Run our #else/#endif annotator on our source code.

c1deabd3 · Nick Mathewson · 7a597718 · c1deabd3 · c1deabd3 · c1deabd3
Commit c1deabd3 authored Sep 15, 2017 by Nick Mathewson 🎨
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -33,7 +33,7 @@
 #include <process.h>
 #include <windows.h>
 #include <iphlpapi.h>
-#endif
+#endif /* defined(_WIN32) */

 #include "compat.h"
 #include "util.h"
@@ -198,7 +198,7 @@ tor_sockaddr_to_str(const struct sockaddr *sa)
    tor_asprintf(&result, "unix:%s", s_un->sun_path);
    return result;
  }
-#endif
+#endif /* defined(HAVE_SYS_UN_H) */
  if (sa->sa_family == AF_UNSPEC)
    return tor_strdup("unspec");

@@ -305,7 +305,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
      return result;
    }
    return (err == EAI_AGAIN) ? 1 : -1;
-#else
+#else /* !(defined(HAVE_GETADDRINFO)) */
    struct hostent *ent;
    int err;
 #ifdef HAVE_GETHOSTBYNAME_R_6_ARG
@@ -330,7 +330,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
 #else
    err = h_errno;
 #endif
-#endif /* endif HAVE_GETHOSTBYNAME_R_6_ARG. */
+#endif /* defined(HAVE_GETHOSTBYNAME_R_6_ARG) || ... */
    if (ent) {
      if (ent->h_addrtype == AF_INET) {
        tor_addr_from_in(addr, (struct in_addr*) ent->h_addr);
@@ -346,7 +346,7 @@ tor_addr_lookup,(const char *name, uint16_t family, tor_addr_t *addr))
 #else
    return (err == TRY_AGAIN) ? 1 : -1;
 #endif
-#endif
+#endif /* defined(HAVE_GETADDRINFO) */
  }
 }

@@ -1409,7 +1409,7 @@ get_interface_addresses_ifaddrs(int severity, sa_family_t family)

  return result;
 }
-#endif
+#endif /* defined(HAVE_IFADDRS_TO_SMARTLIST) */

 #ifdef HAVE_IP_ADAPTER_TO_SMARTLIST

@@ -1500,7 +1500,7 @@ get_interface_addresses_win32(int severity, sa_family_t family)
  return result;
 }

-#endif
+#endif /* defined(HAVE_IP_ADAPTER_TO_SMARTLIST) */

 #ifdef HAVE_IFCONF_TO_SMARTLIST

@@ -1602,7 +1602,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
  tor_free(ifc.ifc_buf);
  return result;
 }
-#endif
+#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */

 /** Try to ask our network interfaces what addresses they are bound to.
 * Return a new smartlist of tor_addr_t on success, and NULL on failure.

--- a/src/common/address.h
+++ b/src/common/address.h
@@ -44,7 +44,7 @@
 #endif

 // TODO win32 specific includes
-#endif // ADDRESS_PRIVATE
+#endif /* defined(ADDRESS_PRIVATE) */

 /** The number of bits from an address to consider while doing a masked
 * comparison. */
@@ -358,23 +358,23 @@ STATIC smartlist_t *ifaddrs_to_smartlist(const struct ifaddrs *ifa,
                                         sa_family_t family);
 STATIC smartlist_t *get_interface_addresses_ifaddrs(int severity,
                                                    sa_family_t family);
-#endif
+#endif /* defined(HAVE_IFADDRS_TO_SMARTLIST) */

 #ifdef HAVE_IP_ADAPTER_TO_SMARTLIST
 STATIC smartlist_t *ip_adapter_addresses_to_smartlist(
                                        const IP_ADAPTER_ADDRESSES *addresses);
 STATIC smartlist_t *get_interface_addresses_win32(int severity,
                                                  sa_family_t family);
-#endif
+#endif /* defined(HAVE_IP_ADAPTER_TO_SMARTLIST) */

 #ifdef HAVE_IFCONF_TO_SMARTLIST
 STATIC smartlist_t *ifreq_to_smartlist(char *ifr,
                                       size_t buflen);
 STATIC smartlist_t *get_interface_addresses_ioctl(int severity,
                                                  sa_family_t family);
-#endif
+#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */

-#endif // ADDRESS_PRIVATE
+#endif /* defined(ADDRESS_PRIVATE) */

-#endif
+#endif /* !defined(TOR_ADDRESS_H) */

--- a/src/common/aes.c
+++ b/src/common/aes.c
@@ -70,7 +70,7 @@ ENABLE_GCC_WARNING(redundant-decls)

 #define USE_EVP_AES_CTR

-#endif
+#endif /* OPENSSL_VERSION_NUMBER >= OPENSSL_V_NOPATCH(1,1,0) || ... */

 /* We have 2 strategies for getting the AES block cipher: Via OpenSSL's
 * AES_encrypt function, or via OpenSSL's EVP_EncryptUpdate function.
@@ -142,7 +142,7 @@ evaluate_ctr_for_aes(void)
 {
  return 0;
 }
-#else
+#else /* !(defined(USE_EVP_AES_CTR)) */

 /*======================================================================*/
 /* Interface to AES code, and counter implementation */
@@ -163,7 +163,7 @@ struct aes_cnt_cipher {
  uint32_t counter2;
  uint32_t counter1;
  uint32_t counter0;
-#endif
+#endif /* !defined(WORDS_BIGENDIAN) */

  union {
    /** The counter, in big-endian order, as bytes. */
@@ -212,7 +212,7 @@ evaluate_evp_for_aes(int force_val)
    log_info(LD_CRYPTO, "No AES engine found; using AES_* functions.");
    should_use_EVP = 0;
  }
-#endif
+#endif /* defined(DISABLE_ENGINES) */

  return 0;
 }
@@ -312,7 +312,7 @@ aes_set_key(aes_cnt_cipher_t *cipher, const uint8_t *key, int key_bits)
  cipher->counter1 = 0;
  cipher->counter2 = 0;
  cipher->counter3 = 0;
-#endif
+#endif /* defined(USING_COUNTER_VARS) */

  memset(cipher->ctr_buf.buf, 0, sizeof(cipher->ctr_buf.buf));

@@ -341,7 +341,7 @@ aes_cipher_free(aes_cnt_cipher_t *cipher)
  STMT_END
 #else
 #define UPDATE_CTR_BUF(c, n)
-#endif
+#endif /* defined(USING_COUNTER_VARS) */

 /* Helper function to use EVP with openssl's counter-mode wrapper. */
 static void
@@ -396,10 +396,10 @@ aes_set_iv(aes_cnt_cipher_t *cipher, const uint8_t *iv)
  cipher->counter2 = ntohl(get_uint32(iv+4));
  cipher->counter1 = ntohl(get_uint32(iv+8));
  cipher->counter0 = ntohl(get_uint32(iv+12));
-#endif
+#endif /* defined(USING_COUNTER_VARS) */
  cipher->pos = 0;
  memcpy(cipher->ctr_buf.buf, iv, 16);
 }

-#endif
+#endif /* defined(USE_EVP_AES_CTR) */

--- a/src/common/aes.h
+++ b/src/common/aes.h
@@ -23,5 +23,5 @@ void aes_crypt_inplace(aes_cnt_cipher_t *cipher, char *data, size_t len);
 int evaluate_evp_for_aes(int force_value);
 int evaluate_ctr_for_aes(void);

-#endif
+#endif /* !defined(TOR_AES_H) */

--- a/src/common/backtrace.c
+++ b/src/common/backtrace.c
@@ -37,7 +37,7 @@
 #include <sys/ucontext.h>
 #elif defined(HAVE_UCONTEXT_H)
 #include <ucontext.h>
-#endif
+#endif /* defined(HAVE_CYGWIN_SIGNAL_H) || ... */

 #define EXPOSE_CLEAN_BACKTRACE
 #include "backtrace.h"
@@ -81,16 +81,16 @@ clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx)
  const size_t n = 2;
 #else
  const size_t n = 1;
-#endif
+#endif /* defined(__linux__) || ... */
  if (depth <= n)
    return;

  stack[n] = (void*) ctx->PC_FROM_UCONTEXT;
-#else
+#else /* !(defined(PC_FROM_UCONTEXT)) */
  (void) depth;
  (void) ctx;
  (void) stack;
-#endif
+#endif /* defined(PC_FROM_UCONTEXT) */
 }

