krb5 commit: Fix various warnings

Greg Hudson ghudson at MIT.EDU
Fri Jun 7 16:38:35 EDT 2013


https://github.com/krb5/krb5/commit/e51c089b745161dd6e1d64998e99d065fc22377e
commit e51c089b745161dd6e1d64998e99d065fc22377e
Author: Greg Hudson <ghudson at mit.edu>
Date:   Fri Jun 7 15:17:31 2013 -0400

    Fix various warnings

 src/appl/gss-sample/gss-misc.c                     |   20 ++++----
 src/appl/gss-sample/gss-server.c                   |    8 ++--
 src/include/k5-int.h                               |    9 ++--
 src/kadmin/dbutil/kdb5_create.c                    |    3 +-
 src/kadmin/dbutil/kdb5_mkey.c                      |    4 +-
 src/kadmin/dbutil/ovload.c                         |    2 +-
 src/kadmin/server/ipropd_svc.c                     |    3 +-
 src/kadmin/server/misc.c                           |    7 +--
 src/kadmin/server/ovsec_kadmd.c                    |    9 ++--
 src/kdc/main.c                                     |    2 -
 src/lib/apputils/net-server.c                      |   46 -----------------
 src/lib/crypto/builtin/camellia/camellia-gen.c     |   31 +++++++-----
 src/lib/crypto/crypto_tests/aes-test.c             |    2 +-
 src/lib/crypto/crypto_tests/t_cts.c                |    4 +-
 src/lib/crypto/crypto_tests/t_hmac.c               |    5 +-
 src/lib/crypto/krb/aead.c                          |    2 +-
 src/lib/gssapi/krb5/accept_sec_context.c           |    2 -
 src/lib/gssapi/krb5/gssapi_krb5.c                  |    3 -
 src/lib/gssapi/spnego/spnego_mech.c                |   10 +---
 src/lib/kadm5/clnt/client_init.c                   |   17 ++-----
 src/lib/kadm5/kadm_rpc_xdr.c                       |    3 +-
 src/lib/kadm5/srv/server_acl.c                     |    2 +-
 src/lib/kadm5/srv/server_kdb.c                     |    4 +-
 src/lib/kadm5/srv/svr_principal.c                  |   13 +++--
 src/lib/kdb/iprop_xdr.c                            |   16 +-----
 src/lib/krb5/ccache/cc_keyring.c                   |   53 +++++---------------
 src/lib/krb5/ccache/t_cc.c                         |    4 +-
 src/lib/krb5/krb/t_deltat.c                        |    6 +-
 src/lib/krb5/krb/t_ser.c                           |    4 +-
 src/lib/krb5/os/localaddr.c                        |    8 +--
 src/lib/krb5/rcache/rc_io.c                        |    3 +-
 src/lib/rpc/auth_gss.c                             |    7 +--
 src/lib/rpc/pmap_rmt.c                             |   13 +----
 src/lib/rpc/svc_auth_gss.c                         |    4 +-
 src/lib/rpc/svc_udp.c                              |    6 ++-
 src/lib/rpc/unit-test/client.c                     |    4 +-
 src/lib/rpc/xdr_mem.c                              |    4 +-
 src/lib/rpc/xdr_rec.c                              |    4 +-
 src/lib/rpc/xdr_sizeof.c                           |    8 ++--
 src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c    |    3 -
 src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c       |    8 ++--
 src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c |    8 ++-
 src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c |   34 ++++++++-----
 src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c      |   20 +------
 .../kdb/ldap/libkdb_ldap/ldap_service_stash.c      |    4 +-
 src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c       |    2 +-
 src/plugins/preauth/pkinit/pkinit_accessor.c       |    4 +-
 src/plugins/preauth/pkinit/pkinit_accessor.h       |    4 +-
 src/plugins/preauth/pkinit/pkinit_crypto_nss.c     |    6 +-
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |    6 +-
 src/slave/kprop.c                                  |    4 +-
 src/tests/dejagnu/t_inetd.c                        |    2 +-
 src/tests/gssapi/common.c                          |    6 +-
 src/util/profile/test_profile.c                    |   16 +++---
 54 files changed, 177 insertions(+), 305 deletions(-)

diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c
index 98d2045..3a87fcd 100644
--- a/src/appl/gss-sample/gss-misc.c
+++ b/src/appl/gss-sample/gss-misc.c
@@ -86,10 +86,10 @@ gss_buffer_t empty_token = &empty_token_buf;
 static void display_status_1(char *m, OM_uint32 code, int type);
 
 static int
-write_all(int fildes, char *buf, unsigned int nbyte)
+write_all(int fildes, const void *data, unsigned int nbyte)
 {
-    int     ret;
-    char   *ptr;
+    int ret;
+    const char *ptr, *buf = data;
 
     for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) {
         ret = send(fildes, ptr, nbyte, 0);
@@ -106,10 +106,10 @@ write_all(int fildes, char *buf, unsigned int nbyte)
 }
 
 static int
-read_all(int fildes, char *buf, unsigned int nbyte)
+read_all(int fildes, void *data, unsigned int nbyte)
 {
     int     ret;
-    char   *ptr;
+    char   *ptr, *buf = data;
     fd_set  rfds;
     struct timeval tv;
 
@@ -195,7 +195,7 @@ send_token(s, flags, tok)
     if (ret < 0) {
         perror("sending token data");
         return -1;
-    } else if (ret != tok->length) {
+    } else if ((size_t)ret != tok->length) {
         if (display_file)
             fprintf(display_file,
                     "sending token data: %d of %d bytes written\n",
@@ -292,7 +292,7 @@ recv_token(s, flags, tok)
         perror("reading token data");
         free(tok->value);
         return -1;
-    } else if (ret != tok->length) {
+    } else if ((size_t)ret != tok->length) {
         fprintf(stderr, "sending token data: %d of %d bytes written\n",
                 ret, (int) tok->length);
         free(tok->value);
@@ -308,14 +308,14 @@ display_status_1(m, code, type)
     OM_uint32 code;
     int     type;
 {
-    OM_uint32 maj_stat, min_stat;
+    OM_uint32 min_stat;
     gss_buffer_desc msg;
     OM_uint32 msg_ctx;
 
     msg_ctx = 0;
     while (1) {
-        maj_stat = gss_display_status(&min_stat, code,
-                                      type, GSS_C_NULL_OID, &msg_ctx, &msg);
+        (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                  &msg_ctx, &msg);
         if (display_file)
             fprintf(display_file, "GSS-API error %s: %s\n", m,
                     (char *) msg.value);
diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c
index ed78be5..3c116de 100644
--- a/src/appl/gss-sample/gss-server.c
+++ b/src/appl/gss-sample/gss-server.c
@@ -889,13 +889,13 @@ static OM_uint32
 showLocalIdentity(OM_uint32 *minor, gss_name_t name)
 {
     OM_uint32 major;
-    gss_buffer_desc localname;
+    gss_buffer_desc buf;
 
-    major = gss_localname(minor, name, GSS_C_NO_OID, &localname);
+    major = gss_localname(minor, name, GSS_C_NO_OID, &buf);
     if (major == GSS_S_COMPLETE)
-        printf("localname: %-*s\n", (int)localname.length, localname.value);
+        printf("localname: %-*s\n", (int)buf.length, (char *)buf.value);
     else if (major != GSS_S_UNAVAILABLE)
         display_status("gss_localname", major, *minor);
-    gss_release_buffer(minor, &localname);
+    gss_release_buffer(minor, &buf);
     return major;
 }
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index 37bd9ff..73f404b 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -1772,7 +1772,7 @@ typedef struct _krb5int_access {
                                          krb5_data **code);
 
     krb5_error_code
-    (*asn1_ldap_decode_sequence_of_keys)(krb5_data *in,
+    (*asn1_ldap_decode_sequence_of_keys)(const krb5_data *in,
                                          ldap_seqof_key_data **);
 
     /*
@@ -1814,13 +1814,12 @@ typedef struct _krb5int_access {
                                          krb5_data **code);
 
     krb5_error_code
-    (*encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+    (*encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
                                     krb5_data **code);
 
     krb5_error_code
-    (*encode_krb5_td_trusted_certifiers)(const
-                                         krb5_external_principal_identifier **,
-                                         krb5_data **code);
+    (*encode_krb5_td_trusted_certifiers)(krb5_external_principal_identifier *
+                                         const *, krb5_data **code);
 
     krb5_error_code
     (*decode_krb5_auth_pack)(const krb5_data *, krb5_auth_pack **);
diff --git a/src/kadmin/dbutil/kdb5_create.c b/src/kadmin/dbutil/kdb5_create.c
index cbdea16..96275ca 100644
--- a/src/kadmin/dbutil/kdb5_create.c
+++ b/src/kadmin/dbutil/kdb5_create.c
@@ -264,8 +264,7 @@ void kdb5_create(argc, argv)
 
     rblock.key = &master_keyblock;
 
-    seed.length = master_keyblock.length;
-    seed.data = master_keyblock.contents;
+    seed = make_data(master_keyblock.contents, master_keyblock.length);
 
     if ((retval = krb5_c_random_seed(util_context, &seed))) {
         com_err(progname, retval,
diff --git a/src/kadmin/dbutil/kdb5_mkey.c b/src/kadmin/dbutil/kdb5_mkey.c
index 21f8073..4edacb6 100644
--- a/src/kadmin/dbutil/kdb5_mkey.c
+++ b/src/kadmin/dbutil/kdb5_mkey.c
@@ -73,7 +73,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
     krb5_error_code retval = 0;
     int old_key_data_count, i;
     krb5_kvno new_mkey_kvno;
-    krb5_key_data tmp_key_data, *old_key_data;
+    krb5_key_data tmp_key_data;
     krb5_mkey_aux_node  *mkey_aux_data_head = NULL, **mkey_aux_data;
     krb5_keylist_node  *keylist_node;
     krb5_keylist_node *master_keylist = krb5_db_mkey_list_alias(context);
@@ -84,9 +84,7 @@ add_new_mkey(krb5_context context, krb5_db_entry *master_entry,
     if (use_mkvno != 0 && new_mkey_kvno != use_mkvno)
         return (KRB5_KDB_KVNONOMATCH);
 
