DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Refactored configure.ac to use a custom macro for compiler flag checks.

Browse Source 
Set version to 2.0 (non-release candidate).
Minor typo fixes.
This commit is contained in:
Damien S. Stuart 2011-12-29 14:19:16 -05:00 committed by Damien S. Stuart
parent 99b1a48756
commit aff8832d66
7 changed files with 177 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -1,3 +1,4 @@
ACLOCAL_AMFLAGS = -I m4
if WANT_CLIENT
CLIENT_DIR = client
@ -38,7 +39,6 @@ EXTRA_DIST = \
android/project/nbproject/private/config.properties \
android/project/nbproject/genfiles.properties \
android/project/build.properties \
android/project/assets \
android/project/AndroidManifest.xml \
android/project/jni/fwknop/fwknop_client.c \
android/project/jni/fwknop/fwknop_client.h \

13
README
View File

@ -73,13 +73,12 @@ migrate to this version, there are some things to be aware of:
NOTE FOR DEVELOPERS
===================
If you are pulling this distribution from Subversion, you will need to
run the "autoreconf -i" the first time after unpacking. After that, you
can leave off the "-i" option of "autoreconf" when you want to regenerate
the configuration. If, for wome reason, autoreconf does not work for you,
you can try the "autogen.sh" script in the top of the distribution directory
in order to generate the autoconf (and other) meta files, and the `configure'
script.
If you are pulling this distribution from Subversion, you should run the
"autogen.sh" script to generate the autoconf files. If you get errors about
missing directories or files, try running "autogen.sh" again. After that
you can run the "autoreconf -i" when you want to regenerate the configuration.
If, for some reason, autoreconf does not work for you, the "autogen.sh"
script should suffice.
The fwknop and fwknopd man page nroff sources are included in their
respective directorys (client and server). These nroff files are derived