 /** Log a message <b>msg</b> at <b>severity</b> in <b>domain</b>, and follow
@@ -202,7 +202,7 @@ remove_bt_handler(void)
 {
  tor_mutex_uninit(&cb_buf_mutex);
 }
-#endif
+#endif /* defined(USE_BACKTRACE) */

 #ifdef NO_BACKTRACE_IMPL
 void
@@ -221,7 +221,7 @@ static void
 remove_bt_handler(void)
 {
 }
-#endif
+#endif /* defined(NO_BACKTRACE_IMPL) */

 /** Set up code to handle generating error messages on crashes. */
 int

--- a/src/common/backtrace.h
+++ b/src/common/backtrace.h
@@ -15,7 +15,7 @@ void clean_up_backtrace_handler(void);
  defined(HAVE_BACKTRACE_SYMBOLS_FD) && defined(HAVE_SIGACTION)
 void clean_backtrace(void **stack, size_t depth, const ucontext_t *ctx);
 #endif
-#endif
+#endif /* defined(EXPOSE_CLEAN_BACKTRACE) */

-#endif
+#endif /* !defined(TOR_BACKTRACE_H) */

--- a/src/common/buffers.c
+++ b/src/common/buffers.c
@@ -39,7 +39,7 @@
 #define check() STMT_BEGIN buf_assert_ok(buf); STMT_END
 #else
 #define check() STMT_NIL
-#endif
+#endif /* defined(PARANOIA) */

 /* Implementation notes:
 *
@@ -98,7 +98,7 @@
    DBG_S(tor_assert(a == b));                                          \
    memset(a,0,SENTINEL_LEN);                                           \
  } while (0)
-#endif
+#endif /* defined(DISABLE_MEMORY_SENTINELS) */

 /** Move all bytes stored in <b>chunk</b> to the front of <b>chunk</b>->mem,
 * to free up space at the end. */
@@ -311,7 +311,7 @@ buf_new_with_data(const char *cp, size_t sz)

  return buf;
 }
-#endif
+#endif /* defined(TOR_UNIT_TESTS) */

 /** Remove the first <b>n</b> bytes from buf. */
 void

--- a/src/common/buffers.h
+++ b/src/common/buffers.h
@@ -119,7 +119,7 @@ CHUNK_WRITE_PTR(chunk_t *chunk)
  return chunk->data + chunk->datalen;
 }

-#endif
+#endif /* defined(BUFFERS_PRIVATE) */

-#endif
+#endif /* !defined(TOR_BUFFERS_H) */

--- a/src/common/buffers_tls.h
+++ b/src/common/buffers_tls.h
@@ -15,5 +15,5 @@ int buf_read_from_tls(struct buf_t *buf,
 int buf_flush_to_tls(struct buf_t *buf, struct tor_tls_t *tls,
                     size_t sz, size_t *buf_flushlen);

-#endif
+#endif /* !defined(TOR_BUFFERS_TLS_H) */

--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -88,12 +88,12 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt)
  while (cnt--)
    *vcptr++ = 0;
 }
-#endif
+#endif /* defined(HAVE_DECL_SECUREZEROMEMORY) && !HAVE_DECL_SECUREZEROMEMORY */
 #elif defined(HAVE_READPASSPHRASE_H)
 #include <readpassphrase.h>
 #else
 #include "tor_readpassphrase.h"
-#endif
+#endif /* defined(_WIN32) || ... */

 /* Includes for the process attaching prevention */
 #if defined(HAVE_SYS_PRCTL_H) && defined(__linux__)
@@ -102,7 +102,7 @@ SecureZeroMemory(PVOID ptr, SIZE_T cnt)
 #elif defined(__APPLE__)
 #include <sys/types.h>
 #include <sys/ptrace.h>
-#endif
+#endif /* defined(HAVE_SYS_PRCTL_H) && defined(__linux__) || ... */

 #ifdef HAVE_NETDB_H
 #include <netdb.h>
@@ -161,7 +161,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
   * are running on one without. */
  if (errno != EINVAL)
    return -1;
-#endif
+#endif /* defined(O_CLOEXEC) */

  log_debug(LD_FS, "Opening %s with flags %x", p, flags);
  fd = open(p, flags, mode);
@@ -173,7 +173,7 @@ tor_open_cloexec(const char *path, int flags, unsigned mode)
      return -1;
    }
  }
-#endif
+#endif /* defined(FD_CLOEXEC) */
  return fd;
 }

