t tok; ++send_token(int s, int flags, gss_buffer_t tok) + { + int ret; + unsigned char char_flags = (unsigned char) flags; +@@ -230,10 +227,7 @@ send_token(s, flags, tok) + * and -1 if an error occurs or if it could not read all the data. + */ + int +-recv_token(s, flags, tok) +- int s; +- int *flags; +- gss_buffer_t tok; ++recv_token(int s, int *flags, gss_buffer_t tok) + { + int ret; + unsigned char char_flags; +@@ -303,10 +297,7 @@ recv_token(s, flags, tok) + } + + static void +-display_status_1(m, code, type) +- char *m; +- OM_uint32 code; +- int type; ++display_status_1(char *m, OM_uint32 code, int type) + { + OM_uint32 min_stat; + gss_buffer_desc msg; +@@ -344,10 +335,7 @@ display_status_1(m, code, type) + * followed by a newline. + */ + void +-display_status(msg, maj_stat, min_stat) +- char *msg; +- OM_uint32 maj_stat; +- OM_uint32 min_stat; ++display_status(char *msg, OM_uint32 maj_stat, OM_uint32 min_stat) + { + display_status_1(msg, maj_stat, GSS_C_GSS_CODE); + display_status_1(msg, min_stat, GSS_C_MECH_CODE); +@@ -370,8 +358,7 @@ display_status(msg, maj_stat, min_stat) + */ + + void +-display_ctx_flags(flags) +- OM_uint32 flags; ++display_ctx_flags(OM_uint32 flags) + { + if (flags & GSS_C_DELEG_FLAG) + fprintf(display_file, "context flag: GSS_C_DELEG_FLAG\n"); +@@ -388,8 +375,7 @@ display_ctx_flags(flags) + } + + void +-print_token(tok) +- gss_buffer_t tok; ++print_token(gss_buffer_t tok) + { + unsigned int i; + unsigned char *p = tok->value; +diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c +index 9b6ce9ffb3..0e9c857e56 100644 +--- a/src/appl/gss-sample/gss-server.c ++++ b/src/appl/gss-sample/gss-server.c +@@ -73,7 +73,7 @@ static OM_uint32 + showLocalIdentity(OM_uint32 *minor, gss_name_t name); + + static void +-usage() ++usage(void) + { + fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]"); + #ifdef _WIN32 +diff --git a/src/appl/user_user/server.c b/src/appl/user_user/server.c +index f2b5b614e3..afb3d2bcba 100644 +--- a/src/appl/user_user/server.c ++++ b/src/appl/user_user/server.c +@@ -39,9 +39,8 @@ + + /* fd 0 is a tcp socket used to talk to the client */ + +-int main(argc, argv) +- int argc; +- char *argv[]; ++int ++main(int argc, char *argv[]) + { + krb5_data pname_data, tkt_data; + int sock = 0; +diff --git a/src/clients/kdestroy/kdestroy.c b/src/clients/kdestroy/kdestroy.c +index 774b729fdb..48f672a1e8 100644 +--- a/src/clients/kdestroy/kdestroy.c ++++ b/src/clients/kdestroy/kdestroy.c +@@ -47,7 +47,7 @@ char *progname; + + + static void +-usage() ++usage(void) + { + fprintf(stderr, _("Usage: %s [-A] [-q] [-c cache_name] [-p princ_name]\n"), + progname); +diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c +index f4c7b2b842..7a33ffae59 100644 +--- a/src/clients/kinit/kinit.c ++++ b/src/clients/kinit/kinit.c +@@ -45,7 +45,7 @@ + #ifdef HAVE_PWD_H + #include + static char * +-get_name_from_os() ++get_name_from_os(void) + { + struct passwd *pw; + +@@ -137,7 +137,7 @@ const char *shopts = "r:fpFPn54aAVl:s:c:kit:T:RS:vX:CEI:"; + #define USAGE_BREAK "\n\t" + + static void +-usage() ++usage(void) + { + fprintf(stderr, + _("Usage: %s [-V] [-l lifetime] [-s start_time] " +diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c +index dcdc5a2d59..c797b1698f 100644 +--- a/src/clients/klist/klist.c ++++ b/src/clients/klist/klist.c +@@ -80,7 +80,7 @@ static void fillit(FILE *, unsigned int, int); + #define KEYTAB 2 + + static void +-usage() ++usage(void) + { + fprintf(stderr, _("Usage: %s [-e] [-V] [[-c] [-l] [-A] [-d] [-f] [-s] " + "[-a [-n]]] [-k [-i] [-t] [-K]] [-C] [name]\n"), +diff --git a/src/clients/ksu/authorization.c b/src/clients/ksu/authorization.c +index fb9d5d0942..17a8a8f2f0 100644 +--- a/src/clients/ksu/authorization.c ++++ b/src/clients/ksu/authorization.c +@@ -30,9 +30,8 @@ + + static void auth_cleanup (FILE *, FILE *, char *); + +-krb5_boolean fowner(fp, uid) +- FILE *fp; +- uid_t uid; ++krb5_boolean ++fowner(FILE *fp, uid_t uid) + { + struct stat sbuf; + +@@ -59,16 +58,10 @@ krb5_boolean fowner(fp, uid) + * + */ + +-krb5_error_code krb5_authorization(context, principal, luser, +- cmd, ok, out_fcmd) +-/* IN */ +- krb5_context context; +- krb5_principal principal; +- const char *luser; +- char *cmd; +- /* OUT */ +- krb5_boolean *ok; +- char **out_fcmd; ++krb5_error_code ++krb5_authorization(krb5_context context, krb5_principal principal, ++ const char *luser, char *cmd, krb5_boolean *ok, ++ char **out_fcmd) + { + struct passwd *pwd; + char *princname; +@@ -178,10 +171,8 @@ any tokens after the principal name FALSE is returned. + + ***********************************************************/ + +-krb5_error_code k5login_lookup (fp, princname, found) +- FILE *fp; +- char *princname; +- krb5_boolean *found; ++krb5_error_code ++k5login_lookup(FILE *fp, char *princname, krb5_boolean *found) + { + + krb5_error_code retval; +@@ -240,12 +231,9 @@ if princname is found{ + + + ***********************************************************/ +-krb5_error_code k5users_lookup (fp, princname, cmd, found, out_fcmd) +- FILE *fp; +- char *princname; +- char *cmd; +- krb5_boolean *found; +- char **out_fcmd; ++krb5_error_code ++k5users_lookup(FILE *fp, char *princname, char *cmd, ++ krb5_boolean *found, char **out_fcmd) + { + krb5_error_code retval; + char * line; +@@ -328,10 +316,8 @@ resolves it into a full path name. + + ************************************************/ + +-krb5_boolean fcmd_resolve(fcmd, out_fcmd, out_err) +- char *fcmd; +- char ***out_fcmd; +- char **out_err; ++krb5_boolean ++fcmd_resolve(char *fcmd, char ***out_fcmd, char **out_err) + { + char * err; + char ** tmp_fcmd; +@@ -407,8 +393,8 @@ cmd_single - checks if cmd consists of a path + + ********************************************/ + +-krb5_boolean cmd_single(cmd) +- char * cmd; ++krb5_boolean ++cmd_single(char *cmd) + { + + if ( ( strrchr( cmd, '/')) == NULL){ +@@ -423,9 +409,8 @@ cmd_arr_cmp_postfix - compares a command with the postfix + of fcmd + ********************************************/ + +-int cmd_arr_cmp_postfix(fcmd_arr, cmd) +- char **fcmd_arr; +- char *cmd; ++int ++cmd_arr_cmp_postfix(char **fcmd_arr, char *cmd) + { + char * temp_fcmd; + char *ptr; +@@ -457,9 +442,8 @@ cmd_arr_cmp - checks if cmd matches any + + **********************************************/ + +-int cmd_arr_cmp (fcmd_arr, cmd) +- char **fcmd_arr; +- char *cmd; ++int ++cmd_arr_cmp(char **fcmd_arr, char *cmd) + { + int result =1; + int i = 0; +@@ -475,10 +459,8 @@ int cmd_arr_cmp (fcmd_arr, cmd) + } + + +-krb5_boolean find_first_cmd_that_exists(fcmd_arr, cmd_out, err_out) +- char **fcmd_arr; +- char **cmd_out; +- char **err_out; ++krb5_boolean ++find_first_cmd_that_exists(char **fcmd_arr, char **cmd_out, char **err_out) + { + struct stat st_temp; + int i = 0; +@@ -517,12 +499,9 @@ returns 1 if there is an error, 0 if no error. + + ***************************************************************/ + +-int match_commands (fcmd, cmd, match, cmd_out, err_out) +- char *fcmd; +- char *cmd; +- krb5_boolean *match; +- char **cmd_out; +- char **err_out; ++int ++match_commands(char *fcmd, char *cmd, krb5_boolean *match, ++ char **cmd_out, char **err_out) + { + char ** fcmd_arr; + char * err; +@@ -566,11 +545,8 @@ int match_commands (fcmd, cmd, match, cmd_out, err_out) + is set to null if eof. + *********************************************************/ + +-krb5_error_code get_line (fp, out_line) +-/* IN */ +- FILE *fp; +- /* OUT */ +- char **out_line; ++krb5_error_code ++get_line(FILE *fp, char **out_line) + { + char * line, *r, *newline , *line_ptr; + int chunk_count = 1; +@@ -615,9 +591,8 @@ will be returned as part of the first token. + Note: this routine reuses the space pointed to by line + ******************************************************/ + +-char * get_first_token (line, lnext) +- char *line; +- char **lnext; ++char * ++get_first_token(char *line, char **lnext) + { + + char * lptr, * out_ptr; +@@ -651,8 +626,8 @@ Note: that this function modifies the stream + lnext to the next tocken. + **********************************************************/ + +-char * get_next_token (lnext) +- char **lnext; ++char * ++get_next_token (char **lnext) + { + char * lptr, * out_ptr; + +@@ -677,10 +652,8 @@ char * get_next_token (lnext) + return out_ptr; + } + +-static void auth_cleanup(users_fp, login_fp, princname) +- FILE *users_fp; +- FILE *login_fp; +- char *princname; ++static void ++auth_cleanup(FILE *users_fp, FILE *login_fp, char *princname) + { + + free (princname); +@@ -690,8 +663,8 @@ static void auth_cleanup(users_fp, login_fp, princname) + fclose(login_fp); + } + +-void init_auth_names(pw_dir) +- char *pw_dir; ++void ++init_auth_names(char *pw_dir) + { + const char *sep; + int r1, r2; +diff --git a/src/clients/ksu/ccache.c b/src/clients/ksu/ccache.c +index cbb9aa2b85..cca9ce2dfc 100644 +--- a/src/clients/ksu/ccache.c ++++ b/src/clients/ksu/ccache.c +@@ -40,24 +40,18 @@ copies the default cache into the secondary cache, + + ************************************************************************/ + +-void show_credential(); ++void show_credential(krb5_context, krb5_creds *, krb5_ccache); + + /* modifies only the cc_other, the algorithm may look a bit funny, + but I had to do it this way, since remove function did not come + with k5 beta 3 release. + */ + +-krb5_error_code krb5_ccache_copy(context, cc_def, target_principal, cc_target, +- restrict_creds, primary_principal, stored) +-/* IN */ +- krb5_context context; +- krb5_ccache cc_def; +- krb5_principal target_principal; +- krb5_ccache cc_target; +- krb5_boolean restrict_creds; +- krb5_principal primary_principal; +- /* OUT */ +- krb5_boolean *stored; ++krb5_error_code ++krb5_ccache_copy(krb5_context context, krb5_ccache cc_def, ++ krb5_principal target_principal, krb5_ccache cc_target, ++ krb5_boolean restrict_creds, krb5_principal primary_principal, ++ krb5_boolean *stored) + { + int i=0; + krb5_error_code retval=0; +@@ -105,11 +99,9 @@ krb5_error_code krb5_ccache_copy(context, cc_def, target_principal, cc_target, + } + + +-krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other) +- krb5_context context; +- krb5_ccache cc; +- krb5_creds **creds_def; +- krb5_creds **creds_other; ++krb5_error_code ++krb5_store_all_creds(krb5_context context, krb5_ccache cc, ++ krb5_creds **creds_def, krb5_creds **creds_other) + { + + int i = 0; +@@ -173,10 +165,8 @@ krb5_error_code krb5_store_all_creds(context, cc, creds_def, creds_other) + return 0; + } + +-krb5_boolean compare_creds(context, cred1, cred2) +- krb5_context context; +- krb5_creds *cred1; +- krb5_creds *cred2; ++krb5_boolean ++compare_creds(krb5_context context, krb5_creds *cred1, krb5_creds *cred2) + { + krb5_boolean retval; + +@@ -188,13 +178,9 @@ krb5_boolean compare_creds(context, cred1, cred2) + return retval; + } + +- +- +- +-krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array) +- krb5_context context; +- krb5_ccache cc; +- krb5_creds ***creds_array; ++krb5_error_code ++krb5_get_nonexp_tkts(krb5_context context, krb5_ccache cc, ++ krb5_creds ***creds_array) + { + + krb5_creds creds, temp_tktq, temp_tkt; +@@ -262,10 +248,8 @@ krb5_error_code krb5_get_nonexp_tkts(context, cc, creds_array) + + } + +- +-krb5_error_code krb5_check_exp(context, tkt_time) +- krb5_context context; +- krb5_ticket_times tkt_time; ++krb5_error_code ++krb5_check_exp(krb5_context context, krb5_ticket_times tkt_time) + { + krb5_error_code retval =0; + krb5_timestamp currenttime; +@@ -290,9 +274,8 @@ krb5_error_code krb5_check_exp(context, tkt_time) + return 0; + } + +- +-char *flags_string(cred) +- krb5_creds *cred; ++char * ++flags_string(krb5_creds *cred) + { + static char buf[32]; + int i = 0; +@@ -323,7 +306,8 @@ char *flags_string(cred) + return(buf); + } + +-void printtime(krb5_timestamp ts) ++void ++printtime(krb5_timestamp ts) + { + char fmtbuf[18], fill = ' '; + +@@ -333,9 +317,7 @@ void printtime(krb5_timestamp ts) + + + krb5_error_code +-krb5_get_login_princ(luser, princ_list) +- const char *luser; +- char ***princ_list; ++krb5_get_login_princ(const char *luser, char ***princ_list) + { + struct stat sbuf; + struct passwd *pwd; +@@ -420,13 +402,8 @@ krb5_get_login_princ(luser, princ_list) + return 0; + } + +- +- + void +-show_credential(context, cred, cc) +- krb5_context context; +- krb5_creds *cred; +- krb5_ccache cc; ++show_credential(krb5_context context, krb5_creds *cred, krb5_ccache cc) + { + krb5_error_code retval; + char *name, *sname, *flags; +@@ -519,11 +496,9 @@ gen_sym(krb5_context context, char **sym_out) + return 0; + } + +-krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal) +- krb5_context context; +- krb5_ccache ccs; +- krb5_ccache cct; +- krb5_principal primary_principal; ++krb5_error_code ++krb5_ccache_overwrite(krb5_context context, krb5_ccache ccs, krb5_ccache cct, ++ krb5_principal primary_principal) + { + krb5_error_code retval=0; + krb5_principal temp_principal; +@@ -560,14 +535,10 @@ krb5_error_code krb5_ccache_overwrite(context, ccs, cct, primary_principal) + return retval; + } + +-krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst, +- stored) +- krb5_context context; +- krb5_ccache cc; +- krb5_creds **creds_def; +- krb5_creds **creds_other; +- krb5_principal prst; +- krb5_boolean *stored; ++krb5_error_code ++krb5_store_some_creds(krb5_context context, krb5_ccache cc, ++ krb5_creds **creds_def, krb5_creds **creds_other, ++ krb5_principal prst, krb5_boolean *stored) + { + + int i = 0; +@@ -610,10 +581,8 @@ krb5_error_code krb5_store_some_creds(context, cc, creds_def, creds_other, prst, + return 0; + } + +-krb5_error_code krb5_ccache_filter (context, cc, prst) +- krb5_context context; +- krb5_ccache cc; +- krb5_principal prst; ++krb5_error_code ++krb5_ccache_filter(krb5_context context, krb5_ccache cc, krb5_principal prst) + { + + int i=0; +@@ -657,10 +626,9 @@ krb5_error_code krb5_ccache_filter (context, cc, prst) + return 0; + } + +-krb5_boolean krb5_find_princ_in_cred_list (context, creds_list, princ) +- krb5_context context; +- krb5_creds **creds_list; +- krb5_principal princ; ++krb5_boolean ++krb5_find_princ_in_cred_list(krb5_context context, krb5_creds **creds_list, ++ krb5_principal princ) + { + + int i = 0; +@@ -682,11 +650,9 @@ krb5_boolean krb5_find_princ_in_cred_list (context, creds_list, princ) + return temp_stored; + } + +-krb5_error_code krb5_find_princ_in_cache (context, cc, princ, found) +- krb5_context context; +- krb5_ccache cc; +- krb5_principal princ; +- krb5_boolean *found; ++krb5_error_code ++krb5_find_princ_in_cache(krb5_context context, krb5_ccache cc, ++ krb5_principal princ, krb5_boolean *found) + { + krb5_error_code retval; + krb5_creds ** creds_list = NULL; +diff --git a/src/clients/ksu/heuristic.c b/src/clients/ksu/heuristic.c +index 4f7280f4cb..e906de8ef0 100644 +--- a/src/clients/ksu/heuristic.c ++++ b/src/clients/ksu/heuristic.c +@@ -41,9 +41,8 @@ get_all_princ_from_file - retrieves all principal names + static void close_time (int, FILE *, int, FILE *); + static krb5_boolean find_str_in_list (char **, char *); + +-krb5_error_code get_all_princ_from_file (fp, plist) +- FILE *fp; +- char ***plist; ++krb5_error_code ++get_all_princ_from_file(FILE *fp, char ***plist) + { + + krb5_error_code retval; +@@ -92,10 +91,8 @@ list_union - combines list1 and list2 into combined_list. + or used by combined_list. + **************************************************************/ + +-krb5_error_code list_union(list1, list2, combined_list) +- char **list1; +- char **list2; +- char ***combined_list; ++krb5_error_code ++list_union(char **list1, char **list2, char ***combined_list) + { + + unsigned int c1 =0, c2 = 0, i=0, j=0; +@@ -141,11 +138,7 @@ krb5_error_code list_union(list1, list2, combined_list) + } + + krb5_error_code +-filter(fp, cmd, k5users_list, k5users_filt_list) +- FILE *fp; +- char *cmd; +- char **k5users_list; +- char ***k5users_filt_list; ++filter(FILE *fp, char *cmd, char **k5users_list, char ***k5users_filt_list) + { + + krb5_error_code retval =0; +@@ -195,10 +188,7 @@ filter(fp, cmd, k5users_list, k5users_filt_list) + } + + krb5_error_code +-get_authorized_princ_names(luser, cmd, princ_list) +- const char *luser; +- char *cmd; +- char ***princ_list; ++get_authorized_princ_names(const char *luser, char *cmd, char ***princ_list) + { + + struct passwd *pwd; +@@ -272,11 +262,8 @@ get_authorized_princ_names(luser, cmd, princ_list) + return 0; + } + +-static void close_time(k5users_flag, users_fp, k5login_flag, login_fp) +- int k5users_flag; +- FILE *users_fp; +- int k5login_flag; +- FILE *login_fp; ++static void ++close_time(int k5users_flag, FILE *users_fp, int k5login_flag, FILE *login_fp) + { + + if (!k5users_flag) fclose(users_fp); +@@ -284,9 +271,8 @@ static void close_time(k5users_flag, users_fp, k5login_flag, login_fp) + + } + +-static krb5_boolean find_str_in_list(list , elm) +- char **list; +- char *elm; ++static krb5_boolean ++find_str_in_list(char **list, char *elm) + { + + int i=0; +@@ -313,12 +299,9 @@ A principal is picked that has the best chance of getting in. + + **********************************************************************/ + +- +-krb5_error_code get_closest_principal(context, plist, client, found) +- krb5_context context; +- char **plist; +- krb5_principal *client; +- krb5_boolean *found; ++krb5_error_code ++get_closest_principal(krb5_context context, char **plist, ++ krb5_principal *client, krb5_boolean *found) + { + krb5_error_code retval =0; + krb5_principal temp_client, best_client = NULL; +@@ -385,12 +368,9 @@ find_either_ticket checks to see whether there is a ticket for the + end server or tgt, if neither is there the return FALSE, + *****************************************************************/ + +-krb5_error_code find_either_ticket (context, cc, client, end_server, found) +- krb5_context context; +- krb5_ccache cc; +- krb5_principal client; +- krb5_principal end_server; +- krb5_boolean *found; ++krb5_error_code ++find_either_ticket(krb5_context context, krb5_ccache cc, krb5_principal client, ++ krb5_principal end_server, krb5_boolean *found) + { + + krb5_principal kdc_server; +@@ -424,13 +404,9 @@ krb5_error_code find_either_ticket (context, cc, client, end_server, found) + return 0; + } + +- +-krb5_error_code find_ticket (context, cc, client, server, found) +- krb5_context context; +- krb5_ccache cc; +- krb5_principal client; +- krb5_principal server; +- krb5_boolean *found; ++krb5_error_code ++find_ticket(krb5_context context, krb5_ccache cc, krb5_principal client, ++ krb5_principal server, krb5_boolean *found) + { + + krb5_creds tgt, tgtq; +@@ -470,13 +446,9 @@ krb5_error_code find_ticket (context, cc, client, server, found) + return 0; + } + +- +- +-krb5_error_code find_princ_in_list (context, princ, plist, found) +- krb5_context context; +- krb5_principal princ; +- char **plist; +- krb5_boolean *found; ++krb5_error_code ++find_princ_in_list(krb5_context context, krb5_principal princ, char **plist, ++ krb5_boolean *found) + { + + int i=0; +@@ -516,21 +488,13 @@ path_out gets set to ... + + ***********************************************************************/ + +-krb5_error_code get_best_princ_for_target(context, source_uid, target_uid, +- source_user, target_user, +- cc_source, options, cmd, +- hostname, client, path_out) +- krb5_context context; +- uid_t source_uid; +- uid_t target_uid; +- char *source_user; +- char *target_user; +- krb5_ccache cc_source; +- krb5_get_init_creds_opt *options; +- char *cmd; +- char *hostname; +- krb5_principal *client; +- int *path_out; ++krb5_error_code ++get_best_princ_for_target(krb5_context context, uid_t source_uid, ++ uid_t target_uid, char *source_user, ++ char *target_user, krb5_ccache cc_source, ++ krb5_get_init_creds_opt *options, char *cmd, ++ char *hostname, krb5_principal *client, ++ int *path_out) + { + + princ_info princ_trials[10]; +diff --git a/src/clients/ksu/krb_auth_su.c b/src/clients/ksu/krb_auth_su.c +index fb848dcab1..db10251f95 100644 +--- a/src/clients/ksu/krb_auth_su.c ++++ b/src/clients/ksu/krb_auth_su.c +@@ -29,18 +29,13 @@ + #include "ksu.h" + + +-void plain_dump_principal (); +- +-krb5_boolean krb5_auth_check(context, client_pname, hostname, options, +- target_user, cc, path_passwd, target_uid) +- krb5_context context; +- krb5_principal client_pname; +- char *hostname; +- krb5_get_init_creds_opt *options; +- char *target_user; +- uid_t target_uid; +- krb5_ccache cc; +- int *path_passwd; ++void plain_dump_principal(krb5_context, krb5_principal); ++ ++krb5_boolean ++krb5_auth_check(krb5_context context, krb5_principal client_pname, ++ char *hostname, krb5_get_init_creds_opt *options, ++ char *target_user, krb5_ccache cc, int *path_passwd, ++ uid_t target_uid) + { + krb5_principal client; + krb5_verify_init_creds_opt vfy_opts; +@@ -137,13 +132,10 @@ krb5_boolean krb5_auth_check(context, client_pname, hostname, options, + return (TRUE); + } + +-krb5_boolean ksu_get_tgt_via_passwd(context, client, options, zero_password, +- creds_out) +- krb5_context context; +- krb5_principal client; +- krb5_get_init_creds_opt *options; +- krb5_boolean *zero_password; +- krb5_creds *creds_out; ++krb5_boolean ++ksu_get_tgt_via_passwd(krb5_context context, krb5_principal client, ++ krb5_get_init_creds_opt *options, ++ krb5_boolean *zero_password, krb5_creds *creds_out) + { + krb5_error_code code; + krb5_creds creds; +@@ -212,11 +204,8 @@ krb5_boolean ksu_get_tgt_via_passwd(context, client, options, zero_password, + return (TRUE); + } + +- +-void dump_principal (context, str, p) +- krb5_context context; +- char *str; +- krb5_principal p; ++void ++dump_principal(krb5_context context, char *str, krb5_principal p) + { + char * stname; + krb5_error_code retval; +@@ -228,9 +217,8 @@ void dump_principal (context, str, p) + fprintf(stderr, " %s: %s\n", str, stname); + } + +-void plain_dump_principal (context, p) +- krb5_context context; +- krb5_principal p; ++void ++plain_dump_principal (krb5_context context, krb5_principal p) + { + char * stname; + krb5_error_code retval; +@@ -251,11 +239,8 @@ A principal is picked that has the best chance of getting in. + + **********************************************************************/ + +- +-krb5_error_code get_best_principal(context, plist, client) +- krb5_context context; +- char **plist; +- krb5_principal *client; ++krb5_error_code ++get_best_principal(krb5_context context, char **plist, krb5_principal *client) + { + krb5_error_code retval =0; + krb5_principal temp_client, best_client = NULL; +diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c +index 931f054041..2a351662c8 100644 +--- a/src/clients/ksu/main.c ++++ b/src/clients/ksu/main.c +@@ -70,7 +70,9 @@ static krb5_error_code resolve_target_cache(krb5_context ksu_context, + /* insure the proper specification of target user as well as catching + ill specified arguments to commands */ + +-void usage (){ ++void ++usage(void) ++{ + fprintf(stderr, + _("Usage: %s [target user] [-n principal] [-c source cachename] " + "[-k] [-r time] [-p|-P] [-f|-F] [-l lifetime] [-zZ] [-q] " +@@ -86,9 +88,7 @@ void usage (){ + static uid_t source_uid, target_uid; + + int +-main (argc, argv) +- int argc; +- char ** argv; ++main(int argc, char ** argv) + { + int hp =0; + int some_rest_copy = 0; +@@ -120,7 +120,6 @@ main (argc, argv) + char ** params; + int keep_target_cache = 0; + int child_pid, child_pgrp, ret_pid; +- extern char * getpass(), *crypt(); + int pargc; + char ** pargv; + krb5_boolean stored = FALSE, cc_reused = FALSE, given_princ = FALSE; +@@ -1049,11 +1048,10 @@ cleanup: + + #ifdef HAVE_GETUSERSHELL + +-int standard_shell(sh) +- char *sh; ++int ++standard_shell(char *sh) + { + char *cp; +- char *getusershell(); + + while ((cp = getusershell()) != NULL) + if (!strcmp(cp, sh)) +@@ -1063,7 +1061,8 @@ int standard_shell(sh) + + #endif /* HAVE_GETUSERSHELL */ + +-static char * ontty() ++static char * ++ontty(void) + { + char *p; + static char buf[MAXPATHLEN + 5]; +@@ -1080,10 +1079,8 @@ static char * ontty() + return (buf); + } + +- +-static int set_env_var(name, value) +- char *name; +- char *value; ++static int ++set_env_var(char *name, char *value) + { + char * env_var_buf; + +@@ -1092,9 +1089,8 @@ static int set_env_var(name, value) + + } + +-static void sweep_up(context, cc) +- krb5_context context; +- krb5_ccache cc; ++static void ++sweep_up(krb5_context context, krb5_ccache cc) + { + krb5_error_code retval; + +@@ -1122,11 +1118,7 @@ get_params is to be called for the -a option or -e option to + *****************************************************************/ + + krb5_error_code +-get_params(optindex, pargc, pargv, params) +- int *optindex; +- int pargc; +- char **pargv; +- char ***params; ++get_params(int *optindex, int pargc, char **pargv, char ***params) + { + + int i,j; +@@ -1159,10 +1151,8 @@ void print_status(const char *fmt, ...) + } + + krb5_error_code +-ksu_tgtname(context, server, client, tgtprinc) +- krb5_context context; +- const krb5_data *server, *client; +- krb5_principal *tgtprinc; ++ksu_tgtname(krb5_context context, const krb5_data *server, ++ const krb5_data *client, krb5_principal *tgtprinc) + { + return krb5_build_principal_ext(context, tgtprinc, client->length, client->data, + KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME, +diff --git a/src/clients/kvno/kvno.c b/src/clients/kvno/kvno.c +index 03f72f596d..ac77a7d524 100644 +--- a/src/clients/kvno/kvno.c ++++ b/src/clients/kvno/kvno.c +@@ -39,7 +39,7 @@ static char *prog; + static int quiet = 0; + + static void +-xusage() ++xusage(void) + { + fprintf(stderr, _("usage: %s [-c ccache] [-e etype] [-k keytab] [-q] " + "[-u | -S sname]\n" +diff --git a/src/include/gssrpc/auth_gssapi.h b/src/include/gssrpc/auth_gssapi.h +index 9d94853228..63436a698a 100644 +--- a/src/include/gssrpc/auth_gssapi.h ++++ b/src/include/gssrpc/auth_gssapi.h +@@ -82,14 +82,12 @@ bool_t xdr_authgssapi_init_res(XDR *, auth_gssapi_init_res *); + + bool_t auth_gssapi_wrap_data + (OM_uint32 *major, OM_uint32 *minor, +- gss_ctx_id_t context, uint32_t seq_num, XDR +- *out_xdrs, bool_t (*xdr_func)(), caddr_t +- xdr_ptr); ++ gss_ctx_id_t context, uint32_t seq_num, ++ XDR *out_xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr); + bool_t auth_gssapi_unwrap_data + (OM_uint32 *major, OM_uint32 *minor, +- gss_ctx_id_t context, uint32_t seq_num, XDR +- *in_xdrs, bool_t (*xdr_func)(), caddr_t +- xdr_ptr); ++ gss_ctx_id_t context, uint32_t seq_num, ++ XDR *in_xdrs, xdrproc_t xdr_func, caddr_t xdr_ptr); + + AUTH *auth_gssapi_create + (CLIENT *clnt, +diff --git a/src/include/gssrpc/xdr.h b/src/include/gssrpc/xdr.h +index da9e173782..4e5c29bdc2 100644 +--- a/src/include/gssrpc/xdr.h ++++ b/src/include/gssrpc/xdr.h +@@ -102,7 +102,6 @@ enum xdr_op { + * + * XXX can't actually prototype it, because some take three args!!! + */ +-typedef bool_t (*xdrproc_t)(); + + /* + * The XDR handle. +@@ -143,6 +142,8 @@ typedef struct XDR { + int x_handy; /* extra private word */ + } XDR; + ++typedef bool_t (*xdrproc_t)(XDR *, void *); ++ + /* + * Operations defined on a XDR handle + * +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 768110e5ef..b3e07945c1 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -2236,7 +2236,7 @@ make_data(void *data, unsigned int len) + } + + static inline krb5_data +-empty_data() ++empty_data(void) + { + return make_data(NULL, 0); + } +diff --git a/src/include/k5-plugin.h b/src/include/k5-plugin.h +index 90809e168e..5c5af586c5 100644 +--- a/src/include/k5-plugin.h ++++ b/src/include/k5-plugin.h +@@ -97,7 +97,7 @@ krb5int_get_plugin_data (struct plugin_file_handle *, const char *, void **, + + long KRB5_CALLCONV + krb5int_get_plugin_func (struct plugin_file_handle *, const char *, +- void (**)(), struct errinfo *); ++ void (**)(void), struct errinfo *); + + + long KRB5_CALLCONV +diff --git a/src/include/net-server.h b/src/include/net-server.h +index a30749d851..29b235eeb8 100644 +--- a/src/include/net-server.h ++++ b/src/include/net-server.h +@@ -30,6 +30,7 @@ + #define NET_SERVER_H + + #include ++#include + + /* The delimiter characters supported by the addresses string. */ + #define ADDRESSES_DELIM ",; " +@@ -64,13 +65,14 @@ krb5_error_code loop_add_udp_address(int default_port, const char *addresses); + krb5_error_code loop_add_tcp_address(int default_port, const char *addresses); + krb5_error_code loop_add_rpc_service(int default_port, const char *addresses, + u_long prognum, u_long versnum, +- void (*dispatchfn)()); ++ void (*dispatchfn)(struct svc_req *, ++ SVCXPRT *)); + + krb5_error_code loop_setup_network(verto_ctx *ctx, void *handle, + const char *progname, + int tcp_listen_backlog); + krb5_error_code loop_setup_signals(verto_ctx *ctx, void *handle, +- void (*reset)()); ++ void (*reset)(void *)); + void loop_free(verto_ctx *ctx); + + /* to be supplied by the server application */ +diff --git a/src/kadmin/cli/getdate.y b/src/kadmin/cli/getdate.y +index d14cf963c5..3d69f0b8a4 100644 +--- a/src/kadmin/cli/getdate.y ++++ b/src/kadmin/cli/getdate.y +@@ -100,9 +100,6 @@ struct my_timeb { + #define bcopy(from, to, len) memcpy ((to), (from), (len)) + #endif + +-extern struct tm *gmtime(); +-extern struct tm *localtime(); +- + #define yyparse getdate_yyparse + #define yylex getdate_yylex + #define yyerror getdate_yyerror +diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c +index f3ea6fae17..23b64b0f58 100644 +--- a/src/kadmin/cli/kadmin.c ++++ b/src/kadmin/cli/kadmin.c +@@ -98,7 +98,7 @@ error(const char *fmt, ...) + } + + static void +-usage() ++usage(void) + { + error(_("Usage: %s [-r realm] [-p principal] [-q query] " + "[clnt|local args]\n" +@@ -1130,7 +1130,7 @@ kadmin_parse_princ_args(int argc, char *argv[], kadm5_principal_ent_t oprinc, + } + + static void +-kadmin_addprinc_usage() ++kadmin_addprinc_usage(void) + { + error(_("usage: add_principal [options] principal\n")); + error(_("\toptions are:\n")); +@@ -1154,7 +1154,7 @@ kadmin_addprinc_usage() + } + + static void +-kadmin_modprinc_usage() ++kadmin_modprinc_usage(void) + { + error(_("usage: modify_principal [options] principal\n")); + error(_("\toptions are:\n")); +diff --git a/src/kadmin/cli/keytab.c b/src/kadmin/cli/keytab.c +index b0c8378b40..26f340af31 100644 +--- a/src/kadmin/cli/keytab.c ++++ b/src/kadmin/cli/keytab.c +@@ -50,14 +50,14 @@ static int quiet; + static int norandkey; + + static void +-add_usage() ++add_usage(void) + { + fprintf(stderr, _("Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] " + "[-norandkey] [principal | -glob princ-exp] [...]\n")); + } + + static void +-rem_usage() ++rem_usage(void) + { + fprintf(stderr, _("Usage: ktremove [-k[eytab] keytab] [-q] principal " + "[kvno|\"all\"|\"old\"]\n")); +diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c +index 038a0b2190..9178fca6da 100644 +--- a/src/kadmin/dbutil/kdb5_create.c ++++ b/src/kadmin/dbutil/kdb5_create.c +@@ -139,9 +139,8 @@ extern int exit_status; + extern kadm5_config_params global_params; + extern krb5_context util_context; + +-void kdb5_create(argc, argv) +- int argc; +- char *argv[]; ++void ++kdb5_create(int argc, char *argv[]) + { + int optchar; + +@@ -337,9 +336,7 @@ void kdb5_create(argc, argv) + } + + static krb5_error_code +-tgt_keysalt_iterate(ksent, ptr) +- krb5_key_salt_tuple *ksent; +- krb5_pointer ptr; ++tgt_keysalt_iterate(krb5_key_salt_tuple *ksent, krb5_pointer ptr) + { + krb5_context context; + krb5_error_code kret; +@@ -378,11 +375,8 @@ tgt_keysalt_iterate(ksent, ptr) + } + + static krb5_error_code +-add_principal(context, princ, op, pblock) +- krb5_context context; +- krb5_principal princ; +- enum ap_op op; +- struct realm_info *pblock; ++add_principal(krb5_context context, krb5_principal princ, enum ap_op op, ++ struct realm_info *pblock) + { + krb5_error_code retval; + krb5_db_entry *entry = NULL; +diff --git a/src/kadmin/dbutil/kdb5_destroy.c b/src/kadmin/dbutil/kdb5_destroy.c +index fffce74296..556cf0b6bb 100644 +--- a/src/kadmin/dbutil/kdb5_destroy.c ++++ b/src/kadmin/dbutil/kdb5_destroy.c +@@ -39,9 +39,7 @@ char *yes = "yes\n"; /* \n to compare against result of + fgets */ + + void +-kdb5_destroy(argc, argv) +- int argc; +- char *argv[]; ++kdb5_destroy(int argc, char *argv[]) + { + extern int optind; + int optchar; +diff --git a/src/kadmin/dbutil/kdb5_stash.c b/src/kadmin/dbutil/kdb5_stash.c +index e05944f290..eaba6cd353 100644 +--- a/src/kadmin/dbutil/kdb5_stash.c ++++ b/src/kadmin/dbutil/kdb5_stash.c +@@ -63,9 +63,7 @@ extern int exit_status; + extern int close_policy_db; + + void +-kdb5_stash(argc, argv) +- int argc; +- char *argv[]; ++kdb5_stash(int argc, char *argv[]) + { + extern char *optarg; + extern int optind; +diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c +index 19a59250ee..55d529fa4c 100644 +--- a/src/kadmin/dbutil/kdb5_util.c ++++ b/src/kadmin/dbutil/kdb5_util.c +@@ -143,8 +143,8 @@ struct _cmd_table { + {NULL, NULL, 0}, + }; + +-static struct _cmd_table *cmd_lookup(name) +- char *name; ++static struct _cmd_table * ++cmd_lookup(char *name) + { + struct _cmd_table *cmd = cmd_table; + while (cmd->name) { +@@ -162,8 +162,9 @@ static struct _cmd_table *cmd_lookup(name) + char **db5util_db_args = NULL; + int db5util_db_args_size = 0; + +-static void extended_com_err_fn (const char *myprog, errcode_t code, +- const char *fmt, va_list args) ++static void ++extended_com_err_fn(const char *myprog, errcode_t code, const char *fmt, ++ va_list args) + { + const char *emsg; + if (code) { +@@ -177,7 +178,8 @@ static void extended_com_err_fn (const char *myprog, errcode_t code, + fprintf (stderr, "\n"); + } + +-int add_db_arg(char *arg) ++int ++add_db_arg(char *arg) + { + char **temp; + db5util_db_args_size++; +@@ -191,9 +193,8 @@ int add_db_arg(char *arg) + return 1; + } + +-int main(argc, argv) +- int argc; +- char *argv[]; ++int ++main(int argc, char *argv[]) + { + struct _cmd_table *cmd = NULL; + char *koptarg, **cmd_argv; +@@ -365,7 +366,8 @@ int main(argc, argv) + * cannot be fetched (the master key stash file may not exist when the + * program is run). + */ +-static int open_db_and_mkey() ++static int ++open_db_and_mkey() + { + krb5_error_code retval; + krb5_data scratch, pwd, seed; +@@ -508,9 +510,7 @@ quit() + } + + static void +-add_random_key(argc, argv) +- int argc; +- char **argv; ++add_random_key(int argc, char **argv) + { + krb5_error_code ret; + krb5_principal princ; +diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c +index 15a5ab3005..b2e6c00eac 100644 +--- a/src/kadmin/dbutil/ovload.c ++++ b/src/kadmin/dbutil/ovload.c +@@ -11,9 +11,8 @@ + + #define LINESIZE 32768 /* XXX */ + +-static int parse_pw_hist_ent(current, hist) +- char *current; +- osa_pw_hist_ent *hist; ++static int ++parse_pw_hist_ent(char *current, osa_pw_hist_ent *hist) + { + int tmp, i, j, ret; + char *cp; +@@ -90,12 +89,9 @@ done: + * [modifies] + * + */ +-int process_ov_principal(kcontext, fname, filep, verbose, linenop) +- krb5_context kcontext; +- const char *fname; +- FILE *filep; +- krb5_boolean verbose; +- int *linenop; ++int ++process_ov_principal(krb5_context kcontext, const char *fname, FILE *filep, ++ krb5_boolean verbose, int *linenop) + { + XDR xdrs; + osa_princ_ent_t rec; +diff --git a/src/kadmin/dbutil/strtok.c b/src/kadmin/dbutil/strtok.c +index dee466aea1..93f3e85a51 100644 +--- a/src/kadmin/dbutil/strtok.c ++++ b/src/kadmin/dbutil/strtok.c +@@ -50,9 +50,7 @@ + */ + + char * +-nstrtok(s, delim) +- char *s; +- const char *delim; ++nstrtok(char *s, const char *delim) + { + const char *spanp; + int c, sc; +diff --git a/src/kadmin/ktutil/ktutil.c b/src/kadmin/ktutil/ktutil.c +index 92d7023a4f..87a69ca145 100644 +--- a/src/kadmin/ktutil/ktutil.c ++++ b/src/kadmin/ktutil/ktutil.c +@@ -39,9 +39,8 @@ extern ss_request_table ktutil_cmds; + krb5_context kcontext; + krb5_kt_list ktlist = NULL; + +-int main(argc, argv) +- int argc; +- char *argv[]; ++int ++main(int argc, char *argv[]) + { + krb5_error_code retval; + int sci_idx; +@@ -63,9 +62,8 @@ int main(argc, argv) + exit(0); + } + +-void ktutil_clear_list(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_clear_list(int argc, char *argv[]) + { + krb5_error_code retval; + +@@ -79,9 +77,8 @@ void ktutil_clear_list(argc, argv) + ktlist = NULL; + } + +-void ktutil_read_v5(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_read_v5(int argc, char *argv[]) + { + krb5_error_code retval; + +@@ -94,17 +91,15 @@ void ktutil_read_v5(argc, argv) + com_err(argv[0], retval, _("while reading keytab \"%s\""), argv[1]); + } + +-void ktutil_read_v4(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_read_v4(int argc, char *argv[]) + { + fprintf(stderr, _("%s: reading srvtabs is no longer supported\n"), + argv[0]); + } + +-void ktutil_write_v5(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_write_v5(int argc, char *argv[]) + { + krb5_error_code retval; + +@@ -117,17 +112,15 @@ void ktutil_write_v5(argc, argv) + com_err(argv[0], retval, _("while writing keytab \"%s\""), argv[1]); + } + +-void ktutil_write_v4(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_write_v4(int argc, char *argv[]) + { + fprintf(stderr, _("%s: writing srvtabs is no longer supported\n"), + argv[0]); + } + +-void ktutil_add_entry(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_add_entry(int argc, char *argv[]) + { + krb5_error_code retval; + char *princ = NULL; +@@ -183,9 +176,8 @@ void ktutil_add_entry(argc, argv) + com_err(argv[0], retval, _("while adding new entry")); + } + +-void ktutil_delete_entry(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_delete_entry(int argc, char *argv[]) + { + krb5_error_code retval; + +@@ -198,9 +190,8 @@ void ktutil_delete_entry(argc, argv) + com_err(argv[0], retval, _("while deleting entry %d"), atoi(argv[1])); + } + +-void ktutil_list(argc, argv) +- int argc; +- char *argv[]; ++void ++ktutil_list(int argc, char *argv[]) + { + krb5_error_code retval; + krb5_kt_list lp; +diff --git a/src/kadmin/ktutil/ktutil_funcs.c b/src/kadmin/ktutil/ktutil_funcs.c +index 56bed1bbcc..e489b5b57a 100644 +--- a/src/kadmin/ktutil/ktutil_funcs.c ++++ b/src/kadmin/ktutil/ktutil_funcs.c +@@ -37,9 +37,8 @@ + /* + * Free a kt_list + */ +-krb5_error_code ktutil_free_kt_list(context, list) +- krb5_context context; +- krb5_kt_list list; ++krb5_error_code ++ktutil_free_kt_list(krb5_context context, krb5_kt_list list) + { + krb5_kt_list lp, prev; + krb5_error_code retval = 0; +@@ -60,10 +59,8 @@ krb5_error_code ktutil_free_kt_list(context, list) + * Delete a numbered entry in a kt_list. Takes a pointer to a kt_list + * in case head gets deleted. + */ +-krb5_error_code ktutil_delete(context, list, idx) +- krb5_context context; +- krb5_kt_list *list; +- int idx; ++krb5_error_code ++ktutil_delete(krb5_context context, krb5_kt_list *list, int idx) + { + krb5_kt_list lp, prev; + int i; +@@ -138,16 +135,10 @@ get_etype_info(krb5_context context, krb5_principal princ, int fetch, + * password or key. If the keytab list is NULL, allocate a new + * one first. + */ +-krb5_error_code ktutil_add(context, list, princ_str, fetch, kvno, +- enctype_str, use_pass, salt_str) +- krb5_context context; +- krb5_kt_list *list; +- char *princ_str; +- int fetch; +- krb5_kvno kvno; +- char *enctype_str; +- int use_pass; +- char *salt_str; ++krb5_error_code ++ktutil_add(krb5_context context, krb5_kt_list *list, char *princ_str, ++ int fetch, krb5_kvno kvno, char *enctype_str, int use_pass, ++ char *salt_str) + { + krb5_keytab_entry *entry = NULL; + krb5_kt_list lp, *last; +@@ -269,10 +260,8 @@ cleanup: + * Read in a keytab and append it to list. If list starts as NULL, + * allocate a new one if necessary. + */ +-krb5_error_code ktutil_read_keytab(context, name, list) +- krb5_context context; +- char *name; +- krb5_kt_list *list; ++krb5_error_code ++ktutil_read_keytab(krb5_context context, char *name, krb5_kt_list *list) + { + krb5_kt_list lp = NULL, tail = NULL, back = NULL; + krb5_keytab kt; +@@ -344,10 +333,8 @@ close_kt: + /* + * Takes a kt_list and writes it to the named keytab. + */ +-krb5_error_code ktutil_write_keytab(context, list, name) +- krb5_context context; +- krb5_kt_list list; +- char *name; ++krb5_error_code ++ktutil_write_keytab(krb5_context context, krb5_kt_list list, char *name) + { + krb5_kt_list lp; + krb5_keytab kt; +diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c +index 56e9b90b20..e5dd233e81 100644 +--- a/src/kadmin/server/ipropd_svc.c ++++ b/src/kadmin/server/ipropd_svc.c +@@ -535,8 +535,8 @@ krb5_iprop_prog_1(struct svc_req *rqstp, + kdb_last_t iprop_get_updates_1_arg; + } argument; + void *result; +- bool_t (*_xdr_argument)(), (*_xdr_result)(); +- void *(*local)(/* union XXX *, struct svc_req * */); ++ xdrproc_t _xdr_argument, _xdr_result; ++ void *(*local)(char *, struct svc_req *); + char *whoami = "krb5_iprop_prog_1"; + + if (!check_iprop_rpcsec_auth(rqstp)) { +@@ -555,21 +555,21 @@ krb5_iprop_prog_1(struct svc_req *rqstp, + return; + + case IPROP_GET_UPDATES: +- _xdr_argument = xdr_kdb_last_t; +- _xdr_result = xdr_kdb_incr_result_t; +- local = (void *(*)()) iprop_get_updates_1_svc; ++ _xdr_argument = (xdrproc_t)xdr_kdb_last_t; ++ _xdr_result = (xdrproc_t)xdr_kdb_incr_result_t; ++ local = (void *(*)(char *, struct svc_req *))iprop_get_updates_1_svc; + break; + + case IPROP_FULL_RESYNC: +- _xdr_argument = xdr_void; +- _xdr_result = xdr_kdb_fullresync_result_t; +- local = (void *(*)()) iprop_full_resync_1_svc; ++ _xdr_argument = (xdrproc_t)xdr_void; ++ _xdr_result = (xdrproc_t)xdr_kdb_fullresync_result_t; ++ local = (void *(*)(char *, struct svc_req *))iprop_full_resync_1_svc; + break; + + case IPROP_FULL_RESYNC_EXT: +- _xdr_argument = xdr_u_int32; +- _xdr_result = xdr_kdb_fullresync_result_t; +- local = (void *(*)()) iprop_full_resync_ext_1_svc; ++ _xdr_argument = (xdrproc_t)xdr_u_int32; ++ _xdr_result = (xdrproc_t)xdr_kdb_fullresync_result_t; ++ local = (void *(*)(char *, struct svc_req *))iprop_full_resync_ext_1_svc; + break; + + default: +@@ -587,7 +587,7 @@ krb5_iprop_prog_1(struct svc_req *rqstp, + svcerr_decode(transp); + return; + } +- result = (*local)(&argument, rqstp); ++ result = (*local)((char *)&argument, rqstp); + + if (_xdr_result && result != NULL && + !svc_sendreply(transp, _xdr_result, result)) { +diff --git a/src/kadmin/server/kadm_rpc_svc.c b/src/kadmin/server/kadm_rpc_svc.c +index 8371fa76ca..f0e43d9aea 100644 +--- a/src/kadmin/server/kadm_rpc_svc.c ++++ b/src/kadmin/server/kadm_rpc_svc.c +@@ -9,6 +9,7 @@ + #include /* for gss_nt_krb5_name */ + #include + #include ++#include + #include + #include + #include +@@ -36,9 +37,8 @@ static int check_rpcsec_auth(struct svc_req *); + * Modifies: + */ + +-void kadm_1(rqstp, transp) +- struct svc_req *rqstp; +- SVCXPRT *transp; ++void ++kadm_1(struct svc_req *rqstp, SVCXPRT *transp) + { + union { + cprinc_arg create_principal_2_arg; +@@ -73,8 +73,8 @@ void kadm_1(rqstp, transp) + getpkeys_ret get_principal_keys_ret; + } result; + bool_t retval; +- bool_t (*xdr_argument)(), (*xdr_result)(); +- bool_t (*local)(); ++ xdrproc_t xdr_argument, xdr_result; ++ bool_t (*local)(char *, void *, struct svc_req *); + + if (rqstp->rq_cred.oa_flavor != AUTH_GSSAPI && + !check_rpcsec_auth(rqstp)) { +@@ -92,153 +92,153 @@ void kadm_1(rqstp, transp) + return; + + case CREATE_PRINCIPAL: +- xdr_argument = xdr_cprinc_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) create_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_cprinc_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))create_principal_2_svc; + break; + + case DELETE_PRINCIPAL: +- xdr_argument = xdr_dprinc_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) delete_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_dprinc_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))delete_principal_2_svc; + break; + + case MODIFY_PRINCIPAL: +- xdr_argument = xdr_mprinc_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) modify_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_mprinc_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))modify_principal_2_svc; + break; + + case RENAME_PRINCIPAL: +- xdr_argument = xdr_rprinc_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) rename_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_rprinc_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))rename_principal_2_svc; + break; + + case GET_PRINCIPAL: +- xdr_argument = xdr_gprinc_arg; +- xdr_result = xdr_gprinc_ret; +- local = (bool_t (*)()) get_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_gprinc_arg; ++ xdr_result = (xdrproc_t)xdr_gprinc_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_principal_2_svc; + break; + + case GET_PRINCS: +- xdr_argument = xdr_gprincs_arg; +- xdr_result = xdr_gprincs_ret; +- local = (bool_t (*)()) get_princs_2_svc; ++ xdr_argument = (xdrproc_t)xdr_gprincs_arg; ++ xdr_result = (xdrproc_t)xdr_gprincs_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_princs_2_svc; + break; + + case CHPASS_PRINCIPAL: +- xdr_argument = xdr_chpass_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) chpass_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_chpass_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))chpass_principal_2_svc; + break; + + case SETKEY_PRINCIPAL: +- xdr_argument = xdr_setkey_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) setkey_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_setkey_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))setkey_principal_2_svc; + break; + + case CHRAND_PRINCIPAL: +- xdr_argument = xdr_chrand_arg; +- xdr_result = xdr_chrand_ret; +- local = (bool_t (*)()) chrand_principal_2_svc; ++ xdr_argument = (xdrproc_t)xdr_chrand_arg; ++ xdr_result = (xdrproc_t)xdr_chrand_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))chrand_principal_2_svc; + break; + + case CREATE_POLICY: +- xdr_argument = xdr_cpol_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) create_policy_2_svc; ++ xdr_argument = (xdrproc_t)xdr_cpol_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))create_policy_2_svc; + break; + + case DELETE_POLICY: +- xdr_argument = xdr_dpol_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) delete_policy_2_svc; ++ xdr_argument = (xdrproc_t)xdr_dpol_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))delete_policy_2_svc; + break; + + case MODIFY_POLICY: +- xdr_argument = xdr_mpol_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) modify_policy_2_svc; ++ xdr_argument = (xdrproc_t)xdr_mpol_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))modify_policy_2_svc; + break; + + case GET_POLICY: +- xdr_argument = xdr_gpol_arg; +- xdr_result = xdr_gpol_ret; +- local = (bool_t (*)()) get_policy_2_svc; ++ xdr_argument = (xdrproc_t)xdr_gpol_arg; ++ xdr_result = (xdrproc_t)xdr_gpol_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_policy_2_svc; + break; + + case GET_POLS: +- xdr_argument = xdr_gpols_arg; +- xdr_result = xdr_gpols_ret; +- local = (bool_t (*)()) get_pols_2_svc; ++ xdr_argument = (xdrproc_t)xdr_gpols_arg; ++ xdr_result = (xdrproc_t)xdr_gpols_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_pols_2_svc; + break; + + case GET_PRIVS: +- xdr_argument = xdr_u_int32; +- xdr_result = xdr_getprivs_ret; +- local = (bool_t (*)()) get_privs_2_svc; ++ xdr_argument = (xdrproc_t)xdr_u_int32; ++ xdr_result = (xdrproc_t)xdr_getprivs_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_privs_2_svc; + break; + + case INIT: +- xdr_argument = xdr_u_int32; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) init_2_svc; ++ xdr_argument = (xdrproc_t)xdr_u_int32; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))init_2_svc; + break; + + case CREATE_PRINCIPAL3: +- xdr_argument = xdr_cprinc3_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) create_principal3_2_svc; ++ xdr_argument = (xdrproc_t)xdr_cprinc3_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))create_principal3_2_svc; + break; + + case CHPASS_PRINCIPAL3: +- xdr_argument = xdr_chpass3_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) chpass_principal3_2_svc; ++ xdr_argument = (xdrproc_t)xdr_chpass3_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))chpass_principal3_2_svc; + break; + + case CHRAND_PRINCIPAL3: +- xdr_argument = xdr_chrand3_arg; +- xdr_result = xdr_chrand_ret; +- local = (bool_t (*)()) chrand_principal3_2_svc; ++ xdr_argument = (xdrproc_t)xdr_chrand3_arg; ++ xdr_result = (xdrproc_t)xdr_chrand_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))chrand_principal3_2_svc; + break; + + case SETKEY_PRINCIPAL3: +- xdr_argument = xdr_setkey3_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) setkey_principal3_2_svc; ++ xdr_argument = (xdrproc_t)xdr_setkey3_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))setkey_principal3_2_svc; + break; + + case PURGEKEYS: +- xdr_argument = xdr_purgekeys_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) purgekeys_2_svc; ++ xdr_argument = (xdrproc_t)xdr_purgekeys_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))purgekeys_2_svc; + break; + + case GET_STRINGS: +- xdr_argument = xdr_gstrings_arg; +- xdr_result = xdr_gstrings_ret; +- local = (bool_t (*)()) get_strings_2_svc; ++ xdr_argument = (xdrproc_t)xdr_gstrings_arg; ++ xdr_result = (xdrproc_t)xdr_gstrings_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_strings_2_svc; + break; + + case SET_STRING: +- xdr_argument = xdr_sstring_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) set_string_2_svc; ++ xdr_argument = (xdrproc_t)xdr_sstring_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))set_string_2_svc; + break; + + case SETKEY_PRINCIPAL4: +- xdr_argument = xdr_setkey4_arg; +- xdr_result = xdr_generic_ret; +- local = (bool_t (*)()) setkey_principal4_2_svc; ++ xdr_argument = (xdrproc_t)xdr_setkey4_arg; ++ xdr_result = (xdrproc_t)xdr_generic_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))setkey_principal4_2_svc; + break; + + case EXTRACT_KEYS: +- xdr_argument = xdr_getpkeys_arg; +- xdr_result = xdr_getpkeys_ret; +- local = (bool_t (*)()) get_principal_keys_2_svc; ++ xdr_argument = (xdrproc_t)xdr_getpkeys_arg; ++ xdr_result = (xdrproc_t)xdr_getpkeys_ret; ++ local = (bool_t (*)(char *, void *, struct svc_req *))get_principal_keys_2_svc; + break; + + default: +@@ -253,7 +253,7 @@ void kadm_1(rqstp, transp) + return; + } + memset(&result, 0, sizeof(result)); +- retval = (*local)(&argument, &result, rqstp); ++ retval = (*local)((char *)&argument, &result, rqstp); + if (retval && !svc_sendreply(transp, xdr_result, (void *)&result)) { + krb5_klog_syslog(LOG_ERR, "WARNING! Unable to send function results, " + "continuing."); +diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c +index b29a0f5b63..a9508af120 100644 +--- a/src/kadmin/server/ovsec_kadmd.c ++++ b/src/kadmin/server/ovsec_kadmd.c +@@ -77,7 +77,7 @@ static krb5_context context; + static char *progname; + + static void +-usage() ++usage(void) + { + fprintf(stderr, _("Usage: kadmind [-x db_args]* [-r realm] [-m] [-nofork] " + "[-port port-number]\n" +@@ -173,7 +173,7 @@ setup_loop(kadm5_config_params *params, int proponly, verto_ctx **ctx_out) + + /* Point GSSAPI at the KDB keytab so we don't need an actual file keytab. */ + static krb5_error_code +-setup_kdb_keytab() ++setup_kdb_keytab(void) + { + krb5_error_code ret; + +diff --git a/src/kdc/t_ndr.c b/src/kdc/t_ndr.c +index a3ac661bd0..c2a2414313 100644 +--- a/src/kdc/t_ndr.c ++++ b/src/kdc/t_ndr.c +@@ -173,7 +173,7 @@ test_dec_enc(uint8_t *blob, size_t len, char *name, int fail) + #define RUN_TEST_FAIL(blob) test_dec_enc(blob, sizeof(blob), #blob, 1) + + int +-main() ++main(void) + { + printf("Running NDR tests...