GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-03-27 15:27:53 +08:00
Code Issues Packages Projects Releases Wiki Activity

Replaced autoconf with meson build files

Browse Source 
Resolves: #699

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
This commit is contained in:
Nikos Mavrogiannopoulos
2026-03-15 20:03:39 +01:00
parent e0aebc0a3c
commit 18401eb298
39 changed files with 9871 additions and 3571 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
.gitlab-ci.yml
View File

@@ -14,7 +14,14 @@ variables:
CENTOS8_BUILD: buildenv-centos8
CENTOS9_BUILD: buildenv-centos9
CENTOS10_BUILD: buildenv-centos10
MINIMALCONFIG: "--without-protobuf --without-libtalloc-prefix --without-libnl --without-maxmind --without-geoip --without-libreadline-prefix --without-liboath --without-libc-prefix --without-pam --without-radius --without-libcrypt-prefix --without-utmp --without-libutil-prefix --without-libwrap --without-libwrap-prefix --without-libseccomp-prefix --without-libsystemd-prefix --without-llhttp --without-lz4 --without-gssapi --without-pcl-lib --disable-rpath --disable-seccomp --disable-anyconnect-compat --disable-compression"
MINIMAL_OPTIONS: >-
-Dlocal-protobuf=true -Dlocal-talloc=true -Dlibnl=disabled
-Dmaxmind=disabled -Dgeoip=disabled -Dliboath=disabled
-Dpam=disabled -Dradius=disabled -Dutmp=disabled
-Dlibwrap=disabled -Dseccomp=disabled -Dsystemd=disabled
-Dlz4=disabled -Dgssapi=disabled
-Danyconnect-compat=disabled -Dcompression=disabled
-Droot-tests=false
JOBS: 4
Signoff:
@@ -32,11 +39,10 @@ Debian:
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- ./configure --enable-oidc-auth
- make -j$JOBS
- meson setup build -Doidc-auth=enabled
- ninja -C build -j$JOBS
- export OCSERV_ALLOW_BROKEN_CLIENTS=1
- make check -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -46,19 +52,17 @@ Debian:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
i386/Debian:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD
script:
- git submodule update --init
- autoreconf -fvi
# Radius seems to be malfunctioning on i386 build
- ./configure --enable-oidc-auth --without-radius
- make -j$JOBS
- make check -j$JOBS VERBOSE=1
- meson setup build -Doidc-auth=enabled -Dradius=disabled
- ninja -C build -j$JOBS
- VERBOSE=1 meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -68,19 +72,17 @@ i386/Debian:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Ubuntu20.04:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --enable-oidc-auth --enable-latency-stats
- make -j$JOBS
- meson setup build -Doidc-auth=enabled -Dlatency-stats=enabled
- ninja -C build -j$JOBS
- export MALLOC_CHECK_=3
- make check -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -90,22 +92,22 @@ Ubuntu20.04:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Ubuntu22.04:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU22_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --enable-oidc-auth --enable-latency-stats
- make -j$JOBS
- meson setup build -Doidc-auth=enabled -Dlatency-stats=enabled
- ninja -C build -j$JOBS
- export MALLOC_CHECK_=3
# There is an issue with gssapi on this version of Ubuntu. While
# the package exists, it doesn't work as openssl doesn't support
# md4. See https://bugs.launchpad.net/ubuntu/+source/gss-ntlmssp/+bug/1995915
- make check -j$JOBS XFAIL_TESTS="test-gssapi"
# test-gssapi is expected to fail on Ubuntu22: openssl doesn't support md4
# See https://bugs.launchpad.net/ubuntu/+source/gss-ntlmssp/+bug/1995915
- |
set -o pipefail
meson test -C build --num-processes $JOBS --no-rebuild 2>&1 | tee /tmp/test-out.txt || \
{ ! grep -E "FAIL" /tmp/test-out.txt | grep -qv "test-gssapi"; }
tags:
- saas-linux-medium-amd64
except:
@@ -115,20 +117,18 @@ Ubuntu22.04:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Centos8:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- meson setup build
- chmod og-w tests/data/raddb
- chmod og-w tests/data/raddb/*
- make -j$JOBS
- make check VERBOSE=1 -j$JOBS
- ninja -C build -j$JOBS
- VERBOSE=1 meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -138,20 +138,18 @@ Centos8:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Centos9:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- meson setup build
- chmod og-w tests/data/raddb
- chmod og-w tests/data/raddb/*
- make -j$JOBS
- make check VERBOSE=1 -j$JOBS
- ninja -C build -j$JOBS
- VERBOSE=1 meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -161,20 +159,18 @@ Centos9:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Centos10:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS10_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- meson setup build
- chmod og-w tests/data/raddb
- chmod og-w tests/data/raddb/*
- make -j$JOBS
- make check VERBOSE=1 -j$JOBS
- ninja -C build -j$JOBS
- VERBOSE=1 meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -184,8 +180,7 @@ Centos10:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
Coverity:
stage: preliminaries
@@ -197,9 +192,8 @@ Coverity:
- wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
- tar xfz /tmp/coverity_tool.tgz
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-g -O0" ./configure --disable-maintainer-mode --enable-latency-stats
- cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$JOBS
- CFLAGS="-g -O0" meson setup build -Dlatency-stats=enabled
- cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C build -j$JOBS
- tar cfz cov-int.tar.gz cov-int
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
--form token=$COVERITY_SCAN_TOKEN --form email=n.mavrogiannopoulos@gmail.com
@@ -218,9 +212,8 @@ musl/Alpine:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
script:
- autoreconf -fvi
- ./configure --disable-maintainer-mode --with-werror
- make -j$JOBS
- meson setup build -Dwith-werror=true
- ninja -C build -j$JOBS
tags:
- saas-linux-small-amd64
except:
@@ -239,12 +232,11 @@ Fedora:
- umask 000
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-g -O0" ./configure --enable-code-coverage --with-kerberos-tests --enable-oidc-auth
- make -j$JOBS
- make check -j$JOBS COVERAGE=1 VERBOSE=1
- make local-code-coverage-output
coverage: '/coverage lines: \d+\.\d+/'
- CFLAGS="-g -O0" meson setup build -Db_coverage=true -Dkerberos-tests=true -Doidc-auth=enabled
- ninja -C build -j$JOBS
- COVERAGE=1 VERBOSE=1 meson test -C build --num-processes $JOBS --no-rebuild
- ninja -C build coverage
coverage: '/lines[.]+: \d+\.\d+/'
tags:
- saas-linux-medium-amd64
except:
@@ -254,16 +246,15 @@ Fedora:
untracked: true
when: always
noprocfs/distcheck/Fedora:
noprocfs/Fedora:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- ac_cv_file_FILE__proc_self_exe=no ./configure --disable-namespaces
- make -j$JOBS
- make distcheck VERBOSE=1 DISTCHECK_CONFIGURE_FLAGS="--disable-maintainer-mode" TESTS=""
- meson setup build -Dnamespaces=disabled
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-small-amd64
except:
@@ -280,10 +271,9 @@ clang/Fedora:
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CC=clang ./configure --with-werror
- make -j$JOBS
- make check -j$JOBS
- CC=clang meson setup build -Dwith-werror=true
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -301,10 +291,9 @@ seccomp/Fedora:
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- ./configure --with-kerberos-tests --enable-oidc-auth --with-seccomp-trap
- make -j$JOBS
- make check -j$JOBS
- meson setup build -Dkerberos-tests=true -Doidc-auth=enabled -Dseccomp-trap=true
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -320,10 +309,9 @@ minimal:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure $MINIMALCONFIG
- make -j$JOBS
- make check -j$JOBS XFAIL_TESTS="lz4-compression lzs-compression"
- meson setup build $MINIMAL_OPTIONS
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -333,8 +321,7 @@ minimal:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
- build/meson-logs/
# Build a minimal version with every optional feature disabled
minimal/Ubuntu20.04:
@@ -342,10 +329,9 @@ minimal/Ubuntu20.04:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure $MINIMALCONFIG
- make -j$JOBS
- make check -j$JOBS XFAIL_TESTS="lz4-compression lzs-compression"
- meson setup build $MINIMAL_OPTIONS
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -355,8 +341,7 @@ minimal/Ubuntu20.04:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
- build/meson-logs/
# We do not compile with PAM under address sanitizer since we are using co-routines
# without instrumentation for sanitizer.
@@ -366,10 +351,9 @@ asan/clang/Fedora:
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1" ./configure --without-pam --without-asan-broken-tests
- make -j$JOBS
- make check -j$JOBS
- CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1" meson setup build -Dpam=disabled -Db_lundef=false
- ninja -C build -j$JOBS
- DISABLE_ASAN_BROKEN_TESTS=1 meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -379,8 +363,7 @@ asan/clang/Fedora:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
- build/meson-logs/
ubsan/Fedora:
stage: testing
@@ -388,11 +371,10 @@ ubsan/Fedora:
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2 -Werror"
- CFLAGS="$UBCFLAGS" ./configure
- make -j$JOBS
- make check -j$JOBS CFLAGS="$UBCFLAGS -Wno-unused-function -Wno-unused-parameter"
- export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2 -Werror -Wno-unused-function -Wno-unused-parameter"
- CFLAGS="$UBCFLAGS" meson setup build
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- saas-linux-medium-amd64
except:
@@ -402,16 +384,14 @@ ubsan/Fedora:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
- build/meson-logs/
static-analyzer/Fedora:
stage: preliminaries
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- autoreconf -fvi -Werror
- scan-build ./configure --enable-oidc-auth --enable-latency-stats --without-protobuf
- scan-build --status-bugs -o scan-build-src make -j$JOBS
- meson setup build -Doidc-auth=enabled -Dlatency-stats=enabled -Dlocal-protobuf=true
- scan-build --status-bugs -o scan-build-src ninja -C build -j$JOBS
tags:
- saas-linux-medium-amd64
except:
@@ -427,7 +407,7 @@ codingstyle/Fedora:
stage: preliminaries
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- find src/ tests/ -name '*.[ch]'| grep -Ev '^(src/http-heads.h|src/pcl|src/protobuf|src/ccan|src/gnulib|src/inih|src/llhttp)'| xargs -I{} clang-format -style=file --dry-run {} -Werror
- find src/ tests/ -name '*.[ch]'| grep -Ev '^(src/http-heads.h|src/ipc.pb-c|src/ctl.pb-c|src/pcl|src/protobuf|src/ccan|src/gnulib|src/inih|src/llhttp)'| xargs -I{} clang-format -style=file --dry-run {} -Werror
tags:
- saas-linux-small-amd64
except:
@@ -438,12 +418,9 @@ codingstyle/Fedora:
stage: testing
script:
- git submodule update --init
- sh autogen.sh
- mkdir build
- cd build
- LIBS="-L/usr/local/lib" ../configure --disable-nls --without-root-tests
- gmake -j$JOBS
- gmake check -j$JOBS
- meson setup build -Droot-tests=false
- ninja -C build -j$JOBS
- meson test -C build --num-processes $JOBS --no-rebuild
tags:
- freebsd
only:
@@ -455,16 +432,15 @@ codingstyle/Fedora:
expire_in: 1 week
when: on_failure
paths:
- build/*.log
- build/tests/*.log
- build/meson-logs/
pages:
stage: deploy
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- mkdir -p public/coverage
- make V=1 CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage CODE_COVERAGE_BRANCH_COVERAGE=1 code-coverage-capture
- make CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage local-code-coverage-output
- ninja -C build coverage-html
- cp -r build/meson-logs/coveragereport/* public/coverage/
tags:
- saas-linux-small-amd64
dependencies:
@@ -491,8 +467,6 @@ codespell/Fedora:
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- make codespell
- codespell .
tags:
- saas-linux-small-amd64

57
Makefile.am
View File

@@ -1,57 +0,0 @@
AUTOMAKE_OPTIONS = foreign
EXTRA_DIST = COPYING README.md CONTRIBUTING.md AUTHORS
DISTCLEANFILES = AUTHORS
SUBDIRS = src doc tests
ACLOCAL_AMFLAGS = -I m4
@CODE_COVERAGE_RULES@
CODE_COVERAGE_OUTPUT_FILE = @PACKAGE@-@PACKAGE_VERSION@-coverage.info
CODE_COVERAGE_OUTPUT_DIRECTORY = @PACKAGE@-@PACKAGE_VERSION@-coverage
CODE_COVERAGE_LCOV_RMOPTS_DEFAULT = --ignore-errors unused
CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT = --ignore-errors unmapped
local-code-coverage-output: code-coverage-capture
test -f "$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html" || exit 1
cat "$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html"|grep headerCovTableEntry|grep "%"|head -1|sed 's/&nbsp;//g'|sed 's/^.*>\([0-9\.\ %]*\)<.*$$/coverage lines: \1/'
LLHTTP_VERSION = 9.2.1
llhttp-update:
test -f v$(LLHTTP_VERSION).tar.gz || wget -c https://github.com/nodejs/llhttp/archive/refs/tags/release/v$(LLHTTP_VERSION).tar.gz
tar xvf v$(LLHTTP_VERSION).tar.gz
cp llhttp-release-v$(LLHTTP_VERSION)/src/llhttp.c llhttp-release-v$(LLHTTP_VERSION)/src/http.c \
llhttp-release-v$(LLHTTP_VERSION)/src/api.c llhttp-release-v$(LLHTTP_VERSION)/include/llhttp.h src/llhttp/
clang:
make clean
scan-build ./configure
rm -rf scan.tmp
scan-build -o scan.tmp make
ctags:
find . -type f -name "*.[ch]*" | xargs @CTAGS@
cscope:
@CSCOPE@ -b -R
cref: ctags cscope
AUTHORS:
@echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS
@git shortlog -sen | cut -f 2 | sed 's/@/ at /g' >> AUTHORS
.PHONY: AUTHORS
ChangeLog:
git log --pretty > ChangeLog
.PHONY: ChangeLog
dist-hook: ChangeLog
mv ChangeLog $(distdir)
test -f $(distdir)/doc/ocserv.8 && test -f $(distdir)/doc/ocpasswd.8 && test -f $(distdir)/doc/occtl.8
codespell:
@codespell || (echo "ERROR: if that step fails due to a non-typo, edit file .codespellrc" && false)
.PHONY: codespell

1
NEWS
View File

@@ -3,6 +3,7 @@
- occtl: Added 'terminate user', 'terminate id', and 'terminate session'
commands that disconnect users and invalidate their session cookies,
preventing automatic reconnection (#689)
- Replaced autoconf/automake build system with meson (#699)
* Version 1.4.1 (released 2026-02-28)

77
README.md
View File

@@ -31,7 +31,7 @@ configuration while ocserv-main will use the previous configuration.
## Debian/Ubuntu:
```
# Basic build tools
apt-get install -y build-essential pkg-config
apt-get install -y build-essential meson ninja-build pkg-config
# Required
apt-get install -y libgnutls28-dev libev-dev libreadline-dev
# Optional functionality and testing
@@ -49,7 +49,7 @@ apt-get install -y ronn
## Fedora/RHEL:
```
# Basic build tools
yum install -y make automake gcc pkgconf-pkg-config
yum install -y meson ninja-build gcc pkgconf-pkg-config
# Required
yum install -y gnutls-devel libev-devel readline-devel
# Optional functionality and testing
@@ -68,28 +68,71 @@ dependencies and its configuration.
# Build instructions
To build from a distributed release use:
```
$ ./configure && make && make check
$ meson setup build
$ ninja -C build
$ meson test -C build
```
To test the code coverage of the test suite use the following:
`meson setup build` configures the build into a `build/` subdirectory.
`ninja -C build` compiles. `meson test -C build` runs the test suite.
## Listing and changing build options
To see all available build options and their current values:
```
$ ./configure --enable-code-coverage
$ make && make check && make code-coverage-capture
$ meson configure build
```
Note that the code coverage reported does not currently include tests which
are run within docker.
In addition to the prerequisites listed above, building from git requires
the following packages: autoconf, automake, gperf, and xz.
To build from the git repository use:
Before the build directory exists, you can also view the available options with:
```
$ autoreconf -fvi
$ ./configure && make
$ meson setup --help
```
Options are set at configure time with `-D`:
```
$ meson setup build -Doidc-auth=enabled -Dlatency-stats=enabled
```
Or changed after the fact:
```
$ meson configure build -Doidc-auth=enabled
$ ninja -C build
```
Common options:
| Option | Default | Description |
|----------------------------|------------|------------------------------------------|
| `-Doidc-auth=enabled` | disabled | OpenID Connect authentication |
| `-Dlatency-stats=enabled` | disabled | Latency statistics gathering |
| `-Dpam=disabled` | auto | PAM authentication |
| `-Dradius=disabled` | auto | RADIUS authentication/accounting |
| `-Dgssapi=disabled` | auto | GSSAPI/Kerberos authentication |
| `-Dseccomp=disabled` | auto | seccomp worker isolation |
| `-Dseccomp-trap=true` | false | Filtered syscalls fail with a signal |
| `-Dkerberos-tests=true` | false | Enable Kerberos tests (requires KDC) |
| `-Dwith-werror=true` | false | Treat compiler warnings as errors |
| `-Db_coverage=true` | false | Enable gcov code coverage instrumentation|
## Code coverage
```
$ CFLAGS="-g -O0" meson setup build -Db_coverage=true
$ ninja -C build
$ meson test -C build
$ ninja -C build coverage
```
The HTML report is written to `build/meson-logs/coveragereport/index.html`.
## Building from git
Building from git requires the same tools as a release build. After cloning:
```
$ git submodule update --init
$ meson setup build
$ ninja -C build
```