@@ -191,7 +191,7 @@ tor_fopen_cloexec(const char *path, const char *mode)
      return NULL;
    }
  }
-#endif
+#endif /* defined(FD_CLOEXEC) */
  return result;
 }

@@ -451,7 +451,7 @@ tor_munmap_file(tor_mmap_t *handle)
  /* Can't fail in this mmap()/munmap()-free case */
  return 0;
 }
-#endif
+#endif /* defined(COMPAT_HAS_MMAN_AND_PAGESIZE) || ... || ... */

 /** Replacement for snprintf.  Differs from platform snprintf in two
 * ways: First, always NUL-terminates its output.  Second, always
@@ -591,7 +591,7 @@ tor_vasprintf(char **strp, const char *fmt, va_list args)
  }
  *strp = strp_tmp;
  return len;
-#endif
+#endif /* defined(HAVE_VASPRINTF) || ... */
 }

 /** Given <b>hlen</b> bytes at <b>haystack</b> and <b>nlen</b> bytes at
@@ -637,7 +637,7 @@ tor_memmem(const void *_haystack, size_t hlen,
    }
  }
  return NULL;
-#endif
+#endif /* defined(HAVE_MEMMEM) && (!defined(__GNUC__) || __GNUC__ >= 2) */
 }

 /**
@@ -775,7 +775,7 @@ tor_fix_source_file(const char *fname)
  }
  return r;
 }
-#endif
+#endif /* defined(_WIN32) */

 /**
 * Read a 16-bit value beginning at <b>cp</b>.  Equivalent to
@@ -869,7 +869,7 @@ replace_file(const char *from, const char *to)
      return -1;
    }
  return tor_rename(from,to);
-#endif
+#endif /* !defined(_WIN32) */
 }

 /** Change <b>fname</b>'s modification time to now. */
@@ -955,7 +955,7 @@ tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
      return NULL;
    }
  }
-#endif
+#endif /* defined(_WIN32) || ... */

  result = tor_malloc(sizeof(tor_lockfile_t));
  result->filename = tor_strdup(filename);
@@ -983,7 +983,7 @@ tor_lockfile_unlock(tor_lockfile_t *lockfile)
  }
 #else
  /* Closing the lockfile is sufficient. */
-#endif
+#endif /* defined(_WIN32) || ... */

  close(lockfile->fd);
  lockfile->fd = -1;
@@ -1031,9 +1031,9 @@ tor_fd_seekend(int fd)
   * no need to worry. */
  if (rc < 0 && errno == ESPIPE)
    rc = 0;
-#endif
+#endif /* defined(ESPIPE) */
  return (rc < 0) ? -1 : 0;
-#endif
+#endif /* defined(_WIN32) */
 }

 /** Move <b>fd</b> to position <b>pos</b> in the file. Return -1 on error, 0
@@ -1072,7 +1072,7 @@ tor_ftruncate(int fd)
 static bitarray_t *open_sockets = NULL;
 /** The size of <b>open_sockets</b>, in bits. */
 static int max_socket = -1;
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */

 /** Count of number of sockets currently open.  (Undercounts sockets opened by
 * eventdns and libevent.) */
@@ -1142,7 +1142,7 @@ tor_close_socket,(tor_socket_t s))
    tor_assert(open_sockets && s <= max_socket);
    bitarray_clear(open_sockets, s);
  }
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */
  if (r == 0) {
    --n_sockets_open;
  } else {
@@ -1152,7 +1152,7 @@ tor_close_socket,(tor_socket_t s))
 #else
    if (r != EBADF)
      --n_sockets_open; // LCOV_EXCL_LINE -- EIO and EINTR too hard to force.
-#endif
+#endif /* defined(_WIN32) */
    r = -1;
  }

@@ -1185,9 +1185,9 @@ mark_socket_open(tor_socket_t s)
  }
  bitarray_set(open_sockets, s);
 }
-#else
+#else /* !(defined(DEBUG_SOCKET_COUNTING)) */
 #define mark_socket_open(s) STMT_NIL
-#endif
+#endif /* defined(DEBUG_SOCKET_COUNTING) */
 /** @} */

