From: Sami Kerola <kerolasa@iki.fi>
Date: Sat, 24 Nov 2012 10:57:58 +0000 (+0000)
Subject: build-sys: reduce selinux and pam compiling scope when possible
X-Git-Tag: cronie1.4.10~15
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=30064cbbf0ed39c6ad4ab65582f1b4bea24a9f51;p=cronie

build-sys: reduce selinux and pam compiling scope when possible

This will fix following warnings, and makes compiled program to contain
less unnecessary references.

crontab.c:60:14: warning: 'selinux_context' defined but not used [-Wunused-variable]
security.c:188:12: warning: 'cron_open_pam_session' defined but not used [-Wunused-function]
security.c:250:12: warning: 'cron_authorize_context' defined but not used [-Wunused-function]
security.c:283:12: warning: 'cron_authorize_range' defined but not used [-Wunused-function]

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/src/crontab.c b/src/crontab.c
index 5b609ee..8123dc7 100644
--- a/src/crontab.c
+++ b/src/crontab.c
@@ -57,7 +57,9 @@ static char *getoptargs = "u:lerisnc";
 static char *getoptargs = "u:lerinc";
 # endif
 #endif
+#ifdef WITH_SELINUX
 static char *selinux_context = 0;
+#endif
 
 static PID_T Pid;
 static char User[MAX_UNAME], RealUser[MAX_UNAME];
@@ -206,13 +208,13 @@ static void parse_args(int argc, char *argv[]) {
 				fprintf(stderr, "must be privileged to use -u\n");
 				exit(ERROR_EXIT);
 			}
-
+#ifdef WITH_SELINUX
 			if (crontab_security_access() != 0) {
 				fprintf(stderr,
 					"Access denied by SELinux, must be privileged to use -u\n");
 				exit(ERROR_EXIT);
 			}
-
+#endif
 			if (Option == opt_hostset || Option == opt_hostget) {
 				fprintf(stderr,
 					"cannot use -u with -n or -c\n");
diff --git a/src/security.c b/src/security.c
index 6418258..e27bddc 100644
--- a/src/security.c
+++ b/src/security.c
@@ -185,18 +185,18 @@ int cron_start_pam(struct passwd *pw) {
 	return retcode;
 }
 
+#if defined(WITH_PAM)
 static int cron_open_pam_session(struct passwd *pw) {
-	int retcode = 0;
+	int retcode;
 
-#if defined(WITH_PAM)
 	retcode = pam_open_session(pamh, PAM_SILENT);
 	PAM_FAIL_CHECK;
 	if (retcode == PAM_SUCCESS)
 		pam_session_opened = 1;
-#endif
 
 	return retcode;
 }
+#endif
 
 void cron_close_pam(void) {
 #if defined(WITH_PAM)
@@ -247,9 +247,9 @@ int cron_change_user_permanently(struct passwd *pw, char *homedir) {
 }
 
 
+#ifdef WITH_SELINUX
 static int cron_authorize_context(security_context_t scontext,
 	security_context_t file_context) {
-#ifdef WITH_SELINUX
 	struct av_decision avd;
 	int retval;
 	security_class_t tclass;
@@ -276,13 +276,13 @@ static int cron_authorize_context(security_context_t scontext,
 		tclass, bit, &avd);
 	if (retval || ((bit & avd.allowed) != bit))
 		return 0;
-#endif
 	return 1;
 }
+#endif
 
+#ifdef WITH_SELINUX
 static int cron_authorize_range(security_context_t scontext,
 	security_context_t ucontext) {
-#ifdef WITH_SELINUX
 	struct av_decision avd;
 	int retval;
 	security_class_t tclass;
@@ -309,9 +309,9 @@ static int cron_authorize_range(security_context_t scontext,
 
 	if (retval || ((bit & avd.allowed) != bit))
 		return 0;
-#endif
 	return 1;
 }
+#endif
 
 #if WITH_SELINUX
 /* always uses u->scontext as the default process context, then changes the
@@ -450,10 +450,10 @@ static int cron_change_selinux_range(user * u, security_context_t ucontext) {
 }
 #endif
 
+#ifdef WITH_SELINUX
 int
 get_security_context(const char *name, int crontab_fd,
 	security_context_t * rcontext, const char *tabname) {
-#ifdef WITH_SELINUX
 	security_context_t scontext = NULL;
 	security_context_t file_context = NULL;
 	security_context_t rawcontext=NULL;
@@ -533,21 +533,21 @@ get_security_context(const char *name, int crontab_fd,
 	freecon(file_context);
 
 	*rcontext = scontext;
-#endif
 	return 0;
 }
+#endif
 
-void free_security_context(security_context_t * scontext) {
 #ifdef WITH_SELINUX
+void free_security_context(security_context_t * scontext) {
 	if (*scontext != NULL) {
 		freecon(*scontext);
 		*scontext = 0L;
 	}
-#endif
 }
+#endif
 
-int crontab_security_access(void) {
 #ifdef WITH_SELINUX
+int crontab_security_access(void) {
 	int selinux_check_passwd_access = -1;
 	if (is_selinux_enabled() > 0) {
 		security_context_t user_context;
@@ -587,9 +587,9 @@ int crontab_security_access(void) {
 
 		return selinux_check_passwd_access;
 	}
-#endif
 	return 0;
 }
+#endif
 
 /* Build up the job environment from the PAM environment plus the
 * crontab environment 
diff --git a/src/user.c b/src/user.c
index fb9d3b2..367f963 100644
--- a/src/user.c
+++ b/src/user.c
@@ -42,7 +42,9 @@ free_user (user * u) {
 		ne = e->next;
 		free_entry(e);
 	}
+#ifdef WITH_SELINUX
 	free_security_context(&(u->scontext));
+#endif
 	free(u);
 }
 
@@ -89,13 +91,14 @@ load_user (int crontab_fd, struct passwd *pw, const char *uname,
 		goto done;
 	}
 
+#ifdef WITH_SELINUX
 	if (get_security_context(pw == NULL ? NULL : uname,
 		crontab_fd, &u->scontext, tabname) != 0) {
 		free_user (u);
 		u = NULL;
 		goto done;
 	}
-
+#endif
 	/* load the crontab
 	*/
 	while ((status = load_env (envstr, file)) >= OK) {