move libcap support to autoconf detection

Makefile.in

@@ -10,7 +10,6 @@ ENABLE_SANITIZER= # Enable ASAN/LSAN/UBSAN
 ENABLE_REGEX=1  # Enable regex probes
 USELIBCONFIG=1	# Use libconfig? (necessary to use configuration files)
 USELIBEV=1	# Use libev?
-USELIBCAP=	# Use libcap?
 USESYSTEMD=     # Make use of systemd socket activation
 USELIBBSD?=     # Use libbsd (needed to update process name in `ps`)
 COV_TEST= 	# Perform test coverage?
@@ -54,11 +53,6 @@ ifneq ($(strip $(USELIBCONFIG)),)
 	CPPFLAGS+=-DLIBCONFIG
 endif
 
-ifneq ($(strip $(USELIBCAP)),)
-	LIBS:=$(LIBS) -lcap
-	CPPFLAGS+=-DLIBCAP
-endif
-
 ifneq ($(strip $(USESYSTEMD)),)
         LIBS:=$(LIBS) -lsystemd
         CPPFLAGS+=-DSYSTEMD

common.c

@@ -19,6 +19,11 @@
 #include "log.h"
 #include "sslh-conf.h"
 
+#if HAVE_LIBCAP
+#include <sys/capability.h>
+#include <sys/prctl.h>
+#endif
+
 /* Added to make the code compilable under CYGWIN
  * */
 #ifndef SA_NOCLDWAIT
@@ -841,7 +846,7 @@ void setup_signals(void)
 
 /* Ask OS to keep capabilities over a setuid(nonzero) */
 void set_keepcaps(int val) {
-#ifdef LIBCAP
+#if HAVE_LIBCAP
     int res;
     res = prctl(PR_SET_KEEPCAPS, val, 0, 0, 0);
     if (res) {
@@ -854,7 +859,7 @@ void set_keepcaps(int val) {
 /* Returns true if anything requires transparent proxying. */
 static int use_transparent(void)
 {
-#ifdef LIBCAP
+#if HAVE_LIBCAP
     if (cfg.transparent)
         return 1;
 
@@ -870,7 +875,7 @@ static int use_transparent(void)
  * IN: cap_net_admin: set to 1 to set CAP_NET_RAW
  * */
 void set_capabilities(int cap_net_admin) {
-#ifdef LIBCAP
+#if HAVE_LIBCAP
     int res;
     cap_t caps;
     cap_value_t cap_list[10];

config.h.in

@@ -9,4 +9,7 @@
 /* Landlock sandboxing Linux LSM */
 #undef HAVE_LANDLOCK
 
+/* libcap support, to use Linux capabilities */
+#undef HAVE_LIBCAP
+
 #endif

configure

@@ -3247,6 +3247,47 @@ then :
  LIBS="$LIBS -lwrap"
 fi
 
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cap_get_proc in -lcap" >&5
+printf %s "checking for cap_get_proc in -lcap... " >&6; }
+if test ${ac_cv_lib_cap_cap_get_proc+y}
+then :
+  printf %s "(cached) " >&6
+else $as_nop
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+char cap_get_proc ();
+int
+main (void)
+{
+return cap_get_proc ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"
+then :
+  ac_cv_lib_cap_cap_get_proc=yes
+else $as_nop
+  ac_cv_lib_cap_cap_get_proc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.beam \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_get_proc" >&5
+printf "%s\n" "$ac_cv_lib_cap_cap_get_proc" >&6; }
+if test "x$ac_cv_lib_cap_cap_get_proc" = xyes
+then :
+  printf "%s\n" "#define HAVE_LIBCAP 1" >>confdefs.h
+ LIBS="$LIBS -lcap"
+fi
+
 
 ac_header= ac_cache=
 for ac_item in $ac_header_c_list

configure.ac

@@ -6,6 +6,7 @@ AC_CONFIG_HEADERS(config.h)
 AC_CONFIG_FILES([Makefile])
 
 AC_CHECK_LIB([wrap], [hosts_ctl], [AC_DEFINE(HAVE_LIBWRAP) LIBS="$LIBS -lwrap" ], [])
+AC_CHECK_LIB([cap], [cap_get_proc], [AC_DEFINE(HAVE_LIBCAP) LIBS="$LIBS -lcap" ], [])
 
 AC_CHECK_HEADERS(linux/landlock.h, AC_DEFINE(HAVE_LANDLOCK), [])
 AC_OUTPUT

sslh-main.c

@@ -39,11 +39,15 @@
 #include "log.h"
 #include "tcp-probe.h"
 
+#if HAVE_LIBCAP
+#include <sys/capability.h>
+#endif
+
 /* Constants for options that have no one-character shorthand */
 #define OPT_ONTIMEOUT   257
 
 static void printcaps(void) {
-#ifdef LIBCAP
+#if HAVE_LIBCAP
     cap_t caps;
     char* desc;
     ssize_t len;

version.h

@@ -1,5 +1,5 @@
 #ifndef VERSION_H 
 #define VERSION_H 
 
-#define VERSION "v2.1.4-25-gbf08229-dirty"
+#define VERSION "v2.1.4-30-gfabf0a1-dirty"
 #endif