\n"); + +diff --git a/src/kdc/t_replay.c b/src/kdc/t_replay.c +index 57aad886cd..c9c9d65946 100644 +--- a/src/kdc/t_replay.c ++++ b/src/kdc/t_replay.c +@@ -570,7 +570,8 @@ test_kdc_insert_lookaside_cache_expire(void **state) + assert_int_equal(total_size, e2_size); + } + +-int main() ++int ++main(void) + { + int ret; + +@@ -611,7 +612,8 @@ int main() + + #else /* NOCACHE */ + +-int main() ++int ++main(void) + { + return 0; + } +diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c +index cb9785aaeb..f883ae2df8 100644 +--- a/src/kprop/kpropd.c ++++ b/src/kprop/kpropd.c +@@ -165,7 +165,7 @@ static kadm5_ret_t kadm5_get_kiprop_host_srv_name(krb5_context context, + char **host_service_name); + + static void +-usage() ++usage(void) + { + fprintf(stderr, + _("\nUsage: %s [-r realm] [-s keytab] [-d] [-D] [-S]\n" +diff --git a/src/kprop/kproplog.c b/src/kprop/kproplog.c +index 06af2a1d60..1f10aa6dc7 100644 +--- a/src/kprop/kproplog.c ++++ b/src/kprop/kproplog.c +@@ -24,7 +24,7 @@ + static char *progname; + + static void +-usage() ++usage(void) + { + fprintf(stderr, _("\nUsage: %s [-h] [-v] [-v] [-e num]\n\t%s -R\n\n"), + progname, progname); +@@ -393,7 +393,7 @@ print_update(kdb_hlog_t *ulog, uint32_t entry, uint32_t ulogentries, + print_attr(&upd.kdb_update.kdbe_t_val[j], verbose > 1 ? 1 : 0); + } + +- xdr_free(xdr_kdb_incr_update_t, (char *)&upd); ++ xdr_free((xdrproc_t)xdr_kdb_incr_update_t, (char *)&upd); + free(dbprinc); + } + } +diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c +index 1bdc7932b6..75372d8940 100644 +--- a/src/lib/apputils/net-server.c ++++ b/src/lib/apputils/net-server.c +@@ -203,7 +203,7 @@ struct connection { + struct rpc_svc_data { + u_long prognum; + u_long versnum; +- void (*dispatch)(); ++ void (*dispatch)(struct svc_req *, SVCXPRT *); + }; + + struct bind_address { +@@ -255,7 +255,7 @@ free_sighup_context(verto_ctx *ctx, verto_ev *ev) + } + + krb5_error_code +-loop_setup_signals(verto_ctx *ctx, void *handle, void (*reset)()) ++loop_setup_signals(verto_ctx *ctx, void *handle, void (*reset)(void *)) + { + struct sighup_context *sc; + verto_ev *ev; +@@ -434,7 +434,8 @@ loop_add_tcp_address(int default_port, const char *addresses) + + krb5_error_code + loop_add_rpc_service(int default_port, const char *addresses, u_long prognum, +- u_long versnum, void (*dispatchfn)()) ++ u_long versnum, ++ void (*dispatchfn)(struct svc_req *, SVCXPRT *)) + { + struct rpc_svc_data svc; + +diff --git a/src/lib/crypto/builtin/aes/aes-gen.c b/src/lib/crypto/builtin/aes/aes-gen.c +index b528d3796d..4d7a16ee9a 100644 +--- a/src/lib/crypto/builtin/aes/aes-gen.c ++++ b/src/lib/crypto/builtin/aes/aes-gen.c +@@ -54,7 +54,8 @@ uint8_t test_case[NTESTS][4 * B] = { + aes_encrypt_ctx ctx; + aes_decrypt_ctx dctx; + +-static void init () ++static void ++init (void) + { + AES_RETURN r; + +@@ -71,7 +72,8 @@ static void hexdump(const unsigned char *ptr, size_t len) + printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]); + } + +-static void fips_test () ++static void ++fips_test (void) + { + static const unsigned char fipskey[16] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, +@@ -254,7 +256,8 @@ cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv, + memcpy(out+B, pn, len-B); + } + +-static void ecb_test () ++static void ++ecb_test (void) + { + unsigned int testno; + uint8_t output[4 * B], tmp[4 * B]; +@@ -285,7 +288,8 @@ static void ecb_test () + + unsigned char ivec[16] = { 0 }; + +-static void cbc_test () ++static void ++cbc_test (void) + { + unsigned int testno; + uint8_t output[4 * B], tmp[4 * B]; +@@ -314,7 +318,8 @@ static void cbc_test () + printf ("\n"); + } + +-static void cts_test () ++static void ++cts_test (void) + { + unsigned int testno; + uint8_t output[4 * B], tmp[4 * B]; +@@ -339,7 +344,8 @@ static void cts_test () + printf ("\n"); + } + +-int main () ++int ++main (void) + { + init (); + fips_test (); +diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c +index 23b69c1741..6eca0e0525 100644 +--- a/src/lib/crypto/builtin/camellia/camellia-gen.c ++++ b/src/lib/crypto/builtin/camellia/camellia-gen.c +@@ -19,7 +19,8 @@ struct { + } test_case[NTESTS]; + camellia_ctx ctx, dctx; + +-static void init () ++static void ++init (void) + { + size_t i, j; + cam_rval r; +@@ -46,7 +47,8 @@ static void hexdump(const unsigned char *ptr, size_t len) + printf ("%s%02X", (i % 16 == 0) ? "\n " : " ", ptr[i]); + } + +-static void fips_test () ++static void ++fips_test (void) + { + static const unsigned char fipskey[16] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, +@@ -234,7 +236,8 @@ cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv, + memcpy(out+B, pn, len-B); + } + +-static void ecb_test () ++static void ++ecb_test (void) + { + size_t testno; + unsigned char tmp[4*B]; +@@ -265,7 +268,8 @@ static void ecb_test () + + unsigned char ivec[16] = { 0 }; + +-static void cbc_test () ++static void ++cbc_test (void) + { + size_t testno; + unsigned char tmp[4*B]; +@@ -294,7 +298,8 @@ static void cbc_test () + printf ("\n"); + } + +-static void cts_test () ++static void ++cts_test (void) + { + size_t testno; + unsigned char tmp[4*B]; +@@ -319,7 +324,8 @@ static void cts_test () + printf ("\n"); + } + +-int main () ++int ++main (void) + { + init (); + fips_test (); +diff --git a/src/lib/crypto/builtin/sha1/t_shs.c b/src/lib/crypto/builtin/sha1/t_shs.c +index c1d18f5571..a668cb0c06 100644 +--- a/src/lib/crypto/builtin/sha1/t_shs.c ++++ b/src/lib/crypto/builtin/sha1/t_shs.c +@@ -29,9 +29,8 @@ static SHS_LONG shsTestResults[][ 5 ] = { + }; + #endif /* NEW_SHS */ + +-static int compareSHSresults(shsInfo, shsTestLevel) +- SHS_INFO *shsInfo; +- int shsTestLevel; ++static int ++compareSHSresults(SHS_INFO *shsInfo, int shsTestLevel) + { + int i, fail = 0; + +@@ -55,7 +54,7 @@ static int compareSHSresults(shsInfo, shsTestLevel) + } + + int +-main() ++main(int argc, char *argv[]) + { + SHS_INFO shsInfo; + unsigned int i; +diff --git a/src/lib/crypto/builtin/sha1/t_shs3.c b/src/lib/crypto/builtin/sha1/t_shs3.c +index 7aa0bbdee3..87caf7fa37 100644 +--- a/src/lib/crypto/builtin/sha1/t_shs3.c ++++ b/src/lib/crypto/builtin/sha1/t_shs3.c +@@ -55,9 +55,7 @@ int mode; + int Dflag; + + int +-main(argc,argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + char *argp; + +@@ -131,8 +129,7 @@ static void process(void) + + #ifndef shsDigest + static unsigned char * +-shsDigest(si) +- SHS_INFO *si; ++shsDigest(SHS_INFO *si) + { + longReverse(si->digest, SHS_DIGESTSIZE); + return (unsigned char*) si->digest; +diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c +index a7382a48ad..d26f711b8d 100644 +--- a/src/lib/crypto/crypto_tests/aes-test.c ++++ b/src/lib/crypto/crypto_tests/aes-test.c +@@ -37,14 +37,14 @@ static char plain[16], cipher[16], zero[16]; + + static krb5_keyblock enc_key; + static krb5_data ivec; +-static void init() ++static void init(void) + { + enc_key.contents = (krb5_octet *)key; + enc_key.length = 16; + ivec.data = zero; + ivec.length = 16; + } +-static void enc() ++static void enc(void) + { + krb5_key k; + krb5_crypto_iov iov; +@@ -93,7 +93,7 @@ static void vk_test_1(int len, krb5_enctype etype) + } + printf("\n==========\n"); + } +-static void vk_test() ++static void vk_test(void) + { + vk_test_1(16, ENCTYPE_AES128_CTS_HMAC_SHA1_96); + vk_test_1(32, ENCTYPE_AES256_CTS_HMAC_SHA1_96); +@@ -119,7 +119,7 @@ static void vt_test_1(int len, krb5_enctype etype) + } + printf("\n==========\n"); + } +-static void vt_test() ++static void vt_test(void) + { + vt_test_1(16, ENCTYPE_AES128_CTS_HMAC_SHA1_96); + vt_test_1(32, ENCTYPE_AES256_CTS_HMAC_SHA1_96); +diff --git a/src/lib/crypto/crypto_tests/camellia-test.c b/src/lib/crypto/crypto_tests/camellia-test.c +index 23d14667e1..ca6579f7d1 100644 +--- a/src/lib/crypto/crypto_tests/camellia-test.c ++++ b/src/lib/crypto/crypto_tests/camellia-test.c +@@ -35,14 +35,14 @@ static char plain[16], cipher[16], zero[16]; + + static krb5_keyblock enc_key; + static krb5_data ivec; +-static void init() ++static void init(void) + { + enc_key.contents = (unsigned char *)key; + enc_key.length = 16; + ivec.data = zero; + ivec.length = 16; + } +-static void enc() ++static void enc(void) + { + krb5_key k; + krb5_crypto_iov iov; +@@ -91,7 +91,7 @@ static void vk_test_1(int len) + } + printf("\n==========\n"); + } +-static void vk_test() ++static void vk_test(void) + { + vk_test_1(16); + vk_test_1(32); +@@ -117,7 +117,7 @@ static void vt_test_1(int len, krb5_enctype etype) + } + printf("\n==========\n"); + } +-static void vt_test() ++static void vt_test(void) + { + vt_test_1(16, ENCTYPE_CAMELLIA128_CTS_CMAC); + vt_test_1(32, ENCTYPE_CAMELLIA256_CTS_CMAC); +diff --git a/src/lib/crypto/crypto_tests/t_cf2.c b/src/lib/crypto/crypto_tests/t_cf2.c +index 67c9dcdee2..4c894ad09c 100644 +--- a/src/lib/crypto/crypto_tests/t_cf2.c ++++ b/src/lib/crypto/crypto_tests/t_cf2.c +@@ -46,7 +46,9 @@ + #include + #include + +-int main () { ++int ++main(void) ++{ + krb5_error_code ret; + char pepper1[1025], pepper2[1025]; + krb5_keyblock *k1 = NULL, *k2 = NULL, *out = NULL; +diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c +index fe505169f3..f8a5a534b2 100644 +--- a/src/lib/crypto/crypto_tests/t_cts.c ++++ b/src/lib/crypto/crypto_tests/t_cts.c +@@ -77,7 +77,7 @@ static void printk(const char *descr, krb5_keyblock *k) { + printd(descr, &d); + } + +-static void test_cts() ++static void test_cts(void) + { + static const char input[4*16] = + "I would like the General Gau's Chicken, please, and wonton soup."; +diff --git a/src/lib/crypto/crypto_tests/t_encrypt.c b/src/lib/crypto/crypto_tests/t_encrypt.c +index 290a72e1e0..83bc98a2f1 100644 +--- a/src/lib/crypto/crypto_tests/t_encrypt.c ++++ b/src/lib/crypto/crypto_tests/t_encrypt.c +@@ -87,7 +87,7 @@ display(const char *msg, const krb5_data *d) + } + + int +-main () ++main(void) + { + krb5_context context = 0; + krb5_data in, in2, out, out2, check, check2, state, signdata; +diff --git a/src/lib/crypto/crypto_tests/t_fork.c b/src/lib/crypto/crypto_tests/t_fork.c +index 428fc8a6a1..8be7474227 100644 +--- a/src/lib/crypto/crypto_tests/t_fork.c ++++ b/src/lib/crypto/crypto_tests/t_fork.c +@@ -55,7 +55,7 @@ prepare_enc_data(krb5_key key, size_t in_len, krb5_enc_data *enc_data) + } + + int +-main() ++main(void) + { + krb5_keyblock kb_aes, kb_rc4; + krb5_key key_aes, key_rc4; +diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c +index da359cb494..e40136bff0 100644 +--- a/src/lib/crypto/crypto_tests/t_hmac.c ++++ b/src/lib/crypto/crypto_tests/t_hmac.c +@@ -122,7 +122,8 @@ static krb5_error_code hmac1(const struct krb5_hash_provider *h, + return err; + } + +-static void test_hmac() ++static void ++test_hmac(void) + { + krb5_keyblock key; + krb5_data in, out; +diff --git a/src/lib/crypto/crypto_tests/t_mddriver.c b/src/lib/crypto/crypto_tests/t_mddriver.c +index ad65d03156..035f825bbc 100644 +--- a/src/lib/crypto/crypto_tests/t_mddriver.c ++++ b/src/lib/crypto/crypto_tests/t_mddriver.c +@@ -111,9 +111,8 @@ struct md_test_entry md_test_suite[] = { + -t - runs time trial + -x - runs test script + */ +-int main (argc, argv) +- int argc; +- char *argv[]; ++int ++main(int argc, char *argv[]) + { + int i; + +@@ -128,10 +127,8 @@ int main (argc, argv) + return (0); + } + +-static void MDHash (bytes, len, count, out) +- char *bytes; +- size_t len, count; +- unsigned char *out; ++static void ++MDHash(char *bytes, size_t len, size_t count, unsigned char *out) + { + krb5_crypto_iov *iov; + krb5_data outdata = make_data (out, MDProvider.hashsize); +@@ -150,8 +147,8 @@ static void MDHash (bytes, len, count, out) + + /* Digests a string and prints the result. + */ +-static void MDString (string) +- char *string; ++static void ++MDString(char *string) + { + unsigned char digest[16]; + +@@ -164,7 +161,8 @@ static void MDString (string) + /* Measures the time to digest TEST_BLOCK_COUNT TEST_BLOCK_LEN-byte + blocks. + */ +-static void MDTimeTrial () ++static void ++MDTimeTrial(void) + { + time_t endTime, startTime; + unsigned char block[TEST_BLOCK_LEN], digest[16]; +@@ -197,7 +195,8 @@ static void MDTimeTrial () + + /* Digests a reference suite of strings and prints the results. + */ +-static void MDTestSuite () ++static void ++MDTestSuite(void) + { + #ifdef HAVE_TEST_SUITE + struct md_test_entry *entry; +@@ -246,8 +245,8 @@ static void MDTestSuite () + + /* Prints a message digest in hexadecimal. + */ +-static void MDPrint (digest) +- unsigned char digest[16]; ++static void ++MDPrint(unsigned char digest[16]) + { + unsigned int i; + +diff --git a/src/lib/crypto/crypto_tests/t_nfold.c b/src/lib/crypto/crypto_tests/t_nfold.c +index b94353c221..a741b61e0c 100644 +--- a/src/lib/crypto/crypto_tests/t_nfold.c ++++ b/src/lib/crypto/crypto_tests/t_nfold.c +@@ -33,17 +33,20 @@ + + #define ASIZE(ARRAY) (sizeof(ARRAY)/sizeof(ARRAY[0])) + +-static void printhex (size_t len, const unsigned char *p) ++static void ++printhex(size_t len, const unsigned char *p) + { + while (len--) + printf ("%02x", 0xff & *p++); + } + +-static void printstringhex (const unsigned char *p) { ++static void ++printstringhex(const unsigned char *p) { + printhex (strlen ((const char *) p), p); + } + +-static void rfc_tests () ++static void ++rfc_tests(void) + { + unsigned i; + struct { +@@ -92,7 +95,8 @@ static void rfc_tests () + } + } + +-static void fold_kerberos(unsigned int nbytes) ++static void ++fold_kerberos(unsigned int nbytes) + { + unsigned char cipher_text[300]; + unsigned int j; +@@ -125,9 +129,7 @@ unsigned char nfold_192[4][24] = { + }; + + int +-main(argc, argv) +- int argc; +- char *argv[]; ++main(int argc, char *argv[]) + { + unsigned char cipher_text[64]; + unsigned int i, j; +diff --git a/src/lib/crypto/crypto_tests/t_prf.c b/src/lib/crypto/crypto_tests/t_prf.c +index d9877bd1f7..6fa0afb183 100644 +--- a/src/lib/crypto/crypto_tests/t_prf.c ++++ b/src/lib/crypto/crypto_tests/t_prf.c +@@ -116,7 +116,7 @@ struct test { + }; + + int +-main() ++main(void) + { + krb5_error_code ret; + krb5_data output; +diff --git a/src/lib/crypto/crypto_tests/t_sha2.c b/src/lib/crypto/crypto_tests/t_sha2.c +index e6fa584982..776c4e964f 100644 +--- a/src/lib/crypto/crypto_tests/t_sha2.c ++++ b/src/lib/crypto/crypto_tests/t_sha2.c +@@ -137,7 +137,7 @@ hash_test(const struct krb5_hash_provider *hash, struct test *tests) + } + + int +-main() ++main(void) + { + hash_test(&krb5int_hash_sha256, sha256_tests); + hash_test(&krb5int_hash_sha384, sha384_tests); +diff --git a/src/lib/gssapi/generic/t_seqstate.c b/src/lib/gssapi/generic/t_seqstate.c +index 8f44fcf3ed..4df1ed6b9c 100644 +--- a/src/lib/gssapi/generic/t_seqstate.c ++++ b/src/lib/gssapi/generic/t_seqstate.c +@@ -164,7 +164,7 @@ struct test { + }; + + int +-main() ++main(void) + { + size_t i, j; + enum width w; +diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c +index d7c2ad321e..90a9ad2d9d 100644 +--- a/src/lib/gssapi/krb5/accept_sec_context.c ++++ b/src/lib/gssapi/krb5/accept_sec_context.c +@@ -160,11 +160,8 @@ create_constrained_deleg_creds(OM_uint32 *minor_status, + + /* Decode, decrypt and store the forwarded creds in the local ccache. */ + static krb5_error_code +-rd_and_store_for_creds(context, auth_context, inbuf, out_cred) +- krb5_context context; +- krb5_auth_context auth_context; +- krb5_data *inbuf; +- krb5_gss_cred_id_t *out_cred; ++rd_and_store_for_creds(krb5_context context, krb5_auth_context auth_context, ++ krb5_data *inbuf, krb5_gss_cred_id_t *out_cred) + { + krb5_creds ** creds = NULL; + krb5_error_code retval; +@@ -286,20 +283,12 @@ cleanup: + * Performs third leg of DCE authentication + */ + static OM_uint32 +-kg_accept_dce(minor_status, context_handle, verifier_cred_handle, +- input_token, input_chan_bindings, src_name, mech_type, +- output_token, ret_flags, time_rec, delegated_cred_handle) +- OM_uint32 *minor_status; +- gss_ctx_id_t *context_handle; +- gss_cred_id_t verifier_cred_handle; +- gss_buffer_t input_token; +- gss_channel_bindings_t input_chan_bindings; +- gss_name_t *src_name; +- gss_OID *mech_type; +- gss_buffer_t output_token; +- OM_uint32 *ret_flags; +- OM_uint32 *time_rec; +- gss_cred_id_t *delegated_cred_handle; ++kg_accept_dce(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, ++ gss_cred_id_t verifier_cred_handle, gss_buffer_t input_token, ++ gss_channel_bindings_t input_chan_bindings, gss_name_t *src_name, ++ gss_OID *mech_type, gss_buffer_t output_token, ++ OM_uint32 *ret_flags, OM_uint32 *time_rec, ++ gss_cred_id_t *delegated_cred_handle) + { + krb5_error_code code; + krb5_gss_ctx_id_rec *ctx = 0; +@@ -637,23 +626,13 @@ fail: + } + + static OM_uint32 +-kg_accept_krb5(minor_status, context_handle, +- verifier_cred_handle, input_token, +- input_chan_bindings, src_name, mech_type, +- output_token, ret_flags, time_rec, +- delegated_cred_handle, exts) +- OM_uint32 *minor_status; +- gss_ctx_id_t *context_handle; +- gss_cred_id_t verifier_cred_handle; +- gss_buffer_t input_token; +- gss_channel_bindings_t input_chan_bindings; +- gss_name_t *src_name; +- gss_OID *mech_type; +- gss_buffer_t output_token; +- OM_uint32 *ret_flags; +- OM_uint32 *time_rec; +- gss_cred_id_t *delegated_cred_handle; +- krb5_gss_ctx_ext_t exts; ++kg_accept_krb5(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, ++ gss_cred_id_t verifier_cred_handle, gss_buffer_t input_token, ++ gss_channel_bindings_t input_chan_bindings, ++ gss_name_t *src_name, gss_OID *mech_type, ++ gss_buffer_t output_token, OM_uint32 *ret_flags, ++ OM_uint32 *time_rec, gss_cred_id_t *delegated_cred_handle, ++ krb5_gss_ctx_ext_t exts) + { + krb5_context context; + unsigned char *ptr; +@@ -1309,22 +1288,15 @@ krb5_gss_accept_sec_context_ext( + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_accept_sec_context(minor_status, context_handle, +- verifier_cred_handle, input_token, +- input_chan_bindings, src_name, mech_type, +- output_token, ret_flags, time_rec, +- delegated_cred_handle) +- OM_uint32 *minor_status; +- gss_ctx_id_t *context_handle; +- gss_cred_id_t verifier_cred_handle; +- gss_buffer_t input_token; +- gss_channel_bindings_t input_chan_bindings; +- gss_name_t *src_name; +- gss_OID *mech_type; +- gss_buffer_t output_token; +- OM_uint32 *ret_flags; +- OM_uint32 *time_rec; +- gss_cred_id_t *delegated_cred_handle; ++krb5_gss_accept_sec_context(OM_uint32 *minor_status, ++ gss_ctx_id_t *context_handle, ++ gss_cred_id_t verifier_cred_handle, ++ gss_buffer_t input_token, ++ gss_channel_bindings_t input_chan_bindings, ++ gss_name_t *src_name, gss_OID *mech_type, ++ gss_buffer_t output_token, OM_uint32 *ret_flags, ++ OM_uint32 *time_rec, ++ gss_cred_id_t *delegated_cred_handle) + { + krb5_gss_ctx_ext_rec exts; + +diff --git a/src/lib/gssapi/krb5/compare_name.c b/src/lib/gssapi/krb5/compare_name.c +index 3f3788d2bf..3aa5a0d79f 100644 +--- a/src/lib/gssapi/krb5/compare_name.c ++++ b/src/lib/gssapi/krb5/compare_name.c +@@ -28,11 +28,8 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_compare_name(minor_status, name1, name2, name_equal) +- OM_uint32 *minor_status; +- gss_name_t name1; +- gss_name_t name2; +- int *name_equal; ++krb5_gss_compare_name(OM_uint32 *minor_status, gss_name_t name1, ++ gss_name_t name2, int *name_equal) + { + krb5_context context; + krb5_error_code code; +diff --git a/src/lib/gssapi/krb5/context_time.c b/src/lib/gssapi/krb5/context_time.c +index 226de05f51..0ab885deca 100644 +--- a/src/lib/gssapi/krb5/context_time.c ++++ b/src/lib/gssapi/krb5/context_time.c +@@ -28,10 +28,8 @@ + */ + + OM_uint32 KRB5_CALLCONV +-krb5_gss_context_time(minor_status, context_handle, time_rec) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- OM_uint32 *time_rec; ++krb5_gss_context_time(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ OM_uint32 *time_rec) + { + krb5_error_code code; + krb5_gss_ctx_id_rec *ctx; +diff --git a/src/lib/gssapi/krb5/delete_sec_context.c b/src/lib/gssapi/krb5/delete_sec_context.c +index 4b9dfae0d5..92e84b79c5 100644 +--- a/src/lib/gssapi/krb5/delete_sec_context.c ++++ b/src/lib/gssapi/krb5/delete_sec_context.c +@@ -28,10 +28,9 @@ + */ + + OM_uint32 KRB5_CALLCONV +-krb5_gss_delete_sec_context(minor_status, context_handle, output_token) +- OM_uint32 *minor_status; +- gss_ctx_id_t *context_handle; +- gss_buffer_t output_token; ++krb5_gss_delete_sec_context(OM_uint32 *minor_status, ++ gss_ctx_id_t *context_handle, ++ gss_buffer_t output_token) + { + krb5_context context; + krb5_gss_ctx_id_rec *ctx; +diff --git a/src/lib/gssapi/krb5/disp_name.c b/src/lib/gssapi/krb5/disp_name.c +index b097bf0e21..75fef01238 100644 +--- a/src/lib/gssapi/krb5/disp_name.c ++++ b/src/lib/gssapi/krb5/disp_name.c +@@ -24,12 +24,9 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_display_name(minor_status, input_name, output_name_buffer, +- output_name_type) +- OM_uint32 *minor_status; +- gss_name_t input_name; +- gss_buffer_t output_name_buffer; +- gss_OID *output_name_type; ++krb5_gss_display_name(OM_uint32 *minor_status, gss_name_t input_name, ++ gss_buffer_t output_name_buffer, ++ gss_OID *output_name_type) + { + krb5_context context; + krb5_error_code code; +diff --git a/src/lib/gssapi/krb5/disp_status.c b/src/lib/gssapi/krb5/disp_status.c +index 6ff62a9d84..71000b7a45 100644 +--- a/src/lib/gssapi/krb5/disp_status.c ++++ b/src/lib/gssapi/krb5/disp_status.c +@@ -154,14 +154,9 @@ void krb5_gss_delete_error_info(void *p) + /**/ + + OM_uint32 KRB5_CALLCONV +-krb5_gss_display_status(minor_status, status_value, status_type, +- mech_type, message_context, status_string) +- OM_uint32 *minor_status; +- OM_uint32 status_value; +- int status_type; +- gss_OID mech_type; +- OM_uint32 *message_context; +- gss_buffer_t status_string; ++krb5_gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, ++ int status_type, gss_OID mech_type, ++ OM_uint32 *message_context, gss_buffer_t status_string) + { + status_string->length = 0; + status_string->value = NULL; +diff --git a/src/lib/gssapi/krb5/export_sec_context.c b/src/lib/gssapi/krb5/export_sec_context.c +index 44e50080ab..9730e0597f 100644 +--- a/src/lib/gssapi/krb5/export_sec_context.c ++++ b/src/lib/gssapi/krb5/export_sec_context.c +@@ -27,10 +27,9 @@ + #include "gssapiP_krb5.h" + #ifndef LEAN_CLIENT + OM_uint32 KRB5_CALLCONV +-krb5_gss_export_sec_context(minor_status, context_handle, interprocess_token) +- OM_uint32 *minor_status; +- gss_ctx_id_t *context_handle; +- gss_buffer_t interprocess_token; ++krb5_gss_export_sec_context(OM_uint32 *minor_status, ++ gss_ctx_id_t *context_handle, ++ gss_buffer_t interprocess_token) + { + krb5_context context = NULL; + krb5_error_code kret; +diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c +index 1e62b07cde..370b7d152a 100644 +--- a/src/lib/gssapi/krb5/gssapi_krb5.c ++++ b/src/lib/gssapi/krb5/gssapi_krb5.c +@@ -197,9 +197,7 @@ g_set kg_vdb = G_SET_INIT; + * so handling the expiration/invalidation condition here isn't needed. + */ + OM_uint32 +-kg_get_defcred(minor_status, cred) +- OM_uint32 *minor_status; +- gss_cred_id_t *cred; ++kg_get_defcred(OM_uint32 *minor_status, gss_cred_id_t *cred) + { + OM_uint32 major; + +diff --git a/src/lib/gssapi/krb5/import_name.c b/src/lib/gssapi/krb5/import_name.c +index f64635a202..cc6883b5fe 100644 +--- a/src/lib/gssapi/krb5/import_name.c ++++ b/src/lib/gssapi/krb5/import_name.c +@@ -120,12 +120,8 @@ parse_hostbased(const char *str, size_t len, + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_import_name(minor_status, input_name_buffer, +- input_name_type, output_name) +- OM_uint32 *minor_status; +- gss_buffer_t input_name_buffer; +- gss_OID input_name_type; +- gss_name_t *output_name; ++krb5_gss_import_name(OM_uint32 *minor_status, gss_buffer_t input_name_buffer, ++ gss_OID input_name_type, gss_name_t *output_name) + { + krb5_context context; + krb5_principal princ = NULL; +diff --git a/src/lib/gssapi/krb5/import_sec_context.c b/src/lib/gssapi/krb5/import_sec_context.c +index 7d26f4df87..e39c036b80 100644 +--- a/src/lib/gssapi/krb5/import_sec_context.c ++++ b/src/lib/gssapi/krb5/import_sec_context.c +@@ -32,8 +32,7 @@ + * Fix up the OID of the mechanism so that uses the static version of + * the OID if possible. + */ +-gss_OID krb5_gss_convert_static_mech_oid(oid) +- gss_OID oid; ++gss_OID krb5_gss_convert_static_mech_oid(gss_OID oid) + { + const gss_OID_desc *p; + OM_uint32 minor_status; +@@ -49,10 +48,9 @@ gss_OID krb5_gss_convert_static_mech_oid(oid) + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_import_sec_context(minor_status, interprocess_token, context_handle) +- OM_uint32 *minor_status; +- gss_buffer_t interprocess_token; +- gss_ctx_id_t *context_handle; ++krb5_gss_import_sec_context(OM_uint32 *minor_status, ++ gss_buffer_t interprocess_token, ++ gss_ctx_id_t *context_handle) + { + krb5_context context; + krb5_error_code kret = 0; +diff --git a/src/lib/gssapi/krb5/indicate_mechs.c b/src/lib/gssapi/krb5/indicate_mechs.c +index 45538cb779..49d55e6217 100644 +--- a/src/lib/gssapi/krb5/indicate_mechs.c ++++ b/src/lib/gssapi/krb5/indicate_mechs.c +@@ -29,9 +29,7 @@ + #include "mglueP.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_indicate_mechs(minor_status, mech_set) +- OM_uint32 *minor_status; +- gss_OID_set *mech_set; ++krb5_gss_indicate_mechs(OM_uint32 *minor_status, gss_OID_set *mech_set) + { + return generic_gss_copy_oid_set(minor_status, kg_all_mechs, mech_set); + } +diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c +index 5748b8434c..0397fe1dfd 100644 +--- a/src/lib/gssapi/krb5/init_sec_context.c ++++ b/src/lib/gssapi/krb5/init_sec_context.c +@@ -117,14 +117,10 @@ int krb5_gss_dbg_client_expcreds = 0; + * Common code which fetches the correct krb5 credentials from the + * ccache. + */ +-static krb5_error_code get_credentials(context, cred, server, now, +- endtime, out_creds) +- krb5_context context; +- krb5_gss_cred_id_t cred; +- krb5_gss_name_t server; +- krb5_timestamp now; +- krb5_timestamp endtime; +- krb5_creds **out_creds; ++static krb5_error_code ++get_credentials(krb5_context context, krb5_gss_cred_id_t cred, ++ krb5_gss_name_t server, krb5_timestamp now, ++ krb5_timestamp endtime, krb5_creds **out_creds) + { + krb5_error_code code; + krb5_creds in_creds, evidence_creds, mcreds, *result_creds = NULL; +@@ -365,17 +361,11 @@ cleanup: + } + + static krb5_error_code +-make_ap_req_v1(context, ctx, cred, k_cred, ad_context, +- chan_bindings, mech_type, token, exts) +- krb5_context context; +- krb5_gss_ctx_id_rec *ctx; +- krb5_gss_cred_id_t cred; +- krb5_creds *k_cred; +- krb5_authdata_context ad_context; +- gss_channel_bindings_t chan_bindings; +- gss_OID mech_type; +- gss_buffer_t token; +- krb5_gss_ctx_ext_t exts; ++make_ap_req_v1(krb5_context context, krb5_gss_ctx_id_rec *ctx, ++ krb5_gss_cred_id_t cred, krb5_creds *k_cred, ++ krb5_authdata_context ad_context, ++ gss_channel_bindings_t chan_bindings, gss_OID mech_type, ++ gss_buffer_t token, krb5_gss_ctx_ext_t exts) + { + krb5_flags mk_req_flags = 0; + krb5_error_code code; +@@ -1048,24 +1038,15 @@ krb5int_gss_use_kdc_context(OM_uint32 *minor_status, + #endif + + OM_uint32 KRB5_CALLCONV +-krb5_gss_init_sec_context(minor_status, claimant_cred_handle, +- context_handle, target_name, mech_type, +- req_flags, time_req, input_chan_bindings, +- input_token, actual_mech_type, output_token, +- ret_flags, time_rec) +- OM_uint32 *minor_status; +- gss_cred_id_t claimant_cred_handle; +- gss_ctx_id_t *context_handle; +- gss_name_t target_name; +- gss_OID mech_type; +- OM_uint32 req_flags; +- OM_uint32 time_req; +- gss_channel_bindings_t input_chan_bindings; +- gss_buffer_t input_token; +- gss_OID *actual_mech_type; +- gss_buffer_t output_token; +- OM_uint32 *ret_flags; +- OM_uint32 *time_rec; ++krb5_gss_init_sec_context(OM_uint32 *minor_status, ++ gss_cred_id_t claimant_cred_handle, ++ gss_ctx_id_t *context_handle, ++ gss_name_t target_name, gss_OID mech_type, ++ OM_uint32 req_flags, OM_uint32 time_req, ++ gss_channel_bindings_t input_chan_bindings, ++ gss_buffer_t input_token, gss_OID *actual_mech_type, ++ gss_buffer_t output_token, OM_uint32 *ret_flags, ++ OM_uint32 *time_rec) + { + krb5_gss_ctx_ext_rec exts; + +diff --git a/src/lib/gssapi/krb5/inq_context.c b/src/lib/gssapi/krb5/inq_context.c +index 97678e3ec5..f8229f9750 100644 +--- a/src/lib/gssapi/krb5/inq_context.c ++++ b/src/lib/gssapi/krb5/inq_context.c +@@ -78,18 +78,11 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_inquire_context(minor_status, context_handle, initiator_name, +- acceptor_name, lifetime_rec, mech_type, ret_flags, +- locally_initiated, opened) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_name_t *initiator_name; +- gss_name_t *acceptor_name; +- OM_uint32 *lifetime_rec; +- gss_OID *mech_type; +- OM_uint32 *ret_flags; +- int *locally_initiated; +- int *opened; ++krb5_gss_inquire_context(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_name_t *initiator_name, gss_name_t *acceptor_name, ++ OM_uint32 *lifetime_rec, gss_OID *mech_type, ++ OM_uint32 *ret_flags, int *locally_initiated, ++ int *opened) + { + krb5_context context; + krb5_error_code code; +diff --git a/src/lib/gssapi/krb5/inq_cred.c b/src/lib/gssapi/krb5/inq_cred.c +index 0e675959a3..e968f8ad32 100644 +--- a/src/lib/gssapi/krb5/inq_cred.c ++++ b/src/lib/gssapi/krb5/inq_cred.c +@@ -73,14 +73,9 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_inquire_cred(minor_status, cred_handle, name, lifetime_ret, +- cred_usage, mechanisms) +- OM_uint32 *minor_status; +- gss_cred_id_t cred_handle; +- gss_name_t *name; +- OM_uint32 *lifetime_ret; +- gss_cred_usage_t *cred_usage; +- gss_OID_set *mechanisms; ++krb5_gss_inquire_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle, ++ gss_name_t *name, OM_uint32 *lifetime_ret, ++ gss_cred_usage_t *cred_usage, gss_OID_set *mechanisms) + { + krb5_context context; + gss_cred_id_t defcred = GSS_C_NO_CREDENTIAL; +@@ -209,16 +204,11 @@ cleanup: + + /* V2 interface */ + OM_uint32 KRB5_CALLCONV +-krb5_gss_inquire_cred_by_mech(minor_status, cred_handle, +- mech_type, name, initiator_lifetime, +- acceptor_lifetime, cred_usage) +- OM_uint32 *minor_status; +- gss_cred_id_t cred_handle; +- gss_OID mech_type; +- gss_name_t *name; +- OM_uint32 *initiator_lifetime; +- OM_uint32 *acceptor_lifetime; +- gss_cred_usage_t *cred_usage; ++krb5_gss_inquire_cred_by_mech(OM_uint32 *minor_status, ++ gss_cred_id_t cred_handle, gss_OID mech_type, ++ gss_name_t *name, OM_uint32 *initiator_lifetime, ++ OM_uint32 *acceptor_lifetime, ++ gss_cred_usage_t *cred_usage) + { + krb5_gss_cred_id_t cred; + OM_uint32 lifetime; +diff --git a/src/lib/gssapi/krb5/inq_names.c b/src/lib/gssapi/krb5/inq_names.c +index b326adbb5f..4a3709be4b 100644 +--- a/src/lib/gssapi/krb5/inq_names.c ++++ b/src/lib/gssapi/krb5/inq_names.c +@@ -27,10 +27,8 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_inquire_names_for_mech(minor_status, mechanism, name_types) +- OM_uint32 *minor_status; +- gss_OID mechanism; +- gss_OID_set *name_types; ++krb5_gss_inquire_names_for_mech(OM_uint32 *minor_status, gss_OID mechanism, ++ gss_OID_set *name_types) + { + OM_uint32 major, minor; + +diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c +index 0e5d10b115..1148f6929b 100644 +--- a/src/lib/gssapi/krb5/k5seal.c ++++ b/src/lib/gssapi/krb5/k5seal.c +@@ -271,16 +271,10 @@ make_seal_token_v1 (krb5_context context, + and do not encode the ENC_TYPE, MSG_LENGTH, or MSG_TEXT fields */ + + OM_uint32 +-kg_seal(minor_status, context_handle, conf_req_flag, qop_req, +- input_message_buffer, conf_state, output_message_buffer, toktype) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- int conf_req_flag; +- gss_qop_t qop_req; +- gss_buffer_t input_message_buffer; +- int *conf_state; +- gss_buffer_t output_message_buffer; +- int toktype; ++kg_seal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ int conf_req_flag, gss_qop_t qop_req, ++ gss_buffer_t input_message_buffer, int *conf_state, ++ gss_buffer_t output_message_buffer, int toktype) + { + krb5_gss_ctx_id_rec *ctx; + krb5_error_code code; +@@ -342,16 +336,10 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req, + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_wrap(minor_status, context_handle, conf_req_flag, +- qop_req, input_message_buffer, conf_state, +- output_message_buffer) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- int conf_req_flag; +- gss_qop_t qop_req; +- gss_buffer_t input_message_buffer; +- int *conf_state; +- gss_buffer_t output_message_buffer; ++krb5_gss_wrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ int conf_req_flag, gss_qop_t qop_req, ++ gss_buffer_t input_message_buffer, int *conf_state, ++ gss_buffer_t output_message_buffer) + { + return(kg_seal(minor_status, context_handle, conf_req_flag, + qop_req, input_message_buffer, conf_state, +@@ -359,13 +347,9 @@ krb5_gss_wrap(minor_status, context_handle, conf_req_flag, + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_get_mic(minor_status, context_handle, qop_req, +- message_buffer, message_token) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_qop_t qop_req; +- gss_buffer_t message_buffer; +- gss_buffer_t message_token; ++krb5_gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_qop_t qop_req, gss_buffer_t message_buffer, ++ gss_buffer_t message_token) + { + return(kg_seal(minor_status, context_handle, 0, + qop_req, message_buffer, NULL, +diff --git a/src/lib/gssapi/krb5/k5unseal.c b/src/lib/gssapi/krb5/k5unseal.c +index f0cc4a6809..e246365804 100644 +--- a/src/lib/gssapi/krb5/k5unseal.c ++++ b/src/lib/gssapi/krb5/k5unseal.c +@@ -58,17 +58,10 @@ + conf_state is only valid if SEAL. */ + + static OM_uint32 +-kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, +- conf_state, qop_state, toktype) +- krb5_context context; +- OM_uint32 *minor_status; +- krb5_gss_ctx_id_rec *ctx; +- unsigned char *ptr; +- int bodysize; +- gss_buffer_t message_buffer; +- int *conf_state; +- gss_qop_t *qop_state; +- int toktype; ++kg_unseal_v1(krb5_context context, OM_uint32 *minor_status, ++ krb5_gss_ctx_id_rec *ctx, unsigned char *ptr, int bodysize, ++ gss_buffer_t message_buffer, int *conf_state, ++ gss_qop_t *qop_state, int toktype) + { + krb5_error_code code; + int conflen = 0; +@@ -342,15 +335,9 @@ kg_unseal_v1(context, minor_status, ctx, ptr, bodysize, message_buffer, + conf_state is only valid if SEAL. */ + + OM_uint32 +-kg_unseal(minor_status, context_handle, input_token_buffer, +- message_buffer, conf_state, qop_state, toktype) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_buffer_t input_token_buffer; +- gss_buffer_t message_buffer; +- int *conf_state; +- gss_qop_t *qop_state; +- int toktype; ++kg_unseal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t input_token_buffer, gss_buffer_t message_buffer, ++ int *conf_state, gss_qop_t *qop_state, int toktype) + { + krb5_gss_ctx_id_rec *ctx; + unsigned char *ptr; +@@ -421,15 +408,10 @@ kg_unseal(minor_status, context_handle, input_token_buffer, + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_unwrap(minor_status, context_handle, +- input_message_buffer, output_message_buffer, +- conf_state, qop_state) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_buffer_t input_message_buffer; +- gss_buffer_t output_message_buffer; +- int *conf_state; +- gss_qop_t *qop_state; ++krb5_gss_unwrap(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t input_message_buffer, ++ gss_buffer_t output_message_buffer, int *conf_state, ++ gss_qop_t *qop_state) + { + OM_uint32 rstat; + +@@ -440,14 +422,9 @@ krb5_gss_unwrap(minor_status, context_handle, + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_verify_mic(minor_status, context_handle, +- message_buffer, token_buffer, +- qop_state) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_buffer_t message_buffer; +- gss_buffer_t token_buffer; +- gss_qop_t *qop_state; ++krb5_gss_verify_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t message_buffer, gss_buffer_t token_buffer, ++ gss_qop_t *qop_state) + { + OM_uint32 rstat; + +diff --git a/src/lib/gssapi/krb5/process_context_token.c b/src/lib/gssapi/krb5/process_context_token.c +index a672f48c85..67805fba78 100644 +--- a/src/lib/gssapi/krb5/process_context_token.c ++++ b/src/lib/gssapi/krb5/process_context_token.c +@@ -28,11 +28,9 @@ + */ + + OM_uint32 KRB5_CALLCONV +-krb5_gss_process_context_token(minor_status, context_handle, +- token_buffer) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- gss_buffer_t token_buffer; ++krb5_gss_process_context_token(OM_uint32 *minor_status, ++ gss_ctx_id_t context_handle, ++ gss_buffer_t token_buffer) + { + krb5_gss_ctx_id_rec *ctx; + OM_uint32 majerr; +diff --git a/src/lib/gssapi/krb5/rel_cred.c b/src/lib/gssapi/krb5/rel_cred.c +index 0da6c1b950..9e04e2fa81 100644 +--- a/src/lib/gssapi/krb5/rel_cred.c ++++ b/src/lib/gssapi/krb5/rel_cred.c +@@ -24,9 +24,7 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_release_cred(minor_status, cred_handle) +- OM_uint32 *minor_status; +- gss_cred_id_t *cred_handle; ++krb5_gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) + { + krb5_context context; + krb5_gss_cred_id_t cred; +diff --git a/src/lib/gssapi/krb5/rel_name.c b/src/lib/gssapi/krb5/rel_name.c +index 3dabe32f33..558bb6dbc5 100644 +--- a/src/lib/gssapi/krb5/rel_name.c ++++ b/src/lib/gssapi/krb5/rel_name.c +@@ -24,9 +24,7 @@ + #include "gssapiP_krb5.h" + + OM_uint32 KRB5_CALLCONV +-krb5_gss_release_name(minor_status, input_name) +- OM_uint32 *minor_status; +- gss_name_t *input_name; ++krb5_gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name) + { + krb5_context context; + krb5_error_code code; +diff --git a/src/lib/gssapi/krb5/rel_oid.c b/src/lib/gssapi/krb5/rel_oid.c +index 739efe4680..900c4105f9 100644 +--- a/src/lib/gssapi/krb5/rel_oid.c ++++ b/src/lib/gssapi/krb5/rel_oid.c +@@ -27,9 +27,7 @@ + #include "gssapiP_krb5.h" + + OM_uint32 +-krb5_gss_release_oid(minor_status, oid) +- OM_uint32 *minor_status; +- gss_OID *oid; ++krb5_gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) + { + /* + * The V2 API says the following! +@@ -52,9 +50,7 @@ krb5_gss_release_oid(minor_status, oid) + } + + OM_uint32 KRB5_CALLCONV +-krb5_gss_internal_release_oid(minor_status, oid) +- OM_uint32 *minor_status; +- gss_OID *oid; ++krb5_gss_internal_release_oid(OM_uint32 *minor_status, gss_OID *oid) + { + /* + * This function only knows how to release internal OIDs. It will +diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c +index 9e2d32e98d..1129b6a1aa 100644 +--- a/src/lib/gssapi/krb5/ser_sctx.c ++++ b/src/lib/gssapi/krb5/ser_sctx.c +@@ -137,10 +137,8 @@ kg_oid_size(gss_OID oid, size_t *sizep) + } + + static krb5_error_code +-kg_seqstate_externalize(arg, buffer, lenremain) +- g_seqnum_state arg; +- krb5_octet **buffer; +- size_t *lenremain; ++kg_seqstate_externalize(g_seqnum_state arg, krb5_octet **buffer, ++ size_t *lenremain) + { + krb5_error_code err; + err = krb5_ser_pack_int32(KV5M_GSS_QUEUE, buffer, lenremain); +@@ -152,10 +150,8 @@ kg_seqstate_externalize(arg, buffer, lenremain) + } + + static krb5_error_code +-kg_seqstate_internalize(argp, buffer, lenremain) +- g_seqnum_state *argp; +- krb5_octet **buffer; +- size_t *lenremain; ++kg_seqstate_internalize(g_seqnum_state *argp, krb5_octet **buffer, ++ size_t *lenremain) + { + krb5_int32 ibuf; + krb5_octet *bp; +@@ -193,9 +189,7 @@ kg_seqstate_internalize(argp, buffer, lenremain) + } + + static krb5_error_code +-kg_seqstate_size(arg, sizep) +- g_seqnum_state arg; +- size_t *sizep; ++kg_seqstate_size(g_seqnum_state arg, size_t *sizep) + { + krb5_error_code kret; + size_t required; +diff --git a/src/lib/gssapi/krb5/util_cksum.c b/src/lib/gssapi/krb5/util_cksum.c +index 5b87956393..5f7694f5e6 100644 +--- a/src/lib/gssapi/krb5/util_cksum.c ++++ b/src/lib/gssapi/krb5/util_cksum.c +@@ -28,10 +28,8 @@ + + /* Checksumming the channel bindings always uses plain MD5. */ + krb5_error_code +-kg_checksum_channel_bindings(context, cb, cksum) +- krb5_context context; +- gss_channel_bindings_t cb; +- krb5_checksum *cksum; ++kg_checksum_channel_bindings(krb5_context context, gss_channel_bindings_t cb, ++ krb5_checksum *cksum) + { + struct k5buf buf; + size_t sumlen; +diff --git a/src/lib/gssapi/krb5/util_seed.c b/src/lib/gssapi/krb5/util_seed.c +index 6e1c9ac8ae..685736314c 100644 +--- a/src/lib/gssapi/krb5/util_seed.c ++++ b/src/lib/gssapi/krb5/util_seed.c +@@ -29,10 +29,7 @@ + static const unsigned char zeros[16] = {0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0}; + + krb5_error_code +-kg_make_seed(context, key, seed) +- krb5_context context; +- krb5_key key; +- unsigned char *seed; ++kg_make_seed(krb5_context context, krb5_key key, unsigned char *seed) + { + krb5_error_code code; + krb5_key rkey = NULL; +diff --git a/src/lib/gssapi/krb5/util_seqnum.c b/src/lib/gssapi/krb5/util_seqnum.c +index bef631da9d..a5a4d5cf80 100644 +--- a/src/lib/gssapi/krb5/util_seqnum.c ++++ b/src/lib/gssapi/krb5/util_seqnum.c +@@ -30,13 +30,8 @@ + */ + + krb5_error_code +-kg_make_seq_num(context, key, direction, seqnum, cksum, buf) +- krb5_context context; +- krb5_key key; +- int direction; +- krb5_ui_4 seqnum; +- unsigned char *cksum; +- unsigned char *buf; ++kg_make_seq_num(krb5_context context, krb5_key key, int direction, ++ krb5_ui_4 seqnum, unsigned char *cksum, unsigned char *buf) + { + unsigned char plain[8]; + +@@ -59,13 +54,9 @@ kg_make_seq_num(context, key, direction, seqnum, cksum, buf) + return(kg_encrypt(context, key, KG_USAGE_SEQ, cksum, plain, buf, 8)); + } + +-krb5_error_code kg_get_seq_num(context, key, cksum, buf, direction, seqnum) +- krb5_context context; +- krb5_key key; +- unsigned char *cksum; +- unsigned char *buf; +- int *direction; +- krb5_ui_4 *seqnum; ++krb5_error_code ++kg_get_seq_num(krb5_context context, krb5_key key, unsigned char *cksum, ++ unsigned char *buf, int *direction, krb5_ui_4 *seqnum) + { + krb5_error_code code; + unsigned char plain[8]; +diff --git a/src/lib/gssapi/krb5/val_cred.c b/src/lib/gssapi/krb5/val_cred.c +index cb1cb9393a..83e7634106 100644 +--- a/src/lib/gssapi/krb5/val_cred.c ++++ b/src/lib/gssapi/krb5/val_cred.c +@@ -57,9 +57,7 @@ krb5_gss_validate_cred_1(OM_uint32 *minor_status, gss_cred_id_t cred_handle, + } + + OM_uint32 +-krb5_gss_validate_cred(minor_status, cred_handle) +- OM_uint32 *minor_status; +- gss_cred_id_t cred_handle; ++krb5_gss_validate_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle) + { + krb5_context context; + krb5_error_code code; +diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c +index 7959f424ec..8ea6ce1ad3 100644 +--- a/src/lib/gssapi/krb5/wrap_size_limit.c ++++ b/src/lib/gssapi/krb5/wrap_size_limit.c +@@ -74,14 +74,9 @@ + + /* V2 interface */ + OM_uint32 KRB5_CALLCONV +-krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, +- qop_req, req_output_size, max_input_size) +- OM_uint32 *minor_status; +- gss_ctx_id_t context_handle; +- int conf_req_flag; +- gss_qop_t qop_req; +- OM_uint32 req_output_size; +- OM_uint32 *max_input_size; ++krb5_gss_wrap_size_limit(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ int conf_req_flag, gss_qop_t qop_req, ++ OM_uint32 req_output_size, OM_uint32 *max_input_size) + { + krb5_gss_ctx_id_rec *ctx; + OM_uint32 data_size, conflen; +diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c +index 4f2a66e26a..e4eff1f52c 100644 +--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c +@@ -128,30 +128,13 @@ allow_mech_by_default(gss_OID mech) + } + + OM_uint32 KRB5_CALLCONV +-gss_accept_sec_context (minor_status, +- context_handle, +- verifier_cred_handle, +- input_token_buffer, +- input_chan_bindings, +- src_name, +- mech_type, +- output_token, +- ret_flags, +- time_rec, +- d_cred) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t * context_handle; +-gss_cred_id_t verifier_cred_handle; +-gss_buffer_t input_token_buffer; +-gss_channel_bindings_t input_chan_bindings; +-gss_name_t * src_name; +-gss_OID * mech_type; +-gss_buffer_t output_token; +-OM_uint32 * ret_flags; +-OM_uint32 * time_rec; +-gss_cred_id_t * d_cred; +- ++gss_accept_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, ++ gss_cred_id_t verifier_cred_handle, ++ gss_buffer_t input_token_buffer, ++ gss_channel_bindings_t input_chan_bindings, ++ gss_name_t *src_name, gss_OID *mech_type, ++ gss_buffer_t output_token, OM_uint32 *ret_flags, ++ OM_uint32 *time_rec, gss_cred_id_t *d_cred) + { + OM_uint32 status, temp_status, temp_minor_status; + OM_uint32 temp_ret_flags = 0; +diff --git a/src/lib/gssapi/mechglue/g_acquire_cred.c b/src/lib/gssapi/mechglue/g_acquire_cred.c +index c885f56279..2fc9c5c786 100644 +--- a/src/lib/gssapi/mechglue/g_acquire_cred.c ++++ b/src/lib/gssapi/mechglue/g_acquire_cred.c +@@ -85,24 +85,10 @@ val_acq_cred_args( + + + OM_uint32 KRB5_CALLCONV +-gss_acquire_cred(minor_status, +- desired_name, +- time_req, +- desired_mechs, +- cred_usage, +- output_cred_handle, +- actual_mechs, +- time_rec) +- +-OM_uint32 * minor_status; +-gss_name_t desired_name; +-OM_uint32 time_req; +-gss_OID_set desired_mechs; +-int cred_usage; +-gss_cred_id_t * output_cred_handle; +-gss_OID_set * actual_mechs; +-OM_uint32 * time_rec; +- ++gss_acquire_cred(OM_uint32 *minor_status, gss_name_t desired_name, ++ OM_uint32 time_req, gss_OID_set desired_mechs, ++ int cred_usage, gss_cred_id_t *output_cred_handle, ++ gss_OID_set *actual_mechs, OM_uint32 *time_rec) + { + return gss_acquire_cred_from(minor_status, desired_name, time_req, + desired_mechs, cred_usage, NULL, +@@ -110,26 +96,11 @@ OM_uint32 * time_rec; + } + + OM_uint32 KRB5_CALLCONV +-gss_acquire_cred_from(minor_status, +- desired_name, +- time_req, +- desired_mechs, +- cred_usage, +- cred_store, +- output_cred_handle, +- actual_mechs, +- time_rec) +- +-OM_uint32 * minor_status; +-gss_name_t desired_name; +-OM_uint32 time_req; +-gss_OID_set desired_mechs; +-int cred_usage; +-gss_const_key_value_set_t cred_store; +-gss_cred_id_t * output_cred_handle; +-gss_OID_set * actual_mechs; +-OM_uint32 * time_rec; +- ++gss_acquire_cred_from(OM_uint32 * minor_status, gss_name_t desired_name, ++ OM_uint32 time_req, gss_OID_set desired_mechs, ++ int cred_usage, gss_const_key_value_set_t cred_store, ++ gss_cred_id_t *output_cred_handle, ++ gss_OID_set *actual_mechs, OM_uint32 *time_rec) + { + OM_uint32 major = GSS_S_FAILURE, tmpMinor; + OM_uint32 first_major = GSS_S_COMPLETE, first_minor = 0; +@@ -397,22 +368,12 @@ error: + + /* V2 KRB5_CALLCONV */ + OM_uint32 KRB5_CALLCONV +-gss_add_cred(minor_status, input_cred_handle, +- desired_name, desired_mech, cred_usage, +- initiator_time_req, acceptor_time_req, +- output_cred_handle, actual_mechs, +- initiator_time_rec, acceptor_time_rec) +- OM_uint32 *minor_status; +- gss_cred_id_t input_cred_handle; +- gss_name_t desired_name; +- gss_OID desired_mech; +- gss_cred_usage_t cred_usage; +- OM_uint32 initiator_time_req; +- OM_uint32 acceptor_time_req; +- gss_cred_id_t *output_cred_handle; +- gss_OID_set *actual_mechs; +- OM_uint32 *initiator_time_rec; +- OM_uint32 *acceptor_time_rec; ++gss_add_cred(OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, ++ gss_name_t desired_name, gss_OID desired_mech, ++ gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, ++ OM_uint32 acceptor_time_req, gss_cred_id_t *output_cred_handle, ++ gss_OID_set *actual_mechs, OM_uint32 *initiator_time_rec, ++ OM_uint32 *acceptor_time_rec) + { + return gss_add_cred_from(minor_status, input_cred_handle, desired_name, + desired_mech, cred_usage, initiator_time_req, +@@ -422,25 +383,13 @@ gss_add_cred(minor_status, input_cred_handle, + } + + OM_uint32 KRB5_CALLCONV +-gss_add_cred_from(minor_status, input_cred_handle, +- desired_name, desired_mech, +- cred_usage, +- initiator_time_req, acceptor_time_req, +- cred_store, +- output_cred_handle, actual_mechs, +- initiator_time_rec, acceptor_time_rec) +- OM_uint32 *minor_status; +- gss_cred_id_t input_cred_handle; +- gss_name_t desired_name; +- gss_OID desired_mech; +- gss_cred_usage_t cred_usage; +- OM_uint32 initiator_time_req; +- OM_uint32 acceptor_time_req; +- gss_const_key_value_set_t cred_store; +- gss_cred_id_t *output_cred_handle; +- gss_OID_set *actual_mechs; +- OM_uint32 *initiator_time_rec; +- OM_uint32 *acceptor_time_rec; ++gss_add_cred_from(OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, ++ gss_name_t desired_name, gss_OID desired_mech, ++ gss_cred_usage_t cred_usage, OM_uint32 initiator_time_req, ++ OM_uint32 acceptor_time_req, ++ gss_const_key_value_set_t cred_store, ++ gss_cred_id_t *output_cred_handle, gss_OID_set *actual_mechs, ++ OM_uint32 *initiator_time_rec, OM_uint32 *acceptor_time_rec) + { + OM_uint32 status, temp_minor_status; + OM_uint32 time_req, time_rec = 0, *time_recp = NULL; +diff --git a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c +index cc34acc2bf..86abf984dc 100644 +--- a/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c ++++ b/src/lib/gssapi/mechglue/g_acquire_cred_with_pw.c +@@ -98,26 +98,12 @@ val_acq_cred_pw_args( + + + OM_uint32 KRB5_CALLCONV +-gss_acquire_cred_with_password( +- minor_status, +- desired_name, +- password, +- time_req, +- desired_mechs, +- cred_usage, +- output_cred_handle, +- actual_mechs, +- time_rec) +- +-OM_uint32 * minor_status; +-const gss_name_t desired_name; +-const gss_buffer_t password; +-OM_uint32 time_req; +-const gss_OID_set desired_mechs; +-int cred_usage; +-gss_cred_id_t * output_cred_handle; +-gss_OID_set * actual_mechs; +-OM_uint32 * time_rec; ++gss_acquire_cred_with_password(OM_uint32 *minor_status, ++ const gss_name_t desired_name, ++ const gss_buffer_t password, OM_uint32 time_req, ++ const gss_OID_set desired_mechs, int cred_usage, ++ gss_cred_id_t *output_cred_handle, ++ gss_OID_set *actual_mechs, OM_uint32 *time_rec) + { + OM_uint32 major = GSS_S_FAILURE; + OM_uint32 initTimeOut, acceptTimeOut, outTime = GSS_C_INDEFINITE; +@@ -306,23 +292,19 @@ val_add_cred_pw_args( + + /* V2 KRB5_CALLCONV */ + OM_uint32 KRB5_CALLCONV +-gss_add_cred_with_password(minor_status, input_cred_handle, +- desired_name, desired_mech, password, cred_usage, +- initiator_time_req, acceptor_time_req, +- output_cred_handle, actual_mechs, +- initiator_time_rec, acceptor_time_rec) +- OM_uint32 *minor_status; +- const gss_cred_id_t input_cred_handle; +- const gss_name_t desired_name; +- const gss_OID desired_mech; +- const gss_buffer_t password; +- gss_cred_usage_t cred_usage; +- OM_uint32 initiator_time_req; +- OM_uint32 acceptor_time_req; +- gss_cred_id_t *output_cred_handle; +- gss_OID_set *actual_mechs; +- OM_uint32 *initiator_time_rec; +- OM_uint32 *acceptor_time_rec; ++gss_add_cred_with_password( ++ OM_uint32 *minor_status, ++ const gss_cred_id_t input_cred_handle, ++ const gss_name_t desired_name, ++ const gss_OID desired_mech, ++ const gss_buffer_t password, ++ gss_cred_usage_t cred_usage, ++ OM_uint32 initiator_time_req, ++ OM_uint32 acceptor_time_req, ++ gss_cred_id_t *output_cred_handle, ++ gss_OID_set *actual_mechs, ++ OM_uint32 *initiator_time_rec, ++ OM_uint32 *acceptor_time_rec) + { + OM_uint32 status, temp_minor_status; + OM_uint32 time_req, time_rec; +diff --git a/src/lib/gssapi/mechglue/g_canon_name.c b/src/lib/gssapi/mechglue/g_canon_name.c +index 61f657f91f..c5214db80a 100644 +--- a/src/lib/gssapi/mechglue/g_canon_name.c ++++ b/src/lib/gssapi/mechglue/g_canon_name.c +@@ -54,14 +54,8 @@ val_canon_name_args( + + + OM_uint32 KRB5_CALLCONV +-gss_canonicalize_name(minor_status, +- input_name, +- mech_type, +- output_name) +-OM_uint32 *minor_status; +-const gss_name_t input_name; +-const gss_OID mech_type; +-gss_name_t *output_name; ++gss_canonicalize_name(OM_uint32 *minor_status, const gss_name_t input_name, ++ const gss_OID mech_type, gss_name_t *output_name) + { + gss_union_name_t in_union, out_union = NULL, dest_union = NULL; + OM_uint32 major_status = GSS_S_FAILURE, tmpmin; +diff --git a/src/lib/gssapi/mechglue/g_compare_name.c b/src/lib/gssapi/mechglue/g_compare_name.c +index af2e76bbda..74a9529a35 100644 +--- a/src/lib/gssapi/mechglue/g_compare_name.c ++++ b/src/lib/gssapi/mechglue/g_compare_name.c +@@ -59,16 +59,8 @@ val_comp_name_args( + + + OM_uint32 KRB5_CALLCONV +-gss_compare_name (minor_status, +- name1, +- name2, +- name_equal) +- +-OM_uint32 * minor_status; +-gss_name_t name1; +-gss_name_t name2; +-int * name_equal; +- ++gss_compare_name(OM_uint32 * minor_status, gss_name_t name1, gss_name_t name2, ++ int * name_equal) + { + OM_uint32 major_status, temp_minor; + gss_union_name_t union_name1, union_name2; +diff --git a/src/lib/gssapi/mechglue/g_context_time.c b/src/lib/gssapi/mechglue/g_context_time.c +index c947e7646c..b11b32d6bb 100644 +--- a/src/lib/gssapi/mechglue/g_context_time.c ++++ b/src/lib/gssapi/mechglue/g_context_time.c +@@ -29,14 +29,8 @@ + #include "mglueP.h" + + OM_uint32 KRB5_CALLCONV +-gss_context_time (minor_status, +- context_handle, +- time_rec) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-OM_uint32 * time_rec; +- ++gss_context_time(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ OM_uint32 * time_rec) + { + OM_uint32 status; + gss_union_ctx_id_t ctx; +diff --git a/src/lib/gssapi/mechglue/g_delete_sec_context.c b/src/lib/gssapi/mechglue/g_delete_sec_context.c +index 574ff02944..dc86cce3d3 100644 +--- a/src/lib/gssapi/mechglue/g_delete_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_delete_sec_context.c +@@ -62,14 +62,8 @@ val_del_sec_ctx_args( + + + OM_uint32 KRB5_CALLCONV +-gss_delete_sec_context (minor_status, +- context_handle, +- output_token) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t * context_handle; +-gss_buffer_t output_token; +- ++gss_delete_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, ++ gss_buffer_t output_token) + { + OM_uint32 status; + gss_union_ctx_id_t ctx; +diff --git a/src/lib/gssapi/mechglue/g_dsp_name.c b/src/lib/gssapi/mechglue/g_dsp_name.c +index 21867c814e..fae64f712e 100644 +--- a/src/lib/gssapi/mechglue/g_dsp_name.c ++++ b/src/lib/gssapi/mechglue/g_dsp_name.c +@@ -70,16 +70,8 @@ val_dsp_name_args( + + + OM_uint32 KRB5_CALLCONV +-gss_display_name (minor_status, +- input_name, +- output_name_buffer, +- output_name_type) +- +-OM_uint32 * minor_status; +-gss_name_t input_name; +-gss_buffer_t output_name_buffer; +-gss_OID * output_name_type; +- ++gss_display_name(OM_uint32 *minor_status, gss_name_t input_name, ++ gss_buffer_t output_name_buffer, gss_OID *output_name_type) + { + OM_uint32 major_status; + gss_union_name_t union_name; +diff --git a/src/lib/gssapi/mechglue/g_dsp_status.c b/src/lib/gssapi/mechglue/g_dsp_status.c +index 70e8492636..14a7a8200c 100644 +--- a/src/lib/gssapi/mechglue/g_dsp_status.c ++++ b/src/lib/gssapi/mechglue/g_dsp_status.c +@@ -36,20 +36,9 @@ + static OM_uint32 displayMajor(OM_uint32, OM_uint32 *, gss_buffer_t); + + OM_uint32 KRB5_CALLCONV +-gss_display_status (minor_status, +- status_value, +- status_type, +- req_mech_type, +- message_context, +- status_string) +- +-OM_uint32 * minor_status; +-OM_uint32 status_value; +-int status_type; +-gss_OID req_mech_type; +-OM_uint32 * message_context; +-gss_buffer_t status_string; +- ++gss_display_status(OM_uint32 *minor_status, OM_uint32 status_value, ++ int status_type, gss_OID req_mech_type, ++ OM_uint32 *message_context, gss_buffer_t status_string) + { + gss_OID mech_type = (gss_OID) req_mech_type; + gss_mechanism mech; +@@ -147,10 +136,7 @@ gss_buffer_t status_string; + * >= 2 - the supplementary error code bit shifted by 1 + */ + static OM_uint32 +-displayMajor(status, msgCtxt, outStr) +-OM_uint32 status; +-OM_uint32 *msgCtxt; +-gss_buffer_t outStr; ++displayMajor(OM_uint32 status, OM_uint32 *msgCtxt, gss_buffer_t outStr) + { + OM_uint32 oneVal, mask = 0x1, currErr; + char *errStr = NULL; +diff --git a/src/lib/gssapi/mechglue/g_dup_name.c b/src/lib/gssapi/mechglue/g_dup_name.c +index ff01db27dc..bf6eb602ea 100644 +--- a/src/lib/gssapi/mechglue/g_dup_name.c ++++ b/src/lib/gssapi/mechglue/g_dup_name.c +@@ -51,12 +51,8 @@ val_dup_name_args( + + + OM_uint32 KRB5_CALLCONV +-gss_duplicate_name(minor_status, +- src_name, +- dest_name) +-OM_uint32 *minor_status; +-const gss_name_t src_name; +-gss_name_t *dest_name; ++gss_duplicate_name(OM_uint32 *minor_status, const gss_name_t src_name, ++ gss_name_t *dest_name) + { + gss_union_name_t src_union, dest_union; + OM_uint32 major_status = GSS_S_FAILURE; +diff --git a/src/lib/gssapi/mechglue/g_exp_sec_context.c b/src/lib/gssapi/mechglue/g_exp_sec_context.c +index a04afe3d1e..68a3267cf0 100644 +--- a/src/lib/gssapi/mechglue/g_exp_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_exp_sec_context.c +@@ -68,14 +68,8 @@ val_exp_sec_ctx_args( + + + OM_uint32 KRB5_CALLCONV +-gss_export_sec_context(minor_status, +- context_handle, +- interprocess_token) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t * context_handle; +-gss_buffer_t interprocess_token; +- ++gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, ++ gss_buffer_t interprocess_token) + { + OM_uint32 status; + OM_uint32 length; +diff --git a/src/lib/gssapi/mechglue/g_export_name.c b/src/lib/gssapi/mechglue/g_export_name.c +index c845f8caf7..2e0611d2d5 100644 +--- a/src/lib/gssapi/mechglue/g_export_name.c ++++ b/src/lib/gssapi/mechglue/g_export_name.c +@@ -20,12 +20,8 @@ + #include + + OM_uint32 KRB5_CALLCONV +-gss_export_name(minor_status, +- input_name, +- exported_name) +-OM_uint32 * minor_status; +-const gss_name_t input_name; +-gss_buffer_t exported_name; ++gss_export_name(OM_uint32 *minor_status, const gss_name_t input_name, ++ gss_buffer_t exported_name) + { + gss_union_name_t union_name; + +diff --git a/src/lib/gssapi/mechglue/g_glue.c b/src/lib/gssapi/mechglue/g_glue.c +index 176fbe63eb..47f499307a 100644 +--- a/src/lib/gssapi/mechglue/g_glue.c ++++ b/src/lib/gssapi/mechglue/g_glue.c +@@ -75,9 +75,8 @@ static gss_OID_desc gss_krb5_mechanism_oid_desc = + + #define NTLMSSP_SIGNATURE "NTLMSSP" + +-OM_uint32 gssint_get_mech_type(OID, token) +- gss_OID OID; +- gss_buffer_t token; ++OM_uint32 ++gssint_get_mech_type(gss_OID OID, gss_buffer_t token) + { + /* Check for interoperability exceptions */ + if (token->length >= sizeof(NTLMSSP_SIGNATURE) && +@@ -163,12 +162,10 @@ import_internal_attributes(OM_uint32 *minor, + * Internal routines to get and release an internal mechanism name + */ + +-OM_uint32 gssint_import_internal_name (minor_status, mech_type, union_name, +- internal_name) +-OM_uint32 *minor_status; +-gss_OID mech_type; +-gss_union_name_t union_name; +-gss_name_t *internal_name; ++OM_uint32 ++gssint_import_internal_name(OM_uint32 *minor_status, gss_OID mech_type, ++ gss_union_name_t union_name, ++ gss_name_t *internal_name) + { + OM_uint32 status, tmpMinor; + gss_mechanism mech; +@@ -220,12 +217,10 @@ gss_name_t *internal_name; + return (status); + } + +-OM_uint32 gssint_export_internal_name(minor_status, mech_type, +- internal_name, name_buf) +- OM_uint32 *minor_status; +- const gss_OID mech_type; +- const gss_name_t internal_name; +- gss_buffer_t name_buf; ++OM_uint32 ++gssint_export_internal_name(OM_uint32 *minor_status, const gss_OID mech_type, ++ const gss_name_t internal_name, ++ gss_buffer_t name_buf) + { + OM_uint32 status; + gss_mechanism mech; +@@ -307,13 +302,10 @@ OM_uint32 gssint_export_internal_name(minor_status, mech_type, + return (GSS_S_COMPLETE); + } /* gssint_export_internal_name */ + +-OM_uint32 gssint_display_internal_name (minor_status, mech_type, internal_name, +- external_name, name_type) +-OM_uint32 *minor_status; +-gss_OID mech_type; +-gss_name_t internal_name; +-gss_buffer_t external_name; +-gss_OID *name_type; ++OM_uint32 ++gssint_display_internal_name(OM_uint32 *minor_status, gss_OID mech_type, ++ gss_name_t internal_name, ++ gss_buffer_t external_name, gss_OID *name_type) + { + OM_uint32 status; + gss_mechanism mech; +@@ -337,10 +329,9 @@ gss_OID *name_type; + return (GSS_S_BAD_MECH); + } + +-OM_uint32 gssint_release_internal_name (minor_status, mech_type, internal_name) +-OM_uint32 *minor_status; +-gss_OID mech_type; +-gss_name_t *internal_name; ++OM_uint32 ++gssint_release_internal_name(OM_uint32 *minor_status, gss_OID mech_type, ++ gss_name_t *internal_name) + { + OM_uint32 status; + gss_mechanism mech; +@@ -362,14 +353,10 @@ gss_name_t *internal_name; + return (GSS_S_BAD_MECH); + } + +-OM_uint32 gssint_delete_internal_sec_context (minor_status, +- mech_type, +- internal_ctx, +- output_token) +-OM_uint32 *minor_status; +-gss_OID mech_type; +-gss_ctx_id_t *internal_ctx; +-gss_buffer_t output_token; ++OM_uint32 ++gssint_delete_internal_sec_context(OM_uint32 *minor_status, gss_OID mech_type, ++ gss_ctx_id_t *internal_ctx, ++ gss_buffer_t output_token) + { + OM_uint32 status; + gss_mechanism mech; +@@ -394,12 +381,10 @@ gss_buffer_t output_token; + * name. Note that internal_name should be considered "consumed" by + * this call, whether or not we return an error. + */ +-OM_uint32 gssint_convert_name_to_union_name(minor_status, mech, +- internal_name, external_name) +- OM_uint32 *minor_status; +- gss_mechanism mech; +- gss_name_t internal_name; +- gss_name_t *external_name; ++OM_uint32 ++gssint_convert_name_to_union_name(OM_uint32 *minor_status, gss_mechanism mech, ++ gss_name_t internal_name, ++ gss_name_t *external_name) + { + OM_uint32 major_status,tmp; + gss_union_name_t union_name; +@@ -473,9 +458,7 @@ allocation_failure: + * external union credential. + */ + gss_cred_id_t +-gssint_get_mechanism_cred(union_cred, mech_type) +- gss_union_cred_t union_cred; +- gss_OID mech_type; ++gssint_get_mechanism_cred(gss_union_cred_t union_cred, gss_OID mech_type) + { + int i; + +@@ -494,10 +477,8 @@ gssint_get_mechanism_cred(union_cred, mech_type) + * Both space for the structure and the data is allocated. + */ + OM_uint32 +-gssint_create_copy_buffer(srcBuf, destBuf, addNullChar) +- const gss_buffer_t srcBuf; +- gss_buffer_t *destBuf; +- int addNullChar; ++gssint_create_copy_buffer(const gss_buffer_t srcBuf, gss_buffer_t *destBuf, ++ int addNullChar) + { + gss_buffer_t aBuf; + unsigned int len; +diff --git a/src/lib/gssapi/mechglue/g_imp_name.c b/src/lib/gssapi/mechglue/g_imp_name.c +index a805078a81..65fa6c0fb3 100644 +--- a/src/lib/gssapi/mechglue/g_imp_name.c ++++ b/src/lib/gssapi/mechglue/g_imp_name.c +@@ -81,16 +81,8 @@ val_imp_name_args( + static gss_buffer_desc emptyNameBuffer; + + OM_uint32 KRB5_CALLCONV +-gss_import_name(minor_status, +- input_name_buffer, +- input_name_type, +- output_name) +- +-OM_uint32 * minor_status; +-gss_buffer_t input_name_buffer; +-gss_OID input_name_type; +-gss_name_t * output_name; +- ++gss_import_name(OM_uint32 * minor_status, gss_buffer_t input_name_buffer, ++ gss_OID input_name_type, gss_name_t * output_name) + { + gss_union_name_t union_name; + OM_uint32 tmp, major_status = GSS_S_FAILURE; +@@ -183,10 +175,8 @@ allocation_failure: + } + + static OM_uint32 +-importExportName(minor, unionName, inputNameType) +- OM_uint32 *minor; +- gss_union_name_t unionName; +- gss_OID inputNameType; ++importExportName(OM_uint32 *minor, gss_union_name_t unionName, ++ gss_OID inputNameType) + { + gss_OID_desc mechOid; + gss_buffer_desc expName; +diff --git a/src/lib/gssapi/mechglue/g_imp_sec_context.c b/src/lib/gssapi/mechglue/g_imp_sec_context.c +index 6315201a5f..55a3136df1 100644 +--- a/src/lib/gssapi/mechglue/g_imp_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_imp_sec_context.c +@@ -69,14 +69,9 @@ val_imp_sec_ctx_args( + + + OM_uint32 KRB5_CALLCONV +-gss_import_sec_context(minor_status, +- interprocess_token, +- context_handle) +- +-OM_uint32 * minor_status; +-gss_buffer_t interprocess_token; +-gss_ctx_id_t * context_handle; +- ++gss_import_sec_context(OM_uint32 *minor_status, ++ gss_buffer_t interprocess_token, ++ gss_ctx_id_t *context_handle) + { + OM_uint32 length = 0; + OM_uint32 status; +diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c +index a58074c007..d639a8de3b 100644 +--- a/src/lib/gssapi/mechglue/g_init_sec_context.c ++++ b/src/lib/gssapi/mechglue/g_init_sec_context.c +@@ -88,34 +88,15 @@ val_init_sec_ctx_args( + + + OM_uint32 KRB5_CALLCONV +-gss_init_sec_context (minor_status, +- claimant_cred_handle, +- context_handle, +- target_name, +- req_mech_type, +- req_flags, +- time_req, +- input_chan_bindings, +- input_token, +- actual_mech_type, +- output_token, +- ret_flags, +- time_rec) +- +-OM_uint32 * minor_status; +-gss_cred_id_t claimant_cred_handle; +-gss_ctx_id_t * context_handle; +-gss_name_t target_name; +-gss_OID req_mech_type; +-OM_uint32 req_flags; +-OM_uint32 time_req; +-gss_channel_bindings_t input_chan_bindings; +-gss_buffer_t input_token; +-gss_OID * actual_mech_type; +-gss_buffer_t output_token; +-OM_uint32 * ret_flags; +-OM_uint32 * time_rec; +- ++gss_init_sec_context(OM_uint32 *minor_status, ++ gss_cred_id_t claimant_cred_handle, ++ gss_ctx_id_t *context_handle, gss_name_t target_name, ++ gss_OID req_mech_type, OM_uint32 req_flags, ++ OM_uint32 time_req, ++ gss_channel_bindings_t input_chan_bindings, ++ gss_buffer_t input_token, gss_OID *actual_mech_type, ++ gss_buffer_t output_token, OM_uint32 *ret_flags, ++ OM_uint32 *time_rec) + { + OM_uint32 status, temp_minor_status; + gss_union_name_t union_name; +diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c +index 22f6c615c1..7e36c4a0d0 100644 +--- a/src/lib/gssapi/mechglue/g_initialize.c ++++ b/src/lib/gssapi/mechglue/g_initialize.c +@@ -169,9 +169,7 @@ gssint_mechglue_initialize_library(void) + * This routine requires direct access to the mechList. + */ + OM_uint32 KRB5_CALLCONV +-gss_release_oid(minor_status, oid) +-OM_uint32 *minor_status; +-gss_OID *oid; ++gss_release_oid(OM_uint32 *minor_status, gss_OID *oid) + { + OM_uint32 major; + gss_mech_info aMech; +@@ -267,9 +265,7 @@ prune_deprecated(gss_OID_set mech_set) + * a mech oid set, and only update it once the file has changed. + */ + OM_uint32 KRB5_CALLCONV +-gss_indicate_mechs(minorStatus, mechSet_out) +-OM_uint32 *minorStatus; +-gss_OID_set *mechSet_out; ++gss_indicate_mechs(OM_uint32 *minorStatus, gss_OID_set *mechSet_out) + { + OM_uint32 status; + +@@ -417,8 +413,7 @@ build_mechSet(void) + * caller is responsible for freeing the memory + */ + char * +-gssint_get_modOptions(oid) +-const gss_OID oid; ++gssint_get_modOptions(const gss_OID oid) + { + gss_mech_info aMech; + char *modOptions = NULL; +@@ -479,7 +474,7 @@ load_if_changed(const char *pathname, time_t last, time_t *highest) + /* Try to load any config files which have changed since the last call. Config + * files are MECH_CONF and any files matching MECH_CONF_PATTERN. */ + static void +-loadConfigFiles() ++loadConfigFiles(void) + { + glob_t globbuf; + time_t highest = (time_t)-1, now; +@@ -679,7 +674,8 @@ gssint_register_mechinfo(gss_mech_info template) + memset(&errinfo, 0, sizeof(errinfo)); \ + if (krb5int_get_plugin_func(_dl, \ + #_symbol, \ +- (void (**)())&(_mech)->_symbol, \ ++ (void (**)(void)) \ ++ &(_mech)->_symbol, \ + &errinfo) || errinfo.code) { \ + (_mech)->_symbol = NULL; \ + k5_clear_error(&errinfo); \ +@@ -801,7 +797,7 @@ build_dynamicMech(void *dl, const gss_OID mech_type) + memset(&errinfo, 0, sizeof(errinfo)); \ + if (krb5int_get_plugin_func(_dl, \ + "gssi" #_nsym, \ +- (void (**)())&(_mech)->_psym \ ++ (void (**)(void))&(_mech)->_psym \ + ## _nsym, \ + &errinfo) || errinfo.code) { \ + (_mech)->_psym ## _nsym = NULL; \ +@@ -948,7 +944,7 @@ loadInterMech(gss_mech_info minfo) + } + + if (krb5int_get_plugin_func(dl, MECH_INTERPOSER_SYM, +- (void (**)())&isym, &errinfo) != 0) ++ (void (**)(void))&isym, &errinfo) != 0) + goto cleanup; + + /* Get a list of mechs to interpose. */ +@@ -1184,7 +1180,7 @@ gssint_get_mechanism(gss_const_OID oid) + return ((gss_mechanism)NULL); + } + +- if (krb5int_get_plugin_func(dl, MECH_SYM, (void (**)())&sym, ++ if (krb5int_get_plugin_func(dl, MECH_SYM, (void (**)(void))&sym, + &errinfo) == 0) { + /* Call the symbol to get the mechanism table */ + aMech->mech = (*sym)(aMech->mech_type); +diff --git a/src/lib/gssapi/mechglue/g_inq_cred.c b/src/lib/gssapi/mechglue/g_inq_cred.c +index 4ed7774f1a..0aa9acc889 100644 +--- a/src/lib/gssapi/mechglue/g_inq_cred.c ++++ b/src/lib/gssapi/mechglue/g_inq_cred.c +@@ -35,20 +35,9 @@ + #include + + OM_uint32 KRB5_CALLCONV +-gss_inquire_cred(minor_status, +- cred_handle, +- name, +- lifetime, +- cred_usage, +- mechanisms) +- +-OM_uint32 * minor_status; +-gss_cred_id_t cred_handle; +-gss_name_t * name; +-OM_uint32 * lifetime; +-int * cred_usage; +-gss_OID_set * mechanisms; +- ++gss_inquire_cred(OM_uint32 *minor_status, gss_cred_id_t cred_handle, ++ gss_name_t *name, OM_uint32 *lifetime, int *cred_usage, ++ gss_OID_set *mechanisms) + { + OM_uint32 status, temp_minor_status; + gss_union_cred_t union_cred; +@@ -159,15 +148,11 @@ error: + } + + OM_uint32 KRB5_CALLCONV +-gss_inquire_cred_by_mech(minor_status, cred_handle, mech_type, name, +- initiator_lifetime, acceptor_lifetime, cred_usage) +- OM_uint32 *minor_status; +- gss_cred_id_t cred_handle; +- gss_OID mech_type; +- gss_name_t *name; +- OM_uint32 *initiator_lifetime; +- OM_uint32 *acceptor_lifetime; +- gss_cred_usage_t *cred_usage; ++gss_inquire_cred_by_mech(OM_uint32 *minor_status, gss_cred_id_t cred_handle, ++ gss_OID mech_type, gss_name_t *name, ++ OM_uint32 *initiator_lifetime, ++ OM_uint32 *acceptor_lifetime, ++ gss_cred_usage_t *cred_usage) + { + gss_union_cred_t union_cred; + gss_cred_id_t mech_cred; +diff --git a/src/lib/gssapi/mechglue/g_inq_names.c b/src/lib/gssapi/mechglue/g_inq_names.c +index d22af8bcf9..066c00c042 100644 +--- a/src/lib/gssapi/mechglue/g_inq_names.c ++++ b/src/lib/gssapi/mechglue/g_inq_names.c +@@ -32,12 +32,8 @@ + + /* Last argument new for V2 */ + OM_uint32 KRB5_CALLCONV +-gss_inquire_names_for_mech(minor_status, mechanism, name_types) +- +-OM_uint32 * minor_status; +-gss_OID mechanism; +-gss_OID_set * name_types; +- ++gss_inquire_names_for_mech(OM_uint32 *minor_status, gss_OID mechanism, ++ gss_OID_set *name_types) + { + OM_uint32 status; + gss_OID selected_mech = GSS_C_NO_OID, public_mech; +diff --git a/src/lib/gssapi/mechglue/g_mechname.c b/src/lib/gssapi/mechglue/g_mechname.c +index cfb0a0d2af..5664fa157e 100644 +--- a/src/lib/gssapi/mechglue/g_mechname.c ++++ b/src/lib/gssapi/mechglue/g_mechname.c +@@ -20,8 +20,8 @@ static gss_mech_spec_name name_list = NULL; + /* + * generic searching helper function. + */ +-static gss_mech_spec_name search_mech_spec(name_type) +- gss_OID name_type; ++static gss_mech_spec_name ++search_mech_spec(gss_OID name_type) + { + gss_mech_spec_name p; + +@@ -36,8 +36,8 @@ static gss_mech_spec_name search_mech_spec(name_type) + * Given a name_type, if it is specific to a mechanism, return the + * mechanism OID. Otherwise, return NULL. + */ +-gss_OID gss_find_mechanism_from_name_type(name_type) +- gss_OID name_type; ++gss_OID ++gss_find_mechanism_from_name_type(gss_OID name_type) + { + gss_mech_spec_name p; + +@@ -54,10 +54,8 @@ gss_OID gss_find_mechanism_from_name_type(name_type) + * Otherwise, enter the pair into the registry. + */ + OM_uint32 +-gss_add_mech_name_type(minor_status, name_type, mech) +- OM_uint32 *minor_status; +- gss_OID name_type; +- gss_OID mech; ++gss_add_mech_name_type(OM_uint32 *minor_status, gss_OID name_type, ++ gss_OID mech) + { + OM_uint32 major_status, tmp; + gss_mech_spec_name p; +diff --git a/src/lib/gssapi/mechglue/g_oid_ops.c b/src/lib/gssapi/mechglue/g_oid_ops.c +index 1d7970c5dd..f29fb3b33e 100644 +--- a/src/lib/gssapi/mechglue/g_oid_ops.c ++++ b/src/lib/gssapi/mechglue/g_oid_ops.c +@@ -33,9 +33,7 @@ + */ + + OM_uint32 KRB5_CALLCONV +-gss_create_empty_oid_set(minor_status, oid_set) +- OM_uint32 *minor_status; +- gss_OID_set *oid_set; ++gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set) + { + OM_uint32 status; + status = generic_gss_create_empty_oid_set(minor_status, oid_set); +@@ -45,10 +43,8 @@ gss_create_empty_oid_set(minor_status, oid_set) + } + + OM_uint32 KRB5_CALLCONV +-gss_add_oid_set_member(minor_status, member_oid, oid_set) +- OM_uint32 *minor_status; +- gss_OID member_oid; +- gss_OID_set *oid_set; ++gss_add_oid_set_member(OM_uint32 *minor_status, gss_OID member_oid, ++ gss_OID_set *oid_set) + { + OM_uint32 status; + status = generic_gss_add_oid_set_member(minor_status, member_oid, oid_set); +@@ -58,20 +54,14 @@ gss_add_oid_set_member(minor_status, member_oid, oid_set) + } + + OM_uint32 KRB5_CALLCONV +-gss_test_oid_set_member(minor_status, member, set, present) +- OM_uint32 *minor_status; +- gss_OID member; +- gss_OID_set set; +- int *present; ++gss_test_oid_set_member(OM_uint32 *minor_status, gss_OID member, ++ gss_OID_set set, int *present) + { + return generic_gss_test_oid_set_member(minor_status, member, set, present); + } + + OM_uint32 KRB5_CALLCONV +-gss_oid_to_str(minor_status, oid, oid_str) +- OM_uint32 *minor_status; +- gss_OID oid; +- gss_buffer_t oid_str; ++gss_oid_to_str(OM_uint32 *minor_status, gss_OID oid, gss_buffer_t oid_str) + { + OM_uint32 status = generic_gss_oid_to_str(minor_status, oid, oid_str); + if (status != GSS_S_COMPLETE) +@@ -80,10 +70,7 @@ gss_oid_to_str(minor_status, oid, oid_str) + } + + OM_uint32 KRB5_CALLCONV +-gss_str_to_oid(minor_status, oid_str, oid) +- OM_uint32 *minor_status; +- gss_buffer_t oid_str; +- gss_OID *oid; ++gss_str_to_oid(OM_uint32 *minor_status, gss_buffer_t oid_str, gss_OID *oid) + { + OM_uint32 status = generic_gss_str_to_oid(minor_status, oid_str, oid); + if (status != GSS_S_COMPLETE) +diff --git a/src/lib/gssapi/mechglue/g_process_context.c b/src/lib/gssapi/mechglue/g_process_context.c +index 3968b5d9c6..2b3f6c704d 100644 +--- a/src/lib/gssapi/mechglue/g_process_context.c ++++ b/src/lib/gssapi/mechglue/g_process_context.c +@@ -29,14 +29,8 @@ + #include "mglueP.h" + + OM_uint32 KRB5_CALLCONV +-gss_process_context_token (minor_status, +- context_handle, +- token_buffer) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t token_buffer; +- ++gss_process_context_token(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t token_buffer) + { + OM_uint32 status; + gss_union_ctx_id_t ctx; +diff --git a/src/lib/gssapi/mechglue/g_rel_buffer.c b/src/lib/gssapi/mechglue/g_rel_buffer.c +index 8c3328acc5..60117bdb56 100644 +--- a/src/lib/gssapi/mechglue/g_rel_buffer.c ++++ b/src/lib/gssapi/mechglue/g_rel_buffer.c +@@ -33,11 +33,7 @@ + #endif + + OM_uint32 KRB5_CALLCONV +-gss_release_buffer (minor_status, +- buffer) +- +-OM_uint32 * minor_status; +-gss_buffer_t buffer; ++gss_release_buffer(OM_uint32 *minor_status, gss_buffer_t buffer) + { + if (minor_status) + *minor_status = 0; +diff --git a/src/lib/gssapi/mechglue/g_rel_cred.c b/src/lib/gssapi/mechglue/g_rel_cred.c +index ccdee05a56..ee3d1d71e3 100644 +--- a/src/lib/gssapi/mechglue/g_rel_cred.c ++++ b/src/lib/gssapi/mechglue/g_rel_cred.c +@@ -31,12 +31,7 @@ + #endif + + OM_uint32 KRB5_CALLCONV +-gss_release_cred(minor_status, +- cred_handle) +- +-OM_uint32 * minor_status; +-gss_cred_id_t * cred_handle; +- ++gss_release_cred(OM_uint32 *minor_status, gss_cred_id_t *cred_handle) + { + OM_uint32 status, temp_status; + int j; +diff --git a/src/lib/gssapi/mechglue/g_rel_name.c b/src/lib/gssapi/mechglue/g_rel_name.c +index e008692383..d490f9f290 100644 +--- a/src/lib/gssapi/mechglue/g_rel_name.c ++++ b/src/lib/gssapi/mechglue/g_rel_name.c +@@ -34,12 +34,7 @@ + #include + + OM_uint32 KRB5_CALLCONV +-gss_release_name (minor_status, +- input_name) +- +-OM_uint32 * minor_status; +-gss_name_t * input_name; +- ++gss_release_name(OM_uint32 *minor_status, gss_name_t *input_name) + { + gss_union_name_t union_name; + +diff --git a/src/lib/gssapi/mechglue/g_rel_oid_set.c b/src/lib/gssapi/mechglue/g_rel_oid_set.c +index fa008d6bb9..9151dd2e71 100644 +--- a/src/lib/gssapi/mechglue/g_rel_oid_set.c ++++ b/src/lib/gssapi/mechglue/g_rel_oid_set.c +@@ -33,11 +33,7 @@ + #endif + + OM_uint32 KRB5_CALLCONV +-gss_release_oid_set (minor_status, +- set) +- +-OM_uint32 * minor_status; +-gss_OID_set * set; ++gss_release_oid_set(OM_uint32 *minor_status, gss_OID_set *set) + { + return generic_gss_release_oid_set(minor_status, set); + } +diff --git a/src/lib/gssapi/mechglue/g_sign.c b/src/lib/gssapi/mechglue/g_sign.c +index 03fbd8c01f..c9af1da570 100644 +--- a/src/lib/gssapi/mechglue/g_sign.c ++++ b/src/lib/gssapi/mechglue/g_sign.c +@@ -66,18 +66,9 @@ val_get_mic_args( + + + OM_uint32 KRB5_CALLCONV +-gss_get_mic (minor_status, +- context_handle, +- qop_req, +- message_buffer, +- msg_token) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_qop_t qop_req; +-gss_buffer_t message_buffer; +-gss_buffer_t msg_token; +- ++gss_get_mic(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_qop_t qop_req, gss_buffer_t message_buffer, ++ gss_buffer_t msg_token) + { + OM_uint32 status; + gss_union_ctx_id_t ctx; +@@ -118,18 +109,8 @@ gss_buffer_t msg_token; + } + + OM_uint32 KRB5_CALLCONV +-gss_sign (minor_status, +- context_handle, +- qop_req, +- message_buffer, +- msg_token) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-int qop_req; +-gss_buffer_t message_buffer; +-gss_buffer_t msg_token; +- ++gss_sign(OM_uint32 *minor_status, gss_ctx_id_t context_handle, int qop_req, ++ gss_buffer_t message_buffer, gss_buffer_t msg_token) + { + return (gss_get_mic(minor_status, context_handle, (gss_qop_t) qop_req, + message_buffer, msg_token)); +diff --git a/src/lib/gssapi/mechglue/g_store_cred.c b/src/lib/gssapi/mechglue/g_store_cred.c +index c2b6ddf3c0..231b3e81a0 100644 +--- a/src/lib/gssapi/mechglue/g_store_cred.c ++++ b/src/lib/gssapi/mechglue/g_store_cred.c +@@ -93,24 +93,10 @@ val_store_cred_args( + + + OM_uint32 KRB5_CALLCONV +-gss_store_cred(minor_status, +- input_cred_handle, +- cred_usage, +- desired_mech, +- overwrite_cred, +- default_cred, +- elements_stored, +- cred_usage_stored) +- +-OM_uint32 *minor_status; +-gss_cred_id_t input_cred_handle; +-gss_cred_usage_t cred_usage; +-const gss_OID desired_mech; +-OM_uint32 overwrite_cred; +-OM_uint32 default_cred; +-gss_OID_set *elements_stored; +-gss_cred_usage_t *cred_usage_stored; +- ++gss_store_cred(OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, ++ gss_cred_usage_t cred_usage, const gss_OID desired_mech, ++ OM_uint32 overwrite_cred, OM_uint32 default_cred, ++ gss_OID_set *elements_stored, gss_cred_usage_t *cred_usage_stored) + { + return gss_store_cred_into(minor_status, input_cred_handle, cred_usage, + desired_mech, overwrite_cred, default_cred, +@@ -119,26 +105,12 @@ gss_cred_usage_t *cred_usage_stored; + } + + OM_uint32 KRB5_CALLCONV +-gss_store_cred_into(minor_status, +- input_cred_handle, +- cred_usage, +- desired_mech, +- overwrite_cred, +- default_cred, +- cred_store, +- elements_stored, +- cred_usage_stored) +- +-OM_uint32 *minor_status; +-gss_cred_id_t input_cred_handle; +-gss_cred_usage_t cred_usage; +-gss_OID desired_mech; +-OM_uint32 overwrite_cred; +-OM_uint32 default_cred; +-gss_const_key_value_set_t cred_store; +-gss_OID_set *elements_stored; +-gss_cred_usage_t *cred_usage_stored; +- ++gss_store_cred_into(OM_uint32 *minor_status, gss_cred_id_t input_cred_handle, ++ gss_cred_usage_t cred_usage, gss_OID desired_mech, ++ OM_uint32 overwrite_cred, OM_uint32 default_cred, ++ gss_const_key_value_set_t cred_store, ++ gss_OID_set *elements_stored, ++ gss_cred_usage_t *cred_usage_stored) + { + OM_uint32 major_status = GSS_S_FAILURE; + gss_union_cred_t union_cred; +diff --git a/src/lib/gssapi/mechglue/g_unseal.c b/src/lib/gssapi/mechglue/g_unseal.c +index c208635b67..2be3745d1f 100644 +--- a/src/lib/gssapi/mechglue/g_unseal.c ++++ b/src/lib/gssapi/mechglue/g_unseal.c +@@ -29,20 +29,10 @@ + #include "mglueP.h" + + OM_uint32 KRB5_CALLCONV +-gss_unwrap (minor_status, +- context_handle, +- input_message_buffer, +- output_message_buffer, +- conf_state, +- qop_state) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t input_message_buffer; +-gss_buffer_t output_message_buffer; +-int * conf_state; +-gss_qop_t * qop_state; +- ++gss_unwrap(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t input_message_buffer, ++ gss_buffer_t output_message_buffer, ++ int *conf_state, gss_qop_t *qop_state) + { + /* EXPORT DELETE START */ + OM_uint32 status; +@@ -111,20 +101,9 @@ gss_qop_t * qop_state; + } + + OM_uint32 KRB5_CALLCONV +-gss_unseal (minor_status, +- context_handle, +- input_message_buffer, +- output_message_buffer, +- conf_state, +- qop_state) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t input_message_buffer; +-gss_buffer_t output_message_buffer; +-int * conf_state; +-int * qop_state; +- ++gss_unseal(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t input_message_buffer, ++ gss_buffer_t output_message_buffer, int *conf_state, int *qop_state) + { + return (gss_unwrap(minor_status, context_handle, + input_message_buffer, +diff --git a/src/lib/gssapi/mechglue/g_unwrap_aead.c b/src/lib/gssapi/mechglue/g_unwrap_aead.c +index 0682bd8998..5c9ff30031 100644 +--- a/src/lib/gssapi/mechglue/g_unwrap_aead.c ++++ b/src/lib/gssapi/mechglue/g_unwrap_aead.c +@@ -154,20 +154,11 @@ gssint_unwrap_aead (gss_mechanism mech, + } + + OM_uint32 KRB5_CALLCONV +-gss_unwrap_aead (minor_status, +- context_handle, +- input_message_buffer, +- input_assoc_buffer, +- output_payload_buffer, +- conf_state, +- qop_state) +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t input_message_buffer; +-gss_buffer_t input_assoc_buffer; +-gss_buffer_t output_payload_buffer; +-int *conf_state; +-gss_qop_t *qop_state; ++gss_unwrap_aead(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t input_message_buffer, ++ gss_buffer_t input_assoc_buffer, ++ gss_buffer_t output_payload_buffer, ++ int *conf_state, gss_qop_t *qop_state) + { + + OM_uint32 status; +diff --git a/src/lib/gssapi/mechglue/g_unwrap_iov.c b/src/lib/gssapi/mechglue/g_unwrap_iov.c +index 599be2c7b2..bf9c3bcc33 100644 +--- a/src/lib/gssapi/mechglue/g_unwrap_iov.c ++++ b/src/lib/gssapi/mechglue/g_unwrap_iov.c +@@ -59,18 +59,9 @@ val_unwrap_iov_args( + + + OM_uint32 KRB5_CALLCONV +-gss_unwrap_iov (minor_status, +- context_handle, +- conf_state, +- qop_state, +- iov, +- iov_count) +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-int * conf_state; +-gss_qop_t *qop_state; +-gss_iov_buffer_desc * iov; +-int iov_count; ++gss_unwrap_iov(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ int *conf_state, gss_qop_t *qop_state, ++ gss_iov_buffer_desc *iov, int iov_count) + { + /* EXPORT DELETE START */ + +diff --git a/src/lib/gssapi/mechglue/g_verify.c b/src/lib/gssapi/mechglue/g_verify.c +index 8996fce8d5..86ade66877 100644 +--- a/src/lib/gssapi/mechglue/g_verify.c ++++ b/src/lib/gssapi/mechglue/g_verify.c +@@ -29,18 +29,9 @@ + #include "mglueP.h" + + OM_uint32 KRB5_CALLCONV +-gss_verify_mic (minor_status, +- context_handle, +- message_buffer, +- token_buffer, +- qop_state) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t message_buffer; +-gss_buffer_t token_buffer; +-gss_qop_t * qop_state; +- ++gss_verify_mic(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t message_buffer, gss_buffer_t token_buffer, ++ gss_qop_t *qop_state) + { + OM_uint32 status; + gss_union_ctx_id_t ctx; +@@ -89,18 +80,9 @@ gss_qop_t * qop_state; + } + + OM_uint32 KRB5_CALLCONV +-gss_verify (minor_status, +- context_handle, +- message_buffer, +- token_buffer, +- qop_state) +- +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-gss_buffer_t message_buffer; +-gss_buffer_t token_buffer; +-int * qop_state; +- ++gss_verify(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ gss_buffer_t message_buffer, gss_buffer_t token_buffer, ++ int *qop_state) + { + return (gss_verify_mic(minor_status, context_handle, + message_buffer, token_buffer, +diff --git a/src/lib/gssapi/mechglue/g_wrap_aead.c b/src/lib/gssapi/mechglue/g_wrap_aead.c +index 7fe3b7b35b..5a6570f7f9 100644 +--- a/src/lib/gssapi/mechglue/g_wrap_aead.c ++++ b/src/lib/gssapi/mechglue/g_wrap_aead.c +@@ -177,15 +177,11 @@ gssint_wrap_aead_iov_shim(gss_mechanism mech, + } + + OM_uint32 +-gssint_wrap_aead (gss_mechanism mech, +- OM_uint32 *minor_status, +- gss_union_ctx_id_t ctx, +- int conf_req_flag, +- gss_qop_t qop_req, +- gss_buffer_t input_assoc_buffer, +- gss_buffer_t input_payload_buffer, +- int *conf_state, +- gss_buffer_t output_message_buffer) ++gssint_wrap_aead(gss_mechanism mech, OM_uint32 *minor_status, ++ gss_union_ctx_id_t ctx, int conf_req_flag, gss_qop_t qop_req, ++ gss_buffer_t input_assoc_buffer, ++ gss_buffer_t input_payload_buffer, ++ int *conf_state, gss_buffer_t output_message_buffer) + { + /* EXPORT DELETE START */ + OM_uint32 status; +@@ -223,22 +219,15 @@ gssint_wrap_aead (gss_mechanism mech, + } + + OM_uint32 KRB5_CALLCONV +-gss_wrap_aead (minor_status, +- context_handle, +- conf_req_flag, +- qop_req, +- input_assoc_buffer, +- input_payload_buffer, +- conf_state, +- output_message_buffer) +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-int conf_req_flag; +-gss_qop_t qop_req; +-gss_buffer_t input_assoc_buffer; +-gss_buffer_t input_payload_buffer; +-int * conf_state; +-gss_buffer_t output_message_buffer; ++gss_wrap_aead ( ++ OM_uint32 * minor_status, ++ gss_ctx_id_t context_handle, ++ int conf_req_flag, ++ gss_qop_t qop_req, ++ gss_buffer_t input_assoc_buffer, ++ gss_buffer_t input_payload_buffer, ++ int * conf_state, ++ gss_buffer_t output_message_buffer) + { + OM_uint32 status; + gss_mechanism mech; +diff --git a/src/lib/gssapi/mechglue/g_wrap_iov.c b/src/lib/gssapi/mechglue/g_wrap_iov.c +index 14447c4ee1..aaf3a9308e 100644 +--- a/src/lib/gssapi/mechglue/g_wrap_iov.c ++++ b/src/lib/gssapi/mechglue/g_wrap_iov.c +@@ -60,20 +60,9 @@ val_wrap_iov_args( + + + OM_uint32 KRB5_CALLCONV +-gss_wrap_iov (minor_status, +- context_handle, +- conf_req_flag, +- qop_req, +- conf_state, +- iov, +- iov_count) +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-int conf_req_flag; +-gss_qop_t qop_req; +-int * conf_state; +-gss_iov_buffer_desc * iov; +-int iov_count; ++gss_wrap_iov(OM_uint32 * minor_status, gss_ctx_id_t context_handle, ++ int conf_req_flag, gss_qop_t qop_req, int *conf_state, ++ gss_iov_buffer_desc *iov, int iov_count) + { + /* EXPORT DELETE START */ + +@@ -120,20 +109,10 @@ int iov_count; + } + + OM_uint32 KRB5_CALLCONV +-gss_wrap_iov_length (minor_status, +- context_handle, +- conf_req_flag, +- qop_req, +- conf_state, +- iov, +- iov_count) +-OM_uint32 * minor_status; +-gss_ctx_id_t context_handle; +-int conf_req_flag; +-gss_qop_t qop_req; +-int * conf_state; +-gss_iov_buffer_desc * iov; +-int iov_count; ++gss_wrap_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle, ++ int conf_req_flag, gss_qop_t qop_req, ++ int *conf_state, gss_iov_buffer_desc *iov, ++ int iov_count) + { + /* EXPORT DELETE START */ + +@@ -239,12 +218,8 @@ gss_get_mic_iov_length(OM_uint32 *minor_status, gss_ctx_id_t context_handle, + } + + OM_uint32 KRB5_CALLCONV +-gss_release_iov_buffer (minor_status, +- iov, +- iov_count) +-OM_uint32 * minor_status; +-gss_iov_buffer_desc * iov; +-int iov_count; ++gss_release_iov_buffer(OM_uint32 * minor_status, gss_iov_buffer_desc *iov, ++ int iov_count) + { + OM_uint32 status = GSS_S_COMPLETE; + int i; +diff --git a/src/lib/kadm5/clnt/client_rpc.c b/src/lib/kadm5/clnt/client_rpc.c +index d84d158b46..c8d844e4c7 100644 +--- a/src/lib/kadm5/clnt/client_rpc.c ++++ b/src/lib/kadm5/clnt/client_rpc.c +@@ -1,6 +1,7 @@ + /* -*- mode: c; c-file-style: "bsd"; indent-tabs-mode: t -*- */ + #include + #include ++#include + #include + #include + #include /* for memset prototype */ +diff --git a/src/lib/kadm5/kadm_rpc.h b/src/lib/kadm5/kadm_rpc.h +index 5099c6c145..9efe49a373 100644 +--- a/src/lib/kadm5/kadm_rpc.h ++++ b/src/lib/kadm5/kadm_rpc.h +@@ -360,49 +360,4 @@ extern enum clnt_stat get_principal_keys_2(getpkeys_arg *, getpkeys_ret *, + CLIENT *); + extern bool_t get_principal_keys_2_svc(getpkeys_arg *, getpkeys_ret *, + struct svc_req *); +- +-extern bool_t xdr_cprinc_arg (); +-extern bool_t xdr_cprinc3_arg (); +-extern bool_t xdr_generic_ret (); +-extern bool_t xdr_dprinc_arg (); +-extern bool_t xdr_mprinc_arg (); +-extern bool_t xdr_rprinc_arg (); +-extern bool_t xdr_gprincs_arg (); +-extern bool_t xdr_gprincs_ret (); +-extern bool_t xdr_chpass_arg (); +-extern bool_t xdr_chpass3_arg (); +-extern bool_t xdr_setkey_arg (); +-extern bool_t xdr_setkey3_arg (); +-extern bool_t xdr_setkey4_arg (); +-extern bool_t xdr_chrand_arg (); +-extern bool_t xdr_chrand3_arg (); +-extern bool_t xdr_chrand_ret (); +-extern bool_t xdr_gprinc_arg (); +-extern bool_t xdr_gprinc_ret (); +-extern bool_t xdr_kadm5_ret_t (); +-extern bool_t xdr_kadm5_principal_ent_rec (); +-extern bool_t xdr_kadm5_policy_ent_rec (); +-extern bool_t xdr_krb5_keyblock (); +-extern bool_t xdr_krb5_principal (); +-extern bool_t xdr_krb5_enctype (); +-extern bool_t xdr_krb5_octet (); +-extern bool_t xdr_krb5_int32 (); +-extern bool_t xdr_u_int32 (); +-extern bool_t xdr_cpol_arg (); +-extern bool_t xdr_dpol_arg (); +-extern bool_t xdr_mpol_arg (); +-extern bool_t xdr_gpol_arg (); +-extern bool_t xdr_gpol_ret (); +-extern bool_t xdr_gpols_arg (); +-extern bool_t xdr_gpols_ret (); +-extern bool_t xdr_getprivs_ret (); +-extern bool_t xdr_purgekeys_arg (); +-extern bool_t xdr_gstrings_arg (); +-extern bool_t xdr_gstrings_ret (); +-extern bool_t xdr_sstring_arg (); +-extern bool_t xdr_krb5_string_attr (); +-extern bool_t xdr_kadm5_key_data (); +-extern bool_t xdr_getpkeys_arg (); +-extern bool_t xdr_getpkeys_ret (); +- + #endif /* __KADM_RPC_H__ */ +diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c +index 287cae750f..5e052dd90c 100644 +--- a/src/lib/kadm5/kadm_rpc_xdr.c ++++ b/src/lib/kadm5/kadm_rpc_xdr.c +@@ -408,7 +408,7 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, + return (FALSE); + } + if (!xdr_nulltype(xdrs, (void **) &objp->mod_name, +- xdr_krb5_principal)) { ++ (xdrproc_t)xdr_krb5_principal)) { + return (FALSE); + } + if (!xdr_krb5_timestamp(xdrs, &objp->mod_date)) { +@@ -451,12 +451,13 @@ _xdr_kadm5_principal_ent_rec(XDR *xdrs, kadm5_principal_ent_rec *objp, + return (FALSE); + } + if (!xdr_nulltype(xdrs, (void **) &objp->tl_data, +- xdr_krb5_tl_data)) { ++ (xdrproc_t)xdr_krb5_tl_data)) { + return FALSE; + } + n = objp->n_key_data; + r = xdr_array(xdrs, (caddr_t *) &objp->key_data, &n, objp->n_key_data, +- sizeof(krb5_key_data), xdr_krb5_key_data_nocontents); ++ sizeof(krb5_key_data), ++ (xdrproc_t)xdr_krb5_key_data_nocontents); + objp->n_key_data = n; + if (!r) { + return (FALSE); +@@ -528,7 +529,7 @@ _xdr_kadm5_policy_ent_rec(XDR *xdrs, kadm5_policy_ent_rec *objp, int vers) + return (FALSE); + } + if (!xdr_nulltype(xdrs, (void **) &objp->tl_data, +- xdr_krb5_tl_data)) { ++ (xdrproc_t)xdr_krb5_tl_data)) { + return FALSE; + } + } +@@ -576,7 +577,7 @@ xdr_cprinc3_arg(XDR *xdrs, cprinc3_arg *objp) + if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, + (unsigned int *)&objp->n_ks_tuple, ~0, + sizeof(krb5_key_salt_tuple), +- xdr_krb5_key_salt_tuple)) { ++ (xdrproc_t)xdr_krb5_key_salt_tuple)) { + return (FALSE); + } + if (!xdr_nullstring(xdrs, &objp->passwd)) { +@@ -668,7 +669,7 @@ xdr_gprincs_ret(XDR *xdrs, gprincs_ret *objp) + } + if (!xdr_array(xdrs, (caddr_t *) &objp->princs, + (unsigned int *) &objp->count, ~0, +- sizeof(char *), xdr_nullstring)) { ++ sizeof(char *), (xdrproc_t)xdr_nullstring)) { + return (FALSE); + } + } +@@ -706,7 +707,7 @@ xdr_chpass3_arg(XDR *xdrs, chpass3_arg *objp) + if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, + (unsigned int*)&objp->n_ks_tuple, ~0, + sizeof(krb5_key_salt_tuple), +- xdr_krb5_key_salt_tuple)) { ++ (xdrproc_t)xdr_krb5_key_salt_tuple)) { + return (FALSE); + } + if (!xdr_nullstring(xdrs, &objp->pass)) { +@@ -726,7 +727,7 @@ xdr_setkey_arg(XDR *xdrs, setkey_arg *objp) + } + if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks, + (unsigned int *) &objp->n_keys, ~0, +- sizeof(krb5_keyblock), xdr_krb5_keyblock)) { ++ sizeof(krb5_keyblock), (xdrproc_t)xdr_krb5_keyblock)) { + return (FALSE); + } + return (TRUE); +@@ -746,12 +747,13 @@ xdr_setkey3_arg(XDR *xdrs, setkey3_arg *objp) + } + if (!xdr_array(xdrs, (caddr_t *) &objp->ks_tuple, + (unsigned int *) &objp->n_ks_tuple, ~0, +- sizeof(krb5_key_salt_tuple), xdr_krb5_key_salt_tuple)) { ++ sizeof(krb5_key_salt_tuple), ++ (xdrproc_t)xdr_krb5_key_salt_tuple)) { + return (FALSE); + } + if (!xdr_array(xdrs, (caddr_t *) &objp->keyblocks, + (unsigned int *) &objp->n_keys, ~0, +- sizeof(krb5_keyblock), xdr_krb5_keyblock)) { ++ sizeof(krb5_keyblock), (xdrproc_t)xdr_krb5_keyblock)) { + return (FALSE); + } + return (TRUE); +@@ -771,7 +773,8 @@ xdr_setkey4_arg(XDR *xdrs, setkey4_arg *objp) + } + if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, + (unsigned int *) &objp->n_key_data, ~0, +- sizeof(kadm5_key_data), xdr_kadm5_key_data)) { ++ sizeof(kadm5_key_data), ++ (xdrproc_t)xdr_kadm5_key_data)) { + return FALSE; + } + return TRUE; +@@ -804,7 +807,7 @@ xdr_chrand3_arg(XDR *xdrs, chrand3_arg *objp) + if (!xdr_array(xdrs, (caddr_t *)&objp->ks_tuple, + (unsigned int*)&objp->n_ks_tuple, ~0, + sizeof(krb5_key_salt_tuple), +- xdr_krb5_key_salt_tuple)) { ++ (xdrproc_t)xdr_krb5_key_salt_tuple)) { + return (FALSE); + } + return (TRUE); +@@ -822,7 +825,8 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp) + if (objp->code == KADM5_OK) { + if (!xdr_array(xdrs, (char **)&objp->keys, + (unsigned int *)&objp->n_keys, ~0, +- sizeof(krb5_keyblock), xdr_krb5_keyblock)) ++ sizeof(krb5_keyblock), ++ (xdrproc_t)xdr_krb5_keyblock)) + return FALSE; + } + +@@ -965,7 +969,7 @@ xdr_gpols_ret(XDR *xdrs, gpols_ret *objp) + } + if (!xdr_array(xdrs, (caddr_t *) &objp->pols, + (unsigned int *) &objp->count, ~0, +- sizeof(char *), xdr_nullstring)) { ++ sizeof(char *), (xdrproc_t)xdr_nullstring)) { + return (FALSE); + } + } +@@ -1030,7 +1034,7 @@ xdr_gstrings_ret(XDR *xdrs, gstrings_ret *objp) + if (!xdr_array(xdrs, (caddr_t *) &objp->strings, + (unsigned int *) &objp->count, ~0, + sizeof(krb5_string_attr), +- xdr_krb5_string_attr)) { ++ (xdrproc_t)xdr_krb5_string_attr)) { + return (FALSE); + } + } +@@ -1198,7 +1202,8 @@ xdr_getpkeys_ret(XDR *xdrs, getpkeys_ret *objp) + if (objp->code == KADM5_OK) { + if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, + (unsigned int *) &objp->n_key_data, ~0, +- sizeof(kadm5_key_data), xdr_kadm5_key_data)) { ++ sizeof(kadm5_key_data), ++ (xdrproc_t)xdr_kadm5_key_data)) { + return FALSE; + } + } +diff --git a/src/lib/kadm5/misc_free.c b/src/lib/kadm5/misc_free.c +index 74d23760fb..9ac47bb87f 100644 +--- a/src/lib/kadm5/misc_free.c ++++ b/src/lib/kadm5/misc_free.c +@@ -41,9 +41,8 @@ kadm5_free_name_list(void *server_handle, char **names, int count) + } + + /* XXX this ought to be in libkrb5.a, but isn't */ +-kadm5_ret_t krb5_free_key_data_contents(context, key) +- krb5_context context; +- krb5_key_data *key; ++kadm5_ret_t ++krb5_free_key_data_contents(krb5_context context, krb5_key_data *key) + { + int i, idx; + +diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c +index fc732971d2..b6ffdb8c7a 100644 +--- a/src/lib/kadm5/srv/adb_xdr.c ++++ b/src/lib/kadm5/srv/adb_xdr.c +@@ -53,8 +53,7 @@ xdr_osa_pw_hist_ent(XDR *xdrs, osa_pw_hist_ent *objp) + { + if (!xdr_array(xdrs, (caddr_t *) &objp->key_data, + (u_int *) &objp->n_key_data, ~0, +- sizeof(krb5_key_data), +- xdr_krb5_key_data)) ++ sizeof(krb5_key_data), (xdrproc_t)xdr_krb5_key_data)) + return (FALSE); + return (TRUE); + } +@@ -88,8 +87,7 @@ xdr_osa_princ_ent_rec(XDR *xdrs, osa_princ_ent_t objp) + return (FALSE); + if (!xdr_array(xdrs, (caddr_t *) &objp->old_keys, + (unsigned int *) &objp->old_key_len, ~0, +- sizeof(osa_pw_hist_ent), +- xdr_osa_pw_hist_ent)) ++ sizeof(osa_pw_hist_ent), (xdrproc_t)xdr_osa_pw_hist_ent)) + return (FALSE); + return (TRUE); + } +diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c +index 8c3ad3a691..d5bb0b167d 100644 +--- a/src/lib/kadm5/srv/svr_principal.c ++++ b/src/lib/kadm5/srv/svr_principal.c +@@ -30,9 +30,9 @@ static int decrypt_key_data(krb5_context context, + /* + * XXX Functions that ought to be in