DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

Refactored configure.ac to use a custom macro for compiler flag checks.

Browse Source 
Set version to 2.0 (non-release candidate).
Minor typo fixes.
This commit is contained in:
Damien S. Stuart 2011-12-29 14:19:16 -05:00 committed by Damien S. Stuart
parent 99b1a48756
commit aff8832d66
7 changed files with 177 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -1,3 +1,4 @@
ACLOCAL_AMFLAGS = -I m4
if WANT_CLIENT if WANT_CLIENT
CLIENT_DIR = client CLIENT_DIR = client
@ -38,7 +39,6 @@ EXTRA_DIST = \
android/project/nbproject/private/config.properties \ android/project/nbproject/private/config.properties \
android/project/nbproject/genfiles.properties \ android/project/nbproject/genfiles.properties \
android/project/build.properties \ android/project/build.properties \
android/project/assets \
android/project/AndroidManifest.xml \ android/project/AndroidManifest.xml \
android/project/jni/fwknop/fwknop_client.c \ android/project/jni/fwknop/fwknop_client.c \
android/project/jni/fwknop/fwknop_client.h \ android/project/jni/fwknop/fwknop_client.h \

13
README
View File

@ -73,13 +73,12 @@ migrate to this version, there are some things to be aware of:
NOTE FOR DEVELOPERS NOTE FOR DEVELOPERS
=================== ===================
If you are pulling this distribution from Subversion, you will need to If you are pulling this distribution from Subversion, you should run the
run the "autoreconf -i" the first time after unpacking. After that, you "autogen.sh" script to generate the autoconf files. If you get errors about
can leave off the "-i" option of "autoreconf" when you want to regenerate missing directories or files, try running "autogen.sh" again. After that
the configuration. If, for wome reason, autoreconf does not work for you, you can run the "autoreconf -i" when you want to regenerate the configuration.
you can try the "autogen.sh" script in the top of the distribution directory If, for some reason, autoreconf does not work for you, the "autogen.sh"
in order to generate the autoconf (and other) meta files, and the `configure' script should suffice.
script.
The fwknop and fwknopd man page nroff sources are included in their The fwknop and fwknopd man page nroff sources are included in their
respective directorys (client and server). These nroff files are derived respective directorys (client and server). These nroff files are derived