-    /* save the old keydata */
     old_key_data_count = master_entry->n_key_data;
-    old_key_data = master_entry->key_data;
 
     /* alloc enough space to hold new and existing key_data */
     /*
diff --git a/src/kadmin/dbutil/ovload.c b/src/kadmin/dbutil/ovload.c
index d514f8c..b972cc5 100644
--- a/src/kadmin/dbutil/ovload.c
+++ b/src/kadmin/dbutil/ovload.c
@@ -111,7 +111,7 @@ int process_ov_principal(kcontext, fname, filep, verbose, linenop)
     krb5_db_entry           *kdb = NULL;
     char                    *current = 0;
     char                    *cp;
-    int                     x;
+    unsigned int            x;
     char                    line[LINESIZE];
 
     if (fgets(line, LINESIZE, filep) == (char *) NULL) {
diff --git a/src/kadmin/server/ipropd_svc.c b/src/kadmin/server/ipropd_svc.c
index 008bff0..4a25998 100644
--- a/src/kadmin/server/ipropd_svc.c
+++ b/src/kadmin/server/ipropd_svc.c
@@ -473,7 +473,7 @@ check_iprop_rpcsec_auth(struct svc_req *rqstp)
      gss_name_t name;
      krb5_principal princ;
      int ret, success;
-     krb5_data *c1, *c2, *realm;
+     krb5_data *c1, *realm;
      gss_buffer_desc gss_str;
      kadm5_server_handle_t handle;
      size_t slen;
@@ -514,7 +514,6 @@ check_iprop_rpcsec_auth(struct svc_req *rqstp)
 	  goto fail_princ;
 
      c1 = krb5_princ_component(kctx, princ, 0);
-     c2 = krb5_princ_component(kctx, princ, 1);
      realm = krb5_princ_realm(kctx, princ);
      if (strncmp(handle->params.realm, realm->data, realm->length) == 0
 	 && strncmp("kiprop", c1->data, c1->length) == 0) {
diff --git a/src/kadmin/server/misc.c b/src/kadmin/server/misc.c
index b9212fa..192145c 100644
--- a/src/kadmin/server/misc.c
+++ b/src/kadmin/server/misc.c
@@ -186,16 +186,15 @@ check_min_life(void *server_handle, krb5_principal principal,
            !(princ.attributes & KRB5_KDB_REQUIRES_PWCHANGE)) {
             if (msg_ret != NULL) {
                 time_t until;
-                char *time_string, *ptr, *errstr;
+                char *time_string, *ptr;
+                const char *errstr;
 
                 until = princ.last_pwd_change + pol.pw_min_life;
 
                 time_string = ctime(&until);
                 errstr = error_message(CHPASS_UTIL_PASSWORD_TOO_SOON);
 
-                if (strlen(errstr) + strlen(time_string) >= msg_len) {
-                    *errstr = '\0';
-                } else {
+                if (strlen(errstr) + strlen(time_string) < msg_len) {
                     if (*(ptr = &time_string[strlen(time_string)-1]) == '\n')
                         *ptr = '\0';
                     snprintf(msg_ret, msg_len, errstr, time_string);
diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c
index dad7248..37e6631 100644
--- a/src/kadmin/server/ovsec_kadmd.c
+++ b/src/kadmin/server/ovsec_kadmd.c
@@ -150,15 +150,14 @@ static void display_status_1(m, code, type)
     OM_uint32 code;
     int type;
 {
-    OM_uint32 maj_stat, min_stat;
+    OM_uint32 min_stat;
     gss_buffer_desc msg;
     OM_uint32 msg_ctx;
 
     msg_ctx = 0;
     while (1) {
-        maj_stat = gss_display_status(&min_stat, code,
-                                      type, GSS_C_NULL_OID,
-                                      &msg_ctx, &msg);
+        (void) gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                  &msg_ctx, &msg);
         fprintf(stderr, _("GSS-API error %s: %s\n"), m, (char *)msg.value);
         (void) gss_release_buffer(&min_stat, &msg);
 
@@ -223,7 +222,7 @@ int main(int argc, char *argv[])
     kadm5_config_params params;
     char **db_args      = NULL;
     int    db_args_size = 0;
-    char *errmsg;
+    const char *errmsg;
     int i;
     int strong_random = 1;
     const char *pid_file = NULL;
diff --git a/src/kdc/main.c b/src/kdc/main.c
index 6c115a9..950fa41 100644
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -119,12 +119,10 @@ find_realm_data(struct server_handle *handle, char *rname, krb5_ui_4 rsize)
 kdc_realm_t *
 setup_server_realm(struct server_handle *handle, krb5_principal sprinc)
 {
-    krb5_error_code     kret;
     kdc_realm_t         *newrealm;
     kdc_realm_t **kdc_realmlist = handle->kdc_realmlist;
     int kdc_numrealms = handle->kdc_numrealms;
 
-    kret = 0;
     if (kdc_numrealms > 1) {
         if (!(newrealm = find_realm_data(handle, sprinc->realm.data,
                                          (krb5_ui_4) sprinc->realm.length)))
diff --git a/src/lib/apputils/net-server.c b/src/lib/apputils/net-server.c
index f69320a..7780b8a 100644
--- a/src/lib/apputils/net-server.c
+++ b/src/lib/apputils/net-server.c
@@ -980,52 +980,6 @@ setup_udp_port(void *P_data, struct sockaddr *addr)
     return setup_udp_port_1(data, addr, haddrbuf, 0);
 }
 
-#if 1
-static void
-klog_handler(const void *data, size_t len)
-{
-    static char buf[BUFSIZ];
-    static int bufoffset;
-    void *p;
-
-#define flush_buf()                             \
-    (bufoffset                                  \
-     ? (((buf[0] == 0 || buf[0] == '\n')        \
-         ? (fork()==0?abort():(void)0)          \
-         : (void)0),                            \
-        krb5_klog_syslog(LOG_INFO, "%s", buf),  \
-        memset(buf, 0, sizeof(buf)),            \
-        bufoffset = 0)                          \
-     : 0)
-
-    p = memchr(data, 0, len);
-    if (p)
-        len = (const char *)p - (const char *)data;
-scan_for_newlines:
-    if (len == 0)
-        return;
-    p = memchr(data, '\n', len);
-    if (p) {
-        if (p != data)
-            klog_handler(data, (size_t)((const char *)p - (const char *)data));
-        flush_buf();
-        len -= ((const char *)p - (const char *)data) + 1;
-        data = 1 + (const char *)p;
-        goto scan_for_newlines;
-    } else if (len > sizeof(buf) - 1 || len + bufoffset > sizeof(buf) - 1) {
-        size_t x = sizeof(buf) - len - 1;
-        klog_handler(data, x);
-        flush_buf();
-        len -= x;
-        data = (const char *)data + x;
-        goto scan_for_newlines;
-    } else {
-        memcpy(buf + bufoffset, data, len);
-        bufoffset += len;
-    }
-}
-#endif
-
 #ifdef HAVE_STRUCT_RT_MSGHDR
 #include <net/route.h>
 
diff --git a/src/lib/crypto/builtin/camellia/camellia-gen.c b/src/lib/crypto/builtin/camellia/camellia-gen.c
index 1446d77..23b69c1 100644
--- a/src/lib/crypto/builtin/camellia/camellia-gen.c
+++ b/src/lib/crypto/builtin/camellia/camellia-gen.c
@@ -21,7 +21,8 @@ camellia_ctx ctx, dctx;
 
 static void init ()
 {
-    int i, j, r;
+    size_t i, j;
+    cam_rval r;
 
     srand(42);
     for (i = 0; i < 16; i++)
@@ -40,7 +41,7 @@ static void init ()
 
 static void hexdump(const unsigned char *ptr, size_t len)
 {
-    int i;
+    size_t i;
     for (i = 0; i < len; i++)
 	printf ("%s%02X", (i % 16 == 0) ? "\n    " : " ", ptr[i]);
 }
@@ -89,7 +90,7 @@ static void fips_test ()
 static void
 xor (unsigned char *out, const unsigned char *a, const unsigned char *b)
 {
-    int i;
+    size_t i;
     for (i = 0; i < B; i++)
 	out[i] = a[i] ^ b[i];
 }
@@ -97,7 +98,8 @@ xor (unsigned char *out, const unsigned char *a, const unsigned char *b)
 static void
 ecb_enc (unsigned char *out, unsigned char *in, unsigned int len)
 {
-    int i, r;
+    size_t i;
+    cam_rval r;
     for (i = 0; i < len; i += 16) {
 	r = camellia_enc_blk (in + i, out + i, &ctx);
 	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
@@ -108,7 +110,8 @@ ecb_enc (unsigned char *out, unsigned char *in, unsigned int len)
 static void
 ecb_dec (unsigned char *out, unsigned char *in, unsigned int len)
 {
-    int i, r;
+    size_t i;
+    cam_rval r;
     for (i = 0; i < len; i += 16) {
 	r = camellia_dec_blk (in + i, out + i, &dctx);
 	if (!r) fprintf(stderr, "error, line %d\n", __LINE__), exit(1);
@@ -125,7 +128,8 @@ static void
 cbc_enc (unsigned char *out, unsigned char *in, unsigned char *iv,
 	 unsigned int len)
 {
-    int i, r;
+    size_t i;
+    cam_rval r;
     unsigned char tmp[B];
     D(iv);
     memcpy (tmp, iv, B);
@@ -145,7 +149,8 @@ static void
 cbc_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
 	 unsigned int len)
 {
-    int i, r;
+    size_t i;
+    cam_rval r;
     unsigned char tmp[B];
     memcpy (tmp, iv, B);
     for (i = 0; i < len; i += B) {
@@ -231,7 +236,7 @@ cts_dec (unsigned char *out, unsigned char *in, unsigned char *iv,
 