 /** As socket(), but counts the number of open sockets. */
@@ -1245,7 +1245,7 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
   * support, we are running on one without. */
  if (errno != EINVAL)
    return s;
-#endif /* SOCK_CLOEXEC && SOCK_NONBLOCK */
+#endif /* defined(SOCK_CLOEXEC) && defined(SOCK_NONBLOCK) */

  s = socket(domain, type, protocol);
  if (! SOCKET_OK(s))
@@ -1259,9 +1259,9 @@ tor_open_socket_with_extensions(int domain, int type, int protocol,
      return TOR_INVALID_SOCKET;
    }
  }
-#else
+#else /* !(defined(FD_CLOEXEC)) */
  (void)cloexec;
-#endif
+#endif /* defined(FD_CLOEXEC) */

  if (nonblock) {
    if (set_socket_nonblocking(s) == -1) {
@@ -1330,7 +1330,7 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
   * we are missing SOCK_CLOEXEC/SOCK_NONBLOCK support. */
  if (errno != EINVAL && errno != ENOSYS)
    return s;
-#endif
+#endif /* defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC) ... */

  s = accept(sockfd, addr, len);
  if (!SOCKET_OK(s))
@@ -1344,9 +1344,9 @@ tor_accept_socket_with_extensions(tor_socket_t sockfd, struct sockaddr *addr,
      return TOR_INVALID_SOCKET;
    }
  }
-#else
+#else /* !(defined(FD_CLOEXEC)) */
  (void)cloexec;
-#endif
+#endif /* defined(FD_CLOEXEC) */

  if (nonblock) {
    if (set_socket_nonblocking(s) == -1) {
@@ -1406,7 +1406,7 @@ set_socket_nonblocking(tor_socket_t sock)
    log_warn(LD_NET, "Couldn't set file status flags: %s", strerror(errno));
    return -1;
  }
-#endif
+#endif /* defined(_WIN32) */

  return 0;
 }
@@ -1444,7 +1444,7 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
   * are running on one without. */
  if (errno != EINVAL)
    return -errno;
-#endif
+#endif /* defined(SOCK_CLOEXEC) */

  r = socketpair(family, type, protocol, fd);
  if (r < 0)
@@ -1467,7 +1467,7 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
      return -errno;
    }
  }
-#endif
+#endif /* defined(FD_CLOEXEC) */
  goto sockets_ok; /* So that sockets_ok will not be unused. */

 sockets_ok:
@@ -1483,9 +1483,9 @@ tor_socketpair(int family, int type, int protocol, tor_socket_t fd[2])
  socket_accounting_unlock();

  return 0;
-#else
+#else /* !(defined(HAVE_SOCKETPAIR) && !defined(_WIN32)) */
  return tor_ersatz_socketpair(family, type, protocol, fd);
-#endif
+#endif /* defined(HAVE_SOCKETPAIR) && !defined(_WIN32) */
 }

 #ifdef NEED_ERSATZ_SOCKETPAIR
@@ -1642,7 +1642,7 @@ tor_ersatz_socketpair(int family, int type, int protocol, tor_socket_t fd[2])

 #undef SIZEOF_SOCKADDR

-#endif
+#endif /* defined(NEED_ERSATZ_SOCKETPAIR) */

 /* Return the maximum number of allowed sockets. */
 int
@@ -1696,7 +1696,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
 #else
  const char *platform = "unknown platforms with no getrlimit()";
  const unsigned long MAX_CONNECTIONS = 15000;
-#endif
+#endif /* defined(CYGWIN) || defined(__CYGWIN__) || ... */
  log_fn(LOG_INFO, LD_NET,
         "This platform is missing getrlimit(). Proceeding.");
  if (limit > MAX_CONNECTIONS) {
@@ -1707,7 +1707,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
    return -1;
  }
  limit = MAX_CONNECTIONS;
-#else /* HAVE_GETRLIMIT */
+#else /* !(!defined(HAVE_GETRLIMIT)) */
  struct rlimit rlim;

  if (getrlimit(RLIMIT_NOFILE, &rlim) != 0) {
@@ -1756,7 +1756,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
        bad = 0;
      }
    }
-#endif /* OPEN_MAX */
+#endif /* defined(OPEN_MAX) */
    if (bad) {
      log_warn(LD_CONFIG,"Couldn't set maximum number of file descriptors: %s",
               strerror(errno));
@@ -1765,7 +1765,7 @@ set_max_file_descriptors(rlim_t limit, int *max_out)
  }
  /* leave some overhead for logs, etc, */
  limit = rlim.rlim_cur;
-#endif /* HAVE_GETRLIMIT */
+#endif /* !defined(HAVE_GETRLIMIT) */

  if (limit > INT_MAX)
    limit = INT_MAX;
@@ -1803,7 +1803,7 @@ log_credential_status(void)
           "UID is %u (real), %u (effective), %u (saved)",
           (unsigned)ruid, (unsigned)euid, (unsigned)suid);
  }
-#else
+#else /* !(defined(HAVE_GETRESUID)) */
  /* getresuid is not present on MacOS X, so we can't get the saved (E)UID */
  ruid = getuid();
  euid = geteuid();
@@ -1812,7 +1812,7 @@ log_credential_status(void)
  log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
         "UID is %u (real), %u (effective), unknown (saved)",
         (unsigned)ruid, (unsigned)euid);
-#endif
+#endif /* defined(HAVE_GETRESUID) */

  /* log GIDs */
 #ifdef HAVE_GETRESGID
@@ -1824,7 +1824,7 @@ log_credential_status(void)
           "GID is %u (real), %u (effective), %u (saved)",
           (unsigned)rgid, (unsigned)egid, (unsigned)sgid);
  }
-#else
+#else /* !(defined(HAVE_GETRESGID)) */
  /* getresgid is not present on MacOS X, so we can't get the saved (E)GID */
  rgid = getgid();
  egid = getegid();
@@ -1832,7 +1832,7 @@ log_credential_status(void)
  log_fn(CREDENTIAL_LOG_LEVEL, LD_GENERAL,
         "GID is %u (real), %u (effective), unknown (saved)",
         (unsigned)rgid, (unsigned)egid);
-#endif
+#endif /* defined(HAVE_GETRESGID) */

  /* log supplementary groups */
  sup_gids_size = 64;
@@ -1872,7 +1872,7 @@ log_credential_status(void)

  return 0;
 }
-#endif
+#endif /* !defined(_WIN32) */

 #ifndef _WIN32
 /** Cached struct from the last getpwname() call we did successfully. */
@@ -1972,7 +1972,7 @@ tor_getpwuid(uid_t uid)

  return NULL;
 }
-#endif
+#endif /* !defined(_WIN32) */

 /** Return true iff we were compiled with capability support, and capabilities
 * seem to work. **/
@@ -1985,9 +1985,9 @@ have_capability_support(void)
    return 0;
  cap_free(caps);
  return 1;
-#else
+#else /* !(defined(HAVE_LINUX_CAPABILITIES)) */
  return 0;
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */
 }

 #ifdef HAVE_LINUX_CAPABILITIES
@@ -2046,7 +2046,7 @@ drop_capabilities(int pre_setuid)

  return 0;
 }
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */

 /** Call setuid and setgid to run as <b>user</b> and switch to their
 * primary group.  Return 0 on success.  On failure, log and return -1.
@@ -2096,13 +2096,13 @@ switch_id(const char *user, const unsigned flags)
    if (drop_capabilities(1))
      return -1;
  }
-#else
+#else /* !(defined(HAVE_LINUX_CAPABILITIES)) */
  (void) keep_bindlow;
  if (warn_if_no_caps) {
    log_warn(LD_CONFIG, "KeepBindCapabilities set, but no capability support "
             "on this system.");
  }
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */

  /* Properly switch egid,gid,euid,uid here or bail out */
  if (setgroups(1, &pw->pw_gid)) {
@@ -2162,7 +2162,7 @@ switch_id(const char *user, const unsigned flags)
    if (drop_capabilities(0))
      return -1;
  }
-#endif
+#endif /* defined(HAVE_LINUX_CAPABILITIES) */

 #if !defined(CYGWIN) && !defined(__CYGWIN__)
  /* If we tried to drop privilege to a group/user other than root, attempt to
@@ -2186,7 +2186,7 @@ switch_id(const char *user, const unsigned flags)
      return -1;
    }
  }