diff -up ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c --- ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c.werror 2011-08-11 10:26:55.453235671 +0200 +++ ecryptfs-utils-90/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2011-08-11 10:26:55.471235788 +0200 @@ -86,7 +86,7 @@ static int ecryptfs_pkcs11h_deserialize( pkcs11h_data->serialized_id = NULL; } else { - pkcs11h_data->serialized_id = blob + i; + pkcs11h_data->serialized_id = (char *)blob + i; i += serialized_id_length; } pkcs11h_data->certificate_blob_size = blob[i++] % 256; @@ -104,12 +104,11 @@ static int ecryptfs_pkcs11h_deserialize( pkcs11h_data->passphrase = NULL; } else { - pkcs11h_data->passphrase = blob + i; + pkcs11h_data->passphrase = (char *)blob + i; i += passphrase_length; } rc = 0; -out: return rc; } @@ -346,14 +345,14 @@ static int ecryptfs_pkcs11h_get_key_sig( data[i++] = '\02'; data[i++] = (char)(nbits >> 8); data[i++] = (char)nbits; - BN_bn2bin(rsa->n, &(data[i])); + BN_bn2bin(rsa->n, (unsigned char *)&(data[i])); i += nbytes; data[i++] = (char)(ebits >> 8); data[i++] = (char)ebits; - BN_bn2bin(rsa->e, &(data[i])); + BN_bn2bin(rsa->e, (unsigned char *)&(data[i])); i += ebytes; - SHA1(data, len + 3, hash); - to_hex(sig, hash, ECRYPTFS_SIG_SIZE); + SHA1((unsigned char *)data, len + 3, (unsigned char *)hash); + to_hex((char *)sig, hash, ECRYPTFS_SIG_SIZE); sig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; rc = 0; @@ -411,8 +410,8 @@ static int ecryptfs_pkcs11h_encrypt(char if ( (rc = RSA_public_encrypt( from_size, - from, - to, + (unsigned char *)from, + (unsigned char *)to, rsa, RSA_PKCS1_PADDING )) == -1 @@ -506,9 +505,9 @@ static int ecryptfs_pkcs11h_decrypt(char (rv = pkcs11h_certificate_decryptAny ( certificate, CKM_RSA_PKCS, - from, + (unsigned char *)from, from_size, - to, + (unsigned char *)to, to_size )) != CKR_OK ) { @@ -534,9 +533,9 @@ static int ecryptfs_pkcs11h_decrypt(char pkcs11h_certificate_decryptAny ( certificate, CKM_RSA_PKCS, - from, + (unsigned char *)from, from_size, - tmp, + (unsigned char *)tmp, to_size ); @@ -851,7 +850,7 @@ static int ecryptfs_pkcs11h_process_key( rc = MOUNT_ERROR; goto out; } - if ((rc = ecryptfs_pkcs11h_serialize(subgraph_key_ctx->key_mod->blob, + if ((rc = ecryptfs_pkcs11h_serialize((unsigned char *)subgraph_key_ctx->key_mod->blob, &subgraph_key_ctx->key_mod->blob_size, pkcs11h_data))) { syslog(LOG_ERR, "PKCS#11: Error serializing pkcs11; rc=[%d]\n", rc); @@ -930,7 +929,7 @@ static int tf_pkcs11h_global_loglevel(st rc = DEFAULT_TOK; node->val = NULL; -out: +// out: return rc; } @@ -943,7 +942,7 @@ static int tf_pkcs11h_global_pincache(st rc = DEFAULT_TOK; node->val = NULL; -out: +// out: return rc; } @@ -1013,7 +1012,7 @@ static int tf_pkcs11h_provider_prot_auth sscanf (node->val, "%x", &subgraph_provider_ctx->allow_protected_authentication); rc = DEFAULT_TOK; node->val = NULL; -out: + return rc; } @@ -1027,7 +1026,7 @@ static int tf_pkcs11h_provider_cert_priv sscanf (node->val, "%x", &subgraph_provider_ctx->certificate_is_private); rc = DEFAULT_TOK; node->val = NULL; -out: + return rc; } @@ -1042,7 +1041,7 @@ static int tf_pkcs11h_provider_private_m rc = DEFAULT_TOK; node->val = NULL; -out: + return rc; } @@ -1073,7 +1072,7 @@ static int tf_pkcs11h_provider_end(struc free(subgraph_provider_ctx); *foo = NULL; rc = DEFAULT_TOK; -out: + return rc; } @@ -1120,7 +1119,7 @@ static int tf_pkcs11h_key_x509file(struc X509 *x509 = NULL; unsigned char *p = NULL; FILE *fp = NULL; - int rc; + int rc = 0; subgraph_key_ctx = (struct pkcs11h_subgraph_key_ctx *)(*foo); diff -up ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c --- ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c.werror 2010-12-17 18:34:04.000000000 +0100 +++ ecryptfs-utils-90/src/libecryptfs/ecryptfs-stat.c 2011-08-11 10:26:55.472235795 +0200 @@ -146,7 +146,7 @@ int ecryptfs_parse_stat(struct ecryptfs_ if (buf_size < (ECRYPTFS_FILE_SIZE_BYTES + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES + 4)) { - printf("%s: Invalid metadata size; must have at least [%lu] " + printf("%s: Invalid metadata size; must have at least [%zu] " "bytes; there are only [%zu] bytes\n", __FUNCTION__, (ECRYPTFS_FILE_SIZE_BYTES + MAGIC_ECRYPTFS_MARKER_SIZE_BYTES diff -up ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c --- ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c.werror 2011-02-06 03:44:30.000000000 +0100 +++ ecryptfs-utils-90/src/pam_ecryptfs/pam_ecryptfs.c 2011-08-11 10:26:55.472235795 +0200 @@ -39,35 +39,11 @@ #include #include #include +#include #include "../include/ecryptfs.h" #define PRIVATE_DIR "Private" -static void error(const char *msg) -{ - syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno); - switch (errno) { - case ENOKEY: - syslog(LOG_ERR, "%s: Requested key not available\n", msg); - return; - - case EKEYEXPIRED: - syslog(LOG_ERR, "%s: Key has expired\n", msg); - return; - - case EKEYREVOKED: - syslog(LOG_ERR, "%s: Key has been revoked\n", msg); - return; - - case EKEYREJECTED: - syslog(LOG_ERR, "%s: Key was rejected by service\n", msg); - return; - default: - syslog(LOG_ERR, "%s: Unknown key error\n", msg); - return; - } -} - /* returns: 0 if file does not exist, 1 if it exists, <0 for error */ static int file_exists_dotecryptfs(const char *homedir, char *filename) { @@ -87,7 +63,7 @@ out: return rc; } -static int wrap_passphrase_if_necessary(char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt) +static int wrap_passphrase_if_necessary(const char *username, uid_t uid, char *wrapped_pw_filename, char *passphrase, char *salt) { char *unwrapped_pw_filename = NULL; struct stat s; @@ -201,8 +177,6 @@ PAM_EXTERN int pam_sm_authenticate(pam_h if ((argc == 1) && (memcmp(argv[0], "unwrap\0", 7) == 0)) { char *wrapped_pw_filename; - char *unwrapped_pw_filename; - struct stat s; rc = asprintf( &wrapped_pw_filename, "%s/.ecryptfs/%s", @@ -294,8 +268,6 @@ static int private_dir(pam_handle_t *pam char *autoumount = "auto-umount"; struct stat s; pid_t pid; - struct utmp *u; - int count = 0; if ((pwd = fetch_pwd(pamh)) == NULL) { /* fetch_pwd() logged a message */ @@ -342,7 +314,7 @@ static int private_dir(pam_handle_t *pam if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { /* User has not recorded their passphrase */ unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); - symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); + rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666); close(fd); } @@ -413,7 +385,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand char *old_passphrase = NULL; char *new_passphrase = NULL; char *wrapped_pw_filename; - char *name = NULL; +// char *name = NULL; char salt[ECRYPTFS_SALT_SIZE]; char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; pid_t child_pid, tmp_pid; @@ -427,11 +399,11 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand if (pwd) { uid = pwd->pw_uid; homedir = pwd->pw_dir; - name = pwd->pw_name; +// name = pwd->pw_name; } } else { syslog(LOG_ERR, "Error getting passwd info for user [%s]; " - "rc = [%ld]\n", username, rc); + "rc = [%d]\n", username, rc); goto out; } saved_uid = geteuid(); diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs.c --- ecryptfs-utils-90/src/utils/mount.ecryptfs.c.werror 2011-08-11 10:26:55.468235767 +0200 +++ ecryptfs-utils-90/src/utils/mount.ecryptfs.c 2011-08-11 10:26:55.473235801 +0200 @@ -461,7 +461,7 @@ static int ecryptfs_do_mount(int argc, c { int rc; int flags = 0; - int num_opts = 0; +// int num_opts = 0; char *src = NULL, *targ = NULL, *opts = NULL, *new_opts = NULL, *temp; char *val; @@ -472,7 +472,7 @@ static int ecryptfs_do_mount(int argc, c rc = strip_userland_opts(opts); if (rc) goto out; - num_opts = ecryptfs_generate_mount_flags(opts, &flags); + ecryptfs_generate_mount_flags(opts, &flags); if (!(temp = strdup("ecryptfs_unlink_sigs"))) { rc = -ENOMEM; goto out; diff -up ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c --- ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c.werror 2011-08-11 10:26:55.461235723 +0200 +++ ecryptfs-utils-90/src/utils/mount.ecryptfs_private.c 2011-08-11 10:27:23.264417014 +0200 @@ -95,7 +95,6 @@ int read_config(char *pw_dir, int uid, c *s = strdup(e->mnt_fsname); if (!*s) return -2; -out: return 0; } @@ -300,7 +299,7 @@ int update_mtab(char *dev, char *mnt, ch goto fail_early; } - while (old_ent = getmntent(old_mtab)) { + while ((old_ent = getmntent(old_mtab))) { if (addmntent(new_mtab, old_ent) != 0) { perror("addmntent"); goto fail; diff -up ecryptfs-utils-90/src/utils/test.c.werror ecryptfs-utils-90/src/utils/test.c --- ecryptfs-utils-90/src/utils/test.c.werror 2010-12-17 18:34:04.000000000 +0100 +++ ecryptfs-utils-90/src/utils/test.c 2011-08-11 10:26:55.474235807 +0200 @@ -281,7 +281,7 @@ int ecryptfs_encrypt_page(int page_cache struct inode *lower_inode; struct ecryptfs_crypt_stat *crypt_stat; int rc = 0; - int lower_byte_offset; + int lower_byte_offset = 0; int orig_byte_offset = 0; int num_extents_per_page; #define ECRYPTFS_PAGE_STATE_UNREAD 0