 static void ecb_test ()
 {
-    int testno;
+    size_t testno;
     unsigned char tmp[4*B];
 
     printf ("ECB tests:\n");
@@ -239,7 +244,7 @@ static void ecb_test ()
     hexdump (key, sizeof(key));
     for (testno = 0; testno < NTESTS; testno++) {
 	unsigned len = (test_case_len[testno] + 15) & ~15;
-	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
 	printf ("input:");
 	hexdump (test_case[testno].input, len);
 	printf ("\n");
@@ -262,7 +267,7 @@ unsigned char ivec[16] = { 0 };
 
 static void cbc_test ()
 {
-    int testno;
+    size_t testno;
     unsigned char tmp[4*B];
 
     printf ("CBC tests:\n");
@@ -270,7 +275,7 @@ static void cbc_test ()
     hexdump (ivec, sizeof(ivec));
     for (testno = 0; testno < NTESTS; testno++) {
 	unsigned len = (test_case_len[testno] + 15) & ~15;
-	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
 	printf ("input:");
 	hexdump (test_case[testno].input, len);
 	printf ("\n");
@@ -291,7 +296,7 @@ static void cbc_test ()
 
 static void cts_test ()
 {
-    int testno;
+    size_t testno;
     unsigned char tmp[4*B];
 
     printf ("CTS tests:\n");
@@ -299,7 +304,7 @@ static void cts_test ()
     hexdump (ivec, sizeof(ivec));
     for (testno = 0; testno < NTESTS; testno++) {
 	unsigned int len = test_case_len[testno];
-	printf ("\ntest %d - %d bytes\n", testno, len);
+	printf ("\ntest %d - %d bytes\n", (int)testno, len);
 	printf ("input:");
 	hexdump (test_case[testno].input, len);
 	printf ("\n");
diff --git a/src/lib/crypto/crypto_tests/aes-test.c b/src/lib/crypto/crypto_tests/aes-test.c
index 1ed033b..a7382a4 100644
--- a/src/lib/crypto/crypto_tests/aes-test.c
+++ b/src/lib/crypto/crypto_tests/aes-test.c
@@ -39,7 +39,7 @@ static krb5_keyblock enc_key;
 static krb5_data ivec;
 static void init()
 {
-    enc_key.contents = key;
+    enc_key.contents = (krb5_octet *)key;
     enc_key.length = 16;
     ivec.data = zero;
     ivec.length = 16;
diff --git a/src/lib/crypto/crypto_tests/t_cts.c b/src/lib/crypto/crypto_tests/t_cts.c
index f2a3012..2b022b4 100644
--- a/src/lib/crypto/crypto_tests/t_cts.c
+++ b/src/lib/crypto/crypto_tests/t_cts.c
@@ -121,11 +121,11 @@ static void test_cts()
 
     iov.flags = KRB5_CRYPTO_TYPE_DATA;
     iov.data.data = outbuf;
-    in.data = input;
+    in.data = (char *)input;
     enciv.length = deciv.length = 16;
     enciv.data = encivbuf;
     deciv.data = decivbuf;
-    keyblock.contents = aeskey;
+    keyblock.contents = (krb5_octet *)aeskey;
     keyblock.length = 16;
     keyblock.enctype = ENCTYPE_AES128_CTS_HMAC_SHA1_96;
 
diff --git a/src/lib/crypto/crypto_tests/t_hmac.c b/src/lib/crypto/crypto_tests/t_hmac.c
index cd79dc3..65efa60 100644
--- a/src/lib/crypto/crypto_tests/t_hmac.c
+++ b/src/lib/crypto/crypto_tests/t_hmac.c
@@ -233,10 +233,9 @@ static void test_hmac()
     };
 
     for (i = 0; i < sizeof(md5tests)/sizeof(md5tests[0]); i++) {
-        key.contents = md5tests[i].key;
+        key.contents = (krb5_octet *)md5tests[i].key;
         key.length = md5tests[i].key_len;
-        in.data = md5tests[i].data;
-        in.length = md5tests[i].data_len;
+        in = make_data((char *)md5tests[i].data, md5tests[i].data_len);
 
         out.data = outbuf;
         out.length = 20;
diff --git a/src/lib/crypto/krb/aead.c b/src/lib/crypto/krb/aead.c
index 935125d..9d4e206 100644
--- a/src/lib/crypto/krb/aead.c
+++ b/src/lib/crypto/krb/aead.c
@@ -141,7 +141,7 @@ krb5int_c_padding_length(const struct krb5_keytypes *ktp, size_t data_length)
 static size_t
 next_iov_to_process(struct iov_cursor *cursor, size_t ind)
 {
-    krb5_crypto_iov *iov;
+    const krb5_crypto_iov *iov;
 
     for (; ind < cursor->iov_count; ind++) {
         iov = &cursor->iov[ind];
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index ae55297..42ac122 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -441,7 +441,6 @@ kg_accept_krb5(minor_status, context_handle,
     char *sptr;
     OM_uint32 tmp;
     size_t md5len;
-    int bigend;
     krb5_gss_cred_id_t cred = 0;
     krb5_data ap_rep, ap_req;
     unsigned int i;
@@ -698,7 +697,6 @@ kg_accept_krb5(minor_status, context_handle,
         }
 
         gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG;
-        bigend = 0;
         decode_req_message = 0;
     } else {
         /* gss krb5 v1 */
diff --git a/src/lib/gssapi/krb5/gssapi_krb5.c b/src/lib/gssapi/krb5/gssapi_krb5.c
index 04d70a6..a1bb92d 100644
--- a/src/lib/gssapi/krb5/gssapi_krb5.c
+++ b/src/lib/gssapi/krb5/gssapi_krb5.c
@@ -405,7 +405,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
                              gss_buffer_set_t *data_set)
 {
     OM_uint32 major_status = GSS_S_FAILURE;
-    krb5_gss_cred_id_t cred;
 #if 0
     size_t i;
 #endif
@@ -431,8 +430,6 @@ krb5_gss_inquire_cred_by_oid(OM_uint32 *minor_status,
     if (GSS_ERROR(major_status))
         return major_status;
 
-    cred = (krb5_gss_cred_id_t) cred_handle;
-
 #if 0
     for (i = 0; i < sizeof(krb5_gss_inquire_cred_by_oid_ops)/
              sizeof(krb5_gss_inquire_cred_by_oid_ops[0]); i++) {
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 81f7a3a..33c8c88 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1124,7 +1124,6 @@ make_NegHints(OM_uint32 *minor_status,
 	OM_uint32 minor;
 	unsigned int tlen = 0;
 	unsigned int hintNameSize = 0;
-	unsigned int negHintsSize = 0;
 	unsigned char *ptr;
 	unsigned char *t;
 
@@ -1208,7 +1207,6 @@ make_NegHints(OM_uint32 *minor_status,
 
 	/* Length of DER encoded hintName */
 	tlen += 1 + gssint_der_length_size(hintNameSize);
-	negHintsSize = tlen;
 
 	t = gssalloc_malloc(tlen);
 	if (t == NULL) {
@@ -1619,7 +1617,6 @@ spnego_gss_accept_sec_context(
 	gss_buffer_desc mechtok_out = GSS_C_EMPTY_BUFFER;
 	spnego_gss_ctx_id_t sc = NULL;
 	spnego_gss_cred_id_t spcred = NULL;
-	OM_uint32 mechstat = GSS_S_FAILURE;
 	int sendTokenInit = 0, tmpret;
 
 	mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
@@ -1718,15 +1715,12 @@ spnego_gss_accept_sec_context(
 	 * round-trip.  RET is set to a default value according to
 	 * whether it is the first round-trip.
 	 */
-	mechstat = GSS_S_FAILURE;
 	if (negState != REQUEST_MIC && mechtok_in != GSS_C_NO_BUFFER) {
 		ret = acc_ctx_call_acc(minor_status, sc, spcred,
 				       mechtok_in, mech_type, &mechtok_out,
 				       ret_flags, time_rec,
 				       delegated_cred_handle,
 				       &negState, &return_token);
-	} else if (negState == REQUEST_MIC) {
-		mechstat = GSS_S_CONTINUE_NEEDED;
 	}
 
 	/* Step 3: process or generate the MIC, if the negotiated mech is
@@ -4008,10 +4002,10 @@ g_verify_neg_token_init(unsigned char **buf_in, unsigned int cur_size)
 	 * - check for a0(context specific identifier)
 	 * - get length and verify that enoughd ata exists
 	 */
-	if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &seqsize) < 0)
+	if (g_get_tag_and_length(&buf, CONTEXT, cur_size, &bytes) < 0)
 		return (G_BAD_TOK_HEADER);
 
-	cur_size = seqsize; /* should indicate bytes remaining */
+	cur_size = bytes; /* should indicate bytes remaining */
 