libkrb5.a, but aren't. + */ +-kadm5_ret_t krb5_copy_key_data_contents(context, from, to) +- krb5_context context; +- krb5_key_data *from, *to; ++kadm5_ret_t ++krb5_copy_key_data_contents(krb5_context context, krb5_key_data *from, ++ krb5_key_data *to) + { + int i, idx; + +@@ -75,10 +75,8 @@ static krb5_tl_data *dup_tl_data(krb5_tl_data *tl) + } + + /* This is in lib/kdb/kdb_cpw.c, but is static */ +-static void cleanup_key_data(context, count, data) +- krb5_context context; +- int count; +- krb5_key_data * data; ++static void ++cleanup_key_data(krb5_context context, int count, krb5_key_data *data) + { + int i; + +diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c +index 7982956062..f2fae832eb 100644 +--- a/src/lib/kadm5/str_conv.c ++++ b/src/lib/kadm5/str_conv.c +@@ -267,11 +267,8 @@ cleanup: + * Salttype may be negative to indicate a search for only a enctype. + */ + krb5_boolean +-krb5_keysalt_is_present(ksaltlist, nksalts, enctype, salttype) +- krb5_key_salt_tuple *ksaltlist; +- krb5_int32 nksalts; +- krb5_enctype enctype; +- krb5_int32 salttype; ++krb5_keysalt_is_present(krb5_key_salt_tuple *ksaltlist, krb5_int32 nksalts, ++ krb5_enctype enctype, krb5_int32 salttype) + { + krb5_boolean foundit; + int i; +@@ -375,12 +372,11 @@ cleanup: + * If ignoresalt set, then salttype is ignored. + */ + krb5_error_code +-krb5_keysalt_iterate(ksaltlist, nksalt, ignoresalt, iterator, arg) +- krb5_key_salt_tuple *ksaltlist; +- krb5_int32 nksalt; +- krb5_boolean ignoresalt; +- krb5_error_code (*iterator) (krb5_key_salt_tuple *, krb5_pointer); +- krb5_pointer arg; ++krb5_keysalt_iterate(krb5_key_salt_tuple *ksaltlist, krb5_int32 nksalt, ++ krb5_boolean ignoresalt, ++ krb5_error_code (*iterator)(krb5_key_salt_tuple *, ++ void *), ++ void *arg) + { + int i; + krb5_error_code kret; +diff --git a/src/lib/kadm5/t_kadm5.c b/src/lib/kadm5/t_kadm5.c +index 153147ffbf..b3ab1004f3 100644 +--- a/src/lib/kadm5/t_kadm5.c ++++ b/src/lib/kadm5/t_kadm5.c +@@ -276,7 +276,7 @@ cpw_test_succeed(char *user, krb5_principal princ, char *pass) + } + + static void +-test_chpass() ++test_chpass(void) + { + krb5_principal princ = parse_princ("chpass-test"); + krb5_principal hist_princ = parse_princ("kadmin/history"); +@@ -334,7 +334,7 @@ cpol_test_compare(char *user, kadm5_policy_ent_t ent, uint32_t mask) + } + + static void +-test_create_policy() ++test_create_policy(void) + { + void *handle; + kadm5_policy_ent_rec ent; +@@ -440,7 +440,7 @@ cprinc_test_compare(char *user, kadm5_principal_ent_t ent, uint32_t mask, + } + + static void +-test_create_principal() ++test_create_principal(void) + { + void *handle; + kadm5_principal_ent_rec ent; +@@ -535,7 +535,7 @@ dpol_test_succeed(char *user, char *name) + } + + static void +-test_delete_policy() ++test_delete_policy(void) + { + krb5_principal princ = parse_princ("delete-policy-test-princ"); + +@@ -587,7 +587,7 @@ dprinc_test_succeed(char *user, krb5_principal princ) + } + + static void +-test_delete_principal() ++test_delete_principal(void) + { + krb5_principal princ = parse_princ("delete-principal-test"); + +@@ -638,7 +638,7 @@ gpol_test_fail(char *user, char *name, krb5_error_code code) + } + + static void +-test_get_policy() ++test_get_policy(void) + { + /* Fails with unknown policy. */ + dpol_test_fail("admin", "unknown-policy", KADM5_UNK_POLICY); +@@ -684,7 +684,7 @@ gprinc_test_fail(char *user, krb5_principal princ, krb5_error_code code) + } + + static void +-test_get_principal() ++test_get_principal(void) + { + void *handle; + kadm5_principal_ent_rec ent; +@@ -743,7 +743,7 @@ test_get_principal() + } + + static void +-test_init_destroy() ++test_init_destroy(void) + { + krb5_context ctx; + kadm5_ret_t ret; +@@ -1019,7 +1019,7 @@ mpol_test_compare(void *handle, kadm5_policy_ent_t ent, uint32_t mask) + } + + static void +-test_modify_policy() ++test_modify_policy(void) + { + kadm5_policy_ent_rec ent; + +@@ -1109,7 +1109,7 @@ mprinc_test_compare(char *user, kadm5_principal_ent_t ent, uint32_t mask) + } + + static void +-test_modify_principal() ++test_modify_principal(void) + { + void *handle; + krb5_principal princ = parse_princ("modify-principal-test"); +@@ -1233,7 +1233,7 @@ rnd_test_succeed(char *user, krb5_principal princ) + } + + static void +-test_randkey() ++test_randkey(void) + { + void *handle; + krb5_principal princ = parse_princ("randkey-principal-test"); +diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c +index 415ae64e22..0837f567cc 100644 +--- a/src/lib/kdb/kdb5.c ++++ b/src/lib/kdb/kdb5.c +@@ -75,13 +75,13 @@ free_mkey_list(krb5_context context, krb5_keylist_node *mkey_list) + } + + int +-kdb_init_lock_list() ++kdb_init_lock_list(void) + { + return k5_mutex_finish_init(&db_lock); + } + + static int +-kdb_lock_list() ++kdb_lock_list(void) + { + int err; + err = CALL_INIT_FUNCTION (kdb_init_lock_list); +@@ -92,14 +92,14 @@ kdb_lock_list() + } + + void +-kdb_fini_lock_list() ++kdb_fini_lock_list(void) + { + if (INITIALIZER_RAN(kdb_init_lock_list)) + k5_mutex_destroy(&db_lock); + } + + static void +-kdb_unlock_list() ++kdb_unlock_list(void) + { + k5_mutex_unlock(&db_lock); + } +diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c +index 450860f470..c33c7cf8d0 100644 +--- a/src/lib/kdb/kdb_cpw.c ++++ b/src/lib/kdb/kdb_cpw.c +@@ -57,10 +57,7 @@ + enum save { DISCARD_ALL, KEEP_LAST_KVNO, KEEP_ALL }; + + int +-krb5_db_get_key_data_kvno(context, count, data) +- krb5_context context; +- int count; +- krb5_key_data * data; ++krb5_db_get_key_data_kvno(krb5_context context, int count, krb5_key_data *data) + { + int i, kvno; + /* Find last key version number */ +@@ -73,10 +70,7 @@ krb5_db_get_key_data_kvno(context, count, data) + } + + static void +-cleanup_key_data(context, count, data) +- krb5_context context; +- int count; +- krb5_key_data * data; ++cleanup_key_data(krb5_context context, int count, krb5_key_data *data) + { + int i; + +@@ -149,13 +143,9 @@ preserve_old_keys(krb5_context context, krb5_keyblock *mkey, + } + + static krb5_error_code +-add_key_rnd(context, master_key, ks_tuple, ks_tuple_count, db_entry, kvno) +- krb5_context context; +- krb5_keyblock * master_key; +- krb5_key_salt_tuple * ks_tuple; +- int ks_tuple_count; +- krb5_db_entry * db_entry; +- int kvno; ++add_key_rnd(krb5_context context, krb5_keyblock *master_key, ++ krb5_key_salt_tuple *ks_tuple, int ks_tuple_count, ++ krb5_db_entry *db_entry, int kvno) + { + krb5_keyblock key; + int i, j; +@@ -246,15 +236,9 @@ make_random_salt(krb5_context context, krb5_keysalt *salt_out) + * If passwd is NULL the assumes that the caller wants a random password. + */ + static krb5_error_code +-add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd, +- db_entry, kvno) +- krb5_context context; +- krb5_keyblock * master_key; +- krb5_key_salt_tuple * ks_tuple; +- int ks_tuple_count; +- const char * passwd; +- krb5_db_entry * db_entry; +- int kvno; ++add_key_pwd(krb5_context context, krb5_keyblock *master_key, ++ krb5_key_salt_tuple *ks_tuple, int ks_tuple_count, ++ const char *passwd, krb5_db_entry *db_entry, int kvno) + { + krb5_error_code retval; + krb5_keysalt key_salt; +diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c +index a623e001ec..346cf962e8 100644 +--- a/src/lib/kdb/keytab.c ++++ b/src/lib/kdb/keytab.c +@@ -71,10 +71,7 @@ krb5_db_register_keytab(krb5_context context) + } + + krb5_error_code +-krb5_ktkdb_resolve(context, name, id) +- krb5_context context; +- const char * name; +- krb5_keytab * id; ++krb5_ktkdb_resolve(krb5_context context, const char *name, krb5_keytab *id) + { + if ((*id = (krb5_keytab) malloc(sizeof(**id))) == NULL) + return(ENOMEM); +@@ -84,9 +81,7 @@ krb5_ktkdb_resolve(context, name, id) + } + + krb5_error_code +-krb5_ktkdb_close(context, kt) +- krb5_context context; +- krb5_keytab kt; ++krb5_ktkdb_close(krb5_context context, krb5_keytab kt) + { + /* + * This routine is responsible for freeing all memory allocated +@@ -119,13 +114,9 @@ krb5_ktkdb_set_context(krb5_context ctx) + } + + krb5_error_code +-krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry) +- krb5_context in_context; +- krb5_keytab id; +- krb5_const_principal principal; +- krb5_kvno kvno; +- krb5_enctype enctype; +- krb5_keytab_entry * entry; ++krb5_ktkdb_get_entry(krb5_context in_context, krb5_keytab id, ++ krb5_const_principal principal, krb5_kvno kvno, ++ krb5_enctype enctype, krb5_keytab_entry *entry) + { + krb5_context context; + krb5_error_code kerror = 0; +diff --git a/src/lib/kdb/t_stringattr.c b/src/lib/kdb/t_stringattr.c +index 11740368ea..2c643018b5 100644 +--- a/src/lib/kdb/t_stringattr.c ++++ b/src/lib/kdb/t_stringattr.c +@@ -38,7 +38,7 @@ + */ + + int +-main() ++main(void) + { + krb5_db_entry *ent; + krb5_context context; +diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c +index fc2d248001..c5446b890c 100644 +--- a/src/lib/krad/packet.c ++++ b/src/lib/krad/packet.c +@@ -200,7 +200,7 @@ auth_generate_response(krb5_context ctx, const char *secret, + + /* Create a new packet. */ + static krad_packet * +-packet_new() ++packet_new(void) + { + krad_packet *pkt; + +diff --git a/src/lib/krad/t_attr.c b/src/lib/krad/t_attr.c +index 4d285ad9de..d5dd99a174 100644 +--- a/src/lib/krad/t_attr.c ++++ b/src/lib/krad/t_attr.c +@@ -40,7 +40,7 @@ const static unsigned char auth[] = { + }; + + int +-main() ++main(void) + { + unsigned char outbuf[MAX_ATTRSETSIZE]; + const char *decoded = "accept"; +diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c +index 0f95762534..4cdb8b7d8e 100644 +--- a/src/lib/krad/t_attrset.c ++++ b/src/lib/krad/t_attrset.c +@@ -40,7 +40,7 @@ const static unsigned char encpass[] = { + }; + + int +-main() ++main(void) + { + unsigned char buffer[KRAD_PACKET_SIZE_MAX], encoded[MAX_ATTRSETSIZE]; + const char *username = "testUser", *password = "accept"; +diff --git a/src/lib/krad/t_code.c b/src/lib/krad/t_code.c +index b245a7efc0..6cd522af55 100644 +--- a/src/lib/krad/t_code.c ++++ b/src/lib/krad/t_code.c +@@ -30,7 +30,7 @@ + #include "t_test.h" + + int +-main() ++main(void) + { + const char *tmp; + +diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c +index 1dadeef64f..ab3cda6fef 100644 +--- a/src/lib/krb5/ccache/cc_keyring.c ++++ b/src/lib/krb5/ccache/cc_keyring.c +@@ -314,7 +314,7 @@ get_persistent_real(uid_t uid) + * for the session anchor. + */ + static key_serial_t +-session_write_anchor() ++session_write_anchor(void) + { + key_serial_t s, u; + +diff --git a/src/lib/krb5/krb/plugin.c b/src/lib/krb5/krb/plugin.c +index 3bb7a38d44..1286e9e383 100644 +--- a/src/lib/krb5/krb/plugin.c ++++ b/src/lib/krb5/krb/plugin.c +@@ -355,7 +355,7 @@ load_if_needed(krb5_context context, struct plugin_mapping *map, + krb5_error_code ret; + char *symname = NULL; + struct plugin_file_handle *handle = NULL; +- void (*initvt_fn)(); ++ void (*initvt_fn)(void); + + if (map->module != NULL || map->dyn_path == NULL) + return; +diff --git a/src/lib/krb5/krb/t_authdata.c b/src/lib/krb5/krb/t_authdata.c +index dd834b9b0c..44f4a1cbd6 100644 +--- a/src/lib/krb5/krb/t_authdata.c ++++ b/src/lib/krb5/krb/t_authdata.c +@@ -74,7 +74,7 @@ static void compare_authdata(const krb5_authdata *adc1, krb5_authdata *adc2) { + } + + int +-main() ++main(void) + { + krb5_context context; + krb5_authdata **results; +diff --git a/src/lib/krb5/krb/t_response_items.c b/src/lib/krb5/krb/t_response_items.c +index 0deb9292a1..a6b02ca055 100644 +--- a/src/lib/krb5/krb/t_response_items.c ++++ b/src/lib/krb5/krb/t_response_items.c +@@ -61,7 +61,7 @@ nstrcmp(const char *a, const char *b) + } + + int +-main() ++main(void) + { + k5_response_items *ri; + +diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c +index d6746b74bd..9780c2e564 100644 +--- a/src/lib/krb5/krb/t_ser.c ++++ b/src/lib/krb5/krb/t_ser.c +@@ -195,7 +195,7 @@ ser_checksum(krb5_checksum *cksum) + } + + static void +-ser_context_test() ++ser_context_test(void) + { + krb5_context context; + profile_t sprofile; +@@ -216,7 +216,7 @@ ser_context_test() + } + + static void +-ser_acontext_test() ++ser_acontext_test(void) + { + krb5_auth_context actx; + krb5_address local_address; +@@ -306,7 +306,7 @@ ser_acontext_test() + } + + static void +-ser_princ_test() ++ser_princ_test(void) + { + krb5_principal princ; + char pname[1024]; +@@ -320,7 +320,7 @@ ser_princ_test() + } + + static void +-ser_cksum_test() ++ser_cksum_test(void) + { + krb5_checksum checksum; + krb5_octet ckdata[24]; +diff --git a/src/lib/krb5/krb/t_sname_match.c b/src/lib/krb5/krb/t_sname_match.c +index 021b720d65..ee5623c158 100644 +--- a/src/lib/krb5/krb/t_sname_match.c ++++ b/src/lib/krb5/krb/t_sname_match.c +@@ -80,7 +80,7 @@ struct test { + }; + + int +-main() ++main(void) + { + size_t i; + struct test *t; +diff --git a/src/lib/krb5/krb/t_valid_times.c b/src/lib/krb5/krb/t_valid_times.c +index e4b5f1bce4..1a8036e811 100644 +--- a/src/lib/krb5/krb/t_valid_times.c ++++ b/src/lib/krb5/krb/t_valid_times.c +@@ -36,7 +36,7 @@ + #define BOUNDARY (uint32_t)INT32_MIN + + int +-main() ++main(void) + { + krb5_error_code ret; + krb5_context context; +diff --git a/src/lib/krb5/rcache/t_memrcache.c b/src/lib/krb5/rcache/t_memrcache.c +index 6f212b0ecd..665da75ea5 100644 +--- a/src/lib/krb5/rcache/t_memrcache.c ++++ b/src/lib/krb5/rcache/t_memrcache.c +@@ -33,7 +33,7 @@ + #include "memrcache.c" + + int +-main() ++main(void) + { + krb5_error_code ret; + krb5_context context; +diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c +index 319bc759b1..f61322d82b 100644 +--- a/src/lib/rpc/auth_gss.c ++++ b/src/lib/rpc/auth_gss.c +@@ -445,9 +445,9 @@ authgss_refresh(AUTH *auth, struct rpc_msg *msg) + memset(&gr, 0, sizeof(gr)); + + call_stat = clnt_call(gd->clnt, NULLPROC, +- xdr_rpc_gss_init_args, ++ (xdrproc_t)xdr_rpc_gss_init_args, + &send_token, +- xdr_rpc_gss_init_res, ++ (xdrproc_t)xdr_rpc_gss_init_res, + (caddr_t)&gr, AUTH_TIMEOUT); + + gss_release_buffer(&min_stat, &send_token); +diff --git a/src/lib/rpc/auth_gssapi.c b/src/lib/rpc/auth_gssapi.c +index 8ab7ab5ba7..b5e03b9641 100644 +--- a/src/lib/rpc/auth_gssapi.c ++++ b/src/lib/rpc/auth_gssapi.c +@@ -283,11 +283,11 @@ next_token: + + PRINTF(("gssapi_create: calling GSSAPI_INIT (%d)\n", init_func)); + +- xdr_free(xdr_authgssapi_init_res, &call_res); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_res, &call_res); + memset(&call_res, 0, sizeof(call_res)); + callstat = clnt_call(clnt, init_func, +- xdr_authgssapi_init_arg, &call_arg, +- xdr_authgssapi_init_res, &call_res, ++ (xdrproc_t)xdr_authgssapi_init_arg, &call_arg, ++ (xdrproc_t)xdr_authgssapi_init_res, &call_res, + timeout); + gss_release_buffer(minor_stat, &call_arg.token); + +@@ -436,7 +436,7 @@ next_token: + /* don't assume the caller will want to change clnt->cl_auth */ + clnt->cl_auth = save_auth; + +- xdr_free(xdr_authgssapi_init_res, &call_res); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_res, &call_res); + return auth; + + /******************************************************************/ +@@ -458,7 +458,7 @@ cleanup: + if (rpc_createerr.cf_stat == 0) + rpc_createerr.cf_stat = RPC_AUTHERROR; + +- xdr_free(xdr_authgssapi_init_res, &call_res); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_res, &call_res); + return auth; + } + +@@ -760,7 +760,7 @@ skip_call: + static bool_t auth_gssapi_wrap( + AUTH *auth, + XDR *out_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + OM_uint32 gssstat, minor_stat; +@@ -791,7 +791,7 @@ static bool_t auth_gssapi_wrap( + static bool_t auth_gssapi_unwrap( + AUTH *auth, + XDR *in_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + OM_uint32 gssstat, minor_stat; +diff --git a/src/lib/rpc/auth_gssapi_misc.c b/src/lib/rpc/auth_gssapi_misc.c +index a60eb7f7cb..57fc1fb39f 100644 +--- a/src/lib/rpc/auth_gssapi_misc.c ++++ b/src/lib/rpc/auth_gssapi_misc.c +@@ -199,7 +199,7 @@ bool_t auth_gssapi_wrap_data( + gss_ctx_id_t context, + uint32_t seq_num, + XDR *out_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + gss_buffer_desc in_buf, out_buf; +@@ -267,7 +267,7 @@ bool_t auth_gssapi_unwrap_data( + gss_ctx_id_t context, + uint32_t seq_num, + XDR *in_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + gss_buffer_desc in_buf, out_buf; +diff --git a/src/lib/rpc/authunix_prot.c b/src/lib/rpc/authunix_prot.c +index 512d5a51b7..92276c3ad4 100644 +--- a/src/lib/rpc/authunix_prot.c ++++ b/src/lib/rpc/authunix_prot.c +@@ -58,7 +58,8 @@ xdr_authunix_parms(XDR *xdrs, struct authunix_parms *p) + && xdr_int(xdrs, &(p->aup_uid)) + && xdr_int(xdrs, &(p->aup_gid)) + && xdr_array(xdrs, (caddr_t *)&(p->aup_gids), +- &(p->aup_len), NGRPS, sizeof(int), xdr_int) ) { ++ &(p->aup_len), NGRPS, sizeof(int), ++ (xdrproc_t)xdr_int)) { + return (TRUE); + } + return (FALSE); +diff --git a/src/lib/rpc/clnt_perror.c b/src/lib/rpc/clnt_perror.c +index fcc3657464..912b267867 100644 +--- a/src/lib/rpc/clnt_perror.c ++++ b/src/lib/rpc/clnt_perror.c +@@ -76,7 +76,6 @@ char * + clnt_sperror(CLIENT *rpch, char *s) + { + struct rpc_err e; +- void clnt_perrno(); + char *err; + char *bufstart = get_buf(); + char *str = bufstart; +diff --git a/src/lib/rpc/clnt_raw.c b/src/lib/rpc/clnt_raw.c +index dcbb5cf23d..7e62a5c776 100644 +--- a/src/lib/rpc/clnt_raw.c ++++ b/src/lib/rpc/clnt_raw.c +@@ -80,7 +80,7 @@ static struct clnt_ops client_ops = { + clntraw_control + }; + +-void svc_getreq(); ++void svc_getreq(int); + + /* + * Create a client handle for memory based rpc. +diff --git a/src/lib/rpc/dyn.c b/src/lib/rpc/dyn.c +index bce1fd2a7d..a505f34817 100644 +--- a/src/lib/rpc/dyn.c ++++ b/src/lib/rpc/dyn.c +@@ -30,10 +30,8 @@ + /* + * Made obsolete by DynInsert, now just a convenience function. + */ +-int DynAppend(obj, els, num) +- DynObjectP obj; +- DynPtr els; +- int num; ++int ++DynAppend(DynObjectP obj, DynPtr els, int num) + { + return DynInsert(obj, DynSize(obj), els, num); + } +@@ -52,8 +50,8 @@ int DynAppend(obj, els, num) + + static int default_increment = DEFAULT_INC; + +-DynObjectP DynCreate(el_size, inc) +- int el_size, inc; ++DynObjectP ++DynCreate(int el_size, int inc) + { + DynObjectP obj; + +@@ -77,8 +75,8 @@ DynObjectP DynCreate(el_size, inc) + return obj; + } + +-DynObjectP DynCopy(obj) +- DynObjectP obj; ++DynObjectP ++DynCopy(DynObjectP obj) + { + DynObjectP obj1; + +@@ -104,8 +102,8 @@ DynObjectP DynCopy(obj) + return obj1; + } + +-int DynDestroy(obj) +- /*@only@*/DynObjectP obj; ++int ++DynDestroy(/*@only@*/DynObjectP obj) + { + if (obj->paranoid) { + if (obj->debug) +@@ -118,8 +116,8 @@ int DynDestroy(obj) + return DYN_OK; + } + +-int DynRelease(obj) +- DynObjectP obj; ++int ++DynRelease(DynObjectP obj) + { + if (obj->debug) + fprintf(stderr, "dyn: release: freeing object structure.\n"); +@@ -134,9 +132,8 @@ int DynRelease(obj) + * contains the source code for the function DynDebug(). + */ + +-int DynDebug(obj, state) +- DynObjectP obj; +- int state; ++int ++DynDebug(DynObjectP obj, int state) + { + obj->debug = state; + +@@ -155,9 +152,8 @@ int DynDebug(obj, state) + * Checkers! Get away from that "hard disk erase" button! + * (Stupid dog. He almost did it to me again ...) + */ +-int DynDelete(obj, idx) +- DynObjectP obj; +- int idx; ++int ++DynDelete(DynObjectP obj, int idx) + { + if (idx < 0) { + if (obj->debug) +@@ -219,9 +215,8 @@ int DynDelete(obj, idx) + * contains the source code for the function DynInitZero(). + */ + +-int DynInitzero(obj, state) +- DynObjectP obj; +- int state; ++int ++DynInitzero(DynObjectP obj, int state) + { + obj->initzero = state; + +@@ -237,10 +232,8 @@ int DynInitzero(obj, state) + * contains the source code for the function DynInsert(). + */ + +-int DynInsert(obj, idx, els_in, num) +- DynObjectP obj; +- void *els_in; +- int idx, num; ++int ++DynInsert(DynObjectP obj, int idx, void *els_in, int num) + { + DynPtr els = (DynPtr) els_in; + int ret; +@@ -290,9 +283,8 @@ int DynInsert(obj, idx, els_in, num) + * contains the source code for the function DynDebug(). + */ + +-int DynParanoid(obj, state) +- DynObjectP obj; +- int state; ++int ++DynParanoid(DynObjectP obj, int state) + { + obj->paranoid = state; + +@@ -308,8 +300,8 @@ int DynParanoid(obj, state) + * contains the source code for the functions DynGet() and DynAdd(). + */ + +-DynPtr DynArray(obj) +- DynObjectP obj; ++DynPtr ++DynArray(DynObjectP obj) + { + if (obj->debug) + fprintf(stderr, "dyn: array: returning array pointer %p.\n", +@@ -318,9 +310,8 @@ DynPtr DynArray(obj) + return obj->array; + } + +-DynPtr DynGet(obj, num) +- DynObjectP obj; +- int num; ++DynPtr ++DynGet(DynObjectP obj, int num) + { + if (num < 0) { + if (obj->debug) +@@ -342,9 +333,7 @@ DynPtr DynGet(obj, num) + return (DynPtr) obj->array + obj->el_size*num; + } + +-int DynAdd(obj, el) +- DynObjectP obj; +- void *el; ++int DynAdd(DynObjectP obj, void *el) + { + int ret; + +@@ -364,10 +353,8 @@ int DynAdd(obj, el) + * obj->num_el) will not be updated properly and many other functions + * in the library will lose. Have a nice day. + */ +-int DynPut(obj, el_in, idx) +- DynObjectP obj; +- void *el_in; +- int idx; ++int ++DynPut(DynObjectP obj, void *el_in, int idx) + { + DynPtr el = (DynPtr) el_in; + int ret; +@@ -397,9 +384,8 @@ int DynPut(obj, el_in, idx) + /* + * Resize the array so that element req exists. + */ +-int _DynResize(obj, req) +- DynObjectP obj; +- int req; ++int ++_DynResize(DynObjectP obj, int req) + { + int size; + +@@ -430,9 +416,8 @@ int _DynResize(obj, req) + * Ideally, this function should not be called from outside the + * library. However, nothing will break if it is. + */ +-int _DynRealloc(obj, num_incs) +- DynObjectP obj; +- int num_incs; ++int ++_DynRealloc(DynObjectP obj, int num_incs) + { + DynPtr temp; + int new_size_in_bytes; +@@ -475,8 +460,8 @@ int _DynRealloc(obj, num_incs) + * contains the source code for the function DynSize(). + */ + +-int DynSize(obj) +- DynObjectP obj; ++int ++DynSize(DynObjectP obj) + { + if (obj->debug) + fprintf(stderr, "dyn: size: returning size %d.\n", obj->num_el); +@@ -484,8 +469,8 @@ int DynSize(obj) + return obj->num_el; + } + +-int DynCapacity(obj) +- DynObjectP obj; ++int ++DynCapacity(DynObjectP obj) + { + if (obj->debug) + fprintf(stderr, "dyn: capacity: returning cap of %d.\n", obj->size); +diff --git a/src/lib/rpc/pmap_clnt.c b/src/lib/rpc/pmap_clnt.c +index 952a251453..5c3bba3528 100644 +--- a/src/lib/rpc/pmap_clnt.c ++++ b/src/lib/rpc/pmap_clnt.c +@@ -54,8 +54,6 @@ static char sccsid[] = "@(#)pmap_clnt.c 1.37 87/08/11 Copyr 1984 Sun Micro"; + static struct timeval timeout = { 5, 0 }; + static struct timeval tottimeout = { 60, 0 }; + +-void clnt_perror(); +- + /* + * Set a mapping between program,version and port. + * Calls the pmap service remotely to do the mapping. +@@ -128,7 +126,8 @@ pmap_set( + } + } + #endif +- if (CLNT_CALL(client, PMAPPROC_SET, xdr_pmap, &parms, xdr_bool, &rslt, ++ if (CLNT_CALL(client, PMAPPROC_SET, (xdrproc_t)xdr_pmap, &parms, ++ (xdrproc_t)xdr_bool, &rslt, + tottimeout) != RPC_SUCCESS) { + clnt_perror(client, "Cannot register service"); + return (FALSE); +@@ -161,8 +160,8 @@ pmap_unset( + parms.pm_prog = program; + parms.pm_vers = version; + parms.pm_port = parms.pm_prot = 0; +- CLNT_CALL(client, PMAPPROC_UNSET, xdr_pmap, &parms, xdr_bool, &rslt, +- tottimeout); ++ CLNT_CALL(client, PMAPPROC_UNSET, (xdrproc_t)xdr_pmap, &parms, ++ (xdrproc_t)xdr_bool, &rslt, tottimeout); + CLNT_DESTROY(client); + (void)close(sock); + return (rslt); +diff --git a/src/lib/rpc/pmap_getmaps.c b/src/lib/rpc/pmap_getmaps.c +index b8a9cecf7e..a9c4c52906 100644 +--- a/src/lib/rpc/pmap_getmaps.c ++++ b/src/lib/rpc/pmap_getmaps.c +@@ -77,8 +77,9 @@ pmap_getmaps(struct sockaddr_in *address) + client = clnttcp_create(address, PMAPPROG, + PMAPVERS, &sock, 50, 500); + if (client != (CLIENT *)NULL) { +- if (CLNT_CALL(client, PMAPPROC_DUMP, xdr_void, NULL, xdr_pmaplist, +- &head, minutetimeout) != RPC_SUCCESS) { ++ if (CLNT_CALL(client, PMAPPROC_DUMP, xdr_void, NULL, ++ (xdrproc_t)xdr_pmaplist, &head, ++ minutetimeout) != RPC_SUCCESS) { + clnt_perror(client, "pmap_getmaps rpc problem"); + } + CLNT_DESTROY(client); +diff --git a/src/lib/rpc/pmap_getport.c b/src/lib/rpc/pmap_getport.c +index 66635a1034..2d0792b698 100644 +--- a/src/lib/rpc/pmap_getport.c ++++ b/src/lib/rpc/pmap_getport.c +@@ -79,8 +79,10 @@ pmap_getport( + parms.pm_vers = version; + parms.pm_prot = protocol; + parms.pm_port = 0; /* not needed or used */ +- if (CLNT_CALL(client, PMAPPROC_GETPORT, xdr_pmap, &parms, +- xdr_u_short, &port, tottimeout) != RPC_SUCCESS){ ++ if (CLNT_CALL(client, PMAPPROC_GETPORT, ++ (xdrproc_t)xdr_pmap, &parms, ++ (xdrproc_t)xdr_u_short, &port, ++ tottimeout) != RPC_SUCCESS){ + rpc_createerr.cf_stat = RPC_PMAPFAILURE; + clnt_geterr(client, &rpc_createerr.cf_error); + } else if (port == 0) { +diff --git a/src/lib/rpc/pmap_prot2.c b/src/lib/rpc/pmap_prot2.c +index aeccac6637..3c0c612bec 100644 +--- a/src/lib/rpc/pmap_prot2.c ++++ b/src/lib/rpc/pmap_prot2.c +@@ -109,7 +109,8 @@ xdr_pmaplist(XDR *xdrs, struct pmaplist **rp) + if (freeing) + next = &((*rp)->pml_next); + if (! xdr_reference(xdrs, (caddr_t *)rp, +- (u_int)sizeof(struct pmaplist), xdr_pmap)) ++ (u_int)sizeof(struct pmaplist), ++ (xdrproc_t)xdr_pmap)) + return (FALSE); + rp = (freeing) ? next : &((*rp)->pml_next); + } +diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c +index 8c7e30c21a..434e4eea65 100644 +--- a/src/lib/rpc/pmap_rmt.c ++++ b/src/lib/rpc/pmap_rmt.c +@@ -105,8 +105,9 @@ pmap_rmtcall( + r.port_ptr = port_ptr; + r.results_ptr = resp; + r.xdr_results = xdrres; +- stat = CLNT_CALL(client, PMAPPROC_CALLIT, xdr_rmtcall_args, &a, +- xdr_rmtcallres, &r, tout); ++ stat = CLNT_CALL(client, PMAPPROC_CALLIT, ++ (xdrproc_t)xdr_rmtcall_args, &a, ++ (xdrproc_t)xdr_rmtcallres, &r, tout); + CLNT_DESTROY(client); + } else { + stat = RPC_FAILED; +@@ -161,7 +162,8 @@ xdr_rmtcallres( + + port_ptr = (caddr_t)(void *)crp->port_ptr; + if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t), +- xdr_u_int32) && xdr_u_int32(xdrs, &crp->resultslen)) { ++ (xdrproc_t)xdr_u_int32) && ++ xdr_u_int32(xdrs, &crp->resultslen)) { + crp->port_ptr = (uint32_t *)(void *)port_ptr; + return ((*(crp->xdr_results))(xdrs, crp->results_ptr)); + } +@@ -343,7 +345,7 @@ clnt_broadcast( + recv_again: + msg.acpted_rply.ar_verf = gssrpc__null_auth; + msg.acpted_rply.ar_results.where = (caddr_t)&r; +- msg.acpted_rply.ar_results.proc = xdr_rmtcallres; ++ msg.acpted_rply.ar_results.proc = (xdrproc_t)xdr_rmtcallres; + readfds = mask; + t2 = t; + switch (select(gssrpc__rpc_dtablesize(), &readfds, (fd_set *)NULL, +diff --git a/src/lib/rpc/rpc_prot.c b/src/lib/rpc/rpc_prot.c +index 9b82e12c34..296968b946 100644 +--- a/src/lib/rpc/rpc_prot.c ++++ b/src/lib/rpc/rpc_prot.c +@@ -132,8 +132,8 @@ xdr_rejected_reply(XDR *xdrs, struct rejected_reply *rr) + } + + static struct xdr_discrim reply_dscrm[3] = { +- { (int)MSG_ACCEPTED, xdr_accepted_reply }, +- { (int)MSG_DENIED, xdr_rejected_reply }, ++ { (int)MSG_ACCEPTED, (xdrproc_t)xdr_accepted_reply }, ++ { (int)MSG_DENIED, (xdrproc_t)xdr_rejected_reply }, + { __dontcare__, NULL_xdrproc_t } }; + + /* +diff --git a/src/lib/rpc/svc.c b/src/lib/rpc/svc.c +index cfbc7aad4d..0bcf04e8d4 100644 +--- a/src/lib/rpc/svc.c ++++ b/src/lib/rpc/svc.c +@@ -80,7 +80,7 @@ static struct svc_callout { + struct svc_callout *sc_next; + rpcprog_t sc_prog; + rpcprog_t sc_vers; +- void (*sc_dispatch)(); ++ void (*sc_dispatch)(struct svc_req *, SVCXPRT *); + } *svc_head; + + static struct svc_callout *svc_find(rpcprog_t, rpcvers_t, +@@ -162,7 +162,7 @@ svc_register( + SVCXPRT *xprt, + rpcprog_t prog, + rpcvers_t vers, +- void (*dispatch)(), ++ void (*dispatch)(struct svc_req *, SVCXPRT *), + int protocol) + { + struct svc_callout *prev; +diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c +index aba7694807..98d601c8ab 100644 +--- a/src/lib/rpc/svc_auth_gss.c ++++ b/src/lib/rpc/svc_auth_gss.c +@@ -193,7 +193,7 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, + /* Deserialize arguments. */ + memset(&recv_tok, 0, sizeof(recv_tok)); + +- if (!svc_getargs(rqst->rq_xprt, xdr_rpc_gss_init_args, ++ if (!svc_getargs(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_args, + (caddr_t)&recv_tok)) + return (FALSE); + +@@ -209,7 +209,8 @@ svcauth_gss_accept_sec_context(struct svc_req *rqst, + NULL, + NULL); + +- svc_freeargs(rqst->rq_xprt, xdr_rpc_gss_init_args, (caddr_t)&recv_tok); ++ svc_freeargs(rqst->rq_xprt, (xdrproc_t)xdr_rpc_gss_init_args, ++ (caddr_t)&recv_tok); + + log_status("accept_sec_context", gr->gr_major, gr->gr_minor); + if (gr->gr_major != GSS_S_COMPLETE && +@@ -495,7 +496,8 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, + } + *no_dispatch = TRUE; + +- call_stat = svc_sendreply(rqst->rq_xprt, xdr_rpc_gss_init_res, ++ call_stat = svc_sendreply(rqst->rq_xprt, ++ (xdrproc_t)xdr_rpc_gss_init_res, + (caddr_t)&gr); + + gss_release_buffer(&min_stat, &gr.gr_token); +@@ -544,7 +546,7 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg, + } + retstat = AUTH_OK; + freegc: +- xdr_free(xdr_rpc_gss_cred, gc); ++ xdr_free((xdrproc_t)xdr_rpc_gss_cred, gc); + log_debug("returning %d from svcauth_gss()", retstat); + return (retstat); + } +diff --git a/src/lib/rpc/svc_auth_gssapi.c b/src/lib/rpc/svc_auth_gssapi.c +index b7ffee4515..267c1545bd 100644 +--- a/src/lib/rpc/svc_auth_gssapi.c ++++ b/src/lib/rpc/svc_auth_gssapi.c +@@ -201,7 +201,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + if (! xdr_authgssapi_creds(&xdrs, &creds)) { + PRINTF(("svcauth_gssapi: failed decoding creds\n")); + LOG_MISCERR("protocol error in client credentials"); +- xdr_free(xdr_authgssapi_creds, &creds); ++ xdr_free((xdrproc_t)xdr_authgssapi_creds, &creds); + XDR_DESTROY(&xdrs); + ret = AUTH_BADCRED; + goto error; +@@ -223,7 +223,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + if (creds.auth_msg && rqst->rq_proc == AUTH_GSSAPI_EXIT) { + PRINTF(("svcauth_gssapi: GSSAPI_EXIT, cleaning up\n")); + svc_sendreply(rqst->rq_xprt, xdr_void, NULL); +- xdr_free(xdr_authgssapi_creds, &creds); ++ xdr_free((xdrproc_t)xdr_authgssapi_creds, &creds); + cleanup(); + exit(0); + } +@@ -306,7 +306,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + + /* call is for us, deserialize arguments */ + memset(&call_arg, 0, sizeof(call_arg)); +- if (! svc_getargs(rqst->rq_xprt, xdr_authgssapi_init_arg, ++ if (! svc_getargs(rqst->rq_xprt, (xdrproc_t)xdr_authgssapi_init_arg, + &call_arg)) { + PRINTF(("svcauth_gssapi: cannot decode args\n")); + LOG_MISCERR("protocol error in procedure arguments"); +@@ -446,7 +446,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + minor_stat = call_res.gss_minor; + + /* done with call args */ +- xdr_free(xdr_authgssapi_init_arg, &call_arg); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_arg, &call_arg); + + PRINTF(("svcauth_gssapi: accept_sec_context returned %#x %#x\n", + call_res.gss_major, call_res.gss_minor)); +@@ -459,7 +459,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + badauth(call_res.gss_major, call_res.gss_minor, rqst->rq_xprt); + + gss_release_buffer(&minor_stat, &output_token); +- svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res, ++ svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_authgssapi_init_res, + (caddr_t) &call_res); + *no_dispatch = TRUE; + ret = AUTH_OK; +@@ -492,7 +492,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + } + + PRINTF(("svcauth_gssapi: sending reply\n")); +- svc_sendreply(rqst->rq_xprt, xdr_authgssapi_init_res, ++ svc_sendreply(rqst->rq_xprt, (xdrproc_t)xdr_authgssapi_init_res, + (caddr_t) &call_res); + *no_dispatch = TRUE; + +@@ -583,11 +583,13 @@ enum auth_stat gssrpc__svcauth_gssapi( + case AUTH_GSSAPI_MSG: + PRINTF(("svcauth_gssapi: GSSAPI_MSG, getting args\n")); + memset(&call_arg, 0, sizeof(call_arg)); +- if (! svc_getargs(rqst->rq_xprt, xdr_authgssapi_init_arg, ++ if (! svc_getargs(rqst->rq_xprt, ++ (xdrproc_t)xdr_authgssapi_init_arg, + &call_arg)) { + PRINTF(("svcauth_gssapi: cannot decode args\n")); + LOG_MISCERR("protocol error in call arguments"); +- xdr_free(xdr_authgssapi_init_arg, &call_arg); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_arg, ++ &call_arg); + ret = AUTH_BADCRED; + goto error; + } +@@ -598,7 +600,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + &call_arg.token); + + /* done with call args */ +- xdr_free(xdr_authgssapi_init_arg, &call_arg); ++ xdr_free((xdrproc_t)xdr_authgssapi_init_arg, &call_arg); + + if (gssstat != GSS_S_COMPLETE) { + AUTH_GSSAPI_DISPLAY_STATUS(("processing token", +@@ -641,7 +643,7 @@ enum auth_stat gssrpc__svcauth_gssapi( + if (creds.client_handle.length != 0) { + PRINTF(("svcauth_gssapi: freeing client_handle len %d\n", + (int) creds.client_handle.length)); +- xdr_free(xdr_authgssapi_creds, &creds); ++ xdr_free((xdrproc_t)xdr_authgssapi_creds, &creds); + } + + PRINTF(("\n")); +@@ -651,7 +653,7 @@ error: + if (creds.client_handle.length != 0) { + PRINTF(("svcauth_gssapi: freeing client_handle len %d\n", + (int) creds.client_handle.length)); +- xdr_free(xdr_authgssapi_creds, &creds); ++ xdr_free((xdrproc_t)xdr_authgssapi_creds, &creds); + } + + PRINTF(("\n")); +@@ -1079,7 +1081,7 @@ void svcauth_gssapi_set_log_miscerr_func( + static bool_t svc_auth_gssapi_wrap( + SVCAUTH *auth, + XDR *out_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + OM_uint32 gssstat, minor_stat; +@@ -1102,7 +1104,7 @@ static bool_t svc_auth_gssapi_wrap( + static bool_t svc_auth_gssapi_unwrap( + SVCAUTH *auth, + XDR *in_xdrs, +- bool_t (*xdr_func)(), ++ xdrproc_t xdr_func, + caddr_t xdr_ptr) + { + svc_auth_gssapi_data *client_data = SVCAUTH_PRIVATE(auth); +diff --git a/src/lib/rpc/svc_simple.c b/src/lib/rpc/svc_simple.c +index 315275f5fd..aa6c0a63d0 100644 +--- a/src/lib/rpc/svc_simple.c ++++ b/src/lib/rpc/svc_simple.c +@@ -48,7 +48,7 @@ static char sccsid[] = "@(#)svc_simple.c 1.18 87/08/11 Copyr 1984 Sun Micro"; + #include + + static struct proglst { +- char *(*p_progname)(); ++ char *(*p_progname)(void *); + int p_prognum; + int p_procnum; + xdrproc_t p_inproc, p_outproc; +@@ -62,7 +62,7 @@ registerrpc( + rpcprog_t prognum, + rpcvers_t versnum, + rpcproc_t procnum, +- char *(*progname)(), ++ char *(*progname)(void *), + xdrproc_t inproc, + xdrproc_t outproc) + { +diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c +index c9a812bc5a..9b907bcdc6 100644 +--- a/src/lib/rpc/unit-test/client.c ++++ b/src/lib/rpc/unit-test/client.c +@@ -42,7 +42,7 @@ char *whoami; + #ifdef __GNUC__ + __attribute__((noreturn)) + #endif +-static void usage() ++static void usage(void) + { + fprintf(stderr, "usage: %s {-t|-u} [-a] [-s num] [-m num] host service [count]\n", + whoami); +@@ -50,9 +50,7 @@ static void usage() + } + + int +-main(argc, argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + char *host, *port, *target, *echo_arg, **echo_resp, buf[BIG_BUF]; + CLIENT *clnt; +@@ -172,7 +170,7 @@ main(argc, argv) + strcmp(echo_arg, (*echo_resp) + 6) != 0) + fprintf(stderr, "RPC_TEST_ECHO call %d response wrong: " + "arg = %s, resp = %s\n", i, echo_arg, *echo_resp); +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + } + + /* +@@ -194,7 +192,7 @@ main(argc, argv) + clnt_perror(clnt, whoami); + } else { + fprintf(stderr, "bad seq didn't cause failure\n"); +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + } + + AUTH_PRIVATE(clnt->cl_auth)->seq_num -= 3; +@@ -207,7 +205,7 @@ main(argc, argv) + if (echo_resp == NULL) + clnt_perror(clnt, "Sequence number improperly reset"); + else +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + + /* + * Now simulate a lost server response, and see if +@@ -219,7 +217,7 @@ main(argc, argv) + if (echo_resp == NULL) + clnt_perror(clnt, "Auto-resynchronization failed"); + else +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + + /* + * Now make sure auto-resyncrhonization actually worked +@@ -229,7 +227,7 @@ main(argc, argv) + if (echo_resp == NULL) + clnt_perror(clnt, "Auto-resynchronization did not work"); + else +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + + if (! auth_once) { + tmp_auth = clnt->cl_auth; +@@ -259,7 +257,7 @@ main(argc, argv) + strcmp(echo_arg, (*echo_resp) + 6) != 0) + fprintf(stderr, + "RPC_TEST_LENGTHS call %d response wrong\n", i); +- gssrpc_xdr_free(xdr_wrapstring, echo_resp); ++ gssrpc_xdr_free((xdrproc_t)xdr_wrapstring, echo_resp); + } + + /* cycle from 1 to 255 */ +diff --git a/src/lib/rpc/unit-test/rpc_test_clnt.c b/src/lib/rpc/unit-test/rpc_test_clnt.c +index 4e4a18a720..b9141672b1 100644 +--- a/src/lib/rpc/unit-test/rpc_test_clnt.c ++++ b/src/lib/rpc/unit-test/rpc_test_clnt.c +@@ -5,9 +5,7 @@ + static struct timeval TIMEOUT = { 25, 0 }; + + char ** +-rpc_test_echo_1(argp, clnt) +- char **argp; +- CLIENT *clnt; ++rpc_test_echo_1(char **argp, CLIENT *clnt) + { + static char *clnt_res; + +diff --git a/src/lib/rpc/unit-test/rpc_test_svc.c b/src/lib/rpc/unit-test/rpc_test_svc.c +index c54c0813db..3aa7674c51 100644 +--- a/src/lib/rpc/unit-test/rpc_test_svc.c ++++ b/src/lib/rpc/unit-test/rpc_test_svc.c +@@ -14,16 +14,14 @@ static int _rpcsvcstate = _IDLE; /* Set when a request is serviced */ + static int _rpcsvccount = 0; /* Number of requests being serviced */ + + void +-rpc_test_prog_1_svc(rqstp, transp) +- struct svc_req *rqstp; +- SVCXPRT *transp; ++rpc_test_prog_1_svc(struct svc_req *rqstp, SVCXPRT *transp) + { + union { + char *rpc_test_echo_1_arg; + } argument; + char *result; +- bool_t (*xdr_argument)(), (*xdr_result)(); +- char *(*local)(); ++ xdrproc_t xdr_argument, xdr_result; ++ char *(*local)(char *, struct svc_req *); + + _rpcsvccount++; + switch (rqstp->rq_proc) { +@@ -35,9 +33,9 @@ rpc_test_prog_1_svc(rqstp, transp) + return; + + case RPC_TEST_ECHO: +- xdr_argument = xdr_wrapstring; +- xdr_result = xdr_wrapstring; +- local = (char *(*)()) rpc_test_echo_1_svc; ++ xdr_argument = (xdrproc_t)xdr_wrapstring; ++ xdr_result = (xdrproc_t)xdr_wrapstring; ++ local = (char *(*)(char *, struct svc_req *)) rpc_test_echo_1_svc; + break; + + default: +@@ -53,7 +51,7 @@ rpc_test_prog_1_svc(rqstp, transp) + _rpcsvcstate = _SERVED; + return; + } +- result = (*local)(&argument, rqstp); ++ result = (*local)((char *)&argument, rqstp); + if (result != NULL && !svc_sendreply(transp, xdr_result, result)) { + svcerr_systemerr(transp); + } +diff --git a/src/lib/rpc/unit-test/server.c b/src/lib/rpc/unit-test/server.c +index c3bbcbf8cf..4400b969f6 100644 +--- a/src/lib/rpc/unit-test/server.c ++++ b/src/lib/rpc/unit-test/server.c +@@ -40,7 +40,7 @@ static void rpc_test_badverf(gss_name_t client, gss_name_t server, + #define SERVICE_NAME "host" + #endif + +-static void usage() ++static void usage(void) + { + fprintf(stderr, "Usage: server {-t|-u} [svc-debug] [misc-debug]\n"); + exit(1); +diff --git a/src/lib/rpc/xdr.c b/src/lib/rpc/xdr.c +index 24c3de4bd9..49c31b3d1b 100644 +--- a/src/lib/rpc/xdr.c ++++ b/src/lib/rpc/xdr.c +@@ -579,14 +579,14 @@ xdr_union( + */ + for (; choices->proc != NULL_xdrproc_t; choices++) { + if (choices->value == dscm) +- return ((*(choices->proc))(xdrs, unp, LASTUNSIGNED)); ++ return choices->proc(xdrs, unp); + } + + /* + * no match - execute the default xdr routine if there is one + */ + return ((dfault == NULL_xdrproc_t) ? FALSE : +- (*dfault)(xdrs, unp, LASTUNSIGNED)); ++ (*dfault)(xdrs, unp)); + } + + +diff --git a/src/lib/rpc/xdr_array.c b/src/lib/rpc/xdr_array.c +index aeaa7f2bb0..3507d53aef 100644 +--- a/src/lib/rpc/xdr_array.c ++++ b/src/lib/rpc/xdr_array.c +@@ -113,7 +113,7 @@ xdr_array( + * now we xdr each element of array + */ + for (i = 0; (i < c) && stat; i++) { +- stat = (*elproc)(xdrs, target, LASTUNSIGNED); ++ stat = (*elproc)(xdrs, target); + target += elsize; + } + +@@ -150,7 +150,7 @@ xdr_vector( + + elptr = basep; + for (i = 0; i < nelem; i++) { +- if (! (*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) { ++ if (! (*xdr_elem)(xdrs, elptr)) { + return(FALSE); + } + elptr += elemsize; +diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c +index 1f6a7762fd..185254018a 100644 +--- a/src/lib/rpc/xdr_rec.c ++++ b/src/lib/rpc/xdr_rec.c +@@ -99,7 +99,7 @@ typedef struct rec_strm { + /* + * out-goung bits + */ +- int (*writeit)(); ++ int (*writeit)(caddr_t, caddr_t, int); + caddr_t out_base; /* output buffer (points to frag header) */ + caddr_t out_finger; /* next output position */ + caddr_t out_boundry; /* data cannot up to this address */ +@@ -108,7 +108,7 @@ typedef struct rec_strm { + /* + * in-coming bits + */ +- int (*readit)(); ++ int (*readit)(caddr_t, caddr_t, int); + uint32_t in_size; /* fixed size of the input buffer */ + caddr_t in_base; + caddr_t in_finger; /* location of next byte to be had */ +@@ -140,8 +140,10 @@ xdrrec_create( + u_int sendsize, + u_int recvsize, + caddr_t tcp_handle, +- int (*readit)(), /* like read, but pass it a tcp_handle, not sock */ +- int (*writeit)() /* like write, but pass it a tcp_handle, not sock */ ++ /* like read, but pass it a tcp_handle, not sock */ ++ int (*readit)(caddr_t, caddr_t, int), ++ /* like write, but pass it a tcp_handle, not sock */ ++ int (*writeit)(caddr_t, caddr_t, int) + ) + { + RECSTREAM *rstrm = mem_alloc(sizeof(RECSTREAM)); +@@ -528,8 +530,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len) + } + + static bool_t /* next four bytes of input stream are treated as a header */ +-set_input_fragment(rstrm) +- RECSTREAM *rstrm; ++set_input_fragment(RECSTREAM *rstrm) + { + uint32_t header; + +diff --git a/src/lib/rpc/xdr_reference.c b/src/lib/rpc/xdr_reference.c +index eff279dadf..f3d4b7dfb8 100644 +--- a/src/lib/rpc/xdr_reference.c ++++ b/src/lib/rpc/xdr_reference.c +@@ -47,8 +47,6 @@ static char sccsid[] = "@(#)xdr_reference.c 1.11 87/08/11 SMI"; + #include + #include + +-#define LASTUNSIGNED ((u_int)0-1) +- + /* + * XDR an indirect pointer + * xdr_reference is for recursively translating a structure that is +@@ -88,7 +86,7 @@ xdr_reference( + break; + } + +- stat = (*proc)(xdrs, loc, LASTUNSIGNED); ++ stat = (*proc)(xdrs, loc); + + if (xdrs->x_op == XDR_FREE) { + mem_free(loc, size); +diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c +index 5b77fa6ac0..0c460e7cdb 100644 +--- a/src/lib/rpc/xdr_sizeof.c ++++ b/src/lib/rpc/xdr_sizeof.c +@@ -43,9 +43,7 @@ + + /* ARGSUSED */ + static bool_t +-x_putlong(xdrs, longp) +- XDR *xdrs; +- long *longp; ++x_putlong(XDR *xdrs, long *longp) + { + xdrs->x_handy += BYTES_PER_XDR_UNIT; + return (TRUE); +@@ -53,10 +51,7 @@ x_putlong(xdrs, longp) + + /* ARGSUSED */ + static bool_t +-x_putbytes(xdrs, bp, len) +- XDR *xdrs; +- char *bp; +- int len; ++x_putbytes(XDR *xdrs, char *bp, u_int len) + { + xdrs->x_handy += len; + +@@ -64,26 +59,21 @@ x_putbytes(xdrs, bp, len) + } + + static u_int +-x_getpostn(xdrs) +- XDR *xdrs; ++x_getpostn(XDR *xdrs) + { + return (xdrs->x_handy); + } + + /* ARGSUSED */ + static bool_t +-x_setpostn(xdrs, pos) +- XDR *xdrs; +- u_int pos; ++x_setpostn(XDR *xdrs, u_int pos) + { + /* This is not allowed */ + return (FALSE); + } + + static rpc_inline_t * +-x_inline(xdrs, len) +- XDR *xdrs; +- int len; ++x_inline(XDR *xdrs, int len) + { + if (len == 0) { + return (NULL); +@@ -110,15 +100,14 @@ x_inline(xdrs, len) + } + + static int +-harmless() ++harmless(void) + { + /* Always return FALSE/NULL, as the case may be */ + return (0); + } + + static void +-x_destroy(xdrs) +- XDR *xdrs; ++x_destroy(XDR *xdrs) + { + xdrs->x_handy = 0; + xdrs->x_private = NULL; +@@ -130,9 +119,7 @@ x_destroy(xdrs) + } + + unsigned long +-xdr_sizeof(func, data) +- xdrproc_t func; +- void *data; ++xdr_sizeof(xdrproc_t func, void *data) + { + XDR x; + struct xdr_ops ops; +diff --git a/src/plugins/kdb/db2/db2_exp.c b/src/plugins/kdb/db2/db2_exp.c +index 7cf8aa4d99..9b75f34a11 100644 +--- a/src/plugins/kdb/db2/db2_exp.c ++++ b/src/plugins/kdb/db2/db2_exp.c +@@ -68,7 +68,7 @@ k5_mutex_t *krb5_db2_mutex; + return result; \ + } \ + /* hack: decl to allow a following ";" */ \ +- static TYPE wrap_##NAME () ++ static TYPE wrap_##NAME ARGLIST + + /* Two special cases: void (can't assign result), and krb5_error_code + (return error from locking code). */ +@@ -81,7 +81,7 @@ k5_mutex_t *krb5_db2_mutex; + k5_mutex_unlock (krb5_db2_mutex); \ + } \ + /* hack: decl to allow a following ";" */ \ +- static void wrap_##NAME () ++ static void wrap_##NAME ARGLIST + + #define WRAP_K(NAME,ARGLIST,ARGNAMES) \ + WRAP(NAME,krb5_error_code,ARGLIST,ARGNAMES) +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_close.c b/src/plugins/kdb/db2/libdb2/btree/bt_close.c +index 11be134113..f12d74ba32 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_close.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_close.c +@@ -61,8 +61,7 @@ static int bt_meta __P((BTREE *)); + * RET_ERROR, RET_SUCCESS + */ + int +-__bt_close(dbp) +- DB *dbp; ++__bt_close(DB *dbp) + { + BTREE *t; + int fd; +@@ -116,9 +115,7 @@ __bt_close(dbp) + * RET_SUCCESS, RET_ERROR. + */ + int +-__bt_sync(dbp, flags) +- const DB *dbp; +- u_int flags; ++__bt_sync(const DB *dbp, u_int flags) + { + BTREE *t; + int status; +@@ -160,8 +157,7 @@ __bt_sync(dbp, flags) + * RET_ERROR, RET_SUCCESS + */ + static int +-bt_meta(t) +- BTREE *t; ++bt_meta(BTREE *t) + { + BTMETA m; + void *p; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_conv.c b/src/plugins/kdb/db2/libdb2/btree/bt_conv.c +index c0644ed713..99c4af56c0 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_conv.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_conv.c +@@ -59,10 +59,7 @@ static void mswap __P((PAGE *)); + * h: page to convert + */ + void +-__bt_pgin(t, pg, pp) +- void *t; +- db_pgno_t pg; +- void *pp; ++__bt_pgin(void *t, db_pgno_t pg, void *pp) + { + PAGE *h; + indx_t i, top; +@@ -128,10 +125,7 @@ __bt_pgin(t, pg, pp) + } + + void +-__bt_pgout(t, pg, pp) +- void *t; +- db_pgno_t pg; +- void *pp; ++__bt_pgout(void *t, db_pgno_t pg, void *pp) + { + PAGE *h; + indx_t i, top; +@@ -203,8 +197,7 @@ __bt_pgout(t, pg, pp) + * p: page to convert + */ + static void +-mswap(pg) +- PAGE *pg; ++mswap(PAGE *pg) + { + char *p; + +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_delete.c b/src/plugins/kdb/db2/libdb2/btree/bt_delete.c +index 28cc24d15a..f8dd59e85a 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_delete.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_delete.c +@@ -59,10 +59,7 @@ static int __bt_stkacq __P((BTREE *, PAGE **, CURSOR *)); + * Return RET_SPECIAL if the key is not found. + */ + int +-__bt_delete(dbp, key, flags) +- const DB *dbp; +- const DBT *key; +- u_int flags; ++__bt_delete(const DB *dbp, const DBT *key, u_int flags) + { + BTREE *t; + CURSOR *c; +@@ -140,10 +137,7 @@ __bt_delete(dbp, key, flags) + * 0 on success, 1 on failure + */ + static int +-__bt_stkacq(t, hp, c) +- BTREE *t; +- PAGE **hp; +- CURSOR *c; ++__bt_stkacq(BTREE *t, PAGE **hp, CURSOR *c) + { + BINTERNAL *bi; + EPG *e; +@@ -288,9 +282,7 @@ ret: mpool_put(t->bt_mp, h, 0); + * RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found. + */ + static int +-__bt_bdelete(t, key) +- BTREE *t; +- const DBT *key; ++__bt_bdelete(BTREE *t, const DBT *key) + { + EPG *e; + PAGE *h; +@@ -375,9 +367,7 @@ loop: if ((e = __bt_search(t, key, &exact)) == NULL) + * mpool_put's the page + */ + static int +-__bt_pdelete(t, h) +- BTREE *t; +- PAGE *h; ++__bt_pdelete(BTREE *t, PAGE *h) + { + BINTERNAL *bi; + PAGE *pg; +@@ -471,11 +461,7 @@ __bt_pdelete(t, h) + * RET_SUCCESS, RET_ERROR. + */ + int +-__bt_dleaf(t, key, h, idx) +- BTREE *t; +- const DBT *key; +- PAGE *h; +- u_int idx; ++__bt_dleaf(BTREE *t, const DBT *key, PAGE *h, u_int idx) + { + BLEAF *bl; + indx_t cnt, *ip, offset; +@@ -536,11 +522,7 @@ __bt_dleaf(t, key, h, idx) + * RET_SUCCESS, RET_ERROR. + */ + static int +-__bt_curdel(t, key, h, idx) +- BTREE *t; +- const DBT *key; +- PAGE *h; +- u_int idx; ++__bt_curdel(BTREE *t, const DBT *key, PAGE *h, u_int idx) + { + CURSOR *c; + EPG e; +@@ -635,9 +617,7 @@ dup2: c->pg.pgno = e.page->pgno; + * h: page to be deleted + */ + int +-__bt_relink(t, h) +- BTREE *t; +- PAGE *h; ++__bt_relink(BTREE *t, PAGE *h) + { + PAGE *pg; + +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_get.c b/src/plugins/kdb/db2/libdb2/btree/bt_get.c +index b6318211a1..012a341b25 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_get.