475
configure.ac
View File

@ -11,11 +11,12 @@ AC_PREREQ(2.62)
dnl Define our name, version and email.
m4_define(my_package, [fwknop])
m4_define(my_version, [2.0rc5])
m4_define(my_version, [2.0])
m4_define(my_bug_email, [dstuart@dstuart.org])
AC_INIT(my_package, my_version, my_bug_email)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_AUX_DIR(config)
AC_CANONICAL_TARGET
@ -39,104 +40,42 @@ AH_BOTTOM([
#endif /* FWKNOP_CONFIG_H */
])
dnl Decide whether or not to build the client
dnl FKO_CHECK_COMPILER_ARG([COMPILER FLAG])
dnl
want_client=yes
AC_ARG_ENABLE([client],
[AS_HELP_STRING([--disable-client],
[Do not build the fwknop client @<:@default is to build@:>@])],
[want_client=$enableval],
[])
AM_CONDITIONAL([WANT_CLIENT], [test "$want_client" = yes])
dnl Decide whether or not to build the server
dnl Macro to check compiler support for the given compiler option.
dnl Adds to CFLAGS and LDFLAGS if supported.
dnl
want_server=yes
AC_ARG_ENABLE([server],
[AS_HELP_STRING([--disable-server],
[Do not build the fwknop server @<:@default is to build@:>@])],
[want_server=$enableval],
[])
AM_CONDITIONAL([WANT_SERVER], [test "$want_server" = yes])
dnl Decide whether or not to enable the digest-cache
dnl The structure of this macro was adapted from OpenSSH.
dnl
want_digest_cache=yes
AC_ARG_ENABLE([digest-cache],
[AS_HELP_STRING([--disable-digest-cache],
[Do not enable the fwknopd digest-cache @<:@default is to build@:>@])],
[want_digest_cache=$enableval],
[])
dnl AM_CONDITIONAL([WANT_DIGEST_CACHE], [test "$want_digest_cache" = yes])
dnl Decide whether or not to try to look for gdbm/ndbm (default to just
dnl use a file-based solution - reduces dependencies)
dnl
want_file_cache=yes
AC_ARG_ENABLE([file-cache],
[AS_HELP_STRING([--disable-file-cache],
[Replace file cache with gdbm/ndbm @<:@default on@:>@])],
[want_file_cache=$enableval],
[])
AS_IF([test "$want_file_cache" = yes], [
AC_DEFINE([USE_FILE_CACHE], [1], [Define this to enable non-gdbm/ndbm digest storing (eliminates gdbm/ndbm dependency).])
])
dnl Decide whether or not to enable all warnings with -Wall
dnl
use_wall=yes
AC_ARG_ENABLE([wall],
[AS_HELP_STRING([--disable-wall],
[Do not enable all warnings via -Wall @<:@default is on@:>@])],
[use_wall=$enableval],
[])
dnl Decide whether or not to enable -fstack-protector
dnl
use_stack_protector=yes
AC_ARG_ENABLE([stack-protector],
[AS_HELP_STRING([--disable-stack-protector],
[Do not enable -fstack-protector @<:@default is on@:>@])],
[use_stack_protector=$enableval],
[])
dnl Decide whether or not to enable Position Independent Executable (PIE)
dnl support
dnl
use_pie=yes
AC_ARG_ENABLE([pie],
[AS_HELP_STRING([--disable-pie],
[Do not enable Position Independent Executable support @<:@default is on@:>@])],
[use_pie=$enableval],
[])
dnl Decide whether or not to enable -D_FORTIFY_SOURCE support
dnl
use_fortify_source=yes
AC_ARG_ENABLE([fortify-source],
[AS_HELP_STRING([--disable-fortify-source],
[Do not enable -D_FORTIFY_SOURCE support @<:@default is on@:>@])],
[use_fortify_source=$enableval],
[])
dnl Decide whether or not to use read-only relocations protection
dnl
use_ro_relocations=yes
AC_ARG_ENABLE([ro-relocations],
[AS_HELP_STRING([--disable-ro-relocations],
[Do not enable read-only relocations protection @<:@default is on@:>@])],
[use_ro_relocations=$enableval],
[])
dnl Decide whether or not to use immediate binding protection
dnl
use_immediate_binding=yes
AC_ARG_ENABLE([immediate-binding],
[AS_HELP_STRING([--disable-immediate-binding],
[Do not enable immediate binding protection @<:@default is on@:>@])],
[use_immediate_binding=$enableval],
[])
AC_DEFUN([FKO_CHECK_COMPILER_ARG], [
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $1 -Werror"
LDFLAGS="$LDFLAGS $1 -Werror"
AC_MSG_CHECKING([if $CC supports $1])
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[
CFLAGS="$saved_CFLAGS $1"
LDFLAGS="$saved_LDFLAGS $1"
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"],
[AC_MSG_WARN([cross compiling: cannot test])])
],
[AC_MSG_RESULT(no)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"]
)])dnl
AC_GNU_SOURCE
@ -149,16 +88,92 @@ AC_PROG_GREP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_PROG_LIBTOOL
case "$host" in
*-*-linux*)
;;
*-*-openbsd*)
AC_DEFINE_UNQUOTED([PLATFORM_OPENBSD], [1], [Define if you are running on OpenBSD])
;;
esac
dnl Decide whether or not to enable all warnings with -Wall
dnl
use_wall=yes
AC_ARG_ENABLE([wall],
[AS_HELP_STRING([--disable-wall],
[Do not enable all warnings via -Wall @<:@default is on@:>@])],
[use_wall=$enableval],
[])
if test "x$use_wall" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wall])
fi
dnl Check for security features offered by the compiler
dnl -fstack-protector-all doesn't always work for some GCC versions
dnl and/or platforms, so we test if we can. If it's not supported
dnl on a given platform gcc will emit a warning so we use -Werror.
dnl
dnl Decide whether or not to enable -fstack-protector
dnl
use_stack_protector=yes
AC_ARG_ENABLE([stack-protector],
[AS_HELP_STRING([--disable-stack-protector],
[Do not enable -fstack-protector @<:@default is on@:>@])],
[use_stack_protector=$enableval],
[])
if test "x$use_stack_protector" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-fstack-protector-all -fstack-protector])
fi
dnl Decide whether or not to enable Position Independent Executable (PIE)
dnl support
dnl
use_pie=yes
AC_ARG_ENABLE([pie],
[AS_HELP_STRING([--disable-pie],
[Do not enable Position Independent Executable support @<:@default is on@:>@])],
[use_pie=$enableval],
[])
if test "x$use_pie" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-fPIE -pie])
fi
dnl Decide whether or not to enable -D_FORTIFY_SOURCE support
dnl
use_fortify_source=yes
AC_ARG_ENABLE([fortify-source],
[AS_HELP_STRING([--disable-fortify-source],
[Do not enable -D_FORTIFY_SOURCE support @<:@default is on@:>@])],
[use_fortify_source=$enableval],
[])
if test "x$use_fortify_source" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-D_FORTIFY_SOURCE=2])
fi
dnl Decide whether or not to use read-only relocations protection
dnl
use_ro_relocations=yes
AC_ARG_ENABLE([ro-relocations],
[AS_HELP_STRING([--disable-ro-relocations],
[Do not enable read-only relocations protection @<:@default is on@:>@])],
[use_ro_relocations=$enableval],
[])
if test "x$use_ro_relocations" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wl,-z,relro])
fi
dnl Decide whether or not to use immediate binding protection
dnl
use_immediate_binding=yes
AC_ARG_ENABLE([immediate-binding],
[AS_HELP_STRING([--disable-immediate-binding],
[Do not enable immediate binding protection @<:@default is on@:>@])],
[use_immediate_binding=$enableval],
[])
if test "x$use_immediate_binding" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wl,-z,now])
fi
# Checks for header files.
#
@ -202,216 +217,56 @@ AC_CHECK_FUNCS([bzero gettimeofday memmove memset socket strchr strcspn strdup s
AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([inet_addr], [nsl])
# Add -Wall
#
if test "x$use_wall" = "xyes"; then
for t in -Wall; do
AC_MSG_CHECKING(if $CC supports $t)
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
case "$host" in
*-*-linux*)
;;
*-*-openbsd*)
AC_DEFINE_UNQUOTED([PLATFORM_OPENBSD], [1], [Define if you are running on OpenBSD])
;;
esac
# Check for security features offered by the compiler
#
dnl Decide whether or not to build the client
dnl
want_client=yes
AC_ARG_ENABLE([client],
[AS_HELP_STRING([--disable-client],
[Do not build the fwknop client @<:@default is to build@:>@])],
[want_client=$enableval],
[])
AM_CONDITIONAL([WANT_CLIENT], [test "$want_client" = yes])
# Adapted from OpenSSH:
# -fstack-protector-all doesn't always work for some GCC versions
# and/or platforms, so we test if we can. If it's not supported
# on a given platform gcc will emit a warning so we use -Werror.
if test "x$use_stack_protector" = "xyes"; then
for t in -fstack-protector-all -fstack-protector; do
AC_MSG_CHECKING(if $CC supports $t)
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
dnl Decide whether or not to build the server
dnl
want_server=yes
AC_ARG_ENABLE([server],
[AS_HELP_STRING([--disable-server],
[Do not build the fwknop server @<:@default is to build@:>@])],
[want_server=$enableval],
[])
AM_CONDITIONAL([WANT_SERVER], [test "$want_server" = yes])
if test "x$use_pie" = "xyes"; then
for t in "-fPIE -pie"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
dnl Decide whether or not to enable the digest-cache
dnl
want_digest_cache=yes
AC_ARG_ENABLE([digest-cache],
[AS_HELP_STRING([--disable-digest-cache],
[Do not enable the fwknopd digest-cache @<:@default is to build@:>@])],
[want_digest_cache=$enableval],
[])
dnl AM_CONDITIONAL([WANT_DIGEST_CACHE], [test "$want_digest_cache" = yes])
if test "x$use_fortify_source" = "xyes"; then
for t in "-D_FORTIFY_SOURCE=2"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_CFLAGS="$CFLAGS"
saved_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_ro_relocations" = "xyes"; then
for t in "-Wl,-z,relro"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_immediate_binding" = "xyes"; then
for t in "-Wl,-z,now"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
LDFLAGS="$saved_LDFLAGS"
done
fi
dnl Decide whether or not to try to look for gdbm/ndbm (default to just
dnl use a file-based solution - reduces dependencies)
dnl
want_file_cache=yes
AC_ARG_ENABLE([file-cache],
[AS_HELP_STRING([--disable-file-cache],
[Replace file cache with gdbm/ndbm @<:@default on@:>@])],
[want_file_cache=$enableval],
[])
AS_IF([test "$want_file_cache" = yes], [
AC_DEFINE([USE_FILE_CACHE], [1], [Define this to enable non-gdbm/ndbm digest storing (eliminates gdbm/ndbm dependency).])
])
# Check for 3rd-party libs
#