 	/*
 	 * Verify the next piece, it should identify this as
diff --git a/src/lib/kadm5/clnt/client_init.c b/src/lib/kadm5/clnt/client_init.c
index adc050c..9d51991 100644
--- a/src/lib/kadm5/clnt/client_init.c
+++ b/src/lib/kadm5/clnt/client_init.c
@@ -613,7 +613,6 @@ static kadm5_ret_t
 setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
           char *client_name, char *full_svcname)
 {
-    kadm5_ret_t code;
     OM_uint32 gssstat, minor_stat;
     gss_buffer_desc buf;
     gss_name_t gss_client;
@@ -622,7 +621,6 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
     const char *c_ccname_orig;
     char *ccname_orig;
 
-    code = KADM5_GSS_ERROR;
     gss_client_creds = GSS_C_NO_CREDENTIAL;
     ccname_orig = NULL;
     gss_client = gss_target = GSS_C_NO_NAME;
@@ -630,10 +628,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
     /* Temporarily use the kadm5 cache. */
     gssstat = gss_krb5_ccache_name(&minor_stat, handle->cache_name,
                                    &c_ccname_orig);
-    if (gssstat != GSS_S_COMPLETE) {
-        code = KADM5_GSS_ERROR;
+    if (gssstat != GSS_S_COMPLETE)
         goto error;
-    }
     if (c_ccname_orig)
         ccname_orig = strdup(c_ccname_orig);
     else
@@ -643,10 +639,8 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
     buf.length = strlen((char *)buf.value) + 1;
     gssstat = gss_import_name(&minor_stat, &buf,
                               (gss_OID) gss_nt_krb5_name, &gss_target);
-    if (gssstat != GSS_S_COMPLETE) {
-        code = KADM5_GSS_ERROR;
+    if (gssstat != GSS_S_COMPLETE)
         goto error;
-    }
 
     if (client_name) {
         buf.value = client_name;
@@ -655,16 +649,13 @@ setup_gss(kadm5_server_handle_t handle, kadm5_config_params *params_in,
                                   (gss_OID) gss_nt_krb5_name, &gss_client);
     } else gss_client = GSS_C_NO_NAME;
 
-    if (gssstat != GSS_S_COMPLETE) {
-        code = KADM5_GSS_ERROR;
+    if (gssstat != GSS_S_COMPLETE)
         goto error;
-    }
 
     gssstat = gss_acquire_cred(&minor_stat, gss_client, 0,
                                GSS_C_NULL_OID_SET, GSS_C_INITIATE,
                                &gss_client_creds, NULL, NULL);
     if (gssstat != GSS_S_COMPLETE) {
-        code = KADM5_GSS_ERROR;
 #if 0 /* for debugging only */
         {
             OM_uint32 maj_status, min_status, message_context = 0;
@@ -762,7 +753,7 @@ rpc_auth(kadm5_server_handle_t handle, kadm5_config_params *params_in,
     /* Use RPCSEC_GSS by default. */
     if (params_in == NULL ||
         !(params_in->mask & KADM5_CONFIG_OLD_AUTH_GSSAPI)) {
-        sec.mech = gss_mech_krb5;
+        sec.mech = (gss_OID)gss_mech_krb5;
         sec.qop = GSS_C_QOP_DEFAULT;
         sec.svc = RPCSEC_GSS_SVC_PRIVACY;
         sec.cred = gss_client_creds;
diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c
index 153b962..42ac783 100644
--- a/src/lib/kadm5/kadm_rpc_xdr.c
+++ b/src/lib/kadm5/kadm_rpc_xdr.c
@@ -819,7 +819,8 @@ xdr_chrand_ret(XDR *xdrs, chrand_ret *objp)
 		return (FALSE);
 	}
 	if (objp->code == KADM5_OK) {
-		if (!xdr_array(xdrs, (char **)&objp->keys, &objp->n_keys, ~0,
+		if (!xdr_array(xdrs, (char **)&objp->keys,
+			       (unsigned int *)&objp->n_keys, ~0,
 			       sizeof(krb5_keyblock), xdr_krb5_keyblock))
 			return FALSE;
 	}
diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c
index 7094f49..b2aeb7d 100644
--- a/src/lib/kadm5/srv/server_acl.c
+++ b/src/lib/kadm5/srv/server_acl.c
@@ -112,7 +112,7 @@ kadm5int_acl_get_line(fp, lnp)
     line_incr = 0;
     for (domore = 1; domore && !feof(fp); ) {
         /* Copy in the line, with continuations */
-        for (i=0; ((i < sizeof acl_buf) && !feof(fp)); i++ ) {
+        for (i = 0; ((i < BUFSIZ) && !feof(fp)); i++) {
             int byte;
             byte = fgetc(fp);
             acl_buf[i] = byte;
diff --git a/src/lib/kadm5/srv/server_kdb.c b/src/lib/kadm5/srv/server_kdb.c
index f4217dd..2366144 100644
--- a/src/lib/kadm5/srv/server_kdb.c
+++ b/src/lib/kadm5/srv/server_kdb.c
@@ -282,7 +282,7 @@ kdb_get_entry(kadm5_server_handle_t handle,
             return(ret);
         }
 
-        xdrmem_create(&xdrs, tl_data.tl_data_contents,
+        xdrmem_create(&xdrs, (caddr_t)tl_data.tl_data_contents,
                       tl_data.tl_data_length, XDR_DECODE);
         if (! xdr_osa_princ_ent_rec(&xdrs, adb)) {
             xdr_destroy(&xdrs);
@@ -373,7 +373,7 @@ kdb_put_entry(kadm5_server_handle_t handle,
     }
     tl_data.tl_data_type = KRB5_TL_KADM_DATA;
     tl_data.tl_data_length = xdr_getpos(&xdrs);
-    tl_data.tl_data_contents = xdralloc_getdata(&xdrs);
+    tl_data.tl_data_contents = (krb5_octet *)xdralloc_getdata(&xdrs);
 
     ret = krb5_dbe_update_tl_data(handle->context, kdb, &tl_data);
 
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 6d90628..6c7a2c0 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -245,10 +245,12 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
             ks_tuple = handle->params.keysalts;
         }
         /* Dup the requested or defaulted keysalt tuples. */
-        new_ks_tuple = k5memdup(ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple),
-                                &ret);
-        if (new_ks_tuple == NULL)
+        new_ks_tuple = malloc(n_ks_tuple * sizeof(*new_ks_tuple));
+        if (new_ks_tuple == NULL) {
+            ret = ENOMEM;
             goto cleanup;
+        }
+        memcpy(new_ks_tuple, ks_tuple, n_ks_tuple * sizeof(*new_ks_tuple));
         new_n_ks_tuple = n_ks_tuple;
         ret = 0;
         goto cleanup;
@@ -363,7 +365,7 @@ kadm5_create_principal_3(void *server_handle,
     kadm5_policy_ent_rec        polent;
     krb5_boolean                have_polent = FALSE;
     krb5_int32                  now;
-    krb5_tl_data                *tl_data_orig, *tl_data_tail;
+    krb5_tl_data                *tl_data_tail;
     unsigned int                ret;
     kadm5_server_handle_t handle = server_handle;
     krb5_keyblock               *act_mkey;
@@ -487,7 +489,6 @@ kadm5_create_principal_3(void *server_handle,
 
     if (mask & KADM5_TL_DATA) {
         /* splice entry->tl_data onto the front of kdb->tl_data */
-        tl_data_orig = kdb->tl_data;
         for (tl_data_tail = entry->tl_data; tl_data_tail;
              tl_data_tail = tl_data_tail->tl_data_next)
         {
@@ -1265,6 +1266,8 @@ kadm5_use_password_server (void)
 }
 #endif
 
+void kadm5_set_use_password_server (void);
+
 void
 kadm5_set_use_password_server (void)
 {
diff --git a/src/lib/kdb/iprop_xdr.c b/src/lib/kdb/iprop_xdr.c
index 2ab59f5..8bf2c89 100644
--- a/src/lib/kdb/iprop_xdr.c
+++ b/src/lib/kdb/iprop_xdr.c
@@ -9,7 +9,7 @@
 #pragma GCC diagnostic ignored "-Wunused-variable"
 #endif
 
-bool_t
+static bool_t
 xdr_int16_t (XDR *xdrs, int16_t *objp)
 {
     register int32_t *buf;
@@ -19,17 +19,7 @@ xdr_int16_t (XDR *xdrs, int16_t *objp)
     return TRUE;
 }
 
-bool_t
-xdr_uint16_t (XDR *xdrs, uint16_t *objp)
-{
-    register int32_t *buf;
-
-    if (!xdr_u_short (xdrs, objp))
-        return FALSE;
-    return TRUE;
-}
-
-bool_t
+static bool_t
 xdr_int32_t (XDR *xdrs, int32_t *objp)
 {
     register int32_t *buf;
@@ -39,7 +29,7 @@ xdr_int32_t (XDR *xdrs, int32_t *objp)
     return TRUE;
 }
 
-bool_t
+static bool_t
 xdr_uint32_t (XDR *xdrs, uint32_t *objp)
 {
     register int32_t *buf;
diff --git a/src/lib/krb5/ccache/cc_keyring.c b/src/lib/krb5/ccache/cc_keyring.c
index bbe2a2e..3828c59 100644
--- a/src/lib/krb5/ccache/cc_keyring.c
+++ b/src/lib/krb5/ccache/cc_keyring.c
@@ -144,11 +144,6 @@ debug_print(char *fmt, ...)
 /* Hopefully big enough to hold a serialized credential */
 #define GUESS_CRED_SIZE 4096
 
-#define ALLOC(NUM,TYPE)                         \
-    (((NUM) <= (((size_t)0-1)/ sizeof(TYPE)))   \
-     ? (TYPE *) calloc((NUM), sizeof(TYPE))     \
-     : (errno = ENOMEM,(TYPE *) 0))
-
 #define CHECK_N_GO(ret, errdest) if (ret != KRB5_OK) goto errdest
 #define CHECK(ret) if (ret != KRB5_OK) goto errout
 #define CHECK_OUT(ret) if (ret != KRB5_OK) return ret
@@ -651,7 +646,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
     krb5_krcc_cursor krcursor;
     krb5_krcc_data *d;
     unsigned int size;
-    int     res;
+    long res;
 