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_get.c +@@ -60,11 +60,7 @@ static char sccsid[] = "@(#)bt_get.c 8.6 (Berkeley) 7/20/94"; + * RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found. + */ + int +-__bt_get(dbp, key, data, flags) +- const DB *dbp; +- const DBT *key; +- DBT *data; +- u_int flags; ++__bt_get(const DB *dbp, const DBT *key, DBT *data, u_int flags) + { + BTREE *t; + EPG *e; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +index d5809a5a93..a2910422eb 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +@@ -90,10 +90,8 @@ static int tmp __P((void)); + * + */ + DB * +-__bt_open(fname, flags, mode, openinfo, dflags) +- const char *fname; +- int flags, mode, dflags; +- const BTREEINFO *openinfo; ++__bt_open(const char *fname, int flags, int mode, const BTREEINFO *openinfo, ++ int dflags) + { + struct stat sb; + BTMETA m; +@@ -353,8 +351,7 @@ err: if (t) { + * RET_ERROR, RET_SUCCESS + */ + static int +-nroot(t) +- BTREE *t; ++nroot(BTREE *t) + { + PAGE *meta, *root; + db_pgno_t npg; +@@ -459,8 +456,7 @@ byteorder() + } + + int +-__bt_fd(dbp) +- const DB *dbp; ++__bt_fd(const DB *dbp) + { + BTREE *t; + +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c b/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c +index 8b1f597912..8301b5d19d 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_overflow.c +@@ -77,12 +77,7 @@ static char sccsid[] = "@(#)bt_overflow.c 8.5 (Berkeley) 7/16/94"; + * RET_ERROR, RET_SUCCESS + */ + int +-__ovfl_get(t, p, ssz, buf, bufsz) +- BTREE *t; +- void *p; +- size_t *ssz; +- void **buf; +- size_t *bufsz; ++__ovfl_get(BTREE *t, void *p, size_t *ssz, void **buf, size_t *bufsz) + { + PAGE *h; + db_pgno_t pg; +@@ -136,10 +131,7 @@ __ovfl_get(t, p, ssz, buf, bufsz) + * RET_ERROR, RET_SUCCESS + */ + int +-__ovfl_put(t, dbt, pg) +- BTREE *t; +- const DBT *dbt; +- db_pgno_t *pg; ++__ovfl_put(BTREE *t, const DBT *dbt, db_pgno_t *pg) + { + PAGE *h, *last; + void *p; +@@ -190,9 +182,7 @@ __ovfl_put(t, dbt, pg) + * RET_ERROR, RET_SUCCESS + */ + int +-__ovfl_delete(t, p) +- BTREE *t; +- void *p; ++__ovfl_delete(BTREE *t, void *p) + { + PAGE *h; + db_pgno_t pg; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_page.c b/src/plugins/kdb/db2/libdb2/btree/bt_page.c +index 3663cf7f93..38aa39acfb 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_page.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_page.c +@@ -57,9 +57,7 @@ static char sccsid[] = "@(#)bt_page.c 8.4 (Berkeley) 11/2/95"; + * mpool_put's the page. + */ + int +-__bt_free(t, h) +- BTREE *t; +- PAGE *h; ++__bt_free(BTREE *t, PAGE *h) + { + /* Insert the page at the head of the free list. */ + h->prevpg = P_INVALID; +@@ -83,9 +81,7 @@ __bt_free(t, h) + * Pointer to a page, NULL on error. + */ + PAGE * +-__bt_new(t, npg) +- BTREE *t; +- db_pgno_t *npg; ++__bt_new(BTREE *t, db_pgno_t *npg) + { + PAGE *h; + +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_put.c b/src/plugins/kdb/db2/libdb2/btree/bt_put.c +index 7d6592841a..1303c0baef 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_put.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_put.c +@@ -64,11 +64,7 @@ static EPG *bt_fast __P((BTREE *, const DBT *, const DBT *, int *)); + * tree and R_NOOVERWRITE specified. + */ + int +-__bt_put(dbp, key, data, flags) +- const DB *dbp; +- DBT *key; +- const DBT *data; +- u_int flags; ++__bt_put(const DB *dbp, DBT *key, const DBT *data, u_int flags) + { + BTREE *t; + DBT tkey, tdata; +@@ -272,10 +268,7 @@ u_long bt_cache_hit, bt_cache_miss; + * EPG for new record or NULL if not found. + */ + static EPG * +-bt_fast(t, key, data, exactp) +- BTREE *t; +- const DBT *key, *data; +- int *exactp; ++bt_fast(BTREE *t, const DBT *key, const DBT *data, int *exactp) + { + PAGE *h; + u_int32_t nbytes; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_search.c b/src/plugins/kdb/db2/libdb2/btree/bt_search.c +index c633d14dc6..ed512ccb65 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_search.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_search.c +@@ -63,10 +63,7 @@ static int __bt_sprev __P((BTREE *, PAGE *, const DBT *, int *)); + * the bt_cur field of the tree. A pointer to the field is returned. + */ + EPG * +-__bt_search(t, key, exactp) +- BTREE *t; +- const DBT *key; +- int *exactp; ++__bt_search(BTREE *t, const DBT *key, int *exactp) + { + PAGE *h; + indx_t base, idx, lim; +@@ -148,11 +145,7 @@ next: BT_PUSH(t, h->pgno, idx); + * If an exact match found. + */ + static int +-__bt_snext(t, h, key, exactp) +- BTREE *t; +- PAGE *h; +- const DBT *key; +- int *exactp; ++__bt_snext(BTREE *t, PAGE *h, const DBT *key, int *exactp) + { + BINTERNAL *bi; + EPG e; +@@ -228,11 +221,7 @@ __bt_snext(t, h, key, exactp) + * If an exact match found. + */ + static int +-__bt_sprev(t, h, key, exactp) +- BTREE *t; +- PAGE *h; +- const DBT *key; +- int *exactp; ++__bt_sprev(BTREE *t, PAGE *h, const DBT *key, int *exactp) + { + BINTERNAL *bi; + EPG e; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c +index 2c8c2de96c..97db44abc8 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_seq.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_seq.c +@@ -102,10 +102,7 @@ static int bt_rseq_prev(BTREE *, EPG *); + * RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key. + */ + int +-__bt_seq(dbp, key, data, flags) +- const DB *dbp; +- DBT *key, *data; +- u_int flags; ++__bt_seq(const DB *dbp, DBT *key, DBT *data, u_int flags) + { + BTREE *t; + EPG e; +@@ -179,11 +176,7 @@ __bt_seq(dbp, key, data, flags) + * RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key. + */ + static int +-__bt_seqset(t, ep, key, flags) +- BTREE *t; +- EPG *ep; +- DBT *key; +- int flags; ++__bt_seqset(BTREE *t, EPG *ep, DBT *key, int flags) + { + PAGE *h; + db_pgno_t pg; +@@ -273,10 +266,7 @@ __bt_seqset(t, ep, key, flags) + * RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key. + */ + static int +-__bt_seqadv(t, ep, flags) +- BTREE *t; +- EPG *ep; +- int flags; ++__bt_seqadv(BTREE *t, EPG *ep, int flags) + { + CURSOR *c; + PAGE *h; +@@ -495,11 +485,7 @@ bt_rseq_prev(BTREE *t, EPG *ep) + * or RET_SPECIAL if no such key exists. + */ + static int +-__bt_first(t, key, erval, exactp) +- BTREE *t; +- const DBT *key; +- EPG *erval; +- int *exactp; ++__bt_first(BTREE *t, const DBT *key, EPG *erval, int *exactp) + { + PAGE *h, *hprev; + EPG *ep, save; +@@ -596,10 +582,7 @@ __bt_first(t, key, erval, exactp) + * index: page index + */ + void +-__bt_setcur(t, pgno, idx) +- BTREE *t; +- db_pgno_t pgno; +- u_int idx; ++__bt_setcur(BTREE *t, db_pgno_t pgno, u_int idx) + { + /* Lose any already deleted key. */ + if (t->bt_cursor.key.data != NULL) { +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_split.c b/src/plugins/kdb/db2/libdb2/btree/bt_split.c +index c7e4e72a90..8901bd64be 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_split.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_split.c +@@ -79,13 +79,8 @@ u_long bt_rootsplit, bt_split, bt_sortsplit, bt_pfxsaved; + * RET_ERROR, RET_SUCCESS + */ + int +-__bt_split(t, sp, key, data, flags, ilen, argskip) +- BTREE *t; +- PAGE *sp; +- const DBT *key, *data; +- int flags; +- size_t ilen; +- u_int32_t argskip; ++__bt_split(BTREE *t, PAGE *sp, const DBT *key, const DBT *data, int flags, ++ size_t ilen, u_int32_t argskip) + { + BINTERNAL *bi = NULL; + BLEAF *bl = NULL, *tbl; +@@ -345,11 +340,7 @@ err2: mpool_put(t->bt_mp, l, 0); + * Pointer to page in which to insert or NULL on error. + */ + static PAGE * +-bt_page(t, h, lp, rp, skip, ilen) +- BTREE *t; +- PAGE *h, **lp, **rp; +- indx_t *skip; +- size_t ilen; ++bt_page(BTREE *t, PAGE *h, PAGE **lp, PAGE **rp, indx_t *skip, size_t ilen) + { + PAGE *l, *r, *tp; + db_pgno_t npg; +@@ -450,11 +441,7 @@ bt_page(t, h, lp, rp, skip, ilen) + * Pointer to page in which to insert or NULL on error. + */ + static PAGE * +-bt_root(t, h, lp, rp, skip, ilen) +- BTREE *t; +- PAGE *h, **lp, **rp; +- indx_t *skip; +- size_t ilen; ++bt_root(BTREE *t, PAGE *h, PAGE **lp, PAGE **rp, indx_t *skip, size_t ilen) + { + PAGE *l, *r, *tp; + db_pgno_t lnpg, rnpg; +@@ -497,9 +484,7 @@ bt_root(t, h, lp, rp, skip, ilen) + * RET_ERROR, RET_SUCCESS + */ + static int +-bt_rroot(t, h, l, r) +- BTREE *t; +- PAGE *h, *l, *r; ++bt_rroot(BTREE *t, PAGE *h, PAGE *l, PAGE *r) + { + char *dest; + +@@ -537,9 +522,7 @@ bt_rroot(t, h, l, r) + * RET_ERROR, RET_SUCCESS + */ + static int +-bt_broot(t, h, l, r) +- BTREE *t; +- PAGE *h, *l, *r; ++bt_broot(BTREE *t, PAGE *h, PAGE *l, PAGE *r) + { + BINTERNAL *bi; + BLEAF *bl; +@@ -617,11 +600,7 @@ bt_broot(t, h, l, r) + * Pointer to page in which to insert. + */ + static PAGE * +-bt_psplit(t, h, l, r, pskip, ilen) +- BTREE *t; +- PAGE *h, *l, *r; +- indx_t *pskip; +- size_t ilen; ++bt_psplit(BTREE *t, PAGE *h, PAGE *l, PAGE *r, indx_t *pskip, size_t ilen) + { + BINTERNAL *bi; + BLEAF *bl; +@@ -796,9 +775,7 @@ bt_psplit(t, h, l, r, pskip, ilen) + * RET_SUCCESS, RET_ERROR. + */ + static int +-bt_preserve(t, pg) +- BTREE *t; +- db_pgno_t pg; ++bt_preserve(BTREE *t, db_pgno_t pg) + { + PAGE *h; + +@@ -824,8 +801,7 @@ bt_preserve(t, pg) + * all the way back to bt_split/bt_rroot and it's not very clean. + */ + static recno_t +-rec_total(h) +- PAGE *h; ++rec_total(PAGE *h) + { + recno_t recs; + indx_t nxt, top; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_utils.c b/src/plugins/kdb/db2/libdb2/btree/bt_utils.c +index be2f24f219..13d1f2c84f 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_utils.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_utils.c +@@ -64,11 +64,8 @@ static char sccsid[] = "@(#)bt_utils.c 8.8 (Berkeley) 7/20/94"; + * RET_SUCCESS, RET_ERROR. + */ + int +-__bt_ret(t, e, key, rkey, data, rdata, copy) +- BTREE *t; +- EPG *e; +- DBT *key, *rkey, *data, *rdata; +- int copy; ++__bt_ret(BTREE *t, EPG *e, DBT *key, DBT *rkey, DBT *data, DBT *rdata, ++ int copy) + { + BLEAF *bl; + void *p; +@@ -150,10 +147,7 @@ dataonly: + * > 0 if k1 is > record + */ + int +-__bt_cmp(t, k1, e) +- BTREE *t; +- const DBT *k1; +- EPG *e; ++__bt_cmp(BTREE *t, const DBT *k1, EPG *e) + { + BINTERNAL *bi; + BLEAF *bl; +@@ -213,8 +207,7 @@ __bt_cmp(t, k1, e) + * > 0 if a is > b + */ + int +-__bt_defcmp(a, b) +- const DBT *a, *b; ++__bt_defcmp(const DBT *a, const DBT *b) + { + size_t len; + u_char *p1, *p2; +@@ -243,8 +236,7 @@ __bt_defcmp(a, b) + * Number of bytes needed to distinguish b from a. + */ + size_t +-__bt_defpfx(a, b) +- const DBT *a, *b; ++__bt_defpfx(const DBT *a, const DBT *b) + { + u_char *p1, *p2; + size_t cnt, len; +diff --git a/src/plugins/kdb/db2/libdb2/db/db.c b/src/plugins/kdb/db2/libdb2/db/db.c +index fba7795342..f85484f077 100644 +--- a/src/plugins/kdb/db2/libdb2/db/db.c ++++ b/src/plugins/kdb/db2/libdb2/db/db.c +@@ -45,11 +45,8 @@ static char sccsid[] = "@(#)db.c 8.4 (Berkeley) 2/21/94"; + #include "db-int.h" + + DB * +-kdb2_dbopen(fname, flags, mode, type, openinfo) +- const char *fname; +- int flags, mode; +- DBTYPE type; +- const void *openinfo; ++kdb2_dbopen(const char *fname, int flags, int mode, DBTYPE type, ++ const void *openinfo) + { + + #define DB_FLAGS (DB_LOCK | DB_SHMEM | DB_TXN) +@@ -74,7 +71,7 @@ kdb2_dbopen(fname, flags, mode, type, openinfo) + } + + static int +-__dberr() ++__dberr(void) + { + return (RET_ERROR); + } +@@ -86,14 +83,15 @@ __dberr() + * dbp: pointer to the DB structure. + */ + void +-__dbpanic(dbp) +- DB *dbp; ++__dbpanic(DB *dbp) + { + /* The only thing that can succeed is a close. */ +- dbp->del = (int (*)())__dberr; +- dbp->fd = (int (*)())__dberr; +- dbp->get = (int (*)())__dberr; +- dbp->put = (int (*)())__dberr; +- dbp->seq = (int (*)())__dberr; +- dbp->sync = (int (*)())__dberr; ++ dbp->del = (int (*)(const struct __db *, const DBT *, u_int))__dberr; ++ dbp->fd = (int (*)(const struct __db *))__dberr; ++ dbp->get = (int (*)(const struct __db *, const DBT *, DBT *, ++ u_int))__dberr; ++ dbp->put = (int (*)(const struct __db *, DBT *, const DBT *, ++ u_int))__dberr; ++ dbp->seq = (int (*)(const struct __db *, DBT *, DBT *, u_int))__dberr; ++ dbp->sync = (int (*)(const struct __db *, u_int))__dberr; + } +diff --git a/src/plugins/kdb/db2/libdb2/hash/dbm.c b/src/plugins/kdb/db2/libdb2/hash/dbm.c +index 4878cbc0b6..2dca256dc3 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/dbm.c ++++ b/src/plugins/kdb/db2/libdb2/hash/dbm.c +@@ -69,8 +69,7 @@ static DBM *__cur_db; + static void no_open_db __P((void)); + + int +-kdb2_dbminit(file) +- char *file; ++kdb2_dbminit(char *file) + { + if (__cur_db != NULL) + (void)kdb2_dbm_close(__cur_db); +@@ -82,8 +81,7 @@ kdb2_dbminit(file) + } + + datum +-kdb2_fetch(key) +- datum key; ++kdb2_fetch(datum key) + { + datum item; + +@@ -111,8 +109,7 @@ kdb2_firstkey() + } + + datum +-kdb2_nextkey(key) +- datum key; ++kdb2_nextkey(datum key) + { + datum item; + +@@ -126,8 +123,7 @@ kdb2_nextkey(key) + } + + int +-kdb2_delete(key) +- datum key; ++kdb2_delete(datum key) + { + if (__cur_db == NULL) { + no_open_db(); +@@ -137,8 +133,7 @@ kdb2_delete(key) + } + + int +-kdb2_store(key, dat) +- datum key, dat; ++kdb2_store(datum key, datum dat) + { + if (__cur_db == NULL) { + no_open_db(); +@@ -159,9 +154,7 @@ no_open_db() + * NULL on failure + */ + DBM * +-kdb2_dbm_open(file, flags, mode) +- const char *file; +- int flags, mode; ++kdb2_dbm_open(const char *file, int flags, int mode) + { + HASHINFO info; + char path[MAXPATHLEN]; +@@ -183,8 +176,7 @@ kdb2_dbm_open(file, flags, mode) + * Nothing. + */ + void +-kdb2_dbm_close(db) +- DBM *db; ++kdb2_dbm_close(DBM *db) + { + (void)(db->close)(db); + } +@@ -195,9 +187,7 @@ kdb2_dbm_close(db) + * NULL on failure + */ + datum +-kdb2_dbm_fetch(db, key) +- DBM *db; +- datum key; ++kdb2_dbm_fetch(DBM *db, datum key) + { + datum retval; + int status; +@@ -226,8 +216,7 @@ kdb2_dbm_fetch(db, key) + * NULL on failure + */ + datum +-kdb2_dbm_firstkey(db) +- DBM *db; ++kdb2_dbm_firstkey(DBM *db) + { + int status; + datum retkey; +@@ -254,8 +243,7 @@ kdb2_dbm_firstkey(db) + * NULL on failure + */ + datum +-kdb2_dbm_nextkey(db) +- DBM *db; ++kdb2_dbm_nextkey(DBM *db) + { + int status; + datum retkey; +@@ -282,9 +270,7 @@ kdb2_dbm_nextkey(db) + * <0 failure + */ + int +-kdb2_dbm_delete(db, key) +- DBM *db; +- datum key; ++kdb2_dbm_delete(DBM *db, datum key) + { + int status; + +@@ -310,10 +296,7 @@ kdb2_dbm_delete(db, key) + * 1 if DBM_INSERT and entry exists + */ + int +-kdb2_dbm_store(db, key, content, flags) +- DBM *db; +- datum key, content; +- int flags; ++kdb2_dbm_store(DBM *db, datum key, datum content, int flags) + { + #ifdef NEED_COPY + DBT k, c; +@@ -331,8 +314,7 @@ kdb2_dbm_store(db, key, content, flags) + } + + int +-kdb2_dbm_error(db) +- DBM *db; ++kdb2_dbm_error(DBM *db) + { + HTAB *hp; + +@@ -341,8 +323,7 @@ kdb2_dbm_error(db) + } + + int +-kdb2_dbm_clearerr(db) +- DBM *db; ++kdb2_dbm_clearerr(DBM *db) + { + HTAB *hp; + +@@ -352,8 +333,7 @@ kdb2_dbm_clearerr(db) + } + + int +-kdb2_dbm_dirfno(db) +- DBM *db; ++kdb2_dbm_dirfno(DBM *db) + { + return(((HTAB *)db->internal)->fp); + } +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c +index 686a960c96..9528b62538 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash.c +@@ -95,10 +95,8 @@ u_int32_t hash_accesses, hash_collisions, hash_expansions, hash_overflows, + /* OPEN/CLOSE */ + + extern DB * +-__kdb2_hash_open(file, flags, mode, info, dflags) +- const char *file; +- int flags, mode, dflags; +- const HASHINFO *info; /* Special directives for create */ ++__kdb2_hash_open(const char *file, int flags, int mode, const HASHINFO *info, ++ int dflags) + { + struct stat statbuf; + DB *dbp; +@@ -261,8 +259,7 @@ error0: + } + + static int32_t +-hash_close(dbp) +- DB *dbp; ++hash_close(DB *dbp) + { + HTAB *hashp; + int32_t retval; +@@ -277,8 +274,7 @@ hash_close(dbp) + } + + static int32_t +-hash_fd(dbp) +- const DB *dbp; ++hash_fd(const DB *dbp) + { + HTAB *hashp; + +@@ -295,10 +291,7 @@ hash_fd(dbp) + + /************************** LOCAL CREATION ROUTINES **********************/ + static HTAB * +-init_hash(hashp, file, info) +- HTAB *hashp; +- const char *file; +- const HASHINFO *info; ++init_hash(HTAB *hashp, const char *file, const HASHINFO *info) + { + struct stat statbuf; + +@@ -350,9 +343,7 @@ init_hash(hashp, file, info) + * Returns 0 on No Error + */ + static int32_t +-init_htab(hashp, nelem) +- HTAB *hashp; +- int32_t nelem; ++init_htab(HTAB *hashp, int32_t nelem) + { + int32_t l2, nbuckets; + +@@ -404,9 +395,7 @@ init_htab(hashp, nelem) + * Functions to get/put hash header. We access the file directly. + */ + static u_int32_t +-hget_header(hashp, page_size) +- HTAB *hashp; +- u_int32_t page_size; ++hget_header(HTAB *hashp, u_int32_t page_size) + { + u_int32_t num_copied; + u_int8_t *hdr_dest; +@@ -432,8 +421,7 @@ hget_header(hashp, page_size) + } + + static void +-hput_header(hashp) +- HTAB *hashp; ++hput_header(HTAB *hashp) + { + HASHHDR *whdrp; + #if DB_BYTE_ORDER == DB_LITTLE_ENDIAN +@@ -463,8 +451,7 @@ hput_header(hashp) + * structure, freeing all allocated space. + */ + static int32_t +-hdestroy(hashp) +- HTAB *hashp; ++hdestroy(HTAB *hashp) + { + int32_t save_errno; + +@@ -550,9 +537,7 @@ hdestroy(hashp) + * -1 ERROR + */ + static int32_t +-hash_sync(dbp, flags) +- const DB *dbp; +- u_int32_t flags; ++hash_sync(const DB *dbp, u_int32_t flags) + { + HTAB *hashp; + +@@ -571,8 +556,7 @@ hash_sync(dbp, flags) + * -1 indicates that errno should be set + */ + static int32_t +-flush_meta(hashp) +- HTAB *hashp; ++flush_meta(HTAB *hashp) + { + int32_t i; + +@@ -608,11 +592,7 @@ flush_meta(hashp) + /* *** make sure this is true! */ + + static int32_t +-hash_get(dbp, key, data, flag) +- const DB *dbp; +- const DBT *key; +- DBT *data; +- u_int32_t flag; ++hash_get(const DB *dbp, const DBT *key, DBT *data, u_int32_t flag) + { + HTAB *hashp; + +@@ -625,11 +605,7 @@ hash_get(dbp, key, data, flag) + } + + static int32_t +-hash_put(dbp, key, data, flag) +- const DB *dbp; +- DBT *key; +- const DBT *data; +- u_int32_t flag; ++hash_put(const DB *dbp, DBT *key, const DBT *data, u_int32_t flag) + { + HTAB *hashp; + +@@ -647,10 +623,7 @@ hash_put(dbp, key, data, flag) + } + + static int32_t +-hash_delete(dbp, key, flag) +- const DB *dbp; +- const DBT *key; +- u_int32_t flag; /* Ignored */ ++hash_delete(const DB *dbp, const DBT *key, u_int32_t flag) + { + HTAB *hashp; + +@@ -671,11 +644,7 @@ hash_delete(dbp, key, flag) + * Assume that hashp has been set in wrapper routine. + */ + static int32_t +-hash_access(hashp, action, key, val) +- HTAB *hashp; +- ACTION action; +- const DBT *key; +- DBT *val; ++hash_access(HTAB *hashp, ACTION action, const DBT *key, DBT *val) + { + DBT page_key, page_val; + CURSOR cursor; +@@ -792,8 +761,7 @@ found: __get_item_done(hashp, &cursor); + + /* ****************** CURSORS ********************************** */ + CURSOR * +-__cursor_creat(dbp) +- const DB *dbp; ++__cursor_creat(const DB *dbp) + { + CURSOR *new_curs; + HTAB *hashp; +@@ -824,11 +792,7 @@ __cursor_creat(dbp) + } + + static int32_t +-cursor_get(dbp, cursorp, key, val, flags) +- const DB *dbp; +- CURSOR *cursorp; +- DBT *key, *val; +- u_int32_t flags; ++cursor_get(const DB *dbp, CURSOR *cursorp, DBT *key, DBT *val, u_int32_t flags) + { + HTAB *hashp; + ITEM_INFO item_info; +@@ -897,10 +861,7 @@ cursor_get(dbp, cursorp, key, val, flags) + } + + static int32_t +-cursor_delete(dbp, cursor, flags) +- const DB *dbp; +- CURSOR *cursor; +- u_int32_t flags; ++cursor_delete(const DB *dbp, CURSOR *cursor, u_int32_t flags) + { + /* XXX this is empirically determined, so it might not be completely + correct, but it seems to work. At the very least it fixes +@@ -913,10 +874,7 @@ cursor_delete(dbp, cursor, flags) + } + + static int32_t +-hash_seq(dbp, key, val, flag) +- const DB *dbp; +- DBT *key, *val; +- u_int32_t flag; ++hash_seq(const DB *dbp, DBT *key, DBT *val, u_int32_t flag) + { + HTAB *hashp; + +@@ -940,8 +898,7 @@ hash_seq(dbp, key, val, flag) + * -1 ==> Error + */ + int32_t +-__expand_table(hashp) +- HTAB *hashp; ++__expand_table(HTAB *hashp) + { + u_int32_t old_bucket, new_bucket; + int32_t spare_ndx; +@@ -980,10 +937,7 @@ __expand_table(hashp) + } + + u_int32_t +-__call_hash(hashp, k, len) +- HTAB *hashp; +- int8_t *k; +- int32_t len; ++__call_hash(HTAB *hashp, int8_t *k, int32_t len) + { + u_int32_t n, bucket; + +@@ -999,8 +953,7 @@ __call_hash(hashp, k, len) + * Hashp->hdr needs to be byteswapped. + */ + static void +-swap_header_copy(srcp, destp) +- HASHHDR *srcp, *destp; ++swap_header_copy(HASHHDR *srcp, HASHHDR *destp) + { + int32_t i; + +@@ -1025,8 +978,7 @@ swap_header_copy(srcp, destp) + } + + static void +-swap_header(hashp) +- HTAB *hashp; ++swap_header(HTAB *hashp) + { + HASHHDR *hdrp; + int32_t i; +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c b/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c +index 4b95278f53..6befb7a57e 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash_bigkey.c +@@ -83,10 +83,7 @@ static int32_t collect_data __P((HTAB *, PAGE16 *, int32_t)); + * -1 ==> ERROR + */ + int32_t +-__big_insert(hashp, pagep, key, val) +- HTAB *hashp; +- PAGE16 *pagep; +- const DBT *key, *val; ++__big_insert(HTAB *hashp, PAGE16 *pagep, const DBT *key, const DBT *val) + { + size_t key_size, val_size; + indx_t key_move_bytes, val_move_bytes; +@@ -185,11 +182,7 @@ __big_delete(hashp, pagep, ndx) + * -1 error + */ + int32_t +-__find_bigpair(hashp, cursorp, key, size) +- HTAB *hashp; +- CURSOR *cursorp; +- int8_t *key; +- int32_t size; ++__find_bigpair(HTAB *hashp, CURSOR *cursorp, int8_t *key, int32_t size) + { + PAGE16 *pagep, *hold_pagep; + db_pgno_t next_pgno; +@@ -257,11 +250,7 @@ __find_bigpair(hashp, cursorp, key, size) + * Fill in the key and data for this big pair. + */ + int32_t +-__big_keydata(hashp, pagep, key, val, ndx) +- HTAB *hashp; +- PAGE16 *pagep; +- DBT *key, *val; +- int32_t ndx; ++__big_keydata(HTAB *hashp, PAGE16 *pagep, DBT *key, DBT *val, int32_t ndx) + { + ITEM_INFO ii; + PAGE16 *key_pagep; +@@ -315,11 +304,8 @@ __get_bigkey(hashp, pagep, ndx, key) + * Return the big key and data indicated in item_info. + */ + int32_t +-__big_return(hashp, item_info, val, on_bigkey_page) +- HTAB *hashp; +- ITEM_INFO *item_info; +- DBT *val; +- int32_t on_bigkey_page; ++__big_return(HTAB *hashp, ITEM_INFO *item_info, DBT *val, ++ int32_t on_bigkey_page) + { + PAGE16 *pagep; + db_pgno_t next_pgno; +@@ -366,11 +352,7 @@ __big_return(hashp, item_info, val, on_bigkey_page) + * Return total length of data; -1 if error. + */ + static int32_t +-collect_key(hashp, pagep, len, last_page) +- HTAB *hashp; +- PAGE16 *pagep; +- int32_t len; +- db_pgno_t *last_page; ++collect_key(HTAB *hashp, PAGE16 *pagep, int32_t len, db_pgno_t *last_page) + { + PAGE16 *next_pagep; + int32_t totlen, retval; +@@ -434,10 +416,7 @@ collect_key(hashp, pagep, len, last_page) + * Return total length of data; -1 if error. + */ + static int32_t +-collect_data(hashp, pagep, len) +- HTAB *hashp; +- PAGE16 *pagep; +- int32_t len; ++collect_data(HTAB *hashp, PAGE16 *pagep, int32_t len) + { + PAGE16 *next_pagep; + int32_t totlen, retval; +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_func.c b/src/plugins/kdb/db2/libdb2/hash/hash_func.c +index 1dee694608..f169be685e 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash_func.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash_func.c +@@ -66,9 +66,7 @@ u_int32_t (*__default_hash) __P((const void *, size_t)) = hash4; + + #if 0 + static u_int32_t +-hash1(key, len) +- const void *key; +- size_t len; ++hash1(const void *key, size_t len) + { + u_int32_t h; + u_int8_t *k; +@@ -88,9 +86,7 @@ hash1(key, len) + #define dcharhash(h, c) ((h) = 0x63c63cd9*(h) + 0x9c39c33d + (c)) + + static u_int32_t +-hash2(key, len) +- const void *key; +- size_t len; ++hash2(const void *key, size_t len) + { + u_int32_t h; + u_int8_t *e, c, *k; +@@ -116,9 +112,7 @@ hash2(key, len) + * Ozan Yigit's original sdbm hash. + */ + static u_int32_t +-hash3(key, len) +- const void *key; +- size_t len; ++hash3(const void *key, size_t len) + { + u_int32_t n, loop; + u_int8_t *k; +@@ -159,9 +153,7 @@ hash3(key, len) + + /* Chris Torek's hash function. */ + static u_int32_t +-hash4(key, len) +- const void *key; +- size_t len; ++hash4(const void *key, size_t len) + { + u_int32_t h, loop; + const u_int8_t *k; +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_log2.c b/src/plugins/kdb/db2/libdb2/hash/hash_log2.c +index 8c710e5d21..7fdfd854d2 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash_log2.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash_log2.c +@@ -44,8 +44,7 @@ static char sccsid[] = "@(#)hash_log2.c 8.4 (Berkeley) 11/7/95"; + #include "extern.h" + + u_int32_t +-__kdb2_log2(num) +- u_int32_t num; ++__kdb2_log2(u_int32_t num) + { + u_int32_t i, limit; + +diff --git a/src/plugins/kdb/db2/libdb2/hash/hash_page.c b/src/plugins/kdb/db2/libdb2/hash/hash_page.c +index 0da357108a..dba29e0cb5 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hash_page.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hash_page.c +@@ -84,11 +84,8 @@ static void account_page(HTAB *, db_pgno_t, int); + #endif + + u_int32_t +-__get_item(hashp, cursorp, key, val, item_info) +- HTAB *hashp; +- CURSOR *cursorp; +- DBT *key, *val; +- ITEM_INFO *item_info; ++__get_item(HTAB *hashp, CURSOR *cursorp, DBT *key, DBT *val, ++ ITEM_INFO *item_info) + { + db_pgno_t next_pgno; + int32_t i; +@@ -159,9 +156,7 @@ __get_item(hashp, cursorp, key, val, item_info) + } + + u_int32_t +-__get_item_reset(hashp, cursorp) +- HTAB *hashp; +- CURSOR *cursorp; ++__get_item_reset(HTAB *hashp, CURSOR *cursorp) + { + if (cursorp->pagep) + __put_page(hashp, cursorp->pagep, A_RAW, 0); +@@ -174,9 +169,7 @@ __get_item_reset(hashp, cursorp) + } + + u_int32_t +-__get_item_done(hashp, cursorp) +- HTAB *hashp; +- CURSOR *cursorp; ++__get_item_done(HTAB *hashp, CURSOR *cursorp) + { + if (cursorp->pagep) + __put_page(hashp, cursorp->pagep, A_RAW, 0); +@@ -190,11 +183,8 @@ __get_item_done(hashp, cursorp) + } + + u_int32_t +-__get_item_first(hashp, cursorp, key, val, item_info) +- HTAB *hashp; +- CURSOR *cursorp; +- DBT *key, *val; +- ITEM_INFO *item_info; ++__get_item_first(HTAB *hashp, CURSOR *cursorp, DBT *key, DBT *val, ++ ITEM_INFO *item_info) + { + __get_item_reset(hashp, cursorp); + cursorp->bucket = 0; +@@ -206,11 +196,8 @@ __get_item_first(hashp, cursorp, key, val, item_info) + * just returns the page number and index of the bigkey pointer pair. + */ + u_int32_t +-__get_item_next(hashp, cursorp, key, val, item_info) +- HTAB *hashp; +- CURSOR *cursorp; +- DBT *key, *val; +- ITEM_INFO *item_info; ++__get_item_next(HTAB *hashp, CURSOR *cursorp, DBT *key, DBT *val, ++ ITEM_INFO *item_info) + { + int status; + +@@ -224,9 +211,7 @@ __get_item_next(hashp, cursorp, key, val, item_info) + * Put a non-big pair on a page. + */ + static void +-putpair(p, key, val) +- PAGE8 *p; +- const DBT *key, *val; ++putpair(PAGE8 *p, const DBT *key, const DBT *val) + { + u_int16_t *pagep, n, off; + +@@ -275,10 +260,7 @@ prev_realkey(pagep, n) + * -1 error + */ + extern int32_t +-__delpair(hashp, cursorp, item_info) +- HTAB *hashp; +- CURSOR *cursorp; +- ITEM_INFO *item_info; ++__delpair(HTAB *hashp, CURSOR *cursorp, ITEM_INFO *item_info) + { + PAGE16 *pagep; + indx_t ndx; +@@ -412,9 +394,7 @@ __delpair(hashp, cursorp, item_info) + } + + extern int32_t +-__split_page(hashp, obucket, nbucket) +- HTAB *hashp; +- u_int32_t obucket, nbucket; ++__split_page(HTAB *hashp, u_int32_t obucket, u_int32_t nbucket) + { + DBT key, val; + ITEM_INFO old_ii, new_ii; +@@ -661,9 +641,7 @@ add_bigptr(hashp, item_info, big_pgno) + * NULL on error + */ + extern PAGE16 * +-__add_ovflpage(hashp, pagep) +- HTAB *hashp; +- PAGE16 *pagep; ++__add_ovflpage(HTAB *hashp, PAGE16 *pagep) + { + PAGE16 *new_pagep; + u_int16_t ovfl_num; +@@ -768,10 +746,7 @@ page_init(hashp, pagep, pgno, type) + } + + int32_t +-__new_page(hashp, addr, addr_type) +- HTAB *hashp; +- u_int32_t addr; +- int32_t addr_type; ++__new_page(HTAB *hashp, u_int32_t addr, int32_t addr_type) + { + db_pgno_t paddr; + PAGE16 *pagep; +@@ -804,10 +779,7 @@ __new_page(hashp, addr, addr_type) + } + + int32_t +-__delete_page(hashp, pagep, page_type) +- HTAB *hashp; +- PAGE16 *pagep; +- int32_t page_type; ++__delete_page(HTAB *hashp, PAGE16 *pagep, int32_t page_type) + { + if (page_type == A_OVFL) + __free_ovflpage(hashp, pagep); +@@ -815,9 +787,7 @@ __delete_page(hashp, pagep, page_type) + } + + static u_int8_t +-is_bitmap_pgno(hashp, pgno) +- HTAB *hashp; +- db_pgno_t pgno; ++is_bitmap_pgno(HTAB *hashp, db_pgno_t pgno) + { + int32_t i; + +@@ -828,10 +798,7 @@ is_bitmap_pgno(hashp, pgno) + } + + void +-__pgin_routine(pg_cookie, pgno, page) +- void *pg_cookie; +- db_pgno_t pgno; +- void *page; ++__pgin_routine(void *pg_cookie, db_pgno_t pgno, void *page) + { + HTAB *hashp; + PAGE16 *pagep; +@@ -868,10 +835,7 @@ __pgin_routine(pg_cookie, pgno, page) + } + + void +-__pgout_routine(pg_cookie, pgno, page) +- void *pg_cookie; +- db_pgno_t pgno; +- void *page; ++__pgout_routine(void *pg_cookie, db_pgno_t pgno, void *page) + { + HTAB *hashp; + PAGE16 *pagep; +@@ -905,10 +869,7 @@ __pgout_routine(pg_cookie, pgno, page) + * -1 ==>failure + */ + extern int32_t +-__put_page(hashp, pagep, addr_type, is_dirty) +- HTAB *hashp; +- PAGE16 *pagep; +- int32_t addr_type, is_dirty; ++__put_page(HTAB *hashp, PAGE16 *pagep, int32_t addr_type, int32_t is_dirty) + { + #if DEBUG_SLOW + account_page(hashp, +@@ -924,10 +885,7 @@ __put_page(hashp, pagep, addr_type, is_dirty) + * -1 indicates FAILURE + */ + extern PAGE16 * +-__get_page(hashp, addr, addr_type) +- HTAB *hashp; +- u_int32_t addr; +- int32_t addr_type; ++__get_page(HTAB *hashp, u_int32_t addr, int32_t addr_type) + { + PAGE16 *pagep; + db_pgno_t paddr; +@@ -958,8 +916,7 @@ __get_page(hashp, addr, addr_type) + } + + static void +-swap_page_header_in(pagep) +- PAGE16 *pagep; ++swap_page_header_in(PAGE16 *pagep) + { + u_int32_t i; + +@@ -977,8 +934,7 @@ swap_page_header_in(pagep) + } + + static void +-swap_page_header_out(pagep) +- PAGE16 *pagep; ++swap_page_header_out(PAGE16 *pagep) + { + u_int32_t i; + +@@ -1001,9 +957,7 @@ swap_page_header_out(pagep) + * once they are read in. + */ + extern int32_t +-__ibitmap(hashp, pnum, nbits, ndx) +- HTAB *hashp; +- int32_t pnum, nbits, ndx; ++__ibitmap(HTAB *hashp, int32_t pnum, int32_t nbits, int32_t ndx) + { + u_int32_t *ip; + int32_t clearbytes, clearints; +@@ -1027,8 +981,7 @@ __ibitmap(hashp, pnum, nbits, ndx) + } + + static u_int32_t +-first_free(map) +- u_int32_t map; ++first_free(u_int32_t map) + { + u_int32_t i, mask; + +@@ -1044,8 +997,7 @@ first_free(map) + * returns 0 on error + */ + static u_int16_t +-overflow_page(hashp) +- HTAB *hashp; ++overflow_page(HTAB *hashp) + { + u_int32_t *freep; + u_int32_t bit, first_page, free_bit, free_page, i, in_use_bits, j; +@@ -1206,9 +1158,7 @@ found: + + #ifdef DEBUG + int +-bucket_to_page(hashp, n) +- HTAB *hashp; +- int n; ++bucket_to_page(HTAB *hashp, int n) + { + int ret_val; + +@@ -1219,9 +1169,7 @@ bucket_to_page(hashp, n) + } + + int32_t +-oaddr_to_page(hashp, n) +- HTAB *hashp; +- int n; ++oaddr_to_page(HTAB *hashp, int n) + { + int ret_val, temp; + +@@ -1234,9 +1182,7 @@ oaddr_to_page(hashp, n) + #endif /* DEBUG */ + + static indx_t +-page_to_oaddr(hashp, pgno) +- HTAB *hashp; +- db_pgno_t pgno; ++page_to_oaddr(HTAB *hashp, db_pgno_t pgno) + { + int32_t sp, ret_val; + +@@ -1268,9 +1214,7 @@ page_to_oaddr(hashp, pgno) + * Mark this overflow page as free. + */ + extern void +-__free_ovflpage(hashp, pagep) +- HTAB *hashp; +- PAGE16 *pagep; ++__free_ovflpage(HTAB *hashp, PAGE16 *pagep) + { + u_int32_t *freep; + u_int32_t bit_address, free_page, free_bit; +@@ -1307,9 +1251,7 @@ __free_ovflpage(hashp, pagep) + } + + static u_int32_t * +-fetch_bitmap(hashp, ndx) +- HTAB *hashp; +- int32_t ndx; ++fetch_bitmap(HTAB *hashp, int32_t ndx) + { + if (ndx >= hashp->nmaps) + return (NULL); +@@ -1322,10 +1264,7 @@ fetch_bitmap(hashp, ndx) + + #ifdef DEBUG_SLOW + static void +-account_page(hashp, pgno, inout) +- HTAB *hashp; +- db_pgno_t pgno; +- int inout; ++account_page(HTAB *hashp, db_pgno_t pgno, int inout) + { + static struct { + db_pgno_t pgno; +diff --git a/src/plugins/kdb/db2/libdb2/hash/hsearch.c b/src/plugins/kdb/db2/libdb2/hash/hsearch.c +index 02ff7ef843..ffcdfcf294 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/hsearch.c ++++ b/src/plugins/kdb/db2/libdb2/hash/hsearch.c +@@ -50,8 +50,7 @@ static DB *dbp = NULL; + static ENTRY retval; + + extern int +-hcreate(nel) +- u_int nel; ++hcreate(u_int nel) + { + HASHINFO info; + +@@ -66,9 +65,7 @@ hcreate(nel) + } + + extern ENTRY * +-hsearch(item, action) +- ENTRY item; +- ACTION action; ++hsearch(ENTRY item, ACTION action) + { + DBT key, val; + int status; +@@ -98,7 +95,7 @@ hsearch(item, action) + } + + extern void +-hdestroy() ++hdestroy(void) + { + if (dbp) { + (void)(dbp->close)(dbp); +diff --git a/src/plugins/kdb/db2/libdb2/mpool/mpool.c b/src/plugins/kdb/db2/libdb2/mpool/mpool.c +index 0fcfd4ac2b..028fb180ca 100644 +--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.c ++++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.c +@@ -56,10 +56,7 @@ static int mpool_write __P((MPOOL *, BKT *)); + * Initialize a memory pool. + */ + MPOOL * +-mpool_open(key, fd, pagesize, maxcache) +- void *key; +- int fd; +- db_pgno_t pagesize, maxcache; ++mpool_open(void *key, int fd, db_pgno_t pagesize, db_pgno_t maxcache) + { + struct stat sb; + MPOOL *mp; +@@ -96,11 +93,8 @@ mpool_open(key, fd, pagesize, maxcache) + * Initialize input/output filters. + */ + void +-mpool_filter(mp, pgin, pgout, pgcookie) +- MPOOL *mp; +- void (*pgin) __P((void *, db_pgno_t, void *)); +- void (*pgout) __P((void *, db_pgno_t, void *)); +- void *pgcookie; ++mpool_filter(MPOOL *mp, void (*pgin) __P((void *, db_pgno_t, void *)), ++ void (*pgout) __P((void *, db_pgno_t, void *)), void *pgcookie) + { + mp->pgin = pgin; + mp->pgout = pgout; +@@ -112,10 +106,7 @@ mpool_filter(mp, pgin, pgout, pgcookie) + * Get a new page of memory. + */ + void * +-mpool_new(mp, pgnoaddr, flags) +- MPOOL *mp; +- db_pgno_t *pgnoaddr; +- u_int flags; ++mpool_new(MPOOL *mp, db_pgno_t *pgnoaddr, u_int flags) + { + struct _hqh *head; + BKT *bp; +@@ -149,9 +140,7 @@ mpool_new(mp, pgnoaddr, flags) + } + + int +-mpool_delete(mp, page) +- MPOOL *mp; +- void *page; ++mpool_delete(MPOOL *mp, void *page) + { + struct _hqh *head; + BKT *bp; +@@ -180,10 +169,7 @@ mpool_delete(mp, page) + * Get a page. + */ + void * +-mpool_get(mp, pgno, flags) +- MPOOL *mp; +- db_pgno_t pgno; +- u_int flags; /* XXX not used? */ ++mpool_get(MPOOL *mp, db_pgno_t pgno, u_int flags) + { + struct _hqh *head; + BKT *bp; +@@ -278,10 +264,7 @@ mpool_get(mp, pgno, flags) + * Return a page. + */ + int +-mpool_put(mp, page, flags) +- MPOOL *mp; +- void *page; +- u_int flags; ++mpool_put(MPOOL *mp, void *page, u_int flags) + { + BKT *bp; + +@@ -307,8 +290,7 @@ mpool_put(mp, page, flags) + * Close the buffer pool. + */ + int +-mpool_close(mp) +- MPOOL *mp; ++mpool_close(MPOOL *mp) + { + BKT *bp; + +@@ -328,8 +310,7 @@ mpool_close(mp) + * Sync the pool to disk. + */ + int +-mpool_sync(mp) +- MPOOL *mp; ++mpool_sync(MPOOL *mp) + { + BKT *bp; + +@@ -348,8 +329,7 @@ mpool_sync(mp) + * Get a page from the cache (or create one). + */ + static BKT * +-mpool_bkt(mp) +- MPOOL *mp; ++mpool_bkt(MPOOL *mp) + { + struct _hqh *head; + BKT *bp; +@@ -407,9 +387,7 @@ new: if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL) + * Write a page to disk. + */ + static int +-mpool_write(mp, bp) +- MPOOL *mp; +- BKT *bp; ++mpool_write(MPOOL *mp, BKT *bp) + { + off_t off; + +@@ -451,9 +429,7 @@ mpool_write(mp, bp) + * Lookup a page in the cache. + */ + static BKT * +-mpool_look(mp, pgno) +- MPOOL *mp; +- db_pgno_t pgno; ++mpool_look(MPOOL *mp, db_pgno_t pgno) + { + struct _hqh *head; + BKT *bp; +@@ -478,8 +454,7 @@ mpool_look(mp, pgno) + * Print out cache statistics. + */ + void +-mpool_stat(mp) +- MPOOL *mp; ++mpool_stat(MPOOL *mp) + { + BKT *bp; + int cnt; +@@ -520,8 +495,7 @@ mpool_stat(mp) + } + #else + void +-mpool_stat(mp) +- MPOOL *mp; ++mpool_stat(MPOOL *mp) + { + } + #endif +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_close.c b/src/plugins/kdb/db2/libdb2/recno/rec_close.c +index 4ef4dd1bae..b858e5c909 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_close.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_close.c +@@ -59,8 +59,7 @@ static char sccsid[] = "@(#)rec_close.c 8.9 (Berkeley) 11/18/94"; + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_close(dbp) +- DB *dbp; ++__rec_close(DB *dbp) + { + BTREE *t; + int status; +@@ -108,9 +107,7 @@ __rec_close(dbp) + * RET_SUCCESS, RET_ERROR. + */ + int +-__rec_sync(dbp, flags) +- const DB *dbp; +- u_int flags; ++__rec_sync(const DB *dbp, u_int flags) + { + struct iovec iov[2]; + BTREE *t; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_delete.c b/src/plugins/kdb/db2/libdb2/recno/rec_delete.c +index b69c9ad742..7e574df28e 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_delete.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_delete.c +@@ -61,10 +61,7 @@ static int rec_rdelete __P((BTREE *, recno_t)); + * RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found. + */ + int +-__rec_delete(dbp, key, flags) +- const DB *dbp; +- const DBT *key; +- u_int flags; ++__rec_delete(const DB *dbp, const DBT *key, u_int flags) + { + BTREE *t; + recno_t nrec; +@@ -117,9 +114,7 @@ einval: errno = EINVAL; + * RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found. + */ + static int +-rec_rdelete(t, nrec) +- BTREE *t; +- recno_t nrec; ++rec_rdelete(BTREE *t, recno_t nrec) + { + EPG *e; + PAGE *h; +@@ -151,10 +146,7 @@ rec_rdelete(t, nrec) + * RET_SUCCESS, RET_ERROR. + */ + int +-__rec_dleaf(t, h, idx) +- BTREE *t; +- PAGE *h; +- u_int32_t idx; ++__rec_dleaf(BTREE *t, PAGE *h, u_int32_t idx) + { + RLEAF *rl; + indx_t *ip, cnt, offset; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_get.c b/src/plugins/kdb/db2/libdb2/recno/rec_get.c +index 230b2d4f54..c89cb556fc 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_get.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_get.c +@@ -60,11 +60,7 @@ static char sccsid[] = "@(#)rec_get.c 8.9 (Berkeley) 8/18/94"; + * RET_ERROR, RET_SUCCESS and RET_SPECIAL if the key not found. + */ + int +-__rec_get(dbp, key, data, flags) +- const DB *dbp; +- const DBT *key; +- DBT *data; +- u_int flags; ++__rec_get(const DB *dbp, const DBT *key, DBT *data, u_int flags) + { + BTREE *t; + EPG *e; +@@ -119,9 +115,7 @@ __rec_get(dbp, key, data, flags) + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_fpipe(t, top) +- BTREE *t; +- recno_t top; ++__rec_fpipe(BTREE *t, recno_t top) + { + DBT data; + recno_t nrec; +@@ -175,9 +169,7 @@ __rec_fpipe(t, top) + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_vpipe(t, top) +- BTREE *t; +- recno_t top; ++__rec_vpipe(BTREE *t, recno_t top) + { + DBT data; + recno_t nrec; +@@ -232,9 +224,7 @@ __rec_vpipe(t, top) + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_fmap(t, top) +- BTREE *t; +- recno_t top; ++__rec_fmap(BTREE *t, recno_t top) + { + DBT data; + recno_t nrec; +@@ -282,9 +272,7 @@ __rec_fmap(t, top) + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_vmap(t, top) +- BTREE *t; +- recno_t top; ++__rec_vmap(BTREE *t, recno_t top) + { + DBT data; + u_char *sp, *ep; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c +index b0daa7c021..de3fc3f4d0 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c +@@ -56,10 +56,8 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94"; + #include "recno.h" + + DB * +-__rec_open(fname, flags, mode, openinfo, dflags) +- const char *fname; +- int flags, mode, dflags; +- const RECNOINFO *openinfo; ++__rec_open(const char *fname, int flags, int mode, const RECNOINFO *openinfo, ++ int dflags) + { + BTREE *t; + BTREEINFO btopeninfo; +@@ -228,8 +226,7 @@ err: sverrno = errno; + } + + int +-__rec_fd(dbp) +- const DB *dbp; ++__rec_fd(const DB *dbp) + { + BTREE *t; + +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_put.c b/src/plugins/kdb/db2/libdb2/recno/rec_put.c +index c53c9578e5..8456f1dbf6 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_put.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_put.c +@@ -59,11 +59,7 @@ static char sccsid[] = "@(#)rec_put.c 8.7 (Berkeley) 8/18/94"; + * already in the tree and R_NOOVERWRITE specified. + */ + int +-__rec_put(dbp, key, data, flags) +- const DB *dbp; +- DBT *key; +- const DBT *data; +- u_int flags; ++__rec_put(const DB *dbp, DBT *key, const DBT *data, u_int flags) + { + BTREE *t; + DBT fdata, tdata; +@@ -187,11 +183,7 @@ einval: errno = EINVAL; + * RET_ERROR, RET_SUCCESS + */ + int +-__rec_iput(t, nrec, data, flags) +- BTREE *t; +- recno_t nrec; +- const DBT *data; +- u_int flags; ++__rec_iput(BTREE *t, recno_t nrec, const DBT *data, u_int flags) + { + DBT tdata; + EPG *e; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_search.c b/src/plugins/kdb/db2/libdb2/recno/rec_search.c +index 244d79f36d..55e5ba879b 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_search.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_search.c +@@ -61,10 +61,7 @@ static char sccsid[] = "@(#)rec_search.c 8.4 (Berkeley) 7/14/94"; + * the bt_cur field of the tree. A pointer to the field is returned. + */ + EPG * +-__rec_search(t, recno, op) +- BTREE *t; +- recno_t recno; +- enum SRCHOP op; ++__rec_search(BTREE *t, recno_t recno, enum SRCHOP op) + { + indx_t idx; + PAGE *h; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_seq.c b/src/plugins/kdb/db2/libdb2/recno/rec_seq.c +index 8af1378c34..cf48ea24d7 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_seq.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_seq.c +@@ -58,10 +58,7 @@ static char sccsid[] = "@(#)rec_seq.c 8.3 (Berkeley) 7/14/94"; + * RET_ERROR, RET_SUCCESS or RET_SPECIAL if there's no next key. + */ + int +-__rec_seq(dbp, key, data, flags) +- const DB *dbp; +- DBT *key, *data; +- u_int flags; ++__rec_seq(const DB *dbp, DBT *key, DBT *data, u_int flags) + { + BTREE *t; + EPG *e; +diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_utils.c b/src/plugins/kdb/db2/libdb2/recno/rec_utils.c +index f757a724f5..2eaa39b4a3 100644 +--- a/src/plugins/kdb/db2/libdb2/recno/rec_utils.c ++++ b/src/plugins/kdb/db2/libdb2/recno/rec_utils.c +@@ -59,11 +59,7 @@ static char sccsid[] = "@(#)rec_utils.c 8.6 (Berkeley) 7/16/94"; + * RET_SUCCESS, RET_ERROR. + */ + int +-__rec_ret(t, e, nrec, key, data) +- BTREE *t; +- EPG *e; +- recno_t nrec; +- DBT *key, *data; ++__rec_ret(BTREE *t, EPG *e, recno_t nrec, DBT *key, DBT *data) + { + RLEAF *rl; + void *p; +diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c +index 5d76b1ddf9..04bf34b90d 100644 +--- a/src/plugins/kdb/db2/libdb2/test/dbtest.c ++++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c +@@ -121,9 +121,7 @@ DB *XXdbp; /* Global for gdb. */ + u_long XXlineno; /* Fast breakpoint for gdb. */ + + int +-main(argc, argv) +- int argc; +- char *argv[]; ++main(int argc, char *argv[]) + { + extern int optind; + extern char *optarg; +@@ -380,8 +378,7 @@ lkey: switch (command) { + #define NOOVERWRITE "put failed, would overwrite key\n" + + void +-compare(db1, db2) +- DBT *db1, *db2; ++compare(DBT *db1, DBT *db2) + { + size_t len; + u_char *p1, *p2; +@@ -402,9 +399,7 @@ compare(db1, db2) + } + + void +-get(dbp, kp) +- DB *dbp; +- DBT *kp; ++get(DB *dbp, DBT *kp) + { + DBT data; + +@@ -437,9 +432,7 @@ get(dbp, kp) + } + + void +-getdata(dbp, kp, dp) +- DB *dbp; +- DBT *kp, *dp; ++getdata(DB *dbp, DBT *kp, DBT *dp) + { + switch (dbp->get(dbp, kp, dp, flags)) { + case 0: +@@ -454,9 +447,7 @@ getdata(dbp, kp, dp) + } + + void +-put(dbp, kp, dp) +- DB *dbp; +- DBT *kp, *dp; ++put(DB *dbp, DBT *kp, DBT *dp) + { + switch (dbp->put(dbp, kp, dp, flags)) { + case 0: +@@ -473,9 +464,7 @@ put(dbp, kp, dp) + } + + void +-rem(dbp, kp) +- DB *dbp; +- DBT *kp; ++rem(DB *dbp, DBT *kp) + { + switch (dbp->del(dbp, kp, flags)) { + case 0: +@@ -502,8 +491,7 @@ rem(dbp, kp) + } + + void +-synk(dbp) +- DB *dbp; ++synk(DB *dbp) + { + switch (dbp->sync(dbp, flags)) { + case 0: +@@ -515,9 +503,7 @@ synk(dbp) + } + + void +-seq(dbp, kp) +- DB *dbp; +- DBT *kp; ++seq(DB *dbp, DBT *kp) + { + DBT data; + +@@ -551,10 +537,7 @@ seq(dbp, kp) + } + + void +-dump(dbp, rev, recurse) +- DB *dbp; +- int rev; +- int recurse; ++dump(DB *dbp, int rev, int recurse) + { + DBT key, data; + int lflags, nflags; +@@ -588,8 +571,7 @@ done: return; + } + + void +-unlinkpg(dbp) +- DB *dbp; ++unlinkpg(DB *dbp) + { + BTREE *t = dbp->internal; + PAGE *h = NULL; +@@ -623,8 +605,7 @@ cleanup: + } + + u_int +-setflags(s) +- char *s; ++setflags(char *s) + { + char *p; + +@@ -648,8 +629,7 @@ setflags(s) + } + + char * +-sflags(lflags) +- int lflags; ++sflags(int lflags) + { + switch (lflags) { + case R_CURSOR: return ("R_CURSOR"); +@@ -667,8 +647,7 @@ sflags(lflags) + } + + DBTYPE +-dbtype(s) +- char *s; ++dbtype(char *s) + { + if (!strcmp(s, "btree")) + return (DB_BTREE); +@@ -681,9 +660,7 @@ dbtype(s) + } + + void * +-setinfo(db_type, s) +- DBTYPE db_type; +- char *s; ++setinfo(DBTYPE db_type, char *s) + { + static BTREEINFO ib; + static HASHINFO ih; +@@ -777,9 +754,7 @@ setinfo(db_type, s) + } + + void * +-rfile(name, lenp) +- char *name; +- size_t *lenp; ++rfile(char *name, size_t *lenp) + { + struct stat sb; + void *p; +@@ -806,9 +781,7 @@ rfile(name, lenp) + } + + void * +-xmalloc(text, len) +- char *text; +- size_t len; ++xmalloc(char *text, size_t len) + { + void *p; + +diff --git a/src/plugins/kdb/db2/pol_xdr.c b/src/plugins/kdb/db2/pol_xdr.c +index e8576337c8..448d4b0f51 100644 +--- a/src/plugins/kdb/db2/pol_xdr.c ++++ b/src/plugins/kdb/db2/pol_xdr.c +@@ -82,7 +82,7 @@ xdr_osa_policy_ent_rec(XDR *xdrs, osa_policy_ent_t objp) + if (!xdr_short(xdrs, &objp->n_tl_data)) + return (FALSE); + if (!xdr_nulltype(xdrs, (void **) &objp->tl_data, +- xdr_krb5_tl_data)) ++ (xdrproc_t)xdr_krb5_tl_data)) + return FALSE; + } + return (TRUE); +diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +index 0b56ba86a7..7ddea923a3 100644 +--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c ++++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c +@@ -186,8 +186,8 @@ static struct _cmd_table { + * The function cmd_lookup returns the structure matching the + * command name and returns NULL if nothing matches. + */ +-static struct _cmd_table *cmd_lookup(name) +- char *name; ++static struct _cmd_table * ++cmd_lookup(const char *name) + { + int i; + +diff --git a/src/plugins/kdb/lmdb/kdb_lmdb.c b/src/plugins/kdb/lmdb/kdb_lmdb.c +index bd288e2236..dbab7967c6 100644 +--- a/src/plugins/kdb/lmdb/kdb_lmdb.c ++++ b/src/plugins/kdb/lmdb/kdb_lmdb.c +@@ -468,13 +468,13 @@ error: + } + + static krb5_error_code +-klmdb_lib_init() ++klmdb_lib_init(void) + { + return 0; + } + + static krb5_error_code +-klmdb_lib_cleanup() ++klmdb_lib_cleanup(void) + { + return 0; + } +diff --git a/src/plugins/kdb/test/kdb_test.c b/src/plugins/kdb/test/kdb_test.c +index f4d4380d5b..8d14091f38 100644 +--- a/src/plugins/kdb/test/kdb_test.c ++++ b/src/plugins/kdb/test/kdb_test.c +@@ -312,13 +312,13 @@ make_strings(char **stringattrs, krb5_db_entry *ent) + } + + static krb5_error_code +-test_init() ++test_init(void) + { + return 0; + } + + static krb5_error_code +-test_cleanup() ++test_cleanup(void) + { + return 0; + } +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index d646073d55..6d96499d77 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -3469,7 +3469,7 @@ load_pkcs11_module(krb5_context context, const char *modname, + CK_RV (*getflist)(CK_FUNCTION_LIST_PTR_PTR); + struct errinfo einfo = EMPTY_ERRINFO; + const char *errmsg = NULL; +- void (*sym)(); ++ void (*sym)(void); + long err; + CK_RV rv; + +@@ -3488,7 +3488,7 @@ load_pkcs11_module(krb5_context context, const char *modname, + goto error; + } + +- getflist = (CK_RV (*)())sym; ++ getflist = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))sym; + rv = (*getflist)(p11p); + if (rv != CKR_OK) { + TRACE_PKINIT_PKCS11_GETFLIST_FAILED(context, pkcs11err(rv)); +diff --git a/src/plugins/preauth/spake/t_vectors.c b/src/plugins/preauth/spake/t_vectors.c +index 96b0307d78..ecffd3d7ee 100644 +--- a/src/plugins/preauth/spake/t_vectors.c ++++ b/src/plugins/preauth/spake/t_vectors.c +@@ -439,7 +439,7 @@ run_test(const struct test *t) + } + + int +-main() ++main(void) + { + size_t i; + +diff --git a/src/tests/asn.1/krb5_decode_test.c b/src/tests/asn.1/krb5_decode_test.c +index 926aa94706..2fa6dce8eb 100644 +--- a/src/tests/asn.1/krb5_decode_test.c ++++ b/src/tests/asn.1/krb5_decode_test.c +@@ -54,9 +54,8 @@ static void ktest_free_reply_key_pack(krb5_context context, + static void ktest_free_kkdcp_message(krb5_context context, + krb5_kkdcp_message *val); + +-int main(argc, argv) +- int argc; +- char **argv; ++int ++main(int argc, char **argv) + { + krb5_data code; + krb5_error_code retval; +diff --git a/src/tests/asn.1/krb5_encode_test.c b/src/tests/asn.1/krb5_encode_test.c +index 26c064e67d..f4e754b1cc 100644 +--- a/src/tests/asn.1/krb5_encode_test.c ++++ b/src/tests/asn.1/krb5_encode_test.c +@@ -37,7 +37,7 @@ krb5_context test_context; + int error_count = 0; + int do_trval = 0; + int first_trval = 1; +-int trval2(); ++int trval2(FILE *, unsigned char *, int, int, int *); + + static void + encoder_print_results(krb5_data *code, char *typestring, char *description) +@@ -51,7 +51,7 @@ encoder_print_results(krb5_data *code, char *typestring, char *description) + else + printf("\n"); + printf("encode_krb5_%s%s:\n", typestring, description); +- r = trval2(stdout, code->data, code->length, 0, &rlen); ++ r = trval2(stdout, (uint8_t *)code->data, code->length, 0, &rlen); + printf("\n"); + if (rlen < 0 || (unsigned int) rlen != code->length) { + printf("Error: length mismatch: was %d, parsed %d\n", +@@ -72,9 +72,8 @@ encoder_print_results(krb5_data *code, char *typestring, char *description) + ktest_destroy_data(&code); + } + +-static void PRS(argc, argv) +- int argc; +- char **argv; ++static void ++PRS(int argc, char **argv) + { + extern char *optarg; + int