475
configure.ac
View File

@ -11,11 +11,12 @@ AC_PREREQ(2.62)
dnl Define our name, version and email. dnl Define our name, version and email.
m4_define(my_package, [fwknop]) m4_define(my_package, [fwknop])
m4_define(my_version, [2.0rc5]) m4_define(my_version, [2.0])
m4_define(my_bug_email, [dstuart@dstuart.org]) m4_define(my_bug_email, [dstuart@dstuart.org])
AC_INIT(my_package, my_version, my_bug_email) AC_INIT(my_package, my_version, my_bug_email)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_AUX_DIR(config) AC_CONFIG_AUX_DIR(config)
AC_CANONICAL_TARGET AC_CANONICAL_TARGET
@ -39,104 +40,42 @@ AH_BOTTOM([
#endif /* FWKNOP_CONFIG_H */ #endif /* FWKNOP_CONFIG_H */
]) ])
dnl Decide whether or not to build the client dnl FKO_CHECK_COMPILER_ARG([COMPILER FLAG])
dnl dnl
want_client=yes dnl Macro to check compiler support for the given compiler option.
AC_ARG_ENABLE([client], dnl Adds to CFLAGS and LDFLAGS if supported.
[AS_HELP_STRING([--disable-client],
[Do not build the fwknop client @<:@default is to build@:>@])],
[want_client=$enableval],
[])
AM_CONDITIONAL([WANT_CLIENT], [test "$want_client" = yes])
dnl Decide whether or not to build the server
dnl dnl
want_server=yes dnl The structure of this macro was adapted from OpenSSH.
AC_ARG_ENABLE([server],
[AS_HELP_STRING([--disable-server],
[Do not build the fwknop server @<:@default is to build@:>@])],
[want_server=$enableval],
[])
AM_CONDITIONAL([WANT_SERVER], [test "$want_server" = yes])
dnl Decide whether or not to enable the digest-cache
dnl dnl
want_digest_cache=yes AC_DEFUN([FKO_CHECK_COMPILER_ARG], [
AC_ARG_ENABLE([digest-cache], saved_CFLAGS="$CFLAGS"
[AS_HELP_STRING([--disable-digest-cache], saved_LDFLAGS="$LDFLAGS"
[Do not enable the fwknopd digest-cache @<:@default is to build@:>@])], CFLAGS="$CFLAGS $1 -Werror"
[want_digest_cache=$enableval], LDFLAGS="$LDFLAGS $1 -Werror"
[]) AC_MSG_CHECKING([if $CC supports $1])
dnl AM_CONDITIONAL([WANT_DIGEST_CACHE], [test "$want_digest_cache" = yes]) AC_LINK_IFELSE(
[AC_LANG_SOURCE([
dnl Decide whether or not to try to look for gdbm/ndbm (default to just #include <stdio.h>
dnl use a file-based solution - reduces dependencies) int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
dnl ])],
want_file_cache=yes [
AC_ARG_ENABLE([file-cache], CFLAGS="$saved_CFLAGS $1"
[AS_HELP_STRING([--disable-file-cache], LDFLAGS="$saved_LDFLAGS $1"
[Replace file cache with gdbm/ndbm @<:@default on@:>@])], AC_RUN_IFELSE(
[want_file_cache=$enableval], [AC_LANG_SOURCE([
[]) #include <stdio.h>
AS_IF([test "$want_file_cache" = yes], [ int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
AC_DEFINE([USE_FILE_CACHE], [1], [Define this to enable non-gdbm/ndbm digest storing (eliminates gdbm/ndbm dependency).]) ])],
]) [AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)
dnl Decide whether or not to enable all warnings with -Wall CFLAGS="$saved_CFLAGS"
dnl LDFLAGS="$saved_LDFLAGS"],
use_wall=yes [AC_MSG_WARN([cross compiling: cannot test])])
AC_ARG_ENABLE([wall], ],
[AS_HELP_STRING([--disable-wall], [AC_MSG_RESULT(no)
[Do not enable all warnings via -Wall @<:@default is on@:>@])], CFLAGS="$saved_CFLAGS"
[use_wall=$enableval], LDFLAGS="$saved_LDFLAGS"]
[]) )])dnl
dnl Decide whether or not to enable -fstack-protector
dnl
use_stack_protector=yes
AC_ARG_ENABLE([stack-protector],
[AS_HELP_STRING([--disable-stack-protector],
[Do not enable -fstack-protector @<:@default is on@:>@])],
[use_stack_protector=$enableval],
[])
dnl Decide whether or not to enable Position Independent Executable (PIE)
dnl support
dnl
use_pie=yes
AC_ARG_ENABLE([pie],
[AS_HELP_STRING([--disable-pie],
[Do not enable Position Independent Executable support @<:@default is on@:>@])],
[use_pie=$enableval],
[])
dnl Decide whether or not to enable -D_FORTIFY_SOURCE support
dnl
use_fortify_source=yes
AC_ARG_ENABLE([fortify-source],
[AS_HELP_STRING([--disable-fortify-source],
[Do not enable -D_FORTIFY_SOURCE support @<:@default is on@:>@])],
[use_fortify_source=$enableval],
[])
dnl Decide whether or not to use read-only relocations protection
dnl
use_ro_relocations=yes
AC_ARG_ENABLE([ro-relocations],
[AS_HELP_STRING([--disable-ro-relocations],
[Do not enable read-only relocations protection @<:@default is on@:>@])],
[use_ro_relocations=$enableval],
[])
dnl Decide whether or not to use immediate binding protection
dnl
use_immediate_binding=yes
AC_ARG_ENABLE([immediate-binding],
[AS_HELP_STRING([--disable-immediate-binding],
[Do not enable immediate binding protection @<:@default is on@:>@])],
[use_immediate_binding=$enableval],
[])
AC_GNU_SOURCE AC_GNU_SOURCE
@ -149,16 +88,92 @@ AC_PROG_GREP
AC_PROG_INSTALL AC_PROG_INSTALL
AC_PROG_LN_S AC_PROG_LN_S
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
AC_PROG_RANLIB
AC_PROG_LIBTOOL AC_PROG_LIBTOOL
case "$host" in dnl Decide whether or not to enable all warnings with -Wall
*-*-linux*) dnl
;; use_wall=yes
*-*-openbsd*) AC_ARG_ENABLE([wall],
AC_DEFINE_UNQUOTED([PLATFORM_OPENBSD], [1], [Define if you are running on OpenBSD]) [AS_HELP_STRING([--disable-wall],
;; [Do not enable all warnings via -Wall @<:@default is on@:>@])],
esac [use_wall=$enableval],
[])
if test "x$use_wall" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wall])
fi
dnl Check for security features offered by the compiler
dnl -fstack-protector-all doesn't always work for some GCC versions
dnl and/or platforms, so we test if we can. If it's not supported
dnl on a given platform gcc will emit a warning so we use -Werror.
dnl
dnl Decide whether or not to enable -fstack-protector
dnl
use_stack_protector=yes
AC_ARG_ENABLE([stack-protector],
[AS_HELP_STRING([--disable-stack-protector],
[Do not enable -fstack-protector @<:@default is on@:>@])],
[use_stack_protector=$enableval],
[])