     DEBUG_PRINT(("krb5_krcc_start_seq_get: entered\n"));
 
@@ -676,7 +671,7 @@ krb5_krcc_start_seq_get(krb5_context context, krb5_ccache id,
     krcursor->keys = (key_serial_t *) ((char *) krcursor + sizeof(*krcursor));
     res = keyctl_read(d->ring_id, (char *) krcursor->keys,
                       ((d->numkeys + 1) * sizeof(key_serial_t)));
-    if (res < 0 || res > ((d->numkeys + 1) * sizeof(key_serial_t))) {
+    if (res < 0 || (size_t)res > ((d->numkeys + 1) * sizeof(key_serial_t))) {
         DEBUG_PRINT(("Read %d bytes from keyring, numkeys %d: %s\n",
                      res, d->numkeys, strerror(errno)));
         free(krcursor);
@@ -1213,7 +1208,7 @@ krb5_krcc_get_ring_ids(krb5_krcc_ring_ids_t *p)
      */
     memset(ids_buf, '\0', sizeof(ids_buf));
     val = keyctl_read(ids_key, ids_buf, sizeof(ids_buf));
-    if (val > sizeof(ids_buf))
+    if (val < 0 || (size_t)val > sizeof(ids_buf))
         goto out;
 
     val = sscanf(ids_buf, "%d:%d:%d", &session, &process, &thread);
@@ -1359,12 +1354,7 @@ krb5_krcc_parse_principal(krb5_context context, krb5_ccache id,
     if (tmpprinc == NULL)
         return KRB5_CC_NOMEM;
     if (length) {
-        size_t  msize = length;
-        if (msize != length) {
-            free(tmpprinc);
-            return KRB5_CC_NOMEM;
-        }
-        tmpprinc->data = ALLOC(msize, krb5_data);
+        tmpprinc->data = calloc(length, sizeof(krb5_data));
         if (tmpprinc->data == 0) {
             free(tmpprinc);
             return KRB5_CC_NOMEM;
@@ -1415,12 +1405,9 @@ krb5_krcc_parse_keyblock(krb5_context context, krb5_ccache id,
     if (int32 < 0)
         return KRB5_CC_NOMEM;
     keyblock->length = int32;
-    /* Overflow check.  */
-    if (keyblock->length != int32)
-        return KRB5_CC_NOMEM;
     if (keyblock->length == 0)
         return KRB5_OK;
-    keyblock->contents = ALLOC(keyblock->length, krb5_octet);
+    keyblock->contents = malloc(keyblock->length);
     if (keyblock->contents == NULL)
         return KRB5_CC_NOMEM;
 
@@ -1478,7 +1465,7 @@ krb5_krcc_parse_krb5data(krb5_context context, krb5_ccache id,
     if (len < 0)
         return KRB5_CC_NOMEM;
     data->length = len;
-    if (data->length != len || data->length + 1 == 0)
+    if (data->length + 1 == 0)
         return KRB5_CC_NOMEM;
 
     if (data->length == 0) {
@@ -1542,11 +1529,10 @@ krb5_krcc_parse_addrs(krb5_context context, krb5_ccache id,
      * Make *addrs able to hold length pointers to krb5_address structs
      * Add one extra for a null-terminated list
      */
-    msize = length;
-    msize += 1;
-    if (msize == 0 || msize - 1 != length || length < 0)
+    msize = (size_t)length + 1;
+    if (msize == 0 || length < 0)
         return KRB5_CC_NOMEM;
-    *addrs = ALLOC(msize, krb5_address *);
+    *addrs = calloc(msize, sizeof(krb5_address *));
     if (*addrs == NULL)
         return KRB5_CC_NOMEM;
 
@@ -1587,13 +1573,6 @@ krb5_krcc_parse_addr(krb5_context context, krb5_ccache id, krb5_address * addr,
     if ((int32 & VALID_INT_BITS) != int32)      /* Overflow int??? */
         return KRB5_CC_NOMEM;
     addr->length = int32;
-    /*
-     * Length field is "unsigned int", which may be smaller
-     * than 32 bits.
-     */
-    if (addr->length != int32)
-        return KRB5_CC_NOMEM;   /* XXX */
-
     if (addr->length == 0)
         return KRB5_OK;
 
@@ -1633,11 +1612,10 @@ krb5_krcc_parse_authdata(krb5_context context, krb5_ccache id,
      * Make *a able to hold length pointers to krb5_authdata structs
      * Add one extra for a null-terminated list
      */
-    msize = length;
-    msize += 1;
-    if (msize == 0 || msize - 1 != length || length < 0)
+    msize = (size_t)length + 1;
+    if (msize == 0 || length < 0)
         return KRB5_CC_NOMEM;
-    *a = ALLOC(msize, krb5_authdata *);
+    *a = calloc(msize, sizeof(krb5_authdata *));
     if (*a == NULL)
         return KRB5_CC_NOMEM;
 
@@ -1680,13 +1658,6 @@ krb5_krcc_parse_authdatum(krb5_context context, krb5_ccache id,
     if ((int32 & VALID_INT_BITS) != int32)      /* Overflow int??? */
         return KRB5_CC_NOMEM;
     a->length = int32;
-    /*
-     * Value could have gotten truncated if int is
-     * smaller than 32 bits.
-     */
-    if (a->length != int32)
-        return KRB5_CC_NOMEM;   /* XXX */
-
     if (a->length == 0)
         return KRB5_OK;
 
diff --git a/src/lib/krb5/ccache/t_cc.c b/src/lib/krb5/ccache/t_cc.c
index 1c11272..991cef0 100644
--- a/src/lib/krb5/ccache/t_cc.c
+++ b/src/lib/krb5/ccache/t_cc.c
@@ -332,14 +332,14 @@ check_registered(krb5_context context, const char *prefix)
     if(kret != KRB5_OK) {
         if(kret == KRB5_CC_UNKNOWN_TYPE)
             return 0;
-        com_err("Checking on credential type", kret,prefix);
+        com_err("Checking on credential type", kret, "%s", prefix);
         fflush(stderr);
         return 0;
     }
 
     kret = krb5_cc_close(context, id);
     if(kret != KRB5_OK) {
-        com_err("Checking on credential type - closing", kret,prefix);
+        com_err("Checking on credential type - closing", kret, "%s", prefix);
         fflush(stderr);
     }
 
diff --git a/src/lib/krb5/krb/t_deltat.c b/src/lib/krb5/krb/t_deltat.c
index 8a50c69..e519ee8 100644
--- a/src/lib/krb5/krb/t_deltat.c
+++ b/src/lib/krb5/krb/t_deltat.c
@@ -126,7 +126,7 @@ main (void)
 
     };
     int fail = 0;
-    int i;
+    size_t i;
 
     for (i = 0; i < sizeof(values)/sizeof(values[0]); i++) {
         krb5_deltat result;
@@ -150,8 +150,8 @@ main (void)
         }
     }
     if (fail == 0)
-        printf ("Passed all %d tests.\n", i);
+        printf ("Passed all %d tests.\n", (int)i);
     else
-        printf ("Failed %d of %d tests.\n", fail, i);
+        printf ("Failed %d of %d tests.\n", fail, (int)i);
     return fail;
 }
diff --git a/src/lib/krb5/krb/t_ser.c b/src/lib/krb5/krb/t_ser.c
index 692d89d..9cdf5e6 100644
--- a/src/lib/krb5/krb/t_ser.c
+++ b/src/lib/krb5/krb/t_ser.c
@@ -95,7 +95,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
     kret = krb5_externalize_data(ser_ctx, ctx, &outrep, &outlen);
     if (!kret) {
         if (verbose) {
-            printf("%s: externalized in %d bytes\n", msg, outlen);
+            printf("%s: externalized in %d bytes\n", msg, (int)outlen);
             print_erep(outrep, outlen);
         }
 
@@ -110,7 +110,7 @@ ser_data(int verbose, char *msg, krb5_pointer ctx, krb5_magic dtype)
         if (!kret) {
             if (ilen)
                 printf("%s: %d bytes left over after internalize\n",
-                       msg, ilen);
+                       msg, (int)ilen);
             /* Now attempt to re-externalize it */
             kret = krb5_externalize_data(ser_ctx, nctx, &outrep2, &outlen2);
             if (!kret) {
diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c
index f894d05..f7eb2d2 100644
--- a/src/lib/krb5/os/localaddr.c
+++ b/src/lib/krb5/os/localaddr.c
@@ -1346,12 +1346,10 @@ get_localaddrs (krb5_context context, krb5_address ***addr, int use_profile)
 {
     struct localaddr_data data = { 0 };
     int r;
-    krb5_error_code err;
 
-    if (use_profile) {
-        err = krb5_os_localaddr_profile (context, &data);
-        /* ignore err for now */
-    }
+    /* Ignore errors for now. */
+    if (use_profile)
+        (void)krb5_os_localaddr_profile (context, &data);
 
     r = foreach_localaddr (&data, count_addrs, allocate, add_addr);
     if (r != 0) {
diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c
index ef7ce0b..1930d7e 100644
--- a/src/lib/krb5/rcache/rc_io.c
+++ b/src/lib/krb5/rcache/rc_io.c
@@ -223,9 +223,8 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn,
     struct stat sb1, sb2;
 #endif
     char *dir;
-    size_t dirlen;
 
