diff --git a/Makefile.in b/Makefile.in index a2e7408..df62443 100644 --- a/Makefile.in +++ b/Makefile.in @@ -10,7 +10,6 @@ ENABLE_SANITIZER= # Enable ASAN/LSAN/UBSAN ENABLE_REGEX=1 # Enable regex probes USELIBCONFIG=1 # Use libconfig? (necessary to use configuration files) USELIBEV=1 # Use libev? -USELIBCAP= # Use libcap? USESYSTEMD= # Make use of systemd socket activation USELIBBSD?= # Use libbsd (needed to update process name in `ps`) COV_TEST= # Perform test coverage? @@ -54,11 +53,6 @@ ifneq ($(strip $(USELIBCONFIG)),) CPPFLAGS+=-DLIBCONFIG endif -ifneq ($(strip $(USELIBCAP)),) - LIBS:=$(LIBS) -lcap - CPPFLAGS+=-DLIBCAP -endif - ifneq ($(strip $(USESYSTEMD)),) LIBS:=$(LIBS) -lsystemd CPPFLAGS+=-DSYSTEMD diff --git a/common.c b/common.c index 45b8f89..510173b 100644 --- a/common.c +++ b/common.c @@ -19,6 +19,11 @@ #include "log.h" #include "sslh-conf.h" +#if HAVE_LIBCAP +#include +#include +#endif + /* Added to make the code compilable under CYGWIN * */ #ifndef SA_NOCLDWAIT @@ -841,7 +846,7 @@ void setup_signals(void) /* Ask OS to keep capabilities over a setuid(nonzero) */ void set_keepcaps(int val) { -#ifdef LIBCAP +#if HAVE_LIBCAP int res; res = prctl(PR_SET_KEEPCAPS, val, 0, 0, 0); if (res) { @@ -854,7 +859,7 @@ void set_keepcaps(int val) { /* Returns true if anything requires transparent proxying. */ static int use_transparent(void) { -#ifdef LIBCAP +#if HAVE_LIBCAP if (cfg.transparent) return 1; @@ -870,7 +875,7 @@ static int use_transparent(void) * IN: cap_net_admin: set to 1 to set CAP_NET_RAW * */ void set_capabilities(int cap_net_admin) { -#ifdef LIBCAP +#if HAVE_LIBCAP int res; cap_t caps; cap_value_t cap_list[10]; diff --git a/config.h.in b/config.h.in index 3a6422e..ea327e9 100644 --- a/config.h.in +++ b/config.h.in @@ -9,4 +9,7 @@ /* Landlock sandboxing Linux LSM */ #undef HAVE_LANDLOCK +/* libcap support, to use Linux capabilities */ +#undef HAVE_LIBCAP + #endif diff --git a/configure b/configure index d6c156b..f120ff0 100755 --- a/configure +++ b/configure @@ -3247,6 +3247,47 @@ then : LIBS="$LIBS -lwrap" fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for cap_get_proc in -lcap" >&5 +printf %s "checking for cap_get_proc in -lcap... " >&6; } +if test ${ac_cv_lib_cap_cap_get_proc+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcap $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +char cap_get_proc (); +int +main (void) +{ +return cap_get_proc (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO" +then : + ac_cv_lib_cap_cap_get_proc=yes +else $as_nop + ac_cv_lib_cap_cap_get_proc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_get_proc" >&5 +printf "%s\n" "$ac_cv_lib_cap_cap_get_proc" >&6; } +if test "x$ac_cv_lib_cap_cap_get_proc" = xyes +then : + printf "%s\n" "#define HAVE_LIBCAP 1" >>confdefs.h + LIBS="$LIBS -lcap" +fi + ac_header= ac_cache= for ac_item in $ac_header_c_list diff --git a/configure.ac b/configure.ac index 8e69ecc..6a82d8e 100644 --- a/configure.ac +++ b/configure.ac @@ -6,6 +6,7 @@ AC_CONFIG_HEADERS(config.h) AC_CONFIG_FILES([Makefile]) AC_CHECK_LIB([wrap], [hosts_ctl], [AC_DEFINE(HAVE_LIBWRAP) LIBS="$LIBS -lwrap" ], []) +AC_CHECK_LIB([cap], [cap_get_proc], [AC_DEFINE(HAVE_LIBCAP) LIBS="$LIBS -lcap" ], []) AC_CHECK_HEADERS(linux/landlock.h, AC_DEFINE(HAVE_LANDLOCK), []) AC_OUTPUT diff --git a/sslh-main.c b/sslh-main.c index 7c91400..508f86b 100644 --- a/sslh-main.c +++ b/sslh-main.c @@ -39,11 +39,15 @@ #include "log.h" #include "tcp-probe.h" +#if HAVE_LIBCAP +#include +#endif + /* Constants for options that have no one-character shorthand */ #define OPT_ONTIMEOUT 257 static void printcaps(void) { -#ifdef LIBCAP +#if HAVE_LIBCAP cap_t caps; char* desc; ssize_t len; diff --git a/version.h b/version.h index 9514aee..b8240c5 100644 --- a/version.h +++ b/version.h @@ -1,5 +1,5 @@ #ifndef VERSION_H #define VERSION_H -#define VERSION "v2.1.4-25-gbf08229-dirty" +#define VERSION "v2.1.4-30-gfabf0a1-dirty" #endif