if test "x$use_stack_protector" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-fstack-protector-all -fstack-protector])
fi
dnl Decide whether or not to enable Position Independent Executable (PIE)
dnl support
dnl
use_pie=yes
AC_ARG_ENABLE([pie],
[AS_HELP_STRING([--disable-pie],
[Do not enable Position Independent Executable support @<:@default is on@:>@])],
[use_pie=$enableval],
[])
if test "x$use_pie" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-fPIE -pie])
fi
dnl Decide whether or not to enable -D_FORTIFY_SOURCE support
dnl
use_fortify_source=yes
AC_ARG_ENABLE([fortify-source],
[AS_HELP_STRING([--disable-fortify-source],
[Do not enable -D_FORTIFY_SOURCE support @<:@default is on@:>@])],
[use_fortify_source=$enableval],
[])
if test "x$use_fortify_source" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-D_FORTIFY_SOURCE=2])
fi
dnl Decide whether or not to use read-only relocations protection
dnl
use_ro_relocations=yes
AC_ARG_ENABLE([ro-relocations],
[AS_HELP_STRING([--disable-ro-relocations],
[Do not enable read-only relocations protection @<:@default is on@:>@])],
[use_ro_relocations=$enableval],
[])
if test "x$use_ro_relocations" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wl,-z,relro])
fi
dnl Decide whether or not to use immediate binding protection
dnl
use_immediate_binding=yes
AC_ARG_ENABLE([immediate-binding],
[AS_HELP_STRING([--disable-immediate-binding],
[Do not enable immediate binding protection @<:@default is on@:>@])],
[use_immediate_binding=$enableval],
[])
if test "x$use_immediate_binding" = "xyes"; then
FKO_CHECK_COMPILER_ARG([-Wl,-z,now])
fi
# Checks for header files. # Checks for header files.
# #
@ -202,216 +217,56 @@ AC_CHECK_FUNCS([bzero gettimeofday memmove memset socket strchr strcspn strdup s
AC_SEARCH_LIBS([socket], [socket]) AC_SEARCH_LIBS([socket], [socket])
AC_SEARCH_LIBS([inet_addr], [nsl]) AC_SEARCH_LIBS([inet_addr], [nsl])
# Add -Wall case "$host" in
# *-*-linux*)
if test "x$use_wall" = "xyes"; then ;;
for t in -Wall; do *-*-openbsd*)
AC_MSG_CHECKING(if $CC supports $t) AC_DEFINE_UNQUOTED([PLATFORM_OPENBSD], [1], [Define if you are running on OpenBSD])
saved_CFLAGS="$CFLAGS" ;;
saved_LDFLAGS="$LDFLAGS" esac
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
# Check for security features offered by the compiler dnl Decide whether or not to build the client
# dnl
want_client=yes
AC_ARG_ENABLE([client],
[AS_HELP_STRING([--disable-client],
[Do not build the fwknop client @<:@default is to build@:>@])],
[want_client=$enableval],
[])
AM_CONDITIONAL([WANT_CLIENT], [test "$want_client" = yes])
# Adapted from OpenSSH: dnl Decide whether or not to build the server
# -fstack-protector-all doesn't always work for some GCC versions dnl
# and/or platforms, so we test if we can. If it's not supported want_server=yes
# on a given platform gcc will emit a warning so we use -Werror. AC_ARG_ENABLE([server],
if test "x$use_stack_protector" = "xyes"; then [AS_HELP_STRING([--disable-server],
for t in -fstack-protector-all -fstack-protector; do [Do not build the fwknop server @<:@default is to build@:>@])],
AC_MSG_CHECKING(if $CC supports $t) [want_server=$enableval],
saved_CFLAGS="$CFLAGS" [])
saved_LDFLAGS="$LDFLAGS" AM_CONDITIONAL([WANT_SERVER], [test "$want_server" = yes])
CFLAGS="$CFLAGS $t -Werror"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_pie" = "xyes"; then dnl Decide whether or not to enable the digest-cache
for t in "-fPIE -pie"; do dnl
AC_MSG_CHECKING(if $CC supports $t) want_digest_cache=yes
saved_CFLAGS="$CFLAGS" AC_ARG_ENABLE([digest-cache],
saved_LDFLAGS="$LDFLAGS" [AS_HELP_STRING([--disable-digest-cache],
CFLAGS="$CFLAGS $t -Werror" [Do not enable the fwknopd digest-cache @<:@default is to build@:>@])],
LDFLAGS="$LDFLAGS $t -Werror" [want_digest_cache=$enableval],
AC_LINK_IFELSE( [])
[AC_LANG_SOURCE([ dnl AM_CONDITIONAL([WANT_DIGEST_CACHE], [test "$want_digest_cache" = yes])
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_fortify_source" = "xyes"; then dnl Decide whether or not to try to look for gdbm/ndbm (default to just
for t in "-D_FORTIFY_SOURCE=2"; do dnl use a file-based solution - reduces dependencies)
AC_MSG_CHECKING(if $CC supports $t) dnl
saved_CFLAGS="$CFLAGS" want_file_cache=yes
saved_LDFLAGS="$LDFLAGS" AC_ARG_ENABLE([file-cache],
CFLAGS="$CFLAGS $t -Werror" [AS_HELP_STRING([--disable-file-cache],
LDFLAGS="$LDFLAGS $t -Werror" [Replace file cache with gdbm/ndbm @<:@default on@:>@])],
AC_LINK_IFELSE( [want_file_cache=$enableval],
[AC_LANG_SOURCE([ [])
#include <stdio.h> AS_IF([test "$want_file_cache" = yes], [
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;} AC_DEFINE([USE_FILE_CACHE], [1], [Define this to enable non-gdbm/ndbm digest storing (eliminates gdbm/ndbm dependency).])
])], ])
[ AC_MSG_RESULT(yes)
CFLAGS="$saved_CFLAGS $t"
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
CFLAGS="$saved_CFLAGS"
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_ro_relocations" = "xyes"; then
for t in "-Wl,-z,relro"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
LDFLAGS="$saved_LDFLAGS"
done
fi
if test "x$use_immediate_binding" = "xyes"; then
for t in "-Wl,-z,now"; do
AC_MSG_CHECKING(if $CC supports $t)
saved_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS $t -Werror"
AC_LINK_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
LDFLAGS="$saved_LDFLAGS $t"
AC_MSG_CHECKING(if $t works)
AC_RUN_IFELSE(
[AC_LANG_SOURCE([
#include <stdio.h>
int main(void){char x[[256]]; snprintf(x, sizeof(x), "NNN"); return 0;}
])],
[ AC_MSG_RESULT(yes)
break ],
[ AC_MSG_RESULT(no) ],
[ AC_MSG_WARN([cross compiling: cannot test])
break ]
)
],
[ AC_MSG_RESULT(no) ]
)
LDFLAGS="$saved_LDFLAGS"
done
fi
# Check for 3rd-party libs # Check for 3rd-party libs
# #