-    GETDIR;
+    dir = getdir();
     if (full_pathname) {
         if (!(d->fn = strdup(full_pathname)))
             return KRB5_RC_IO_MALLOC;
diff --git a/src/lib/rpc/auth_gss.c b/src/lib/rpc/auth_gss.c
index ab161c1..319bc75 100644
--- a/src/lib/rpc/auth_gss.c
+++ b/src/lib/rpc/auth_gss.c
@@ -546,7 +546,6 @@ authgss_destroy_context(AUTH *auth)
 {
 	struct rpc_gss_data	*gd;
 	OM_uint32		 min_stat;
-	enum clnt_stat		 callstat;
 
 	log_debug("in authgss_destroy_context()");
 
@@ -555,10 +554,8 @@ authgss_destroy_context(AUTH *auth)
 	if (gd->gc.gc_ctx.length != 0) {
 		if (gd->established) {
 			gd->gc.gc_proc = RPCSEC_GSS_DESTROY;
-			callstat = clnt_call(gd->clnt, NULLPROC,
-					     xdr_void, NULL,
-					     xdr_void, NULL,
-					     AUTH_TIMEOUT);
+			(void)clnt_call(gd->clnt, NULLPROC, xdr_void, NULL,
+					xdr_void, NULL, AUTH_TIMEOUT);
 			log_debug("%s",
 				  clnt_sperror(gd->clnt,
 					       "authgss_destroy_context"));
diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c
index 66edf57..10d9e3f 100644
--- a/src/lib/rpc/pmap_rmt.c
+++ b/src/lib/rpc/pmap_rmt.c
@@ -188,7 +188,6 @@ getbroadcastnets(
 {
 	struct ifconf ifc;
         struct ifreq ifreq, *ifr;
-	struct sockaddr_in *sockin;
         int n, i;
 
         ifc.ifc_len = GIFCONF_BUFSIZE;
@@ -208,24 +207,16 @@ getbroadcastnets(
                 if ((ifreq.ifr_flags & IFF_BROADCAST) &&
 		    (ifreq.ifr_flags & IFF_UP) &&
 		    ifr->ifr_addr.sa_family == AF_INET) {
-			sockin = (struct sockaddr_in *)&ifr->ifr_addr;
 #ifdef SIOCGIFBRDADDR   /* 4.3BSD */
 			if (ioctl(sock, SIOCGIFBRDADDR, (char *)&ifreq) < 0) {
 				addrs[i++].s_addr = INADDR_ANY;
-#if 0 /* this is uuuuugly */
-				addrs[i++] = inet_makeaddr(inet_netof
-#if defined(hpux) || (defined(sun) && defined(__svr4__)) || defined(linux) || (defined(__osf__) && defined(__alpha__))
-							   (sockin->sin_addr),
-#else /* hpux or solaris */
-							   (sockin->sin_addr.s_addr),
-#endif
-							   INADDR_ANY);
-#endif
 			} else {
 				addrs[i++] = ((struct sockaddr_in*)
 				  &ifreq.ifr_addr)->sin_addr;
 			}
 #else /* 4.2 BSD */
+			struct sockaddr_in *sockin;
+			sockin = (struct sockaddr_in *)&ifr->ifr_addr;
 			addrs[i++] = inet_makeaddr(inet_netof
 			  (sockin->sin_addr.s_addr), INADDR_ANY);
 #endif
diff --git a/src/lib/rpc/svc_auth_gss.c b/src/lib/rpc/svc_auth_gss.c
index c3d52dc..68498da 100644
--- a/src/lib/rpc/svc_auth_gss.c
+++ b/src/lib/rpc/svc_auth_gss.c
@@ -486,8 +486,8 @@ gssrpc__svcauth_gss(struct svc_req *rqst, struct rpc_msg *msg,
 			offset = 0 - offset;
 			gd->seqmask <<= offset;
 			offset = 0;
-		}
-		else if (offset >= gd->win || (gd->seqmask & (1 << offset))) {
+		} else if ((u_int)offset >= gd->win ||
+			   (gd->seqmask & (1 << offset))) {
 			*no_dispatch = 1;
 			ret_freegc (RPCSEC_GSS_CTXPROBLEM);
 		}
diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c
index a38f35d..0b01527 100644
--- a/src/lib/rpc/svc_udp.c
+++ b/src/lib/rpc/svc_udp.c
@@ -198,6 +198,7 @@ svcudp_recv(
 	register int rlen;
 	char *reply;
 	uint32_t replylen;
+	socklen_t addrlen;
 
     again:
 	memset(&dummy, 0, sizeof(dummy));
@@ -215,13 +216,14 @@ svcudp_recv(
 		  return (FALSE);
 	}
 
-	xprt->xp_addrlen = sizeof(struct sockaddr_in);
+	addrlen = sizeof(struct sockaddr_in);
 	rlen = recvfrom(xprt->xp_sock, rpc_buffer(xprt), (int) su->su_iosz,
-	    0, (struct sockaddr *)&(xprt->xp_raddr), &(xprt->xp_addrlen));
+	    0, (struct sockaddr *)&(xprt->xp_raddr), &addrlen);
 	if (rlen == -1 && errno == EINTR)
 		goto again;
 	if (rlen < (int) (4*sizeof(uint32_t)))
 		return (FALSE);
+	xprt->xp_addrlen = addrlen;
 	xdrs->x_op = XDR_DECODE;
 	XDR_SETPOS(xdrs, 0);
 	if (! xdr_callmsg(xdrs, msg))
diff --git a/src/lib/rpc/unit-test/client.c b/src/lib/rpc/unit-test/client.c
index 6ab4534..646477f 100644
--- a/src/lib/rpc/unit-test/client.c
+++ b/src/lib/rpc/unit-test/client.c
@@ -58,8 +58,8 @@ main(argc, argv)
      CLIENT      *clnt;
      AUTH	 *tmp_auth;
      struct rpc_err e;
-     int i, auth_once, sock, use_tcp;
-     unsigned int count;
+     int auth_once, sock, use_tcp;
+     unsigned int count, i;
      extern int optind;
      extern char *optarg;
      extern int svc_debug_gssapi, misc_debug_gssapi, auth_debug_gssapi;
diff --git a/src/lib/rpc/xdr_mem.c b/src/lib/rpc/xdr_mem.c
index febb8be..f3eb047 100644
--- a/src/lib/rpc/xdr_mem.c
+++ b/src/lib/rpc/xdr_mem.c
@@ -125,7 +125,7 @@ static bool_t
 xdrmem_getbytes(XDR *xdrs, caddr_t addr, u_int len)
 {
 
-	if (xdrs->x_handy < len)
+	if ((u_int)xdrs->x_handy < len)
 		return (FALSE);
 	else
 		xdrs->x_handy -= len;
@@ -138,7 +138,7 @@ static bool_t
 xdrmem_putbytes(XDR *xdrs, caddr_t addr, u_int len)
 {
 
-	if (xdrs->x_handy < len)
+	if ((u_int)xdrs->x_handy < len)
 		return (FALSE);
 	else
 		xdrs->x_handy -= len;
diff --git a/src/lib/rpc/xdr_rec.c b/src/lib/rpc/xdr_rec.c
index cb839b6..0587882 100644
--- a/src/lib/rpc/xdr_rec.c
+++ b/src/lib/rpc/xdr_rec.c
@@ -244,7 +244,7 @@ static bool_t  /* must manage buffers, fragments, and records */
 xdrrec_getbytes(XDR *xdrs, caddr_t addr, u_int len)
 {
 	register RECSTREAM *rstrm = (RECSTREAM *)(xdrs->x_private);
-	register int current;
+	register u_int current;
 
 	while (len > 0) {
 		current = rstrm->fbtbc;
@@ -519,7 +519,7 @@ get_input_bytes(RECSTREAM *rstrm, caddr_t addr, int len)
 				return (FALSE);
 			continue;
 		}
-		current = (len < current) ? len : current;
+		current = ((size_t)len < current) ? (size_t)len : current;
 		memmove(addr, rstrm->in_finger, current);
 		rstrm->in_finger += current;
 		addr += current;
diff --git a/src/lib/rpc/xdr_sizeof.c b/src/lib/rpc/xdr_sizeof.c
index a9b16e2..145e387 100644
--- a/src/lib/rpc/xdr_sizeof.c
+++ b/src/lib/rpc/xdr_sizeof.c
@@ -80,7 +80,7 @@ x_setpostn(xdrs, pos)
 	return (FALSE);
 }
 
-static long *
+static rpc_inline_t *
 x_inline(xdrs, len)
 	XDR *xdrs;
 	int len;
@@ -94,7 +94,7 @@ x_inline(xdrs, len)
 	if (len < (int) xdrs->x_base) {
 		/* x_private was already allocated */
 		xdrs->x_handy += len;
-		return ((long *) xdrs->x_private);
+		return ((rpc_inline_t *) xdrs->x_private);
 	} else {
 		/* Free the earlier space and allocate new area */
 		if (xdrs->x_private)
@@ -105,7 +105,7 @@ x_inline(xdrs, len)
 		}
 		xdrs->x_base = (caddr_t) len;
 		xdrs->x_handy += len;
-		return ((long *) xdrs->x_private);
+		return ((rpc_inline_t *) xdrs->x_private);
 	}
 }
 
