Fix compiler warnings:

	* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)

diff --git a/ChangeLog b/ChangeLog
index 5805bd46ed21122097164539b8166932cc79fb1d..3474390e41e99d34f80fdbc75c422a80f89bc61f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2008-05-24  Nicolas François  <nicolas.francois@centraliens.net>
+
+       Fix compiler warnings:
+       * libmisc/audit_help.c: Include prototypes.h to get the prototype
+       of audit_help_open.
+       * libmisc/salt.c: Use booleans instead of negating integers.
+       * src/passwd.c: Declare the check_selinux_access prototype and
+       avoid name clashes (change_user -> changed_user; change_uid ->
+       changed_uid; access -> requested_access)
+
 2008-05-23  Nicolas François  <nicolas.francois@centraliens.net>
 
        * libmisc/pam_pass.c: Use fputs rather than fprintf for constant

diff --git a/libmisc/audit_help.c b/libmisc/audit_help.c
index 522deea082ca7a26f290b8d11ebca2214832e6da..3e936a7e56cd876cc319a4675f5057886419058e 100644 (file)
--- a/libmisc/audit_help.c
+++ b/libmisc/audit_help.c
@@ -44,6 +44,7 @@
 #include <libaudit.h>
 #include <errno.h>
 #include <stdio.h>
+#include "prototypes.h"
 int audit_fd;
 
 void audit_help_open (void)

diff --git a/libmisc/salt.c b/libmisc/salt.c
index cda89de50896e5ef174024864e16e791c16bb846..5b3a37631bfaa30aab55afe1fe5f056499759355 100644 (file)
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -220,14 +220,14 @@ char *crypt_make_salt (const char *meth, void *arg)
                method = getdef_bool ("MD5_CRYPT_ENAB") ? "MD5" : "DES";
        }
 
-       if (!strcmp (method, "MD5")) {
+       if (0 == strcmp (method, "MD5")) {
                MAGNUM(result, '1');
 #ifdef USE_SHA_CRYPT
-       } else if (!strcmp (method, "SHA256")) {
+       } else if (0 == strcmp (method, "SHA256")) {
                MAGNUM(result, '5');
                strcat(result, SHA_salt_rounds((int *)arg));
                salt_len = SHA_salt_size();
-       } else if (!strcmp (method, "SHA512")) {
+       } else if (0 == strcmp (method, "SHA512")) {
                MAGNUM(result, '6');
                strcat(result, SHA_salt_rounds((int *)arg));
                salt_len = SHA_salt_size();

diff --git a/src/passwd.c b/src/passwd.c
index bc12b2d54063f0b500d4aee555a3864135e46af3..009fb43ce5633f9c2786b0c1e2b56b7146384ffc 100644 (file)
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -142,6 +142,11 @@ static void update_noshadow (void);
 
 static void update_shadow (void);
 static long getnumber (const char *);
+#ifdef WITH_SELINUX
+static int check_selinux_access (const char *changed_user,
+                                 uid_t changed_uid,
+                                 access_vector_t requested_access);
+#endif
 
 /*
  * usage - print command usage and exit
@@ -619,8 +624,9 @@ static long getnumber (const char *numstr)
 }
 
 #ifdef WITH_SELINUX
-int
-check_selinux_access(const char *change_user, int change_uid, unsigned int access)
+static int check_selinux_access (const char *changed_user,
+                                 uid_t changed_uid,
+                                 access_vector_t requested_access)
 {
        int status = -1;
        security_context_t user_context;
@@ -642,15 +648,18 @@ check_selinux_access(const char *change_user, int change_uid, unsigned int acces
 
        /* if changing a password for an account with UID==0 or for an account
           where the identity matches then return success */
-       if (change_uid != 0 && strcmp(change_user, user) == 0) {
+       if (changed_uid != 0 && strcmp(changed_user, user) == 0) {
                status = 0;
        } else {
                struct av_decision avd;
                int retval;
-               retval = security_compute_av(user_context, user_context,
-                               SECCLASS_PASSWD, access, &avd);
+               retval = security_compute_av(user_context,
+                                            user_context,
+                                            SECCLASS_PASSWD,
+                                            requested_access,
+                                            &avd);
                if ((retval == 0) &&
-                       ((access & avd.allowed) == access)) {
+                   ((requested_access & avd.allowed) == requested_access)) {
                        status = 0;
                }
        }
@@ -897,23 +906,21 @@ int main (int argc, char **argv)
        /* only do this check when getuid()==0 because it's a pre-condition for
           changing a password without entering the old one */
        if ((is_selinux_enabled() > 0) && (getuid() == 0) &&
-         (check_selinux_access(name, pw->pw_uid, PASSWD__PASSWD) != 0))
-       {
+           (check_selinux_access (name, pw->pw_uid, PASSWD__PASSWD) != 0)) {
                security_context_t user_context;
                if (getprevcon(&user_context) < 0) {
                        user_context = strdup("Unknown user context");
                }
                syslog(LOG_ALERT,
-               "%s is not authorized to change the password of %s",
-               user_context, name);
-               fprintf(stderr, _("%s: %s is not authorized to change the "
-                       "password of %s\n"),
-               Prog, user_context, name);
+                      "%s is not authorized to change the password of %s",
+                      user_context, name);
+               fprintf(stderr,
+                       _("%s: %s is not authorized to change the password of %s\n"),
+                       Prog, user_context, name);
                freecon(user_context);
                exit(1);
        }
-
-#endif
+#endif /* WITH_SELINUX */
 
        /*
         * If the UID of the user does not match the current real UID,