optchar; +@@ -107,9 +106,7 @@ static void PRS(argc, argv) + } + + int +-main(argc, argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + krb5_data *code; + krb5_error_code retval; +diff --git a/src/tests/asn.1/t_trval.c b/src/tests/asn.1/t_trval.c +index 57d8253880..009ed5bb9e 100644 +--- a/src/tests/asn.1/t_trval.c ++++ b/src/tests/asn.1/t_trval.c +@@ -36,7 +36,8 @@ + -DSTANDALONE code. */ + #include "trval.c" + +-static void usage() ++static void ++usage(void) + { + fprintf(stderr, "Usage: trval [--types] [--krb5] [--krb5decode] [--hex] [-notypebytes] [file]\n"); + exit(1); +@@ -46,10 +47,8 @@ static void usage() + * Returns true if the option was selected. Allow "-option" and + * "--option" syntax, since we used to accept only "-option" + */ +-static +-int check_option(word, option) +- char *word; +- char *option; ++static int ++check_option(char *word, char *option) + { + if (word[0] != '-') + return 0; +@@ -60,9 +59,8 @@ int check_option(word, option) + return 1; + } + +-int main(argc, argv) +- int argc; +- char **argv; ++int ++main(int argc, char **argv) + { + int optflg = 1; + FILE *fp; +diff --git a/src/tests/asn.1/trval.c b/src/tests/asn.1/trval.c +index c14bcdeb69..e0e58cc19e 100644 +--- a/src/tests/asn.1/trval.c ++++ b/src/tests/asn.1/trval.c +@@ -120,7 +120,8 @@ int trval2 (FILE *, unsigned char *, int, int, int *); + + /****************************************************************************/ + +-static int convert_nibble(int ch) ++static int ++convert_nibble(int ch) + { + if (isdigit(ch)) + return (ch - '0'); +@@ -131,9 +132,8 @@ static int convert_nibble(int ch) + return -1; + } + +-int trval(fin, fout) +- FILE *fin; +- FILE *fout; ++int ++trval(FILE *fin, FILE *fout) + { + unsigned char *p; + unsigned int maxlen; +@@ -169,12 +169,8 @@ int trval(fin, fout) + return(r); + } + +-int trval2(fp, enc, len, lev, rlen) +- FILE *fp; +- unsigned char *enc; +- int len; +- int lev; +- int *rlen; ++int ++trval2(FILE *fp, unsigned char *enc, int len, int lev, int *rlen) + { + int l, eid, elen, xlen, r, rlen2 = 0; + int rlen_ext = 0; +@@ -248,10 +244,8 @@ context_restart: + return(r); + } + +-int decode_len(fp, enc, len) +- FILE *fp; +- unsigned char *enc; +- int len; ++int ++decode_len(FILE *fp, unsigned char *enc, int len) + { + int rlen; + int i; +@@ -270,12 +264,8 @@ int decode_len(fp, enc, len) + /* + * This is the printing function for bit strings + */ +-int do_prim_bitstring(fp, tag, enc, len, lev) +- FILE *fp; +- int tag; +- unsigned char *enc; +- int len; +- int lev; ++int ++do_prim_bitstring(FILE *fp, int tag, unsigned char *enc, int len, int lev) + { + int i; + long num = 0; +@@ -297,12 +287,8 @@ int do_prim_bitstring(fp, tag, enc, len, lev) + /* + * This is the printing function for integers + */ +-int do_prim_int(fp, tag, enc, len, lev) +- FILE *fp; +- int tag; +- unsigned char *enc; +- int len; +- int lev; ++int ++do_prim_int(FILE *fp, int tag, unsigned char *enc, int len, int lev) + { + int i; + long num = 0; +@@ -327,12 +313,8 @@ int do_prim_int(fp, tag, enc, len, lev) + * This is the printing function which we use if it's a string or + * other other type which is best printed as a string + */ +-int do_prim_string(fp, tag, enc, len, lev) +- FILE *fp; +- int tag; +- unsigned char *enc; +- int len; +- int lev; ++int ++do_prim_string(FILE *fp, int tag, unsigned char *enc, int len, int lev) + { + int i; + +@@ -349,12 +331,8 @@ int do_prim_string(fp, tag, enc, len, lev) + return 1; + } + +-int do_prim(fp, tag, enc, len, lev) +- FILE *fp; +- int tag; +- unsigned char *enc; +- int len; +- int lev; ++int ++do_prim(FILE *fp, int tag, unsigned char *enc, int len, int lev) + { + int n; + int i; +@@ -396,12 +374,8 @@ int do_prim(fp, tag, enc, len, lev) + return(OK); + } + +-int do_cons(fp, enc, len, lev, rlen) +- FILE *fp; +- unsigned char *enc; +- int len; +- int lev; +- int *rlen; ++int ++do_cons(FILE *fp, unsigned char *enc, int len, int lev, int *rlen) + { + int n; + int r = 0; +@@ -430,9 +404,8 @@ struct typestring_table { + int new_appl; + }; + +-static char *lookup_typestring(table, key1, key2) +- struct typestring_table *table; +- int key1, key2; ++static char * ++lookup_typestring(struct typestring_table *table, int key1, int key2) + { + struct typestring_table *ent; + +@@ -700,10 +673,8 @@ struct typestring_table krb5_fields[] = { + }; + #endif + +-void print_tag_type(fp, eid, lev) +- FILE *fp; +- int eid; +- int lev; ++void ++print_tag_type(FILE *fp, int eid, int lev) + { + int tag = eid & ID_TAG; + int do_space = 1; +diff --git a/src/tests/conccache.c b/src/tests/conccache.c +index 7b0ca6300c..9fe5305761 100644 +--- a/src/tests/conccache.c ++++ b/src/tests/conccache.c +@@ -110,7 +110,7 @@ refresh_cache(krb5_context context) + } + + static pid_t +-spawn_cred_subprocess() ++spawn_cred_subprocess(void) + { + krb5_context context; + pid_t pid; +@@ -133,7 +133,7 @@ spawn_cred_subprocess() + } + + static pid_t +-spawn_refresh_subprocess() ++spawn_refresh_subprocess(void) + { + krb5_context context; + pid_t pid; +diff --git a/src/tests/create/kdb5_mkdums.c b/src/tests/create/kdb5_mkdums.c +index 7c0666601c..61ca9f67a2 100644 +--- a/src/tests/create/kdb5_mkdums.c ++++ b/src/tests/create/kdb5_mkdums.c +@@ -56,9 +56,7 @@ struct mblock { + int set_dbname_help (char *, char *); + + static void +-usage(who, status) +- char *who; +- int status; ++usage(char *who, int status) + { + fprintf(stderr, + "usage: %s -p prefix -n num_to_create [-d dbpathname] [-r realmname]\n", +@@ -83,9 +81,7 @@ static krb5_boolean manual_mkey = FALSE; + void add_princ (krb5_context, char *); + + int +-main(argc, argv) +- int argc; +- char *argv[]; ++main(int argc, char *argv[]) + { + extern char *optarg; + int optchar, i, n; +@@ -209,9 +205,7 @@ main(argc, argv) + } + + void +-add_princ(context, str_newprinc) +- krb5_context context; +- char * str_newprinc; ++add_princ(krb5_context context, char *str_newprinc) + { + krb5_error_code retval; + krb5_principal newprinc; +@@ -317,9 +311,7 @@ error: /* Do cleanup of newentry regardless of error */ + } + + int +-set_dbname_help(pname, dbname) +- char *pname; +- char *dbname; ++set_dbname_help(char *pname, char *dbname) + { + krb5_error_code retval; + krb5_data pwd, scratch; +diff --git a/src/tests/forward.c b/src/tests/forward.c +index 7327cc9e62..90f359a586 100644 +--- a/src/tests/forward.c ++++ b/src/tests/forward.c +@@ -51,7 +51,7 @@ check(krb5_error_code code) + } + + int +-main() ++main(void) + { + krb5_ccache cc; + krb5_creds mcred, tgt, *fcred; +diff --git a/src/tests/gss-threads/gss-client.c b/src/tests/gss-threads/gss-client.c +index c0cf25ddaa..8c006c2915 100644 +--- a/src/tests/gss-threads/gss-client.c ++++ b/src/tests/gss-threads/gss-client.c +@@ -68,7 +68,7 @@ + static int verbose = 1; + + static void +-usage() ++usage(void) + { + fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n"); + fprintf(stderr, " [-seq] [-noreplay] [-nomutual]"); +@@ -134,7 +134,7 @@ get_server_info(char *host, u_short port) + * displayed and -1 is returned. + */ + static int +-connect_to_server() ++connect_to_server(void) + { + int s; + +diff --git a/src/tests/gss-threads/gss-server.c b/src/tests/gss-threads/gss-server.c +index a9f980edb2..e0a37738e4 100644 +--- a/src/tests/gss-threads/gss-server.c ++++ b/src/tests/gss-threads/gss-server.c +@@ -74,7 +74,7 @@ + #endif + + static void +-usage() ++usage(void) + { + fprintf(stderr, "Usage: gss-server [-port port] [-verbose] [-once]"); + #ifdef _WIN32 +diff --git a/src/tests/gssapi/reload.c b/src/tests/gssapi/reload.c +index 4fe3565406..00bda32330 100644 +--- a/src/tests/gssapi/reload.c ++++ b/src/tests/gssapi/reload.c +@@ -64,7 +64,7 @@ load_gssapi(void) + } + + int +-main() ++main(void) + { + void *support; + +diff --git a/src/tests/gssapi/t_add_cred.c b/src/tests/gssapi/t_add_cred.c +index 68b37e3ed9..7ab52d6449 100644 +--- a/src/tests/gssapi/t_add_cred.c ++++ b/src/tests/gssapi/t_add_cred.c +@@ -43,7 +43,7 @@ + #include "common.h" + + int +-main() ++main(void) + { + OM_uint32 minor, major; + gss_cred_id_t cred1, cred2; +diff --git a/src/tests/gssapi/t_enctypes.c b/src/tests/gssapi/t_enctypes.c +index 3fd31e2f8c..3325db7696 100644 +--- a/src/tests/gssapi/t_enctypes.c ++++ b/src/tests/gssapi/t_enctypes.c +@@ -47,7 +47,7 @@ + */ + + static void +-usage() ++usage(void) + { + errout("Usage: t_enctypes [-i initenctypes] [-a accenctypes] " + "targetname"); +diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c +index fb8fe55111..e08c0039f8 100644 +--- a/src/tests/gssapi/t_invalid.c ++++ b/src/tests/gssapi/t_invalid.c +@@ -99,7 +99,7 @@ struct test { + + /* Fake up enough of a CFX GSS context for gss_unwrap, using an AES key. */ + static gss_ctx_id_t +-make_fake_cfx_context() ++make_fake_cfx_context(void) + { + gss_union_ctx_id_t uctx; + krb5_gss_ctx_id_t kgctx; +@@ -402,7 +402,7 @@ try_accept(void *value, size_t len) + + /* Accept contexts using superficially valid but truncated encapsulations. */ + static void +-test_short_encapsulation() ++test_short_encapsulation(void) + { + /* Include just the initial application tag, to see if we overrun reading + * the sequence length. */ +diff --git a/src/tests/gssapi/t_oid.c b/src/tests/gssapi/t_oid.c +index 1c9d394167..64253133d2 100644 +--- a/src/tests/gssapi/t_oid.c ++++ b/src/tests/gssapi/t_oid.c +@@ -129,7 +129,7 @@ oid_equal(gss_OID o1, gss_OID o2) + } + + int +-main() ++main(void) + { + size_t i; + OM_uint32 major, minor; +diff --git a/src/tests/gssapi/t_spnego.c b/src/tests/gssapi/t_spnego.c +index 2483228b1b..4091739f83 100644 +--- a/src/tests/gssapi/t_spnego.c ++++ b/src/tests/gssapi/t_spnego.c +@@ -195,7 +195,7 @@ test_mskrb_oid(gss_name_t tname, gss_cred_id_t acred) + /* Check that we return a compatibility NegTokenInit2 message containing + * NegHints for an empty initiator token. */ + static void +-test_neghints() ++test_neghints(void) + { + OM_uint32 major, minor; + gss_buffer_desc itok = GSS_C_EMPTY_BUFFER, atok; +diff --git a/src/tests/hammer/kdc5_hammer.c b/src/tests/hammer/kdc5_hammer.c +index 8220fd97bd..76ef527ccf 100644 +--- a/src/tests/hammer/kdc5_hammer.c ++++ b/src/tests/hammer/kdc5_hammer.c +@@ -68,9 +68,7 @@ int get_tgt + krb5_ccache); + + static void +-usage(who, status) +-char *who; +-int status; ++usage(char *who, int status) + { + fprintf(stderr, + "usage: %s -p prefix -n num_to_check [-c cachename] [-r realmname]\n", +@@ -100,9 +98,7 @@ struct h_timer tgs_req_times = { 0.0, 1000000.0, -1.0, 0 }; + tstart_time.tv_usec))/1000000.0))) + + int +-main(argc, argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + krb5_ccache ccache = NULL; + char *cache_name = NULL; /* -f option */ +@@ -271,11 +267,8 @@ main(argc, argv) + + + static krb5_error_code +-get_server_key(context, server, enctype, key) +- krb5_context context; +- krb5_principal server; +- krb5_enctype enctype; +- krb5_keyblock ** key; ++get_server_key(krb5_context context, krb5_principal server, ++ krb5_enctype enctype, krb5_keyblock **key) + { + krb5_error_code retval; + krb5_encrypt_block eblock; +@@ -311,15 +304,10 @@ cleanup_salt: + return retval; + } + +-int verify_cs_pair(context, p_client_str, p_client, service, hostname, +- p_num, c_depth, s_depth, ccache) +- krb5_context context; +- char *p_client_str; +- krb5_principal p_client; +- char * service; +- char * hostname; +- int p_num, c_depth, s_depth; +- krb5_ccache ccache; ++int ++verify_cs_pair(krb5_context context, char *p_client_str, ++ krb5_principal p_client, char *service, char *hostname, ++ int p_num, int c_depth, int s_depth, krb5_ccache ccache) + { + krb5_error_code retval; + krb5_creds creds; +@@ -433,11 +421,9 @@ cleanup: + return retval; + } + +-int get_tgt (context, p_client_str, p_client, ccache) +- krb5_context context; +- char *p_client_str; +- krb5_principal *p_client; +- krb5_ccache ccache; ++int ++get_tgt(krb5_context context, char *p_client_str, krb5_principal *p_client, ++ krb5_ccache ccache) + { + long lifetime = KRB5_DEFAULT_LIFE; /* -l option */ + krb5_error_code code; +diff --git a/src/tests/kdbtest.c b/src/tests/kdbtest.c +index 3f61f3e83b..6459c3390f 100644 +--- a/src/tests/kdbtest.c ++++ b/src/tests/kdbtest.c +@@ -271,7 +271,7 @@ iter_pol_handler(void *data, osa_policy_ent_t pol) + } + + int +-main() ++main(void) + { + krb5_db_entry *ent; + osa_policy_ent_t pol; +diff --git a/src/tests/misc/test_getpw.c b/src/tests/misc/test_getpw.c +index 6031e15035..59ff5d3a5d 100644 +--- a/src/tests/misc/test_getpw.c ++++ b/src/tests/misc/test_getpw.c +@@ -32,7 +32,7 @@ + #include + #include + +-int main() ++int main(void) + { + uid_t my_uid; + struct passwd *pwd, pwx; +diff --git a/src/tests/plugorder.c b/src/tests/plugorder.c +index e1245e4765..a2b7e34eea 100644 +--- a/src/tests/plugorder.c ++++ b/src/tests/plugorder.c +@@ -77,7 +77,7 @@ blt3(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable) + } + + int +-main() ++main(void) + { + krb5_plugin_initvt_fn *modules = NULL, *mod; + struct krb5_pwqual_vtable_st vt; +diff --git a/src/tests/shlib/t_loader.c b/src/tests/shlib/t_loader.c +index 29481a7be2..203f023f69 100644 +--- a/src/tests/shlib/t_loader.c ++++ b/src/tests/shlib/t_loader.c +@@ -180,7 +180,7 @@ static void do_close(void *libhandle) + + #endif + +-int main() ++int main(void) + { + void *celib, *k5lib, *gsslib, *celib2; + +diff --git a/src/tests/softpkcs11/main.c b/src/tests/softpkcs11/main.c +index 82b05ff0da..908f926405 100644 +--- a/src/tests/softpkcs11/main.c ++++ b/src/tests/softpkcs11/main.c +@@ -860,7 +860,7 @@ func_not_supported(void) + } + + static char * +-get_rcfilename() ++get_rcfilename(void) + { + struct passwd *pw; + const char *home = NULL; +diff --git a/src/tests/t_inetd.c b/src/tests/t_inetd.c +index d22cf31ffa..3790467c7b 100644 +--- a/src/tests/t_inetd.c ++++ b/src/tests/t_inetd.c +@@ -59,16 +59,15 @@ + + char *progname; + +-static void usage() ++static void ++usage(void) + { + fprintf(stderr, "%s: port program argv0 argv1 ...\n", progname); + exit(1); + } + + int +-main(argc, argv) +- int argc; +- char **argv; ++main(int argc, char **argv) + { + unsigned short port; + char *path; +diff --git a/src/tests/test1.c b/src/tests/test1.c +index aed656ebe3..b213a349bf 100644 +--- a/src/tests/test1.c ++++ b/src/tests/test1.c +@@ -31,7 +31,7 @@ unsigned char key_two[8] = { 0xea, 0x89, 0x57, 0x76, 0x5b, 0xcd, 0x0d, 0x34 }; + + extern void dump_data(); + +-tkt_test_1() ++tkt_test_1(void) + { + krb5_data *data; + krb5_ticket tk_in, *tk_out; +@@ -185,7 +185,7 @@ tkt_test_1() + + + +-main() ++main(void) + { + krb5_init_ets(); + tkt_test_1(); +diff --git a/src/tests/verify/kdb5_verify.c b/src/tests/verify/kdb5_verify.c +index 3b152baed6..d53e92ad45 100644 +--- a/src/tests/verify/kdb5_verify.c ++++ b/src/tests/verify/kdb5_verify.c +@@ -50,9 +50,7 @@ struct mblock { + int set_dbname_help (krb5_context, char *, char *); + + static void +-usage(who, status) +- char *who; +- int status; ++usage(char *who, int status) + { + fprintf(stderr, + "usage: %s -p prefix -n num_to_check [-d dbpathname] [-r realmname]\n", +@@ -78,9 +76,7 @@ static krb5_boolean manual_mkey = FALSE; + int check_princ (krb5_context, char *); + + int +-main(argc, argv) +- int argc; +- char *argv[]; ++main(int argc, char *argv[]) + { + extern char *optarg; + int optchar, i, n; +@@ -221,9 +217,7 @@ main(argc, argv) + } + + int +-check_princ(context, str_princ) +- krb5_context context; +- char * str_princ; ++check_princ(krb5_context context, char *str_princ) + { + krb5_error_code retval; + krb5_db_entry *kdbe = NULL; +@@ -343,10 +337,7 @@ out: + } + + int +-set_dbname_help(context, pname, dbname) +- krb5_context context; +- char *pname; +- char *dbname; ++set_dbname_help(krb5_context context, char *pname, char *dbname) + { + krb5_error_code retval; + krb5_data pwd, scratch; +diff --git a/src/util/et/error_message.c b/src/util/et/error_message.c +index 7dc02a34ea..13ad3af6a2 100644 +--- a/src/util/et/error_message.c ++++ b/src/util/et/error_message.c +@@ -82,7 +82,7 @@ void com_err_terminate(void) + #endif + + static char * +-get_thread_buffer () ++get_thread_buffer(void) + { + char *cp; + cp = k5_getspecific(K5_KEY_COM_ERR); +diff --git a/src/util/et/test_et.c b/src/util/et/test_et.c +index 9faf10f460..2002e5ff46 100644 +--- a/src/util/et/test_et.c ++++ b/src/util/et/test_et.c +@@ -17,7 +17,8 @@ extern const char *error_table_name (errcode_t); + extern int sys_nerr; + #endif + +-int main() ++int ++main(void) + { + printf("Before initiating error table:\n\n"); + #ifndef EXPORT_LIST +diff --git a/src/util/profile/prof_init.c b/src/util/profile/prof_init.c +index cc92248f42..077c852e49 100644 +--- a/src/util/profile/prof_init.c ++++ b/src/util/profile/prof_init.c +@@ -103,7 +103,7 @@ init_load_module(const char *modspec, profile_t *ret_profile) + struct errinfo einfo = { 0 }; + prf_lib_handle_t lib_handle = NULL; + struct plugin_file_handle *plhandle = NULL; +- void *cbdata = NULL, (*fptr)(); ++ void *cbdata = NULL, (*fptr)(void); + int have_lock = 0, have_cbdata = 0; + struct profile_vtable vtable = { 1 }; /* Set minor_ver to 1, rest null. */ + errcode_t err; +diff --git a/src/util/profile/t_profile.c b/src/util/profile/t_profile.c +index b0e715ba02..bffd115618 100644 +--- a/src/util/profile/t_profile.c ++++ b/src/util/profile/t_profile.c +@@ -72,7 +72,7 @@ write_file(const char *name, int nlines, ...) + /* Regression test for #2685 (profile iterator breaks when modifications + * made) */ + static void +-test_iterate() ++test_iterate(void) + { + profile_t p; + void *iter; +@@ -129,7 +129,7 @@ test_iterate() + * global shared profiles list. + */ + static void +-test_shared() ++test_shared(void) + { + profile_t a, b; + struct utimbuf times; +@@ -164,7 +164,7 @@ test_shared() + /* Regression test for #2950 (profile_clear_relation not reflected within + * handle where deletion is performed) */ + static void +-test_clear() ++test_clear(void) + { + profile_t p; + const char *names[] = { "test section 1", "quux", NULL }; +@@ -183,7 +183,7 @@ test_clear() + } + + static void +-test_include() ++test_include(void) + { + profile_t p; + const char *names[] = { "test section 1", "bar", NULL }; +@@ -237,7 +237,7 @@ test_include() + + /* Test syntactic independence of included profile files. */ + static void +-test_independence() ++test_independence(void) + { + profile_t p; + const char *names1[] = { "sec1", "var", "a", NULL }; +@@ -264,7 +264,7 @@ test_independence() + + /* Regression test for #7971 (deleted sections should not be iterable) */ + static void +-test_delete_section() ++test_delete_section(void) + { + profile_t p; + const char *sect[] = { "test section 1", NULL }; +@@ -290,7 +290,7 @@ test_delete_section() + /* Regression test for #7971 (profile_clear_relation() error with deleted node + * at end of value set) */ + static void +-test_delete_clear_relation() ++test_delete_clear_relation(void) + { + profile_t p; + const char *names[] = { "test section 1", "testkey", NULL }; +@@ -305,7 +305,7 @@ test_delete_clear_relation() + + /* Test that order of relations is preserved if some relations are deleted. */ + static void +-test_delete_ordering() ++test_delete_ordering(void) + { + profile_t p; + const char *names[] = { "test section 1", "testkey", NULL }; +@@ -329,7 +329,7 @@ test_delete_ordering() + /* Regression test for #8431 (profile_flush_to_file erroneously changes flag + * state on source object) */ + static void +-test_flush_to_file() ++test_flush_to_file(void) + { + profile_t p; + +@@ -349,7 +349,7 @@ test_flush_to_file() + /* Regression test for #7863 (multiply-specified subsections should + * be merged) */ + static void +-test_merge_subsections() ++test_merge_subsections(void) + { + profile_t p; + const char *n1[] = { "test section 2", "child_section2", "child", NULL }; +@@ -374,7 +374,7 @@ test_merge_subsections() + } + + int +-main() ++main(void) + { + test_iterate(); + test_shared(); +diff --git a/src/util/profile/test_load.c b/src/util/profile/test_load.c +index cb870eff93..fe2d1e3e72 100644 +--- a/src/util/profile/test_load.c ++++ b/src/util/profile/test_load.c +@@ -29,7 +29,7 @@ + #include "prof_int.h" + + int +-main() ++main(void) + { + profile_t pr, pr2; + const char *files[] = { "./modtest.conf", NULL }; +diff --git a/src/util/profile/test_parse.c b/src/util/profile/test_parse.c +index 9f2631e949..0532254e8c 100644 +--- a/src/util/profile/test_parse.c ++++ b/src/util/profile/test_parse.c +@@ -11,9 +11,8 @@ + + void dump_profile (struct profile_node *root, int level); + +-int main(argc, argv) +- int argc; +- char **argv; ++int ++main(int argc, char **argv) + { + struct profile_node *root; + unsigned long retval; +diff --git a/src/util/profile/test_profile.c b/src/util/profile/test_profile.c +index 6f6fcc7ac5..31b1063951 100644 +--- a/src/util/profile/test_profile.c ++++ b/src/util/profile/test_profile.c +@@ -19,8 +19,8 @@ const char *program_name = "test_profile"; + #define PRINT_VALUE 1 + #define PRINT_VALUES 2 + +-static void do_batchmode(profile) +- profile_t profile; ++static void ++do_batchmode(profile_t profile) + { + errcode_t retval; + int argc, ret; +@@ -108,10 +108,8 @@ static void do_batchmode(profile) + + } + +- +-int main(argc, argv) +- int argc; +- char **argv; ++int ++main(int argc, char **argv) + { + profile_t profile; + long retval; +diff --git a/src/util/profile/test_vtable.c b/src/util/profile/test_vtable.c +index 9a0b2278a7..a7b6f54ae9 100644 +--- a/src/util/profile/test_vtable.c ++++ b/src/util/profile/test_vtable.c +@@ -232,7 +232,8 @@ struct profile_vtable full_vtable = { + full_flush + }; + +-int main() ++int ++main(void) + { + profile_t profile; + char **values, *str, *name, *value; +diff --git a/src/util/ss/error.c b/src/util/ss/error.c +index b5768a62b7..e5cd1b2d12 100644 +--- a/src/util/ss/error.c ++++ b/src/util/ss/error.c +@@ -33,8 +33,8 @@ + #include "com_err.h" + #include "copyright.h" + +-char * ss_name(sci_idx) +- int sci_idx; ++char * ++ss_name(int sci_idx) + { + ss_data *infop; + +@@ -50,7 +50,8 @@ char * ss_name(sci_idx) + } + } + +-void ss_error (int sci_idx, long code, const char * fmt, ...) ++void ++ss_error(int sci_idx, long code, const char *fmt, ...) + { + char *whoami; + va_list pvar; +@@ -61,10 +62,8 @@ void ss_error (int sci_idx, long code, const char * fmt, ...) + va_end(pvar); + } + +-void ss_perror (sci_idx, code, msg) /* for compatibility */ +- int sci_idx; +- long code; +- char const *msg; ++void ++ss_perror(int sci_idx, long code, char const *msg) /* for compatibility */ + { + ss_error (sci_idx, code, "%s", msg); + } +diff --git a/src/util/ss/execute_cmd.c b/src/util/ss/execute_cmd.c +index c06ee56547..065c24148b 100644 +--- a/src/util/ss/execute_cmd.c ++++ b/src/util/ss/execute_cmd.c +@@ -52,11 +52,9 @@ + * Notes: + */ + +-static int check_request_table (rqtbl, argc, argv, sci_idx) +- ss_request_table *rqtbl; +- int argc; +- char *argv[]; +- int sci_idx; ++static int ++check_request_table(ss_request_table *rqtbl, int argc, char *argv[], ++ int sci_idx) + { + ss_request_entry *request; + ss_data *info; +@@ -101,10 +99,8 @@ static int check_request_table (rqtbl, argc, argv, sci_idx) + * Notes: + */ + +-static int really_execute_command (sci_idx, argc, argv) +- int sci_idx; +- int argc; +- char **argv[]; ++static int ++really_execute_command(int sci_idx, int argc, char **argv[]) + { + ss_request_table **rqtbl; + ss_data *info; +@@ -135,9 +131,7 @@ static int really_execute_command (sci_idx, argc, argv) + */ + + int +-ss_execute_command(sci_idx, argv) +- int sci_idx; +- char *argv[]; ++ss_execute_command(int sci_idx, char *argv[]) + { + unsigned int i, argc; + char **argp; +@@ -172,9 +166,8 @@ ss_execute_command(sci_idx, argv) + * Notes: + */ + +-int ss_execute_line (sci_idx, line_ptr) +- int sci_idx; +- char *line_ptr; ++int ++ss_execute_line(int sci_idx, char *line_ptr) + { + char **argv; + int argc, ret; +diff --git a/src/util/ss/help.c b/src/util/ss/help.c +index 6d333c9710..747fde5351 100644 +--- a/src/util/ss/help.c ++++ b/src/util/ss/help.c +@@ -15,11 +15,8 @@ + #include "copyright.h" + + +-void ss_help (argc, argv, sci_idx, info_ptr) +- int argc; +- char const * const *argv; +- int sci_idx; +- pointer info_ptr; ++void ++ss_help(int argc, char const * const *argv, int sci_idx, pointer info_ptr) + { + char buffer[MAXPATHLEN]; + char const *request_name; +@@ -81,15 +78,11 @@ got_it: + ss_page_stdin(); + default: + (void) close(fd); /* what can we do if it fails? */ +-#ifdef WAIT_USES_INT +- while (wait((int *)NULL) != child) { +-#else +- while (wait((union wait *)NULL) != child) { +-#endif +- /* do nothing if wrong pid */ +- }; +- } ++ while (wait(NULL) != child) { ++ /* do nothing if wrong pid */ ++ }; + } ++} + + #ifndef USE_DIRENT_H + #include +@@ -97,60 +90,56 @@ got_it: + #include + #endif + +- void ss_add_info_dir(sci_idx, info_dir, code_ptr) +- int sci_idx; +- char *info_dir; +- int *code_ptr; +- { +- ss_data *info; +- DIR *d; +- int n_dirs; +- char **dirs; ++void ++ss_add_info_dir(int sci_idx, char *info_dir, int *code_ptr) ++{ ++ ss_data *info; ++ DIR *d; ++ int n_dirs; ++ char **dirs; + +- info = ss_info(sci_idx); +- if ((info_dir == NULL) || (*info_dir == '\0')) { +- *code_ptr = SS_ET_NO_INFO_DIR; +- return; +- } +- if ((d = opendir(info_dir)) == (DIR *)NULL) { +- *code_ptr = errno; +- return; +- } +- closedir(d); +- dirs = info->info_dirs; +- for (n_dirs = 0; dirs[n_dirs] != (char *)NULL; n_dirs++) +- ; /* get number of non-NULL dir entries */ +- dirs = (char **)realloc((char *)dirs, +- (unsigned)(n_dirs + 2)*sizeof(char *)); +- if (dirs == (char **)NULL) { +- info->info_dirs = (char **)NULL; +- *code_ptr = errno; +- return; +- } +- info->info_dirs = dirs; +- dirs[n_dirs + 1] = (char *)NULL; +- dirs[n_dirs] = strdup(info_dir); +- *code_ptr = 0; ++ info = ss_info(sci_idx); ++ if ((info_dir == NULL) || (*info_dir == '\0')) { ++ *code_ptr = SS_ET_NO_INFO_DIR; ++ return; ++ } ++ if ((d = opendir(info_dir)) == (DIR *)NULL) { ++ *code_ptr = errno; ++ return; + } ++ closedir(d); ++ dirs = info->info_dirs; ++ for (n_dirs = 0; dirs[n_dirs] != (char *)NULL; n_dirs++) ++ ; /* get number of non-NULL dir entries */ ++ dirs = (char **)realloc((char *)dirs, ++ (unsigned)(n_dirs + 2)*sizeof(char *)); ++ if (dirs == (char **)NULL) { ++ info->info_dirs = (char **)NULL; ++ *code_ptr = errno; ++ return; ++ } ++ info->info_dirs = dirs; ++ dirs[n_dirs + 1] = (char *)NULL; ++ dirs[n_dirs] = strdup(info_dir); ++ *code_ptr = 0; ++} + +- void ss_delete_info_dir(sci_idx, info_dir, code_ptr) +- int sci_idx; +- char *info_dir; +- int *code_ptr; +- { +- char **i_d; +- char **info_dirs; ++void ++ss_delete_info_dir(int sci_idx, char *info_dir, int *code_ptr) ++{ ++ char **i_d; ++ char **info_dirs; + +- info_dirs = ss_info(sci_idx)->info_dirs; +- for (i_d = info_dirs; *i_d; i_d++) { +- if (!strcmp(*i_d, info_dir)) { +- while (*i_d) { +- *i_d = *(i_d+1); +- i_d++; +- } +- *code_ptr = 0; +- return; ++ info_dirs = ss_info(sci_idx)->info_dirs; ++ for (i_d = info_dirs; *i_d; i_d++) { ++ if (!strcmp(*i_d, info_dir)) { ++ while (*i_d) { ++ *i_d = *(i_d+1); ++ i_d++; + } ++ *code_ptr = 0; ++ return; + } +- *code_ptr = SS_ET_NO_INFO_DIR; + } ++ *code_ptr = SS_ET_NO_INFO_DIR; ++} +diff --git a/src/util/ss/invocation.c b/src/util/ss/invocation.c +index 378bc3e927..7736c957d4 100644 +--- a/src/util/ss/invocation.c ++++ b/src/util/ss/invocation.c +@@ -36,12 +36,10 @@ + _ss_table[sci_idx], make sure you change the allocation routine to + not assume there are no null pointers in the middle of the + array. */ +-int ss_create_invocation(subsystem_name, version_string, info_ptr, +- request_table_ptr, code_ptr) +- char *subsystem_name, *version_string; +- char *info_ptr; +- ss_request_table *request_table_ptr; +- int *code_ptr; ++int ++ss_create_invocation(char *subsystem_name, char *version_string, ++ char *info_ptr, ss_request_table *request_table_ptr, ++ int *code_ptr) + { + int sci_idx; + ss_data *new_table; +@@ -115,8 +113,7 @@ int ss_create_invocation(subsystem_name, version_string, info_ptr, + } + + void +-ss_delete_invocation(sci_idx) +- int sci_idx; ++ss_delete_invocation(int sci_idx) + { + ss_data *t; + int ignored_code; +diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c +index c0882bf908..8376e21be8 100644 +--- a/src/util/ss/list_rqs.c ++++ b/src/util/ss/list_rqs.c +@@ -21,15 +21,8 @@ static char const twentyfive_spaces[26] = + static char const NL[2] = "\n"; + + void +-ss_list_requests(argc, argv, sci_idx, info_ptr) +- int argc; +- const char * const *argv; +- int sci_idx; +-#ifdef __STDC__ +- void *info_ptr; +-#else +- char *info_ptr; +-#endif ++ss_list_requests(int argc, const char * const *argv, int sci_idx, ++ void *info_ptr) + { + ss_request_entry *entry; + char const *const *name; +diff --git a/src/util/ss/listen.c b/src/util/ss/listen.c +index fe18475447..79f258fbc4 100644 +--- a/src/util/ss/listen.c ++++ b/src/util/ss/listen.c +@@ -28,7 +28,8 @@ static jmp_buf listen_jmpb; + + #ifdef NO_READLINE + /* Dumb replacement for readline when we don't have support for a real one. */ +-static char *readline(const char *prompt) ++static char * ++readline(const char *prompt) + { + struct termios termbuf; + char input[BUFSIZ]; +@@ -49,20 +50,21 @@ static char *readline(const char *prompt) + } + + /* No-op replacement for add_history() when we have no readline support. */ +-static void add_history(const char *line) ++static void ++add_history(const char *line) + { + } + #endif + +-static void listen_int_handler(signo) +- int signo; ++static void ++listen_int_handler(int signo) + { + putc('\n', stdout); + longjmp(listen_jmpb, 1); + } + +-int ss_listen (sci_idx) +- int sci_idx; ++int ++ss_listen(int sci_idx) + { + char *cp; + ss_data *info; +@@ -83,12 +85,12 @@ int ss_listen (sci_idx) + info->abort = 0; + + #ifdef POSIX_SIGNALS +- csig.sa_handler = (void (*)())0; ++ csig.sa_handler = (void (*)(int))0; + sigemptyset(&nmask); + sigaddset(&nmask, SIGINT); + sigprocmask(SIG_BLOCK, &nmask, &omask); + #else +- sig_cont = (void (*)())0; ++ sig_cont = (void (*)(int))0; + mask = sigblock(sigmask(SIGINT)); + #endif + +@@ -115,7 +117,7 @@ int ss_listen (sci_idx) + nsig.sa_handler = listen_int_handler; /* fgets is not signal-safe */ + osig = csig; + sigaction(SIGCONT, &nsig, &csig); +- if ((void (*)())csig.sa_handler==(void (*)())listen_int_handler) ++ if ((void (*)(int))csig.sa_handler==(void (*)(int))listen_int_handler) + csig = osig; + #else + old_sig_cont = sig_cont; +@@ -166,20 +168,16 @@ egress: + return code; + } + +-void ss_abort_subsystem(sci_idx, code) +- int sci_idx; +- int code; ++void ++ss_abort_subsystem(int sci_idx, int code) + { + ss_info(sci_idx)->abort = 1; + ss_info(sci_idx)->exit_status = code; + + } + +-void ss_quit(argc, argv, sci_idx, infop) +- int argc; +- char const * const *argv; +- int sci_idx; +- pointer infop; ++void ++ss_quit(int argc, char const * const *argv, int sci_idx, pointer infop) + { + ss_abort_subsystem(sci_idx, 0); + } +diff --git a/src/util/ss/pager.c b/src/util/ss/pager.c +index 3e47ed3993..255c721ad1 100644 +--- a/src/util/ss/pager.c ++++ b/src/util/ss/pager.c +@@ -10,13 +10,13 @@ + #include "copyright.h" + #include + #include ++#include + #include + #include + #include + + static char MORE[] = "more"; + extern char *_ss_pager_name; +-extern char *getenv(); + + /* + * this needs a *lot* of work.... +@@ -25,10 +25,10 @@ extern char *getenv(); + * handle SIGINT sensibly + * allow finer control -- put-page-break-here + */ +-void ss_page_stdin(); ++void ss_page_stdin(void); + + #ifndef NO_FORK +-int ss_pager_create() ++int ss_pager_create(void) + { + int filedes[2]; + +@@ -56,7 +56,7 @@ int ss_pager_create() + } + } + #else /* don't fork */ +-int ss_pager_create() ++int ss_pager_create(void) + { + int fd; + fd = open("/dev/tty", O_WRONLY, 0); +@@ -66,7 +66,7 @@ int ss_pager_create() + } + #endif + +-void ss_page_stdin() ++void ss_page_stdin(void) + { + int i; + #ifdef POSIX_SIGNALS +diff --git a/src/util/ss/parse.c b/src/util/ss/parse.c +index 78a831bf36..6fb031cdcd 100644 +--- a/src/util/ss/parse.c ++++ b/src/util/ss/parse.c +@@ -53,10 +53,8 @@ enum parse_mode { WHITESPACE, TOKEN, QUOTED_STRING }; + #define NEW_ARGV(old,n) (char **)realloc((char *)old, \ + (unsigned)(n+2)*sizeof(char*)) + +-char **ss_parse (sci_idx, line_ptr, argc_ptr) +- int sci_idx; +- char *line_ptr; +- int *argc_ptr; ++char ** ++ss_parse(int sci_idx, char *line_ptr, int *argc_ptr) + { + char **argv, *cp; + char **newargv; +diff --git a/src/util/ss/prompt.c b/src/util/ss/prompt.c +index 5aa2ad6140..48e57d6702 100644 +--- a/src/util/ss/prompt.c ++++ b/src/util/ss/prompt.c +@@ -11,16 +11,13 @@ + #include "ss_internal.h" + + void +-ss_set_prompt(sci_idx, new_prompt) +- int sci_idx; +- char *new_prompt; ++ss_set_prompt(int sci_idx, char *new_prompt) + { + ss_info(sci_idx)->prompt = new_prompt; + } + + char * +-ss_get_prompt(sci_idx) +- int sci_idx; ++ss_get_prompt(int sci_idx) + { + return(ss_info(sci_idx)->prompt); + } +diff --git a/src/util/ss/request_tbl.c b/src/util/ss/request_tbl.c +index 03cde1b7d0..fc4461bb00 100644 +--- a/src/util/ss/request_tbl.c ++++ b/src/util/ss/request_tbl.c +@@ -11,11 +11,7 @@ + #define ssrt ss_request_table /* for some readable code... */ + + void +-ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr) +- int sci_idx; +- ssrt *rqtbl_ptr; +- int position; /* 1 -> becomes second... */ +- int *code_ptr; ++ss_add_request_table(int sci_idx, ssrt *rqtbl_ptr, int position, int *code_ptr) + { + ss_data *info; + int i, size; +@@ -44,10 +40,7 @@ ss_add_request_table(sci_idx, rqtbl_ptr, position, code_ptr) + } + + void +-ss_delete_request_table(sci_idx, rqtbl_ptr, code_ptr) +- int sci_idx; +- ssrt *rqtbl_ptr; +- int *code_ptr; ++ss_delete_request_table(int sci_idx, ssrt *rqtbl_ptr, int *code_ptr) + { + ss_data *info; + ssrt **rt1, **rt2; +diff --git a/src/util/ss/requests.c b/src/util/ss/requests.c +index aa6752fa11..651f2201d2 100644 +--- a/src/util/ss/requests.c ++++ b/src/util/ss/requests.c +@@ -9,7 +9,7 @@ + #include + #include "ss_internal.h" + +-#define DECLARE(name) void name(argc,argv,sci_idx,info_ptr)int argc,sci_idx;const char * const *argv; pointer info_ptr; ++#define DECLARE(name) void name(int argc, const char *const *argv, int sci_idx, pointer info_ptr) + + /* + * ss_self_identify -- assigned by default to the "." request +diff --git a/src/util/ss/ss.h b/src/util/ss/ss.h +index 38d8974e3c..faac0d97c1 100644 +--- a/src/util/ss/ss.h ++++ b/src/util/ss/ss.h +@@ -48,7 +48,6 @@ typedef struct _ss_rp_options { /* DEFAULT VALUES */ + void ss_help __SS_PROTO; + void ss_list_requests __SS_PROTO; + void ss_quit __SS_PROTO; +-char *ss_current_request(); + char *ss_name(int); + void ss_error (int, long, char const *, ...) + #if !defined(__cplusplus) && (__GNUC__ > 2) +diff --git a/src/util/ss/ss_internal.h b/src/util/ss/ss_internal.h +index 1f5ddfff91..cdd88af218 100644 +--- a/src/util/ss/ss_internal.h ++++ b/src/util/ss/ss_internal.h +@@ -84,8 +84,7 @@ typedef struct _ss_data { /* init values */ + #define ss_info(sci_idx) (_ss_table[sci_idx]) + #define ss_current_request(sci_idx,code_ptr) \ + (*code_ptr=0,ss_info(sci_idx)->current_request) +-void ss_unknown_function(); +-void ss_delete_info_dir(); ++void ss_delete_info_dir(int, char *, int *); + char **ss_parse (int, char *, int *); + ss_abbrev_info *ss_abbrev_initialize (char *, int *); + void ss_page_stdin (void); +diff --git a/src/util/support/plugins.c b/src/util/support/plugins.c +index 0850565687..253b118dcb 100644 +--- a/src/util/support/plugins.c ++++ b/src/util/support/plugins.c +@@ -240,13 +240,13 @@ krb5int_get_plugin_data(struct plugin_file_handle *h, const char *csymname, + + long KRB5_CALLCONV + krb5int_get_plugin_func(struct plugin_file_handle *h, const char *csymname, +- void (**sym_out)(), struct errinfo *ep) ++ void (**sym_out)(void), struct errinfo *ep) + { + void *dptr = NULL; + long ret = get_sym(h, csymname, &dptr, ep); + + if (!ret) +- *sym_out = (void (*)())dptr; ++ *sym_out = (void (*)(void))dptr; + return ret; + } + +@@ -552,7 +552,7 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle, + struct errinfo *ep) + { + long err = 0; +- void (**p)() = NULL; ++ void (**p)(void) = NULL; + size_t count = 0; + + /* XXX Do we need to add a leading "_" to the symbol name on any +@@ -569,10 +569,10 @@ krb5int_get_plugin_dir_func (struct plugin_dir_handle *dirhandle, + int i = 0; + + for (i = 0; !err && (dirhandle->files[i] != NULL); i++) { +- void (*sym)() = NULL; ++ void (*sym)(void) = NULL; + + if (krb5int_get_plugin_func (dirhandle->files[i], symname, &sym, ep) == 0) { +- void (**newp)() = NULL; ++ void (**newp)(void) = NULL; + + count++; + newp = realloc (p, ((count + 1) * sizeof (*p))); /* +1 for NULL */ +diff --git a/src/util/support/t_hashtab.c b/src/util/support/t_hashtab.c +index f51abc4f19..d90d5d9d02 100644 +--- a/src/util/support/t_hashtab.c ++++ b/src/util/support/t_hashtab.c +@@ -104,7 +104,7 @@ const uint64_t vectors[64] = { + }; + + static void +-test_siphash() ++test_siphash(void) + { + uint8_t seq[64]; + uint64_t k0, k1, hval; +@@ -122,7 +122,7 @@ test_siphash() + } + + static void +-test_hashtab() ++test_hashtab(void) + { + int st; + struct k5_hashtab *ht; +@@ -168,7 +168,7 @@ test_hashtab() + } + + int +-main() ++main(void) + { + test_siphash(); + test_hashtab(); +diff --git a/src/util/support/t_hex.c b/src/util/support/t_hex.c +index a586a1bc89..40e6aa2327 100644 +--- a/src/util/support/t_hex.c ++++ b/src/util/support/t_hex.c +@@ -137,7 +137,8 @@ struct { + { "F8F9FAFBFCFDFEFF", "\xF8\xF9\xFA\xFB\xFC\xFD\xFE\xFF", 8, 1 }, + }; + +-int main() ++int ++main(void) + { + size_t i; + char *hex; +diff --git a/src/util/support/t_json.c b/src/util/support/t_json.c +index 1f229247b4..bacca6f8da 100644 +--- a/src/util/support/t_json.c ++++ b/src/util/support/t_json.c +@@ -86,7 +86,7 @@ check(int pred, const char *str) + } + + static void +-test_array() ++test_array(void) + { + k5_json_string v1; + k5_json_number v2; +diff --git a/src/util/support/t_k5buf.c b/src/util/support/t_k5buf.c +index 734b2720c0..18e7e9b7be 100644 +--- a/src/util/support/t_k5buf.c ++++ b/src/util/support/t_k5buf.c +@@ -54,7 +54,7 @@ check_buf(struct k5buf *buf, const char *name) + } + + static void +-test_basic() ++test_basic(void) + { + struct k5buf buf; + char storage[1024]; +@@ -76,7 +76,7 @@ test_basic() + } + + static void +-test_realloc() ++test_realloc(void) + { + struct k5buf buf; + char data[1024]; +@@ -132,7 +132,7 @@ test_realloc() + } + + static void +-test_overflow() ++test_overflow(void) + { + struct k5buf buf; + char storage[10]; +@@ -153,7 +153,7 @@ test_overflow() + } + + static void +-test_error() ++test_error(void) + { + struct k5buf buf; + char storage[1]; +@@ -173,7 +173,7 @@ test_error() + } + + static void +-test_truncate() ++test_truncate(void) + { + struct k5buf buf; + +@@ -188,7 +188,7 @@ test_truncate() + } + + static void +-test_binary() ++test_binary(void) + { + struct k5buf buf; + char data[] = { 'a', 0, 'b' }, *s; +@@ -205,7 +205,7 @@ test_binary() + } + + static void +-test_fmt() ++test_fmt(void) + { + struct k5buf buf; + char storage[10], data[1024]; +@@ -246,7 +246,7 @@ test_fmt() + } + + int +-main() ++main(void) + { + test_basic(); + test_realloc(); +diff --git a/src/util/support/t_unal.c b/src/util/support/t_unal.c +index f67cd31edf..6d097f0f83 100644 +--- a/src/util/support/t_unal.c ++++ b/src/util/support/t_unal.c +@@ -2,7 +2,8 @@ + #undef NDEBUG + #include "k5-platform.h" + +-int main () ++int ++main(void) + { + /* Test some low-level assumptions the Kerberos code depends + on. */ +-- +2.44.0 + diff --git a/SOURCES/0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch b/SOURCES/0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch new file mode 100644 index 0000000..2b3e661 --- /dev/null +++ b/SOURCES/0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch @@ -0,0 +1,34 @@ +From 347079e258e6ded99d8dda162cafaf133b982ab9 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Fri, 27 Oct 2023 00:44:53 -0400 +Subject: [PATCH] End connection on KDC_ERR_SVC_UNAVAILABLE + +In sendto_kdc.c:service_fds(), if a message handler indicates that a +message should be discarded, kill the connection so we don't continue +waiting on it for more data. + +ticket: 7899 +(cherry picked from commit ca80f64c786341d5871ae1de18142e62af64f7b9) +--- + src/lib/krb5/os/sendto_kdc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c +index 0f4bf23a95..262edf09b4 100644 +--- a/src/lib/krb5/os/sendto_kdc.c ++++ b/src/lib/krb5/os/sendto_kdc.c +@@ -1440,7 +1440,10 @@ service_fds(krb5_context context, struct select_state *selstate, + if (msg_handler != NULL) { + krb5_data reply = make_data(state->in.buf, state->in.pos); + +- stop = (msg_handler(context, &reply, msg_handler_data) != 0); ++ if (!msg_handler(context, &reply, msg_handler_data)) { ++ kill_conn(context, state, selstate); ++ stop = 0; ++ } + } + + if (stop) { +-- +2.44.0 + diff --git a/SOURCES/0018-Add-request_timeout-configuration-parameter.patch b/SOURCES/0018-Add-request_timeout-configuration-parameter.patch new file mode 100644 index 0000000..84d3c65 --- /dev/null +++ b/SOURCES/0018-Add-request_timeout-configuration-parameter.patch @@ -0,0 +1,226 @@ +From d71ebaef4619d6281551793c297caed7a025a909 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Thu, 26 Oct 2023 14:20:34 -0400 +Subject: [PATCH] Add request_timeout configuration parameter + +Add a parameter to limit the total amount of time taken for a KDC or +password change request. + +ticket: 9106 (new) +(cherry picked from commit 802318cda963456b3ed7856c836e89da891483be) +--- + doc/admin/conf_files/krb5_conf.rst | 9 ++++++ + src/include/k5-int.h | 2 ++ + src/lib/krb5/krb/init_ctx.c | 14 +++++++- + src/lib/krb5/os/sendto_kdc.c | 51 ++++++++++++++++++++---------- + 4 files changed, 58 insertions(+), 18 deletions(-) + +diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst +index a33711d918..65fb592d98 100644 +--- a/doc/admin/conf_files/krb5_conf.rst ++++ b/doc/admin/conf_files/krb5_conf.rst +@@ -356,6 +356,15 @@ The libdefaults section may contain any of the following relations: + (:ref:`duration` string.) Sets the default renewable lifetime + for initial ticket requests. The default value is 0. + ++**request_timeout** ++ (:ref:`duration` string.) Sets the maximum total time for KDC or ++ password change requests. This timeout does not affect the ++ intervals between requests, so setting a low timeout may result in ++ fewer requests being attempted and/or some servers not being ++ contacted. A value of 0 indicates no specific maximum, in which ++ case requests will time out if no server responds after several ++ tries. The default value is 0. (New in release 1.22.) ++ + **spake_preauth_groups** + A whitespace or comma-separated list of words which specifies the + groups allowed for SPAKE preauthentication. The possible values +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index b3e07945c1..69d6a6f569 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -296,6 +296,7 @@ typedef unsigned char u_char; + #define KRB5_CONF_SPAKE_PREAUTH_INDICATOR "spake_preauth_indicator" + #define KRB5_CONF_SPAKE_PREAUTH_KDC_CHALLENGE "spake_preauth_kdc_challenge" + #define KRB5_CONF_SPAKE_PREAUTH_GROUPS "spake_preauth_groups" ++#define KRB5_CONF_REQUEST_TIMEOUT "request_timeout" + #define KRB5_CONF_TICKET_LIFETIME "ticket_lifetime" + #define KRB5_CONF_UDP_PREFERENCE_LIMIT "udp_preference_limit" + #define KRB5_CONF_UNLOCKITER "unlockiter" +@@ -1200,6 +1201,7 @@ struct _krb5_context { + kdb5_dal_handle *dal_handle; + /* allowable clock skew */ + krb5_deltat clockskew; ++ krb5_deltat req_timeout; + krb5_flags kdc_default_options; + krb5_flags library_options; + krb5_boolean profile_secure; +diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c +index 2b5abcd817..582a2945ff 100644 +--- a/src/lib/krb5/krb/init_ctx.c ++++ b/src/lib/krb5/krb/init_ctx.c +@@ -157,7 +157,7 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, + krb5_context ctx = 0; + krb5_error_code retval; + int tmp; +- char *plugin_dir = NULL; ++ char *plugin_dir = NULL, *timeout_str = NULL; + + /* Verify some assumptions. If the assumptions hold and the + compiler is optimizing, this should result in no code being +@@ -240,6 +240,17 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, + get_integer(ctx, KRB5_CONF_CLOCKSKEW, DEFAULT_CLOCKSKEW, &tmp); + ctx->clockskew = tmp; + ++ retval = profile_get_string(ctx->profile, KRB5_CONF_LIBDEFAULTS, ++ KRB5_CONF_REQUEST_TIMEOUT, NULL, NULL, ++ &timeout_str); ++ if (retval) ++ goto cleanup; ++ if (timeout_str != NULL) { ++ retval = krb5_string_to_deltat(timeout_str, &ctx->req_timeout); ++ if (retval) ++ goto cleanup; ++ } ++ + get_integer(ctx, KRB5_CONF_KDC_DEFAULT_OPTIONS, KDC_OPT_RENEWABLE_OK, + &tmp); + ctx->kdc_default_options = tmp; +@@ -281,6 +292,7 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, + + cleanup: + profile_release_string(plugin_dir); ++ profile_release_string(timeout_str); + krb5_free_context(ctx); + return retval; + } +diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c +index 262edf09b4..98247a1089 100644 +--- a/src/lib/krb5/os/sendto_kdc.c ++++ b/src/lib/krb5/os/sendto_kdc.c +@@ -1395,34 +1395,41 @@ get_endtime(time_ms endtime, struct conn_state *conns) + + static krb5_boolean + service_fds(krb5_context context, struct select_state *selstate, +- time_ms interval, struct conn_state *conns, ++ time_ms interval, time_ms timeout, struct conn_state *conns, + struct select_state *seltemp, const krb5_data *realm, + int (*msg_handler)(krb5_context, const krb5_data *, void *), + void *msg_handler_data, struct conn_state **winner_out) + { + int e, selret = 0; +- time_ms endtime; ++ time_ms curtime, interval_end, endtime; + struct conn_state *state; + + *winner_out = NULL; + +- e = get_curtime_ms(&endtime); ++ e = get_curtime_ms(&curtime); + if (e) + return TRUE; +- endtime += interval; ++ interval_end = curtime + interval; + + e = 0; + while (selstate->nfds > 0) { +- e = cm_select_or_poll(selstate, get_endtime(endtime, conns), +- seltemp, &selret); ++ endtime = get_endtime(interval_end, conns); ++ /* Don't wait longer than the whole request should last. */ ++ if (timeout && endtime > timeout) ++ endtime = timeout; ++ e = cm_select_or_poll(selstate, endtime, seltemp, &selret); + if (e == EINTR) + continue; + if (e != 0) + break; + +- if (selret == 0) +- /* Timeout, return to caller. */ ++ if (selret == 0) { ++ /* We timed out. Stop if we hit the overall request timeout. */ ++ if (timeout && (get_curtime_ms(&curtime) || curtime >= timeout)) ++ return TRUE; ++ /* Otherwise return to the caller to send the next request. */ + return FALSE; ++ } + + /* Got something on a socket, process it. */ + for (state = conns; state != NULL; state = state->next) { +@@ -1495,7 +1502,7 @@ k5_sendto(krb5_context context, const krb5_data *message, + void *msg_handler_data) + { + int pass; +- time_ms delay; ++ time_ms delay, timeout = 0; + krb5_error_code retval; + struct conn_state *conns = NULL, *state, **tailptr, *next, *winner; + size_t s; +@@ -1505,6 +1512,13 @@ k5_sendto(krb5_context context, const krb5_data *message, + + *reply = empty_data(); + ++ if (context->req_timeout) { ++ retval = get_curtime_ms(&timeout); ++ if (retval) ++ return retval; ++ timeout += 1000 * context->req_timeout; ++ } ++ + /* One for use here, listing all our fds in use, and one for + * temporary use in service_fds, for the fds of interest. */ + sel_state = malloc(2 * sizeof(*sel_state)); +@@ -1532,8 +1546,9 @@ k5_sendto(krb5_context context, const krb5_data *message, + if (maybe_send(context, state, message, sel_state, realm, + callback_info)) + continue; +- done = service_fds(context, sel_state, 1000, conns, seltemp, +- realm, msg_handler, msg_handler_data, &winner); ++ done = service_fds(context, sel_state, 1000, timeout, conns, ++ seltemp, realm, msg_handler, msg_handler_data, ++ &winner); + } + } + +@@ -1545,13 +1560,13 @@ k5_sendto(krb5_context context, const krb5_data *message, + if (maybe_send(context, state, message, sel_state, realm, + callback_info)) + continue; +- done = service_fds(context, sel_state, 1000, conns, seltemp, ++ done = service_fds(context, sel_state, 1000, timeout, conns, seltemp, + realm, msg_handler, msg_handler_data, &winner); + } + + /* Wait for two seconds at the end of the first pass. */ + if (!done) { +- done = service_fds(context, sel_state, 2000, conns, seltemp, ++ done = service_fds(context, sel_state, 2000, timeout, conns, seltemp, + realm, msg_handler, msg_handler_data, &winner); + } + +@@ -1562,15 +1577,17 @@ k5_sendto(krb5_context context, const krb5_data *message, + if (maybe_send(context, state, message, sel_state, realm, + callback_info)) + continue; +- done = service_fds(context, sel_state, 1000, conns, seltemp, +- realm, msg_handler, msg_handler_data, &winner); ++ done = service_fds(context, sel_state, 1000, timeout, conns, ++ seltemp, realm, msg_handler, msg_handler_data, ++ &winner); + if (sel_state->nfds == 0) + break; + } + /* Wait for the delay backoff at the end of this pass. */ + if (!done) { +- done = service_fds(context, sel_state, delay, conns, seltemp, +- realm, msg_handler, msg_handler_data, &winner); ++ done = service_fds(context, sel_state, delay, timeout, conns, ++ seltemp, realm, msg_handler, msg_handler_data, ++ &winner); + } + if (sel_state->nfds == 0) + break; +-- +2.44.0 + diff --git a/SOURCES/0019-Wait-indefinitely-on-KDC-TCP-connections.patch b/SOURCES/0019-Wait-indefinitely-on-KDC-TCP-connections.patch new file mode 100644 index 0000000..0a9ef9d --- /dev/null +++ b/SOURCES/0019-Wait-indefinitely-on-KDC-TCP-connections.patch @@ -0,0 +1,138 @@ +From 0bf66d2018db92c95d3bab54a62f6a3265ceb158 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Thu, 26 Oct 2023 16:26:42 -0400 +Subject: [PATCH] Wait indefinitely on KDC TCP connections + +When making a KDC or password change request, wait indefinitely +(limited only by request_timeout if set) once a KDC has accepted a TCP +connection. + +ticket: 9105 (new) +(cherry picked from commit 6436a3808061da787a43c6810f5f0370cdfb6e36) +--- + doc/admin/conf_files/krb5_conf.rst | 2 +- + src/lib/krb5/os/sendto_kdc.c | 50 ++++++++++++++++-------------- + 2 files changed, 27 insertions(+), 25 deletions(-) + +diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst +index 65fb592d98..b7284c47df 100644 +--- a/doc/admin/conf_files/krb5_conf.rst ++++ b/doc/admin/conf_files/krb5_conf.rst +@@ -357,7 +357,7 @@ The libdefaults section may contain any of the following relations: + for initial ticket requests. The default value is 0. + + **request_timeout** +- (:ref:`duration` string.) Sets the maximum total time for KDC or ++ (:ref:`duration` string.) Sets the maximum total time for KDC and + password change requests. This timeout does not affect the + intervals between requests, so setting a low timeout may result in + fewer requests being attempted and/or some servers not being +diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c +index 98247a1089..924f5b2d26 100644 +--- a/src/lib/krb5/os/sendto_kdc.c ++++ b/src/lib/krb5/os/sendto_kdc.c +@@ -134,7 +134,6 @@ struct conn_state { + krb5_data callback_buffer; + size_t server_index; + struct conn_state *next; +- time_ms endtime; + krb5_boolean defer; + struct { + const char *uri_path; +@@ -344,15 +343,19 @@ cm_select_or_poll(const struct select_state *in, time_ms endtime, + struct select_state *out, int *sret) + { + #ifndef USE_POLL +- struct timeval tv; ++ struct timeval tv, *tvp; + #endif + krb5_error_code retval; + time_ms curtime, interval; + +- retval = get_curtime_ms(&curtime); +- if (retval != 0) +- return retval; +- interval = (curtime < endtime) ? endtime - curtime : 0; ++ if (endtime != 0) { ++ retval = get_curtime_ms(&curtime); ++ if (retval != 0) ++ return retval; ++ interval = (curtime < endtime) ? endtime - curtime : 0; ++ } else { ++ interval = -1; ++ } + + /* We don't need a separate copy of the selstate for poll, but use one for + * consistency with how we use select. */ +@@ -361,9 +364,14 @@ cm_select_or_poll(const struct select_state *in, time_ms endtime, + #ifdef USE_POLL + *sret = poll(out->fds, out->nfds, interval); + #else +- tv.tv_sec = interval / 1000; +- tv.tv_usec = interval % 1000 * 1000; +- *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, &tv); ++ if (interval != -1) { ++ tv.tv_sec = interval / 1000; ++ tv.tv_usec = interval % 1000 * 1000; ++ tvp = &tv; ++ } else { ++ tvp = NULL; ++ } ++ *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, tvp); + #endif + + return (*sret < 0) ? SOCKET_ERRNO : 0; +@@ -1099,11 +1107,6 @@ service_tcp_connect(krb5_context context, const krb5_data *realm, + } + + conn->state = WRITING; +- +- /* Record this connection's timeout for service_fds. */ +- if (get_curtime_ms(&conn->endtime) == 0) +- conn->endtime += 10000; +- + return conn->service_write(context, realm, conn, selstate); + } + +@@ -1378,19 +1381,18 @@ kill_conn: + return FALSE; + } + +-/* Return the maximum of endtime and the endtime fields of all currently active +- * TCP connections. */ +-static time_ms +-get_endtime(time_ms endtime, struct conn_state *conns) ++/* Return true if conns contains any states with connected TCP sockets. */ ++static krb5_boolean ++any_tcp_connections(struct conn_state *conns) + { + struct conn_state *state; + + for (state = conns; state != NULL; state = state->next) { +- if ((state->state == READING || state->state == WRITING) && +- state->endtime > endtime) +- endtime = state->endtime; ++ if (state->addr.transport != UDP && ++ (state->state == READING || state->state == WRITING)) ++ return TRUE; + } +- return endtime; ++ return FALSE; + } + + static krb5_boolean +@@ -1413,9 +1415,9 @@ service_fds(krb5_context context, struct select_state *selstate, + + e = 0; + while (selstate->nfds > 0) { +- endtime = get_endtime(interval_end, conns); ++ endtime = any_tcp_connections(conns) ? 