move tcp wrapper support to autoconf detection

Makefile.in

@@ -10,7 +10,6 @@ ENABLE_SANITIZER= # Enable ASAN/LSAN/UBSAN
 ENABLE_REGEX=1  # Enable regex probes
 USELIBCONFIG=1	# Use libconfig? (necessary to use configuration files)
 USELIBEV=1	# Use libev?
-USELIBWRAP?=	# Use libwrap?
 USELIBCAP=	# Use libcap?
 USESYSTEMD=     # Make use of systemd socket activation
 USELIBBSD?=     # Use libbsd (needed to update process name in `ps`)
@@ -37,7 +36,7 @@ AR ?= ar
 CFLAGS +=-Wall -O2 -DLIBPCRE -g $(CFLAGS_COV) $(CFLAGS_SAN)
 
 
-LIBS=-lm -lpcre2-8
+LIBS=-lm -lpcre2-8 @LIBS@
 OBJS=sslh-conf.o common.o log.o sslh-main.o probe.o tls.o argtable3.o collection.o gap.o tcp-probe.o landlock.o
 OBJS_A=libsslh.a
 FORK_OBJS=sslh-fork.o $(OBJS_A)
@@ -46,11 +45,6 @@ EV_OBJS=processes.o udp-listener.o sslh-ev.o hash.o tcp-listener.o $(OBJS_A)
 
 CONDITIONAL_TARGETS=
 
-ifneq ($(strip $(USELIBWRAP)),)
-	LIBS:=$(LIBS) -lwrap
-	CPPFLAGS+=-DLIBWRAP
-endif
-
 ifneq ($(strip $(ENABLE_REGEX)),)
 	CPPFLAGS+=-DENABLE_REGEX
 endif

common.c

@@ -43,7 +43,7 @@ struct sslhcfg_item cfg;
 struct addrinfo *addr_listen = NULL; /* what addresses do we listen to? */
 
 
-#ifdef LIBWRAP
+#ifdef HAVE_LIBWRAP
 #include <tcpd.h>
 int allow_severity =0, deny_severity = 0;
 #endif
@@ -775,7 +775,7 @@ void set_proctitle_shovel(struct connection_desc* desc, const struct connection
  */
 int check_access_rights(int in_socket, const char* service)
 {
-#ifdef LIBWRAP
+#ifdef HAVE_LIBWRAP
     union {
         struct sockaddr saddr;
         struct sockaddr_storage ss;

config.h.in

@@ -3,6 +3,9 @@
 #ifndef CONFIG_H
 /* Template for config.h, filled by `configure`. */
 
+/* Libwrap, to support host_ctl, /etc/allow and /etc/deny */
+# undef HAVE_LIBWRAP
+
 /* Landlock sandboxing Linux LSM */
 #undef HAVE_LANDLOCK
 

configure

@@ -1445,6 +1445,53 @@ fi
 
 } # ac_fn_c_try_compile
 
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+printf "%s\n" "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 test -x conftest$ac_exeext
+       }
+then :
+  ac_retval=0
+else $as_nop
+  printf "%s\n" "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
 # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
 # -------------------------------------------------------
 # Tests whether HEADER exists and can be compiled using the include files in
@@ -3159,6 +3206,48 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $
 ac_compiler_gnu=$ac_cv_c_compiler_gnu
 
 
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for hosts_ctl in -lwrap" >&5
+printf %s "checking for hosts_ctl in -lwrap... " >&6; }
+if test ${ac_cv_lib_wrap_hosts_ctl+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lwrap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char hosts_ctl ();
+int
+main (void)
+{
+return hosts_ctl ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_wrap_hosts_ctl=yes
+else $as_nop
+  ac_cv_lib_wrap_hosts_ctl=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_wrap_hosts_ctl" >&5
+printf "%s\n" "$ac_cv_lib_wrap_hosts_ctl" >&6; }
+if test "x$ac_cv_lib_wrap_hosts_ctl" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBWRAP 1" >>confdefs.h
+ LIBS="$LIBS -lwrap"
+fi
+
+
 ac_header= ac_cache=
 for ac_item in $ac_header_c_list
 do

configure.ac

@@ -5,5 +5,7 @@ AC_INIT
 AC_CONFIG_HEADERS(config.h)
 AC_CONFIG_FILES([Makefile])
 
+AC_CHECK_LIB([wrap], [hosts_ctl], [AC_DEFINE(HAVE_LIBWRAP) LIBS="$LIBS -lwrap" ], [])
+
 AC_CHECK_HEADERS(linux/landlock.h, AC_DEFINE(HAVE_LANDLOCK), [])
 AC_OUTPUT