3
autogen.sh
View File

@@ -1,3 +0,0 @@
#!/bin/sh
autoreconf -fvi

770
configure.ac
View File

@@ -1,770 +0,0 @@
AC_PREREQ(2.61)
AC_INIT([OpenConnect VPN Server], [1.4.2],
[https://gitlab.com/openconnect/ocserv/-/issues],
[ocserv],
[https://ocserv.openconnect-vpn.net/])
PKG_PROG_PKG_CONFIG
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE([1.11.1 subdir-objects no-dist-gzip dist-xz -Wall -Wno-override])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_CONFIG_HEADERS([config.h])
AC_USE_SYSTEM_EXTENSIONS
AC_PROG_CC
AM_PROG_CC_C_O # Automake 1.13.4 on CentOS 7
AC_PROG_RANLIB
AM_PROG_AR
AC_PROG_SED
if test "$GCC" = "yes" && ! expr "$CC" : clang >/dev/null 2>&1;then
CFLAGS="$CFLAGS -Wall -Wno-strict-aliasing -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-truncation"
fi
AC_PATH_PROG([GPERF], [gperf])
if test -z "$GPERF"; then
GPERF_FILE="src/http-heads.h"
if test ! -f "$GPERF_FILE"; then
AC_MSG_ERROR([[
***
*** GNU gperf was not found. It is required to generate $GPERF_FILE
*** ]])
fi
fi
AC_CHECK_PROGS([IPCALC], [ipcalc ipcalc-ng], [:])
if test x"$IPCALC" = "x:"; then
AC_MSG_ERROR([[
***
*** ipcalc (or ipcalc-ng) was not found. It is needed for the test suite
*** ]])
fi
AC_PATH_PROG(CTAGS, ctags, [:])
AC_PATH_PROG(CSCOPE, cscope, [:])
AC_CHECK_PROG([RONN], [ronn], [ronn], [:])
if test x"$RONN" = "x:"; then
AC_MSG_WARN([[
***
*** ronn (ruby-ronn) was not found. Will not be able to generate manpages
*** ]])
skip_manpages=yes
fi
AM_CONDITIONAL(SKIP_MANPAGES, test "$skip_manpages" = yes)
AM_MAINTAINER_MODE([enable])
AX_CODE_COVERAGE
AC_CHECK_TYPES([sighandler_t, sig_t, __sighandler_t],,,
[#include <sys/types.h>
#include <signal.h> ])
AC_CHECK_TYPES([struct ucred],,,
[#include <sys/socket.h>
#include <sys/un.h>])
AC_CHECK_MEMBERS([struct iphdr.ihl], [],
[],
[[#include <netinet/ip.h>]])
AC_CHECK_SIZEOF([unsigned long])
AC_C_BIGENDIAN
PKG_CHECK_MODULES([LIBNETTLE], [nettle >= 2.7])
PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0])
warn_leak=no
if $PKG_CONFIG --max-version=3.5.4 gnutls;then
if $PKG_CONFIG --atleast-version=3.3.99 gnutls || $PKG_CONFIG --max-version=3.3.24 gnutls; then
warn_leak=yes
AC_DEFINE([GNUTLS_BROKEN_CERTIFICATE_SET_KEY], [1],
[gnutls has a broken gnutls_certificate_set_key()])
fi
fi
if ! $PKG_CONFIG --atleast-version=3.0 nettle; then
AC_DEFINE([NETTLE_OLD_BASE64_API], [1],
[nettle uses the pre-3.x base64 API])
fi
AM_CONDITIONAL(GNUTLS_WITH_NEW_CERTS, $PKG_CONFIG --atleast-version=3.6.0 gnutls)
dnl We want to detect failed syscalls when testing, but not necessarily when
dnl running in production. This option is provided to enable during CI.
AC_ARG_WITH(seccomp-trap,
AS_HELP_STRING([--with-seccomp-trap], [filtered syscalls will fail with a signal]),
use_seccomp_trap=$withval,
use_seccomp_trap=no)
if test "$use_seccomp_trap" != no;then
AC_DEFINE(USE_SECCOMP_TRAP, 1, [use signal on filtered calls])
fi
AC_ARG_WITH(protobuf,
AS_HELP_STRING([--without-protobuf], [use the included protobuf library]),
test_for_protobuf=$withval,
test_for_protobuf=yes)
with_local_protobuf_c=yes
if test "$test_for_protobuf" = yes;then
PKG_CHECK_MODULES([LIBPROTOBUF_C], [libprotobuf-c],
with_local_protobuf_c=no
,
[AC_LIB_HAVE_LINKFLAGS(protobuf-c,, [#include <protobuf-c/protobuf-c.h>], [protobuf_c_message_pack(0,0);])
if test x$ac_cv_libprotobuf_c = xyes; then
AC_SUBST([LIBPROTOBUF_C_LIBS], [$LIBPROTOBUF_C])
with_local_protobuf_c=no
else
AC_MSG_WARN([[***
*** libprotobuf-c was not found.
*** An included version of the library will be used.
***]])
fi
]
)
fi
AM_CONDITIONAL(LOCAL_PROTOBUF_C, test "x$with_local_protobuf_c" != xno)
AC_LIB_HAVE_LINKFLAGS(ev,, [#include <ev.h>], [ev_run(0,0);])
if test x$ac_cv_libev = xyes; then
AC_SUBST([LIBEV_LIBS], [$LIBEV])
else
AC_MSG_ERROR([[***
*** libev4 was not found.
***]])
fi
AC_ARG_WITH(root-tests,
AS_HELP_STRING([--without-root-tests], [disable any tests requiring root/docker]),
root_tests=$withval,
root_tests=yes)
AM_CONDITIONAL(ENABLE_ROOT_TESTS, test "x$root_tests" = xyes)
AC_ARG_WITH(asan-broken-tests,
AS_HELP_STRING([--without-asan-broken-tests], [disable any tests that cannot be run under asan]),
enable_asan_broken_tests=$withval,
enable_asan_broken_tests=yes)
AC_MSG_CHECKING([whether to enable broken in asan tests])
AC_MSG_RESULT([${enable_asan_broken_tests}])
AM_CONDITIONAL(DISABLE_ASAN_BROKEN_TESTS, test "x$enable_asan_broken_tests" = xno)
AC_ARG_WITH(kerberos-tests,
AS_HELP_STRING([--with-kerberos-tests], [enable any tests requiring kerberos setup]),
kerberos_tests=$withval,
kerberos_tests=no)
AM_CONDITIONAL(ENABLE_KERBEROS_TESTS, test "x$kerberos_tests" = xyes)
AC_ARG_WITH(tun-tests,
AS_HELP_STRING([--without-tun-tests], [disable any tests requiring /dev/net/tun]),
tun_tests=$withval,
tun_tests=yes)
AM_CONDITIONAL(ENABLE_TUN_TESTS, test "x$tun_tests" = xyes)
AC_ARG_WITH(local-talloc,
AS_HELP_STRING([--with-local-talloc], [use the included talloc library]),
no_test_for_talloc=$withval,
no_test_for_talloc=no)
with_local_talloc=yes
if test "$no_test_for_talloc" != yes;then
PKG_CHECK_MODULES([LIBTALLOC], [talloc],
with_local_talloc=no,
[AC_LIB_HAVE_LINKFLAGS(talloc,, [#include <talloc.h>], [talloc_size(0,0);])
if test x$ac_cv_libtalloc = xyes; then
AC_SUBST([LIBTALLOC_LIBS], [$LIBTALLOC])
with_local_talloc=no
else
AC_MSG_WARN([[***
*** libtalloc was not found.
*** An included version of talloc will be used.
***]])
fi
]
)
fi
if test "$with_local_talloc" = no;then
AC_DEFINE(HAVE_LIBTALLOC, 1, [have libtalloc])
fi
AM_CONDITIONAL(LOCAL_TALLOC, test "x$with_local_talloc" != xno)
AC_ARG_WITH(libnl,
AS_HELP_STRING([--without-libnl], [do not try to use the libnl library]),
test_for_libnl=$withval,
test_for_libnl=yes)
if test "$test_for_libnl" = yes;then
PKG_CHECK_MODULES(LIBNL3, libnl-route-3.0 >= 3.1, [have_libnl3=yes], [have_libnl3=no])
if test "${have_libnl3}" = "yes"; then
AC_DEFINE(HAVE_LIBNL, 1, [have libnl])
fi
fi
AC_ARG_WITH(maxmind,
AS_HELP_STRING([--without-maxmind], [do not try to use the maxmind library]),
test_for_maxmind=$withval,
test_for_maxmind=yes)
have_maxmind=no
if test "$test_for_maxmind" = yes;then
PKG_CHECK_MODULES(MAXMIND, libmaxminddb >= 1.0.0, [have_maxmind=yes], [have_maxmind=no])
if test "$have_maxmind" = yes;then
AC_DEFINE(HAVE_MAXMIND, 1, [have libmaxminddb])
fi
fi
AM_CONDITIONAL(HAVE_MAXMIND, test "x$have_maxmind" != xno)
AC_ARG_WITH(geoip,
AS_HELP_STRING([--without-geoip], [do not try to use the geoip library]),
test_for_geoip=$withval,
test_for_geoip=yes)
have_geoip=no
if test "$test_for_geoip" = yes && test "$have_maxmind" != yes;then
PKG_CHECK_MODULES(GEOIP, geoip >= 1.6.0, [have_geoip=yes], [have_geoip=no])
if test "$have_geoip" = yes;then
AC_DEFINE(HAVE_GEOIP, 1, [have libgeoip])
fi
fi
have_readline=no
AC_LIB_HAVE_LINKFLAGS(readline,, [
#include <stdio.h>
#include <readline/readline.h>], [rl_replace_line(0,0);])
if test x$ac_cv_libreadline = xyes; then
AC_SUBST(LIBREADLINE_LIBS, [$LIBREADLINE])
AC_DEFINE(HAVE_ORIG_READLINE, 1, [have original readline])
have_readline=yes
else
PKG_CHECK_MODULES(LIBREADLINE, libedit, [have_libedit=yes], [have_libedit=no])
if test "${have_libedit}" = "no"; then
AC_MSG_WARN([[***
*** libreadline or editline was not found. occtl will not be built.
***]])
else
have_readline=editline
fi
fi
have_liboath=no
AC_ARG_WITH(liboath,
AS_HELP_STRING([--without-liboath], [do not include OTP support]),
test_for_liboath=$withval,
test_for_liboath=yes)
if test x$test_for_liboath = xyes;then
PKG_CHECK_MODULES([LIBOATH], [liboath], [
AC_DEFINE([HAVE_LIBOATH], 1, [Enable the liboath library])
have_liboath=yes],
[have_liboath=no])
fi
AM_CONDITIONAL(HAVE_LIBOATH, test "x$have_liboath" != xno)
have_glibc=no
AC_LIB_HAVE_LINKFLAGS(c,, [
#include <stdio.h>
#include <gnu/libc-version.h>
#include <stdio.h>], [ puts (gnu_get_libc_version ()); return 0; ])
if test x$ac_cv_libc = xyes; then
AC_DEFINE(TRY_SHA2_CRYPT, 1, [have original glibc])
have_glibc=yes
else
have_glibc=no
fi
AC_ARG_WITH(pam,
AS_HELP_STRING([--without-pam], [do not include PAM support]),
test_for_pam=$withval,
test_for_pam=yes)
pam_enabled=no
if test "$test_for_pam" = yes;then
oldlibs=$LIBS
LIBS="$oldlibs -lpam"
AC_MSG_CHECKING([for pam library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <security/pam_appl.h>],[
pam_start(0, 0, 0, 0);])],
[AC_MSG_RESULT(yes)
AC_SUBST([PAM_LIBS], [-lpam])
AC_SUBST([PAM_CFLAGS], [])
pam_enabled=yes
AC_DEFINE([HAVE_PAM], 1, [Enable the PAM library])],
[AC_MSG_RESULT(no)
AC_MSG_WARN([[
***
*** libpam was not found. PAM support will be disabled.
*** ]])])
LIBS="$oldlibs"
fi
PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no)
PKG_CHECK_MODULES([CWRAP_PAM], [pam_wrapper], have_cwrap_pam=yes, have_cwrap_pam=no)
PKG_CHECK_MODULES([CWRAP_NSS], [nss_wrapper], have_cwrap_nss=yes, have_cwrap_nss=no)
if test "$have_cwrap" != no;then
AC_DEFINE([HAVE_CWRAP], 1, [Enable testing with cwrap])
fi
AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno)
AM_CONDITIONAL(HAVE_CWRAP_PAM, test "x$have_cwrap_pam" != xno && test "$have_liboath" = yes && test "$pam_enabled" = yes)
AM_CONDITIONAL(HAVE_CWRAP_ALL, test "x$have_cwrap_nss" != xno && test "x$have_cwrap_pam")
AC_ARG_WITH(radius,
AS_HELP_STRING([--without-radius], [do not include Radius support]),
test_for_radius=$withval,
test_for_radius=yes)
radius_enabled=no
if test "$test_for_radius" = yes;then
PKG_CHECK_MODULES([RADCLI], [radcli >= 1.2.5], radius_enabled=radcli, radius_enabled=no)
if test "$radius_enabled" = no;then
oldlibs=$LIBS
LIBS="$oldlibs -lfreeradius-client"
AC_MSG_CHECKING([for freeradius client library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <freeradius-client.h>],[
#ifndef PW_MAX_MSG_SIZE
#error 1
#endif
rc_read_config(0);])],
[AC_MSG_RESULT(yes)
AC_SUBST([RADCLI_LIBS], [-lfreeradius-client])
AC_SUBST([RADCLI_CFLAGS], [])
radius_enabled=freeradius-client
AC_DEFINE([LEGACY_RADIUS], 1, [Enable the legacy library support])],
[AC_MSG_RESULT(no)
AC_MSG_WARN([[
***
*** radcli 1.2.5 or later was not found. Radius support will be disabled.
*** See http://radcli.github.io/radcli/
*** ]])])
LIBS="$oldlibs"
fi
if test "$radius_enabled" != no;then
AC_DEFINE([HAVE_RADIUS], 1, [Enable the Radius library])
fi
fi
AM_CONDITIONAL(RADIUS_ENABLED, test "$radius_enabled" != no)
AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h crypt.h], [], [], [])
if test "$ac_cv_header_crypt_h" = yes;then
crypt_header="crypt.h"
else
crypt_header="unistd.h"
fi
AC_LIB_HAVE_LINKFLAGS(crypt,, [#define _XOPEN_SOURCE
#include <${crypt_header}>], [crypt(0,0);])
AC_ARG_WITH(utmp,
AS_HELP_STRING([--without-utmp], [do not use libutil for utmp support]),
test_for_utmp=$withval,
test_for_utmp=yes)
if test "$test_for_utmp" = yes;then
AC_LIB_HAVE_LINKFLAGS(util,, [#include <utmpx.h>], [pututxline(0);])
fi
# Test for libwrap
AC_ARG_WITH(libwrap,
AS_HELP_STRING([--without-libwrap], [do not use libwrap]),
test_for_libwrap=$withval,
test_for_libwrap=yes)
dnl Test for PCL library
with_local_pcl=yes
if test "$test_for_libwrap" = yes;then
AC_LIB_HAVE_LINKFLAGS(wrap,, [#include <tcpd.h>], [hosts_access(allow_severity);])
fi
# test for other types
AC_CHECK_MEMBER([struct sockaddr.sa_len],
[AC_DEFINE(HAVE_SOCKADDR_SA_LEN, 1, [Do we have sockaddr.sa_len?])], [],
[
#include <sys/types.h>
#include <sys/socket.h>
])
AC_CHECK_FUNCS([setproctitle vasprintf clock_gettime isatty pselect ppoll getpeereid sigaltstack])
AC_CHECK_FUNCS([strlcpy posix_memalign malloc_trim strsep])
if [ test -z "$LIBWRAP" ];then
libwrap_enabled="no"
else
libwrap_enabled="yes"
fi
isolation="none"
AC_ARG_ENABLE(seccomp,
AS_HELP_STRING([--disable-seccomp], [disable seccomp support]),
seccomp_enabled=$enableval, seccomp_enabled=yes)
if [ test "$seccomp_enabled" = "yes" ];then
AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include <seccomp.h>
], [seccomp_init(0);])
if [ test -z "$LIBSECCOMP" ];then
seccomp_enabled="no"
else
seccomp_enabled="yes"
isolation="seccomp"
fi
fi
AC_ARG_ENABLE(systemd,
AS_HELP_STRING([--disable-systemd], [disable systemd support]),
systemd_enabled=$enableval, systemd_enabled=yes)
if [ test "$systemd_enabled" = "yes" ];then
AC_LIB_HAVE_LINKFLAGS(systemd,, [#include <systemd/sd-daemon.h>], [sd_listen_fds(0);])
if [ test -z "$LIBSYSTEMD" ];then
systemd_enabled="no"
else
systemd_enabled="yes"
fi
fi
AC_ARG_ENABLE(namespaces,
AS_HELP_STRING([--disable-namespaces], [disable namespaces support]),
namespaces_enabled=$enableval, namespaces_enabled=yes)
if [ test "$namespaces_enabled" = "yes" ];then
AC_DEFINE([LINUX_NAMESPACES], [], [Enable Linux namespaces])
fi
AC_ARG_ENABLE(anyconnect-compat,
AS_HELP_STRING([--disable-anyconnect-compat], [disable Anyconnect client compatibility (experimental)]),
anyconnect_enabled=$enableval, anyconnect_enabled=yes)
if [ test "$anyconnect_enabled" = "yes" ];then
AC_DEFINE([ANYCONNECT_CLIENT_COMPAT], [], [Enable Anyconnect compatibility])
fi
pager_set=0
AC_ARG_WITH(pager,
AS_HELP_STRING([--with-pager=PAGER], [set a specific pager for occtl; use "" for no pager]),
occtl_pager=$withval
pager_set=1
)
if [ test $pager_set = 0 ];then
AC_DEFINE_UNQUOTED([OCCTL_PAGER], ["less"], [The default pager for occtl])
else
AC_DEFINE_UNQUOTED([OCCTL_PAGER], ["$occtl_pager"], [The default pager for occtl])
fi
AC_ARG_WITH(llhttp,
AS_HELP_STRING([--without-llhttp], [use the included llhttp]),
test_for_llhttp=$withval,
test_for_llhttp=yes)
dnl Test for llhttp library
with_local_llhttp=yes
if test "$test_for_llhttp" = yes;then
oldlibs=$LIBS
LIBS="$oldlibs -lllhttp"
AC_MSG_CHECKING([for llhttp library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <llhttp.h>],[
llhttp_settings_init(0);])],
[AC_MSG_RESULT(yes)
AC_SUBST([LLHTTP_LIBS], [-lllhttp])
AC_SUBST([LLHTTP_CFLAGS], [])
with_local_llhttp=no],
[AC_MSG_RESULT(no)
AC_MSG_WARN([[
***
*** libllhttp not found.
*** An included version of the library will be used.
*** ]])])
LIBS="$oldlibs"
fi
AM_CONDITIONAL(LOCAL_LLHTTP, test "x$with_local_llhttp" != xno)
dnl compression
AC_ARG_ENABLE(compression,
AS_HELP_STRING([--disable-compression], [Disable compression support]),
enable_compression=$enableval,
enable_compression=yes)
if test "$enable_compression" = yes;then
AC_DEFINE([ENABLE_COMPRESSION], [], [compression enabled])
fi
AM_CONDITIONAL(ENABLE_COMPRESSION, test "$enable_compression" = yes)
dnl LZ4
AC_ARG_WITH(lz4,
AS_HELP_STRING([--without-lz4], [disable support for LZ4 compression]),
test_for_lz4=$withval,
test_for_lz4=yes)
enable_lz4=no
if test "$test_for_lz4" = yes && test "$enable_compression" = yes;then
PKG_CHECK_MODULES([LIBLZ4], [liblz4], [
enable_lz4=yes
AC_DEFINE([HAVE_LZ4], [], [LZ4 was found])
],
[
AC_MSG_WARN([[
***
*** lz4 not found. Will disable compression support.
*** ]])
])
fi
dnl GSSAPI
AC_ARG_WITH(gssapi,
AS_HELP_STRING([--without-gssapi], [disable support for GSSAPI authentication]),
test_for_gssapi=$withval,
test_for_gssapi=yes)
enable_gssapi=no
if test "$test_for_gssapi" = yes;then
PKG_CHECK_MODULES([LIBKRB5], [krb5-gssapi], [
enable_gssapi=yes
AC_DEFINE([HAVE_GSSAPI], [], [GSSAPI was found])
PKG_CHECK_MODULES(LIBTASN1, [libtasn1 >= 3.4])
],
[
AC_MSG_WARN([[
***
*** gssapi not found. Will disable gssapi (and Kerberos) support.
*** ]])
])
fi
AM_CONDITIONAL(HAVE_GSSAPI, test "$enable_gssapi" = yes)
if test "x$kerberos_tests" = xyes && test "$enable_gssapi" != yes;then
AC_MSG_ERROR([[***
*** libkrb5 was not found and enable-kerberos-tests was specified.
***]])
fi
dnl needed in the included PCL
AC_C_VOLATILE
AC_C_CONST
AC_CHECK_FUNCS(memset malloc free)
AC_CHECK_FUNCS(makecontext getcontext swapcontext)
AC_CHECK_FUNCS(sigaction)
AC_CHECK_FUNCS(longjmp setjmp)
AC_CHECK_FUNCS(sigaltstack)
AC_CHECK_HEADERS([linux/net_tstamp.h], [net_tstamp_header=yes], [net_tstamp_header=no])
AC_CHECK_TYPES([struct scm_timestamping],[scm_timestamping_defined=yes],[scm_timestamping_defined=no],
[#include <time.h>
#include <linux/errqueue.h>])
AC_ARG_ENABLE([latency-stats],
[AS_HELP_STRING([--enable-latency-stats],
[enable capturing latency stats (default is no)])],
[enable_latency_stats=$enableval],
[enable_latency_stats=no]
)
have_latency_stats=no
if test "x$enable_latency_stats" = xyes && test "x$net_tstamp_header" = xyes && test "x$scm_timestamping_defined" = xyes; then
AC_DEFINE([CAPTURE_LATENCY_SUPPORT], [1], [Enable capturing latency stats])
AC_LIB_HAVE_LINKFLAGS([m])
have_latency_stats=yes
fi
AM_CONDITIONAL(ENABLE_LATENCY_SUPPORT, test "x$have_latency_stats" = xyes)
AC_CHECK_HEADERS([linux/netlink.h linux/rtnetlink.h linux/sock_diag.h linux/unix_diag.h], [sockdiag_header=yes], [sockdiag_header=no])
if test "x$sockdiag_header" = xyes; then
AC_DEFINE([ENABLE_ADAPTIVE_RATE_LIMIT_SUPPORT], [1], [Enable adaptive rate limiting])
fi
AC_ARG_WITH(pcl-lib,
AS_HELP_STRING([--without-pcl-lib], [use the included PCL library]),
test_for_pcl_lib=$withval,
test_for_pcl_lib=yes)
dnl Test for PCL library
with_local_pcl=yes
if test "$test_for_pcl_lib" = yes;then
oldlibs=$LIBS
LIBS="$oldlibs -lpcl"
AC_MSG_CHECKING([for pcl library])
AC_LINK_IFELSE([AC_LANG_PROGRAM([
#include <pcl.h>],[
co_create(0, 0, 0, 0);])],
[AC_MSG_RESULT(yes)
AC_SUBST([PCL_LIBS], [-lpcl])
AC_SUBST([PCL_CFLAGS], [])
with_local_pcl=no],
[AC_MSG_RESULT(no)
AC_MSG_WARN([[
***
*** libpcl (portable co-routines) was not found.
*** An included version of the library will be used.
*** ]])])
LIBS="$oldlibs"
fi
AM_CONDITIONAL(PCL, test "$with_local_pcl" = no)
AC_ARG_WITH(werror,
AS_HELP_STRING([--with-werror], [fail on gcc warnings]),
[src_cflags="-Werror"], [])
AC_SUBST([SRC_CFLAGS], [${src_cflags}])
dnl config options for inih
AC_DEFINE([INI_STOP_ON_FIRST_ERROR], [1], [inih configuration])
AC_DEFINE([INI_INLINE_COMMENT_PREFIXES], ["#"], [inih configuration])
AC_DEFINE([INI_ALLOW_MULTILINE], [1], [inih configuration])
AC_DEFINE([INI_MAX_LINE], [2048], [inih configuration])
if test "$have_cwrap_pam" = yes; then
m4_ifdef([PKG_CHECK_VAR], [PKG_CHECK_VAR([CWRAP_PAM_MODULES], [pam_wrapper], [modules])])
if test -f $CWRAP_PAM_MODULES/pam_matrix.so;then
AC_SUBST([PAMWRAPDIR], [$CWRAP_PAM_MODULES])
elif test -f /usr/lib64/pam_wrapper/pam_matrix.so;then
AC_SUBST([PAMWRAPDIR], [/usr/lib64/pam_wrapper])
elif test -f /usr/lib/pam_wrapper/pam_matrix.so;then
AC_SUBST([PAMWRAPDIR], [/usr/lib/pam_wrapper])
else
AC_SUBST([PAMWRAPDIR], [/usr/lib/pam_wrapper])
fi
if test -f /usr/lib64/security/pam_oath.so;then
AC_SUBST([PAMDIR], [/usr/lib64/security])
elif test -f /usr/lib/security/pam_oath.so;then
AC_SUBST([PAMDIR], [/usr/lib/security])
elif test -f /lib/security/pam_oath.so;then
AC_SUBST([PAMDIR], [/lib/security])
else
AC_SUBST([PAMDIR], [/usr/lib/security])
fi
fi
AC_ARG_ENABLE([oidc-auth],
[AS_HELP_STRING([--enable-oidc-auth],
[whether to support OpenID Connect auth (default is no)])],
[enable_oidc_auth=$enableval],
[enable_oidc_auth=no]
)
if test "x$enable_oidc_auth" = xyes; then
AC_DEFINE([SUPPORT_OIDC_AUTH], 1, [Enable support for OpenID Connect auth])
PKG_CHECK_MODULES([LIBCURL], [libcurl])
PKG_CHECK_MODULES([CJOSE], [cjose])
PKG_CHECK_MODULES([JANSSON], [jansson])
fi
AM_CONDITIONAL(ENABLE_OIDC_AUTH, test "x$enable_oidc_auth" = xyes)
AM_CONDITIONAL(ENABLE_OIDC_AUTH_TESTS, test "x$enable_oidc_auth" = xyes)
AC_CHECK_FILE(/proc/self/exe, AC_DEFINE([PROC_FS_SUPPORTED],[1], [procfs supported]), [])
uid=$(id -u)
gid=$(id -g)
AC_SUBST([ROOTUID], [$uid])
AC_SUBST([ROOTGID], [$gid])
if test -f /usr/lib64/freeradius/rlm_pam.so;then
radius_libdir=/usr/lib64
else
radius_libdir=/usr/lib
fi
AC_SUBST([RADIUS_LIBDIR], [$radius_libdir])
AC_CONFIG_FILES([
Makefile
src/version.inc
src/Makefile
doc/Makefile
tests/data/pam/ocserv
tests/data/pam/nss-passwd
tests/data/pam/nss-group
tests/data/raddb/radiusd.conf
tests/Makefile
])
AC_OUTPUT
chmod 640 tests/data/raddb/radiusd.conf
AC_MSG_NOTICE([
Summary of build options:
version: ${VERSION}
Host type: ${host}
Install prefix: ${prefix}
Compiler: ${CC}
CFlags: ${CFLAGS}
CWrap testing: ${have_cwrap}
CWrap PAM testing: ${have_cwrap_pam}
CWrap NSS testing: ${have_cwrap_nss}
PAM auth backend: ${pam_enabled}
Radius auth backend: ${radius_enabled}
GSSAPI auth backend: ${enable_gssapi}
OIDC Auth backend: ${enable_oidc_auth}
Anyconnect compat: ${anyconnect_enabled}
TCP wrappers: ${libwrap_enabled}
namespaces: ${namespaces_enabled}
systemd: ${systemd_enabled}
(socket activation)
worker isolation: ${isolation}
Compression: ${enable_compression}
LZ4 compression: ${enable_lz4}
readline: ${have_readline}
libnl3: ${have_libnl3}
liboath: ${have_liboath}
libgeoip: ${have_geoip}
libmaxminddb: ${have_maxmind}
glibc (sha2crypt): ${have_glibc}
local talloc: ${with_local_talloc}
local protobuf-c: ${with_local_protobuf_c}
local PCL library: ${with_local_pcl}
local llhttp: ${with_local_llhttp}
seccomp trap: ${use_seccomp_trap}
capture latency stats ${have_latency_stats}
])
if test "${warn_leak}" = "yes";then
AC_MSG_WARN([[***
*** a broken version of gnutls was found; will work around but server will leak memory;
*** please update to the latest version of a supported gnutls branch (e.g. as 3.3.x, 3.5.x, or 3.6.x)
*** for better server performance.
***]])
fi
if test "x${isolation}" = xnone;then
AC_MSG_WARN([[
***
*** No supported worker isolation system was found. Worker processes
*** will not be isolated. Only seccomp is supported (see src/worker-privs.c)
*** ]])
fi

57
dist-script.sh Executable file
View File

@@ -0,0 +1,57 @@
#!/bin/sh
# Run by 'meson dist' to add pre-generated files that autotools used to
# distribute via EXTRA_DIST. MESON_PROJECT_DIST_ROOT points to the
# unpacked dist tree that meson is building the tarball from.
set -e
DISTROOT="$MESON_PROJECT_DIST_ROOT"
# --------------------------------------------------------------------------
# Protocol buffers: ipc.proto and ctl.proto
# --------------------------------------------------------------------------
PROTOC=$(command -v protoc 2>/dev/null || command -v protoc-c 2>/dev/null || true)
if [ -z "$PROTOC" ]; then
echo "dist-script: WARNING: protoc/protoc-c not found, skipping pb-c generation" >&2
else
"$PROTOC" --c_out="$DISTROOT/src" \
--proto_path="$DISTROOT/src" \
"$DISTROOT/src/ipc.proto"
"$PROTOC" --c_out="$DISTROOT/src" \
--proto_path="$DISTROOT/src" \
"$DISTROOT/src/ctl.proto"
fi
# --------------------------------------------------------------------------
# gperf: http-heads.h
# --------------------------------------------------------------------------
if command -v gperf >/dev/null 2>&1; then
gperf --global-table -t "$DISTROOT/src/http-heads.gperf" \
> "$DISTROOT/src/http-heads.h"
else
echo "dist-script: WARNING: gperf not found, skipping http-heads.h generation" >&2
fi
# --------------------------------------------------------------------------
# version.inc
# --------------------------------------------------------------------------
VERSION=$(sed -n "s/^ version: '\\(.*\\)',\$/\\1/p" "$DISTROOT/meson.build" | head -1)
if [ -n "$VERSION" ] && [ -f "$DISTROOT/src/version.inc.in" ]; then
sed "s/@VERSION@/$VERSION/" "$DISTROOT/src/version.inc.in" \
> "$DISTROOT/src/version.inc"
fi
# --------------------------------------------------------------------------
# Man pages (ronn is optional)
# --------------------------------------------------------------------------
if command -v ronn >/dev/null 2>&1; then
for page in ocserv.8 occtl.8 ocpasswd.8; do
ronn --roff "$DISTROOT/doc/${page}.md" -o "$DISTROOT/doc"
done
else
echo "dist-script: NOTE: ronn not found, man pages not pre-generated in dist" >&2
fi

36
doc/Makefile.am
View File

@@ -1,36 +0,0 @@
EXTRA_DIST = sample.config scripts/ocserv-script sample.passwd \
systemd/socket-activated/ocserv.service systemd/standalone/ocserv.service \
systemd/socket-activated/ocserv.socket README-radius.md \
profile.xml sample.otp DCO.txt ocserv.8.md ocpasswd.8.md occtl.8.md
dist_man_MANS = ocserv.8 ocpasswd.8 occtl.8
if SKIP_MANPAGES
ocserv.8:
touch $@
occtl.8:
touch $@
ocpasswd.8:
touch $@
else
ocserv.8: ocserv.8.md sample.config
sed -e 's/^/ /' sample.config >sample.config.tmp
sed -e '/@CONFIGFILE@/{r sample.config.tmp' -e 'd}' <$< >ocserv.tmp
ronn --pipe -r ocserv.tmp > $@.tmp
test -s $@.tmp && mv $@.tmp $@
rm -f sample.config.tmp
occtl.8: occtl.8.md
ronn --pipe -r $^ > $@.tmp
test -s $@.tmp && mv $@.tmp $@
ocpasswd.8: ocpasswd.8.md
ronn --pipe -r $^ > $@.tmp
test -s $@.tmp && mv $@.tmp $@
endif

17
doc/meson.build Normal file
View File

@@ -0,0 +1,17 @@
ronn = find_program('ronn', required: false)
foreach page : ['ocserv.8', 'occtl.8', 'ocpasswd.8']
if ronn.found()
custom_target(page,
input: page + '.md',
output: page,
command: [ronn, '--roff', '@INPUT@', '-o', '@OUTDIR@'],
install: true,
install_dir: get_option('mandir') / 'man8',
)
elif fs.exists(page)
install_data(page,
install_dir: get_option('mandir') / 'man8',
)
endif
endforeach