0 : interval_end; + /* Don't wait longer than the whole request should last. */ +- if (timeout && endtime > timeout) ++ if (timeout && (!endtime || endtime > timeout)) + endtime = timeout; + e = cm_select_or_poll(selstate, endtime, seltemp, &selret); + if (e == EINTR) +-- +2.44.0 + diff --git a/SOURCES/0020-Avoid-strict-prototype-compiler-errors.patch b/SOURCES/0020-Avoid-strict-prototype-compiler-errors.patch new file mode 100644 index 0000000..bff85c9 --- /dev/null +++ b/SOURCES/0020-Avoid-strict-prototype-compiler-errors.patch @@ -0,0 +1,381 @@ +From 0cb2e6c09fee3863c16664bf180e773f662cd313 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Steffen=20Kie=C3=9F?= + +Date: Tue, 13 Feb 2024 18:39:27 +0100 +Subject: [PATCH] Avoid strict-prototype compiler errors + +Commit 4b9d7f7c107f01a61600fddcd8cde3812d0366a2 added the +-Werror=strict-prototypes parameter to the build process, but left +behind 28 function definitions using "()" instead of "(void)". Most +of these definitions could not cause compiler errors for various +reasons (such as an accompanying prototype), but a few could cause +errors in gcc depending on the build configuration. + +For consistency and safety, add "(void)" to all 28 definitions. + +[ghudson@mit.edu: rewrote commit message] + +(cherry picked from commit 3ae9244cd021a75eba909d872a92c25db490714d) +--- + src/clients/kcpytkt/kcpytkt.c | 2 +- + src/clients/kdeltkt/kdeltkt.c | 2 +- + src/clients/kinit/kinit.c | 4 ++-- + src/clients/kinit/kinit_kdb.c | 2 +- + src/clients/klist/klist.c | 4 ++-- + src/kadmin/cli/kadmin.c | 2 +- + src/kadmin/dbutil/kdb5_util.c | 4 ++-- + src/kdc/main.c | 2 +- + src/kprop/kpropd.c | 4 ++-- + src/lib/crypto/builtin/enc_provider/aes.c | 2 +- + src/lib/crypto/openssl/hmac.c | 2 +- + src/lib/krb5/ccache/t_memory.c | 4 ++-- + src/lib/krb5/ccache/t_stdio.c | 4 ++-- + src/plugins/kdb/db2/libdb2/btree/bt_debug.c | 2 +- + src/plugins/kdb/db2/libdb2/btree/bt_open.c | 4 ++-- + src/plugins/kdb/db2/libdb2/hash/dbm.c | 2 +- + src/plugins/kdb/db2/libdb2/test/btree.tests/main.c | 2 +- + src/plugins/kdb/db2/libdb2/test/dbtest.c | 2 +- + src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 2 +- + src/plugins/tls/k5tls/openssl.c | 2 +- + src/tests/asn.1/make-vectors.c | 2 +- + 21 files changed, 28 insertions(+), 28 deletions(-) + +diff --git a/src/clients/kcpytkt/kcpytkt.c b/src/clients/kcpytkt/kcpytkt.c +index 0b8802261e..f1d50e5de0 100644 +--- a/src/clients/kcpytkt/kcpytkt.c ++++ b/src/clients/kcpytkt/kcpytkt.c +@@ -10,7 +10,7 @@ static char *prog; + static int quiet = 0; + + static void +-xusage() ++xusage(void) + { + fprintf(stderr, "xusage: %s [-c from_ccache] [-e etype] [-f flags] " + "dest_ccache service1 service2 ...\n", prog); +diff --git a/src/clients/kdeltkt/kdeltkt.c b/src/clients/kdeltkt/kdeltkt.c +index cd0bf637db..66a32a8bd3 100644 +--- a/src/clients/kdeltkt/kdeltkt.c ++++ b/src/clients/kdeltkt/kdeltkt.c +@@ -10,7 +10,7 @@ static char *prog; + static int quiet = 0; + + static void +-xusage() ++xusage(void) + { + fprintf(stderr, "xusage: %s [-c ccache] [-e etype] [-f flags] service1 " + "service2 ...\n", prog); +diff --git a/src/clients/kinit/kinit.c b/src/clients/kinit/kinit.c +index 7a33ffae59..b27b723f2d 100644 +--- a/src/clients/kinit/kinit.c ++++ b/src/clients/kinit/kinit.c +@@ -55,7 +55,7 @@ get_name_from_os(void) + #else /* HAVE_PWD_H */ + #ifdef _WIN32 + static char * +-get_name_from_os() ++get_name_from_os(void) + { + static char name[1024]; + DWORD name_size = sizeof(name); +@@ -69,7 +69,7 @@ get_name_from_os() + } + #else /* _WIN32 */ + static char * +-get_name_from_os() ++get_name_from_os(void) + { + return NULL; + } +diff --git a/src/clients/kinit/kinit_kdb.c b/src/clients/kinit/kinit_kdb.c +index fbd174bf0c..4e7cd50169 100644 +--- a/src/clients/kinit/kinit_kdb.c ++++ b/src/clients/kinit/kinit_kdb.c +@@ -69,7 +69,7 @@ kinit_kdb_init(krb5_context *pcontext, char *realm) + } + + void +-kinit_kdb_fini() ++kinit_kdb_fini(void) + { + kadm5_destroy(server_handle); + } +diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c +index c797b1698f..27cf0ee11b 100644 +--- a/src/clients/klist/klist.c ++++ b/src/clients/klist/klist.c +@@ -359,7 +359,7 @@ do_keytab(const char *name) + } + + static void +-list_all_ccaches() ++list_all_ccaches(void) + { + krb5_error_code ret; + krb5_ccache cache; +@@ -451,7 +451,7 @@ show_all_ccaches(void) + } + + static void +-do_ccache() ++do_ccache(void) + { + krb5_error_code ret; + krb5_ccache cache; +diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c +index 23b64b0f58..c1256f7708 100644 +--- a/src/kadmin/cli/kadmin.c ++++ b/src/kadmin/cli/kadmin.c +@@ -607,7 +607,7 @@ kadmin_startup(int argc, char *argv[], char **request_out, char ***args_out) + } + + int +-quit() ++quit(void) + { + kadm5_ret_t retval; + +diff --git a/src/kadmin/dbutil/kdb5_util.c b/src/kadmin/dbutil/kdb5_util.c +index 55d529fa4c..b9b61e3f91 100644 +--- a/src/kadmin/dbutil/kdb5_util.c ++++ b/src/kadmin/dbutil/kdb5_util.c +@@ -367,7 +367,7 @@ main(int argc, char *argv[]) + * program is run). + */ + static int +-open_db_and_mkey() ++open_db_and_mkey(void) + { + krb5_error_code retval; + krb5_data scratch, pwd, seed; +@@ -489,7 +489,7 @@ open_db_and_mkey() + #endif + + int +-quit() ++quit(void) + { + krb5_error_code retval; + static krb5_boolean finished = 0; +diff --git a/src/kdc/main.c b/src/kdc/main.c +index b43fe9a082..2dfad5673f 100644 +--- a/src/kdc/main.c ++++ b/src/kdc/main.c +@@ -854,7 +854,7 @@ write_pid_file(const char *path) + } + + static void +-finish_realms() ++finish_realms(void) + { + int i; + +diff --git a/src/kprop/kpropd.c b/src/kprop/kpropd.c +index f883ae2df8..fbb8e37ae9 100644 +--- a/src/kprop/kpropd.c ++++ b/src/kprop/kpropd.c +@@ -376,7 +376,7 @@ get_wildcard_addr(struct addrinfo **res) + } + + static void +-do_standalone() ++do_standalone(void) + { + struct sockaddr_in frominet; + struct addrinfo *res; +@@ -639,7 +639,7 @@ full_resync(CLIENT *clnt) + * Returns non-zero on failure due to errors. + */ + krb5_error_code +-do_iprop() ++do_iprop(void) + { + kadm5_ret_t retval; + krb5_principal iprop_svc_principal = NULL; +diff --git a/src/lib/crypto/builtin/enc_provider/aes.c b/src/lib/crypto/builtin/enc_provider/aes.c +index 7fa9449797..39e2a84005 100644 +--- a/src/lib/crypto/builtin/enc_provider/aes.c ++++ b/src/lib/crypto/builtin/enc_provider/aes.c +@@ -69,7 +69,7 @@ void k5_iEnc256_CBC(struct aes_data *data); + void k5_iDec256_CBC(struct aes_data *data); + + static krb5_boolean +-aesni_supported_by_cpu() ++aesni_supported_by_cpu(void) + { + unsigned int a, b, c, d; + +diff --git a/src/lib/crypto/openssl/hmac.c b/src/lib/crypto/openssl/hmac.c +index 25a419d73a..32dec3022e 100644 +--- a/src/lib/crypto/openssl/hmac.c ++++ b/src/lib/crypto/openssl/hmac.c +@@ -71,7 +71,7 @@ + + #define HMAC_CTX_new compat_hmac_ctx_new + static HMAC_CTX * +-compat_hmac_ctx_new() ++compat_hmac_ctx_new(void) + { + HMAC_CTX *ctx; + +diff --git a/src/lib/krb5/ccache/t_memory.c b/src/lib/krb5/ccache/t_memory.c +index 6d103a00d1..0f94e823cb 100644 +--- a/src/lib/krb5/ccache/t_memory.c ++++ b/src/lib/krb5/ccache/t_memory.c +@@ -85,7 +85,7 @@ krb5_creds test_creds = { + }; + + void +-init_test_cred() ++init_test_cred(void) + { + test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.client[0] = &client1; +@@ -104,7 +104,7 @@ init_test_cred() + }; + + void +-mcc_test() ++mcc_test(void) + { + krb5_ccache id; + krb5_creds creds; +diff --git a/src/lib/krb5/ccache/t_stdio.c b/src/lib/krb5/ccache/t_stdio.c +index 15185e301c..06a9c2dea1 100644 +--- a/src/lib/krb5/ccache/t_stdio.c ++++ b/src/lib/krb5/ccache/t_stdio.c +@@ -98,7 +98,7 @@ krb5_creds test_creds = { + }; + + void +-init_test_cred() ++init_test_cred(void) + { + test_creds.client = (krb5_principal) malloc(sizeof(krb5_data *)*3); + test_creds.client[0] = &client1; +@@ -118,7 +118,7 @@ init_test_cred() + + int flags = 0; + void +-scc_test() ++scc_test(void) + { + krb5_ccache id; + krb5_creds creds; +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_debug.c b/src/plugins/kdb/db2/libdb2/btree/bt_debug.c +index bc71076a35..5a955e09be 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_debug.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_debug.c +@@ -56,7 +56,7 @@ static FILE *tracefp; + * initialize debugging. + */ + static void +-__bt_dinit() ++__bt_dinit(void) + { + static int first = 1; + +diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +index a2910422eb..ef7515c3d4 100644 +--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c ++++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c +@@ -391,7 +391,7 @@ nroot(BTREE *t) + } + + static int +-tmp() ++tmp(void) + { + #ifdef SIG_BLOCK + sigset_t set, oset; +@@ -438,7 +438,7 @@ tmp() + } + + static int +-byteorder() ++byteorder(void) + { + u_int32_t x; + u_char *p; +diff --git a/src/plugins/kdb/db2/libdb2/hash/dbm.c b/src/plugins/kdb/db2/libdb2/hash/dbm.c +index 2dca256dc3..e643634433 100644 +--- a/src/plugins/kdb/db2/libdb2/hash/dbm.c ++++ b/src/plugins/kdb/db2/libdb2/hash/dbm.c +@@ -143,7 +143,7 @@ kdb2_store(datum key, datum dat) + } + + static void +-no_open_db() ++no_open_db(void) + { + (void)fprintf(stderr, "dbm: no open database.\n"); + } +diff --git a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c +index 088f903231..eec843d4db 100644 +--- a/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c ++++ b/src/plugins/kdb/db2/libdb2/test/btree.tests/main.c +@@ -908,7 +908,7 @@ keydata(key, data) + } + + void +-usage() ++usage(void) + { + (void)fprintf(stderr, + "usage: %s [-bdluw] [-c cache] [-i file] [-p page] [file]\n", +diff --git a/src/plugins/kdb/db2/libdb2/test/dbtest.c b/src/plugins/kdb/db2/libdb2/test/dbtest.c +index 04bf34b90d..a2866b4412 100644 +--- a/src/plugins/kdb/db2/libdb2/test/dbtest.c ++++ b/src/plugins/kdb/db2/libdb2/test/dbtest.c +@@ -792,7 +792,7 @@ xmalloc(char *text, size_t len) + } + + void +-usage() ++usage(void) + { + (void)fprintf(stderr, + "usage: dbtest [-l] [-f file] [-i info] [-o file] type script\n"); +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index 6d96499d77..af3fa9ee8b 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -3090,7 +3090,7 @@ cleanup: + } + + int +-pkinit_openssl_init() ++pkinit_openssl_init(void) + { + /* Initialize OpenSSL. */ + ERR_load_crypto_strings(); +diff --git a/src/plugins/tls/k5tls/openssl.c b/src/plugins/tls/k5tls/openssl.c +index 99fda7ffcd..aab67c01cb 100644 +--- a/src/plugins/tls/k5tls/openssl.c ++++ b/src/plugins/tls/k5tls/openssl.c +@@ -49,7 +49,7 @@ static int ex_handle_id = -1; + MAKE_INIT_FUNCTION(init_openssl); + + int +-init_openssl() ++init_openssl(void) + { + SSL_library_init(); + SSL_load_error_strings(); +diff --git a/src/tests/asn.1/make-vectors.c b/src/tests/asn.1/make-vectors.c +index 2fc85466bb..6f2b7dd021 100644 +--- a/src/tests/asn.1/make-vectors.c ++++ b/src/tests/asn.1/make-vectors.c +@@ -224,7 +224,7 @@ printbuf(void) + } + + int +-main() ++main(void) + { + /* Initialize values which can't use static initializers. */ + asn_long2INTEGER(&otp_format, 2); /* Alphanumeric */ +-- +2.44.0 + diff --git a/SOURCES/0021-Fix-leak-in-KDC-NDR-encoding.patch b/SOURCES/0021-Fix-leak-in-KDC-NDR-encoding.patch new file mode 100644 index 0000000..87867b8 --- /dev/null +++ b/SOURCES/0021-Fix-leak-in-KDC-NDR-encoding.patch @@ -0,0 +1,42 @@ +From f54763bc90df9c76c69ee9a837cf856bcf93e633 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 5 Mar 2024 17:38:49 -0500 +Subject: [PATCH] Fix leak in KDC NDR encoding + +If the KDC tries to encode a principal containing encode invalid UTF-8 +sequences for inclusion in a PAC delegation info buffer, it will leak +a small amount of memory in enc_wchar_pointer() before failing. Fix +the leak. + +ticket: 9115 (new) +tags: pullup +target_version: 1.21-next + +(cherry picked from commit 7d0d85bf99caf60c0afd4dcf91b0c4c683b983fe) +--- + src/kdc/ndr.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c +index 48395abe52..d438408ee2 100644 +--- a/src/kdc/ndr.c ++++ b/src/kdc/ndr.c +@@ -96,14 +96,13 @@ enc_wchar_pointer(const char *utf8, struct encoded_wchars *encoded_out) + size_t utf16len, num_wchars; + uint8_t *utf16; + +- k5_buf_init_dynamic(&b); +- + ret = k5_utf8_to_utf16le(utf8, &utf16, &utf16len); + if (ret) + return ret; + + num_wchars = utf16len / 2; + ++ k5_buf_init_dynamic(&b); + k5_buf_add_uint32_le(&b, num_wchars + 1); + k5_buf_add_uint32_le(&b, 0); + k5_buf_add_uint32_le(&b, num_wchars); +-- +2.44.0 + diff --git a/SOURCES/0022-Fix-two-unlikely-memory-leaks.patch b/SOURCES/0022-Fix-two-unlikely-memory-leaks.patch new file mode 100644 index 0000000..601662f --- /dev/null +++ b/SOURCES/0022-Fix-two-unlikely-memory-leaks.patch @@ -0,0 +1,206 @@ +From d230c72573430803c569817a71b79be8656fa6c5 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Tue, 5 Mar 2024 19:53:07 -0500 +Subject: [PATCH] Fix two unlikely memory leaks + +In gss_krb5int_make_seal_token_v3(), one of the bounds checks (which +could probably never be triggered) leaks plain.data. Fix this leak +and use current practices for cleanup throughout the function. + +In xmt_rmtcallres() (unused within the tree and likely elsewhere), +store port_ptr into crp->port_ptr as soon as it is allocated; +otherwise it could leak if the subsequent xdr_u_int32() operation +fails. + +(cherry picked from commit c5f9c816107f70139de11b38aa02db2f1774ee0d) +--- + src/lib/gssapi/krb5/k5sealv3.c | 56 +++++++++++++++------------------- + src/lib/rpc/pmap_rmt.c | 10 +++--- + 2 files changed, 29 insertions(+), 37 deletions(-) + +diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c +index 3b4f8cb837..e881eee835 100644 +--- a/src/lib/gssapi/krb5/k5sealv3.c ++++ b/src/lib/gssapi/krb5/k5sealv3.c +@@ -65,7 +65,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + int conf_req_flag, int toktype) + { + size_t bufsize = 16; +- unsigned char *outbuf = 0; ++ unsigned char *outbuf = NULL; + krb5_error_code err; + int key_usage; + unsigned char acceptor_flag; +@@ -75,9 +75,13 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + #endif + size_t ec; + unsigned short tok_id; +- krb5_checksum sum; ++ krb5_checksum sum = { 0 }; + krb5_key key; + krb5_cksumtype cksumtype; ++ krb5_data plain = empty_data(); ++ ++ token->value = NULL; ++ token->length = 0; + + acceptor_flag = ctx->initiate ? 0 : FLAG_SENDER_IS_ACCEPTOR; + key_usage = (toktype == KG_TOK_WRAP_MSG +@@ -107,14 +111,15 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + #endif + + if (toktype == KG_TOK_WRAP_MSG && conf_req_flag) { +- krb5_data plain; + krb5_enc_data cipher; + size_t ec_max; + size_t encrypt_size; + + /* 300: Adds some slop. */ +- if (SIZE_MAX - 300 < message->length) +- return ENOMEM; ++ if (SIZE_MAX - 300 < message->length) { ++ err = ENOMEM; ++ goto cleanup; ++ } + ec_max = SIZE_MAX - message->length - 300; + if (ec_max > 0xffff) + ec_max = 0xffff; +@@ -126,20 +131,20 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + #endif + err = alloc_data(&plain, message->length + 16 + ec); + if (err) +- return err; ++ goto cleanup; + + /* Get size of ciphertext. */ + encrypt_size = krb5_encrypt_size(plain.length, key->keyblock.enctype); + if (encrypt_size > SIZE_MAX / 2) { + err = ENOMEM; +- goto error; ++ goto cleanup; + } + bufsize = 16 + encrypt_size; + /* Allocate space for header plus encrypted data. */ + outbuf = gssalloc_malloc(bufsize); + if (outbuf == NULL) { +- free(plain.data); +- return ENOMEM; ++ err = ENOMEM; ++ goto cleanup; + } + + /* TOK_ID */ +@@ -164,11 +169,8 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + cipher.ciphertext.length = bufsize - 16; + cipher.enctype = key->keyblock.enctype; + err = krb5_k_encrypt(context, key, key_usage, 0, &plain, &cipher); +- zap(plain.data, plain.length); +- free(plain.data); +- plain.data = 0; + if (err) +- goto error; ++ goto cleanup; + + /* Now that we know we're returning a valid token.... */ + ctx->seq_send++; +@@ -181,7 +183,6 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + /* If the rotate fails, don't worry about it. */ + #endif + } else if (toktype == KG_TOK_WRAP_MSG && !conf_req_flag) { +- krb5_data plain; + size_t cksumsize; + + /* Here, message is the application-supplied data; message2 is +@@ -193,21 +194,19 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + wrap_with_checksum: + err = alloc_data(&plain, message->length + 16); + if (err) +- return err; ++ goto cleanup; + + err = krb5_c_checksum_length(context, cksumtype, &cksumsize); + if (err) +- goto error; ++ goto cleanup; + + assert(cksumsize <= 0xffff); + + bufsize = 16 + message2->length + cksumsize; + outbuf = gssalloc_malloc(bufsize); + if (outbuf == NULL) { +- free(plain.data); +- plain.data = 0; + err = ENOMEM; +- goto error; ++ goto cleanup; + } + + /* TOK_ID */ +@@ -239,23 +238,15 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + if (message2->length) + memcpy(outbuf + 16, message2->value, message2->length); + +- sum.contents = outbuf + 16 + message2->length; +- sum.length = cksumsize; +- + err = krb5_k_make_checksum(context, cksumtype, key, + key_usage, &plain, &sum); +- zap(plain.data, plain.length); +- free(plain.data); +- plain.data = 0; + if (err) { + zap(outbuf,bufsize); +- goto error; ++ goto cleanup; + } + if (sum.length != cksumsize) + abort(); + memcpy(outbuf + 16 + message2->length, sum.contents, cksumsize); +- krb5_free_checksum_contents(context, &sum); +- sum.contents = 0; + /* Now that we know we're actually generating the token... */ + ctx->seq_send++; + +@@ -285,12 +276,13 @@ gss_krb5int_make_seal_token_v3 (krb5_context context, + + token->value = outbuf; + token->length = bufsize; +- return 0; ++ outbuf = NULL; ++ err = 0; + +-error: ++cleanup: ++ krb5_free_checksum_contents(context, &sum); ++ zapfree(plain.data, plain.length); + gssalloc_free(outbuf); +- token->value = NULL; +- token->length = 0; + return err; + } + +diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c +index 434e4eea65..f55ca46c60 100644 +--- a/src/lib/rpc/pmap_rmt.c ++++ b/src/lib/rpc/pmap_rmt.c +@@ -161,12 +161,12 @@ xdr_rmtcallres( + caddr_t port_ptr; + + port_ptr = (caddr_t)(void *)crp->port_ptr; +- if (xdr_reference(xdrs, &port_ptr, sizeof (uint32_t), +- (xdrproc_t)xdr_u_int32) && +- xdr_u_int32(xdrs, &crp->resultslen)) { +- crp->port_ptr = (uint32_t *)(void *)port_ptr; ++ if (!xdr_reference(xdrs, &port_ptr, sizeof (uint32_t), ++ (xdrproc_t)xdr_u_int32)) ++ return (FALSE); ++ crp->port_ptr = (uint32_t *)(void *)port_ptr; ++ if (xdr_u_int32(xdrs, &crp->resultslen)) + return ((*(crp->xdr_results))(xdrs, crp->results_ptr)); +- } + return (FALSE); + } + +-- +2.44.0 + diff --git a/SOURCES/0016-Fix-vulnerabilities-in-GSS-message-token-handling.patch b/SOURCES/0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch similarity index 98% rename from SOURCES/0016-Fix-vulnerabilities-in-GSS-message-token-handling.patch rename to SOURCES/0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch index 4377fd4..039826e 100644 --- a/SOURCES/0016-Fix-vulnerabilities-in-GSS-message-token-handling.patch +++ b/SOURCES/0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch @@ -1,4 +1,4 @@ -From 7d9b143d1749cee1dc81c6b0f5a5493534bc6630 Mon Sep 17 00:00:00 2001 +From 28009fda028c489ae38902b2c513c4208889f043 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 14 Jun 2024 10:56:12 -0400 Subject: [PATCH] Fix vulnerabilities in GSS message token handling @@ -40,10 +40,10 @@ target_version: 1.21-next 4 files changed, 275 insertions(+), 46 deletions(-) diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c -index 3b4f8cb837..1fcbdfbb87 100644 +index e881eee835..d3210c1107 100644 --- a/src/lib/gssapi/krb5/k5sealv3.c +++ b/src/lib/gssapi/krb5/k5sealv3.c -@@ -408,10 +408,15 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, +@@ -400,10 +400,15 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr, /* Don't use bodysize here! Use the fact that cipher.ciphertext.length has been adjusted to the correct length. */ @@ -200,7 +200,7 @@ index 3ce2a90ce9..6a6585d9af 100644 switch (toktype2) { case KG2_TOK_MIC_MSG: diff --git a/src/tests/gssapi/t_invalid.c b/src/tests/gssapi/t_invalid.c -index fb8fe55111..8192935099 100644 +index e08c0039f8..a052b8ab6e 100644 --- a/src/tests/gssapi/t_invalid.c +++ b/src/tests/gssapi/t_invalid.c @@ -36,31 +36,41 @@ @@ -274,7 +274,7 @@ index fb8fe55111..8192935099 100644 +/* Fake up enough of a CFX GSS context for gss_unwrap, using an AES key. + * The context takes ownership of subkey. */ static gss_ctx_id_t --make_fake_cfx_context() +-make_fake_cfx_context(void) +make_fake_cfx_context(krb5_key subkey) { gss_union_ctx_id_t uctx; @@ -288,7 +288,7 @@ index fb8fe55111..8192935099 100644 kgctx->established = 1; kgctx->proto = 1; if (g_seqstate_init(&kgctx->seqstate, 0, 0, 0, 0) != 0) -@@ -116,15 +134,10 @@ make_fake_cfx_context() +@@ -116,15 +134,10 @@ make_fake_cfx_context(void) kgctx->sealalg = -1; kgctx->signalg = -1; @@ -505,7 +505,7 @@ index fb8fe55111..8192935099 100644 memcpy(in.value, value, len); in.length = len; (void)gss_accept_sec_context(&minor, &ctx, GSS_C_NO_CREDENTIAL, &in, -@@ -424,11 +569,23 @@ test_short_encapsulation() +@@ -424,11 +569,23 @@ test_short_encapsulation(void) int main(int argc, char **argv) { diff --git a/SOURCES/0024-Remove-PKINIT-RSA-support.patch b/SOURCES/0024-Remove-PKINIT-RSA-support.patch new file mode 100644 index 0000000..8f19c05 --- /dev/null +++ b/SOURCES/0024-Remove-PKINIT-RSA-support.patch @@ -0,0 +1,1295 @@ +From c52dea4944820750bf5881891bd92d6f5c7a73c4 Mon Sep 17 00:00:00 2001 +From: Greg Hudson +Date: Sun, 26 Nov 2023 17:42:34 -0500 +Subject: [PATCH] Remove PKINIT RSA support + +RSA mode is no longer needed for interoperability. Reduce the attack +surface of clients and KDCs by removing support for it. + +ticket: 9108 (new) +(cherry picked from commit 401f584526e501b68e7516c17d8e467883f8f210) +--- + doc/user/user_commands/kinit.rst | 4 - + src/plugins/preauth/pkinit/pkinit.h | 2 - + src/plugins/preauth/pkinit/pkinit_clnt.c | 235 +++----- + src/plugins/preauth/pkinit/pkinit_crypto.h | 39 -- + .../preauth/pkinit/pkinit_crypto_openssl.c | 502 ------------------ + src/plugins/preauth/pkinit/pkinit_lib.c | 2 - + src/plugins/preauth/pkinit/pkinit_srv.c | 208 +++----- + src/plugins/preauth/pkinit/pkinit_trace.h | 9 - + src/tests/t_pkinit.py | 7 - + src/windows/leash/htmlhelp/html/KINIT.htm | 3 - + 10 files changed, 131 insertions(+), 880 deletions(-) + +diff --git a/doc/user/user_commands/kinit.rst b/doc/user/user_commands/kinit.rst +index 5b105e35a5..d947e83cc6 100644 +--- a/doc/user/user_commands/kinit.rst ++++ b/doc/user/user_commands/kinit.rst +@@ -193,10 +193,6 @@ OPTIONS + **X509_anchors**\ =\ *value* + specify where to find trusted X509 anchor information + +- **flag_RSA_PROTOCOL**\ [**=yes**] +- specify use of RSA, rather than the default Diffie-Hellman +- protocol +- + **disable_freshness**\ [**=yes**] + disable sending freshness tokens (for testing purposes only) + +diff --git a/src/plugins/preauth/pkinit/pkinit.h b/src/plugins/preauth/pkinit/pkinit.h +index 66f92d8f03..5ab0f4bc28 100644 +--- a/src/plugins/preauth/pkinit/pkinit.h ++++ b/src/plugins/preauth/pkinit/pkinit.h +@@ -146,7 +146,6 @@ typedef struct _pkinit_plg_opts { + int require_eku; /* require EKU checking (default is true) */ + int accept_secondary_eku;/* accept secondary EKU (default is false) */ + int allow_upn; /* allow UPN-SAN instead of pkinit-SAN */ +- int dh_or_rsa; /* selects DH or RSA based pkinit */ + int require_crl_checking; /* require CRL for a CA (default is false) */ + int require_freshness; /* require freshness token (default is false) */ + int disable_freshness; /* disable freshness token on client for testing */ +@@ -160,7 +159,6 @@ typedef struct _pkinit_req_opts { + int require_eku; + int accept_secondary_eku; + int allow_upn; +- int dh_or_rsa; + int require_crl_checking; + int dh_size; /* initial request DH modulus size (default=1024) */ + int require_hostname_match; +diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c +index ea9ba454df..54e7537600 100644 +--- a/src/plugins/preauth/pkinit/pkinit_clnt.c ++++ b/src/plugins/preauth/pkinit/pkinit_clnt.c +@@ -191,7 +191,6 @@ pkinit_as_req_create(krb5_context context, + krb5_auth_pack auth_pack; + krb5_pa_pk_as_req *req = NULL; + krb5_algorithm_identifier **cmstypes = NULL; +- int protocol = reqctx->opts->dh_or_rsa; + + pkiDebug("pkinit_as_req_create pa_type = %d\n", reqctx->pa_type); + +@@ -214,29 +213,14 @@ pkinit_as_req_create(krb5_context context, + if (retval) + goto cleanup; + +- switch(protocol) { +- case DH_PROTOCOL: +- TRACE_PKINIT_CLIENT_REQ_DH(context); +- pkiDebug("as_req: DH key transport algorithm\n"); ++ TRACE_PKINIT_CLIENT_REQ_DH(context); + +- /* create client-side DH keys */ +- retval = client_create_dh(context, plgctx->cryptoctx, +- reqctx->cryptoctx, reqctx->idctx, +- reqctx->opts->dh_size, &spki); +- auth_pack.clientPublicValue = spki; +- if (retval != 0) { +- pkiDebug("failed to create dh parameters\n"); +- goto cleanup; +- } +- break; +- case RSA_PROTOCOL: +- TRACE_PKINIT_CLIENT_REQ_RSA(context); +- pkiDebug("as_req: RSA key transport algorithm\n"); +- break; +- default: +- pkiDebug("as_req: unknown key transport protocol %d\n", +- protocol); +- retval = -1; ++ /* create client-side DH keys */ ++ retval = client_create_dh(context, plgctx->cryptoctx, reqctx->cryptoctx, ++ reqctx->idctx, reqctx->opts->dh_size, &spki); ++ auth_pack.clientPublicValue = spki; ++ if (retval != 0) { ++ pkiDebug("failed to create dh parameters\n"); + goto cleanup; + } + +@@ -553,49 +537,34 @@ pkinit_as_rep_parse(krb5_context context, + return retval; + } + +- switch(kdc_reply->choice) { +- case choice_pa_pk_as_rep_dhInfo: +- pkiDebug("as_rep: DH key transport algorithm\n"); ++ if (kdc_reply->choice != choice_pa_pk_as_rep_dhInfo) { ++ pkiDebug("unknown as_rep type %d\n", kdc_reply->choice); ++ retval = KRB5KDC_ERR_PREAUTH_FAILED; ++ goto cleanup; ++ } ++ + #ifdef DEBUG_ASN1 +- print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data, +- kdc_reply->u.dh_Info.dhSignedData.length, "/tmp/client_kdc_signeddata"); ++ print_buffer_bin(kdc_reply->u.dh_Info.dhSignedData.data, ++ kdc_reply->u.dh_Info.dhSignedData.length, ++ "/tmp/client_kdc_signeddata"); + #endif +- if ((retval = cms_signeddata_verify(context, plgctx->cryptoctx, +- reqctx->cryptoctx, reqctx->idctx, CMS_SIGN_SERVER, +- reqctx->opts->require_crl_checking, +- (unsigned char *) +- kdc_reply->u.dh_Info.dhSignedData.data, +- kdc_reply->u.dh_Info.dhSignedData.length, +- (unsigned char **)&dh_data.data, +- &dh_data.length, +- NULL, NULL, NULL)) != 0) { +- pkiDebug("failed to verify pkcs7 signed data\n"); +- TRACE_PKINIT_CLIENT_REP_DH_FAIL(context); +- goto cleanup; +- } +- TRACE_PKINIT_CLIENT_REP_DH(context); +- break; +- case choice_pa_pk_as_rep_encKeyPack: +- pkiDebug("as_rep: RSA key transport algorithm\n"); +- if ((retval = cms_envelopeddata_verify(context, plgctx->cryptoctx, +- reqctx->cryptoctx, reqctx->idctx, pa_type, +- reqctx->opts->require_crl_checking, +- (unsigned char *) +- kdc_reply->u.encKeyPack.data, +- kdc_reply->u.encKeyPack.length, +- (unsigned char **)&dh_data.data, +- &dh_data.length)) != 0) { +- pkiDebug("failed to verify pkcs7 enveloped data\n"); +- TRACE_PKINIT_CLIENT_REP_RSA_FAIL(context); +- goto cleanup; +- } +- TRACE_PKINIT_CLIENT_REP_RSA(context); +- break; +- default: +- pkiDebug("unknown as_rep type %d\n", kdc_reply->choice); +- retval = -1; ++ retval = cms_signeddata_verify(context, plgctx->cryptoctx, ++ reqctx->cryptoctx, reqctx->idctx, ++ CMS_SIGN_SERVER, ++ reqctx->opts->require_crl_checking, ++ (unsigned char *) ++ kdc_reply->u.dh_Info.dhSignedData.data, ++ kdc_reply->u.dh_Info.dhSignedData.length, ++ (unsigned char **)&dh_data.data, ++ &dh_data.length, ++ NULL, NULL, NULL); ++ if (retval) { ++ pkiDebug("failed to verify pkcs7 signed data\n"); ++ TRACE_PKINIT_CLIENT_REP_DH_FAIL(context); + goto cleanup; + } ++ TRACE_PKINIT_CLIENT_REP_DH(context); ++ + retval = krb5_build_principal_ext(context, &kdc_princ, + request->server->realm.length, + request->server->realm.data, +@@ -632,116 +601,54 @@ pkinit_as_rep_parse(krb5_context context, + + OCTETDATA_TO_KRB5DATA(&dh_data, &k5data); + +- switch(kdc_reply->choice) { +- case choice_pa_pk_as_rep_dhInfo: + #ifdef DEBUG_ASN1 +- print_buffer_bin(dh_data.data, dh_data.length, +- "/tmp/client_dh_key"); ++ print_buffer_bin(dh_data.data, dh_data.length, "/tmp/client_dh_key"); + #endif +- if ((retval = k5int_decode_krb5_kdc_dh_key_info(&k5data, +- &kdc_dh)) != 0) { +- pkiDebug("failed to decode kdc_dh_key_info\n"); +- goto cleanup; +- } +- +- /* client after KDC reply */ +- if ((retval = client_process_dh(context, plgctx->cryptoctx, +- reqctx->cryptoctx, reqctx->idctx, +- (unsigned char *) +- kdc_dh->subjectPublicKey.data, +- kdc_dh->subjectPublicKey.length, +- &client_key, &client_key_len)) != 0) { +- pkiDebug("failed to process dh params\n"); +- goto cleanup; +- } +- +- /* If we have a KDF algorithm ID, call the algorithm agility KDF... */ +- if (kdc_reply->u.dh_Info.kdfID) { +- secret.length = client_key_len; +- secret.data = (char *)client_key; +- +- retval = pkinit_alg_agility_kdf(context, &secret, +- kdc_reply->u.dh_Info.kdfID, +- request->client, request->server, +- etype, encoded_request, +- (krb5_data *)as_rep, key_block); +- +- if (retval) { +- pkiDebug("failed to create key pkinit_alg_agility_kdf %s\n", +- error_message(retval)); +- goto cleanup; +- } +- TRACE_PKINIT_CLIENT_KDF_ALG(context, kdc_reply->u.dh_Info.kdfID, +- key_block); ++ retval = k5int_decode_krb5_kdc_dh_key_info(&k5data, &kdc_dh); ++ if (retval) { ++ pkiDebug("failed to decode kdc_dh_key_info\n"); ++ goto cleanup; ++ } + +- /* ...otherwise, use the older octetstring2key function. */ +- } else { ++ /* client after KDC reply */ ++ retval = client_process_dh(context, plgctx->cryptoctx, reqctx->cryptoctx, ++ reqctx->idctx, ++ (unsigned char *)kdc_dh->subjectPublicKey.data, ++ kdc_dh->subjectPublicKey.length, &client_key, ++ &client_key_len); ++ if (retval) { ++ pkiDebug("failed to process dh params\n"); ++ goto cleanup; ++ } + +- retval = pkinit_octetstring2key(context, etype, client_key, +- client_key_len, key_block); +- if (retval) { +- pkiDebug("failed to create key pkinit_octetstring2key %s\n", +- error_message(retval)); +- goto cleanup; +- } +- TRACE_PKINIT_CLIENT_KDF_OS2K(context, key_block); +- } ++ /* If we have a KDF algorithm ID, call the algorithm agility KDF. */ ++ if (kdc_reply->u.dh_Info.kdfID) { ++ secret.length = client_key_len; ++ secret.data = (char *)client_key; + +- break; +- case choice_pa_pk_as_rep_encKeyPack: +-#ifdef DEBUG_ASN1 +- print_buffer_bin(dh_data.data, dh_data.length, +- "/tmp/client_key_pack"); +-#endif +- retval = k5int_decode_krb5_reply_key_pack(&k5data, &key_pack); ++ retval = pkinit_alg_agility_kdf(context, &secret, ++ kdc_reply->u.dh_Info.kdfID, ++ request->client, request->server, ++ etype, encoded_request, ++ (krb5_data *)as_rep, key_block); + if (retval) { +- pkiDebug("failed to decode reply_key_pack\n"); ++ pkiDebug("failed to create key pkinit_alg_agility_kdf %s\n", ++ error_message(retval)); + goto cleanup; + } +- retval = krb5_c_make_checksum(context, +- key_pack->asChecksum.checksum_type, +- &key_pack->replyKey, +- KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, +- encoded_request, &cksum); ++ TRACE_PKINIT_CLIENT_KDF_ALG(context, kdc_reply->u.dh_Info.kdfID, ++ key_block); ++ ++ } else { ++ /* Otherwise, use the older octetstring2key function. */ ++ retval = pkinit_octetstring2key(context, etype, client_key, ++ client_key_len, key_block); + if (retval) { +- pkiDebug("failed to make a checksum\n"); ++ pkiDebug("failed to create key pkinit_octetstring2key %s\n", ++ error_message(retval)); + goto cleanup; + } +- +- if ((cksum.length != key_pack->asChecksum.length) || +- k5_bcmp(cksum.contents, key_pack->asChecksum.contents, +- cksum.length) != 0) { +- TRACE_PKINIT_CLIENT_REP_CHECKSUM_FAIL(context, &cksum, +- &key_pack->asChecksum); +- pkiDebug("failed to match the checksums\n"); +-#ifdef DEBUG_CKSUM +- pkiDebug("calculating checksum on buf size (%d)\n", +- encoded_request->length); +- print_buffer(encoded_request->data, encoded_request->length); +- pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length); +- print_buffer(key_pack->replyKey.contents, +- key_pack->replyKey.length); +- pkiDebug("received checksum type=%d size=%d ", +- key_pack->asChecksum.checksum_type, +- key_pack->asChecksum.length); +- print_buffer(key_pack->asChecksum.contents, +- key_pack->asChecksum.length); +- pkiDebug("expected checksum type=%d size=%d ", +- cksum.checksum_type, cksum.length); +- print_buffer(cksum.contents, cksum.length); +-#endif +- goto cleanup; +- } else +- pkiDebug("checksums match\n"); +- +- krb5_copy_keyblock_contents(context, &key_pack->replyKey, +- key_block); +- TRACE_PKINIT_CLIENT_REP_RSA_KEY(context, key_block, &cksum); +- +- break; +- default: +- pkiDebug("unknown as_rep type %d\n", kdc_reply->choice); +- goto cleanup; ++ TRACE_PKINIT_CLIENT_KDF_OS2K(context, key_block); + } + + retval = 0; +@@ -1286,7 +1193,6 @@ pkinit_client_req_init(krb5_context context, + + reqctx->opts->require_eku = plgctx->opts->require_eku; + reqctx->opts->accept_secondary_eku = plgctx->opts->accept_secondary_eku; +- reqctx->opts->dh_or_rsa = plgctx->opts->dh_or_rsa; + reqctx->opts->allow_upn = plgctx->opts->allow_upn; + reqctx->opts->require_crl_checking = plgctx->opts->require_crl_checking; + reqctx->opts->disable_freshness = plgctx->opts->disable_freshness; +@@ -1457,11 +1363,6 @@ handle_gic_opt(krb5_context context, + retval = add_string_to_array(context, &plgctx->idopts->anchors, value); + if (retval) + return retval; +- } else if (strcmp(attr, "flag_RSA_PROTOCOL") == 0) { +- if (strcmp(value, "yes") == 0) { +- pkiDebug("Setting flag to use RSA_PROTOCOL\n"); +- plgctx->opts->dh_or_rsa = RSA_PROTOCOL; +- } + } else if (strcmp(attr, "disable_freshness") == 0) { + if (strcmp(value, "yes") == 0) + plgctx->opts->disable_freshness = 1; +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto.h b/src/plugins/preauth/pkinit/pkinit_crypto.h +index 8bdbea8e95..04199b45a4 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto.h ++++ b/src/plugins/preauth/pkinit/pkinit_crypto.h +@@ -181,45 +181,6 @@ krb5_error_code cms_signeddata_verify + int *is_signed); /* OUT + receives whether message is signed */ + +-/* +- * this function creates a CMS message where eContentType is EnvelopedData +- */ +-krb5_error_code cms_envelopeddata_create +- (krb5_context context, /* IN */ +- pkinit_plg_crypto_context plg_cryptoctx, /* IN */ +- pkinit_req_crypto_context req_cryptoctx, /* IN */ +- pkinit_identity_crypto_context id_cryptoctx, /* IN */ +- krb5_preauthtype pa_type, /* IN */ +- unsigned char *key_pack, /* IN +- contains DER encoded ReplyKeyPack */ +- unsigned int key_pack_len, /* IN +- contains length of key_pack */ +- unsigned char **envel_data, /* OUT +- receives DER encoded encKeyPack */ +- unsigned int *envel_data_len); /* OUT +- receives length of envel_data */ +- +-/* +- * this function creates a CMS message where eContentType is EnvelopedData +- */ +-krb5_error_code cms_envelopeddata_verify +- (krb5_context context, /* IN */ +- pkinit_plg_crypto_context plg_cryptoctx, /* IN */ +- pkinit_req_crypto_context req_cryptoctx, /* IN */ +- pkinit_identity_crypto_context id_cryptoctx, /* IN */ +- krb5_preauthtype pa_type, /* IN */ +- int require_crl_checking, /* IN +- specifies whether CRL checking should be +- strictly enforced */ +- unsigned char *envel_data, /* IN +- contains DER encoded encKeyPack */ +- unsigned int envel_data_len, /* IN +- contains length of envel_data */ +- unsigned char **signed_data, /* OUT +- receives ReplyKeyPack */ +- unsigned int *signed_data_len); /* OUT +- receives length of signed_data */ +- + /* + * This function retrieves the signer's identity, in a form that could + * be passed back in to a future invocation of this module as a candidate +diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +index af3fa9ee8b..980a89edc1 100644 +--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c ++++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c +@@ -66,26 +66,14 @@ static krb5_error_code create_signature + (unsigned char **, unsigned int *, unsigned char *, unsigned int, + EVP_PKEY *pkey); + +-static krb5_error_code pkinit_decode_data +-(krb5_context context, pkinit_identity_crypto_context cryptoctx, +- const uint8_t *data, unsigned int data_len, uint8_t **decoded, +- unsigned int *decoded_len); +- + #ifdef DEBUG_DH + static void print_dh(DH *, char *); + static void print_pubkey(BIGNUM *, char *); + #endif + +-static int prepare_enc_data +-(const uint8_t *indata, int indata_len, uint8_t **outdata, int *outdata_len); +- + static int openssl_callback (int, X509_STORE_CTX *); + static int openssl_callback_ignore_crls (int, X509_STORE_CTX *); + +-static int pkcs7_decrypt +-(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7, +- unsigned char **data_out, unsigned int *len_out); +- + static ASN1_OBJECT * pkinit_pkcs7type2oid + (pkinit_plg_crypto_context plg_cryptoctx, int pkcs7_type); + +@@ -115,20 +103,12 @@ static krb5_error_code pkinit_sign_data_pkcs11 + (krb5_context context, pkinit_identity_crypto_context id_cryptoctx, + unsigned char *data, unsigned int data_len, + unsigned char **sig, unsigned int *sig_len); +-static krb5_error_code pkinit_decode_data_pkcs11 +-(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, +- const uint8_t *data, unsigned int data_len, uint8_t **decoded_data, +- unsigned int *decoded_data_len); + #endif /* WITHOUT_PKCS11 */ + + static krb5_error_code pkinit_sign_data_fs + (krb5_context context, pkinit_identity_crypto_context id_cryptoctx, + unsigned char *data, unsigned int data_len, + unsigned char **sig, unsigned int *sig_len); +-static krb5_error_code pkinit_decode_data_fs +-(krb5_context context, pkinit_identity_crypto_context id_cryptoctx, +- const uint8_t *data, unsigned int data_len, uint8_t **decoded_data, +- unsigned int *decoded_data_len); + + static krb5_error_code + create_krb5_invalidCertificates(krb5_context context, +@@ -140,10 +120,6 @@ create_krb5_invalidCertificates(krb5_context context, + static krb5_error_code + create_identifiers_from_stack(STACK_OF(X509) *sk, + krb5_external_principal_identifier *** ids); +-static int +-wrap_signeddata(unsigned char *data, unsigned int data_len, +- unsigned char **out, unsigned int *out_len); +- + static const char * + pkcs11err(int err); + +@@ -2177,175 +2153,6 @@ cleanup: + return retval; + } + +-krb5_error_code +-cms_envelopeddata_create(krb5_context context, +- pkinit_plg_crypto_context plgctx, +- pkinit_req_crypto_context reqctx, +- pkinit_identity_crypto_context idctx, +- krb5_preauthtype pa_type, +- unsigned char *key_pack, +- unsigned int key_pack_len, +- unsigned char **out, +- unsigned int *out_len) +-{ +- +- krb5_error_code retval = ENOMEM; +- PKCS7 *p7 = NULL; +- BIO *in = NULL; +- unsigned char *p = NULL, *signed_data = NULL, *enc_data = NULL; +- int signed_data_len = 0, enc_data_len = 0, flags = PKCS7_BINARY; +- STACK_OF(X509) *encerts = NULL; +- const EVP_CIPHER *cipher = NULL; +- +- retval = cms_signeddata_create(context, plgctx, reqctx, idctx, +- CMS_ENVEL_SERVER, key_pack, key_pack_len, +- &signed_data, +- (unsigned int *)&signed_data_len); +- if (retval) { +- pkiDebug("failed to create pkcs7 signed data\n"); +- goto cleanup; +- } +- +- /* check we have client's certificate */ +- if (reqctx->received_cert == NULL) { +- retval = KRB5KDC_ERR_PREAUTH_FAILED; +- goto cleanup; +- } +- encerts = sk_X509_new_null(); +- sk_X509_push(encerts, reqctx->received_cert); +- +- cipher = EVP_des_ede3_cbc(); +- in = BIO_new(BIO_s_mem()); +- prepare_enc_data(signed_data, signed_data_len, &enc_data, +- &enc_data_len); +- retval = BIO_write(in, enc_data, enc_data_len); +- if (retval != enc_data_len) { +- pkiDebug("BIO_write only wrote %d\n", retval); +- goto cleanup; +- } +- +- p7 = PKCS7_encrypt(encerts, in, cipher, flags); +- if (p7 == NULL) { +- retval = oerr(context, 0, _("Failed to encrypt PKCS7 object")); +- goto cleanup; +- } +- p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_signed); +- +- *out_len = i2d_PKCS7(p7, NULL); +- if (!*out_len || (p = *out = malloc(*out_len)) == NULL) { +- retval = ENOMEM; +- goto cleanup; +- } +- retval = i2d_PKCS7(p7, &p); +- if (!retval) { +- retval = oerr(context, 0, _("Failed to DER encode PKCS7")); +- goto cleanup; +- } +- retval = 0; +- +-#ifdef DEBUG_ASN1 +- print_buffer_bin(*out, *out_len, "/tmp/kdc_enveloped_data"); +-#endif +- +-cleanup: +- if (p7 != NULL) +- PKCS7_free(p7); +- if (in != NULL) +- BIO_free(in); +- free(signed_data); +- free(enc_data); +- if (encerts != NULL) +- sk_X509_free(encerts); +- +- return retval; +-} +- +-krb5_error_code +-cms_envelopeddata_verify(krb5_context context, +- pkinit_plg_crypto_context plg_cryptoctx, +- pkinit_req_crypto_context req_cryptoctx, +- pkinit_identity_crypto_context id_cryptoctx, +- krb5_preauthtype pa_type, +- int require_crl_checking, +- unsigned char *enveloped_data, +- unsigned int enveloped_data_len, +- unsigned char **data, +- unsigned int *data_len) +-{ +- krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED; +- PKCS7 *p7 = NULL; +- const unsigned char *p = enveloped_data; +- unsigned int tmp_buf_len = 0, tmp_buf2_len = 0, vfy_buf_len = 0; +- unsigned char *tmp_buf = NULL, *tmp_buf2 = NULL, *vfy_buf = NULL; +- +-#ifdef DEBUG_ASN1 +- print_buffer_bin(enveloped_data, enveloped_data_len, +- "/tmp/client_envelopeddata"); +-#endif +- /* decode received PKCS7 message */ +- if ((p7 = d2i_PKCS7(NULL, &p, (int)enveloped_data_len)) == NULL) { +- retval = oerr(context, 0, _("Failed to decode PKCS7")); +- goto cleanup; +- } +- +- /* verify that the received message is PKCS7 EnvelopedData message */ +- if (OBJ_obj2nid(p7->type) != NID_pkcs7_enveloped) { +- pkiDebug("Expected id-enveloped PKCS7 msg (received type = %d)\n", +- OBJ_obj2nid(p7->type)); +- krb5_set_error_message(context, retval, "wrong oid\n"); +- goto cleanup; +- } +- +- /* decrypt received PKCS7 message */ +- if (pkcs7_decrypt(context, id_cryptoctx, p7, &tmp_buf, &tmp_buf_len)) { +- pkiDebug("PKCS7 decryption successful\n"); +- } else { +- retval = oerr(context, 0, _("Failed to decrypt PKCS7 message")); +- goto cleanup; +- } +- +-#ifdef DEBUG_ASN1 +- print_buffer_bin(tmp_buf, tmp_buf_len, "/tmp/client_enc_keypack"); +-#endif +- /* verify PKCS7 SignedData message */ +- /* Wrap the signed data to make decoding easier in the verify routine. */ +- retval = wrap_signeddata(tmp_buf, tmp_buf_len, &tmp_buf2, &tmp_buf2_len); +- if (retval) { +- pkiDebug("failed to encode signeddata\n"); +- goto cleanup; +- } +- vfy_buf = tmp_buf2; +- vfy_buf_len = tmp_buf2_len; +- +-#ifdef DEBUG_ASN1 +- print_buffer_bin(vfy_buf, vfy_buf_len, "/tmp/client_enc_keypack2"); +-#endif +- +- retval = cms_signeddata_verify(context, plg_cryptoctx, req_cryptoctx, +- id_cryptoctx, CMS_ENVEL_SERVER, +- require_crl_checking, +- vfy_buf, vfy_buf_len, +- data, data_len, NULL, NULL, NULL); +- +- if (!retval) +- pkiDebug("PKCS7 Verification Success\n"); +- else { +- pkiDebug("PKCS7 Verification Failure\n"); +- goto cleanup; +- } +- +- retval = 0; +- +-cleanup: +- +- if (p7 != NULL) +- PKCS7_free(p7); +- free(tmp_buf); +- free(tmp_buf2); +- +- return retval; +-} +- + static krb5_error_code + crypto_retrieve_X509_sans(krb5_context context, + pkinit_plg_crypto_context plgctx, +@@ -3396,70 +3203,6 @@ pkinit_pkcs7type2oid(pkinit_plg_crypto_context cryptoctx, int pkcs7_type) + + } + +-static int +-wrap_signeddata(unsigned char *data, unsigned int data_len, +- unsigned char **out, unsigned int *out_len) +-{ +- +- unsigned int orig_len = 0, oid_len = 0, tot_len = 0; +- ASN1_OBJECT *oid = NULL; +- unsigned char *p = NULL; +- +- /* Get length to wrap the original data with SEQUENCE tag */ +- tot_len = orig_len = ASN1_object_size(1, (int)data_len, V_ASN1_SEQUENCE); +- +- /* Add the signedData OID and adjust lengths */ +- oid = OBJ_nid2obj(NID_pkcs7_signed); +- oid_len = i2d_ASN1_OBJECT(oid, NULL); +- +- tot_len = ASN1_object_size(1, (int)(orig_len+oid_len), V_ASN1_SEQUENCE); +- +- p = *out = malloc(tot_len); +- if (p == NULL) return -1; +- +- ASN1_put_object(&p, 1, (int)(orig_len+oid_len), +- V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +- +- i2d_ASN1_OBJECT(oid, &p); +- +- ASN1_put_object(&p, 1, (int)data_len, 0, V_ASN1_CONTEXT_SPECIFIC); +- memcpy(p, data, data_len); +- +- *out_len = tot_len; +- +- return 0; +-} +- +-static int +-prepare_enc_data(const uint8_t *indata, int indata_len, uint8_t **outdata, +- int *outdata_len) +-{ +- int tag, class; +- long tlen, slen; +- const uint8_t *p = indata, *oldp; +- +- if (ASN1_get_object(&p, &slen, &tag, &class, indata_len) & 0x80) +- return EINVAL; +- if (tag != V_ASN1_SEQUENCE) +- return EINVAL; +- +- oldp = p; +- if (ASN1_get_object(&p, &tlen, &tag, &class, slen) & 0x80) +- return EINVAL; +- p += tlen; +- slen -= (p - oldp); +- +- if (ASN1_get_object(&p, &tlen, &tag, &class, slen) & 0x80) +- return EINVAL; +- +- *outdata = malloc(tlen); +- if (*outdata == NULL) +- return ENOMEM; +- memcpy(*outdata, p, tlen); +- *outdata_len = tlen; +- return 0; +-} +- + #ifndef WITHOUT_PKCS11 + static struct plugin_file_handle * + load_pkcs11_module(krb5_context context, const char *modname, +@@ -3778,169 +3521,6 @@ pkinit_find_private_key(pkinit_identity_crypto_context id_cryptoctx, + } + #endif + +-static krb5_error_code +-pkinit_decode_data_fs(krb5_context context, +- pkinit_identity_crypto_context id_cryptoctx, +- const uint8_t *data, unsigned int data_len, +- uint8_t **decoded_data, unsigned int *decoded_data_len) +-{ +- X509 *cert = sk_X509_value(id_cryptoctx->my_certs, +- id_cryptoctx->cert_index); +- EVP_PKEY *pkey = id_cryptoctx->my_key; +- EVP_PKEY_CTX *ctx = NULL; +- uint8_t *buf = NULL; +- size_t buf_len = 0; +- int ok; +- +- *decoded_data = NULL; +- *decoded_data_len = 0; +- +- if (cert != NULL && !X509_check_private_key(cert, pkey)) { +- pkiDebug("private key does not match certificate\n"); +- return KRB5KDC_ERR_PREAUTH_FAILED; +- } +- +- ctx = EVP_PKEY_CTX_new(pkey, NULL); +- if (ctx == NULL) +- return KRB5KDC_ERR_PREAUTH_FAILED; +- +- ok = EVP_PKEY_decrypt_init(ctx); +- if (!ok) +- goto cleanup; +- +- /* Get the length of the eventual output. */ +- ok = EVP_PKEY_decrypt(ctx, NULL, &buf_len, data, data_len); +- if (!ok) { +- pkiDebug("unable to decrypt received data\n"); +- goto cleanup; +- } +- +- buf = malloc(buf_len); +- if (buf == NULL) { +- ok = 0; +- goto cleanup; +- } +- +- ok = EVP_PKEY_decrypt(ctx, buf, &buf_len, data, data_len); +- if (!ok) { +- pkiDebug("unable to decrypt received data\n"); +- goto cleanup; +- } +- +- *decoded_data = buf; +- *decoded_data_len = buf_len; +- buf = NULL; +-cleanup: +- zapfree(buf, buf_len); +- EVP_PKEY_CTX_free(ctx); +- return ok ? 0 : KRB5KDC_ERR_PREAUTH_FAILED; +-} +- +-#ifndef WITHOUT_PKCS11 +-/* +- * When using the ActivCard Linux pkcs11 library (v2.0.1), the decrypt function +- * fails. By inserting an extra function call, which serves nothing but to +- * change the stack, we were able to work around the issue. If the ActivCard +- * library is fixed in the future, this function can be inlined back into the +- * caller. +- */ +-static CK_RV +-pkinit_C_Decrypt(pkinit_identity_crypto_context id_cryptoctx, +- CK_BYTE_PTR pEncryptedData, +- CK_ULONG ulEncryptedDataLen, +- CK_BYTE_PTR pData, +- CK_ULONG_PTR pulDataLen) +-{ +- CK_RV rv = CKR_OK; +- +- rv = id_cryptoctx->p11->C_Decrypt(id_cryptoctx->session, pEncryptedData, +- ulEncryptedDataLen, pData, pulDataLen); +- if (rv == CKR_OK) { +- pkiDebug("pData %p *pulDataLen %d\n", (void *) pData, +- (int) *pulDataLen); +- } +- return rv; +-} +- +-static krb5_error_code +-pkinit_decode_data_pkcs11(krb5_context context, +- pkinit_identity_crypto_context id_cryptoctx, +- const uint8_t *data, unsigned int data_len, +- uint8_t **decoded_data, +- unsigned int *decoded_data_len) +-{ +- CK_OBJECT_HANDLE obj; +- CK_ULONG len; +- CK_MECHANISM mech; +- uint8_t *cp; +- int r; +- +- *decoded_data = NULL; +- *decoded_data_len = 0; +- +- if (pkinit_open_session(context, id_cryptoctx)) { +- pkiDebug("can't open pkcs11 session\n"); +- return KRB5KDC_ERR_PREAUTH_FAILED; +- } +- +- pkinit_find_private_key(id_cryptoctx, CKA_DECRYPT, &obj); +- +- mech.mechanism = CKM_RSA_PKCS; +- mech.pParameter = NULL; +- mech.ulParameterLen = 0; +- +- if ((r = id_cryptoctx->p11->C_DecryptInit(id_cryptoctx->session, &mech, +- obj)) != CKR_OK) { +- pkiDebug("C_DecryptInit: 0x%x\n", (int) r); +- return KRB5KDC_ERR_PREAUTH_FAILED; +- } +- pkiDebug("data_len = %d\n", data_len); +- cp = malloc((size_t) data_len); +- if (cp == NULL) +- return ENOMEM; +- len = data_len; +- pkiDebug("session %p edata %p edata_len %d data %p datalen @%p %d\n", +- (void *) id_cryptoctx->session, (void *) data, (int) data_len, +- (void *) cp, (void *) &len, (int) len); +- r = pkinit_C_Decrypt(id_cryptoctx, (CK_BYTE_PTR) data, (CK_ULONG) data_len, +- cp, &len); +- if (r != CKR_OK) { +- pkiDebug("C_Decrypt: %s\n", pkcs11err(r)); +- if (r == CKR_BUFFER_TOO_SMALL) +- pkiDebug("decrypt %d needs %d\n", (int) data_len, (int) len); +- return KRB5KDC_ERR_PREAUTH_FAILED; +- } +- pkiDebug("decrypt %d -> %d\n", (int) data_len, (int) len); +- *decoded_data_len = len; +- *decoded_data = cp; +- +- return 0; +-} +-#endif +- +-krb5_error_code +-pkinit_decode_data(krb5_context context, +- pkinit_identity_crypto_context id_cryptoctx, +- const uint8_t *data, unsigned int data_len, +- uint8_t **decoded_data, unsigned int *decoded_data_len) +-{ +- krb5_error_code retval = KRB5KDC_ERR_PREAUTH_FAILED; +- +- *decoded_data = NULL; +- *decoded_data_len = 0; +- +- if (id_cryptoctx->pkcs11_method != 1) +- retval = pkinit_decode_data_fs(context, id_cryptoctx, data, data_len, +- decoded_data, decoded_data_len); +-#ifndef WITHOUT_PKCS11 +- else +- retval = pkinit_decode_data_pkcs11(context, id_cryptoctx, data, +- data_len, decoded_data, decoded_data_len); +-#endif +- +- return retval; +-} +- + static krb5_error_code + pkinit_sign_data_fs(krb5_context context, + pkinit_identity_crypto_context id_cryptoctx, +@@ -5615,88 +5195,6 @@ cleanup: + return retval; + } + +-/* Originally based on OpenSSL's PKCS7_dataDecode(), now modified to remove the +- * use of BIO objects and to fit the PKINIT internal interfaces. */ +-static int +-pkcs7_decrypt(krb5_context context, +- pkinit_identity_crypto_context id_cryptoctx, PKCS7 *p7, +- unsigned char **data_out, unsigned int *len_out) +-{ +- krb5_error_code ret; +- int ok = 0, plaintext_len = 0, final_len; +- unsigned int keylen = 0, eklen = 0, blocksize; +- unsigned char *ek = NULL, *tkey = NULL, *plaintext = NULL, *use_key; +- ASN1_OCTET_STRING *data_body = p7->d.enveloped->enc_data->enc_data; +- const EVP_CIPHER *evp_cipher; +- EVP_CIPHER_CTX *evp_ctx = NULL; +- X509_ALGOR *enc_alg = p7->d.enveloped->enc_data->algorithm; +- STACK_OF(PKCS7_RECIP_INFO) *rsk = p7->d.enveloped->recipientinfo; +- PKCS7_RECIP_INFO *ri = NULL; +- +- *data_out = NULL; +- *len_out = 0; +- +- p7->state = PKCS7_S_HEADER; +- +- /* RFC 4556 section 3.2.3.2 requires that there be exactly one +- * recipientInfo. */ +- if (sk_PKCS7_RECIP_INFO_num(rsk) != 1) { +- pkiDebug("invalid number of EnvelopedData RecipientInfos\n"); +- return 0; +- } +- ri = sk_PKCS7_RECIP_INFO_value(rsk, 0); +- +- evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm); +- if (evp_cipher == NULL) +- goto cleanup; +- keylen = EVP_CIPHER_key_length(evp_cipher); +- blocksize = EVP_CIPHER_block_size(evp_cipher); +- +- evp_ctx = EVP_CIPHER_CTX_new(); +- if (evp_ctx == NULL) +- goto cleanup; +- if (!EVP_DecryptInit(evp_ctx, evp_cipher, NULL, NULL) || +- EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0) +- goto cleanup; +- +- /* Generate a random symmetric key to avoid exposing timing data if RSA +- * decryption fails the padding check. */ +- tkey = malloc(keylen); +- if (tkey == NULL || !EVP_CIPHER_CTX_rand_key(evp_ctx, tkey)) +- goto cleanup; +- +- /* Decrypt the secret key with the private key. */ +- ret = pkinit_decode_data(context, id_cryptoctx, +- ASN1_STRING_get0_data(ri->enc_key), +- ASN1_STRING_length(ri->enc_key), &ek, &eklen); +- use_key = (ret || eklen != keylen) ? tkey : ek; +- +- /* Allocate a plaintext buffer and decrypt data_body into it. */ +- plaintext = malloc(data_body->length + blocksize); +- if (plaintext == NULL) +- goto cleanup; +- if (!EVP_DecryptInit(evp_ctx, NULL, use_key, NULL)) +- goto cleanup; +- if (!EVP_DecryptUpdate(evp_ctx, plaintext, &plaintext_len, +- data_body->data, data_body->length)) +- goto cleanup; +- if (!EVP_DecryptFinal(evp_ctx, plaintext + plaintext_len, &final_len)) +- goto cleanup; +- plaintext_len += final_len; +- +- *len_out = plaintext_len; +- *data_out = plaintext; +- plaintext = NULL; +- ok = 1; +- +-cleanup: +- EVP_CIPHER_CTX_free(evp_ctx); +- zapfree(plaintext, plaintext_len); +- zapfree(ek, eklen); +- zapfree(tkey, keylen); +- return ok; +-} +- + #ifdef DEBUG_DH + static void + print_dh(DH * dh, char *msg) +diff --git a/src/plugins/preauth/pkinit/pkinit_lib.c b/src/plugins/preauth/pkinit/pkinit_lib.c +index 4c3d46bf5a..19db695a4d 100644 +--- a/src/plugins/preauth/pkinit/pkinit_lib.c ++++ b/src/plugins/preauth/pkinit/pkinit_lib.c +@@ -50,7 +50,6 @@ pkinit_init_req_opts(pkinit_req_opts **reqopts) + opts->require_eku = 1; + opts->accept_secondary_eku = 0; + opts->allow_upn = 0; +- opts->dh_or_rsa = DH_PROTOCOL; + opts->require_crl_checking = 0; + opts->dh_size = PKINIT_DEFAULT_DH_MIN_BITS; + +@@ -79,7 +78,6 @@ pkinit_init_plg_opts(pkinit_plg_opts **plgopts) + + opts->require_eku = 1; + opts->accept_secondary_eku = 0; +- opts->dh_or_rsa = DH_PROTOCOL; + opts->allow_upn = 0; + opts->require_crl_checking = 0; + opts->require_freshness = 0; +diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c +index 768a4e559f..aab21f951c 100644 +--- a/src/plugins/preauth/pkinit/pkinit_srv.c ++++ b/src/plugins/preauth/pkinit/pkinit_srv.c +@@ -821,132 +821,55 @@ pkinit_server_return_padata(krb5_context context, + retval = ENOMEM; + goto cleanup; + } +- /* let's assume it's RSA. we'll reset it to DH if needed */ +- rep->choice = choice_pa_pk_as_rep_encKeyPack; + +- if (reqctx->rcv_auth_pack != NULL && +- reqctx->rcv_auth_pack->clientPublicValue.length > 0) { +- rep->choice = choice_pa_pk_as_rep_dhInfo; +- +- pkiDebug("received DH key delivery AS REQ\n"); +- retval = server_process_dh(context, plgctx->cryptoctx, +- reqctx->cryptoctx, plgctx->idctx, +- &dh_pubkey, &dh_pubkey_len, +- &server_key, &server_key_len); +- if (retval) { +- pkiDebug("failed to process/create dh parameters\n"); +- goto cleanup; +- } +- +- /* +- * This is DH, so don't generate the key until after we +- * encode the reply, because the encoded reply is needed +- * to generate the key in some cases. +- */ +- +- dhkey_info.subjectPublicKey.length = dh_pubkey_len; +- dhkey_info.subjectPublicKey.data = (char *)dh_pubkey; +- dhkey_info.nonce = request->nonce; +- dhkey_info.dhKeyExpiration = 0; +- +- retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info, +- &encoded_dhkey_info); +- if (retval) { +- pkiDebug("encode_krb5_kdc_dh_key_info failed\n"); +- goto cleanup; +- } +-#ifdef DEBUG_ASN1 +- print_buffer_bin((unsigned char *)encoded_dhkey_info->data, +- encoded_dhkey_info->length, +- "/tmp/kdc_dh_key_info"); +-#endif +- +- retval = cms_signeddata_create(context, plgctx->cryptoctx, +- reqctx->cryptoctx, plgctx->idctx, +- CMS_SIGN_SERVER, +- (unsigned char *) +- encoded_dhkey_info->data, +- encoded_dhkey_info->length, +- (unsigned char **) +- &rep->u.dh_Info.dhSignedData.data, +- &rep->u.dh_Info.dhSignedData.length); +- if (retval) { +- pkiDebug("failed to create pkcs7 signed data\n"); +- goto cleanup; +- } +- +- } else { +- pkiDebug("received RSA key delivery AS REQ\n"); +- +- init_krb5_reply_key_pack(&key_pack); +- if (key_pack == NULL) { +- retval = ENOMEM; +- goto cleanup; +- } ++ if (reqctx->rcv_auth_pack == NULL || ++ reqctx->rcv_auth_pack->clientPublicValue.length == 0) { ++ retval = KRB5KDC_ERR_PREAUTH_FAILED; ++ k5_setmsg(context, retval, _("Unsupported PKINIT RSA request")); ++ goto cleanup; ++ } + +- retval = krb5_c_make_random_key(context, enctype, &key_pack->replyKey); +- if (retval) { +- pkiDebug("unable to make a session key\n"); +- goto cleanup; +- } ++ rep->choice = choice_pa_pk_as_rep_dhInfo; + +- retval = krb5_c_make_checksum(context, 0, &key_pack->replyKey, +- KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, +- req_pkt, &key_pack->asChecksum); +- if (retval) { +- pkiDebug("unable to calculate AS REQ checksum\n"); +- goto cleanup; +- } +-#ifdef DEBUG_CKSUM +- pkiDebug("calculating checksum on buf size = %d\n", req_pkt->length); +- print_buffer(req_pkt->data, req_pkt->length); +- pkiDebug("checksum size = %d\n", key_pack->asChecksum.length); +- print_buffer(key_pack->asChecksum.contents, +- key_pack->asChecksum.length); +- pkiDebug("encrypting key (%d)\n", key_pack->replyKey.length); +- print_buffer(key_pack->replyKey.contents, key_pack->replyKey.length); +-#endif ++ retval = server_process_dh(context, plgctx->cryptoctx, reqctx->cryptoctx, ++ plgctx->idctx, &dh_pubkey, &dh_pubkey_len, ++ &server_key, &server_key_len); ++ if (retval) { ++ pkiDebug("failed to process/create dh parameters\n"); ++ goto cleanup; ++ } + +- retval = k5int_encode_krb5_reply_key_pack(key_pack, +- &encoded_key_pack); +- if (retval) { +- pkiDebug("failed to encode reply_key_pack\n"); +- goto cleanup; +- } ++ dhkey_info.subjectPublicKey.length = dh_pubkey_len; ++ dhkey_info.subjectPublicKey.data = (char *)dh_pubkey; ++ dhkey_info.nonce = request->nonce; ++ dhkey_info.dhKeyExpiration = 0; + +- rep->choice = choice_pa_pk_as_rep_encKeyPack; +- retval = cms_envelopeddata_create(context, plgctx->cryptoctx, +- reqctx->cryptoctx, plgctx->idctx, +- padata->pa_type, +- (unsigned char *) +- encoded_key_pack->data, +- encoded_key_pack->length, +- (unsigned char **) +- &rep->u.encKeyPack.data, +- &rep->u.encKeyPack.length); +- if (retval) { +- pkiDebug("failed to create pkcs7 enveloped data: %s\n", +- error_message(retval)); +- goto cleanup; +- } ++ retval = k5int_encode_krb5_kdc_dh_key_info(&dhkey_info, ++ &encoded_dhkey_info); ++ if (retval) { ++ pkiDebug("encode_krb5_kdc_dh_key_info failed\n"); ++ goto cleanup; ++ } + #ifdef DEBUG_ASN1 +- print_buffer_bin((unsigned char *)encoded_key_pack->data, +- encoded_key_pack->length, +- "/tmp/kdc_key_pack"); +- print_buffer_bin(rep->u.encKeyPack.data, rep->u.encKeyPack.length, +- "/tmp/kdc_enc_key_pack"); ++ print_buffer_bin((unsigned char *)encoded_dhkey_info->data, ++ encoded_dhkey_info->length, "/tmp/kdc_dh_key_info"); + #endif + +- retval = cb->replace_reply_key(context, rock, &key_pack->replyKey, +- FALSE); +- if (retval) +- goto cleanup; ++ retval = cms_signeddata_create(context, plgctx->cryptoctx, ++ reqctx->cryptoctx, plgctx->idctx, ++ CMS_SIGN_SERVER, ++ (unsigned char *)encoded_dhkey_info->data, ++ encoded_dhkey_info->length, ++ (unsigned char **) ++ &rep->u.dh_Info.dhSignedData.data, ++ &rep->u.dh_Info.dhSignedData.length); ++ if (retval) { ++ pkiDebug("failed to create pkcs7 signed data\n"); ++ goto cleanup; + } + +- if (rep->choice == choice_pa_pk_as_rep_dhInfo && +- ((reqctx->rcv_auth_pack != NULL && +- reqctx->rcv_auth_pack->supportedKDFs != NULL))) { +- ++ if (reqctx->rcv_auth_pack != NULL && ++ reqctx->rcv_auth_pack->supportedKDFs != NULL) { + /* If using the alg-agility KDF, put the algorithm in the reply + * before encoding it. + */ +@@ -973,41 +896,36 @@ pkinit_server_return_padata(krb5_context context, + "/tmp/kdc_as_rep"); + #endif + +- /* If this is DH, we haven't computed the key yet, so do it now. */ +- if (rep->choice == choice_pa_pk_as_rep_dhInfo) { +- +- /* If mutually supported KDFs were found, use the algorithm agility +- * KDF. */ +- if (rep->u.dh_Info.kdfID) { +- secret.data = (char *)server_key; +- secret.length = server_key_len; ++ /* If mutually supported KDFs were found, use the algorithm agility KDF. */ ++ if (rep->u.dh_Info.kdfID) { ++ secret.data = (char *)server_key; ++ secret.length = server_key_len; + +- retval = pkinit_alg_agility_kdf(context, &secret, +- rep->u.dh_Info.kdfID, +- request->client, request->server, +- enctype, req_pkt, out_data, +- &reply_key); +- if (retval) { +- pkiDebug("pkinit_alg_agility_kdf failed: %s\n", +- error_message(retval)); +- goto cleanup; +- } ++ retval = pkinit_alg_agility_kdf(context, &secret, rep->u.dh_Info.kdfID, ++ request->client, request->server, ++ enctype, req_pkt, out_data, ++ &reply_key); ++ if (retval) { ++ pkiDebug("pkinit_alg_agility_kdf failed: %s\n", ++ error_message(retval)); ++ goto cleanup; ++ } + +- /* Otherwise, use the older octetstring2key() function */ +- } else { +- retval = pkinit_octetstring2key(context, enctype, server_key, ++ /* Otherwise, use the older octetstring2key() function */ ++ } else { ++ retval = pkinit_octetstring2key(context, enctype, server_key, + server_key_len, &reply_key); +- if (retval) { +- pkiDebug("pkinit_octetstring2key failed: %s\n", +- error_message(retval)); +- goto cleanup; +- } +- } +- retval = cb->replace_reply_key(context, rock, &reply_key, FALSE); +- if (retval) ++ if (retval) { ++ pkiDebug("pkinit_octetstring2key failed: %s\n", ++ error_message(retval)); + goto cleanup; ++ } + } + ++ retval = cb->replace_reply_key(context, rock, &reply_key, FALSE); ++ if (retval) ++ goto cleanup; ++ + *send_pa = malloc(sizeof(krb5_pa_data)); + if (*send_pa == NULL) { + retval = ENOMEM; +diff --git a/src/plugins/preauth/pkinit/pkinit_trace.h b/src/plugins/preauth/pkinit/pkinit_trace.h +index 5ee39c085c..d385759145 100644 +--- a/src/plugins/preauth/pkinit/pkinit_trace.h ++++ b/src/plugins/preauth/pkinit/pkinit_trace.h +@@ -58,19 +58,10 @@ + TRACE(c, "PKINIT client verified DH reply") + #define TRACE_PKINIT_CLIENT_REP_DH_FAIL(c) \ + TRACE(c, "PKINIT client could not verify DH reply") +-#define TRACE_PKINIT_CLIENT_REP_RSA(c) \ +- TRACE(c, "PKINIT client verified RSA reply") +-#define TRACE_PKINIT_CLIENT_REP_RSA_KEY(c, keyblock, cksum) \ +- TRACE(c, "PKINIT client retrieved reply key {keyblock} from RSA " \ +- "reply (checksum {cksum})", keyblock, cksum) +-#define TRACE_PKINIT_CLIENT_REP_RSA_FAIL(c) \ +- TRACE(c, "PKINIT client could not verify RSA reply") + #define TRACE_PKINIT_CLIENT_REQ_CHECKSUM(c, cksum) \ + TRACE(c, "PKINIT client computed kdc-req-body checksum {cksum}", cksum) + #define TRACE_PKINIT_CLIENT_REQ_DH(c) \ + TRACE(c, "PKINIT client making DH request") +-#define TRACE_PKINIT_CLIENT_REQ_RSA(c) \ +- TRACE(c, "PKINIT client making RSA request") + #define TRACE_PKINIT_CLIENT_SAN_CONFIG_DNSNAME(c, host) \ + TRACE(c, "PKINIT client config accepts KDC dNSName SAN {str}", host) + #define TRACE_PKINIT_CLIENT_SAN_MATCH_DNSNAME(c, host) \ +diff --git a/src/tests/t_pkinit.py b/src/tests/t_pkinit.py +index ec2356ea22..62e6c426d3 100755 +--- a/src/tests/t_pkinit.py ++++ b/src/tests/t_pkinit.py +@@ -179,13 +179,6 @@ id_conf = {'realms': {'$realm': {'pkinit_identities': [file_identity + 'X', + id_env = realm.special_env('idconf', False, krb5_conf=id_conf) + realm.kinit(realm.user_princ, expected_trace=msgs, env=id_env) + +-# Try again using RSA instead of DH. +-mark('FILE identity, no password, RSA') +-realm.pkinit(realm.user_princ, flags=['-X', 'flag_RSA_PROTOCOL=yes'], +- expected_trace=('PKINIT client making RSA request', +- 'PKINIT client verified RSA reply')) +-realm.klist(realm.user_princ) +- + # Test a DH parameter renegotiation by temporarily setting a 4096-bit + # minimum on the KDC. (Preauth type 16 is PKINIT PA_PK_AS_REQ; + # 109 is PKINIT TD_DH_PARAMETERS; 133 is FAST PA-FX-COOKIE.) +diff --git a/src/windows/leash/htmlhelp/html/KINIT.htm b/src/windows/leash/htmlhelp/html/KINIT.htm +index eeee211a6e..46cb4a3ad8 100644 +--- a/src/windows/leash/htmlhelp/html/KINIT.htm ++++ b/src/windows/leash/htmlhelp/html/KINIT.htm +@@ -146,9 +146,6 @@ default credentials cache may vary between systems. If the KRB5CCNAME en + -S service_name + specify an alternate service name to use when getting initial + tickets. +- +- flag_RSA_PROTOCOL[=yes] +- specify use of RSA, rather than the default Diffie-Hellman protocol. + + +

ENVIRONMENT

+-- +2.46.0 + diff --git a/SOURCES/0025-Fix-various-issues-detected-by-static-analysis.patch b/SOURCES/0025-Fix-various-issues-detected-by-static-analysis.patch new file mode 100644 index 0000000..fb60c0f --- /dev/null +++ b/SOURCES/0025-Fix-various-issues-detected-by-static-analysis.patch @@ -0,0 +1,175 @@ +From 5464ad5b64f7ce7c3d78082352189af7c8feb95f Mon Sep 17 00:00:00 2001 +From: Julien Rische +Date: Fri, 6 Sep 2024 17:18:11 +0200 +Subject: [PATCH] Fix various issues detected by static analysis + +(cherry picked from commit 53d352949941ee236461658d01f03c37abafc6f6) +--- + src/clients/klist/klist.c | 13 +++++++------ + src/kadmin/dbutil/dump.c | 5 +++++ + src/kdc/ndr.c | 2 +- + src/lib/kdb/decrypt_key.c | 2 +- + src/lib/rpc/svc_auth_gss.c | 5 ++++- + src/lib/rpc/svc_udp.c | 13 +++++++------ + src/util/support/threads.c | 2 -- + 7 files changed, 25 insertions(+), 17 deletions(-) + +diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c +index 27cf0ee11b..9db66f6072 100644 +--- a/src/clients/klist/klist.c ++++ b/src/clients/klist/klist.c +@@ -666,7 +666,7 @@ show_credential(krb5_creds *cred) + krb5_error_code ret; + krb5_ticket *tkt = NULL; + char *name = NULL, *sname = NULL, *tktsname, *flags; +- int extra_field = 0, ccol = 0, i; ++ int extra_field = 0, ccol = 0, i, r; + krb5_boolean is_config = krb5_is_config_principal(context, cred->server); + + ret = krb5_unparse_name(context, cred->client, &name); +@@ -696,11 +696,12 @@ show_credential(krb5_creds *cred) + fputs("config: ", stdout); + ccol = 8; + for (i = 1; i < cred->server->length; i++) { +- ccol += printf("%s%.*s%s", +- i > 1 ? "(" : "", +- (int)cred->server->data[i].length, +- cred->server->data[i].data, +- i > 1 ? ")" : ""); ++ r = printf("%s%.*s%s", i > 1 ? "(" : "", ++ (int)cred->server->data[i].length, ++ cred->server->data[i].data, ++ i > 1 ? ")" : ""); ++ if (r >= 0) ++ ccol += r; + } + fputs(" = ", stdout); + ccol += 3; +diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c +index 4d6cc0bdf9..feb053d834 100644 +--- a/src/kadmin/dbutil/dump.c ++++ b/src/kadmin/dbutil/dump.c +@@ -704,6 +704,11 @@ process_k5beta7_princ(krb5_context context, const char *fname, FILE *filep, + + dbentry->len = u1; + dbentry->n_key_data = u4; ++ ++ if (u5 > UINT16_MAX) { ++ load_err(fname, *linenop, _("invalid principal extra data size")); ++ goto fail; ++ } + dbentry->e_length = u5; + + if (kp != NULL) { +diff --git a/src/kdc/ndr.c b/src/kdc/ndr.c +index d438408ee2..38be9fe42a 100644 +--- a/src/kdc/ndr.c ++++ b/src/kdc/ndr.c +@@ -242,7 +242,7 @@ ndr_enc_delegation_info(struct pac_s4u_delegation_info *in, krb5_data *out) + { + krb5_error_code ret; + size_t i; +- struct k5buf b; ++ struct k5buf b = EMPTY_K5BUF; + struct encoded_wchars pt_encoded = { 0 }, *tss_encoded = NULL; + uint32_t pointer = 0; + +diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c +index 82bbed6312..c971793c9d 100644 +--- a/src/lib/kdb/decrypt_key.c ++++ b/src/lib/kdb/decrypt_key.c +@@ -60,7 +60,7 @@ krb5_dbe_def_decrypt_key_data(krb5_context context, const krb5_keyblock *mkey, + krb5_keyblock *dbkey_out, + krb5_keysalt *keysalt_out) + { +- krb5_error_code ret; ++ krb5_error_code ret = KRB5_CRYPTO_INTERNAL; + int16_t keylen; + krb5_enc_data cipher; + krb5_data plain = empty_data(); +diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c +index 98d601c8ab..461e5de542 100644 +--- a/src/lib/rpc/svc_auth_gss.c ++++ b/src/lib/rpc/svc_auth_gss.c +@@ -297,7 +297,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r + struct opaque_auth *oa; + gss_buffer_desc rpcbuf, checksum; + OM_uint32 maj_stat, min_stat, qop_state; +- u_char rpchdr[128]; ++ u_char rpchdr[32 + MAX_AUTH_BYTES]; + int32_t *buf; + + log_debug("in svcauth_gss_validate()"); +@@ -315,6 +315,8 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r + return (FALSE); + + buf = (int32_t *)(void *)rpchdr; ++ ++ /* Write the 32 first bytes of the header. */ + IXDR_PUT_LONG(buf, msg->rm_xid); + IXDR_PUT_ENUM(buf, msg->rm_direction); + IXDR_PUT_LONG(buf, msg->rm_call.cb_rpcvers); +@@ -323,6 +325,7 @@ svcauth_gss_validate(struct svc_req *rqst, struct svc_rpc_gss_data *gd, struct r + IXDR_PUT_LONG(buf, msg->rm_call.cb_proc); + IXDR_PUT_ENUM(buf, oa->oa_flavor); + IXDR_PUT_LONG(buf, oa->oa_length); ++ + if (oa->oa_length) { + memcpy((caddr_t)buf, oa->oa_base, oa->oa_length); + buf += RNDUP(oa->oa_length) / sizeof(int32_t); +diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c +index 8ecbdf2b33..3aff277eb7 100644 +--- a/src/lib/rpc/svc_udp.c ++++ b/src/lib/rpc/svc_udp.c +@@ -248,8 +248,9 @@ static bool_t svcudp_reply( + { + struct svcudp_data *su = su_data(xprt); + XDR *xdrs = &su->su_xdrs; +- int slen; ++ u_int slen; + bool_t stat = FALSE; ++ ssize_t r; + + xdrproc_t xdr_results = NULL; + caddr_t xdr_location = 0; +@@ -272,12 +273,12 @@ static bool_t svcudp_reply( + if (xdr_replymsg(xdrs, msg) && + (!has_args || + (SVCAUTH_WRAP(xprt->xp_auth, xdrs, xdr_results, xdr_location)))) { +- slen = (int)XDR_GETPOS(xdrs); +- if (sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0, +- (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen) +- == slen) { ++ slen = XDR_GETPOS(xdrs); ++ r = sendto(xprt->xp_sock, rpc_buffer(xprt), slen, 0, ++ (struct sockaddr *)&(xprt->xp_raddr), xprt->xp_addrlen); ++ if (r >= 0 && (u_int)r == slen) { + stat = TRUE; +- if (su->su_cache && slen >= 0) { ++ if (su->su_cache) { + cache_set(xprt, (uint32_t) slen); + } + } +diff --git a/src/util/support/threads.c b/src/util/support/threads.c +index be7e4c2e3f..4ded805b79 100644 +--- a/src/util/support/threads.c ++++ b/src/util/support/threads.c +@@ -118,7 +118,6 @@ struct tsd_block { + # pragma weak pthread_mutex_destroy + # pragma weak pthread_mutex_init + # pragma weak pthread_self +-# pragma weak pthread_equal + # pragma weak pthread_getspecific + # pragma weak pthread_setspecific + # pragma weak pthread_key_create +@@ -151,7 +150,6 @@ int krb5int_pthread_loaded (void) + || &pthread_mutex_destroy == 0 + || &pthread_mutex_init == 0 + || &pthread_self == 0 +- || &pthread_equal == 0 + /* Any program that's really multithreaded will have to be + able to create threads. */ + || &pthread_create == 0 +-- +2.46.0 + diff --git a/SOURCES/0026-Generate-and-verify-message-MACs-in-libkrad.patch b/SOURCES/0026-Generate-and-verify-message-MACs-in-libkrad.patch new file mode 100644 index 0000000..23e93d4 --- /dev/null +++ b/SOURCES/0026-Generate-and-verify-message-MACs-in-libkrad.patch @@ -0,0 +1,629 @@ +From 023dcf87d34e29649dd76d33ce7d896c2b6f61d2 Mon Sep 17 00:00:00 2001 +From: Julien Rische +Date: Thu, 22 Aug 2024 17:15:50 +0200 +Subject: [PATCH] Generate and verify message MACs in libkrad + +Implement some of the measures specified in +draft-ietf-radext-deprecating-radius-03 for mitigating the BlastRADIUS +attack (CVE-2024-3596): + +* Include a Message-Authenticator MAC as the first attribute when + generating a packet of type Access-Request, Access-Reject, + Access-Accept, or Access-Challenge (sections 5.2.1 and 5.2.4), if + the secret is non-empty. (An empty secret indicates the use of Unix + domain socket transport.) + +* Validate the Message-Authenticator MAC in received packets, if + present. + +FreeRADIUS enforces Message-Authenticator as of versions 3.2.5 and +3.0.27. libkrad must generate Message-Authenticator attributes in +order to remain compatible with these implementations. + +[ghudson@mit.edu: adjusted style and naming; simplified some +functions; edited commit message] + +ticket: 9142 (new) +tags: pullup +target_version: 1.21-next + +(cherry picked from commit 871125fea8ce0370a972bf65f7d1de63f619b06c) +--- + src/include/k5-int.h | 5 + + src/lib/crypto/krb/checksum_hmac_md5.c | 28 ++++ + src/lib/crypto/libk5crypto.exports | 1 + + src/lib/krad/attr.c | 17 ++ + src/lib/krad/attrset.c | 59 +++++-- + src/lib/krad/internal.h | 7 +- + src/lib/krad/packet.c | 206 +++++++++++++++++++++++-- + src/lib/krad/t_attrset.c | 2 +- + src/lib/krad/t_daemon.py | 3 +- + src/lib/krad/t_packet.c | 11 ++ + src/tests/t_otp.py | 3 + + 11 files changed, 311 insertions(+), 31 deletions(-) + +diff --git a/src/include/k5-int.h b/src/include/k5-int.h +index 69d6a6f569..b7789a2dd8 100644 +--- a/src/include/k5-int.h ++++ b/src/include/k5-int.h +@@ -2403,4 +2403,9 @@ krb5_boolean + k5_sname_compare(krb5_context context, krb5_const_principal sname, + krb5_const_principal princ); + ++/* Generate an HMAC-MD5 keyed checksum as specified by RFC 2104. */ ++krb5_error_code ++k5_hmac_md5(const krb5_data *key, const krb5_crypto_iov *data, size_t num_data, ++ krb5_data *output); ++ + #endif /* _KRB5_INT_H */ +diff --git a/src/lib/crypto/krb/checksum_hmac_md5.c b/src/lib/crypto/krb/checksum_hmac_md5.c +index ec024f3966..a809388549 100644 +--- a/src/lib/crypto/krb/checksum_hmac_md5.c ++++ b/src/lib/crypto/krb/checksum_hmac_md5.c +@@ -92,3 +92,31 @@ cleanup: + free(hash_iov); + return ret; + } ++ ++krb5_error_code ++k5_hmac_md5(const krb5_data *key, const krb5_crypto_iov *data, size_t num_data, ++ krb5_data *output) ++{ ++ krb5_error_code ret; ++ const struct krb5_hash_provider *hash = &krb5int_hash_md5; ++ krb5_keyblock keyblock = { 0 }; ++ krb5_data hashed_key; ++ uint8_t hkeybuf[16]; ++ krb5_crypto_iov iov; ++ ++ /* Hash the key if it is longer than the block size. */ ++ if (key->length > hash->blocksize) { ++ hashed_key = make_data(hkeybuf, sizeof(hkeybuf)); ++ iov.flags = KRB5_CRYPTO_TYPE_DATA; ++ iov.data = *key; ++ ret = hash->hash(&iov, 1, &hashed_key); ++ if (ret) ++ return ret; ++ key = &hashed_key; ++ } ++ ++ keyblock.magic = KV5M_KEYBLOCK; ++ keyblock.length = key->length; ++ keyblock.contents = (uint8_t *)key->data; ++ return krb5int_hmac_keyblock(hash, &keyblock, data, num_data, output); ++} +diff --git a/src/lib/crypto/libk5crypto.exports b/src/lib/crypto/libk5crypto.exports +index d8ffa63304..00e0ce1812 100644 +--- a/src/lib/crypto/libk5crypto.exports ++++ b/src/lib/crypto/libk5crypto.exports +@@ -102,3 +102,4 @@ krb5_c_prfplus + krb5_c_derive_prfplus + k5_enctype_to_ssf + krb5int_c_deprecated_enctype ++k5_hmac_md5 +diff --git a/src/lib/krad/attr.c b/src/lib/krad/attr.c +index 42d354a3b5..65ed1d35e7 100644 +--- a/src/lib/krad/attr.c ++++ b/src/lib/krad/attr.c +@@ -125,6 +125,23 @@ static const attribute_record attributes[UCHAR_MAX] = { + {"NAS-Port-Type", 4, 4, NULL, NULL}, + {"Port-Limit", 4, 4, NULL, NULL}, + {"Login-LAT-Port", 1, MAX_ATTRSIZE, NULL, NULL}, ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for tunnelling */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for Apple Remote Access Protocol */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for Apple Remote Access Protocol */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for Apple Remote Access Protocol */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for Apple Remote Access Protocol */ ++ {NULL, 0, 0, NULL, NULL}, /* Reserved for Apple Remote Access Protocol */ ++ {NULL, 0, 0, NULL, NULL}, /* Password-Retry */ ++ {NULL, 0, 0, NULL, NULL}, /* Prompt */ ++ {NULL, 0, 0, NULL, NULL}, /* Connect-Info */ ++ {NULL, 0, 0, NULL, NULL}, /* Configuration-Token */ ++ {NULL, 0, 0, NULL, NULL}, /* EAP-Message */ ++ {"Message-Authenticator", MD5_DIGEST_SIZE, MD5_DIGEST_SIZE, NULL, NULL}, + }; + + /* Encode User-Password attribute. */ +diff --git a/src/lib/krad/attrset.c b/src/lib/krad/attrset.c +index 6ec031e320..e5457ebfd7 100644 +--- a/src/lib/krad/attrset.c ++++ b/src/lib/krad/attrset.c +@@ -164,15 +164,44 @@ krad_attrset_copy(const krad_attrset *set, krad_attrset **copy) + return 0; + } + ++/* Place an encoded attributes into outbuf at position *i. Increment *i by the ++ * length of the encoding. */ ++static krb5_error_code ++append_attr(krb5_context ctx, const char *secret, ++ const uint8_t *auth, krad_attr type, const krb5_data *data, ++ uint8_t outbuf[MAX_ATTRSETSIZE], size_t *i, krb5_boolean *is_fips) ++{ ++ uint8_t buffer[MAX_ATTRSIZE]; ++ size_t attrlen; ++ krb5_error_code retval; ++ ++ retval = kr_attr_encode(ctx, secret, auth, type, data, buffer, &attrlen, ++ is_fips); ++ if (retval) ++ return retval; ++ ++ if (attrlen > MAX_ATTRSETSIZE - *i - 2) ++ return EMSGSIZE; ++ ++ outbuf[(*i)++] = type; ++ outbuf[(*i)++] = attrlen + 2; ++ memcpy(outbuf + *i, buffer, attrlen); ++ *i += attrlen; ++ ++ return 0; ++} ++ + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, +- const unsigned char *auth, ++ const uint8_t *auth, krb5_boolean add_msgauth, + unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, + krb5_boolean *is_fips) + { +- unsigned char buffer[MAX_ATTRSIZE]; + krb5_error_code retval; +- size_t i = 0, attrlen; ++ krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator"); ++ const uint8_t zeroes[MD5_DIGEST_SIZE] = { 0 }; ++ krb5_data zerodata; ++ size_t i = 0; + attr *a; + + if (set == NULL) { +@@ -180,19 +209,21 @@ kr_attrset_encode(const krad_attrset *set, const char *secret, + return 0; + } + +- K5_TAILQ_FOREACH(a, &set->list, list) { +- retval = kr_attr_encode(set->ctx, secret, auth, a->type, &a->attr, +- buffer, &attrlen, is_fips); +- if (retval != 0) ++ if (add_msgauth) { ++ /* Encode Message-Authenticator as the first attribute, per ++ * draft-ietf-radext-deprecating-radius-03 section 5.2. */ ++ zerodata = make_data((uint8_t *)zeroes, MD5_DIGEST_SIZE); ++ retval = append_attr(set->ctx, secret, auth, msgauth_type, &zerodata, ++ outbuf, &i, is_fips); ++ if (retval) + return retval; ++ } + +- if (i + attrlen + 2 > MAX_ATTRSETSIZE) +- return EMSGSIZE; +- +- outbuf[i++] = a->type; +- outbuf[i++] = attrlen + 2; +- memcpy(&outbuf[i], buffer, attrlen); +- i += attrlen; ++ K5_TAILQ_FOREACH(a, &set->list, list) { ++ retval = append_attr(set->ctx, secret, auth, a->type, &a->attr, ++ outbuf, &i, is_fips); ++ if (retval) ++ return retval; + } + + *outlen = i; +diff --git a/src/lib/krad/internal.h b/src/lib/krad/internal.h +index a17b6f39b1..ca66f3ec68 100644 +--- a/src/lib/krad/internal.h ++++ b/src/lib/krad/internal.h +@@ -49,6 +49,8 @@ + #define UCHAR_MAX 255 + #endif + ++#define MD5_DIGEST_SIZE 16 ++ + /* RFC 2865 */ + #define MAX_ATTRSIZE (UCHAR_MAX - 2) + #define MAX_ATTRSETSIZE (KRAD_PACKET_SIZE_MAX - 20) +@@ -79,10 +81,11 @@ kr_attr_decode(krb5_context ctx, const char *secret, const unsigned char *auth, + krad_attr type, const krb5_data *in, + unsigned char outbuf[MAX_ATTRSIZE], size_t *outlen); + +-/* Encode the attributes into the buffer. */ ++/* Encode set into outbuf. If add_msgauth is true, include a zeroed ++ * Message-Authenticator as the first attribute. */ + krb5_error_code + kr_attrset_encode(const krad_attrset *set, const char *secret, +- const unsigned char *auth, ++ const uint8_t *auth, krb5_boolean add_msgauth, + unsigned char outbuf[MAX_ATTRSETSIZE], size_t *outlen, + krb5_boolean *is_fips); + +diff --git a/src/lib/krad/packet.c b/src/lib/krad/packet.c +index c5446b890c..3c1a4d507e 100644 +--- a/src/lib/krad/packet.c ++++ b/src/lib/krad/packet.c +@@ -36,6 +36,7 @@ + typedef unsigned char uchar; + + /* RFC 2865 */ ++#define MSGAUTH_SIZE (2 + MD5_DIGEST_SIZE) + #define OFFSET_CODE 0 + #define OFFSET_ID 1 + #define OFFSET_LENGTH 2 +@@ -222,6 +223,106 @@ packet_set_attrset(krb5_context ctx, const char *secret, krad_packet *pkt) + return kr_attrset_decode(ctx, &tmp, secret, pkt_auth(pkt), &pkt->attrset); + } + ++/* Determine if a packet requires a Message-Authenticator attribute. */ ++static inline krb5_boolean ++requires_msgauth(const char *secret, krad_code code) ++{ ++ /* If no secret is provided, assume that the transport is a UNIX socket. ++ * Message-Authenticator is required only on UDP and TCP connections. */ ++ if (*secret == '\0') ++ return FALSE; ++ ++ /* ++ * Per draft-ietf-radext-deprecating-radius-03 sections 5.2.1 and 5.2.4, ++ * Message-Authenticator is required in Access-Request packets and all ++ * potential responses when UDP or TCP transport is used. ++ */ ++ return code == krad_code_name2num("Access-Request") || ++ code == krad_code_name2num("Access-Reject") || ++ code == krad_code_name2num("Access-Accept") || ++ code == krad_code_name2num("Access-Challenge"); ++} ++ ++/* Check if the packet has a Message-Authenticator attribute. */ ++static inline krb5_boolean ++has_pkt_msgauth(const krad_packet *pkt) ++{ ++ krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator"); ++ ++ return krad_attrset_get(pkt->attrset, msgauth_type, 0) != NULL; ++} ++ ++/* Return the beginning of the Message-Authenticator attribute in pkt, or NULL ++ * if no such attribute is present. */ ++static const uint8_t * ++lookup_msgauth_addr(const krad_packet *pkt) ++{ ++ krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator"); ++ size_t i; ++ uint8_t *p; ++ ++ i = OFFSET_ATTR; ++ while (i + 2 < pkt->pkt.length) { ++ p = (uint8_t *)offset(&pkt->pkt, i); ++ if (msgauth_type == *p) ++ return p; ++ i += p[1]; ++ } ++ ++ return NULL; ++} ++ ++/* ++ * Calculate the message authenticator MAC for pkt as specified in RFC 2869 ++ * section 5.14, placing the result in mac_out. Use the provided authenticator ++ * auth, which may be from pkt or from a corresponding request. ++ */ ++static krb5_error_code ++calculate_mac(const char *secret, const krad_packet *pkt, ++ const uint8_t auth[AUTH_FIELD_SIZE], ++ uint8_t mac_out[MD5_DIGEST_SIZE]) ++{ ++ uint8_t zeroed_msgauth[MSGAUTH_SIZE]; ++ krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator"); ++ const uint8_t *msgauth_attr, *msgauth_end, *pkt_end; ++ krb5_crypto_iov input[5]; ++ krb5_data ksecr, mac; ++ ++ msgauth_attr = lookup_msgauth_addr(pkt); ++ if (msgauth_attr == NULL) ++ return EINVAL; ++ msgauth_end = msgauth_attr + MSGAUTH_SIZE; ++ pkt_end = (const uint8_t *)pkt->pkt.data + pkt->pkt.length; ++ ++ /* Read code, id, and length from the packet. */ ++ input[0].flags = KRB5_CRYPTO_TYPE_DATA; ++ input[0].data = make_data(pkt->pkt.data, OFFSET_AUTH); ++ ++ /* Read the provided authenticator. */ ++ input[1].flags = KRB5_CRYPTO_TYPE_DATA; ++ input[1].data = make_data((uint8_t *)auth, AUTH_FIELD_SIZE); ++ ++ /* Read any attributes before Message-Authenticator. */ ++ input[2].flags = KRB5_CRYPTO_TYPE_DATA; ++ input[2].data = make_data(pkt_attr(pkt), msgauth_attr - pkt_attr(pkt)); ++ ++ /* Read Message-Authenticator with the data bytes all set to zero, per RFC ++ * 2869 section 5.14. */ ++ zeroed_msgauth[0] = msgauth_type; ++ zeroed_msgauth[1] = MSGAUTH_SIZE; ++ memset(zeroed_msgauth + 2, 0, MD5_DIGEST_SIZE); ++ input[3].flags = KRB5_CRYPTO_TYPE_DATA; ++ input[3].data = make_data(zeroed_msgauth, MSGAUTH_SIZE); ++ ++ /* Read any attributes after Message-Authenticator. */ ++ input[4].flags = KRB5_CRYPTO_TYPE_DATA; ++ input[4].data = make_data((uint8_t *)msgauth_end, pkt_end - msgauth_end); ++ ++ mac = make_data(mac_out, MD5_DIGEST_SIZE); ++ ksecr = string2data((char *)secret); ++ return k5_hmac_md5(&ksecr, input, 5, &mac); ++} ++ + ssize_t + krad_packet_bytes_needed(const krb5_data *buffer) + { +@@ -255,6 +356,7 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, + krad_packet *pkt; + uchar id; + size_t attrset_len; ++ krb5_boolean msgauth_required; + + pkt = packet_new(); + if (pkt == NULL) { +@@ -274,9 +376,13 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, + if (retval != 0) + goto error; + ++ /* Determine if Message-Authenticator is required. */ ++ msgauth_required = (*secret != '\0' && ++ code == krad_code_name2num("Access-Request")); ++ + /* Encode the attributes. */ +- retval = kr_attrset_encode(set, secret, pkt_auth(pkt), pkt_attr(pkt), +- &attrset_len, &pkt->is_fips); ++ retval = kr_attrset_encode(set, secret, pkt_auth(pkt), msgauth_required, ++ pkt_attr(pkt), &attrset_len, &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -285,6 +391,13 @@ krad_packet_new_request(krb5_context ctx, const char *secret, krad_code code, + pkt_code_set(pkt, code); + pkt_len_set(pkt, pkt->pkt.length); + ++ if (msgauth_required) { ++ /* Calculate and set the Message-Authenticator MAC. */ ++ retval = calculate_mac(secret, pkt, pkt_auth(pkt), pkt_attr(pkt) + 2); ++ if (retval != 0) ++ goto error; ++ } ++ + /* Copy the attrset for future use. */ + retval = packet_set_attrset(ctx, secret, pkt); + if (retval != 0) +@@ -307,14 +420,19 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, + krb5_error_code retval; + krad_packet *pkt; + size_t attrset_len; ++ krb5_boolean msgauth_required; + + pkt = packet_new(); + if (pkt == NULL) + return ENOMEM; + ++ /* Determine if Message-Authenticator is required. */ ++ msgauth_required = requires_msgauth(secret, code); ++ + /* Encode the attributes. */ +- retval = kr_attrset_encode(set, secret, pkt_auth(request), pkt_attr(pkt), +- &attrset_len, &pkt->is_fips); ++ retval = kr_attrset_encode(set, secret, pkt_auth(request), ++ msgauth_required, pkt_attr(pkt), &attrset_len, ++ &pkt->is_fips); + if (retval != 0) + goto error; + +@@ -330,6 +448,18 @@ krad_packet_new_response(krb5_context ctx, const char *secret, krad_code code, + if (retval != 0) + goto error; + ++ if (msgauth_required) { ++ /* ++ * Calculate and replace the Message-Authenticator MAC. Per RFC 2869 ++ * section 5.14, use the authenticator from the request, not from the ++ * response. ++ */ ++ retval = calculate_mac(secret, pkt, pkt_auth(request), ++ pkt_attr(pkt) + 2); ++ if (retval != 0) ++ goto error; ++ } ++ + /* Copy the attrset for future use. */ + retval = packet_set_attrset(ctx, secret, pkt); + if (retval != 0) +@@ -343,6 +473,34 @@ error: + return retval; + } + ++/* Verify the Message-Authenticator value in pkt, using the provided ++ * authenticator (which may be from pkt or from a corresponding request). */ ++static krb5_error_code ++verify_msgauth(const char *secret, const krad_packet *pkt, ++ const uint8_t auth[AUTH_FIELD_SIZE]) ++{ ++ uint8_t mac[MD5_DIGEST_SIZE]; ++ krad_attr msgauth_type = krad_attr_name2num("Message-Authenticator"); ++ const krb5_data *msgauth; ++ krb5_error_code retval; ++ ++ msgauth = krad_packet_get_attr(pkt, msgauth_type, 0); ++ if (msgauth == NULL) ++ return ENODATA; ++ ++ retval = calculate_mac(secret, pkt, auth, mac); ++ if (retval) ++ return retval; ++ ++ if (msgauth->length != MD5_DIGEST_SIZE) ++ return EMSGSIZE; ++ ++ if (k5_bcmp(mac, msgauth->data, MD5_DIGEST_SIZE) != 0) ++ return EBADMSG; ++ ++ return 0; ++} ++ + /* Decode a packet. */ + static krb5_error_code + decode_packet(krb5_context ctx, const char *secret, const krb5_data *buffer, +@@ -394,21 +552,35 @@ krad_packet_decode_request(krb5_context ctx, const char *secret, + krad_packet **reqpkt) + { + const krad_packet *tmp = NULL; ++ krad_packet *req; + krb5_error_code retval; + +- retval = decode_packet(ctx, secret, buffer, reqpkt); +- if (cb != NULL && retval == 0) { ++ retval = decode_packet(ctx, secret, buffer, &req); ++ if (retval) ++ return retval; ++ ++ /* Verify Message-Authenticator if present. */ ++ if (has_pkt_msgauth(req)) { ++ retval = verify_msgauth(secret, req, pkt_auth(req)); ++ if (retval) { ++ krad_packet_free(req); ++ return retval; ++ } ++ } ++ ++ if (cb != NULL) { + for (tmp = (*cb)(data, FALSE); tmp != NULL; tmp = (*cb)(data, FALSE)) { + if (pkt_id_get(*reqpkt) == pkt_id_get(tmp)) + break; + } +- } + +- if (cb != NULL && (retval != 0 || tmp != NULL)) +- (*cb)(data, TRUE); ++ if (tmp != NULL) ++ (*cb)(data, TRUE); ++ } + ++ *reqpkt = req; + *duppkt = tmp; +- return retval; ++ return 0; + } + + krb5_error_code +@@ -435,9 +607,17 @@ krad_packet_decode_response(krb5_context ctx, const char *secret, + break; + } + +- /* If the authenticator matches, then the response is valid. */ +- if (memcmp(pkt_auth(*rsppkt), auth, sizeof(auth)) == 0) +- break; ++ /* Verify the response authenticator. */ ++ if (k5_bcmp(pkt_auth(*rsppkt), auth, sizeof(auth)) != 0) ++ continue; ++ ++ /* Verify Message-Authenticator if present. */ ++ if (has_pkt_msgauth(*rsppkt)) { ++ if (verify_msgauth(secret, *rsppkt, pkt_auth(tmp)) != 0) ++ continue; ++ } ++ ++ break; + } + } + +diff --git a/src/lib/krad/t_attrset.c b/src/lib/krad/t_attrset.c +index 4cdb8b7d8e..f9c66509bd 100644 +--- a/src/lib/krad/t_attrset.c ++++ b/src/lib/krad/t_attrset.c +@@ -63,7 +63,7 @@ main(void) + noerror(krad_attrset_add(set, krad_attr_name2num("User-Password"), &tmp)); + + /* Encode attrset. */ +- noerror(kr_attrset_encode(set, "foo", auth, buffer, &encode_len, ++ noerror(kr_attrset_encode(set, "foo", auth, FALSE, buffer, &encode_len, + &is_fips)); + krad_attrset_free(set); + +diff --git a/src/lib/krad/t_daemon.py b/src/lib/krad/t_daemon.py +index 4a3de079c7..647d4894eb 100755 +--- a/src/lib/krad/t_daemon.py ++++ b/src/lib/krad/t_daemon.py +@@ -40,6 +40,7 @@ DICTIONARY = """ + ATTRIBUTE\tUser-Name\t1\tstring + ATTRIBUTE\tUser-Password\t2\toctets + ATTRIBUTE\tNAS-Identifier\t32\tstring ++ATTRIBUTE\tMessage-Authenticator\t80\toctets + """ + + class TestServer(server.Server): +@@ -52,7 +53,7 @@ class TestServer(server.Server): + if key == "User-Password": + passwd = [pkt.PwDecrypt(x) for x in pkt[key]] + +- reply = self.CreateReplyPacket(pkt) ++ reply = self.CreateReplyPacket(pkt, message_authenticator=True) + if passwd == ['accept']: + reply.code = packet.AccessAccept + else: +diff --git a/src/lib/krad/t_packet.c b/src/lib/krad/t_packet.c +index c22489144f..104b6507a2 100644 +--- a/src/lib/krad/t_packet.c ++++ b/src/lib/krad/t_packet.c +@@ -172,6 +172,9 @@ main(int argc, const char **argv) + krb5_data username, password; + krb5_boolean auth = FALSE; + krb5_context ctx; ++ const krad_packet *dupreq; ++ const krb5_data *encpkt; ++ krad_packet *decreq; + + username = string2data("testUser"); + +@@ -184,9 +187,17 @@ main(int argc, const char **argv) + + password = string2data("accept"); + noerror(make_packet(ctx, &username, &password, &packets[ACCEPT_PACKET])); ++ encpkt = krad_packet_encode(packets[ACCEPT_PACKET]); ++ noerror(krad_packet_decode_request(ctx, "foo", encpkt, NULL, NULL, ++ &dupreq, &decreq)); ++ krad_packet_free(decreq); + + password = string2data("reject"); + noerror(make_packet(ctx, &username, &password, &packets[REJECT_PACKET])); ++ encpkt = krad_packet_encode(packets[REJECT_PACKET]); ++ noerror(krad_packet_decode_request(ctx, "foo", encpkt, NULL, NULL, ++ &dupreq, &decreq)); ++ krad_packet_free(decreq); + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_INET; +diff --git a/src/tests/t_otp.py b/src/tests/t_otp.py +index c3b820a411..dd5cdc5c26 100755 +--- a/src/tests/t_otp.py ++++ b/src/tests/t_otp.py +@@ -49,6 +49,7 @@ ATTRIBUTE User-Name 1 string + ATTRIBUTE User-Password 2 octets + ATTRIBUTE Service-Type 6 integer + ATTRIBUTE NAS-Identifier 32 string ++ATTRIBUTE Message-Authenticator 80 octets + ''' + + class RadiusDaemon(Process): +@@ -97,6 +98,8 @@ class RadiusDaemon(Process): + reply.code = packet.AccessReject + replyq['reply'] = False + ++ reply.add_message_authenticator() ++ + outq.put(replyq) + if addr is None: + sock.send(reply.ReplyPacket()) +-- +2.46.0 + diff --git a/SPECS/krb5.spec b/SPECS/krb5.spec index 9348531..d3764f2 100644 --- a/SPECS/krb5.spec +++ b/SPECS/krb5.spec @@ -34,7 +34,7 @@ # # baserelease is what we have standardized across Fedora and what # rpmdev-bumpspec knows how to handle. -%global baserelease 2 +%global baserelease 4 # This should be e.g. beta1 or %%nil %global pre_release %nil @@ -98,7 +98,17 @@ Patch0012: 0012-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch Patch0015: 0015-Fix-double-free-in-KDC-TGS-processing.patch -Patch0016: 0016-Fix-vulnerabilities-in-GSS-message-token-handling.patch +Patch0016: 0016-Eliminate-old-style-function-declarations.patch +Patch0017: 0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE.patch +Patch0018: 0018-Add-request_timeout-configuration-parameter.patch +Patch0019: 0019-Wait-indefinitely-on-KDC-TCP-connections.patch +Patch0020: 0020-Avoid-strict-prototype-compiler-errors.patch +Patch0021: 0021-Fix-leak-in-KDC-NDR-encoding.patch +Patch0022: 0022-Fix-two-unlikely-memory-leaks.patch +Patch0023: 0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch +Patch0024: 0024-Remove-PKINIT-RSA-support.patch +Patch0025: 0025-Fix-various-issues-detected-by-static-analysis.patch +Patch0026: 0026-Generate-and-verify-message-MACs-in-libkrad.patch License: MIT URL: https://web.mit.edu/kerberos/www/ @@ -663,10 +673,28 @@ exit 0 %{_libdir}/libkadm5srv_mit.so.* %changelog -* Mon Jul 01 2024 Julien Rische - 1.21.1-2 +* Thu Oct 17 2024 Julien Rische - 1.21.1-4 +- libkrad: implement support for Message-Authenticator (CVE-2024-3596) + Resolves: RHEL-55423 +- Fix various issues detected by static analysis + Resolves: RHEL-58216 +- Remove RSA protocol for PKINIT + Resolves: RHEL-15323 + +* Fri Jul 05 2024 Julien Rische - 1.21.1-3 - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message token handling - Resolves: RHEL-45401 RHEL-45390 + Resolves: RHEL-45402 RHEL-45392 + +* Wed Mar 20 2024 Julien Rische - 1.21.1-2 +- Fix memory leak in GSSAPI interface + Resolves: RHEL-27251 +- Fix memory leak in PMAP RPC interface + Resolves: RHEL-27245 +- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC + Resolves: RHEL-27253 +- Make TCP waiting time configurable + Resolves: RHEL-17132 * Tue Aug 08 2023 Julien Rische - 1.21.1-1 - New upstream version (1.21.1)