@@ -139,7 +139,7 @@ xdr_sizeof(func, data)
 	bool_t stat;
 	/* to stop ANSI-C compiler from complaining */
 	typedef  bool_t (* dummyfunc1)(XDR *, long *);
-	typedef  bool_t (* dummyfunc2)(XDR *, caddr_t, int);
+	typedef  bool_t (* dummyfunc2)(XDR *, caddr_t, u_int);
 
 	ops.x_putlong = x_putlong;
 	ops.x_putbytes = x_putbytes;
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
index 38e470f..9402813 100644
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
@@ -156,7 +156,6 @@ list_modify_str_array(char ***destlist, const char **sourcelist, int mode)
     char **dlist = NULL, **tmplist = NULL;
     const char **slist = NULL;
     int dcount = 0, scount = 0, copycount = 0;
-    int found = 0;
 
     if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
         return;
@@ -192,10 +191,8 @@ list_modify_str_array(char ***destlist, const char **sourcelist, int mode)
          * from the destination list */
         for (slist = sourcelist; *slist != NULL; slist++) {
             for (dlist = *destlist; *dlist != NULL; dlist++) {
-                found = 0; /* value not found */
                 /* DN is case insensitive string */
                 if (strcasecmp(*dlist, *slist) == 0) {
-                    found = 1;
                     free(*dlist);
                     /* Advance the rest of the entries by one */
                     for (tmplist = dlist; *tmplist != NULL; tmplist++) {
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 3fac3c7..8776ab5 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -536,12 +536,10 @@ krb5_error_code
 is_principal_in_realm(krb5_ldap_context *ldap_context,
                       krb5_const_principal searchfor)
 {
-    size_t                      defrealmlen=0;
     char                        *defrealm=NULL;
 
 #define FIND_MAX(a,b) ((a) > (b) ? (a) : (b))
 
-    defrealmlen = strlen(ldap_context->lrparams->realm_name);
     defrealm = ldap_context->lrparams->realm_name;
 
     /*
@@ -1646,6 +1644,7 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
 {
     krb5_error_code st = 0;
     unsigned int    mask = 0;
+    int             val;
     krb5_boolean    attr_present = FALSE;
     char            **values = NULL, *policydn = NULL, *pwdpolicydn = NULL;
     char            *polname = NULL, *tktpolname = NULL;
@@ -1720,9 +1719,10 @@ populate_krb5_db_entry(krb5_context context, krb5_ldap_context *ldap_context,
         mask |= KDB_LAST_FAILED_ATTR;
 
     /* KRBLOGINFAILEDCOUNT */
-    if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount",
-                            &(entry->fail_auth_count)) == 0)
+    if (krb5_ldap_get_value(ld, ent, "krbLoginFailedCount", &val) == 0) {
+        entry->fail_auth_count = val;
         mask |= KDB_FAIL_AUTH_COUNT_ATTR;
+    }
 
     /* KRBMAXTICKETLIFE */
     if (krb5_ldap_get_value(ld, ent, "krbmaxticketlife", &(entry->max_life)) == 0)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
index 527873c..bcdc1dc 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
@@ -555,7 +555,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
         goto cleanup;
 
     if (entry->mask & KADM5_LOAD) {
-        int              tree = 0, ntrees = 0, numlentries = 0;
+        unsigned int     tree = 0, ntrees = 0;
+        int              numlentries = 0;
         char             **subtreelist = NULL, *filter = NULL;
 
         /*  A load operation is special, will do a mix-in (add krbprinc
@@ -695,7 +696,8 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry,
      */
     if (xargs.dn_from_kbd == TRUE) {
         /* make sure the DN falls in the subtree */
-        int              tre=0, dnlen=0, subtreelen=0, ntrees=0;
+        unsigned int     tre=0, ntrees=0;
+        int              dnlen=0, subtreelen=0;
         char             **subtreelist=NULL;
         char             *dn=NULL;
         krb5_boolean     outofsubtree=TRUE;
@@ -1293,7 +1295,7 @@ krb5_read_tkt_policy(krb5_context context, krb5_ldap_context *ldap_context,
                      krb5_db_entry *entries, char *policy)
 {
     krb5_error_code             st=0;
-    unsigned int                mask=0, omask=0;
+    int                         mask=0, omask=0;
     int                         tkt_mask=(KDB_MAX_LIFE_ATTR | KDB_MAX_RLIFE_ATTR | KDB_TKT_FLAGS_ATTR);
     krb5_ldap_policy_params     *tktpoldnparam=NULL;
 
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
index 2169aaa..4d7d673 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -232,6 +232,15 @@ cleanup:
     return(st);
 }
 
+static void
+get_ui4(LDAP *ld, LDAPMessage *ent, char *name, krb5_ui_4 *out)
+{
+    int val;
+
+    krb5_ldap_get_value(ld, ent, name, &val);
+    *out = val;
+}
+
 static krb5_error_code
 populate_policy(krb5_context context,
                 LDAP *ld,
@@ -245,19 +254,18 @@ populate_policy(krb5_context context,
     CHECK_NULL(pol_entry->name);
     pol_entry->version = 1;
 
-    krb5_ldap_get_value(ld, ent, "krbmaxpwdlife", &(pol_entry->pw_max_life));
-    krb5_ldap_get_value(ld, ent, "krbminpwdlife", &(pol_entry->pw_min_life));
-    krb5_ldap_get_value(ld, ent, "krbpwdmindiffchars", &(pol_entry->pw_min_classes));
-    krb5_ldap_get_value(ld, ent, "krbpwdminlength", &(pol_entry->pw_min_length));
-    krb5_ldap_get_value(ld, ent, "krbpwdhistorylength", &(pol_entry->pw_history_num));
-
-    krb5_ldap_get_value(ld, ent, "krbpwdmaxfailure", &(pol_entry->pw_max_fail));
-    krb5_ldap_get_value(ld, ent, "krbpwdfailurecountinterval", &(pol_entry->pw_failcnt_interval));
-    krb5_ldap_get_value(ld, ent, "krbpwdlockoutduration", &(pol_entry->pw_lockout_duration));
-    krb5_ldap_get_value(ld, ent, "krbpwdattributes", &(pol_entry->attributes));
-    krb5_ldap_get_value(ld, ent, "krbpwdmaxlife", &(pol_entry->max_life));
-    krb5_ldap_get_value(ld, ent, "krbpwdmaxrenewablelife",
-                        &(pol_entry->max_renewable_life));
+    get_ui4(ld, ent, "krbmaxpwdlife", &pol_entry->pw_max_life);
+    get_ui4(ld, ent, "krbminpwdlife", &pol_entry->pw_min_life);
+    get_ui4(ld, ent, "krbpwdmindiffchars", &pol_entry->pw_min_classes);
+    get_ui4(ld, ent, "krbpwdminlength", &pol_entry->pw_min_length);
+    get_ui4(ld, ent, "krbpwdhistorylength", &pol_entry->pw_history_num);
+    get_ui4(ld, ent, "krbpwdmaxfailure", &pol_entry->pw_max_fail);
+    get_ui4(ld, ent, "krbpwdfailurecountinterval",
+            &pol_entry->pw_failcnt_interval);
+    get_ui4(ld, ent, "krbpwdlockoutduration", &pol_entry->pw_lockout_duration);
+    get_ui4(ld, ent, "krbpwdattributes", &pol_entry->attributes);
+    get_ui4(ld, ent, "krbpwdmaxlife", &pol_entry->max_life);
+    get_ui4(ld, ent, "krbpwdmaxrenewablelife", &pol_entry->max_renewable_life);
 
     st = krb5_ldap_get_string(ld, ent, "krbpwdallowedkeysalts",
                               &(pol_entry->allowed_keysalts), NULL);
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index e5c1f59..032be6f 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -209,7 +209,8 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm)
     char                        **values=NULL, **subtrees=NULL, **policy=NULL;
     LDAPMessage                 **result_arr=NULL, *result = NULL, *ent = NULL;
     krb5_principal              principal;
-    int                         l=0, ntree=0, i=0, j=0, mask=0;
+    unsigned int                l=0, ntree=0;
+    int                         i=0, j=0, mask=0;
     kdb5_dal_handle             *dal_handle = NULL;
     krb5_ldap_context           *ldap_context = NULL;
     krb5_ldap_server_handle     *ldap_server_handle = NULL;
@@ -342,7 +343,7 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
     krb5_error_code       st=0;
     char                  **strval=NULL, *strvalprc[5]={NULL};
     LDAPMod               **mods = NULL;
-    int                   oldmask=0, objectmask=0,k=0;
+    int                   objectmask=0,k=0;
     kdb5_dal_handle       *dal_handle=NULL;
     krb5_ldap_context     *ldap_context=NULL;
     krb5_ldap_server_handle *ldap_server_handle=NULL;
@@ -371,21 +372,6 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
     /* get ldap handle */
     GET_HANDLE ();
 
-    /* get the oldmask obtained from the krb5_ldap_read_realm_params */
-    {
-        void *voidptr=NULL;
-
-        if ((st=decode_tl_data(rparams->tl_data, KDB_TL_MASK, &voidptr)) == 0) {
-            oldmask = *((int *) voidptr);
-            free (voidptr);
-        } else {
-            st = EINVAL;
-            krb5_set_error_message(context, st, _("tl_data not available"));
-            return st;
-        }
-    }
-
-
     /* SUBTREE ATTRIBUTE */
     if (mask & LDAP_REALM_SUBTREE) {
         if ( rparams->subtree!=NULL)  {
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
index f412290..32e2af0 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
@@ -84,7 +84,6 @@ krb5_ldap_readpassword(krb5_context context, krb5_ldap_context *ldap_context,
     int                         entryfound=0;
     krb5_error_code             st=0;
     char                        line[RECORDLEN]="0", *start=NULL, *file=NULL;
-    char                        errbuf[1024];
     FILE                        *fptr=NULL;
 
     *password = NULL;
@@ -166,7 +165,8 @@ rp_exit:
 int
 tohex(krb5_data in, krb5_data *ret)
 {
-    int                i=0, err = 0;
+    unsigned int       i=0;
+    int                err = 0;
 
     ret->length = 0;
     ret->data = NULL;
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
index 760bfd3..5ae8672 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/princ_xdr.c
@@ -187,7 +187,7 @@ krb5_lookup_tl_kadm_data(krb5_tl_data *tl_data, osa_princ_ent_rec *princ_entry)
 
     XDR xdrs;
 
-    xdrmem_create(&xdrs, tl_data->tl_data_contents,
+    xdrmem_create(&xdrs, (caddr_t)tl_data->tl_data_contents,
 		  tl_data->tl_data_length, XDR_DECODE);
     if (! ldap_xdr_osa_princ_ent_rec(&xdrs, princ_entry)) {
 	xdr_destroy(&xdrs);
diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.c b/src/plugins/preauth/pkinit/pkinit_accessor.c
index 15a3e49..6bae949 100644
--- a/src/plugins/preauth/pkinit/pkinit_accessor.c
+++ b/src/plugins/preauth/pkinit/pkinit_accessor.c
@@ -58,7 +58,7 @@ krb5_error_code
                                          krb5_data **code);
 
 krb5_error_code
-(*k5int_encode_krb5_td_dh_parameters)(const krb5_algorithm_identifier **,
+(*k5int_encode_krb5_td_dh_parameters)(krb5_algorithm_identifier *const *,
                                       krb5_data **code);
 krb5_error_code
 (*k5int_decode_krb5_td_dh_parameters)(const krb5_data *,
@@ -66,7 +66,7 @@ krb5_error_code
 
 krb5_error_code
 (*k5int_encode_krb5_td_trusted_certifiers)
-(const krb5_external_principal_identifier **, krb5_data **code);
+(krb5_external_principal_identifier *const *, krb5_data **code);
 
 krb5_error_code
 (*k5int_decode_krb5_td_trusted_certifiers)
diff --git a/src/plugins/preauth/pkinit/pkinit_accessor.h b/src/plugins/preauth/pkinit/pkinit_accessor.h
index 21402ad..dcee3db 100644
--- a/src/plugins/preauth/pkinit/pkinit_accessor.h
+++ b/src/plugins/preauth/pkinit/pkinit_accessor.h
@@ -61,12 +61,12 @@ extern krb5_error_code (*k5int_encode_krb5_pa_pk_as_rep_draft9)
 	(const krb5_pa_pk_as_rep_draft9 *, krb5_data **code);
 
 extern krb5_error_code (*k5int_encode_krb5_td_dh_parameters)
-	(const krb5_algorithm_identifier **, krb5_data **code);
+	(krb5_algorithm_identifier *const *, krb5_data **code);
 extern krb5_error_code (*k5int_decode_krb5_td_dh_parameters)
 	(const krb5_data *, krb5_algorithm_identifier ***);
 
 extern krb5_error_code (*k5int_encode_krb5_td_trusted_certifiers)
-	(const krb5_external_principal_identifier **, krb5_data **code);
+	(krb5_external_principal_identifier *const *, krb5_data **code);
 extern krb5_error_code (*k5int_decode_krb5_td_trusted_certifiers)
 	(const krb5_data *, krb5_external_principal_identifier ***);
 
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 45f44e0..4b0245c 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -3416,7 +3416,7 @@ pkinit_create_td_dh_parameters(krb5_context context,
     SECItem tmp, *oid;
     krb5_algorithm_identifier id[sizeof(oakley_groups) /
                                  sizeof(oakley_groups[0])];
-    const krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1];
+    krb5_algorithm_identifier *ids[(sizeof(id) / sizeof(id[0])) + 1];
     unsigned int i, j;
     krb5_data *data;
     krb5_pa_data **typed_data;
@@ -3525,7 +3525,7 @@ pkinit_create_td_invalid_certificate(krb5_context context,
 {
     CERTCertificate *invalid;
     krb5_external_principal_identifier id;
-    const krb5_external_principal_identifier *ids[2];
+    krb5_external_principal_identifier *ids[2];
     struct issuer_and_serial_number isn;
     krb5_data *data;
     SECItem item;
@@ -3591,7 +3591,7 @@ pkinit_create_td_trusted_certifiers(krb5_context context,
                                     pkinit_identity_crypto_context
                                     id_cryptoctx, krb5_pa_data ***pa_data)
 {
-    const krb5_external_principal_identifier **ids;
+    krb5_external_principal_identifier **ids;
     krb5_external_principal_identifier *id;
     struct issuer_and_serial_number isn;
     krb5_data *data;
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index a706911..ae4efc3 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1677,7 +1677,7 @@ cms_signeddata_verify(krb5_context context,
                 goto cleanup;
             }
 
-            retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_verified_chain, &authz);
+            retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_verified_chain, &authz);
             if (retval) {
                 pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
                 goto cleanup;
@@ -3063,7 +3063,7 @@ pkinit_create_sequence_of_principal_identifiers(
         goto cleanup;
     }
 
-    retval = k5int_encode_krb5_td_trusted_certifiers((const krb5_external_principal_identifier **)krb5_trusted_certifiers, &td_certifiers);
+    retval = k5int_encode_krb5_td_trusted_certifiers((krb5_external_principal_identifier *const *)krb5_trusted_certifiers, &td_certifiers);
     if (retval) {
         pkiDebug("encode_krb5_td_trusted_certifiers failed\n");
         goto cleanup;
@@ -3244,7 +3244,7 @@ pkinit_create_td_dh_parameters(krb5_context context,
         algId[0]->algorithm = dh_oid;
 
     }
-    retval = k5int_encode_krb5_td_dh_parameters((const krb5_algorithm_identifier **)algId, &encoded_algId);
+    retval = k5int_encode_krb5_td_dh_parameters((krb5_algorithm_identifier *const *)algId, &encoded_algId);
     if (retval)
         goto cleanup;
 #ifdef DEBUG_ASN1
diff --git a/src/slave/kprop.c b/src/slave/kprop.c
index 540d14b..acdca0a 100644
--- a/src/slave/kprop.c
+++ b/src/slave/kprop.c
@@ -532,14 +532,14 @@ xmit_database(context, auth_context, my_creds, fd, database_fd,
     int database_fd;
     int in_database_size;
 {
-    krb5_int32      sent_size, n;
+    krb5_int32      n;
     krb5_data       inbuf, outbuf;
     char            buf[KPROP_BUFSIZ];
     krb5_error_code retval;
     krb5_error      *error;
     /* These must be 4 bytes */
     krb5_ui_4       database_size = in_database_size;
-    krb5_ui_4       send_size;
+    krb5_ui_4       send_size, sent_size;
 
     /*
      * Send over the size
diff --git a/src/tests/dejagnu/t_inetd.c b/src/tests/dejagnu/t_inetd.c
index 5e9a0b1..abcde50 100644
--- a/src/tests/dejagnu/t_inetd.c
+++ b/src/tests/dejagnu/t_inetd.c
@@ -75,7 +75,7 @@ main(argc, argv)
     int sock, acc;
     int one = 1;
     struct sockaddr_in l_inaddr, f_inaddr;  /* local, foreign address */
-    int namelen = sizeof(f_inaddr);
+    socklen_t namelen = sizeof(f_inaddr);
 #ifdef POSIX_SIGNALS
     struct sigaction csig;
 #endif
diff --git a/src/tests/gssapi/common.c b/src/tests/gssapi/common.c
index 61558a0..5e8ffda 100644
--- a/src/tests/gssapi/common.c
+++ b/src/tests/gssapi/common.c
@@ -44,12 +44,12 @@ gss_OID_set_desc mechset_iakerb = { 1, &mech_iakerb };
 static void
 display_status(const char *msg, OM_uint32 code, int type)
 {
-    OM_uint32 maj_stat, min_stat, msg_ctx = 0;
+    OM_uint32 min_stat, msg_ctx = 0;
     gss_buffer_desc buf;
 
     do {
-        maj_stat = gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
-                                      &msg_ctx, &buf);
+        (void)gss_display_status(&min_stat, code, type, GSS_C_NULL_OID,
+                                 &msg_ctx, &buf);
         fprintf(stderr, "%s: %.*s\n", msg, (int)buf.length, (char *)buf.value);
         (void)gss_release_buffer(&min_stat, &buf);
     } while (msg_ctx != 0);
diff --git a/src/util/profile/test_profile.c b/src/util/profile/test_profile.c
index ea7113d..6f6fcc7 100644
--- a/src/util/profile/test_profile.c
+++ b/src/util/profile/test_profile.c
@@ -24,9 +24,9 @@ static void do_batchmode(profile)
 {
     errcode_t       retval;
     int             argc, ret;
-    char            **argv, **values, **cpp;
+    char            **argv, **values, *value, **cpp;
     char            buf[256];
-    const char      **names, *value;
+    const char      **names, *name;
     char            *cmd;
     int             print_status;
 
@@ -76,11 +76,10 @@ static void do_batchmode(profile)
             retval = profile_rename_section(profile, names+1,
                                             *names);
         } else if (!strcmp(cmd, "add")) {
-            value = *names;
-            if (strcmp(value, "NULL") == 0)
-                value = NULL;
-            retval = profile_add_relation(profile, names+1,
-                                          value);
+            name = *names;
+            if (strcmp(name, "NULL") == 0)
+                name = NULL;
+            retval = profile_add_relation(profile, names+1, name);
         } else if (!strcmp(cmd, "flush")) {
             retval = profile_flush(profile);
         } else {
@@ -116,8 +115,7 @@ int main(argc, argv)
 {
     profile_t   profile;
     long        retval;
-    char        **values, **cpp;
-    const char  *value;
+    char        **values, *value, **cpp;
     const char  **names;
     char        *cmd;
     int         print_value = 0;


More information about the cvs-krb5 mailing list