5
fwknop.spec
View File

@ -13,9 +13,8 @@
%define _mandir /usr/share/man
Name: fwknop
Version: 2.0rc5
# Uncomment this when the version becomes 2.0.0 (without the rcX).
#Epoch: 1
Version: 2.0
Epoch: 1
Release: 1%{?dist}
Summary: Firewall Knock Operator client. An implementation of Single Packet Authorization.

2
server/pcap_capture.c
View File

@ -158,7 +158,7 @@ pcap_capture(fko_srv_options_t *opts)
}
/* Initialize our signal handlers. You can check the return value for
* the number of signals that were *not* set. Those that we not set
* the number of signals that were *not* set. Those that were not set
* will be listed in the log/stderr output.
*/
if(set_sig_handlers() > 0)

2
server/process_packet.c
View File

@ -8,7 +8,7 @@
* Purpose: Packet parser/decoder for fwknopd server. Takes the raw packet
* data from libpcap and parses/extracts the packet data payload,
* then creates an FKO context with that data. If the context
* creation is successfull, it is queued for processing.
* creation is successful, it is queued for processing.
*
* Copyright 2010 Damien Stuart (dstuart@dstuart.org)
*

2
server/tcp_server.c
View File

@ -117,7 +117,7 @@ run_tcp_server(fko_srv_options_t *opts)
if(fcntl(s_sock, F_SETFL, sfd_flags) < 0)
{
log_msg(LOG_ERR, "run_tcp_server: fcntl F_SETFL error setting )_NONBLOCK: %s",
log_msg(LOG_ERR, "run_tcp_server: fcntl F_SETFL error setting O_NONBLOCK: %s",
strerror(errno));
exit(EXIT_FAILURE);
}