build-sys: reduce selinux and pam compiling scope when possible

This will fix following warnings, and makes compiled program to contain
less unnecessary references.

crontab.c:60:14: warning: 'selinux_context' defined but not used [-Wunused-variable]
security.c:188:12: warning: 'cron_open_pam_session' defined but not used [-Wunused-function]
security.c:250:12: warning: 'cron_authorize_context' defined but not used [-Wunused-function]
security.c:283:12: warning: 'cron_authorize_range' defined but not used [-Wunused-function]

Signed-off-by: Sami Kerola <kerolasa@iki.fi>

diff --git a/src/crontab.c b/src/crontab.c
index 5b609eeea6ffc91560684c149ea2be55191e2063..8123dc7eab43f2a59491524df15dfb107b4c1690 100644 (file)
--- a/src/crontab.c
+++ b/src/crontab.c
@@ -57,7 +57,9 @@ static char *getoptargs = "u:lerisnc";
 static char *getoptargs = "u:lerinc";
 # endif
 #endif
+#ifdef WITH_SELINUX
 static char *selinux_context = 0;
+#endif
 
 static PID_T Pid;
 static char User[MAX_UNAME], RealUser[MAX_UNAME];
@@ -206,13 +208,13 @@ static void parse_args(int argc, char *argv[]) {
                                fprintf(stderr, "must be privileged to use -u\n");
                                exit(ERROR_EXIT);
                        }
-
+#ifdef WITH_SELINUX
                        if (crontab_security_access() != 0) {
                                fprintf(stderr,
                                        "Access denied by SELinux, must be privileged to use -u\n");
                                exit(ERROR_EXIT);
                        }
-
+#endif
                        if (Option == opt_hostset || Option == opt_hostget) {
                                fprintf(stderr,
                                        "cannot use -u with -n or -c\n");

diff --git a/src/security.c b/src/security.c
index 64182581cee1a8e90882a6b0fdd53c7d85801d02..e27bddc06b7d3276b64740d26e66b274b2da1cd1 100644 (file)
--- a/src/security.c
+++ b/src/security.c
@@ -185,18 +185,18 @@ int cron_start_pam(struct passwd *pw) {
        return retcode;
 }
 
+#if defined(WITH_PAM)
 static int cron_open_pam_session(struct passwd *pw) {
-       int retcode = 0;
+       int retcode;
 
-#if defined(WITH_PAM)
        retcode = pam_open_session(pamh, PAM_SILENT);
        PAM_FAIL_CHECK;
        if (retcode == PAM_SUCCESS)
                pam_session_opened = 1;
-#endif
 
        return retcode;
 }
+#endif
 
 void cron_close_pam(void) {
 #if defined(WITH_PAM)
@@ -247,9 +247,9 @@ int cron_change_user_permanently(struct passwd *pw, char *homedir) {
 }
 
 
+#ifdef WITH_SELINUX
 static int cron_authorize_context(security_context_t scontext,
        security_context_t file_context) {
-#ifdef WITH_SELINUX
        struct av_decision avd;
        int retval;
        security_class_t tclass;
@@ -276,13 +276,13 @@ static int cron_authorize_context(security_context_t scontext,
                tclass, bit, &avd);
        if (retval || ((bit & avd.allowed) != bit))
                return 0;
-#endif
        return 1;
 }
+#endif
 
+#ifdef WITH_SELINUX
 static int cron_authorize_range(security_context_t scontext,
        security_context_t ucontext) {
-#ifdef WITH_SELINUX
        struct av_decision avd;
        int retval;
        security_class_t tclass;
@@ -309,9 +309,9 @@ static int cron_authorize_range(security_context_t scontext,
 
        if (retval || ((bit & avd.allowed) != bit))
                return 0;
-#endif
        return 1;
 }
+#endif
 
 #if WITH_SELINUX
 /* always uses u->scontext as the default process context, then changes the
@@ -450,10 +450,10 @@ static int cron_change_selinux_range(user * u, security_context_t ucontext) {
 }
 #endif
 
+#ifdef WITH_SELINUX
 int
 get_security_context(const char *name, int crontab_fd,
        security_context_t * rcontext, const char *tabname) {
-#ifdef WITH_SELINUX
        security_context_t scontext = NULL;
        security_context_t file_context = NULL;
        security_context_t rawcontext=NULL;
@@ -533,21 +533,21 @@ get_security_context(const char *name, int crontab_fd,
        freecon(file_context);
 
        *rcontext = scontext;
-#endif
        return 0;
 }
+#endif
 
-void free_security_context(security_context_t * scontext) {
 #ifdef WITH_SELINUX
+void free_security_context(security_context_t * scontext) {
        if (*scontext != NULL) {
                freecon(*scontext);
                *scontext = 0L;
        }
-#endif
 }
+#endif
 
-int crontab_security_access(void) {
 #ifdef WITH_SELINUX
+int crontab_security_access(void) {
        int selinux_check_passwd_access = -1;
        if (is_selinux_enabled() > 0) {
                security_context_t user_context;
@@ -587,9 +587,9 @@ int crontab_security_access(void) {
 
                return selinux_check_passwd_access;
        }
-#endif
        return 0;
 }
+#endif
 
 /* Build up the job environment from the PAM environment plus the
 * crontab environment 

diff --git a/src/user.c b/src/user.c
index fb9d3b2c09c72555763ecfec4b0649b98f31fdba..367f96336083f6097b3cab30ed9663f08463d4b7 100644 (file)
--- a/src/user.c
+++ b/src/user.c
@@ -42,7 +42,9 @@ free_user (user * u) {
                ne = e->next;
                free_entry(e);
        }
+#ifdef WITH_SELINUX
        free_security_context(&(u->scontext));
+#endif
        free(u);
 }
 
@@ -89,13 +91,14 @@ load_user (int crontab_fd, struct passwd *pw, const char *uname,
                goto done;
        }
 
+#ifdef WITH_SELINUX
        if (get_security_context(pw == NULL ? NULL : uname,
                crontab_fd, &u->scontext, tabname) != 0) {
                free_user (u);
                u = NULL;
                goto done;
        }
-
+#endif
        /* load the crontab
        */
        while ((status = load_env (envstr, file)) >= OK) {