264
m4/ax_code_coverage.m4
View File

@@ -1,264 +0,0 @@
# ===========================================================================
# https://www.gnu.org/software/autoconf-archive/ax_code_coverage.html
# ===========================================================================
#
# SYNOPSIS
#
# AX_CODE_COVERAGE()
#
# DESCRIPTION
#
# Defines CODE_COVERAGE_CPPFLAGS, CODE_COVERAGE_CFLAGS,
# CODE_COVERAGE_CXXFLAGS and CODE_COVERAGE_LIBS which should be included
# in the CPPFLAGS, CFLAGS CXXFLAGS and LIBS/LIBADD variables of every
# build target (program or library) which should be built with code
# coverage support. Also defines CODE_COVERAGE_RULES which should be
# substituted in your Makefile; and $enable_code_coverage which can be
# used in subsequent configure output. CODE_COVERAGE_ENABLED is defined
# and substituted, and corresponds to the value of the
# --enable-code-coverage option, which defaults to being disabled.
#
# Test also for gcov program and create GCOV variable that could be
# substituted.
#
# Note that all optimization flags in CFLAGS must be disabled when code
# coverage is enabled.
#
# Usage example:
#
# configure.ac:
#
# AX_CODE_COVERAGE
#
# Makefile.am:
#
# @CODE_COVERAGE_RULES@
# my_program_LIBS = ... $(CODE_COVERAGE_LIBS) ...
# my_program_CPPFLAGS = ... $(CODE_COVERAGE_CPPFLAGS) ...
# my_program_CFLAGS = ... $(CODE_COVERAGE_CFLAGS) ...
# my_program_CXXFLAGS = ... $(CODE_COVERAGE_CXXFLAGS) ...
#
# This results in a "check-code-coverage" rule being added to any
# Makefile.am which includes "@CODE_COVERAGE_RULES@" (assuming the module
# has been configured with --enable-code-coverage). Running `make
# check-code-coverage` in that directory will run the module's test suite
# (`make check`) and build a code coverage report detailing the code which
# was touched, then print the URI for the report.
#
# In earlier versions of this macro, CODE_COVERAGE_LDFLAGS was defined
# instead of CODE_COVERAGE_LIBS. They are both still defined, but use of
# CODE_COVERAGE_LIBS is preferred for clarity; CODE_COVERAGE_LDFLAGS is
# deprecated. They have the same value.
#
# This code was derived from Makefile.decl in GLib, originally licenced
# under LGPLv2.1+.
#
# LICENSE
#
# Copyright (c) 2012, 2016 Philip Withnall
# Copyright (c) 2012 Xan Lopez
# Copyright (c) 2012 Christian Persch
# Copyright (c) 2012 Paolo Borelli
# Copyright (c) 2012 Dan Winship
# Copyright (c) 2015 Bastien ROUCARIES
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
# General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#serial 25
AC_DEFUN([AX_CODE_COVERAGE],[
dnl Check for --enable-code-coverage
AC_REQUIRE([AC_PROG_SED])
# allow to override gcov location
AC_ARG_WITH([gcov],
[AS_HELP_STRING([--with-gcov[=GCOV]], [use given GCOV for coverage (GCOV=gcov).])],
[_AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov],
[_AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov])
AC_MSG_CHECKING([whether to build with code coverage support])
AC_ARG_ENABLE([code-coverage],
AS_HELP_STRING([--enable-code-coverage],
[Whether to enable code coverage support]),,
enable_code_coverage=no)
AM_CONDITIONAL([CODE_COVERAGE_ENABLED], [test x$enable_code_coverage = xyes])
AC_SUBST([CODE_COVERAGE_ENABLED], [$enable_code_coverage])
AC_MSG_RESULT($enable_code_coverage)
AS_IF([ test "$enable_code_coverage" = "yes" ], [
# check for gcov
AC_CHECK_TOOL([GCOV],
[$_AX_CODE_COVERAGE_GCOV_PROG_WITH],
[:])
AS_IF([test "X$GCOV" = "X:"],
[AC_MSG_ERROR([gcov is needed to do coverage])])
AC_SUBST([GCOV])
dnl Check if gcc is being used
AS_IF([ test "$GCC" = "no" ], [
AC_MSG_ERROR([not compiling with gcc, which is required for gcov code coverage])
])
AC_CHECK_PROG([LCOV], [lcov], [lcov])
AC_CHECK_PROG([GENHTML], [genhtml], [genhtml])
AS_IF([ test -z "$LCOV" ], [
AC_MSG_ERROR([To enable code coverage reporting you must have lcov installed])
])
AS_IF([ test -z "$GENHTML" ], [
AC_MSG_ERROR([Could not find genhtml from the lcov package])
])
dnl Build the code coverage flags
dnl Define CODE_COVERAGE_LDFLAGS for backwards compatibility
CODE_COVERAGE_CPPFLAGS="-DNDEBUG"
CODE_COVERAGE_CFLAGS="-O0 -g -fprofile-arcs -ftest-coverage"
CODE_COVERAGE_CXXFLAGS="-O0 -g -fprofile-arcs -ftest-coverage"
CODE_COVERAGE_LIBS="-lgcov"
CODE_COVERAGE_LDFLAGS="$CODE_COVERAGE_LIBS"
AC_SUBST([CODE_COVERAGE_CPPFLAGS])
AC_SUBST([CODE_COVERAGE_CFLAGS])
AC_SUBST([CODE_COVERAGE_CXXFLAGS])
AC_SUBST([CODE_COVERAGE_LIBS])
AC_SUBST([CODE_COVERAGE_LDFLAGS])
[CODE_COVERAGE_RULES_CHECK='
-$(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) -k check
$(A''M_V_at)$(MAKE) $(AM_MAKEFLAGS) code-coverage-capture
']
[CODE_COVERAGE_RULES_CAPTURE='
$(code_coverage_v_lcov_cap)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --capture --output-file "$(CODE_COVERAGE_OUTPUT_FILE).tmp" --test-name "$(call code_coverage_sanitize,$(PACKAGE_NAME)-$(PACKAGE_VERSION))" --no-checksum --compat-libtool $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_OPTIONS)
$(code_coverage_v_lcov_ign)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --remove "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "/tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN) --output-file "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_RMOPTS)
-@rm -f $(CODE_COVERAGE_OUTPUT_FILE).tmp
$(code_coverage_v_genhtml)LANG=C $(GENHTML) $(code_coverage_quiet) $(addprefix --prefix ,$(CODE_COVERAGE_DIRECTORY)) --output-directory "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" --title "$(PACKAGE_NAME)-$(PACKAGE_VERSION) Code Coverage" --legend --show-details "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_GENHTML_OPTIONS)
@echo "file://$(abs_builddir)/$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html"
']
[CODE_COVERAGE_RULES_CLEAN='
clean: code-coverage-clean
distclean: code-coverage-clean
code-coverage-clean:
-$(LCOV) --directory $(top_builddir) -z
-rm -rf $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_FILE).tmp $(CODE_COVERAGE_OUTPUT_DIRECTORY)
-find . \( -name "*.gcda" -o -name "*.gcno" -o -name "*.gcov" \) -delete
']
], [
[CODE_COVERAGE_RULES_CHECK='
@echo "Need to reconfigure with --enable-code-coverage"
']
CODE_COVERAGE_RULES_CAPTURE="$CODE_COVERAGE_RULES_CHECK"
CODE_COVERAGE_RULES_CLEAN=''
])
[CODE_COVERAGE_RULES='
# Code coverage
#
# Optional:
# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting.
# Multiple directories may be specified, separated by whitespace.
# (Default: $(top_builddir))
# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated
# by lcov for code coverage. (Default:
# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info)
# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage
# reports to be created. (Default:
# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage)
# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage,
# set to 0 to disable it and leave empty to stay with the default.
# (Default: empty)
# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov
# instances. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE)
# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov
# instances. (Default: $CODE_COVERAGE_LCOV_SHOPTS_DEFAULT)
# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov
# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the
# collecting lcov instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH)
# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov
# instance. (Default: $CODE_COVERAGE_LCOV_OPTIONS_DEFAULT)
# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering
# lcov instance. (Default: empty)
# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov
# instance. (Default: $CODE_COVERAGE_LCOV_RMOPTS_DEFAULT)
# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the
# genhtml instance. (Default: based on $CODE_COVERAGE_BRANCH_COVERAGE)
# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml
# instance. (Default: $CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore
#
# The generated report will be titled using the $(PACKAGE_NAME) and
# $(PACKAGE_VERSION). In order to add the current git hash to the title,
# use the git-version-gen script, available online.
# Optional variables
CODE_COVERAGE_DIRECTORY ?= $(top_builddir)
CODE_COVERAGE_OUTPUT_FILE ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info
CODE_COVERAGE_OUTPUT_DIRECTORY ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage
CODE_COVERAGE_BRANCH_COVERAGE ?=
CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= $(if $(CODE_COVERAGE_BRANCH_COVERAGE),\
--rc lcov_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE))
CODE_COVERAGE_LCOV_SHOPTS ?= $(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT)
CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool "$(GCOV)"
CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= $(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH)
CODE_COVERAGE_LCOV_OPTIONS ?= $(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT)
CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?=
CODE_COVERAGE_LCOV_RMOPTS ?= $(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT)
CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=\
$(if $(CODE_COVERAGE_BRANCH_COVERAGE),\
--rc genhtml_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE))
CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT)
CODE_COVERAGE_IGNORE_PATTERN ?=
GITIGNOREFILES ?=
GITIGNOREFILES += $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY)
code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V))
code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY))
code_coverage_v_lcov_cap_0 = @echo " LCOV --capture"\
$(CODE_COVERAGE_OUTPUT_FILE);
code_coverage_v_lcov_ign = $(code_coverage_v_lcov_ign_$(V))
code_coverage_v_lcov_ign_ = $(code_coverage_v_lcov_ign_$(AM_DEFAULT_VERBOSITY))
code_coverage_v_lcov_ign_0 = @echo " LCOV --remove /tmp/*"\
$(CODE_COVERAGE_IGNORE_PATTERN);
code_coverage_v_genhtml = $(code_coverage_v_genhtml_$(V))
code_coverage_v_genhtml_ = $(code_coverage_v_genhtml_$(AM_DEFAULT_VERBOSITY))
code_coverage_v_genhtml_0 = @echo " GEN " $(CODE_COVERAGE_OUTPUT_DIRECTORY);
code_coverage_quiet = $(code_coverage_quiet_$(V))
code_coverage_quiet_ = $(code_coverage_quiet_$(AM_DEFAULT_VERBOSITY))
code_coverage_quiet_0 = --quiet
# sanitizes the test-name: replaces with underscores: dashes and dots
code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1)))
# Use recursive makes in order to ignore errors during check
check-code-coverage:'"$CODE_COVERAGE_RULES_CHECK"'
# Capture code coverage data
code-coverage-capture: code-coverage-capture-hook'"$CODE_COVERAGE_RULES_CAPTURE"'
# Hook rule executed before code-coverage-capture, overridable by the user
code-coverage-capture-hook:
'"$CODE_COVERAGE_RULES_CLEAN"'
A''M_DISTCHECK_CONFIGURE_FLAGS ?=
A''M_DISTCHECK_CONFIGURE_FLAGS += --disable-code-coverage
.PHONY: check-code-coverage code-coverage-capture code-coverage-capture-hook code-coverage-clean
']
AC_SUBST([CODE_COVERAGE_RULES])
m4_ifdef([_AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE([CODE_COVERAGE_RULES])])
])

529
m4/host-cpu-c-abi.m4
View File

@@ -1,529 +0,0 @@
# host-cpu-c-abi.m4
# serial 18
dnl Copyright (C) 2002-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This file is offered as-is, without any warranty.
dnl From Bruno Haible and Sam Steingold.
dnl Sets the HOST_CPU variable to the canonical name of the CPU.
dnl Sets the HOST_CPU_C_ABI variable to the canonical name of the CPU with its
dnl C language ABI (application binary interface).
dnl Also defines __${HOST_CPU}__ and __${HOST_CPU_C_ABI}__ as C macros in
dnl config.h.
dnl
dnl This canonical name can be used to select a particular assembly language
dnl source file that will interoperate with C code on the given host.
dnl
dnl For example:
dnl * 'i386' and 'sparc' are different canonical names, because code for i386
dnl will not run on SPARC CPUs and vice versa. They have different
dnl instruction sets.
dnl * 'sparc' and 'sparc64' are different canonical names, because code for
dnl 'sparc' and code for 'sparc64' cannot be linked together: 'sparc' code
dnl contains 32-bit instructions, whereas 'sparc64' code contains 64-bit
dnl instructions. A process on a SPARC CPU can be in 32-bit mode or in 64-bit
dnl mode, but not both.
dnl * 'mips' and 'mipsn32' are different canonical names, because they use
dnl different argument passing and return conventions for C functions, and
dnl although the instruction set of 'mips' is a large subset of the
dnl instruction set of 'mipsn32'.
dnl * 'mipsn32' and 'mips64' are different canonical names, because they use
dnl different sizes for the C types like 'int' and 'void *', and although
dnl the instruction sets of 'mipsn32' and 'mips64' are the same.
dnl * The same canonical name is used for different endiannesses. You can
dnl determine the endianness through preprocessor symbols:
dnl - 'arm': test __ARMEL__.
dnl - 'mips', 'mipsn32', 'mips64': test _MIPSEB vs. _MIPSEL.
dnl - 'powerpc64': test __BIG_ENDIAN__ vs. __LITTLE_ENDIAN__.
dnl * The same name 'i386' is used for CPUs of type i386, i486, i586
dnl (Pentium), AMD K7, Pentium II, Pentium IV, etc., because
dnl - Instructions that do not exist on all of these CPUs (cmpxchg,
dnl MMX, SSE, SSE2, 3DNow! etc.) are not frequently used. If your
dnl assembly language source files use such instructions, you will
dnl need to make the distinction.
dnl - Speed of execution of the common instruction set is reasonable across
dnl the entire family of CPUs. If you have assembly language source files
dnl that are optimized for particular CPU types (like GNU gmp has), you
dnl will need to make the distinction.
dnl See <https://en.wikipedia.org/wiki/X86_instruction_listings>.
AC_DEFUN([gl_HOST_CPU_C_ABI],
[
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([gl_C_ASM])
AC_CACHE_CHECK([host CPU and C ABI], [gl_cv_host_cpu_c_abi],
[case "$host_cpu" in
changequote(,)dnl
i[34567]86 )
changequote([,])dnl
gl_cv_host_cpu_c_abi=i386
;;
x86_64 )
# On x86_64 systems, the C compiler may be generating code in one of
# these ABIs:
# - 64-bit instruction set, 64-bit pointers, 64-bit 'long': x86_64.
# - 64-bit instruction set, 64-bit pointers, 32-bit 'long': x86_64
# with native Windows (mingw, MSVC).
# - 64-bit instruction set, 32-bit pointers, 32-bit 'long': x86_64-x32.
# - 32-bit instruction set, 32-bit pointers, 32-bit 'long': i386.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if (defined __x86_64__ || defined __amd64__ \
|| defined _M_X64 || defined _M_AMD64)
int ok;
#else
error fail
#endif
]])],
[AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __ILP32__ || defined _ILP32
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=x86_64-x32],
[gl_cv_host_cpu_c_abi=x86_64])],
[gl_cv_host_cpu_c_abi=i386])
;;
changequote(,)dnl
alphaev[4-8] | alphaev56 | alphapca5[67] | alphaev6[78] )
changequote([,])dnl
gl_cv_host_cpu_c_abi=alpha
;;
arm* | aarch64 )
# Assume arm with EABI.
# On arm64 systems, the C compiler may be generating code in one of
# these ABIs:
# - aarch64 instruction set, 64-bit pointers, 64-bit 'long': arm64.
# - aarch64 instruction set, 32-bit pointers, 32-bit 'long': arm64-ilp32.
# - 32-bit instruction set, 32-bit pointers, 32-bit 'long': arm or armhf.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#ifdef __aarch64__
int ok;
#else
error fail
#endif
]])],
[AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __ILP32__ || defined _ILP32
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=arm64-ilp32],
[gl_cv_host_cpu_c_abi=arm64])],
[# Don't distinguish little-endian and big-endian arm, since they
# don't require different machine code for simple operations and
# since the user can distinguish them through the preprocessor
# defines __ARMEL__ vs. __ARMEB__.
# But distinguish arm which passes floating-point arguments and
# return values in integer registers (r0, r1, ...) - this is
# gcc -mfloat-abi=soft or gcc -mfloat-abi=softfp - from arm which
# passes them in float registers (s0, s1, ...) and double registers
# (d0, d1, ...) - this is gcc -mfloat-abi=hard. GCC 4.6 or newer
# sets the preprocessor defines __ARM_PCS (for the first case) and
# __ARM_PCS_VFP (for the second case), but older GCC does not.
echo 'double ddd; void func (double dd) { ddd = dd; }' > conftest.c
# Look for a reference to the register d0 in the .s file.
AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS $gl_c_asm_opt conftest.c) >/dev/null 2>&1
if LC_ALL=C grep 'd0,' conftest.$gl_asmext >/dev/null; then
gl_cv_host_cpu_c_abi=armhf
else
gl_cv_host_cpu_c_abi=arm
fi
rm -f conftest*
])
;;
hppa1.0 | hppa1.1 | hppa2.0* | hppa64 )
# On hppa, the C compiler may be generating 32-bit code or 64-bit
# code. In the latter case, it defines _LP64 and __LP64__.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#ifdef __LP64__
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=hppa64],
[gl_cv_host_cpu_c_abi=hppa])
;;
ia64* )
# On ia64 on HP-UX, the C compiler may be generating 64-bit code or
# 32-bit code. In the latter case, it defines _ILP32.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#ifdef _ILP32
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=ia64-ilp32],
[gl_cv_host_cpu_c_abi=ia64])
;;
mips* )
# We should also check for (_MIPS_SZPTR == 64), but gcc keeps this
# at 32.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined _MIPS_SZLONG && (_MIPS_SZLONG == 64)
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=mips64],
[# In the n32 ABI, _ABIN32 is defined, _ABIO32 is not defined (but
# may later get defined by <sgidefs.h>), and _MIPS_SIM == _ABIN32.
# In the 32 ABI, _ABIO32 is defined, _ABIN32 is not defined (but
# may later get defined by <sgidefs.h>), and _MIPS_SIM == _ABIO32.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if (_MIPS_SIM == _ABIN32)
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=mipsn32],
[gl_cv_host_cpu_c_abi=mips])])
;;
powerpc* )
# Different ABIs are in use on AIX vs. Mac OS X vs. Linux,*BSD.
# No need to distinguish them here; the caller may distinguish
# them based on the OS.
# On powerpc64 systems, the C compiler may still be generating
# 32-bit code. And on powerpc-ibm-aix systems, the C compiler may
# be generating 64-bit code.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __powerpc64__ || defined __LP64__
int ok;
#else
error fail
#endif
]])],
[# On powerpc64, there are two ABIs on Linux: The AIX compatible
# one and the ELFv2 one. The latter defines _CALL_ELF=2.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined _CALL_ELF && _CALL_ELF == 2
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=powerpc64-elfv2],
[gl_cv_host_cpu_c_abi=powerpc64])
],
[gl_cv_host_cpu_c_abi=powerpc])
;;
rs6000 )
gl_cv_host_cpu_c_abi=powerpc
;;
riscv32 | riscv64 )
# There are 2 architectures (with variants): rv32* and rv64*.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if __riscv_xlen == 64
int ok;
#else
error fail
#endif
]])],
[cpu=riscv64],
[cpu=riscv32])
# There are 6 ABIs: ilp32, ilp32f, ilp32d, lp64, lp64f, lp64d.
# Size of 'long' and 'void *':
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __LP64__
int ok;
#else
error fail
#endif
]])],
[main_abi=lp64],
[main_abi=ilp32])
# Float ABIs:
# __riscv_float_abi_double:
# 'float' and 'double' are passed in floating-point registers.
# __riscv_float_abi_single:
# 'float' are passed in floating-point registers.
# __riscv_float_abi_soft:
# No values are passed in floating-point registers.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __riscv_float_abi_double
int ok;
#else
error fail
#endif
]])],
[float_abi=d],
[AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __riscv_float_abi_single
int ok;
#else
error fail
#endif
]])],
[float_abi=f],
[float_abi=''])
])
gl_cv_host_cpu_c_abi="${cpu}-${main_abi}${float_abi}"
;;
s390* )
# On s390x, the C compiler may be generating 64-bit (= s390x) code
# or 31-bit (= s390) code.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __LP64__ || defined __s390x__
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=s390x],
[gl_cv_host_cpu_c_abi=s390])
;;
sparc | sparc64 )
# UltraSPARCs running Linux have `uname -m` = "sparc64", but the
# C compiler still generates 32-bit code.
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __sparcv9 || defined __arch64__
int ok;
#else
error fail
#endif
]])],
[gl_cv_host_cpu_c_abi=sparc64],
[gl_cv_host_cpu_c_abi=sparc])
;;
*)
gl_cv_host_cpu_c_abi="$host_cpu"
;;
esac
])
dnl In most cases, $HOST_CPU and $HOST_CPU_C_ABI are the same.
HOST_CPU=`echo "$gl_cv_host_cpu_c_abi" | sed -e 's/-.*//'`
HOST_CPU_C_ABI="$gl_cv_host_cpu_c_abi"
AC_SUBST([HOST_CPU])
AC_SUBST([HOST_CPU_C_ABI])
# This was
# AC_DEFINE_UNQUOTED([__${HOST_CPU}__])
# AC_DEFINE_UNQUOTED([__${HOST_CPU_C_ABI}__])
# earlier, but KAI C++ 3.2d doesn't like this.
sed -e 's/-/_/g' >> confdefs.h <<EOF
#ifndef __${HOST_CPU}__
#define __${HOST_CPU}__ 1
#endif
#ifndef __${HOST_CPU_C_ABI}__
#define __${HOST_CPU_C_ABI}__ 1
#endif
EOF
AH_TOP([/* CPU and C ABI indicator */
#ifndef __i386__
#undef __i386__
#endif
#ifndef __x86_64_x32__
#undef __x86_64_x32__
#endif
#ifndef __x86_64__
#undef __x86_64__
#endif
#ifndef __alpha__
#undef __alpha__
#endif
#ifndef __arm__
#undef __arm__
#endif
#ifndef __armhf__
#undef __armhf__
#endif
#ifndef __arm64_ilp32__
#undef __arm64_ilp32__
#endif
#ifndef __arm64__
#undef __arm64__
#endif
#ifndef __hppa__
#undef __hppa__
#endif
#ifndef __hppa64__
#undef __hppa64__
#endif
#ifndef __ia64_ilp32__
#undef __ia64_ilp32__
#endif
#ifndef __ia64__
#undef __ia64__
#endif
#ifndef __loongarch64__
#undef __loongarch64__
#endif
#ifndef __m68k__
#undef __m68k__
#endif
#ifndef __mips__
#undef __mips__
#endif
#ifndef __mipsn32__
#undef __mipsn32__
#endif
#ifndef __mips64__
#undef __mips64__
#endif
#ifndef __powerpc__
#undef __powerpc__
#endif
#ifndef __powerpc64__
#undef __powerpc64__
#endif
#ifndef __powerpc64_elfv2__
#undef __powerpc64_elfv2__
#endif
#ifndef __riscv32__
#undef __riscv32__
#endif
#ifndef __riscv64__
#undef __riscv64__
#endif
#ifndef __riscv32_ilp32__
#undef __riscv32_ilp32__
#endif
#ifndef __riscv32_ilp32f__
#undef __riscv32_ilp32f__
#endif
#ifndef __riscv32_ilp32d__
#undef __riscv32_ilp32d__
#endif
#ifndef __riscv64_ilp32__
#undef __riscv64_ilp32__
#endif
#ifndef __riscv64_ilp32f__
#undef __riscv64_ilp32f__
#endif
#ifndef __riscv64_ilp32d__
#undef __riscv64_ilp32d__
#endif
#ifndef __riscv64_lp64__
#undef __riscv64_lp64__
#endif
#ifndef __riscv64_lp64f__
#undef __riscv64_lp64f__
#endif
#ifndef __riscv64_lp64d__
#undef __riscv64_lp64d__
#endif
#ifndef __s390__
#undef __s390__
#endif
#ifndef __s390x__
#undef __s390x__
#endif
#ifndef __sh__
#undef __sh__
#endif
#ifndef __sparc__
#undef __sparc__
#endif
#ifndef __sparc64__
#undef __sparc64__
#endif
])
])
dnl Sets the HOST_CPU_C_ABI_32BIT variable to 'yes' if the C language ABI
dnl (application binary interface) is a 32-bit one, to 'no' if it is a 64-bit
dnl one.
dnl This is a simplified variant of gl_HOST_CPU_C_ABI.
AC_DEFUN([gl_HOST_CPU_C_ABI_32BIT],
[
AC_REQUIRE([AC_CANONICAL_HOST])
AC_CACHE_CHECK([32-bit host C ABI], [gl_cv_host_cpu_c_abi_32bit],
[case "$host_cpu" in
# CPUs that only support a 32-bit ABI.
arc \
| bfin \
| cris* \
| csky \
| epiphany \
| ft32 \
| h8300 \
| m68k \
| microblaze | microblazeel \
| nds32 | nds32le | nds32be \
| nios2 | nios2eb | nios2el \
| or1k* \
| or32 \
| sh | sh[1234] | sh[1234]e[lb] \
| tic6x \
| xtensa* )
gl_cv_host_cpu_c_abi_32bit=yes
;;
# CPUs that only support a 64-bit ABI.
changequote(,)dnl
alpha | alphaev[4-8] | alphaev56 | alphapca5[67] | alphaev6[78] \
| mmix )
changequote([,])dnl
gl_cv_host_cpu_c_abi_32bit=no
;;
*)
if test -n "$gl_cv_host_cpu_c_abi"; then
dnl gl_HOST_CPU_C_ABI has already been run. Use its result.
case "$gl_cv_host_cpu_c_abi" in
i386 | x86_64-x32 | arm | armhf | arm64-ilp32 | hppa | ia64-ilp32 | mips | mipsn32 | powerpc | riscv*-ilp32* | s390 | sparc)
gl_cv_host_cpu_c_abi_32bit=yes ;;
x86_64 | alpha | arm64 | aarch64c | hppa64 | ia64 | mips64 | powerpc64 | powerpc64-elfv2 | riscv*-lp64* | s390x | sparc64 )
gl_cv_host_cpu_c_abi_32bit=no ;;
*)
gl_cv_host_cpu_c_abi_32bit=unknown ;;
esac
else
gl_cv_host_cpu_c_abi_32bit=unknown
fi
if test $gl_cv_host_cpu_c_abi_32bit = unknown; then
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[int test_pointer_size[sizeof (void *) - 5];
]])],
[gl_cv_host_cpu_c_abi_32bit=no],
[gl_cv_host_cpu_c_abi_32bit=yes])
fi
;;
esac
])
HOST_CPU_C_ABI_32BIT="$gl_cv_host_cpu_c_abi_32bit"
])

170
m4/lib-ld.m4
View File

@@ -1,170 +0,0 @@
# lib-ld.m4
# serial 13
dnl Copyright (C) 1996-2003, 2009-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This file is offered as-is, without any warranty.
dnl Subroutines of libtool.m4,
dnl with replacements s/_*LT_PATH/AC_LIB_PROG/ and s/lt_/acl_/ to avoid
dnl collision with libtool.m4.
dnl From libtool-2.4. Sets the variable with_gnu_ld to yes or no.
AC_DEFUN([AC_LIB_PROG_LD_GNU],
[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], [acl_cv_prog_gnu_ld],
[# I'd rather use --version here, but apparently some GNU lds only accept -v.
case `$LD -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
acl_cv_prog_gnu_ld=yes
;;
*)
acl_cv_prog_gnu_ld=no
;;
esac])
with_gnu_ld=$acl_cv_prog_gnu_ld
])
dnl From libtool-2.4. Sets the variable LD.
AC_DEFUN([AC_LIB_PROG_LD],
[AC_REQUIRE([AC_PROG_CC])dnl
AC_REQUIRE([AC_CANONICAL_HOST])dnl
AC_ARG_WITH([gnu-ld],
[AS_HELP_STRING([[--with-gnu-ld]],
[assume the C compiler uses GNU ld [default=no]])],
[test "$withval" = no || with_gnu_ld=yes],
[with_gnu_ld=no])dnl
# Prepare PATH_SEPARATOR.
# The user is always right.
if test "${PATH_SEPARATOR+set}" != set; then
# Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which
# contains only /bin. Note that ksh looks also at the FPATH variable,
# so we have to set that as well for the test.
PATH_SEPARATOR=:
(PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
&& { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \
|| PATH_SEPARATOR=';'
}
fi
if test -n "$LD"; then
AC_MSG_CHECKING([for ld])
elif test "$GCC" = yes; then
AC_MSG_CHECKING([for ld used by $CC])
elif test "$with_gnu_ld" = yes; then
AC_MSG_CHECKING([for GNU ld])
else
AC_MSG_CHECKING([for non-GNU ld])
fi
if test -n "$LD"; then
# Let the user override the test with a path.
:
else
AC_CACHE_VAL([acl_cv_path_LD],
[
acl_cv_path_LD= # Final result of this test
ac_prog=ld # Program to search in $PATH
if test "$GCC" = yes; then
# Check if gcc -print-prog-name=ld gives a path.
case $host in
*-*-mingw* | windows*)
# gcc leaves a trailing carriage return which upsets mingw
acl_output=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
*)
acl_output=`($CC -print-prog-name=ld) 2>&5` ;;
esac
case $acl_output in
# Accept absolute paths.
[[\\/]]* | ?:[[\\/]]*)
re_direlt='/[[^/]][[^/]]*/\.\./'
# Canonicalize the pathname of ld
acl_output=`echo "$acl_output" | sed 's%\\\\%/%g'`
while echo "$acl_output" | grep "$re_direlt" > /dev/null 2>&1; do
acl_output=`echo $acl_output | sed "s%$re_direlt%/%"`
done
# Got the pathname. No search in PATH is needed.
acl_cv_path_LD="$acl_output"
ac_prog=
;;
"")
# If it fails, then pretend we aren't using GCC.
;;
*)
# If it is relative, then search for the first ld in PATH.
with_gnu_ld=unknown
;;
esac
fi
if test -n "$ac_prog"; then
# Search for $ac_prog in $PATH.
acl_saved_IFS="$IFS"; IFS=$PATH_SEPARATOR
for ac_dir in $PATH; do
IFS="$acl_saved_IFS"
test -z "$ac_dir" && ac_dir=.
if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
acl_cv_path_LD="$ac_dir/$ac_prog"
# Check to see if the program is GNU ld. I'd rather use --version,
# but apparently some variants of GNU ld only accept -v.
# Break only if it was the GNU/non-GNU ld that we prefer.
case `"$acl_cv_path_LD" -v 2>&1 </dev/null` in
*GNU* | *'with BFD'*)
test "$with_gnu_ld" != no && break
;;
*)
test "$with_gnu_ld" != yes && break
;;
esac
fi
done
IFS="$acl_saved_IFS"
fi
case $host in
*-*-aix*)
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __powerpc64__ || defined __LP64__
int ok;
#else
error fail
#endif
]])],
[# The compiler produces 64-bit code. Add option '-b64' so that the
# linker groks 64-bit object files.
case "$acl_cv_path_LD " in
*" -b64 "*) ;;
*) acl_cv_path_LD="$acl_cv_path_LD -b64" ;;
esac
], [])
;;
sparc64-*-netbsd*)
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE(
[[#if defined __sparcv9 || defined __arch64__
int ok;
#else
error fail
#endif
]])],
[],
[# The compiler produces 32-bit code. Add option '-m elf32_sparc'
# so that the linker groks 32-bit object files.
case "$acl_cv_path_LD " in
*" -m elf32_sparc "*) ;;
*) acl_cv_path_LD="$acl_cv_path_LD -m elf32_sparc" ;;
esac
])
;;
esac
])
LD="$acl_cv_path_LD"
fi
if test -n "$LD"; then
AC_MSG_RESULT([$LD])
else
AC_MSG_RESULT([no])
AC_MSG_ERROR([no acceptable ld found in \$PATH])
fi
AC_LIB_PROG_LD_GNU
])

815
m4/lib-link.m4
View File

@@ -1,815 +0,0 @@
# lib-link.m4
# serial 34
dnl Copyright (C) 2001-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This file is offered as-is, without any warranty.
dnl From Bruno Haible.
AC_PREREQ([2.61])
dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
dnl the libraries corresponding to explicit and implicit dependencies.
dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
dnl augments the CPPFLAGS variable.
dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
AC_DEFUN([AC_LIB_LINKFLAGS],
[
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
AC_REQUIRE([AC_LIB_RPATH])
pushdef([Name],[m4_translit([$1],[./+-], [____])])
pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
AC_LIB_LINKFLAGS_BODY([$1], [$2])
ac_cv_lib[]Name[]_libs="$LIB[]NAME"
ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
ac_cv_lib[]Name[]_prefix="$LIB[]NAME[]_PREFIX"
])
LIB[]NAME="$ac_cv_lib[]Name[]_libs"
LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
LIB[]NAME[]_PREFIX="$ac_cv_lib[]Name[]_prefix"
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
AC_SUBST([LIB]NAME)
AC_SUBST([LTLIB]NAME)
AC_SUBST([LIB]NAME[_PREFIX])
dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
dnl results of this search when this library appears as a dependency.
HAVE_LIB[]NAME=yes
popdef([NAME])
popdef([Name])
])
dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode, [missing-message])
dnl searches for libname and the libraries corresponding to explicit and
dnl implicit dependencies, together with the specified include files and
dnl the ability to compile and link the specified testcode. The missing-message
dnl defaults to 'no' and may contain additional hints for the user.
dnl If found, it sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME}
dnl and LTLIB${NAME} variables and augments the CPPFLAGS variable, and
dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
[
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
AC_REQUIRE([AC_LIB_RPATH])
pushdef([Name],[m4_translit([$1],[./+-], [____])])
pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
dnl accordingly.
AC_LIB_LINKFLAGS_BODY([$1], [$2])
dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
dnl because if the user has installed lib[]Name and not disabled its use
dnl via --without-lib[]Name-prefix, he wants to use it.
acl_saved_CPPFLAGS="$CPPFLAGS"
AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
acl_saved_LIBS="$LIBS"
dnl If $LIB[]NAME contains some -l options, add it to the end of LIBS,
dnl because these -l options might require -L options that are present in
dnl LIBS. -l options benefit only from the -L options listed before it.
dnl Otherwise, add it to the front of LIBS, because it may be a static
dnl library that depends on another static library that is present in LIBS.
dnl Static libraries benefit only from the static libraries listed after
dnl it.
case " $LIB[]NAME" in
*" -l"*) LIBS="$LIBS $LIB[]NAME" ;;
*) LIBS="$LIB[]NAME $LIBS" ;;
esac
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[$3]], [[$4]])],
[ac_cv_lib[]Name=yes],
[ac_cv_lib[]Name='m4_if([$5], [], [no], [[$5]])'])
LIBS="$acl_saved_LIBS"
])
if test "$ac_cv_lib[]Name" = yes; then
HAVE_LIB[]NAME=yes
AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the lib][$1 library.])
AC_MSG_CHECKING([how to link with lib[]$1])
AC_MSG_RESULT([$LIB[]NAME])
else
HAVE_LIB[]NAME=no
dnl If $LIB[]NAME didn't lead to a usable library, we don't need
dnl $INC[]NAME either.
CPPFLAGS="$acl_saved_CPPFLAGS"
LIB[]NAME=
LTLIB[]NAME=
LIB[]NAME[]_PREFIX=
fi
AC_SUBST([HAVE_LIB]NAME)
AC_SUBST([LIB]NAME)
AC_SUBST([LTLIB]NAME)
AC_SUBST([LIB]NAME[_PREFIX])
popdef([NAME])
popdef([Name])
])
dnl Determine the platform dependent parameters needed to use rpath:
dnl acl_libext,
dnl acl_shlibext,
dnl acl_libname_spec,
dnl acl_library_names_spec,
dnl acl_hardcode_libdir_flag_spec,
dnl acl_hardcode_libdir_separator,
dnl acl_hardcode_direct,
dnl acl_hardcode_minus_L.
AC_DEFUN([AC_LIB_RPATH],
[
dnl Complain if config.rpath is missing.
AC_REQUIRE_AUX_FILE([config.rpath])
AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
AC_CACHE_CHECK([for shared library run path origin], [acl_cv_rpath], [
CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
. ./conftest.sh
rm -f ./conftest.sh
acl_cv_rpath=done
])
wl="$acl_cv_wl"
acl_libext="$acl_cv_libext"
acl_shlibext="$acl_cv_shlibext"
acl_libname_spec="$acl_cv_libname_spec"
acl_library_names_spec="$acl_cv_library_names_spec"
acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
acl_hardcode_direct="$acl_cv_hardcode_direct"
acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
dnl Determine whether the user wants rpath handling at all.
AC_ARG_ENABLE([rpath],
[ --disable-rpath do not hardcode runtime library paths],
:, enable_rpath=yes)
])
dnl AC_LIB_FROMPACKAGE(name, package)
dnl declares that libname comes from the given package. The configure file
dnl will then not have a --with-libname-prefix option but a
dnl --with-package-prefix option. Several libraries can come from the same
dnl package. This declaration must occur before an AC_LIB_LINKFLAGS or similar
dnl macro call that searches for libname.
AC_DEFUN([AC_LIB_FROMPACKAGE],
[
pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
define([acl_frompackage_]NAME, [$2])
popdef([NAME])
pushdef([PACK],[$2])
pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
define([acl_libsinpackage_]PACKUP,
m4_ifdef([acl_libsinpackage_]PACKUP, [m4_defn([acl_libsinpackage_]PACKUP)[, ]],)[lib$1])
popdef([PACKUP])
popdef([PACK])
])
dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
dnl the libraries corresponding to explicit and implicit dependencies.
dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found
dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
[
AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
pushdef([NAME],[m4_translit([$1],[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
pushdef([PACK],[m4_ifdef([acl_frompackage_]NAME, [acl_frompackage_]NAME, lib[$1])])
pushdef([PACKUP],[m4_translit(PACK,[abcdefghijklmnopqrstuvwxyz./+-],
[ABCDEFGHIJKLMNOPQRSTUVWXYZ____])])
pushdef([PACKLIBS],[m4_ifdef([acl_frompackage_]NAME, [acl_libsinpackage_]PACKUP, lib[$1])])
dnl By default, look in $includedir and $libdir.
use_additional=yes
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
eval additional_libdir2=\"$exec_prefix/$acl_libdirstem2\"
eval additional_libdir3=\"$exec_prefix/$acl_libdirstem3\"
])
AC_ARG_WITH(PACK[-prefix],
[[ --with-]]PACK[[-prefix[=DIR] search for ]]PACKLIBS[[ in DIR/include and DIR/lib
--without-]]PACK[[-prefix don't search for ]]PACKLIBS[[ in includedir and libdir]],
[
if test "X$withval" = "Xno"; then
use_additional=no
else
if test "X$withval" = "X"; then
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
eval additional_libdir2=\"$exec_prefix/$acl_libdirstem2\"
eval additional_libdir3=\"$exec_prefix/$acl_libdirstem3\"
])
else
additional_includedir="$withval/include"
additional_libdir="$withval/$acl_libdirstem"
additional_libdir2="$withval/$acl_libdirstem2"
additional_libdir3="$withval/$acl_libdirstem3"
fi
fi
])
if test "X$additional_libdir2" = "X$additional_libdir"; then
additional_libdir2=
fi
if test "X$additional_libdir3" = "X$additional_libdir"; then
additional_libdir3=
fi
dnl Search the library and its dependencies in $additional_libdir and
dnl $LDFLAGS. Use breadth-first search.
LIB[]NAME=
LTLIB[]NAME=
INC[]NAME=
LIB[]NAME[]_PREFIX=
dnl HAVE_LIB${NAME} is an indicator that LIB${NAME}, LTLIB${NAME} have been
dnl computed. So it has to be reset here.
HAVE_LIB[]NAME=
rpathdirs=
ltrpathdirs=
names_already_handled=
names_next_round='$1 $2'
while test -n "$names_next_round"; do
names_this_round="$names_next_round"
names_next_round=
for name in $names_this_round; do
already_handled=
for n in $names_already_handled; do
if test "$n" = "$name"; then
already_handled=yes
break
fi
done
if test -z "$already_handled"; then
names_already_handled="$names_already_handled $name"
dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
dnl or AC_LIB_HAVE_LINKFLAGS call.
uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'`
eval value=\"\$HAVE_LIB$uppername\"
if test -n "$value"; then
if test "$value" = yes; then
eval value=\"\$LIB$uppername\"
test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
eval value=\"\$LTLIB$uppername\"
test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
else
dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
dnl that this library doesn't exist. So just drop it.
:
fi
else
dnl Search the library lib$name in $additional_libdir and $LDFLAGS
dnl and the already constructed $LIBNAME/$LTLIBNAME.
found_dir=
found_la=
found_so=
found_a=
eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
if test -n "$acl_shlibext"; then
shrext=".$acl_shlibext" # typically: shrext=.so
else
shrext=
fi
if test $use_additional = yes; then
for additional_libdir_variable in additional_libdir additional_libdir2 additional_libdir3; do
if test "X$found_dir" = "X"; then
eval dir=\$$additional_libdir_variable
if test -n "$dir"; then
dnl The same code as in the loop below:
dnl First look for a shared library.
if test -n "$acl_shlibext"; then
if test -f "$dir/$libname$shrext" && acl_is_expected_elfclass < "$dir/$libname$shrext"; then
found_dir="$dir"
found_so="$dir/$libname$shrext"
else
if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
ver=`(cd "$dir" && \
for f in "$libname$shrext".*; do echo "$f"; done \
| sed -e "s,^$libname$shrext\\\\.,," \
| sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
| sed 1q ) 2>/dev/null`
if test -n "$ver" && test -f "$dir/$libname$shrext.$ver" && acl_is_expected_elfclass < "$dir/$libname$shrext.$ver"; then
found_dir="$dir"
found_so="$dir/$libname$shrext.$ver"
fi
else
eval library_names=\"$acl_library_names_spec\"
for f in $library_names; do
if test -f "$dir/$f" && acl_is_expected_elfclass < "$dir/$f"; then
found_dir="$dir"
found_so="$dir/$f"
break
fi
done
fi
fi
fi
dnl Then look for a static library.
if test "X$found_dir" = "X"; then
if test -f "$dir/$libname.$acl_libext" && ${AR-ar} -p "$dir/$libname.$acl_libext" | acl_is_expected_elfclass; then
found_dir="$dir"
found_a="$dir/$libname.$acl_libext"
fi
fi
if test "X$found_dir" != "X"; then
if test -f "$dir/$libname.la"; then
found_la="$dir/$libname.la"
fi
fi
fi
fi
done
fi
if test "X$found_dir" = "X"; then
for x in $LDFLAGS $LTLIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
case "$x" in
-L*)
dir=`echo "X$x" | sed -e 's/^X-L//'`
dnl First look for a shared library.
if test -n "$acl_shlibext"; then
if test -f "$dir/$libname$shrext" && acl_is_expected_elfclass < "$dir/$libname$shrext"; then
found_dir="$dir"
found_so="$dir/$libname$shrext"
else
if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
ver=`(cd "$dir" && \
for f in "$libname$shrext".*; do echo "$f"; done \
| sed -e "s,^$libname$shrext\\\\.,," \
| sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
| sed 1q ) 2>/dev/null`
if test -n "$ver" && test -f "$dir/$libname$shrext.$ver" && acl_is_expected_elfclass < "$dir/$libname$shrext.$ver"; then
found_dir="$dir"
found_so="$dir/$libname$shrext.$ver"
fi
else
eval library_names=\"$acl_library_names_spec\"
for f in $library_names; do
if test -f "$dir/$f" && acl_is_expected_elfclass < "$dir/$f"; then
found_dir="$dir"
found_so="$dir/$f"
break
fi
done
fi
fi
fi
dnl Then look for a static library.
if test "X$found_dir" = "X"; then
if test -f "$dir/$libname.$acl_libext" && ${AR-ar} -p "$dir/$libname.$acl_libext" | acl_is_expected_elfclass; then
found_dir="$dir"
found_a="$dir/$libname.$acl_libext"
fi
fi
if test "X$found_dir" != "X"; then
if test -f "$dir/$libname.la"; then
found_la="$dir/$libname.la"
fi
fi
;;
esac
if test "X$found_dir" != "X"; then
break
fi
done
fi
if test "X$found_dir" != "X"; then
dnl Found the library.
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
if test "X$found_so" != "X"; then
dnl Linking with a shared library. We attempt to hardcode its
dnl directory into the executable's runpath, unless it's the
dnl standard /usr/lib.
if test "$enable_rpath" = no \
|| test "X$found_dir" = "X/usr/$acl_libdirstem" \
|| test "X$found_dir" = "X/usr/$acl_libdirstem2" \
|| test "X$found_dir" = "X/usr/$acl_libdirstem3"; then
dnl No hardcoding is needed.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
dnl Use an explicit option to hardcode DIR into the resulting
dnl binary.
dnl Potentially add DIR to ltrpathdirs.
dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
haveit=
for x in $ltrpathdirs; do
if test "X$x" = "X$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
ltrpathdirs="$ltrpathdirs $found_dir"
fi
dnl The hardcoding into $LIBNAME is system dependent.
if test "$acl_hardcode_direct" = yes; then
dnl Using DIR/libNAME.so during linking hardcodes DIR into the
dnl resulting binary.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
dnl Use an explicit option to hardcode DIR into the resulting
dnl binary.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
dnl Potentially add DIR to rpathdirs.
dnl The rpathdirs will be appended to $LIBNAME at the end.
haveit=
for x in $rpathdirs; do
if test "X$x" = "X$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
rpathdirs="$rpathdirs $found_dir"
fi
else
dnl Rely on "-L$found_dir".
dnl But don't add it if it's already contained in the LDFLAGS
dnl or the already constructed $LIBNAME
haveit=
for x in $LDFLAGS $LIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$found_dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
fi
if test "$acl_hardcode_minus_L" != no; then
dnl FIXME: Not sure whether we should use
dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
dnl here.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
else
dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH
dnl here, because this doesn't fit in flags passed to the
dnl compiler. So give up. No hardcoding. This affects only
dnl very old systems.
dnl FIXME: Not sure whether we should use
dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
dnl here.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
fi
fi
fi
fi
else
if test "X$found_a" != "X"; then
dnl Linking with a static library.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
else
dnl We shouldn't come here, but anyway it's good to have a
dnl fallback.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
fi
fi
dnl Assume the include files are nearby.
additional_includedir=
case "$found_dir" in
*/$acl_libdirstem | */$acl_libdirstem/)
basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
if test "$name" = '$1'; then
LIB[]NAME[]_PREFIX="$basedir"
fi
additional_includedir="$basedir/include"
;;
*/$acl_libdirstem2 | */$acl_libdirstem2/)
basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'`
if test "$name" = '$1'; then
LIB[]NAME[]_PREFIX="$basedir"
fi
additional_includedir="$basedir/include"
;;
*/$acl_libdirstem3 | */$acl_libdirstem3/)
basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem3/"'*$,,'`
if test "$name" = '$1'; then
LIB[]NAME[]_PREFIX="$basedir"
fi
additional_includedir="$basedir/include"
;;
esac
if test "X$additional_includedir" != "X"; then
dnl Potentially add $additional_includedir to $INCNAME.
dnl But don't add it
dnl 1. if it's the standard /usr/include,
dnl 2. if it's /usr/local/include and we are using GCC on Linux,
dnl 3. if it's already present in $CPPFLAGS or the already
dnl constructed $INCNAME,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_includedir" != "X/usr/include"; then
haveit=
if test "X$additional_includedir" = "X/usr/local/include"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
for x in $CPPFLAGS $INC[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-I$additional_includedir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$additional_includedir"; then
dnl Really add $additional_includedir to $INCNAME.
INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
fi
fi
fi
fi
fi
dnl Look for dependencies.
if test -n "$found_la"; then
dnl Read the .la file. It defines the variables
dnl dlname, library_names, old_library, dependency_libs, current,
dnl age, revision, installed, dlopen, dlpreopen, libdir.
saved_libdir="$libdir"
case "$found_la" in
*/* | *\\*) . "$found_la" ;;
*) . "./$found_la" ;;
esac
libdir="$saved_libdir"
dnl We use only dependency_libs.
for dep in $dependency_libs; do
case "$dep" in
-L*)
dependency_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
dnl Potentially add $dependency_libdir to $LIBNAME and $LTLIBNAME.
dnl But don't add it
dnl 1. if it's the standard /usr/lib,
dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
dnl 3. if it's already present in $LDFLAGS or the already
dnl constructed $LIBNAME,
dnl 4. if it doesn't exist as a directory.
if test "X$dependency_libdir" != "X/usr/$acl_libdirstem" \
&& test "X$dependency_libdir" != "X/usr/$acl_libdirstem2" \
&& test "X$dependency_libdir" != "X/usr/$acl_libdirstem3"; then
haveit=
if test "X$dependency_libdir" = "X/usr/local/$acl_libdirstem" \
|| test "X$dependency_libdir" = "X/usr/local/$acl_libdirstem2" \
|| test "X$dependency_libdir" = "X/usr/local/$acl_libdirstem3"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
haveit=
for x in $LDFLAGS $LIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$dependency_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$dependency_libdir"; then
dnl Really add $dependency_libdir to $LIBNAME.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$dependency_libdir"
fi
fi
haveit=
for x in $LDFLAGS $LTLIB[]NAME; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$dependency_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test -d "$dependency_libdir"; then
dnl Really add $dependency_libdir to $LTLIBNAME.
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$dependency_libdir"
fi
fi
fi
fi
;;
-R*)
dir=`echo "X$dep" | sed -e 's/^X-R//'`
if test "$enable_rpath" != no; then
dnl Potentially add DIR to rpathdirs.
dnl The rpathdirs will be appended to $LIBNAME at the end.
haveit=
for x in $rpathdirs; do
if test "X$x" = "X$dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
rpathdirs="$rpathdirs $dir"
fi
dnl Potentially add DIR to ltrpathdirs.
dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
haveit=
for x in $ltrpathdirs; do
if test "X$x" = "X$dir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
ltrpathdirs="$ltrpathdirs $dir"
fi
fi
;;
-l*)
dnl Handle this in the next round.
dnl But on GNU systems, ignore -lc options, because
dnl - linking with libc is the default anyway,
dnl - linking with libc.a may produce an error
dnl "/usr/bin/ld: dynamic STT_GNU_IFUNC symbol `strcmp' with pointer equality in `/usr/lib/libc.a(strcmp.o)' can not be used when making an executable; recompile with -fPIE and relink with -pie"
dnl or may produce an executable that always crashes, see
dnl <https://lists.gnu.org/archive/html/grep-devel/2020-09/msg00052.html>.
dep=`echo "X$dep" | sed -e 's/^X-l//'`
if test "X$dep" != Xc \
|| case $host_os in
linux* | gnu* | k*bsd*-gnu) false ;;
*) true ;;
esac; then
names_next_round="$names_next_round $dep"
fi
;;
*.la)
dnl Handle this in the next round. Throw away the .la's
dnl directory; it is already contained in a preceding -L
dnl option.
names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
;;
*)
dnl Most likely an immediate library name.
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
;;
esac
done
fi
else
dnl Didn't find the library; assume it is in the system directories
dnl known to the linker and runtime loader. (All the system
dnl directories known to the linker should also be known to the
dnl runtime loader, otherwise the system is severely misconfigured.)
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
fi
fi
fi
done
done
if test "X$rpathdirs" != "X"; then
if test -n "$acl_hardcode_libdir_separator"; then
dnl Weird platform: only the last -rpath option counts, the user must
dnl pass all path elements in one option. We can arrange that for a
dnl single library, but not when more than one $LIBNAMEs are used.
alldirs=
for found_dir in $rpathdirs; do
alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
done
dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl.
acl_saved_libdir="$libdir"
libdir="$alldirs"
eval flag=\"$acl_hardcode_libdir_flag_spec\"
libdir="$acl_saved_libdir"
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
else
dnl The -rpath options are cumulative.
for found_dir in $rpathdirs; do
acl_saved_libdir="$libdir"
libdir="$found_dir"
eval flag=\"$acl_hardcode_libdir_flag_spec\"
libdir="$acl_saved_libdir"
LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
done
fi
fi
if test "X$ltrpathdirs" != "X"; then
dnl When using libtool, the option that works for both libraries and
dnl executables is -R. The -R options are cumulative.
for found_dir in $ltrpathdirs; do
LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
done
fi
popdef([PACKLIBS])
popdef([PACKUP])
popdef([PACK])
popdef([NAME])
])
dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
dnl unless already present in VAR.
dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
dnl contains two or three consecutive elements that belong together.
AC_DEFUN([AC_LIB_APPENDTOVAR],
[
for element in [$2]; do
haveit=
for x in $[$1]; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X$element"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
[$1]="${[$1]}${[$1]:+ }$element"
fi
done
])
dnl For those cases where a variable contains several -L and -l options
dnl referring to unknown libraries and directories, this macro determines the
dnl necessary additional linker options for the runtime path.
dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL])
dnl sets LDADDVAR to linker options needed together with LIBSVALUE.
dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed,
dnl otherwise linking without libtool is assumed.
AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS],
[
AC_REQUIRE([AC_LIB_RPATH])
AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
$1=
if test "$enable_rpath" != no; then
if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
dnl Use an explicit option to hardcode directories into the resulting
dnl binary.
rpathdirs=
next=
for opt in $2; do
if test -n "$next"; then
dir="$next"
dnl No need to hardcode the standard /usr/lib.
if test "X$dir" != "X/usr/$acl_libdirstem" \
&& test "X$dir" != "X/usr/$acl_libdirstem2" \
&& test "X$dir" != "X/usr/$acl_libdirstem3"; then
rpathdirs="$rpathdirs $dir"
fi
next=
else
case $opt in
-L) next=yes ;;
-L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'`
dnl No need to hardcode the standard /usr/lib.
if test "X$dir" != "X/usr/$acl_libdirstem" \
&& test "X$dir" != "X/usr/$acl_libdirstem2" \
&& test "X$dir" != "X/usr/$acl_libdirstem3"; then
rpathdirs="$rpathdirs $dir"
fi
next= ;;
*) next= ;;
esac
fi
done
if test "X$rpathdirs" != "X"; then
if test -n ""$3""; then
dnl libtool is used for linking. Use -R options.
for dir in $rpathdirs; do
$1="${$1}${$1:+ }-R$dir"
done
else
dnl The linker is used for linking directly.
if test -n "$acl_hardcode_libdir_separator"; then
dnl Weird platform: only the last -rpath option counts, the user
dnl must pass all path elements in one option.
alldirs=
for dir in $rpathdirs; do
alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir"
done
acl_saved_libdir="$libdir"
libdir="$alldirs"
eval flag=\"$acl_hardcode_libdir_flag_spec\"
libdir="$acl_saved_libdir"
$1="$flag"
else
dnl The -rpath options are cumulative.
for dir in $rpathdirs; do
acl_saved_libdir="$libdir"
libdir="$dir"
eval flag=\"$acl_hardcode_libdir_flag_spec\"
libdir="$acl_saved_libdir"
$1="${$1}${$1:+ }$flag"
done
fi
fi
fi
fi
fi
AC_SUBST([$1])
])

334
m4/lib-prefix.m4
View File

@@ -1,334 +0,0 @@
# lib-prefix.m4
# serial 23
dnl Copyright (C) 2001-2005, 2008-2024 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
dnl with or without modifications, as long as this notice is preserved.
dnl This file is offered as-is, without any warranty.
dnl From Bruno Haible.
dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
dnl to access previously installed libraries. The basic assumption is that
dnl a user will want packages to use other packages he previously installed
dnl with the same --prefix option.
dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
dnl libraries, but is otherwise very convenient.
AC_DEFUN([AC_LIB_PREFIX],
[
AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
AC_REQUIRE([AC_PROG_CC])
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
dnl By default, look in $includedir and $libdir.
use_additional=yes
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
AC_ARG_WITH([lib-prefix],
[[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
--without-lib-prefix don't search for libraries in includedir and libdir]],
[
if test "X$withval" = "Xno"; then
use_additional=no
else
if test "X$withval" = "X"; then
AC_LIB_WITH_FINAL_PREFIX([
eval additional_includedir=\"$includedir\"
eval additional_libdir=\"$libdir\"
])
else
additional_includedir="$withval/include"
additional_libdir="$withval/$acl_libdirstem"
fi
fi
])
if test $use_additional = yes; then
dnl Potentially add $additional_includedir to $CPPFLAGS.
dnl But don't add it
dnl 1. if it's the standard /usr/include,
dnl 2. if it's already present in $CPPFLAGS,
dnl 3. if it's /usr/local/include and we are using GCC on Linux,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_includedir" != "X/usr/include"; then
haveit=
for x in $CPPFLAGS; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-I$additional_includedir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test "X$additional_includedir" = "X/usr/local/include"; then
if test -n "$GCC"; then
case $host_os in
linux* | gnu* | k*bsd*-gnu) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
if test -d "$additional_includedir"; then
dnl Really add $additional_includedir to $CPPFLAGS.
CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
fi
fi
fi
fi
dnl Potentially add $additional_libdir to $LDFLAGS.
dnl But don't add it
dnl 1. if it's the standard /usr/lib,
dnl 2. if it's already present in $LDFLAGS,
dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
dnl 4. if it doesn't exist as a directory.
if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
haveit=
for x in $LDFLAGS; do
AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
if test "X$x" = "X-L$additional_libdir"; then
haveit=yes
break
fi
done
if test -z "$haveit"; then
if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
if test -n "$GCC"; then
case $host_os in
linux*) haveit=yes;;
esac
fi
fi
if test -z "$haveit"; then
if test -d "$additional_libdir"; then
dnl Really add $additional_libdir to $LDFLAGS.
LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
fi
fi
fi
fi
fi
])
dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
dnl acl_final_exec_prefix, containing the values to which $prefix and
dnl $exec_prefix will expand at the end of the configure script.
AC_DEFUN([AC_LIB_PREPARE_PREFIX],
[
dnl Unfortunately, prefix and exec_prefix get only finally determined
dnl at the end of configure.
if test "X$prefix" = "XNONE"; then
acl_final_prefix="$ac_default_prefix"
else
acl_final_prefix="$prefix"
fi
if test "X$exec_prefix" = "XNONE"; then
acl_final_exec_prefix='${prefix}'
else
acl_final_exec_prefix="$exec_prefix"
fi
acl_saved_prefix="$prefix"
prefix="$acl_final_prefix"
eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
prefix="$acl_saved_prefix"
])
dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
dnl variables prefix and exec_prefix bound to the values they will have
dnl at the end of the configure script.
AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
[
acl_saved_prefix="$prefix"
prefix="$acl_final_prefix"
acl_saved_exec_prefix="$exec_prefix"
exec_prefix="$acl_final_exec_prefix"
$1
exec_prefix="$acl_saved_exec_prefix"
prefix="$acl_saved_prefix"
])
dnl AC_LIB_PREPARE_MULTILIB creates
dnl - a function acl_is_expected_elfclass, that tests whether standard input
dn; has a 32-bit or 64-bit ELF header, depending on the host CPU ABI,
dnl - 3 variables acl_libdirstem, acl_libdirstem2, acl_libdirstem3, containing
dnl the basename of the libdir to try in turn, either "lib" or "lib64" or
dnl "lib/64" or "lib32" or "lib/sparcv9" or "lib/amd64" or similar.
AC_DEFUN([AC_LIB_PREPARE_MULTILIB],
[
dnl There is no formal standard regarding lib, lib32, and lib64.
dnl On most glibc systems, the current practice is that on a system supporting
dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under
dnl $prefix/lib64 and 32-bit libraries go under $prefix/lib. However, on
dnl Arch Linux based distributions, it's the opposite: 32-bit libraries go
dnl under $prefix/lib32 and 64-bit libraries go under $prefix/lib.
dnl We determine the compiler's default mode by looking at the compiler's
dnl library search path. If at least one of its elements ends in /lib64 or
dnl points to a directory whose absolute pathname ends in /lib64, we use that
dnl for 64-bit ABIs. Similarly for 32-bit ABIs. Otherwise we use the default,
dnl namely "lib".
dnl On Solaris systems, the current practice is that on a system supporting
dnl 32-bit and 64-bit instruction sets or ABIs, 64-bit libraries go under
dnl $prefix/lib/64 (which is a symlink to either $prefix/lib/sparcv9 or
dnl $prefix/lib/amd64) and 32-bit libraries go under $prefix/lib.
AC_REQUIRE([AC_CANONICAL_HOST])
AC_REQUIRE([gl_HOST_CPU_C_ABI_32BIT])
AC_CACHE_CHECK([for ELF binary format], [gl_cv_elf],
[AC_EGREP_CPP([Extensible Linking Format],
[#if defined __ELF__ || (defined __linux__ && (defined __EDG__ || defined __SUNPRO_C))
Extensible Linking Format
#endif
],
[gl_cv_elf=yes],
[gl_cv_elf=no])
])
if test $gl_cv_elf = yes; then
# Extract the ELF class of a file (5th byte) in decimal.
# Cf. https://en.wikipedia.org/wiki/Executable_and_Linkable_Format#File_header
if od -A x < /dev/null >/dev/null 2>/dev/null; then
# Use POSIX od.
func_elfclass ()
{
od -A n -t d1 -j 4 -N 1
}
else
# Use BSD hexdump.
func_elfclass ()
{
dd bs=1 count=1 skip=4 2>/dev/null | hexdump -e '1/1 "%3d "'
echo
}
fi
# Use 'expr', not 'test', to compare the values of func_elfclass, because on
# Solaris 11 OpenIndiana and Solaris 11 OmniOS, the result is 001 or 002,
# not 1 or 2.
changequote(,)dnl
case $HOST_CPU_C_ABI_32BIT in
yes)
# 32-bit ABI.
acl_is_expected_elfclass ()
{
expr "`func_elfclass | sed -e 's/[ ]//g'`" = 1 > /dev/null
}
;;
no)
# 64-bit ABI.
acl_is_expected_elfclass ()
{
expr "`func_elfclass | sed -e 's/[ ]//g'`" = 2 > /dev/null
}
;;
*)
# Unknown.
acl_is_expected_elfclass ()
{
:
}
;;
esac
changequote([,])dnl
else
acl_is_expected_elfclass ()
{
:
}
fi
dnl Allow the user to override the result by setting acl_cv_libdirstems.
AC_CACHE_CHECK([for the common suffixes of directories in the library search path],
[acl_cv_libdirstems],
[dnl Try 'lib' first, because that's the default for libdir in GNU, see
dnl <https://www.gnu.org/prep/standards/html_node/Directory-Variables.html>.
acl_libdirstem=lib
acl_libdirstem2=
acl_libdirstem3=
case "$host_os" in
solaris*)
dnl See Solaris 10 Software Developer Collection > Solaris 64-bit Developer's Guide > The Development Environment
dnl <https://docs.oracle.com/cd/E19253-01/816-5138/dev-env/index.html>.
dnl "Portable Makefiles should refer to any library directories using the 64 symbolic link."
dnl But we want to recognize the sparcv9 or amd64 subdirectory also if the
dnl symlink is missing, so we set acl_libdirstem2 too.
if test $HOST_CPU_C_ABI_32BIT = no; then
acl_libdirstem2=lib/64
case "$host_cpu" in
sparc*) acl_libdirstem3=lib/sparcv9 ;;
i*86 | x86_64) acl_libdirstem3=lib/amd64 ;;
esac
fi
;;
netbsd*)
dnl On NetBSD/sparc64, there is a 'sparc' subdirectory that contains
dnl 32-bit libraries.
if test $HOST_CPU_C_ABI_32BIT != no; then
case "$host_cpu" in
sparc*) acl_libdirstem2=lib/sparc ;;
esac
fi
;;
*)
dnl If $CC generates code for a 32-bit ABI, the libraries are
dnl surely under $prefix/lib or $prefix/lib32, not $prefix/lib64.
dnl Similarly, if $CC generates code for a 64-bit ABI, the libraries
dnl are surely under $prefix/lib or $prefix/lib64, not $prefix/lib32.
dnl Find the compiler's search path. However, non-system compilers
dnl sometimes have odd library search paths. But we can't simply invoke
dnl '/usr/bin/gcc -print-search-dirs' because that would not take into
dnl account the -m32/-m31 or -m64 options from the $CC or $CFLAGS.
searchpath=`(LC_ALL=C $CC $CPPFLAGS $CFLAGS -print-search-dirs) 2>/dev/null \
| sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
if test $HOST_CPU_C_ABI_32BIT != no; then
# 32-bit or unknown ABI.
if test -d /usr/lib32; then
acl_libdirstem2=lib32
fi
fi
if test $HOST_CPU_C_ABI_32BIT != yes; then
# 64-bit or unknown ABI.
if test -d /usr/lib64; then
acl_libdirstem3=lib64
fi
fi
if test -n "$searchpath"; then
acl_saved_IFS="${IFS= }"; IFS=":"
for searchdir in $searchpath; do
if test -d "$searchdir"; then
case "$searchdir" in
*/lib32/ | */lib32 ) acl_libdirstem2=lib32 ;;
*/lib64/ | */lib64 ) acl_libdirstem3=lib64 ;;
*/../ | */.. )
# Better ignore directories of this form. They are misleading.
;;
*) searchdir=`cd "$searchdir" && pwd`
case "$searchdir" in
*/lib32 ) acl_libdirstem2=lib32 ;;
*/lib64 ) acl_libdirstem3=lib64 ;;
esac ;;
esac
fi
done
IFS="$acl_saved_IFS"
if test $HOST_CPU_C_ABI_32BIT = yes; then
# 32-bit ABI.
acl_libdirstem3=
fi
if test $HOST_CPU_C_ABI_32BIT = no; then
# 64-bit ABI.
acl_libdirstem2=
fi
fi
;;
esac
test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem"
test -n "$acl_libdirstem3" || acl_libdirstem3="$acl_libdirstem"
acl_cv_libdirstems="$acl_libdirstem,$acl_libdirstem2,$acl_libdirstem3"
])
dnl Decompose acl_cv_libdirstems into acl_libdirstem, acl_libdirstem2, and
dnl acl_libdirstem3.
changequote(,)dnl
acl_libdirstem=`echo "$acl_cv_libdirstems" | sed -e 's/,.*//'`
acl_libdirstem2=`echo "$acl_cv_libdirstems" | sed -e 's/^[^,]*,//' -e 's/,.*//'`
acl_libdirstem3=`echo "$acl_cv_libdirstems" | sed -e 's/^[^,]*,[^,]*,//' -e 's/,.*//'`
changequote([,])dnl
])

402
meson.build Normal file
View File

@@ -0,0 +1,402 @@
project('ocserv', 'c',
version: '1.4.2',
license: 'GPL-2.0-or-later',
meson_version: '>= 0.53.0',
default_options: ['c_std=c99', 'warning_level=2'],
)
cc = meson.get_compiler('c')
fs = import('fs')
# --------------------------------------------------------------------------
# Compiler flags
# --------------------------------------------------------------------------
warn_flags = cc.get_supported_arguments([
'-Wno-strict-aliasing',
'-Wno-unused-parameter',
'-Wno-sign-compare',
'-Wno-missing-field-initializers',
'-Wno-implicit-fallthrough',
'-Wno-stringop-truncation',
])
if get_option('with-werror')
warn_flags += ['-Werror']
endif
add_project_arguments(warn_flags, language: 'c')
# _GNU_SOURCE and friends (AC_USE_SYSTEM_EXTENSIONS)
add_project_arguments('-D_GNU_SOURCE', language: 'c')
# --------------------------------------------------------------------------
# Required tools
# --------------------------------------------------------------------------
gperf = find_program('gperf')
protoc_c = find_program('protoc-c')
ipcalc = find_program(['ipcalc', 'ipcalc-ng'], required: true)
# --------------------------------------------------------------------------
# Required dependencies
# --------------------------------------------------------------------------
gnutls_dep = dependency('gnutls', version: '>= 3.3.0')
nettle_dep = dependency('nettle', version: '>= 2.7')
libev_dep = cc.find_library('ev', required: true)
# --------------------------------------------------------------------------
# Optional dependencies
# --------------------------------------------------------------------------
opt_pam = get_option('pam')
opt_radius = get_option('radius')
opt_gssapi = get_option('gssapi')
opt_liboath = get_option('liboath')
opt_libnl = get_option('libnl')
opt_maxmind = get_option('maxmind')
opt_geoip = get_option('geoip')
opt_lz4 = get_option('lz4')
opt_seccomp = get_option('seccomp')
opt_systemd = get_option('systemd')
opt_oidc = get_option('oidc-auth')
opt_utmp = get_option('utmp')
opt_wrap = get_option('libwrap')
# talloc: system or bundled
talloc_dep = dependency('', required: false)
if not get_option('local-talloc')
talloc_dep = dependency('talloc', required: false)
if not talloc_dep.found()
talloc_dep = cc.find_library('talloc', required: false)
endif
endif
use_local_talloc = not talloc_dep.found()
# llhttp: system or bundled
llhttp_dep = dependency('', required: false)
if not get_option('local-llhttp')
llhttp_dep = cc.find_library('llhttp',
has_headers: ['llhttp.h'], required: false)
endif
use_local_llhttp = not llhttp_dep.found()
# protobuf-c: system or bundled
protobuf_dep = dependency('', required: false)
if not get_option('local-protobuf')
protobuf_dep = dependency('libprotobuf-c', required: false)
if not protobuf_dep.found()
protobuf_dep = cc.find_library('protobuf-c',
has_headers: ['protobuf-c/protobuf-c.h'], required: false)
endif
endif
use_local_protobuf = not protobuf_dep.found()
# PCL: system or bundled
pcl_dep = dependency('', required: false)
if not get_option('local-pcl')
pcl_dep = cc.find_library('pcl',
has_headers: ['pcl.h'], required: false)
endif
use_local_pcl = not pcl_dep.found()
# PAM
pam_dep = dependency('', required: false)
if not opt_pam.disabled()
pam_dep = cc.find_library('pam',
has_headers: ['security/pam_appl.h'],
required: opt_pam)
endif
# RADIUS: try radcli first, then freeradius-client
radcli_dep = dependency('', required: false)
legacy_radius = false
if not opt_radius.disabled()
radcli_dep = dependency('radcli', version: '>= 1.2.5', required: false)
if not radcli_dep.found()
radcli_dep = cc.find_library('freeradius-client',
has_headers: ['freeradius-client.h'], required: false)
if radcli_dep.found()
legacy_radius = true
endif
endif
if not radcli_dep.found() and opt_radius.enabled()
error('RADIUS support requested but neither radcli nor freeradius-client was found')
endif
endif
# GSSAPI + libtasn1
gssapi_dep = dependency('', required: false)
tasn1_dep = dependency('', required: false)
if not opt_gssapi.disabled()
gssapi_dep = dependency('krb5-gssapi', required: opt_gssapi)
if gssapi_dep.found()
tasn1_dep = dependency('libtasn1', version: '>= 3.4', required: true)
asn1parser = find_program('asn1Parser', required: false)
endif
endif
# liboath
oath_dep = dependency('', required: false)
if not opt_liboath.disabled()
oath_dep = dependency('liboath', required: opt_liboath)
endif
# libnl
libnl_dep = dependency('', required: false)
if not opt_libnl.disabled()
libnl_dep = dependency('libnl-route-3.0', version: '>= 3.1',
required: opt_libnl)
endif
# GeoIP: maxmind first, geoip as fallback
maxmind_dep = dependency('', required: false)
geoip_dep = dependency('', required: false)
if not opt_maxmind.disabled()
maxmind_dep = dependency('libmaxminddb', version: '>= 1.0.0',
required: opt_maxmind)
endif
if not maxmind_dep.found() and not opt_geoip.disabled()
geoip_dep = dependency('geoip', version: '>= 1.6.0', required: opt_geoip)
endif
# readline / libedit
readline_dep = cc.find_library('readline',
has_headers: ['stdio.h', 'readline/readline.h'], required: false)
have_orig_readline = readline_dep.found()
if not readline_dep.found()
readline_dep = dependency('libedit', required: false)
endif
# LZ4 (only meaningful when compression is enabled)
lz4_dep = dependency('', required: false)
compression_enabled = get_option('compression').enabled()
if compression_enabled and not opt_lz4.disabled()
lz4_dep = dependency('liblz4', required: opt_lz4)
endif
# seccomp
seccomp_dep = dependency('', required: false)
if not opt_seccomp.disabled()
seccomp_dep = cc.find_library('seccomp',
has_headers: ['seccomp.h'], required: opt_seccomp)
endif
# systemd
systemd_dep = dependency('', required: false)
if not opt_systemd.disabled()
systemd_dep = cc.find_library('systemd',
has_headers: ['systemd/sd-daemon.h'], required: opt_systemd)
endif
# OIDC
curl_dep = dependency('', required: false)
cjose_dep = dependency('', required: false)
jansson_dep = dependency('', required: false)
oidc_enabled = false
if not opt_oidc.disabled()
curl_dep = dependency('libcurl', required: opt_oidc)
cjose_dep = dependency('cjose', required: opt_oidc)
jansson_dep = dependency('jansson', required: opt_oidc)
oidc_enabled = curl_dep.found() and cjose_dep.found() and jansson_dep.found()
endif
# libwrap (TCP wrappers)
wrap_dep = dependency('', required: false)
if not opt_wrap.disabled()
wrap_dep = cc.find_library('wrap',
has_headers: ['tcpd.h'], required: false)
endif
# libcrypt
crypt_dep = cc.find_library('crypt', required: false)
# libutil (utmp)
util_dep = dependency('', required: false)
if not opt_utmp.disabled()
util_dep = cc.find_library('util',
has_headers: ['utmpx.h'], required: false)
endif
# libm (for latency stats)
libm_dep = cc.find_library('m', required: false)
# cwrap (for tests only, not required for build)
cwrap_dep = dependency('uid_wrapper', required: false)
cwrap_sock = dependency('socket_wrapper', required: false)
cwrap_pam_dep = dependency('pam_wrapper', required: false)
cwrap_nss_dep = dependency('nss_wrapper', required: false)
have_cwrap = cwrap_dep.found() and cwrap_sock.found()
have_cwrap_pam = have_cwrap and cwrap_pam_dep.found() \
and oath_dep.found() and pam_dep.found()
have_cwrap_all = have_cwrap_pam and cwrap_nss_dep.found()
# --------------------------------------------------------------------------
# Feature / version checks
# --------------------------------------------------------------------------
broken_cert = gnutls_dep.version().version_compare('< 3.6.3') and \
(gnutls_dep.version().version_compare('>= 3.3.99') or \
gnutls_dep.version().version_compare('< 3.3.25'))
gnutls_new_certs = gnutls_dep.version().version_compare('>= 3.6.0')
old_base64 = nettle_dep.version().version_compare('< 3.0')
latency_enabled = false
if not get_option('latency-stats').disabled()
latency_enabled = cc.has_header('linux/net_tstamp.h') and \
cc.has_type('struct scm_timestamping',
prefix: '#include <time.h>\n#include <linux/errqueue.h>')
endif
adaptive_rate = cc.has_header('linux/netlink.h') and \
cc.has_header('linux/rtnetlink.h') and \
cc.has_header('linux/sock_diag.h') and \
cc.has_header('linux/unix_diag.h')
proc_fs = fs.exists('/proc/self/exe')
try_sha2_crypt = cc.has_header('gnu/libc-version.h')
have_sighandler_t = cc.has_type('sighandler_t',
prefix: '#include <sys/types.h>\n#include <signal.h>')
have_sig_t = cc.has_type('sig_t',
prefix: '#include <sys/types.h>\n#include <signal.h>')
have_sighandler2_t = cc.has_type('__sighandler_t',
prefix: '#include <sys/types.h>\n#include <signal.h>')
have_ucred = cc.has_type('struct ucred',
args: ['-D_GNU_SOURCE'],
prefix: '#include <sys/socket.h>\n#include <sys/un.h>')
have_iphdr_ihl = cc.has_member('struct iphdr', 'ihl',
prefix: '#include <netinet/ip.h>')
have_sockaddr_sa_len = cc.has_member('struct sockaddr', 'sa_len',
prefix: '#include <sys/types.h>\n#include <sys/socket.h>')
sizeof_ulong = cc.sizeof('unsigned long')
words_bigendian = target_machine.endian() == 'big'
have_scm_timestamping = cc.has_type('struct scm_timestamping',
prefix: '#include <time.h>\n#include <linux/errqueue.h>')
# Function checks
check_funcs = [
'setproctitle', 'vasprintf', 'clock_gettime', 'isatty',
'pselect', 'ppoll', 'getpeereid', 'sigaltstack',
'strlcpy', 'posix_memalign', 'malloc_trim', 'strsep',
'memset', 'malloc', 'free',
'makecontext', 'getcontext', 'swapcontext',
'sigaction', 'longjmp', 'setjmp',
]
func_results = {}
foreach f : check_funcs
func_results += {f: cc.has_function(f)}
endforeach
# Header checks
check_headers = [
'net/if_tun.h', 'linux/if_tun.h', 'netinet/in_systm.h', 'crypt.h',
'linux/net_tstamp.h', 'linux/netlink.h', 'linux/rtnetlink.h',
'linux/sock_diag.h', 'linux/unix_diag.h',
]
hdr_results = {}
foreach h : check_headers
hdr_results += {h: cc.has_header(h)}
endforeach
# --------------------------------------------------------------------------
# config.h
# --------------------------------------------------------------------------
cdata = configuration_data()
cdata.set('ANYCONNECT_CLIENT_COMPAT', get_option('anyconnect-compat').enabled())
cdata.set('CAPTURE_LATENCY_SUPPORT', latency_enabled)
cdata.set('ENABLE_ADAPTIVE_RATE_LIMIT_SUPPORT', adaptive_rate)
cdata.set('ENABLE_COMPRESSION', compression_enabled)
cdata.set('GNUTLS_BROKEN_CERTIFICATE_SET_KEY', broken_cert)
cdata.set('HAVE_CWRAP', have_cwrap)
cdata.set('HAVE_GEOIP', geoip_dep.found())
cdata.set('HAVE_GSSAPI', gssapi_dep.found())
cdata.set('HAVE_LIBNL', libnl_dep.found())
cdata.set('HAVE_LIBOATH', oath_dep.found())
cdata.set('HAVE_LIBTALLOC', talloc_dep.found())
cdata.set('HAVE_LIBCRYPT', crypt_dep.found())
cdata.set('HAVE_LIBEV', true)
cdata.set('HAVE_LIBSECCOMP', seccomp_dep.found())
cdata.set('HAVE_LIBSYSTEMD', systemd_dep.found())
cdata.set('HAVE_LIBUTIL', util_dep.found())
cdata.set('HAVE_LIBWRAP', wrap_dep.found())
cdata.set('HAVE_LZ4', lz4_dep.found())
cdata.set('HAVE_MAXMIND', maxmind_dep.found())
cdata.set('HAVE_ORIG_READLINE', have_orig_readline)
cdata.set('HAVE_PAM', pam_dep.found())
cdata.set('HAVE_RADIUS', radcli_dep.found())
cdata.set('LEGACY_RADIUS', legacy_radius)
cdata.set('LINUX_NAMESPACES', get_option('namespaces').enabled())
cdata.set('NETTLE_OLD_BASE64_API', old_base64)
cdata.set('PROC_FS_SUPPORTED', proc_fs)
cdata.set('SUPPORT_OIDC_AUTH', oidc_enabled)
cdata.set('TRY_SHA2_CRYPT', try_sha2_crypt)
cdata.set('USE_SECCOMP_TRAP', get_option('seccomp-trap'))
# These three are used in #elif (not #ifdef), so they must be 1 or undef (not empty)
cdata.set('HAVE_SIGHANDLER_T', have_sighandler_t ? 1 : false)
cdata.set('HAVE_SIG_T', have_sig_t ? 1 : false)
cdata.set('HAVE___SIGHANDLER_T', have_sighandler2_t ? 1 : false)
cdata.set('HAVE_STRUCT_UCRED', have_ucred)
cdata.set('HAVE_STRUCT_IPHDR_IHL', have_iphdr_ihl)
cdata.set('HAVE_SOCKADDR_SA_LEN', have_sockaddr_sa_len)
cdata.set('HAVE_STRUCT_SCM_TIMESTAMPING', have_scm_timestamping)
cdata.set('SIZEOF_UNSIGNED_LONG', sizeof_ulong)
cdata.set('WORDS_BIGENDIAN', words_bigendian)
foreach f, v : func_results
cdata.set('HAVE_' + f.to_upper(), v)
endforeach
foreach h, v : hdr_results
key = 'HAVE_' + h.underscorify().to_upper()
cdata.set(key, v)
endforeach
# inih tunables
cdata.set('INI_STOP_ON_FIRST_ERROR', 1)
cdata.set('INI_ALLOW_MULTILINE', 1)
cdata.set('INI_MAX_LINE', 2048)
cdata.set_quoted('INI_INLINE_COMMENT_PREFIXES', '#')
# Paths / strings
cdata.set_quoted('OCCTL_PAGER', get_option('pager'))
cdata.set_quoted('OCSERV_FW_SCRIPT',
get_option('prefix') / get_option('libexecdir') / 'ocserv-fw')
# Package info
cdata.set_quoted('PACKAGE', 'ocserv')
cdata.set_quoted('PACKAGE_NAME', 'OpenConnect VPN Server')
cdata.set_quoted('PACKAGE_VERSION', meson.project_version())
cdata.set_quoted('PACKAGE_STRING', 'OpenConnect VPN Server ' + meson.project_version())
cdata.set_quoted('PACKAGE_TARNAME', 'ocserv')
cdata.set_quoted('PACKAGE_BUGREPORT',
'https://gitlab.com/openconnect/ocserv/-/issues')
cdata.set_quoted('PACKAGE_URL', 'https://ocserv.openconnect-vpn.net/')
cdata.set_quoted('VERSION', meson.project_version())
configure_file(output: 'config.h', configuration: cdata)
# --------------------------------------------------------------------------
# Include directories (exported to subdirs)
# --------------------------------------------------------------------------
top_inc = include_directories('.') # for config.h
src_inc = include_directories('src')
common_inc = include_directories('src/common')
# --------------------------------------------------------------------------
# Subdirectories (in migration order)
# --------------------------------------------------------------------------
subdir('src')
subdir('doc')
subdir('tests')
# --------------------------------------------------------------------------
# Dist: pre-generate files that autotools used to ship via EXTRA_DIST
# --------------------------------------------------------------------------
meson.add_dist_script('dist-script.sh')

27
meson_options.txt Normal file
View File

@@ -0,0 +1,27 @@
option('pam', type: 'feature', value: 'auto', description: 'PAM authentication support')
option('radius', type: 'feature', value: 'auto', description: 'RADIUS authentication/accounting support')
option('gssapi', type: 'feature', value: 'auto', description: 'GSSAPI/Kerberos authentication support')
option('liboath', type: 'feature', value: 'auto', description: 'OTP support via liboath')
option('libnl', type: 'feature', value: 'auto', description: 'libnl3 support in occtl')
option('maxmind', type: 'feature', value: 'auto', description: 'GeoIP support via libmaxminddb')
option('geoip', type: 'feature', value: 'auto', description: 'GeoIP support via libgeoip (fallback when maxmind absent)')
option('lz4', type: 'feature', value: 'auto', description: 'LZ4 compression support')
option('compression', type: 'feature', value: 'enabled', description: 'Compression support (LZS + optional LZ4)')
option('seccomp', type: 'feature', value: 'auto', description: 'seccomp worker isolation')
option('systemd', type: 'feature', value: 'auto', description: 'systemd socket-activation support')
option('oidc-auth', type: 'feature', value: 'disabled', description: 'OpenID Connect authentication support')
option('latency-stats', type: 'feature', value: 'disabled', description: 'Capture latency statistics')
option('anyconnect-compat', type: 'feature', value: 'enabled', description: 'Cisco AnyConnect client compatibility')
option('namespaces', type: 'feature', value: 'enabled', description: 'Linux network namespace support')
option('utmp', type: 'feature', value: 'auto', description: 'utmp support via libutil')
option('libwrap', type: 'feature', value: 'auto', description: 'TCP wrappers support via libwrap')
option('local-talloc', type: 'boolean', value: false, description: 'Force use of bundled talloc')
option('local-llhttp', type: 'boolean', value: true, description: 'Use bundled llhttp (default); false to require system llhttp')
option('local-protobuf', type: 'boolean', value: false, description: 'Force use of bundled protobuf-c')
option('local-pcl', type: 'boolean', value: true, description: 'Use bundled PCL (default); false to require system pcl')
option('seccomp-trap', type: 'boolean', value: false, description: 'Filtered syscalls fail with a signal (for CI/testing)')
option('root-tests', type: 'boolean', value: true, description: 'Enable tests requiring root/namespaces')
option('tun-tests', type: 'boolean', value: true, description: 'Enable tests requiring /dev/net/tun')
option('kerberos-tests', type: 'boolean', value: false, description: 'Enable tests requiring a Kerberos setup')
option('with-werror', type: 'boolean', value: false, description: 'Treat compiler warnings as errors')
option('pager', type: 'string', value: 'less', description: 'Default pager for occtl (empty string for none)')

205
src/Makefile.am
View File

@@ -1,205 +0,0 @@
include common.mk
AM_CPPFLAGS += \
-I$(srcdir)/ -I$(builddir)/../ -I$(srcdir)/../ \
$(LIBGNUTLS_CFLAGS) -I$(srcdir)/common -I$(builddir)/common \
$(LIBPROTOBUF_C_CFLAGS) $(LIBLZ4_CFLAGS) \
$(LIBREADLINE_CFLAGS) $(CODE_COVERAGE_CFLAGS) \
$(LIBTALLOC_CFLAGS) $(LIBDBUS_CFLAGS) $(LIBOATH_CFLAGS) \
$(LIBKRB5_CFLAGS) $(LIBTASN1_CFLAGS) $(RADCLI_CFLAGS) $(SRC_CFLAGS) \
-DOCSERV_FW_SCRIPT=\"${libexecdir}/ocserv-fw\"
if ENABLE_OIDC_AUTH
AM_CPPFLAGS += $(LIBCURL_CFLAGS) $(CJOSE_CFLAGS) $(JANSSON_CFLAGS)
endif
BUILT_SOURCES = ipc.pb-c.c ipc.pb-c.h \
http-heads.h kkdcp_asn1_tab.c ctl.pb-c.c ctl.pb-c.h
EXTRA_DIST = version.inc.in version.inc \
ipc.proto ctl.proto http-heads.gperf common.mk ocserv-fw
CORE_LDADD = libccan.a libcommon.a
CORE_LDADD += $(LIBGNUTLS_LIBS) $(PAM_LIBS) $(LIBUTIL) \
$(LIBSECCOMP) $(LIBWRAP) $(LIBCRYPT) $(NEEDED_LLHTTP_LIBS) \
$(NEEDED_LIBPROTOBUF_LIBS) $(LIBSYSTEMD) $(LIBTALLOC_LIBS) \
$(RADCLI_LIBS) $(LIBLZ4_LIBS) $(LIBKRB5_LIBS) \
$(LIBTASN1_LIBS) $(LIBOATH_LIBS) $(LIBNETTLE_LIBS) \
$(LIBEV_LIBS) libipc.a $(NEEDED_LIBPROTOBUF_LIBS) \
$(CODE_COVERAGE_LDFLAGS)
if LOCAL_LLHTTP
LLHTTP_SOURCES = llhttp/llhttp.c llhttp/llhttp.h llhttp/api.c llhttp/http.c
endif
CORE_SOURCES = $(LLHTTP_SOURCES) \
common/hmac.c common/hmac.h common/snapshot.c common/snapshot.h \
common-config.h config.c config-kkdcp.c config-ports.c defs.h gettime.h \
gnulib/cloexec.c gnulib/cloexec.h inih/ini.c inih/ini.h \
ip-util.c ip-util.h main.h main-ctl.h \
script-list.h setproctitle.c setproctitle.h str.c str.h subconfig.c \
sup-config/file.c sup-config/file.h sup-config/radius.c \
sup-config/radius.h tlslib.c tlslib.h valid-hostname.c \
vasprintf.c vasprintf.h vhost.h vpn.h namespace.h worker-log.c
if ENABLE_COMPRESSION
CORE_SOURCES += lzs.c lzs.h
endif
if HAVE_GSSAPI
CORE_SOURCES += kkdcp_asn1_tab.c kkdcp.asn
endif
# Authentication module sources
AUTH_SOURCES=auth/common.c auth/common.h auth/gssapi.c auth/gssapi.h \
auth/pam.c auth/pam.h auth/plain.c auth/plain.h auth/radius.c \
auth/radius.h auth-unix.c auth-unix.h
ACCT_SOURCES=acct/radius.c acct/radius.h acct/pam.c acct/pam.h
sbin_PROGRAMS = ocserv ocserv-worker
libexec_SCRIPTS = ocserv-fw
ocserv_SOURCES = $(CORE_SOURCES) $(AUTH_SOURCES) $(ACCT_SOURCES) \
main.c main-auth.c main-ban.c main-ban.h main-ctl-unix.c main-proc.c \
main-sec-mod-cmd.c main-user.c main-worker-cmd.c proc-search.c \
proc-search.h route-add.c route-add.h sec-mod.c sec-mod.h sec-mod-acct.h \
sec-mod-auth.c sec-mod-auth.h sec-mod-cookies.c sec-mod-db.c \
sec-mod-resume.c sec-mod-resume.h sec-mod-sup-config.c sec-mod-sup-config.h \
common/sockdiag.h common/sockdiag.c namespace.c main-log.c \
icmp-ping.c icmp-ping.h ip-lease.c ip-lease.h tun.c tun.h \
main-limits.c main-limits.h
ocserv_LDADD = $(CORE_LDADD)
ocserv_worker_CPPFLAGS = $(AM_CPPFLAGS) -DOCSERV_WORKER_PROCESS
ocserv_worker_SOURCES = $(CORE_SOURCES) \
html.c html.h http-heads.h worker.c worker.h worker-auth.c \
worker-bandwidth.c worker-bandwidth.h worker-http.c worker-http-handlers.c \
worker-kkdcp.c worker-misc.c worker-privs.c worker-proxyproto.c \
worker-resume.c worker-vpn.c worker-svc.c worker-tun.c isolate.c \
isolate.h
ocserv_worker_LDADD = $(CORE_LDADD)
noinst_LIBRARIES = libipc.a
if ENABLE_OIDC_AUTH
AUTH_SOURCES += auth/openidconnect.c auth/openidconnect.h
endif
if ENABLE_LATENCY_SUPPORT
ocserv_worker_SOURCES += worker-latency.c worker-latency.h
endif
if ENABLE_LATENCY_SUPPORT
ocserv_worker_LDADD += $(LIBM)
endif
if ENABLE_OIDC_AUTH
CORE_LDADD += $(LIBCURL_LIBS) $(CJOSE_LIBS) $(JANSSON_LIBS)
endif
libipc_a_SOURCES=ctl.pb-c.c ctl.pb-c.h ipc.pb-c.h ipc.pb-c.c
ipc.pb-c.c: ipc.proto
protoc-c --c_out=. --proto_path=$(srcdir) $<
ipc.pb-c.h: ipc.pb-c.c
ctl.pb-c.c: ctl.proto
protoc-c --c_out=. --proto_path=$(srcdir) $<
ctl.pb-c.h: ctl.pb-c.c
http-heads.h: $(srcdir)/http-heads.gperf
-gperf --global-table -t $^ > $@-tmp && mv $@-tmp $@
kkdcp_asn1_tab.c: $(srcdir)/kkdcp.asn
-asn1Parser $^ $@
clean-local:
rm -f *.stamp
# Occtl
bin_PROGRAMS = occtl/occtl
occtl_occtl_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/occtl $(LIBNL3_CFLAGS) $(GEOIP_CFLAGS) $(MAXMIND_CFLAGS)
occtl_occtl_SOURCES = occtl/occtl.c occtl/pager.c occtl/occtl.h occtl/time.c occtl/cache.c \
occtl/ip-cache.c occtl/nl.c occtl/ctl.h occtl/print.c occtl/json.c occtl/json.h \
occtl/unix.c occtl/geoip.h occtl/session-cache.c
if HAVE_MAXMIND
occtl_occtl_SOURCES += occtl/maxmind.c
else
occtl_occtl_SOURCES += occtl/geoip.c
endif
occtl_occtl_LDADD = libcommon.a $(LIBREADLINE_LIBS) \
$(LIBNL3_LIBS) $(NEEDED_LIBPROTOBUF_LIBS) $(LIBTALLOC_LIBS) libccan.a \
libipc.a $(NEEDED_LIBPROTOBUF_LIBS) $(CODE_COVERAGE_LDFLAGS) \
$(LIBNETTLE_LIBS) $(MAXMIND_LIBS) $(GEOIP_LIBS)
# Ocpasswd
bin_PROGRAMS += ocpasswd/ocpasswd
ocpasswd_ocpasswd_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/ocpasswd
ocpasswd_ocpasswd_SOURCES = ocpasswd/ocpasswd.c
ocpasswd_ocpasswd_LDADD =
ocpasswd_ocpasswd_LDADD += $(LIBGNUTLS_LIBS) $(LIBCRYPT) $(CODE_COVERAGE_LDFLAGS) \
$(LIBNETTLE_LIBS)
# libcommon
# Files common to ocserv and occtl.
libcommon_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/common
libcommon_a_SOURCES=common/common.c common/common.h common/system.c common/system.h \
common/base64-helper.c common/base64-helper.h \
log.c log.h
libcommon_a_LIBS = $(NEEDED_LIBPROTOBUF_LIBS)
noinst_LIBRARIES += libcommon.a
# libccan
EXTRA_DIST += ccan/licenses/BSD-MIT ccan/licenses/CC0 ccan/licenses/LGPL-2.1
noinst_LIBRARIES += libccan.a
libccan_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir) -I$(srcdir)/ccan
libccan_a_SOURCES = ccan/build_assert/build_assert.h ccan/check_type/check_type.h \
ccan/container_of/container_of.h ccan/hash/hash.c ccan/hash/hash.h \
ccan/htable/htable.c ccan/htable/htable.h ccan/htable/htable_type.h \
ccan/list/list.c ccan/list/list.h \
ccan/str/hex/hex.c ccan/str/hex/hex.h
if LOCAL_TALLOC
libccan_a_SOURCES += ccan/talloc/talloc.c ccan/talloc/talloc.h ccan/compiler/compiler.h \
ccan/typesafe_cb/typesafe_cb.h
endif
# libpcl
if PCL
CORE_LDADD += $(PCL_LIBS)
else
CORE_LDADD += libpcl.a
AM_CPPFLAGS += -I$(srcdir)/pcl/
noinst_LIBRARIES += libpcl.a
libpcl_a_CPPFLAGS = -I$(srcdir)/pcl -I$(builddir)/../
libpcl_a_SOURCES = pcl/pcl.c pcl/pcl_version.c pcl/pcl_private.c \
pcl/pcl_config.h pcl/pcl.h pcl/pcl_private.h
endif
if LOCAL_PROTOBUF_C
noinst_LIBRARIES += libprotobuf.a
libprotobuf_a_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/protobuf/
libprotobuf_a_SOURCES = protobuf/protobuf-c/protobuf-c.c protobuf/protobuf-c/protobuf-c.h
AM_CPPFLAGS += -I$(srcdir)/protobuf/
endif

25
src/ccan/meson.build Normal file
View File

@@ -0,0 +1,25 @@
ccan_sources = files(
'hash/hash.c',
'htable/htable.c',
'list/list.c',
'str/hex/hex.c',
)
if use_local_talloc
ccan_sources += files('talloc/talloc.c')
endif
libccan = static_library('ccan', ccan_sources,
include_directories: [top_inc, include_directories('..'), include_directories('.')],
pic: false,
)
_ccan_inc = [include_directories('..'), include_directories('.')]
if use_local_talloc
_ccan_inc += include_directories('talloc')
endif
ccan_dep = declare_dependency(
link_with: libccan,
include_directories: _ccan_inc,
)

1756
src/ctl.pb-c.c Normal file
View File

File diff suppressed because it is too large Load Diff

509
src/ctl.pb-c.h Normal file
View File

@@ -0,0 +1,509 @@
/* Generated by the protocol buffer compiler. DO NOT EDIT! */
/* Generated from: ctl.proto */
#ifndef PROTOBUF_C_ctl_2eproto__INCLUDED
#define PROTOBUF_C_ctl_2eproto__INCLUDED
#include <protobuf-c/protobuf-c.h>
PROTOBUF_C__BEGIN_DECLS
#if PROTOBUF_C_VERSION_NUMBER < 1003000
# error This file was generated by a newer version of protobuf-c which is incompatible with your libprotobuf-c headers. Please update your headers.
#elif 1005002 < PROTOBUF_C_MIN_COMPILER_VERSION
# error This file was generated by an older version of protobuf-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protobuf-c.
#endif
#include "ipc.pb-c.h"
typedef struct StatusRep StatusRep;
typedef struct BoolMsg BoolMsg;
typedef struct UserInfoRep UserInfoRep;
typedef struct UserListRep UserListRep;
typedef struct TopUpdateRep TopUpdateRep;
typedef struct UsernameReq UsernameReq;
typedef struct IdReq IdReq;
typedef struct SafeIdReq SafeIdReq;
typedef struct BanInfoRep BanInfoRep;
typedef struct BanListRep BanListRep;
typedef struct UnbanReq UnbanReq;
/* --- enums --- */
/* --- messages --- */
/*
* STATUS
*/
struct StatusRep
{
ProtobufCMessage base;
protobuf_c_boolean status;
uint32_t pid;
size_t n_sec_mod_pids;
uint32_t *sec_mod_pids;
uint32_t active_clients;
uint32_t start_time;
uint32_t stored_tls_sessions;
uint32_t banned_ips;
uint32_t secmod_client_entries;
uint64_t session_timeouts;
uint64_t session_idle_timeouts;
uint64_t session_errors;
uint64_t sessions_closed;
uint64_t kbytes_in;
uint64_t kbytes_out;
uint32_t min_mtu;
uint32_t max_mtu;
uint32_t last_reset;
uint32_t avg_auth_time;
uint32_t avg_session_mins;
uint32_t max_auth_time;
uint32_t max_session_mins;
uint64_t auth_failures;
uint64_t total_sessions_closed;
uint64_t total_auth_failures;
protobuf_c_boolean has_latency_median_total;
uint64_t latency_median_total;
protobuf_c_boolean has_latency_rms_total;
uint64_t latency_rms_total;
protobuf_c_boolean has_latency_sample_count;
uint64_t latency_sample_count;
};
#define STATUS_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&status_rep__descriptor) \
, 0, 0, 0,NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
struct BoolMsg
{
ProtobufCMessage base;
protobuf_c_boolean status;
};
#define BOOL_MSG__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&bool_msg__descriptor) \
, 0 }
struct UserInfoRep
{
ProtobufCMessage base;
int32_t id;
char *username;
char *groupname;
char *ip;
char *tun;
char *remote_ip;
char *local_ip;
char *remote_ip6;
char *local_ip6;
uint64_t conn_time;
char *hostname;
char *user_agent;
/*
* PS_
*/
uint32_t status;
char *tls_ciphersuite;
char *dtls_ciphersuite;
protobuf_c_boolean has_rx_per_sec;
uint32_t rx_per_sec;
protobuf_c_boolean has_tx_per_sec;
uint32_t tx_per_sec;
size_t n_dns;
char **dns;
size_t n_nbns;
char **nbns;
size_t n_routes;
char **routes;
size_t n_iroutes;
char **iroutes;
protobuf_c_boolean has_mtu;
uint32_t mtu;
char *cstp_compr;
char *dtls_compr;
size_t n_no_routes;
char **no_routes;
char *local_dev_ip;
/*
* split-dns domains
*/
size_t n_domains;
char **domains;
uint32_t dpd;
uint32_t keepalive;
protobuf_c_boolean restrict_to_routes;
size_t n_fw_ports;
FwPortSt **fw_ports;
/*
* a value derived from the cookie
*/
ProtobufCBinaryData safe_id;
char *vhost;
uint64_t session_start_time;
};
#define USER_INFO_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&user_info_rep__descriptor) \
, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, 0, NULL, NULL, 0, NULL, NULL, 0, 0, 0, 0, 0,NULL, 0,NULL, 0,NULL, 0,NULL, 0, 0, NULL, NULL, 0,NULL, NULL, 0,NULL, 0, 0, 0, 0,NULL, {0,NULL}, NULL, 0 }
struct UserListRep
{
ProtobufCMessage base;
size_t n_user;
UserInfoRep **user;
};
#define USER_LIST_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&user_list_rep__descriptor) \
, 0,NULL }
struct TopUpdateRep
{
ProtobufCMessage base;
uint32_t connected;
protobuf_c_boolean has_discon_reason;
uint32_t discon_reason;
char *discon_reason_txt;
UserListRep *user;
};
#define TOP_UPDATE_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&top_update_rep__descriptor) \
, 0, 0, 0, NULL, NULL }
struct UsernameReq
{
ProtobufCMessage base;
char *username;
};
#define USERNAME_REQ__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&username_req__descriptor) \
, NULL }
struct IdReq
{
ProtobufCMessage base;
int32_t id;
};
#define ID_REQ__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&id_req__descriptor) \
, 0 }
/*
* Used by 'terminate session' to transport the safe session ID
*/
struct SafeIdReq
{
ProtobufCMessage base;
ProtobufCBinaryData safe_id;
};
#define SAFE_ID_REQ__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&safe_id_req__descriptor) \
, {0,NULL} }
struct BanInfoRep
{
ProtobufCMessage base;
ProtobufCBinaryData ip;
uint32_t score;
protobuf_c_boolean has_expires;
uint32_t expires;
};
#define BAN_INFO_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&ban_info_rep__descriptor) \
, {0,NULL}, 0, 0, 0 }
struct BanListRep
{
ProtobufCMessage base;
size_t n_info;
BanInfoRep **info;
};
#define BAN_LIST_REP__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&ban_list_rep__descriptor) \
, 0,NULL }
struct UnbanReq
{
ProtobufCMessage base;
ProtobufCBinaryData ip;
};
#define UNBAN_REQ__INIT \
{ PROTOBUF_C_MESSAGE_INIT (&unban_req__descriptor) \
, {0,NULL} }
/* StatusRep methods */
void status_rep__init
(StatusRep *message);
size_t status_rep__get_packed_size
(const StatusRep *message);
size_t status_rep__pack
(const StatusRep *message,
uint8_t *out);
size_t status_rep__pack_to_buffer
(const StatusRep *message,
ProtobufCBuffer *buffer);
StatusRep *
status_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void status_rep__free_unpacked
(StatusRep *message,
ProtobufCAllocator *allocator);
/* BoolMsg methods */
void bool_msg__init
(BoolMsg *message);
size_t bool_msg__get_packed_size
(const BoolMsg *message);
size_t bool_msg__pack
(const BoolMsg *message,
uint8_t *out);
size_t bool_msg__pack_to_buffer
(const BoolMsg *message,
ProtobufCBuffer *buffer);
BoolMsg *
bool_msg__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void bool_msg__free_unpacked
(BoolMsg *message,
ProtobufCAllocator *allocator);
/* UserInfoRep methods */
void user_info_rep__init
(UserInfoRep *message);
size_t user_info_rep__get_packed_size
(const UserInfoRep *message);
size_t user_info_rep__pack
(const UserInfoRep *message,
uint8_t *out);
size_t user_info_rep__pack_to_buffer
(const UserInfoRep *message,
ProtobufCBuffer *buffer);
UserInfoRep *
user_info_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void user_info_rep__free_unpacked
(UserInfoRep *message,
ProtobufCAllocator *allocator);
/* UserListRep methods */
void user_list_rep__init
(UserListRep *message);
size_t user_list_rep__get_packed_size
(const UserListRep *message);
size_t user_list_rep__pack
(const UserListRep *message,
uint8_t *out);
size_t user_list_rep__pack_to_buffer
(const UserListRep *message,
ProtobufCBuffer *buffer);
UserListRep *
user_list_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void user_list_rep__free_unpacked
(UserListRep *message,
ProtobufCAllocator *allocator);
/* TopUpdateRep methods */
void top_update_rep__init
(TopUpdateRep *message);
size_t top_update_rep__get_packed_size
(const TopUpdateRep *message);
size_t top_update_rep__pack
(const TopUpdateRep *message,
uint8_t *out);
size_t top_update_rep__pack_to_buffer
(const TopUpdateRep *message,
ProtobufCBuffer *buffer);
TopUpdateRep *
top_update_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void top_update_rep__free_unpacked
(TopUpdateRep *message,
ProtobufCAllocator *allocator);
/* UsernameReq methods */
void username_req__init
(UsernameReq *message);
size_t username_req__get_packed_size
(const UsernameReq *message);
size_t username_req__pack
(const UsernameReq *message,
uint8_t *out);
size_t username_req__pack_to_buffer
(const UsernameReq *message,
ProtobufCBuffer *buffer);
UsernameReq *
username_req__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void username_req__free_unpacked
(UsernameReq *message,
ProtobufCAllocator *allocator);
/* IdReq methods */
void id_req__init
(IdReq *message);
size_t id_req__get_packed_size
(const IdReq *message);
size_t id_req__pack
(const IdReq *message,
uint8_t *out);
size_t id_req__pack_to_buffer
(const IdReq *message,
ProtobufCBuffer *buffer);
IdReq *
id_req__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void id_req__free_unpacked
(IdReq *message,
ProtobufCAllocator *allocator);
/* SafeIdReq methods */
void safe_id_req__init
(SafeIdReq *message);
size_t safe_id_req__get_packed_size
(const SafeIdReq *message);
size_t safe_id_req__pack
(const SafeIdReq *message,
uint8_t *out);
size_t safe_id_req__pack_to_buffer
(const SafeIdReq *message,
ProtobufCBuffer *buffer);
SafeIdReq *
safe_id_req__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void safe_id_req__free_unpacked
(SafeIdReq *message,
ProtobufCAllocator *allocator);
/* BanInfoRep methods */
void ban_info_rep__init
(BanInfoRep *message);
size_t ban_info_rep__get_packed_size
(const BanInfoRep *message);
size_t ban_info_rep__pack
(const BanInfoRep *message,
uint8_t *out);
size_t ban_info_rep__pack_to_buffer
(const BanInfoRep *message,
ProtobufCBuffer *buffer);
BanInfoRep *
ban_info_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void ban_info_rep__free_unpacked
(BanInfoRep *message,
ProtobufCAllocator *allocator);
/* BanListRep methods */
void ban_list_rep__init
(BanListRep *message);
size_t ban_list_rep__get_packed_size
(const BanListRep *message);
size_t ban_list_rep__pack
(const BanListRep *message,
uint8_t *out);
size_t ban_list_rep__pack_to_buffer
(const BanListRep *message,
ProtobufCBuffer *buffer);
BanListRep *
ban_list_rep__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void ban_list_rep__free_unpacked
(BanListRep *message,
ProtobufCAllocator *allocator);
/* UnbanReq methods */
void unban_req__init
(UnbanReq *message);
size_t unban_req__get_packed_size
(const UnbanReq *message);
size_t unban_req__pack
(const UnbanReq *message,
uint8_t *out);
size_t unban_req__pack_to_buffer
(const UnbanReq *message,
ProtobufCBuffer *buffer);
UnbanReq *
unban_req__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void unban_req__free_unpacked
(UnbanReq *message,
ProtobufCAllocator *allocator);
/* --- per-message closures --- */
typedef void (*StatusRep_Closure)
(const StatusRep *message,
void *closure_data);
typedef void (*BoolMsg_Closure)
(const BoolMsg *message,
void *closure_data);
typedef void (*UserInfoRep_Closure)
(const UserInfoRep *message,
void *closure_data);
typedef void (*UserListRep_Closure)
(const UserListRep *message,
void *closure_data);
typedef void (*TopUpdateRep_Closure)
(const TopUpdateRep *message,
void *closure_data);
typedef void (*UsernameReq_Closure)
(const UsernameReq *message,
void *closure_data);
typedef void (*IdReq_Closure)
(const IdReq *message,
void *closure_data);
typedef void (*SafeIdReq_Closure)
(const SafeIdReq *message,
void *closure_data);
typedef void (*BanInfoRep_Closure)
(const BanInfoRep *message,
void *closure_data);
typedef void (*BanListRep_Closure)
(const BanListRep *message,
void *closure_data);
typedef void (*UnbanReq_Closure)
(const UnbanReq *message,
void *closure_data);
/* --- services --- */
/* --- descriptors --- */
extern const ProtobufCMessageDescriptor status_rep__descriptor;
extern const ProtobufCMessageDescriptor bool_msg__descriptor;
extern const ProtobufCMessageDescriptor user_info_rep__descriptor;
extern const ProtobufCMessageDescriptor user_list_rep__descriptor;
extern const ProtobufCMessageDescriptor top_update_rep__descriptor;
extern const ProtobufCMessageDescriptor username_req__descriptor;
extern const ProtobufCMessageDescriptor id_req__descriptor;
extern const ProtobufCMessageDescriptor safe_id_req__descriptor;
extern const ProtobufCMessageDescriptor ban_info_rep__descriptor;
extern const ProtobufCMessageDescriptor ban_list_rep__descriptor;
extern const ProtobufCMessageDescriptor unban_req__descriptor;
PROTOBUF_C__END_DECLS
#endif /* PROTOBUF_C_ctl_2eproto__INCLUDED */

168
src/http-heads.h Normal file
View File

@@ -0,0 +1,168 @@
/* ANSI-C code produced by gperf version 3.1 */
/* Command-line: gperf --global-table -t http-heads.gperf */
/* Computed positions: -k'3,8' */
#if !((' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
&& ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
&& (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
&& ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
&& ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
&& ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
&& ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
&& ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
&& ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
&& ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
&& ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
&& ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
&& ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
&& ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
&& ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
&& ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
&& ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
&& ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
&& ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
&& ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
&& ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
&& ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
&& ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126))
/* The character set is not based on ISO-646. */
#error "gperf generated tables don't work with this execution character set. Please report a bug to <bug-gperf@gnu.org>."
#endif
#line 1 "http-heads.gperf"
#include "vpn.h"
#line 6 "http-heads.gperf"
struct http_headers_st { const char *name; unsigned id; };
#define TOTAL_KEYWORDS 17
#define MIN_WORD_LENGTH 6
#define MAX_WORD_LENGTH 34
#define MIN_HASH_VALUE 6
#define MAX_HASH_VALUE 40
/* maximum key range = 35, duplicates = 0 */
#ifdef __GNUC__
__inline
#else
#ifdef __cplusplus
inline
#endif
#endif
static unsigned int
hash (register const char *str, register size_t len)
{
static const unsigned char asso_values[] =
{
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
15, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 0, 20, 0, 5, 41,
10, 41, 15, 41, 41, 41, 41, 0, 41, 41,
41, 41, 41, 5, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 5, 41, 41, 41, 5, 41, 41, 41, 41,
0, 0, 41, 41, 0, 41, 0, 41, 41, 41,
41, 41, 0, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41, 41, 41, 41, 41,
41, 41, 41, 41, 41, 41
};
register unsigned int hval = len;
switch (hval)
{
default:
hval += asso_values[(unsigned char)str[7]];
/*FALLTHROUGH*/
case 7:
case 6:
case 5:
case 4:
case 3:
hval += asso_values[(unsigned char)str[2]];
break;
}
return hval;
}
static const struct http_headers_st wordlist[] =
{
{""}, {""}, {""}, {""}, {""}, {""},
#line 8 "http-heads.gperf"
{"Cookie", HEADER_COOKIE},
{""}, {""}, {""},
#line 17 "http-heads.gperf"
{"X-CSTP-MTU", HEADER_CSTP_MTU},
{""}, {""},
#line 24 "http-heads.gperf"
{"Authorization", HEADER_AUTHORIZATION},
{""},
#line 12 "http-heads.gperf"
{"Connection", HEADER_CONNECTION},
{""}, {""}, {""},
#line 18 "http-heads.gperf"
{"X-CSTP-Address-Type", HEADER_CSTP_ATYPE},
#line 9 "http-heads.gperf"
{"User-Agent", HEADER_USER_AGENT},
{""},
#line 10 "http-heads.gperf"
{"X-CSTP-Accept-Encoding", HEADER_CSTP_ENCODING},
#line 14 "http-heads.gperf"
{"X-DTLS-CipherSuite", HEADER_DTLS_CIPHERSUITE},
#line 23 "http-heads.gperf"
{"X-Support-HTTP-Auth", HEADER_SUPPORT_SPNEGO},
#line 13 "http-heads.gperf"
{"X-DTLS-Master-Secret", HEADER_MASTER_SECRET},
{""},
#line 11 "http-heads.gperf"
{"X-DTLS-Accept-Encoding", HEADER_DTLS_ENCODING},
{""}, {""},
#line 19 "http-heads.gperf"
{"X-CSTP-Hostname", HEADER_HOSTNAME},
{""},
#line 22 "http-heads.gperf"
{"X-AnyConnect-Identifier-Platform", HEADER_PLATFORM},
{""},
#line 21 "http-heads.gperf"
{"X-AnyConnect-Identifier-DeviceType", HEADER_DEVICE_TYPE},
#line 16 "http-heads.gperf"
{"X-CSTP-Base-MTU", HEADER_CSTP_BASE_MTU},
{""},
#line 20 "http-heads.gperf"
{"X-CSTP-Full-IPv6-Capability", HEADER_FULL_IPV6},
{""}, {""},
#line 15 "http-heads.gperf"
{"X-DTLS12-CipherSuite", HEADER_DTLS12_CIPHERSUITE}
};
const struct http_headers_st *
in_word_set (register const char *str, register size_t len)
{
if (len <= MAX_WORD_LENGTH && len >= MIN_WORD_LENGTH)
{
register unsigned int key = hash (str, len);
if (key <= MAX_HASH_VALUE)
{
register const char *s = wordlist[key].name;
if (*str == *s && !strcmp (str + 1, s + 1))
return &wordlist[key];
}
}
return 0;
}

15
src/inih/meson.build Normal file
View File

@@ -0,0 +1,15 @@
libinih = static_library('inih', 'ini.c',
include_directories: [top_inc, include_directories('.')],
c_args: [
'-DINI_STOP_ON_FIRST_ERROR=1',
'-DINI_ALLOW_MULTILINE=1',
'-DINI_MAX_LINE=2048',
'-DINI_INLINE_COMMENT_PREFIXES="#"',
],
pic: false,
)
inih_dep = declare_dependency(
link_with: libinih,
include_directories: include_directories('.'),
)

4603
src/ipc.pb-c.c Normal file
View File

File diff suppressed because it is too large Load Diff

1472
src/ipc.pb-c.h Normal file
View File

File diff suppressed because it is too large Load Diff

10
src/llhttp/meson.build Normal file
View File

@@ -0,0 +1,10 @@
libllhttp = static_library('llhttp',
['api.c', 'http.c', 'llhttp.c'],
include_directories: [top_inc, include_directories('.')],
pic: false,
)
llhttp_dep = declare_dependency(
link_with: libllhttp,
include_directories: include_directories('.'),
)

298
src/meson.build Normal file
View File

@@ -0,0 +1,298 @@
# --------------------------------------------------------------------------
# Bundled static libraries
# --------------------------------------------------------------------------
subdir('ccan')
subdir('inih')
if use_local_llhttp
subdir('llhttp')
# else: llhttp_dep already set by cc.find_library() in top-level meson.build
endif
if use_local_protobuf
subdir('protobuf')
else
# protobuf_dep already set in top-level meson.build
endif
if use_local_pcl
subdir('pcl')
else
# pcl_dep already set in top-level meson.build
endif
# --------------------------------------------------------------------------
# Include directories
# --------------------------------------------------------------------------
src_build_inc = include_directories('.') # for generated headers (pb-c, http-heads)
all_inc = [top_inc, src_inc, src_build_inc, common_inc]
if use_local_talloc
all_inc += include_directories('ccan/talloc')
endif
if use_local_protobuf
all_inc += include_directories('protobuf')
endif
if use_local_llhttp
all_inc += include_directories('llhttp')
endif
if use_local_pcl
all_inc += include_directories('pcl')
endif
# --------------------------------------------------------------------------
# Generated sources
# --------------------------------------------------------------------------
# version.inc
version_inc = configure_file(
input: 'version.inc.in',
output: 'version.inc',
configuration: {'VERSION': meson.project_version()},
)
# Protocol buffers
ipc_proto = custom_target('ipc-proto',
input: 'ipc.proto',
output: ['ipc.pb-c.c', 'ipc.pb-c.h'],
command: [protoc_c, '--c_out=@OUTDIR@',
'--proto_path=@CURRENT_SOURCE_DIR@', '@INPUT@'],
)
ctl_proto = custom_target('ctl-proto',
input: 'ctl.proto',
output: ['ctl.pb-c.c', 'ctl.pb-c.h'],
depends: ipc_proto,
command: [protoc_c, '--c_out=@OUTDIR@',
'--proto_path=@CURRENT_SOURCE_DIR@', '@INPUT@'],
)
# gperf HTTP header table
http_heads_h = custom_target('http-heads',
input: 'http-heads.gperf',
output: 'http-heads.h',
command: [gperf, '--global-table', '-t', '@INPUT@'],
capture: true,
)
# ASN.1 (GSSAPI / KKDCP)
kkdcp_asn1 = []
if gssapi_dep.found()
if asn1parser.found()
kkdcp_asn1 = custom_target('kkdcp-asn1',
input: 'kkdcp.asn',
output: 'kkdcp_asn1_tab.c',
command: [asn1parser, '-o', '@OUTPUT@', '@INPUT@'],
)
elif fs.exists('kkdcp_asn1_tab.c')
kkdcp_asn1 = files('kkdcp_asn1_tab.c')
else
error('GSSAPI enabled but asn1Parser not found and no pre-generated kkdcp_asn1_tab.c present')
endif
endif
# --------------------------------------------------------------------------
# libipc (protobuf stubs shared by ocserv and occtl)
# --------------------------------------------------------------------------
libipc = static_library('ipc', [ipc_proto, ctl_proto],
include_directories: all_inc,
dependencies: protobuf_dep,
pic: false,
)
ipc_dep = declare_dependency(
link_with: libipc,
include_directories: src_build_inc,
sources: [ipc_proto, ctl_proto],
)
# --------------------------------------------------------------------------
# libcommon (shared by ocserv, occtl, tests)
# --------------------------------------------------------------------------
libcommon = static_library('common',
files(
'common/common.c',
'common/system.c',
'common/base64-helper.c',
'log.c',
),
include_directories: all_inc,
dependencies: [gnutls_dep, nettle_dep, protobuf_dep],
pic: false,
)
common_dep = declare_dependency(
link_with: libcommon,
include_directories: [src_inc, common_inc, top_inc],
)
# --------------------------------------------------------------------------
# CORE_SOURCES shared by ocserv and ocserv-worker
# --------------------------------------------------------------------------
core_sources = files(
'common/hmac.c',
'common/snapshot.c',
'config.c',
'config-kkdcp.c',
'config-ports.c',
'gnulib/cloexec.c',
'setproctitle.c',
'str.c',
'subconfig.c',
'sup-config/file.c',
'sup-config/radius.c',
'tlslib.c',
'valid-hostname.c',
'vasprintf.c',
'worker-log.c',
'ip-util.c',
)
if compression_enabled
core_sources += files('lzs.c')
endif
if gssapi_dep.found()
core_sources += [kkdcp_asn1]
endif
# Authentication sources
auth_sources = files(
'auth/common.c',
'auth/gssapi.c',
'auth/pam.c',
'auth/plain.c',
'auth/radius.c',
'auth-unix.c',
)
if oidc_enabled
auth_sources += files('auth/openidconnect.c')
endif
# Accounting sources
acct_sources = files(
'acct/radius.c',
'acct/pam.c',
)
# --------------------------------------------------------------------------
# Dependency list shared by ocserv and ocserv-worker
# --------------------------------------------------------------------------
core_deps = [
common_dep, ccan_dep, inih_dep, ipc_dep, protobuf_dep,
llhttp_dep, pcl_dep,
gnutls_dep, nettle_dep, libev_dep,
crypt_dep, util_dep, wrap_dep,
lz4_dep, seccomp_dep, systemd_dep,
talloc_dep, oath_dep,
]
if pam_dep.found()
core_deps += pam_dep
endif
if radcli_dep.found()
core_deps += radcli_dep
endif
if gssapi_dep.found()
core_deps += [gssapi_dep, tasn1_dep]
endif
if oidc_enabled
core_deps += [curl_dep, cjose_dep, jansson_dep]
endif
# --------------------------------------------------------------------------
# ocserv
# --------------------------------------------------------------------------
ocserv_sources = core_sources + auth_sources + acct_sources + [http_heads_h] + files(
'main.c',
'main-auth.c',
'main-ban.c',
'main-ctl-unix.c',
'main-proc.c',
'main-sec-mod-cmd.c',
'main-user.c',
'main-worker-cmd.c',
'proc-search.c',
'route-add.c',
'sec-mod.c',
'sec-mod-auth.c',
'sec-mod-cookies.c',
'sec-mod-db.c',
'sec-mod-resume.c',
'sec-mod-sup-config.c',
'common/sockdiag.c',
'namespace.c',
'main-log.c',
'icmp-ping.c',
'ip-lease.c',
'tun.c',
'main-limits.c',
)
executable('ocserv', ocserv_sources,
dependencies: core_deps,
include_directories: all_inc,
install: true,
install_dir: get_option('sbindir'),
)
# --------------------------------------------------------------------------
# ocserv-worker
# --------------------------------------------------------------------------
worker_sources = core_sources + [http_heads_h] + files(
'html.c',
'worker.c',
'worker-auth.c',
'worker-bandwidth.c',
'worker-http.c',
'worker-http-handlers.c',
'worker-kkdcp.c',
'worker-misc.c',
'worker-privs.c',
'worker-proxyproto.c',
'worker-resume.c',
'worker-vpn.c',
'worker-svc.c',
'worker-tun.c',
'isolate.c',
)
worker_deps = core_deps
if latency_enabled
worker_sources += files('worker-latency.c')
worker_deps += libm_dep
endif
executable('ocserv-worker', worker_sources,
c_args: ['-DOCSERV_WORKER_PROCESS'],
dependencies: worker_deps,
include_directories: all_inc,
install: true,
install_dir: get_option('sbindir'),
)
# --------------------------------------------------------------------------
# ocserv-fw script
# --------------------------------------------------------------------------
install_data('ocserv-fw',
install_dir: get_option('libexecdir'),
install_mode: 'rwxr-xr-x',
)
# --------------------------------------------------------------------------
# Subdirectories for occtl and ocpasswd
# --------------------------------------------------------------------------
subdir('occtl')
subdir('ocpasswd')

47
src/occtl/meson.build Normal file
View File

@@ -0,0 +1,47 @@
if not readline_dep.found()
# occtl requires readline or libedit
subdir_done()
endif
occtl_sources = files(
'occtl.c',
'pager.c',
'time.c',
'cache.c',
'ip-cache.c',
'nl.c',
'print.c',
'json.c',
'unix.c',
'session-cache.c',
)
if maxmind_dep.found()
occtl_sources += files('maxmind.c')
else
occtl_sources += files('geoip.c')
endif
occtl_inc = [all_inc, include_directories('.')]
occtl_deps = [
common_dep, ccan_dep, ipc_dep, protobuf_dep,
gnutls_dep, nettle_dep,
talloc_dep, readline_dep,
]
if libnl_dep.found()
occtl_deps += libnl_dep
endif
if maxmind_dep.found()
occtl_deps += maxmind_dep
elif geoip_dep.found()
occtl_deps += geoip_dep
endif
executable('occtl', occtl_sources,
dependencies: occtl_deps,
include_directories: occtl_inc,
install: true,
install_dir: get_option('bindir'),
)

6
src/ocpasswd/meson.build Normal file
View File

@@ -0,0 +1,6 @@
executable('ocpasswd', 'ocpasswd.c',
dependencies: [gnutls_dep, nettle_dep, crypt_dep],
include_directories: [all_inc, include_directories('.')],
install: true,
install_dir: get_option('bindir'),
)

11
src/pcl/meson.build Normal file
View File

@@ -0,0 +1,11 @@
libpcl = static_library('pcl',
['pcl.c', 'pcl_version.c', 'pcl_private.c'],
c_args: ['-DHAVE_CONFIG_H'],
include_directories: [top_inc, include_directories('.')],
pic: false,
)
pcl_dep = declare_dependency(
link_with: libpcl,
include_directories: include_directories('.'),
)

10
src/protobuf/meson.build Normal file
View File

@@ -0,0 +1,10 @@
libprotobuf_c = static_library('protobuf-c',
'protobuf-c/protobuf-c.c',
include_directories: [top_inc, include_directories('.')],
pic: false,
)
protobuf_dep = declare_dependency(
link_with: libprotobuf_c,
include_directories: include_directories('.'),
)

234
tests/Makefile.am
View File

@@ -1,234 +0,0 @@
include ../src/common.mk
EXTRA_DIST = certs/ca-key.pem certs/ca.pem ns.sh common.sh certs/server-cert.pem \
certs/server-key.pem data/test1.config data/pam/nss-group.in data/pam/nss-passwd.in \
data/pam/users.oath.templ data/test-pam-noauth.config data/test-pam.passwd \
data/test1.passwd data/test-user-cert.config certs/user-cert.pem certs/user-key.pem \
data/test3.config data/test-iroute.config data/test-pam.config data/test-vhost2.passwd \
user-config/test user-config-opt/test data/test-pass-script.config data/test-multi-cookie.config \
data/test-stress.config certs/user-cert-wrong.pem connect-script data/test-group.passwd \
data/test-group-pass.config certs/user-group-cert.pem certs/user-group-key.pem \
data/test-user-group-cert.config data/pam/ocserv.in data/pam/passdb.templ data/pam-single/passdb.templ \
data/test-user-group-cert-no-pass.config data/test-cookie-timeout.config \
data/test-cookie-timeout-2.config user-config-explicit/test data/test-explicit-ip.config \
test-explicit-ip user-config-explicit/test2 user-config-explicit/test3 \
user-config-explicit/test4 data/test-pass-opt-cert.config data/test-gssapi.config \
data/test-ban.config data/test-sighup.config data/test-gssapi-local-map.config \
data/test-cookie-invalidation.config data/test-enc-key2.config data/test-enc-key.config \
certs/server-key-ossl.pem certs/server-key-p8.pem certs/user-cn.pem \
certs/user-cert-testuser.pem test-stress data/test-user-config.config user-config/testuser \
data/test-sighup-key-change.config data/test-sighup-key-change.config user-config/testipnet \
certs/user-cert-testipnet.pem certs/user-cert-invalid.pem certs/server-cert-ca.pem \
data/test-san-cert.config certs/user-san-cert.pem data/test-vhost3.passwd \
data/test-user-cert-rfc822name.config data/test-rfc822.passwd \
certs/user-cert-rfc822name-other.pem certs/user-cert-rfc822name-other.tmpl \
certs/server-cert-ed25519.pem certs/server-key-ed25519.pem data/test-ed25519.config \
certs/server-cert-rsa-pss.pem certs/server-key-rsa-pss.pem data/test-rsa-pss.config \
data/test-otp-cert.config data/test-otp.oath test-otp-cert data/test-otp.passwd \
data/test-otp.config data/test-cert-opt-pass.config data/test-gssapi-opt-pass.config \
certs/server-key-secp521r1.pem certs/server-cert-secp521r1.pem data/test-vhost-pass-cert.config \
data/vhost.hosts data/multiple-routes.config data/haproxy-auth.cfg data/test-haproxy-auth.config \
data/haproxy-connect.cfg data/test-haproxy-connect.config scripts/vpnc-script \
data/test-traffic.config data/test-compression-lzs.config data/test-compression-lz4.config \
certs/crl.pem server-cert-rsa-pss data/test-gssapi-opt-cert.config data/test-ciphers.config \
cipher-common.sh data/config-per-group.config data/config-per-group-url-cert.config \
data/config-per-group-url-pass.config data/group-config/tost \
data/raddb/access_reject data/raddb/accounting_response data/raddb/access_challenge data/raddb/acct_users \
data/raddb/clients.conf data/raddb/radiusd.conf.in data/raddb/users \
data/radiusclient/dictionary data/radiusclient/radiusclient.conf \
data/radiusclient/servers data/radius.config data/radius-group.config data/radius-otp.config \
data/test-udp-listen-host.config data/pam-kerberos/passdb.templ \
data/test-max-same-1.config data/test-script-multi-user.config \
sleep-connect-script data/test-psk-negotiate.config data/test-group-name.config \
connect-ios-script data/apple-ios.config certs/kerberos-cert.pem \
data/kdc.conf data/krb5.conf data/k5.KERBEROS.TEST data/kadm5.acl \
data/ipv6-iface.config data/no-route-default.config data/no-route-group.config \
data/group-config/group1 data/group-config/group2 data/test-namespace-listen.config data/disconnect-user.config \
data/disconnect-user2.config data/ping-leases.config data/haproxy-proxyproto.config \
data/haproxy-proxyproto.cfg scripts/proxy-connectscript data/haproxy-proxyproto-v1.config \
data/haproxy-proxyproto-v1.cfg scripts/proxy-connectscript-v1 data/test-multiple-client-ip.config \
data/test-client-bypass-protocol.config asan.supp certs/ca.tmpl certs/server-cert.tmpl \
certs/user-cert.tmpl data/test-camouflage.config data/test-camouflage-norealm.config \
data/radius-multi-group.config data/test-group-cert.config data/session-timeout.config \
data/idle-timeout.config data/test-occtl.config data/vhost-traffic.config random-net.sh \
random-net2.sh data/defvhost-traffic.config
xfail_scripts =
dist_check_SCRIPTS = ocpasswd-test
if GNUTLS_WITH_NEW_CERTS
dist_check_SCRIPTS += server-cert-ed25519 server-cert-rsa-pss
endif
if ENABLE_ROOT_TESTS
#other root requiring tests
dist_check_SCRIPTS += haproxy-connect test-iroute test-multi-cookie test-pass-script \
idle-timeout test-cookie-timeout test-cookie-timeout-2 test-explicit-ip \
test-cookie-invalidation test-user-config test-append-routes test-ban \
multiple-routes json test-udp-listen-host test-max-same-1 test-script-multi-user \
apple-ios ipv6-iface test-namespace-listen disconnect-user disconnect-user2 \
terminate-commands ping-leases test-ban-local test-client-bypass-protocol ipv6-small-net test-camouflage \
test-camouflage-norealm vhost-traffic defvhost-traffic session-timeout test-occtl \
no-ipv6-ocv3
if RADIUS_ENABLED
dist_check_SCRIPTS += radius-group radius-multi-group radius-otp
endif
dist_check_SCRIPTS += traffic lz4-compression lzs-compression \
aes256-cipher aes128-cipher oc-aes256-gcm-cipher oc-aes128-gcm-cipher \
test-config-per-group ac-aes128-gcm-cipher ac-aes256-gcm-cipher \
no-dtls-cipher psk-negotiate psk-negotiate-match test-multiple-client-ip \
test-config-per-group-url-pass test-config-per-group-url-cert
if RADIUS_ENABLED
dist_check_SCRIPTS += radius
endif
if RADIUS_ENABLED
dist_check_SCRIPTS += radius-config
endif
endif
if HAVE_CWRAP
if HAVE_CWRAP_ALL
dist_check_SCRIPTS += test-vhost
endif
dist_check_SCRIPTS += test-pass test-pass-cert test-pass-cert-rfc822name test-cert test-group-pass \
test-pass-group-cert test-pass-group-cert-no-pass test-sighup \
test-enc-key test-sighup-key-change test-get-cert test-san-cert \
test-gssapi test-pass-opt-cert test-cert-opt-pass test-gssapi-opt-pass \
test-gssapi-opt-cert haproxy-auth test-maintenance resumption \
test-group-name flowcontrol banner invalid-configs haproxy-proxyproto \
haproxy-proxyproto-v1 drain-server drain-server-fail test-ignore-querystring-of-post \
test-group-cert test-fork test-pass-svc test-cert-svc
if HAVE_CWRAP_PAM
dist_check_SCRIPTS += test-pam test-pam-noauth
if ENABLE_KERBEROS_TESTS
dist_check_SCRIPTS += kerberos
endif
endif
if HAVE_LIBOATH
dist_check_SCRIPTS += test-otp-cert test-otp
endif
endif
if ENABLE_TUN_TESTS
dist_check_SCRIPTS += no-route-default no-route-group
endif
AM_CPPFLAGS += \
$(LIBOPTS_CFLAGS) \
$(LIBTALLOC_CFLAGS) \
$(CODE_COVERAGE_CFLAGS) \
-I$(top_srcdir)/src/ \
-I$(top_builddir)/src/ \
-I$(top_srcdir)/src/common/ \
-I$(top_builddir)/src/common/ \
-I$(top_srcdir)/ \
-I$(top_builddir)/
LDADD = ../src/libcommon.a $(LIBNETTLE_LIBS) $(LIBTALLOC_LIBS) ../src/libccan.a $(CODE_COVERAGE_LDFLAGS)
kkdcp_parsing_SOURCES = kkdcp-parsing.c
kkdcp_parsing_LDADD = $(LDADD)
cstp_recv_SOURCES = cstp-recv.c
cstp_recv_CFLAGS = $(CFLAGS) $(LIBGNUTLS_CFLAGS) $(LIBTALLOC_CFLAGS)
cstp_recv_LDADD = $(LDADD) $(LIBGNUTLS_LIBS)
json_escape_SOURCES = json-escape.c
json_escape_LDADD = $(LDADD)
url_escape_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
url_escape_SOURCES = url-escape.c
url_escape_LDADD = $(LDADD)
html_escape_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
html_escape_SOURCES = html-escape.c
html_escape_LDADD = $(LDADD)
ipv4_prefix_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
ipv4_prefix_SOURCES = ipv4-prefix.c
ipv4_prefix_LDADD = $(LDADD)
ban_ips_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
ban_ips_SOURCES = ban-ips.c
ban_ips_LDADD = $(LDADD)
str_test_SOURCES = str-test.c
str_test_LDADD = $(LDADD)
str_test2_SOURCES = str-test2.c
str_test2_LDADD = $(LDADD)
ipv6_prefix_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
ipv6_prefix_SOURCES = ipv6-prefix.c
ipv6_prefix_LDADD = $(LDADD)
human_addr_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
human_addr_SOURCES = human_addr.c
human_addr_LDADD = $(LDADD)
valid_hostname_LDADD = $(LDADD)
port_parsing_CPPFLAGS = $(AM_CPPFLAGS) -DUNDER_TEST
port_parsing_LDADD = $(LDADD)
check_PROGRAMS = str-test str-test2 ipv4-prefix ipv6-prefix kkdcp-parsing json-escape ban-ips \
port-parsing human_addr valid-hostname url-escape html-escape cstp-recv \
proxyproto-v1
gen_oidc_test_data_CPPFLAGS = $(AM_CPPFLAGS)
gen_oidc_test_data_SOURCES = generate_oidc_test_data.c
gen_oidc_test_data_LDADD = $(LDADD) $(CJOSE_LIBS) $(JANSSON_LIBS)
certs/ca.pem: certs/ca-key.pem certs/ca.tmpl
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey certs/ca-key.pem --outfile certs/ca.pem
certs/server-cert-ca.pem: certs/ca.pem certs/server-cert.pem
cat certs/server-cert.pem certs/ca.pem > certs/server-cert-ca.pem
certs/server-cert.pem: certs/server-cert.tmpl certs/ca.pem certs/server-key.pem certs/ca-key.pem
certtool --generate-certificate --template certs/server-cert.tmpl --load-privkey certs/server-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/server-cert.pem
certs/user-cert.pem: certs/user-cert.tmpl certs/ca.pem certs/user-key.pem certs/ca-key.pem
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate certs/ca.pem --load-ca-privkey certs/ca-key.pem --outfile certs/user-cert.pem
# make the user certificate invalid by signing it with another CA
certs/user-cert-invalid.pem: certs/user-cert.tmpl
certtool --generate-privkey --outfile ca-key.tmp
certtool --generate-self-signed --template certs/ca.tmpl --load-privkey ca-key.tmp --outfile ca.tmp
certtool --generate-certificate --template certs/user-cert.tmpl --load-privkey certs/user-key.pem --load-ca-certificate ca.tmp --load-ca-privkey ca-key.tmp --outfile certs/user-cert-invalid.pem
rm -f ca-key.tmp ca.tmp
if ENABLE_OIDC_AUTH_TESTS
check_PROGRAMS += gen_oidc_test_data
dist_check_SCRIPTS += test-oidc
endif
dist_check_SCRIPTS += test-owasp-headers
dist_check_SCRIPTS += test-replay
TESTS = $(check_PROGRAMS) $(dist_check_SCRIPTS) $(xfail_scripts)
XFAIL_TESTS = $(xfail_scripts)
TESTS_ENVIRONMENT = srcdir="$(srcdir)" \
top_builddir="$(top_builddir)" \
LSAN_OPTIONS=suppressions=asan.supp
if DISABLE_ASAN_BROKEN_TESTS
TESTS_ENVIRONMENT += DISABLE_ASAN_BROKEN_TESTS=1
else
TESTS_ENVIRONMENT += DISABLE_ASAN_BROKEN_TESTS=0
endif

4
tests/connect-ios-script
View File

@@ -22,11 +22,11 @@ case "$REASON" in
verify_env_set "DEVICE_PLATFORM"
verify_env_set "DEVICE_TYPE"
echo "${IP_REMOTE}" > connect.ios.ok
echo "${IP_REMOTE}" > "${builddir}/connect.ios.ok"
;;
disconnect)
if ! test -z "$DEVICE";then
echo "${IP_REMOTE}" > disconnect.ios.ok
echo "${IP_REMOTE}" > "${builddir}/disconnect.ios.ok"
fi
;;
"host-update")

7
tests/connect-script
View File

@@ -1,5 +1,6 @@
#!/bin/bash
builddir=${builddir:-.}
#echo $USERNAME : $REASON : $DEVICE
verify_env_set() {
@@ -28,7 +29,7 @@ case "$REASON" in
test "${OCSERV_DNS4}" = "192.168.1.1 192.168.5.1 " && \
test "${OCSERV_ROUTES}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \
test "${OCSERV_ROUTES4}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \
echo "${IP_REMOTE}" > connect.ok
echo "${IP_REMOTE}" > ${builddir}/connect.ok
;;
disconnect)
if ! test -z "$DEVICE";then
@@ -36,12 +37,12 @@ case "$REASON" in
test "${OCSERV_DNS4}" = "192.168.1.1 192.168.5.1 " && \
test "${OCSERV_ROUTES}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \
test "${OCSERV_ROUTES4}" = "192.168.1.0/255.255.255.0 192.168.5.0/255.255.255.0 " && \
echo "${IP_REMOTE}" > disconnect.ok
echo "${IP_REMOTE}" > ${builddir}/disconnect.ok
fi
;;
"host-update")
verify_env_set "HOSTNAME"
echo > host-update.ok
echo > ${builddir}/host-update.ok
;;
esac

23
tests/data/pam/meson.build Normal file
View File

@@ -0,0 +1,23 @@
# Generate PAM test data files substituting @ROOTUID@, @ROOTGID@, @PAMWRAPDIR@
# pam_conf is defined by the parent (tests/meson.build) before calling subdir()
configure_file(
input: 'nss-passwd.in',
output: 'nss-passwd',
configuration: pam_conf,
install: false,
)
configure_file(
input: 'nss-group.in',
output: 'nss-group',
configuration: pam_conf,
install: false,
)
configure_file(
input: 'ocserv.in',
output: 'ocserv',
configuration: pam_conf,
install: false,
)

7
tests/haproxy-proxyproto
View File

@@ -90,7 +90,12 @@ rm -f ${HACONFIG}
sed -e 's|@HAPORT@|'${HAPORT}'|g' -e 's|@PORT@|'${PORT}'|g' -e 's|@ADDRESS@|'${ADDRESS}'|g' ${srcdir}/data/haproxy-proxyproto.cfg >${HACONFIG}
${CMDNS2} ${HAPROXY} -f ${HACONFIG} -d & HAPID=$!
sleep 3
sleep 1
if ! kill -0 ${HAPID} 2>/dev/null; then
echo "haproxy failed to start (config incompatible with this version?)"
exit 1
fi
sleep 2
# Run clients
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."

7
tests/haproxy-proxyproto-v1
View File

@@ -86,7 +86,12 @@ rm -f ${HACONFIG}
sed -e 's|@HAPORT@|'${HAPORT}'|g' -e 's|@PORT@|'${PORT}'|g' -e 's|@ADDRESS@|'${ADDRESS}'|g' ${srcdir}/data/haproxy-proxyproto-v1.cfg >${HACONFIG}
${CMDNS2} ${HAPROXY} -f ${HACONFIG} -d & HAPID=$!
sleep 3
sleep 1
if ! kill -0 ${HAPID} 2>/dev/null; then
echo "haproxy failed to start (config incompatible with this version?)"
exit 1
fi
sleep 2
# Run clients
echo " * Getting cookie from ${ADDRESS}:${HAPORT}..."

12
tests/idle-timeout
View File

@@ -26,12 +26,6 @@ PIDFILE=ocserv-pid.$$.tmp
CPIDFILE=openpid.$$.tmp
OUTFILE=ban.$$.tmp
. `dirname $0`/random-net.sh
. `dirname $0`/common.sh
. `dirname $0`/ns.sh
eval "${GETPORT}"
function finish {
set +e
echo " * Cleaning up..."
@@ -43,6 +37,12 @@ function finish {
}
trap finish EXIT
. `dirname $0`/random-net.sh
. `dirname $0`/common.sh
. `dirname $0`/ns.sh
eval "${GETPORT}"
echo "Testing whether idle timeout works as expected... "
update_config idle-timeout.config

232
tests/meson.build Normal file
View File

@@ -0,0 +1,232 @@
test_inc = [top_inc, src_inc, src_build_inc, common_inc]
test_base_deps = [common_dep, ccan_dep, nettle_dep, talloc_dep, llhttp_dep, protobuf_dep]
# Tests run with cwd = source tests/ so relative paths (./certs/, ./data/) work
test_workdir = meson.current_source_dir()
test_env = environment()
test_env.set('srcdir', meson.current_source_dir())
test_env.set('top_builddir', meson.build_root())
test_env.set('builddir', meson.current_build_dir())
test_env.set('LSAN_OPTIONS', 'suppressions=' + meson.current_source_dir() / 'asan.supp')
test_env.set('SERV', meson.build_root() / 'src' / 'ocserv')
test_env.set('OCCTL', meson.build_root() / 'src' / 'occtl' / 'occtl')
test_env.set('OCPASSWD', meson.build_root() / 'src' / 'ocpasswd' / 'ocpasswd')
# --------------------------------------------------------------------------
# C unit tests
# --------------------------------------------------------------------------
unit_tests = {
'str-test': {'src': ['str-test.c'], 'args': [], 'timeout': 30},
'str-test2': {'src': ['str-test2.c'], 'args': [], 'timeout': 30},
'kkdcp-parsing': {'src': ['kkdcp-parsing.c'], 'args': [], 'timeout': 30},
'json-escape': {'src': ['json-escape.c'], 'args': [], 'timeout': 30},
'ban-ips': {'src': ['ban-ips.c'], 'args': ['-DUNDER_TEST'], 'timeout': 120},
'port-parsing': {'src': ['port-parsing.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'human_addr': {'src': ['human_addr.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'valid-hostname': {'src': ['valid-hostname.c'], 'args': [], 'timeout': 30},
'url-escape': {'src': ['url-escape.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'html-escape': {'src': ['html-escape.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'ipv4-prefix': {'src': ['ipv4-prefix.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'ipv6-prefix': {'src': ['ipv6-prefix.c'], 'args': ['-DUNDER_TEST'], 'timeout': 30},
'proxyproto-v1': {'src': ['proxyproto-v1.c'], 'args': [], 'timeout': 30},
}
foreach name, cfg : unit_tests
exe = executable(name, cfg['src'],
c_args: cfg['args'],
dependencies: test_base_deps,
include_directories: test_inc,
)
test(name, exe, env: test_env, workdir: test_workdir, timeout: cfg['timeout'])
endforeach
# cstp-recv needs gnutls
cstp_recv_exe = executable('cstp-recv', 'cstp-recv.c',
dependencies: test_base_deps + [gnutls_dep],
include_directories: test_inc,
)
test('cstp-recv', cstp_recv_exe, env: test_env, workdir: test_workdir)
# gen_oidc_test_data (only when OIDC enabled)
if oidc_enabled
gen_oidc_exe = executable('gen_oidc_test_data', 'generate_oidc_test_data.c',
dependencies: test_base_deps + [cjose_dep, jansson_dep],
include_directories: test_inc,
)
endif
# --------------------------------------------------------------------------
# Shell script tests always run
# --------------------------------------------------------------------------
always_scripts = [
'ocpasswd-test',
'test-owasp-headers',
'test-replay',
]
foreach s : always_scripts
test(s, find_program(s),
env: test_env,
timeout: 120,
workdir: test_workdir,
)
endforeach
# --------------------------------------------------------------------------
# Shell script tests require cwrap
# --------------------------------------------------------------------------
if have_cwrap
cwrap_scripts = [
'test-pass', 'test-pass-cert', 'test-pass-cert-rfc822name',
'test-cert', 'test-group-pass', 'test-pass-group-cert',
'test-pass-group-cert-no-pass', 'test-sighup',
'test-enc-key', 'test-sighup-key-change', 'test-get-cert',
'test-san-cert', 'test-gssapi', 'test-pass-opt-cert',
'test-cert-opt-pass', 'test-gssapi-opt-pass', 'test-gssapi-opt-cert',
'haproxy-auth', 'test-maintenance', 'resumption',
'test-group-name', 'flowcontrol', 'banner', 'invalid-configs',
'haproxy-proxyproto', 'haproxy-proxyproto-v1',
'drain-server', 'drain-server-fail',
'test-ignore-querystring-of-post',
'test-group-cert', 'test-fork', 'test-pass-svc', 'test-cert-svc',
]
if have_cwrap_all
cwrap_scripts += ['test-vhost']
endif
foreach s : cwrap_scripts
test(s, find_program(s),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endforeach
if have_cwrap_pam
# Generate PAM test data files from templates into builddir/data/pam/
# common.sh expects: ${builddir}/data/pam/{nss-passwd,nss-group,ocserv}
pam_conf = configuration_data({
'ROOTUID': run_command('id', '-u', check: true).stdout().strip(),
'ROOTGID': run_command('id', '-g', check: true).stdout().strip(),
'PAMWRAPDIR': cwrap_pam_dep.get_variable(pkgconfig: 'modules',
default_value: '/usr/lib/pam_wrapper'),
})
subdir('data/pam')
foreach s : ['test-pam', 'test-pam-noauth']
test(s, find_program(s),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endforeach
if get_option('kerberos-tests')
test('kerberos', find_program('kerberos'),
env: test_env,
timeout: 300,
workdir: test_workdir,
)
endif
endif
if oath_dep.found()
foreach s : ['test-otp-cert', 'test-otp']
test(s, find_program(s),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endforeach
endif
endif
# new-cert tests (Ed25519, RSA-PSS) require GnuTLS >= 3.6.0
if gnutls_new_certs
foreach s : ['server-cert-ed25519', 'server-cert-rsa-pss']
test(s, find_program(s),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endforeach
endif
# OIDC test
if oidc_enabled
test('test-oidc', find_program('test-oidc'),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endif
# tun tests (require /dev/net/tun)
if get_option('tun-tests')
foreach s : ['no-route-default', 'no-route-group']
test(s, find_program(s),
env: test_env,
timeout: 180,
workdir: test_workdir,
)
endforeach
endif
# --------------------------------------------------------------------------
# Shell script tests require root / namespaces
# --------------------------------------------------------------------------
if get_option('root-tests')
root_scripts = [
'haproxy-connect', 'test-iroute', 'test-multi-cookie',
'test-pass-script', 'idle-timeout',
'test-cookie-timeout', 'test-cookie-timeout-2',
'test-explicit-ip', 'test-cookie-invalidation',
'test-user-config', 'test-append-routes', 'test-ban',
'multiple-routes', 'json', 'test-udp-listen-host',
'test-max-same-1',
'apple-ios', 'ipv6-iface', 'test-namespace-listen',
'disconnect-user', 'disconnect-user2', 'terminate-commands',
'ping-leases', 'test-ban-local', 'test-client-bypass-protocol',
'ipv6-small-net', 'test-camouflage', 'test-camouflage-norealm',
'vhost-traffic', 'defvhost-traffic', 'session-timeout',
'test-occtl', 'no-ipv6-ocv3',
# cipher / traffic tests
'traffic', 'lz4-compression', 'lzs-compression',
'aes256-cipher', 'aes128-cipher',
'oc-aes256-gcm-cipher', 'oc-aes128-gcm-cipher',
'ac-aes128-gcm-cipher', 'ac-aes256-gcm-cipher',
'no-dtls-cipher', 'psk-negotiate', 'psk-negotiate-match',
'test-config-per-group', 'test-config-per-group-url-pass',
'test-config-per-group-url-cert', 'test-multiple-client-ip',
]
if radcli_dep.found()
root_scripts += [
'radius', 'radius-group', 'radius-multi-group',
'radius-otp', 'radius-config',
]
endif
foreach s : root_scripts
test(s, find_program(s),
env: test_env,
timeout: 300,
is_parallel: false,
workdir: test_workdir,
)
endforeach
test('test-script-multi-user', find_program('test-script-multi-user'),
env: test_env,
timeout: 360,
is_parallel: false,
workdir: test_workdir,
)
endif

20
tests/test-ban
View File

@@ -25,6 +25,16 @@ OCCTL_SOCKET=./occtl-ban-$$.socket
PIDFILE=ocserv-pid.$$.tmp
OUTFILE=ban.$$.tmp
function finish {
set +e
echo " * Cleaning up..."
test -n "${PID}" && kill ${PID} >/dev/null 2>&1
test -n "${PIDFILE}" && rm -f ${PIDFILE} >/dev/null 2>&1
test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
test -n "${OUTFILE}" && rm -f ${OUTFILE} >/dev/null 2>&1
}
trap finish EXIT
. `dirname $0`/common.sh
. `dirname $0`/random-net.sh
. `dirname $0`/ns.sh
@@ -36,16 +46,6 @@ if test "$VERBOSE" = 1;then
DEBUG="-d 3"
fi
function finish {
set +e
echo " * Cleaning up..."
test -n "${PID}" && kill ${PID} >/dev/null 2>&1
test -n "${PIDFILE}" && rm -f ${PIDFILE} >/dev/null 2>&1
test -n "${CONFIG}" && rm -f ${CONFIG} >/dev/null 2>&1
test -n "${OUTFILE}" && rm -f ${OUTFILE} >/dev/null 2>&1
}
trap finish EXIT
echo "Testing whether ban operates as expected... "
${CMDNS2} ${SERV} -p ${PIDFILE} -f -c ${CONFIG} ${DEBUG} & PID=$!