5
fwknop.spec
View File

@ -13,9 +13,8 @@
%define _mandir /usr/share/man %define _mandir /usr/share/man
Name: fwknop Name: fwknop
Version: 2.0rc5 Version: 2.0
# Uncomment this when the version becomes 2.0.0 (without the rcX). Epoch: 1
#Epoch: 1
Release: 1%{?dist} Release: 1%{?dist}
Summary: Firewall Knock Operator client. An implementation of Single Packet Authorization. Summary: Firewall Knock Operator client. An implementation of Single Packet Authorization.

2
server/pcap_capture.c
View File

@ -158,7 +158,7 @@ pcap_capture(fko_srv_options_t *opts)
} }
/* Initialize our signal handlers. You can check the return value for /* Initialize our signal handlers. You can check the return value for
* the number of signals that were *not* set. Those that we not set * the number of signals that were *not* set. Those that were not set
* will be listed in the log/stderr output. * will be listed in the log/stderr output.
*/ */
if(set_sig_handlers() > 0) if(set_sig_handlers() > 0)

2
server/process_packet.c
View File

@ -8,7 +8,7 @@
* Purpose: Packet parser/decoder for fwknopd server. Takes the raw packet * Purpose: Packet parser/decoder for fwknopd server. Takes the raw packet
* data from libpcap and parses/extracts the packet data payload, * data from libpcap and parses/extracts the packet data payload,
* then creates an FKO context with that data. If the context * then creates an FKO context with that data. If the context
* creation is successfull, it is queued for processing. * creation is successful, it is queued for processing.
* *
* Copyright 2010 Damien Stuart (dstuart@dstuart.org) * Copyright 2010 Damien Stuart (dstuart@dstuart.org)
* *

2
server/tcp_server.c
View File

@ -117,7 +117,7 @@ run_tcp_server(fko_srv_options_t *opts)
if(fcntl(s_sock, F_SETFL, sfd_flags) < 0) if(fcntl(s_sock, F_SETFL, sfd_flags) < 0)
{ {
log_msg(LOG_ERR, "run_tcp_server: fcntl F_SETFL error setting )_NONBLOCK: %s", log_msg(LOG_ERR, "run_tcp_server: fcntl F_SETFL error setting O_NONBLOCK: %s",
strerror(errno)); strerror(errno));
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }