diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-07-01 10:01:25 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-07-01 10:01:25 +0000 |
| commit | c0072ad88a89ffade62dde1ee94c66a0be439ec5 (patch) | |
| tree | 56712b726ed37608871c27a5de7b82a8b69b4a27 | |
| parent | Removing changes outside of debian directory. (diff) | |
| download | samhain-c0072ad88a89ffade62dde1ee94c66a0be439ec5.tar.xz samhain-c0072ad88a89ffade62dde1ee94c66a0be439ec5.zip | |
Merging upstream version 4.4.10.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
131 files changed, 11817 insertions, 15291 deletions
@@ -18,6 +18,7 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA +On Debian-based systems, see /usr/share/common-licenses Incorporated code ----------------- @@ -556,7 +556,7 @@ fi if [ $mtest = 0 ]; then mfile=`cat $tmp` for z in $mfile ; do - cfgline="$cfgline --with-mandir=$z" + cfgline="$cfgline --mandir=$z" done fi diff --git a/Makefile.in b/Makefile.in index 684e92b..581965b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -117,7 +117,7 @@ HEADERS = samhain.h sh_unix.h sh_utils.h sh_error.h sh_error_min.h sh_files.h \ sh_mail.h sh_mail_int.h sh_nmail.h sh_filter.h \ sh_mem.h sh_entropy.h sh_xfer.h sh_modules.h sh_utmp.h \ sh_suidchk.h sh_srp.h sh_fifo.h sh_html.h sh_tools.h \ - sh_gpg.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \ + sh_sig.h sh_cat.h sh_calls.h sh_extern.h sh_database.h sh_trace.h \ sh_schedule.h bignum.h trustfile.h slib.h zAVLTree.h \ lzoconf.h minilzo.h rijndael-alg-fst.h rijndael-api-fst.h \ rijndael-boxes-fst.h sh_socket.h sh_ignore.h sh_prelude.h \ @@ -127,7 +127,7 @@ HEADERS = samhain.h sh_unix.h sh_utils.h sh_error.h sh_error_min.h sh_files.h \ sh_log_mark.h sh_log_repeat.h sh_inotify.h sh_registry.h sh_ipvx.h \ sh_restrict.h sh_sub.h sh_fInotify.h sh_checksum.h \ sh_dbIO.h sh_dbIO_int.h sh_guid.h sh_dbCheck.h sh_dbCreate.h \ - sh_sem.h + sh_sem.h sh_subuid.h SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ @@ -143,14 +143,14 @@ SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ $(srcsrc)/sh_utmp.c $(srcsrc)/sh_login_track.c \ $(srcsrc)/sh_suidchk.c $(srcsrc)/sh_srp.c \ $(srcsrc)/sh_fifo.c $(srcsrc)/sh_tools.c \ - $(srcsrc)/sh_html.c $(srcsrc)/sh_gpg.c \ + $(srcsrc)/sh_html.c $(srcsrc)/sh_sig.c \ $(srcsrc)/sh_cat.c $(srcsrc)/sh_calls.c \ $(srcsrc)/sh_extern.c $(srcsrc)/sh_database.c \ $(srcsrc)/sh_err_log.c $(srcsrc)/sh_err_console.c \ $(srcsrc)/sh_err_syslog.c $(srcsrc)/sh_schedule.c \ $(srcsrc)/bignum.c $(srcsrc)/mkhdr.c \ $(srcsrc)/samhain_setpwd.c $(srcsrc)/samhain_stealth.c \ - $(srcsrc)/encode.c $(srcsrc)/sstrip.c \ + $(srcsrc)/encode.c \ $(srcsrc)/trustfile.c $(srcsrc)/exepack.c \ $(srcsrc)/exepack_fill.c $(srcsrc)/exepack_mkdata.c \ $(srcsrc)/minilzo.c $(srcsrc)/slib.c \ @@ -174,6 +174,7 @@ SOURCES = $(srcsrc)/samhain.c $(srcsrc)/sh_unix.c \ $(srcsrc)/sh_filetype.c $(srcsrc)/sh_sub.c $(srcsrc)/sh_fInotify.c \ $(srcsrc)/sh_checksum.c $(srcsrc)/sh_guid.c $(srcsrc)/sh_sem.c \ $(srcsrc)/sh_dbIO.c $(srcsrc)/sh_dbCheck.c $(srcsrc)/sh_dbCreate.c \ + $(srcsrc)/sh_subuid.c \ $(srcsrc)/t-test1.c OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ @@ -182,7 +183,7 @@ OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ sh_hash.o sh_mail.o sh_nmail.o sh_mem.o sh_login_track.o \ sh_entropy.o sh_modules.o sh_utmp.o \ sh_xfer_client.o sh_xfer_server.o sh_xfer_syslog.o \ - sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_gpg.o \ + sh_suidchk.o sh_srp.o sh_fifo.o sh_tools.o sh_html.o sh_sig.o \ sh_cat.o sh_calls.o sh_extern.o sh_database.o sh_err_log.o \ sh_err_console.o sh_err_syslog.o sh_schedule.o bignum.o \ trustfile.o rijndael-alg-fst.o rijndael-api-fst.o slib.o \ @@ -196,15 +197,20 @@ OBJECTS = sh_files.o sh_tiger0.o sh_tiger2.o sh_tiger2_64.o \ sh_pthread.o sh_string.o sh_inotify.o dnmalloc.o \ sh_audit.o sh_registry.o sh_ipvx.o sh_restrict.o \ sh_filetype.o sh_sub.o sh_fInotify.o sh_checksum.o \ - sh_guid.o sh_sem.o sh_dbIO.o sh_dbCheck.o sh_dbCreate.o + sh_guid.o sh_sem.o sh_dbIO.o sh_dbCheck.o sh_dbCreate.o \ + sh_subuid.o TESTSUITE = test.sh testcompile.sh testhash.sh testtiger.txt \ testtimesrv.sh \ testext.sh testrc_1ext.in test_ext.c.in testrun_1d.sh \ - testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh testrc_1 \ + testrun_1.sh testrun_1a.sh testrun_1b.sh testrun_1c.sh \ + testrc_1 testrc_1i.dyn test1i_file.sig test1i_samhain.pub \ + testrun_1d.sh testrun_1e.sh testrun_1f.sh \ + testrun_1g.sh testrun_1h.sh testrun_1i.sh \ testrun_2.sh testrun_2a.sh testrun_2b.sh testrc_2.in \ - testrun_2c.sh testrun_2d.sh + testrun_2c.sh testrun_2d.sh testrun_2e.sh testrun_2f.sh \ + testrun_2g.sh DIST_COMMON = README COPYING LICENSE samhain.jpg \ samhainrc.linux samhainrc.solaris samhainrc.freebsd samhainrc.aix5.2.0 \ @@ -229,7 +235,7 @@ PROGRAMS = $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) $(SADMIN) # #---------------------------------------------------------- -all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) sstrip +all: $(top_srcdir)/depend.sum $(SETPWD) $(STEGIN) $(SAMHAIN) $(YULECTL) #---------------------------------------------------------- @@ -360,7 +366,7 @@ depend: depend-gen # CLEANFILES = encode config_xor.h depend-gen \ - internal.h sh_MK.h trustfile sstrip samhain mkhdr encode cutest \ + internal.h sh_MK.h trustfile samhain mkhdr encode cutest \ yule samhain_setpwd samhain_stealth samhainrc yulectl clean: @@ -371,13 +377,14 @@ clean: # everything created by (./configure && make) # -DISTCLEANFILES = Makefile samhain.spec sh_gpg_checksum.h sh_gpg_fp.h \ - init/samhain.startLinux init/samhain.startGentoo \ +DISTCLEANFILES = Makefile samhain.spec sh_sig_checksum.h sh_gpg_fp.h \ + init/samhain.startLinux init/samhain.startGentoo init/samhain.startSystemd \ init/samhain.startLSB init/samhain.startFreeBSD \ init/samhain.startSolaris init/samhain.startHPUX \ init/samhain.startIRIX init/samhain.startMACOSX \ - deploy.sh sh_MK.h samhain-install.sh sh_gpg_chksum.h sh_gpg_fp.h \ + deploy.sh sh_MK.h samhain-install.sh \ rules.deb rules.deb-light src/CuTestMain.c \ + scripts/samhainadmin-sig.pl scripts/samhainadmin-gpg.pl \ scripts/samhainadmin.pl scripts/check_samhain.pl \ scripts/samhain.ebuild scripts/samhain.ebuild-light \ scripts/yuleadmin.pl scripts/logrotate \ @@ -512,7 +519,7 @@ uninstall-boot: samhain-install.sh # -install-program: $(PROGRAMS) sstrip +install-program: $(PROGRAMS) @$(mkinstalldirs) $(DESTDIR)$(sbindir) @if test x$(mytmpdir) != x; then \ $(mkinstalldirs) $(DESTDIR)$(mytmpdir); \ @@ -525,8 +532,6 @@ install-program: $(PROGRAMS) sstrip echo " $(INSTALL_PROGRAM) $$p $$target"; \ $(INSTALL_PROGRAM) $$p $$target; \ chmod 0700 $$target; \ - echo " ./sstrip $$target"; \ - ./sstrip $$target; \ else \ echo " $(INSTALL_SHELL) $$p $$target"; \ $(INSTALL_SHELL) $$p $$target; \ @@ -577,8 +582,12 @@ install-data: trustfile @$(mkinstalldirs) $(DESTDIR)$(sysconfdir) @$(mkinstalldirs) $(DESTDIR)$(mylockdir) @$(mkinstalldirs) $(DESTDIR)$(mylogdir) - @$(mkinstalldirs) $(DESTDIR)$(mydatadir); \ - chmod 700 $(DESTDIR)$(mydatadir) + @if test -d $(DESTDIR)$(mydatadir); then \ + :; \ + else \ + $(mkinstalldirs) $(DESTDIR)$(mydatadir); \ + chmod 755 $(DESTDIR)$(mydatadir); \ + fi @if test -f samhainrc.$(selectconfig); then \ :; \ else \ @@ -677,7 +686,7 @@ run: run-light run-light: all @echo "Building $(PACKAGE)-$(VERSION).run"; \ - STAGE=$(PACKAGE)-$(VERSION); \ + STAGE=$(PACKAGE)-$(VERSION)-run-installer; \ mkdir $$STAGE; \ if test x"$$?" != x0; then \ echo "ERROR ... mkdir $$STAGE failed"; \ @@ -699,10 +708,17 @@ run-light: all echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ echo "cp -p $$temp/* $(sbindir) || exit 1" >> $$STAGE/setup.sh; \ temp=`echo $(sysconfdir) | sed s,^/,,`; \ - echo "chown root $$temp/*" >> $$STAGE/setup.sh; \ + echo "chown -R root $$temp/*" >> $$STAGE/setup.sh; \ configfile=`echo @myconffile@ | sed 's%^REQ_FROM_SERVER%%'`; \ - echo "test -f $$configfile || cp -p $$temp/* $$configfile" >> $$STAGE/setup.sh; \ - echo "./samhain-install.sh --express --verbose install-boot || echo 'Cannot install init script'" >> $$STAGE/setup.sh; \ + echo "cp -pr $$temp/* @sysconfdir@" >> $$STAGE/setup.sh; \ + echo "./samhain-install.sh --express --verbose install-boot" >> $$STAGE/setup.sh; \ + echo "if [ \$$? -ne 0 ]" >> $$STAGE/setup.sh; \ + echo "then" >> $$STAGE/setup.sh; \ + echo " echo 'Installation finished, but could not install boot-time init scripts'" >> $$STAGE/setup.sh; \ + echo " exit 2" >> $$STAGE/setup.sh; \ + echo "fi" >> $$STAGE/setup.sh; \ + echo "echo 'Installation finished'" >> $$STAGE/setup.sh; \ + echo "exit 0" >> $$STAGE/setup.sh; \ cp $(top_srcdir)/mkinstalldirs $$STAGE/; \ cp $(top_srcdir)/install-sh $$STAGE/; \ cp ./samhain-install.sh $$STAGE/; \ @@ -712,7 +728,7 @@ run-light: all chmod +x $$STAGE/mkinstalldirs; \ chmod +x $$STAGE/install-sh; \ $(top_srcdir)/scripts/makeself/makeself.sh --header $(top_srcdir)/scripts/makeself/makeself-header.sh --nocomp --nomd5 --notemp $$STAGE $(PACKAGE)-$(VERSION).run "$(PACKAGE)_$(VERSION)_self_extracting_installer" ./setup.sh && \ - rm -r $(PACKAGE)-$(VERSION) + rm -r $$STAGE emerge-prepare: dist @echo "Building $(PACKAGE)-$(VERSION)"; \ @@ -796,6 +812,7 @@ deb-light: fi; \ echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ echo etc/init.d >> debian/dirs; \ + echo lib/systemd/system >> debian/dirs; \ echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ @@ -812,6 +829,7 @@ deb: fi; \ echo $(sysconfdir) | sed s,^/,, >> debian/dirs; \ echo etc/init.d >> debian/dirs; \ + echo lib/systemd/system >> debian/dirs; \ echo $(mydatadir) | sed s,^/,, >> debian/dirs; \ echo $(mylogdir) | sed s,^/,, >> debian/dirs; \ echo $(mylockdir) | sed s,^/,, >> debian/dirs; \ @@ -831,7 +849,6 @@ deb: echo $(top_srcdir)/docs/MANUAL-2_4.pdf >> debian/docs; \ echo $(top_srcdir)/docs/README.gcc_bug >> debian/docs; \ echo $(top_srcdir)/docs/README.LZO >> debian/docs; \ - echo $(top_srcdir)/docs/README.sstrip >> debian/docs; \ echo $(top_srcdir)/docs/README.UPGRADE >> debian/docs; \ echo $(top_srcdir)/docs/README.win2K >> debian/docs; \ $(MAKE) deb-run @@ -841,17 +858,19 @@ deb-run: if test "x$$maintainer" = x; then \ maintainer="$(DEFAULT_MAINTAINER)"; \ fi; \ - echo "$(PACKAGE) ($(VERSION)-$(BUILD_NUM)) stable; urgency=low" > debian/changelog; \ + codename=`lsb_release -a 2>/dev/null | grep Codename | cut -f 2`; \ + if test "x$$codename" = x; then \ + codename="stable"; \ + fi; \ + echo "$(PACKAGE) ($(VERSION)-$(BUILD_NUM)) $$codename; urgency=low" > debian/changelog; \ echo >> debian/changelog; \ echo " * Initial release." >> debian/changelog; \ echo >> debian/changelog; \ echo " -- $$maintainer `date -R`" >> debian/changelog; \ echo >> debian/changelog; \ - echo "Local variables:" >> debian/changelog; \ - echo "mode: debian-changelog" >> debian/changelog; \ - echo "End:" >> debian/changelog; \ cp $(top_srcdir)/COPYING debian/copyright; \ - touch debian/README.debian; \ + echo "9" > debian/compat; \ + echo "Nothing to see here." > debian/README.debian; \ echo "Document: @install_name@-manual" > debian/@install_name@.doc-base; \ echo "Title: @install_name@ Manual" >> debian/@install_name@.doc-base; \ echo "Author: Rainer Wichmann" >> debian/@install_name@.doc-base; \ @@ -876,15 +895,16 @@ deb-run: echo "Section: admin" >> debian/control; \ echo "Priority: optional" >> debian/control; \ echo "Maintainer: $$maintainer" >> debian/control; \ - echo "Standards-Version: 3.2.1" >> debian/control; \ + echo "Build-Depends: debhelper (>> 9)" >> debian/control; \ + echo "Standards-Version: 3.9.8" >> debian/control; \ echo >> debian/control; \ echo "Package: @install_name@" >> debian/control; \ echo "Architecture: any" >> debian/control; \ - echo "Depends: libc6" >> debian/control; \ + echo "Depends: \$${shlibs:Depends}, \$${misc:Depends}" >> debian/control; \ echo "Description: File integrity checker" >> debian/control; \ echo " A file integrity checker" >> debian/control; \ echo "running debuild -us -uc"; \ - debuild --preserve-envvar=PASSWORD -us -uc -b; \ + export DEB_BUILD_MAINT_OPTIONS=optimize=-all; debuild --preserve-envvar=PASSWORD -us -uc -b; \ DEBFILE=`find ../ -follow -maxdepth 1 -cnewer ./debian/control 2>/dev/null | grep '@install_name@_$(VERSION)' | grep '\.deb'`; \ if test x"$$DEBFILE" = x; then \ echo "Error ... cannot find package file"; \ @@ -892,7 +912,7 @@ deb-run: else \ echo "Package $$DEBFILE built."; \ cp $$DEBFILE ./$(PACKAGE)-$(VERSION)-$(BUILD_NUM).deb; \ - ln -s ./$(PACKAGE)-$(VERSION)-$(BUILD_NUM).deb ./$(PACKAGE)-$(VERSION).deb; \ + ln --backup=numbered -fs ./$(PACKAGE)-$(VERSION)-$(BUILD_NUM).deb ./$(PACKAGE)-$(VERSION).deb; \ fi; \ echo @@ -918,9 +938,17 @@ rpmspec-light: samhain.spec rpm-light: rpmspec-light distrpm rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ - if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ - if ! test -d "$$RPMTOP"; then \ - RPMTOP=`echo $$HOME/rpmbuild`; \ + if test x"$$RPMTOP" = x; then \ + try_RPMTOP=`echo $${HOME}/rpmbuild`; \ + else \ + if test ! -d "$${try_RPMTOP}"; then \ + try_RPMTOP=`echo $${HOME}/rpmbuild`; \ + fi; \ + fi; \ + if test -d "$${try_RPMTOP}"; then \ + RPMTOP="$${try_RPMTOP}"; \ + else \ + RPMTOP=/usr/src; \ fi; \ echo "Searching the RPM package below $$RPMTOP ..."; \ RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ @@ -938,9 +966,17 @@ rpm-light: rpmspec-light distrpm rpm: rpmspec-full distrpm rpmbuild -ta ./$(PACKAGE)-$(VERSION).tar.gz; @RPMTOP=`cat ~/.rpmmacros 2>/dev/null | grep '%_topdir' | awk '{ print $$2}'`; \ - if test x"$$RPMTOP" = x; then RPMTOP=/usr/src; fi; \ - if ! test -d "$$RPMTOP"; then \ - RPMTOP=`echo $$HOME/rpmbuild`; \ + if test x"$$RPMTOP" = x; then \ + try_RPMTOP=`echo $${HOME}/rpmbuild`; \ + else \ + if test ! -d "$${try_RPMTOP}"; then \ + try_RPMTOP=`echo $${HOME}/rpmbuild`; \ + fi; \ + fi; \ + if test -d "$${try_RPMTOP}"; then \ + RPMTOP="$${try_RPMTOP}"; \ + else \ + RPMTOP=/usr/src; \ fi; \ echo "Searching the RPM package below $$RPMTOP ..."; \ RPMFILE=`find $$RPMTOP -follow -maxdepth 4 -cnewer ./samhain.spec 2>/dev/null | grep '@install_name@-$(VERSION)' | grep '\.rpm' | grep -v '\.src\.'`; \ @@ -1100,9 +1136,6 @@ sh_MK.h: config.h echo "#endif" >> sh_MK.h -sstrip: $(srcsrc)/sstrip.c Makefile - $(BUILD_CC) -I. -o sstrip $(srcsrc)/sstrip.c - encode: $(srcsrc)/encode.c Makefile $(BUILD_CC) -I. -o encode $(srcsrc)/encode.c @@ -1229,13 +1262,11 @@ exepack_mkdata: $(srcsrc)/exepack_mkdata.c $(srcinc)/lzoconf.h $(srcinc)/minilzo # # prepare the data to be packed # -exepack.data: $(SAMHAIN) exepack_mkdata sstrip +exepack.data: $(SAMHAIN) exepack_mkdata @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ cp ./$(SAMHAIN) ./samhain.pk.data; \ echo "strip ./samhain.pk.data"; \ strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ - echo "./sstrip ./samhain.pk.data"; \ - ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ echo "./exepack_mkdata ./samhain.pk.data ./exepack.data 0"; \ ./exepack_mkdata ./samhain.pk.data ./exepack.data 0; \ echo "rm -f ./samhain.pk.data"; \ @@ -1256,20 +1287,17 @@ exepack_fill: $(srcsrc)/exepack_fill.c minilzo.o exepack echo "$(LINK) exepack_fill.o minilzo.o"; \ $(LINK) exepack_fill.o minilzo.o -samhain.pk: $(SAMHAIN) exepack exepack_fill sstrip +samhain.pk: $(SAMHAIN) exepack exepack_fill @echo "cp ./$(SAMHAIN) ./samhain.pk.data"; \ cp ./$(SAMHAIN) ./samhain.pk.data; \ echo "strip ./samhain.pk.data"; \ strip ./samhain.pk.data > /dev/null 2>&1 || echo "... is already stripped"; \ - echo "./sstrip ./samhain.pk.data"; \ - ./sstrip ./samhain.pk.data > /dev/null 2>&1 || echo "sstrip returned false"; \ test -f exepack.out && rm exepack.out; \ echo "./exepack_fill exepack samhain.pk.data exepack.out"; \ ./exepack_fill exepack samhain.pk.data exepack.out; \ chmod +x exepack.out; \ echo "strip exepack.out"; \ strip exepack.out > /dev/null 2>&1 || echo "... is already stripped"; \ - ./sstrip exepack.out > /dev/null 2>&1 || echo "sstrip returned false"; \ echo "mv exepack.out samhain.pk"; \ rm -f samhain.pk; mv exepack.out samhain.pk @@ -1465,15 +1493,20 @@ distcheck: dist && $(MAKE) install -rm -rf $(distdir) -rm -f $(distdir).tar.gz.asc - @gpg -a --detach-sign $(distdir).tar.gz; \ - $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc; \ - rm -f $(distdir).tar.gz; \ - rm -f $(distdir).tar.gz.asc; \ - gzip --best $(distdir).tar - mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz - @echo "========================"; \ - echo "$(PACKAGE)_signed-$(VERSION).tar.gz is ready for distribution"; \ - echo "========================" + gpg -a --detach-sign $(distdir).tar.gz; + $(TAR) chof $(distdir).tar $(distdir).tar.gz $(distdir).tar.gz.asc; + @if test x"$$?" != x0; then \ + rm -f $(distdir).tar.gz; \ + echo "ERROR creating $(PACKAGE)_signed-$(VERSION).tar.gz"; \ + else \ + rm -f $(distdir).tar.gz; \ + rm -f $(distdir).tar.gz.asc; \ + gzip --best $(distdir).tar; \ + mv $(distdir).tar.gz $(PACKAGE)_signed-$(VERSION).tar.gz; \ + echo "========================"; \ + echo "$(PACKAGE)_signed-$(VERSION).tar.gz is ready for distribution"; \ + echo "========================"; \ + fi; \ # # create a tarfile for the distibution @@ -1531,6 +1564,7 @@ samhain.startLSB samhain.startGentoo samhain.startLinux samhain.startHPUX \ samhain.startIRIX samhain.startMACOSX SCRIPTFILES=redhat_i386.client.spec check_samhain.pl samhainadmin.pl \ +samhainadmin-gpg.pl samhainadmin-sig.pl \ yuleadmin.pl samhain.ebuild samhain.ebuild-light samhain.spec distdir: distfilecheck @@ -1604,34 +1638,38 @@ distfilecheck: $(top_srcdir)/config.h.in $(top_srcdir)/depend.sum # DO NOT DELETE THIS LINE -samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h -sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_ignore.h + +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_subuid.h $(srcinc)/sh_ignore.h sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_nmail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_prelude.h $(srcinc)/sh_pthread.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h $(srcinc)/sh_checksum.h sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_inotify.h $(srcinc)/zAVLTree.h $(srcinc)/sh_dbIO.h $(srcinc)/CuTest.h sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbCheck.h $(srcinc)/sh_dbCreate.h $(srcinc)/sh_sem.h $(srcinc)/sh_extern.h -sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_sig.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_checksum.h sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h -sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/sh_nmail.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h +sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h -sh_forward.o: $(srcsrc)/sh_forward.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_forward.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_xfer_client.o: $(srcsrc)/sh_xfer_client.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h +sh_xfer_server.o: $(srcsrc)/sh_xfer_server.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/sh_guid.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h +sh_xfer_syslog.o: $(srcsrc)/sh_xfer_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h sh_modules.o: $(srcsrc)/sh_modules.c Makefile config_xor.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utmp.h $(srcinc)/sh_mounts.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_portcheck.h $(srcinc)/sh_logmon.h $(srcinc)/sh_registry.h $(srcinc)/sh_fInotify.h sh_utmp.o: $(srcsrc)/sh_utmp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_utmp.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h -sh_kern.o: $(srcsrc)/sh_kern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_kern.h sh_ks_xor.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h +sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h sh_suidchk.o: $(srcsrc)/sh_suidchk.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_suidchk.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_schedule.h $(srcinc)/sh_calls.h $(srcinc)/zAVLTree.h sh_srp.o: $(srcsrc)/sh_srp.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/sh_srp.h $(srcinc)/bignum.h $(srcinc)/CuTest.h sh_fifo.o: $(srcsrc)/sh_fifo.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_fifo.h $(srcinc)/CuTest.h sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_mem.h $(srcinc)/sh_error.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/rijndael-api-fst.h $(srcinc)/rijndael-api-fst.h sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_xfer.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h -sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h +sh_sig.o: $(srcsrc)/sh_sig.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_sig.h sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h -sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h @@ -1643,7 +1681,6 @@ mkhdr.o: $(srcsrc)/mkhdr.c Makefile config.h samhain_setpwd.o: $(srcsrc)/samhain_setpwd.c Makefile config_xor.h samhain_stealth.o: $(srcsrc)/samhain_stealth.c Makefile config_xor.h encode.o: $(srcsrc)/encode.c Makefile -sstrip.o: $(srcsrc)/sstrip.c Makefile config.h trustfile.o: $(srcsrc)/trustfile.c Makefile config_xor.h $(srcinc)/sh_calls.h $(srcinc)/slib.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h exepack.o: $(srcsrc)/exepack.c Makefile config.h $(srcinc)/minilzo.h $(srcinc)/exepack.data exepack_fill.o: $(srcsrc)/exepack_fill.c Makefile config.h config.h $(srcinc)/minilzo.h @@ -1659,31 +1696,26 @@ yulectl.o: $(srcsrc)/yulectl.c Makefile config_xor.h sh_mounts.o: $(srcsrc)/sh_mounts.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_modules.h $(srcinc)/sh_mounts.h sh_userfiles.o: $(srcsrc)/sh_userfiles.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_userfiles.h $(srcinc)/sh_utils.h $(srcinc)/sh_schedule.h $(srcinc)/sh_error.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h sh_prelude.o: $(srcsrc)/sh_prelude.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error_min.h $(srcinc)/sh_prelude.h $(srcinc)/sh_static.h -kern_head.o: $(srcsrc)/kern_head.c Makefile config.h $(srcinc)/kern_head.h $(srcinc)/kern_head.h sh_prelink.o: $(srcsrc)/sh_prelink.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h sh_static.o: $(srcsrc)/sh_static.c Makefile config_xor.h $(srcinc)/sh_pthread.h -sh_async.o: $(srcsrc)/sh_async.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h -sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h sh_portcheck.o: $(srcsrc)/sh_portcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_mem.h $(srcinc)/sh_calls.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/CuTest.h +sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h +sh_processcheck.o: $(srcsrc)/sh_processcheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_modules.h $(srcinc)/sh_processcheck.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h +sh_filter.o: $(srcsrc)/sh_filter.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_filter.h sh_pthread.o: $(srcsrc)/sh_pthread.c Makefile config_xor.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_modules.h sh_string.o: $(srcsrc)/sh_string.c Makefile config_xor.h $(srcinc)/sh_string.h $(srcinc)/sh_mem.h $(srcinc)/CuTest.h -dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h -t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h -sh_port2proc.o: $(srcsrc)/sh_port2proc.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error_min.h $(srcinc)/sh_pthread.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h sh_log_parse_syslog.o: $(srcsrc)/sh_log_parse_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h sh_log_parse_pacct.o: $(srcsrc)/sh_log_parse_pacct.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h +sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h +sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/zAVLTree.h -sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h -sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h -sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h -sh_filter.o: $(srcsrc)/sh_filter.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_filter.h -sh_inotify.o: $(srcsrc)/sh_inotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/slib.h $(srcinc)/zAVLTree.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/CuTest.h sh_log_correlate.o: $(srcsrc)/sh_log_correlate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h sh_log_mark.o: $(srcsrc)/sh_log_mark.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_string.h $(srcinc)/sh_error_min.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h +sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h +dnmalloc.o: $(srcsrc)/dnmalloc.c Makefile config.h +sh_inotify.o: $(srcsrc)/sh_inotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/sh_mem.h $(srcinc)/sh_utils.h $(srcinc)/slib.h $(srcinc)/zAVLTree.h $(srcinc)/sh_calls.h $(srcinc)/sh_inotify.h $(srcinc)/CuTest.h sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h -sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h -sh_login_track.o: $(srcsrc)/sh_login_track.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_tools.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_error_min.h $(srcinc)/CuTest.h $(srcinc)/CuTest.h sh_audit.o: $(srcsrc)/sh_audit.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_utils.h sh_registry.o: $(srcsrc)/sh_registry.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_modules.h $(srcinc)/sh_hash.h $(srcinc)/sh_tiger.h sh_ipvx.o: $(srcsrc)/sh_ipvx.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h $(srcinc)/CuTest.h @@ -1693,11 +1725,9 @@ sh_sub.o: $(srcsrc)/sh_sub.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc) sh_fInotify.o: $(srcsrc)/sh_fInotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h sh_checksum.o: $(srcsrc)/sh_checksum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_checksum.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h sh_guid.o: $(srcsrc)/sh_guid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h -sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_gpg.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h +sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h +sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_sig.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h sh_dbCheck.o: $(srcsrc)/sh_dbCheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h sh_dbCreate.o: $(srcsrc)/sh_dbCreate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h $(srcinc)/sh_guid.h -sh_xfer_client.o: $(srcsrc)/sh_xfer_client.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h -sh_xfer_server.o: $(srcsrc)/sh_xfer_server.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/sh_guid.h $(srcinc)/rijndael-api-fst.h $(srcinc)/sh_readconf.h $(srcinc)/zAVLTree.h $(srcinc)/sh_extern.h -sh_xfer_syslog.o: $(srcsrc)/sh_xfer_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h -sh_xload_client.o: $(srcsrc)/sh_xload_client.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_guid.h -sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h +sh_subuid.o: $(srcsrc)/sh_subuid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h +t-test1.o: $(srcsrc)/t-test1.c Makefile config.h $(srcinc)/malloc.h @@ -84,18 +84,6 @@ INSTALL: see the MANUAL. - WARNING: - ------- - Some versions of gcc have a bug that generates incorrect - code if strength reducing is enabled. - If you modify the compiler flags, always use the -fno-strength-reduce - option with gcc, unless you are sure that your compiler does not - suffer from the problem (see README.gcc_bug). - Also, some gcc versions generate incorrect code unless the - -fno-omit-frame-pointer option is used. - The -fno-strength-reduce and the -fno-omit-frame-pointer options are - enabled by default by the 'configure' script. - PGP SIGNATURES: -------------- By default, samhain will report on the checksums of the database @@ -231,12 +231,6 @@ /* The full path to GnuPG */ #undef DEFAULT_GPG_PATH -/* Define if using the gpg/pgp checksum. */ -#undef HAVE_GPG_CHECKSUM - -/* The tiger checksum of the gpg/pgp binary. */ -#undef GPG_HASH - /* Define if you want to compile in the */ /* public key fingerprint. */ #undef USE_FINGERPRINT @@ -409,7 +409,7 @@ x_includes=NONE x_libraries=NONE DESTDIR= SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" -SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" +SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" @@ -1124,30 +1124,45 @@ AC_DEFUN([GCC_STACK_PROTECT_LIB],[ AC_DEFUN([GCC_STACK_PROTECT_CC],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-strong], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -fstack-protector-strong" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) if test $ssp_cv_cc = no; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector-all], ssp_cv_cc, [ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector" + CFLAGS="$CFLAGS -fstack-protector-all" AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) CFLAGS="$ssp_old_cflags" ]) - if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" - LDFLAGS="$LDFLAGS -fstack-protector" - AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + if test $ssp_cv_cc = no; then + AC_CACHE_CHECK([whether ${CC} accepts -fstack-protector], + ssp_cv_cc, + [ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector" + AC_TRY_COMPILE(,, ssp_cv_cc=yes, ssp_cv_cc=no) + CFLAGS="$ssp_old_cflags" + ]) + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" + LDFLAGS="$LDFLAGS -fstack-protector" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi + else + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + LDFLAGS="$LDFLAGS -fstack-protector-all" + AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) + fi fi else if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - LDFLAGS="$LDFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-strong" + LDFLAGS="$LDFLAGS -fstack-protector-strong" AC_DEFINE([ENABLE_SSP_CC], 1, [Define if SSP C support is enabled.]) fi fi @@ -1210,15 +1225,15 @@ AC_DEFUN([GCC_PIE_CC],[ AC_DEFUN([GCC_STACK_CHECK_CC],[ AC_LANG_ASSERT(C) if test "X$CC" != "X"; then - AC_CACHE_CHECK([whether ${CC} accepts -fstack-check], + AC_CACHE_CHECK([whether ${CC} accepts -fstack-clash-protection], stackcheck_cv_cc, [stackcheck_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-check" + CFLAGS="$CFLAGS -fstack-clash-protection" AC_TRY_COMPILE(,, stackcheck_cv_cc=yes, stackcheck_cv_cc=no) CFLAGS="$stackcheck_old_cflags" ]) if test $stackcheck_cv_cc = yes; then - CFLAGS="$CFLAGS -fstack-check" + CFLAGS="$CFLAGS -fstack-clash-protection" fi fi ]) @@ -1228,10 +1243,11 @@ AC_DEFUN([GCC_FLAG_CHECK],[ if test "X$CC" != "X"; then AC_MSG_CHECKING([whether ${CC} accepts $1]) saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Werror $1" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo $1 | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" AC_TRY_COMPILE(,, flag_check_cv=yes, flag_check_cv=no) CFLAGS="$saved_cflags" - if test $flag_check_cv = yes; then CFLAGS="$CFLAGS $1" AC_MSG_RESULT([yes]) diff --git a/c_random.sh b/c_random.sh index cc863aa..a51466e 100755 --- a/c_random.sh +++ b/c_random.sh @@ -15,7 +15,7 @@ rnd_tst=no if test -r "/dev/urandom"; then if test -c "/dev/urandom"; then dd if=/dev/urandom ibs=1 count=4 > my_random_file 2>/dev/null - nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + nsum=`cksum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` if test x$nsum != x; then rnd_tst=yes fi @@ -26,7 +26,7 @@ if test x$rnd_tst = xno; then if test -r "/dev/srandom"; then if test -c "/dev/srandom"; then dd if=/dev/srandom ibs=1 count=4 > my_random_file 2>/dev/null - nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + nsum=`cksum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` if test x$nsum != x; then rnd_tst=yes fi @@ -217,16 +217,17 @@ if test x$rnd_tst = xno; then /usr/local/bin/procinfo -a >> my_random_file 2>/dev/null fi # - nsum=`sum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` + nsum=`cksum ./my_random_file | awk '{print $1 }' | sed 's%^0*%%g' 2>/dev/null` # fi # -# 'sum' is portable, but only 16 bit +# 'cksum' is more portable than 'sum', but 32 bit # /bin/rm -f ./my_random_file 2>/dev/null -echo $nsum +final=`expr $nsum \% 65536` +echo $final diff --git a/config.guess b/config.guess index 1f5c50c..f50dcdb 100755 --- a/config.guess +++ b/config.guess @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2014-03-23' +timestamp='2018-02-24' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2014-03-23' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -24,12 +24,12 @@ timestamp='2014-03-23' # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to <config-patches@gnu.org>. me=`echo "$0" | sed -e 's,.*/,,'` @@ -39,7 +39,7 @@ Usage: $0 [OPTION] Output the configuration name of the system \`$me' is run on. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -50,7 +50,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -107,9 +107,9 @@ trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; dummy=$tmp/dummy ; tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; case $CC_FOR_BUILD,$HOST_CC,$CC in - ,,) echo "int x;" > $dummy.c ; + ,,) echo "int x;" > "$dummy.c" ; for c in cc gcc c89 c99 ; do - if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then + if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then CC_FOR_BUILD="$c"; break ; fi ; done ; @@ -132,14 +132,14 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -case "${UNAME_SYSTEM}" in +case "$UNAME_SYSTEM" in Linux|GNU|GNU/*) # If the system lacks a compiler, then just pick glibc. # We could probably try harder. LIBC=gnu - eval $set_cc_for_build - cat <<-EOF > $dummy.c + eval "$set_cc_for_build" + cat <<-EOF > "$dummy.c" #include <features.h> #if defined(__UCLIBC__) LIBC=uclibc @@ -149,13 +149,20 @@ Linux|GNU|GNU/*) LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi ;; esac # Note: order is significant - the case branches are not exclusive. -case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in *:NetBSD:*:*) # NetBSD (nbsd) targets should (where applicable) match one or # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, @@ -168,21 +175,31 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` - case "${UNAME_MACHINE_ARCH}" in + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; - *) machine=${UNAME_MACHINE_ARCH}-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; esac # The Operating System including object format, if it has switched - # to ELF recently, or will in the future. - case "${UNAME_MACHINE_ARCH}" in + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; arm*|i386|m68k|ns32k|sh3*|sparc|vax) - eval $set_cc_for_build + eval "$set_cc_for_build" if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ then @@ -197,44 +214,67 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in os=netbsd ;; esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need # kernel version information, so it can be replaced with a # suitable tag, in the style of linux-gnu. - case "${UNAME_VERSION}" in + case "$UNAME_VERSION" in Debian*) release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "$machine-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" exit ;; *:OpenBSD:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` - echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" exit ;; *:ekkoBSD:*:*) - echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" exit ;; *:SolidBSD:*:*) - echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" exit ;; macppc:MirBSD:*:*) - echo powerpc-unknown-mirbsd${UNAME_RELEASE} + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" exit ;; *:MirBSD:*:*) - echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -251,63 +291,54 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` case "$ALPHA_CPU_TYPE" in "EV4 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV4.5 (21064)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "LCA4 (21066/21068)") - UNAME_MACHINE="alpha" ;; + UNAME_MACHINE=alpha ;; "EV5 (21164)") - UNAME_MACHINE="alphaev5" ;; + UNAME_MACHINE=alphaev5 ;; "EV5.6 (21164A)") - UNAME_MACHINE="alphaev56" ;; + UNAME_MACHINE=alphaev56 ;; "EV5.6 (21164PC)") - UNAME_MACHINE="alphapca56" ;; + UNAME_MACHINE=alphapca56 ;; "EV5.7 (21164PC)") - UNAME_MACHINE="alphapca57" ;; + UNAME_MACHINE=alphapca57 ;; "EV6 (21264)") - UNAME_MACHINE="alphaev6" ;; + UNAME_MACHINE=alphaev6 ;; "EV6.7 (21264A)") - UNAME_MACHINE="alphaev67" ;; + UNAME_MACHINE=alphaev67 ;; "EV6.8CB (21264C)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8AL (21264B)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.8CX (21264D)") - UNAME_MACHINE="alphaev68" ;; + UNAME_MACHINE=alphaev68 ;; "EV6.9A (21264/EV69A)") - UNAME_MACHINE="alphaev69" ;; + UNAME_MACHINE=alphaev69 ;; "EV7 (21364)") - UNAME_MACHINE="alphaev7" ;; + UNAME_MACHINE=alphaev7 ;; "EV7.9 (21364A)") - UNAME_MACHINE="alphaev79" ;; + UNAME_MACHINE=alphaev79 ;; esac # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" # Reset EXIT trap before exiting to avoid spurious non-zero exit code. exitcode=$? trap '' 0 exit $exitcode ;; - Alpha\ *:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # Should we change UNAME_MACHINE based on the output of uname instead - # of the specific Alpha model? - echo alpha-pc-interix - exit ;; - 21064:Windows_NT:50:3) - echo alpha-dec-winnt3.5 - exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 exit ;; *:[Aa]miga[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-amigaos + echo "$UNAME_MACHINE"-unknown-amigaos exit ;; *:[Mm]orph[Oo][Ss]:*:*) - echo ${UNAME_MACHINE}-unknown-morphos + echo "$UNAME_MACHINE"-unknown-morphos exit ;; *:OS/390:*:*) echo i370-ibm-openedition @@ -319,7 +350,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in echo powerpc-ibm-os400 exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) - echo arm-acorn-riscix${UNAME_RELEASE} + echo arm-acorn-riscix"$UNAME_RELEASE" exit ;; arm*:riscos:*:*|arm*:RISCOS:*:*) echo arm-unknown-riscos @@ -346,38 +377,38 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in sparc) echo sparc-icl-nx7; exit ;; esac ;; s390x:SunOS:*:*) - echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; sun4H:SunOS:5.*:*) - echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) - echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" exit ;; i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) - echo i386-pc-auroraux${UNAME_RELEASE} + echo i386-pc-auroraux"$UNAME_RELEASE" exit ;; i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) - eval $set_cc_for_build - SUN_ARCH="i386" + eval "$set_cc_for_build" + SUN_ARCH=i386 # If there is a compiler, see if it is configured for 64-bit objects. # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. # This test works for both compilers. - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ grep IS_64BIT_ARCH >/dev/null then - SUN_ARCH="x86_64" + SUN_ARCH=x86_64 fi fi - echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. - echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in @@ -386,25 +417,25 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in ;; esac # Japanese Language versions have a version number like `4.1.3-JL'. - echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" exit ;; sun3*:SunOS:*:*) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` - test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 case "`/bin/arch`" in sun3) - echo m68k-sun-sunos${UNAME_RELEASE} + echo m68k-sun-sunos"$UNAME_RELEASE" ;; sun4) - echo sparc-sun-sunos${UNAME_RELEASE} + echo sparc-sun-sunos"$UNAME_RELEASE" ;; esac exit ;; aushp:SunOS:*:*) - echo sparc-auspex-sunos${UNAME_RELEASE} + echo sparc-auspex-sunos"$UNAME_RELEASE" exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not @@ -415,44 +446,44 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in # MiNT. But MiNT is downward compatible to TOS, so this should # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) - echo m68k-atari-mint${UNAME_RELEASE} + echo m68k-atari-mint"$UNAME_RELEASE" exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) - echo m68k-milan-mint${UNAME_RELEASE} + echo m68k-milan-mint"$UNAME_RELEASE" exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) - echo m68k-hades-mint${UNAME_RELEASE} + echo m68k-hades-mint"$UNAME_RELEASE" exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) - echo m68k-unknown-mint${UNAME_RELEASE} + echo m68k-unknown-mint"$UNAME_RELEASE" exit ;; m68k:machten:*:*) - echo m68k-apple-machten${UNAME_RELEASE} + echo m68k-apple-machten"$UNAME_RELEASE" exit ;; powerpc:machten:*:*) - echo powerpc-apple-machten${UNAME_RELEASE} + echo powerpc-apple-machten"$UNAME_RELEASE" exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 exit ;; RISC*:ULTRIX:*:*) - echo mips-dec-ultrix${UNAME_RELEASE} + echo mips-dec-ultrix"$UNAME_RELEASE" exit ;; VAX*:ULTRIX*:*:*) - echo vax-dec-ultrix${UNAME_RELEASE} + echo vax-dec-ultrix"$UNAME_RELEASE" exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) - echo clipper-intergraph-clix${UNAME_RELEASE} + echo clipper-intergraph-clix"$UNAME_RELEASE" exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #ifdef __cplusplus #include <stdio.h> /* for printf() prototype */ int main (int argc, char *argv[]) { @@ -461,23 +492,23 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in #endif #if defined (host_mips) && defined (MIPSEB) #if defined (SYSTYPE_SYSV) - printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_SVR4) - printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); #endif #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) - printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); #endif #endif exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && - dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && - SYSTEM_NAME=`$dummy $dummyarg` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && { echo "$SYSTEM_NAME"; exit; } - echo mips-mips-riscos${UNAME_RELEASE} + echo mips-mips-riscos"$UNAME_RELEASE" exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax @@ -503,17 +534,17 @@ EOF AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` - if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] then - if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ - [ ${TARGET_BINARY_INTERFACE}x = x ] + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] then - echo m88k-dg-dgux${UNAME_RELEASE} + echo m88k-dg-dgux"$UNAME_RELEASE" else - echo m88k-dg-dguxbcs${UNAME_RELEASE} + echo m88k-dg-dguxbcs"$UNAME_RELEASE" fi else - echo i586-dg-dgux${UNAME_RELEASE} + echo i586-dg-dgux"$UNAME_RELEASE" fi exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) @@ -530,7 +561,7 @@ EOF echo m68k-tektronix-bsd exit ;; *:IRIX*:*:*) - echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id @@ -542,14 +573,14 @@ EOF if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include <sys/systemcfg.h> main() @@ -560,7 +591,7 @@ EOF exit(0); } EOF - if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` then echo "$SYSTEM_NAME" else @@ -574,26 +605,27 @@ EOF exit ;; *:AIX:*:[4567]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` - if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else - IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" fi - echo ${IBM_ARCH}-ibm-aix${IBM_REV} + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" exit ;; *:AIX:*:*) echo rs6000-ibm-aix exit ;; - ibmrt:4.4BSD:*|romp-ibm:BSD:*) + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) echo romp-ibm-bsd4.4 exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and - echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx @@ -608,28 +640,28 @@ EOF echo m68k-hp-bsd4.4 exit ;; 9000/[34678]??:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - case "${UNAME_MACHINE}" in - 9000/31? ) HP_ARCH=m68000 ;; - 9000/[34]?? ) HP_ARCH=m68k ;; + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; 9000/[678][0-9][0-9]) if [ -x /usr/bin/getconf ]; then sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` - case "${sc_cpu_version}" in - 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 - 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 532) # CPU_PA_RISC2_0 - case "${sc_kernel_bits}" in - 32) HP_ARCH="hppa2.0n" ;; - 64) HP_ARCH="hppa2.0w" ;; - '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 esac ;; esac fi - if [ "${HP_ARCH}" = "" ]; then - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + if [ "$HP_ARCH" = "" ]; then + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #define _HPUX_SOURCE #include <stdlib.h> @@ -662,13 +694,13 @@ EOF exit (0); } EOF - (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy` + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` test -z "$HP_ARCH" && HP_ARCH=hppa fi ;; esac - if [ ${HP_ARCH} = "hppa2.0w" ] + if [ "$HP_ARCH" = hppa2.0w ] then - eval $set_cc_for_build + eval "$set_cc_for_build" # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler @@ -679,23 +711,23 @@ EOF # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess # => hppa64-hp-hpux11.23 - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | grep -q __LP64__ then - HP_ARCH="hppa2.0w" + HP_ARCH=hppa2.0w else - HP_ARCH="hppa64" + HP_ARCH=hppa64 fi fi - echo ${HP_ARCH}-hp-hpux${HPUX_REV} + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" exit ;; ia64:HP-UX:*:*) - HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` - echo ia64-hp-hpux${HPUX_REV} + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" exit ;; 3050*:HI-UX:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #include <unistd.h> int main () @@ -720,11 +752,11 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 exit ;; - 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) echo hppa1.1-hp-bsd exit ;; 9000/8??:4.3bsd:*:*) @@ -733,7 +765,7 @@ EOF *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix exit ;; - hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) echo hppa1.1-hp-osf exit ;; hp8??:OSF1:*:*) @@ -741,9 +773,9 @@ EOF exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then - echo ${UNAME_MACHINE}-unknown-osf1mk + echo "$UNAME_MACHINE"-unknown-osf1mk else - echo ${UNAME_MACHINE}-unknown-osf1 + echo "$UNAME_MACHINE"-unknown-osf1 fi exit ;; parisc*:Lites*:*:*) @@ -768,127 +800,109 @@ EOF echo c4-convex-bsd exit ;; CRAY*Y-MP:*:*:*) - echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*[A-Z]90:*:*:*) - echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' exit ;; CRAY*TS:*:*:*) - echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*T3E:*:*:*) - echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; CRAY*SV1:*:*:*) - echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; *:UNICOS/mp:*:*) - echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) - FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; 5000:UNIX_System_V:4.*:*) - FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` - FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) - echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" exit ;; sparc*:BSD/OS:*:*) - echo sparc-unknown-bsdi${UNAME_RELEASE} + echo sparc-unknown-bsdi"$UNAME_RELEASE" exit ;; *:BSD/OS:*:*) - echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" exit ;; *:FreeBSD:*:*) UNAME_PROCESSOR=`/usr/bin/uname -p` - case ${UNAME_PROCESSOR} in + case "$UNAME_PROCESSOR" in amd64) - echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; - *) - echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; i*:CYGWIN*:*) - echo ${UNAME_MACHINE}-pc-cygwin + echo "$UNAME_MACHINE"-pc-cygwin exit ;; *:MINGW64*:*) - echo ${UNAME_MACHINE}-pc-mingw64 + echo "$UNAME_MACHINE"-pc-mingw64 exit ;; *:MINGW*:*) - echo ${UNAME_MACHINE}-pc-mingw32 + echo "$UNAME_MACHINE"-pc-mingw32 exit ;; *:MSYS*:*) - echo ${UNAME_MACHINE}-pc-msys - exit ;; - i*:windows32*:*) - # uname -m includes "-pc" on this system. - echo ${UNAME_MACHINE}-mingw32 + echo "$UNAME_MACHINE"-pc-msys exit ;; i*:PW*:*) - echo ${UNAME_MACHINE}-pc-pw32 + echo "$UNAME_MACHINE"-pc-pw32 exit ;; *:Interix*:*) - case ${UNAME_MACHINE} in + case "$UNAME_MACHINE" in x86) - echo i586-pc-interix${UNAME_RELEASE} + echo i586-pc-interix"$UNAME_RELEASE" exit ;; authenticamd | genuineintel | EM64T) - echo x86_64-unknown-interix${UNAME_RELEASE} + echo x86_64-unknown-interix"$UNAME_RELEASE" exit ;; IA64) - echo ia64-unknown-interix${UNAME_RELEASE} + echo ia64-unknown-interix"$UNAME_RELEASE" exit ;; esac ;; - [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) - echo i${UNAME_MACHINE}-pc-mks - exit ;; - 8664:Windows_NT:*) - echo x86_64-pc-mks - exit ;; - i*:Windows_NT*:* | Pentium*:Windows_NT*:*) - # How do we know it's Interix rather than the generic POSIX subsystem? - # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we - # UNAME_MACHINE based on the output of uname instead of i386? - echo i586-pc-interix - exit ;; i*:UWIN*:*) - echo ${UNAME_MACHINE}-pc-uwin + echo "$UNAME_MACHINE"-pc-uwin exit ;; amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) echo x86_64-unknown-cygwin exit ;; - p*:CYGWIN*:*) - echo powerpcle-unknown-cygwin - exit ;; prep*:SunOS:5.*:*) - echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" exit ;; *:GNU:*:*) # the GNU system - echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" exit ;; *:GNU/*:*:*) # other systems with GNU libc and userland - echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC} + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" exit ;; i*86:Minix:*:*) - echo ${UNAME_MACHINE}-pc-minix + echo "$UNAME_MACHINE"-pc-minix exit ;; aarch64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; aarch64_be:Linux:*:*) UNAME_MACHINE=aarch64_be - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in @@ -901,58 +915,64 @@ EOF EV68*) UNAME_MACHINE=alphaev68 ;; esac objdump --private-headers /bin/sh | grep -q ld.so.1 - if test "$?" = 0 ; then LIBC="gnulibc1" ; fi - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arc:Linux:*:* | arceb:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; arm*:Linux:*:*) - eval $set_cc_for_build + eval "$set_cc_for_build" if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_EABI__ then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" else if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ARM_PCS_VFP then - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi else - echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf fi fi exit ;; avr32*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; cris:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" exit ;; crisv32:Linux:*:*) - echo ${UNAME_MACHINE}-axis-linux-${LIBC} + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; frv:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; hexagon:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:Linux:*:*) - echo ${UNAME_MACHINE}-pc-linux-${LIBC} + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m32r*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; m68*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; mips:Linux:*:* | mips64:Linux:*:*) - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" #undef CPU #undef ${UNAME_MACHINE} #undef ${UNAME_MACHINE}el @@ -966,64 +986,74 @@ EOF #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` - test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; openrisc*:Linux:*:*) - echo or1k-unknown-linux-${LIBC} + echo or1k-unknown-linux-"$LIBC" exit ;; or32:Linux:*:* | or1k*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; padre:Linux:*:*) - echo sparc-unknown-linux-${LIBC} + echo sparc-unknown-linux-"$LIBC" exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) - echo hppa64-unknown-linux-${LIBC} + echo hppa64-unknown-linux-"$LIBC" exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in - PA7*) echo hppa1.1-unknown-linux-${LIBC} ;; - PA8*) echo hppa2.0-unknown-linux-${LIBC} ;; - *) echo hppa-unknown-linux-${LIBC} ;; + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; esac exit ;; ppc64:Linux:*:*) - echo powerpc64-unknown-linux-${LIBC} + echo powerpc64-unknown-linux-"$LIBC" exit ;; ppc:Linux:*:*) - echo powerpc-unknown-linux-${LIBC} + echo powerpc-unknown-linux-"$LIBC" exit ;; ppc64le:Linux:*:*) - echo powerpc64le-unknown-linux-${LIBC} + echo powerpc64le-unknown-linux-"$LIBC" exit ;; ppcle:Linux:*:*) - echo powerpcle-unknown-linux-${LIBC} + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-ibm-linux-${LIBC} + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" exit ;; sh64*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sh*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; tile*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; vax:Linux:*:*) - echo ${UNAME_MACHINE}-dec-linux-${LIBC} + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + if objdump -f /bin/sh | grep -q elf32-x86-64; then + echo "$UNAME_MACHINE"-pc-linux-"$LIBC"x32 + else + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + fi exit ;; xtensa*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" exit ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. @@ -1037,34 +1067,34 @@ EOF # I am not positive that other SVR4 systems won't match this, # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. - echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. - echo ${UNAME_MACHINE}-pc-os2-emx + echo "$UNAME_MACHINE"-pc-os2-emx exit ;; i*86:XTS-300:*:STOP) - echo ${UNAME_MACHINE}-unknown-stop + echo "$UNAME_MACHINE"-unknown-stop exit ;; i*86:atheos:*:*) - echo ${UNAME_MACHINE}-unknown-atheos + echo "$UNAME_MACHINE"-unknown-atheos exit ;; i*86:syllable:*:*) - echo ${UNAME_MACHINE}-pc-syllable + echo "$UNAME_MACHINE"-pc-syllable exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) - echo i386-unknown-lynxos${UNAME_RELEASE} + echo i386-unknown-lynxos"$UNAME_RELEASE" exit ;; i*86:*DOS:*:*) - echo ${UNAME_MACHINE}-pc-msdosdjgpp + echo "$UNAME_MACHINE"-pc-msdosdjgpp exit ;; - i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) - UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then - echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" fi exit ;; i*86:*:5:[678]*) @@ -1074,12 +1104,12 @@ EOF *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac - echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` - echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + echo "$UNAME_MACHINE"-pc-isc"$UNAME_REL" elif /bin/uname -X 2>/dev/null >/dev/null ; then UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 @@ -1089,9 +1119,9 @@ EOF && UNAME_MACHINE=i686 (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ && UNAME_MACHINE=i686 - echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" else - echo ${UNAME_MACHINE}-pc-sysv32 + echo "$UNAME_MACHINE"-pc-sysv32 fi exit ;; pc:*:*:*) @@ -1099,7 +1129,7 @@ EOF # uname -m prints for DJGPP always 'pc', but it prints nothing about # the processor, so we play safe by assuming i586. # Note: whatever this is, it MUST be the same as what config.sub - # prints for the "djgpp" host, or else GDB configury will decide that + # prints for the "djgpp" host, or else GDB configure will decide that # this is a cross-build. echo i586-pc-msdosdjgpp exit ;; @@ -1111,9 +1141,9 @@ EOF exit ;; i860:*:4.*:*) # i860-SVR4 if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then - echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. - echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 fi exit ;; mini*:CTIX:SYS*5:*) @@ -1133,9 +1163,9 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; @@ -1144,28 +1174,28 @@ EOF test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ - && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) - echo m68k-unknown-lynxos${UNAME_RELEASE} + echo m68k-unknown-lynxos"$UNAME_RELEASE" exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 exit ;; TSUNAMI:LynxOS:2.*:*) - echo sparc-unknown-lynxos${UNAME_RELEASE} + echo sparc-unknown-lynxos"$UNAME_RELEASE" exit ;; rs6000:LynxOS:2.*:*) - echo rs6000-unknown-lynxos${UNAME_RELEASE} + echo rs6000-unknown-lynxos"$UNAME_RELEASE" exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) - echo powerpc-unknown-lynxos${UNAME_RELEASE} + echo powerpc-unknown-lynxos"$UNAME_RELEASE" exit ;; SM[BE]S:UNIX_SV:*:*) - echo mips-dde-sysv${UNAME_RELEASE} + echo mips-dde-sysv"$UNAME_RELEASE" exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 @@ -1176,7 +1206,7 @@ EOF *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` - echo ${UNAME_MACHINE}-sni-sysv4 + echo "$UNAME_MACHINE"-sni-sysv4 else echo ns32k-sni-sysv fi @@ -1196,23 +1226,23 @@ EOF exit ;; i*86:VOS:*:*) # From Paul.Green@stratus.com. - echo ${UNAME_MACHINE}-stratus-vos + echo "$UNAME_MACHINE"-stratus-vos exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos exit ;; mc68*:A/UX:*:*) - echo m68k-apple-aux${UNAME_RELEASE} + echo m68k-apple-aux"$UNAME_RELEASE" exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then - echo mips-nec-sysv${UNAME_RELEASE} + echo mips-nec-sysv"$UNAME_RELEASE" else - echo mips-unknown-sysv${UNAME_RELEASE} + echo mips-unknown-sysv"$UNAME_RELEASE" fi exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. @@ -1231,46 +1261,56 @@ EOF echo x86_64-unknown-haiku exit ;; SX-4:SUPER-UX:*:*) - echo sx4-nec-superux${UNAME_RELEASE} + echo sx4-nec-superux"$UNAME_RELEASE" exit ;; SX-5:SUPER-UX:*:*) - echo sx5-nec-superux${UNAME_RELEASE} + echo sx5-nec-superux"$UNAME_RELEASE" exit ;; SX-6:SUPER-UX:*:*) - echo sx6-nec-superux${UNAME_RELEASE} + echo sx6-nec-superux"$UNAME_RELEASE" exit ;; SX-7:SUPER-UX:*:*) - echo sx7-nec-superux${UNAME_RELEASE} + echo sx7-nec-superux"$UNAME_RELEASE" exit ;; SX-8:SUPER-UX:*:*) - echo sx8-nec-superux${UNAME_RELEASE} + echo sx8-nec-superux"$UNAME_RELEASE" exit ;; SX-8R:SUPER-UX:*:*) - echo sx8r-nec-superux${UNAME_RELEASE} + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" exit ;; Power*:Rhapsody:*:*) - echo powerpc-apple-rhapsody${UNAME_RELEASE} + echo powerpc-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Rhapsody:*:*) - echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" exit ;; *:Darwin:*:*) UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown - eval $set_cc_for_build + eval "$set_cc_for_build" if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null then case $UNAME_PROCESSOR in i386) UNAME_PROCESSOR=x86_64 ;; powerpc) UNAME_PROCESSOR=powerpc64 ;; esac fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi fi elif test "$UNAME_PROCESSOR" = i386 ; then # Avoid executing cc on OS X 10.9, as it ships with a stub @@ -1281,27 +1321,33 @@ EOF # that Apple uses in portable devices. UNAME_PROCESSOR=x86_64 fi - echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` - if test "$UNAME_PROCESSOR" = "x86"; then + if test "$UNAME_PROCESSOR" = x86; then UNAME_PROCESSOR=i386 UNAME_MACHINE=pc fi - echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" exit ;; *:QNX:*:4*) echo i386-pc-qnx exit ;; - NEO-?:NONSTOP_KERNEL:*:*) - echo neo-tandem-nsk${UNAME_RELEASE} + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" exit ;; NSE-*:NONSTOP_KERNEL:*:*) - echo nse-tandem-nsk${UNAME_RELEASE} + echo nse-tandem-nsk"$UNAME_RELEASE" exit ;; - NSR-?:NONSTOP_KERNEL:*:*) - echo nsr-tandem-nsk${UNAME_RELEASE} + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux @@ -1310,18 +1356,18 @@ EOF echo bs2000-siemens-sysv exit ;; DS/*:UNIX_System_V:*:*) - echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 # operating systems. - if test "$cputype" = "386"; then + if test "$cputype" = 386; then UNAME_MACHINE=i386 else UNAME_MACHINE="$cputype" fi - echo ${UNAME_MACHINE}-unknown-plan9 + echo "$UNAME_MACHINE"-unknown-plan9 exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 @@ -1342,14 +1388,14 @@ EOF echo pdp10-unknown-its exit ;; SEI:*:*:SEIUX) - echo mips-sei-seiux${UNAME_RELEASE} + echo mips-sei-seiux"$UNAME_RELEASE" exit ;; *:DragonFly:*:*) - echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" exit ;; *:*VMS:*:*) UNAME_MACHINE=`(uname -p) 2>/dev/null` - case "${UNAME_MACHINE}" in + case "$UNAME_MACHINE" in A*) echo alpha-dec-vms ; exit ;; I*) echo ia64-dec-vms ; exit ;; V*) echo vax-dec-vms ; exit ;; @@ -1358,34 +1404,48 @@ EOF echo i386-pc-xenix exit ;; i*86:skyos:*:*) - echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" exit ;; i*86:rdos:*:*) - echo ${UNAME_MACHINE}-pc-rdos + echo "$UNAME_MACHINE"-pc-rdos exit ;; i*86:AROS:*:*) - echo ${UNAME_MACHINE}-pc-aros + echo "$UNAME_MACHINE"-pc-aros exit ;; x86_64:VMkernel:*:*) - echo ${UNAME_MACHINE}-unknown-esx + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs exit ;; esac +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <<EOF + +NOTE: MIPS GNU/Linux systems require a C compiler to fully recognize +the system type. Please install a C compiler and try again. +EOF + ;; +esac + cat >&2 <<EOF -$0: unable to guess system type -This script, last modified $timestamp, has failed to recognize -the operating system you are using. It is advised that you -download the most up to date version of the config scripts from +This script (version $timestamp), has failed to recognize the +operating system you are using. If your script is old, overwrite *all* +copies of config.guess and config.sub with the latest versions from: - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess and - http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD + https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub -If the version you run ($0) is already up to date, please -send the following data and any information you think might be -pertinent to <config-patches@gnu.org> in order to provide the needed -information to handle your system. +If $0 has already been updated, send the following data and any +information you think might be pertinent to config-patches@gnu.org to +provide the necessary information to handle your system. config.guess timestamp = $timestamp @@ -1404,16 +1464,16 @@ hostinfo = `(hostinfo) 2>/dev/null` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` -UNAME_MACHINE = ${UNAME_MACHINE} -UNAME_RELEASE = ${UNAME_RELEASE} -UNAME_SYSTEM = ${UNAME_SYSTEM} -UNAME_VERSION = ${UNAME_VERSION} +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" EOF exit 1 # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" diff --git a/config.h.in b/config.h.in index 1637eb5..7165a28 100644 --- a/config.h.in +++ b/config.h.in @@ -231,12 +231,6 @@ /* The full path to GnuPG */ #undef DEFAULT_GPG_PATH -/* Define if using the gpg/pgp checksum. */ -#undef HAVE_GPG_CHECKSUM - -/* The tiger checksum of the gpg/pgp binary. */ -#undef GPG_HASH - /* Define if you want to compile in the */ /* public key fingerprint. */ #undef USE_FINGERPRINT @@ -439,6 +433,9 @@ /* Define if building universal (internal helper macro) */ #undef AC_APPLE_UNIVERSAL_BUILD +/* Define as path to signing binary */ +#undef DEFAULT_SIG_PATH + /* Debug dnmalloc */ #undef DNMALLOC_CHECKS @@ -525,6 +522,12 @@ /* Define to 1 if you have the `endpwent' function. */ #undef HAVE_ENDPWENT +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `explicit_memset' function. */ +#undef HAVE_EXPLICIT_MEMSET + /* Define to 1 if you have the <ext2fs/ext2_fs.h> header file. */ #undef HAVE_EXT2FS_EXT2_FS_H @@ -588,6 +591,9 @@ /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY +/* Define to 1 if you have the `getutxent' function. */ +#undef HAVE_GETUTXENT + /* Define to 1 if you have the `getwd' function. */ #undef HAVE_GETWD @@ -606,6 +612,9 @@ /* Define to 1 if you have the `hasmntopt' function. */ #undef HAVE_HASMNTOPT +/* Define to 1 if you have the <ifaddrs.h> header file. */ +#undef HAVE_IFADDRS_H + /* Define to 1 if you have the `inet_aton' function. */ #undef HAVE_INET_ATON @@ -680,9 +689,6 @@ /* Define to 1 if you have the `memmove' function. */ #undef HAVE_MEMMOVE -/* Define to 1 if you have the <memory.h> header file. */ -#undef HAVE_MEMORY_H - /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET @@ -764,6 +770,9 @@ /* Define if you have SA_SIGINFO */ #undef HAVE_SA_SIGINFO +/* Define to 1 if you have the `scandir' function. */ +#undef HAVE_SCANDIR + /* Define to 1 if you have the <sched.h> header file. */ #undef HAVE_SCHED_H @@ -788,6 +797,12 @@ /* Define to 1 if you have the `setutent' function. */ #undef HAVE_SETUTENT +/* Define if signing binary checksum available. */ +#undef HAVE_SIG_CHECKSUM + +/* Define if signing binary checksum available. */ +#undef HAVE_SIG_KEY_HASH + /* Define if you have SI_USER */ #undef HAVE_SI_USER @@ -806,6 +821,9 @@ /* Define to 1 if you have the <stdint.h> header file. */ #undef HAVE_STDINT_H +/* Define to 1 if you have the <stdio.h> header file. */ +#undef HAVE_STDIO_H + /* Define to 1 if you have the <stdlib.h> header file. */ #undef HAVE_STDLIB_H @@ -904,6 +922,12 @@ /* Define to 1 if you have the <sys/stat.h> header file. */ #undef HAVE_SYS_STAT_H +/* Define to 1 if you have the <sys/sysmacros.h> header file. */ +#undef HAVE_SYS_SYSMACROS_H + +/* Define to 1 if you have the <sys/time.h> header file. */ +#undef HAVE_SYS_TIME_H + /* Define to 1 if you have the <sys/types.h> header file. */ #undef HAVE_SYS_TYPES_H @@ -931,6 +955,9 @@ /* Define to 1 if you have the `uname' function. */ #undef HAVE_UNAME +/* union semun already defined in sys/ipc.h or sys/sem.h */ +#undef HAVE_UNION_SEMUN + /* Define to 1 if you have the <unistd.h> header file. */ #undef HAVE_UNISTD_H @@ -1018,6 +1045,12 @@ /* Define if you want to check processes */ #undef SH_USE_PROCESSCHECK +/* Define as the signing binary TIGER192 checksum. */ +#undef SIG_HASH + +/* Define as the signify public key checksum. */ +#undef SIG_KEY_HASH + /* The size of `char *', as computed by sizeof. */ #undef SIZEOF_CHAR_P @@ -1039,7 +1072,9 @@ /* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */ #undef STAT_MACROS_BROKEN -/* Define to 1 if you have the ANSI C header files. */ +/* Define to 1 if all of the C90 standard headers exist (not just the ones + required in a freestanding environment). This macro is provided for + backward compatibility; new code need not use it. */ #undef STDC_HEADERS /* Define to use tiger 32 bit i386 assembler */ @@ -1051,7 +1086,8 @@ /* Define to use tiger x86_64 optimized assembly */ #undef TIGER_OPT_ASM -/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */ +/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This + macro is obsolete. */ #undef TIME_WITH_SYS_TIME /* Define to 1 if your <sys/time.h> declares `struct tm'. */ @@ -1075,6 +1111,12 @@ /* Define if you want extended attributes support. */ #undef USE_XATTR +/* Define if signature checking is supported. */ +#undef WITH_SIG + +/* Define if using OpenBSD signify for signature checking. */ +#undef WITH_SIGNIFY + /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD @@ -1087,11 +1129,6 @@ # endif #endif -/* Enable large inode numbers on Mac OS X 10.5. */ -#ifndef _DARWIN_USE_64_BIT_INODE -# define _DARWIN_USE_64_BIT_INODE 1 -#endif - /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS @@ -1115,14 +1152,15 @@ /* Define to the equivalent of the C99 'restrict' keyword, or to nothing if this is not supported. Do not define if restrict is - supported directly. */ + supported only directly. */ #undef restrict -/* Work around a bug in Sun C++: it does not support _Restrict or - __restrict__, even though the corresponding Sun C compiler ends up with - "#define restrict _Restrict" or "#define restrict __restrict__" in the - previous line. Perhaps some future version of Sun C++ will work with - restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ -#if defined __SUNPRO_CC && !defined __RESTRICT +/* Work around a bug in older versions of Sun C++, which did not + #define __restrict__ or support _Restrict or __restrict__ + even though the corresponding Sun C compiler ended up with + "#define restrict _Restrict" or "#define restrict __restrict__" + in the previous line. This workaround can be removed once + we assume Oracle Developer Studio 12.5 (2016) or later. */ +#if defined __SUNPRO_CC && !defined __RESTRICT && !defined __restrict__ # define _Restrict # define __restrict__ #endif @@ -1,8 +1,8 @@ #! /bin/sh # Configuration validation subroutine script. -# Copyright 1992-2014 Free Software Foundation, Inc. +# Copyright 1992-2018 Free Software Foundation, Inc. -timestamp='2014-09-11' +timestamp='2018-02-22' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -15,7 +15,7 @@ timestamp='2014-09-11' # General Public License for more details. # # You should have received a copy of the GNU General Public License -# along with this program; if not, see <http://www.gnu.org/licenses/>. +# along with this program; if not, see <https://www.gnu.org/licenses/>. # # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a @@ -25,7 +25,7 @@ timestamp='2014-09-11' # of the GNU General Public License, version 3 ("GPLv3"). -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to <config-patches@gnu.org>. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -33,7 +33,7 @@ timestamp='2014-09-11' # Otherwise, we print the canonical config type on stdout and succeed. # You can get the latest version of this script from: -# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub # This file is supposed to be the same for all GNU packages # and recognize all the CPU types, system types and aliases @@ -53,12 +53,11 @@ timestamp='2014-09-11' me=`echo "$0" | sed -e 's,.*/,,'` usage="\ -Usage: $0 [OPTION] CPU-MFR-OPSYS - $0 [OPTION] ALIAS +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS Canonicalize a configuration name. -Operation modes: +Options: -h, --help print this help, then exit -t, --time-stamp print date of last modification, then exit -v, --version print version number, then exit @@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>." version="\ GNU config.sub ($timestamp) -Copyright 1992-2014 Free Software Foundation, Inc. +Copyright 1992-2018 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -95,7 +94,7 @@ while test $# -gt 0 ; do *local*) # First pass through any local machine types. - echo $1 + echo "$1" exit ;; * ) @@ -113,24 +112,24 @@ esac # Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). # Here we must recognize all the valid KERNEL-OS combinations. -maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ - kopensolaris*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` ;; android-linux) os=-linux-android - basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown ;; *) - basic_machine=`echo $1 | sed 's/-[^-]*$//'` - if [ $basic_machine != $1 ] - then os=`echo $1 | sed 's/.*-/-/'` + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` else os=; fi ;; esac @@ -179,44 +178,44 @@ case $os in ;; -sco6) os=-sco5v6 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5) os=-sco3.2v5 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco4) os=-sco3.2v4 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2.[4-9]*) os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco3.2v[4-9]*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco5v6*) # Don't forget version if it is 3.2v4 or newer. - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -sco*) os=-sco3.2v2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -udk*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -isc) os=-isc2.2 - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -clix*) basic_machine=clipper-intergraph ;; -isc*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` ;; -lynx*178) os=-lynxos178 @@ -228,10 +227,7 @@ case $os in os=-lynxos ;; -ptx*) - basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` - ;; - -windowsnt*) - os=`echo $os | sed -e 's/windowsnt/winnt/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` ;; -psos*) os=-psos @@ -255,15 +251,16 @@ case $basic_machine in | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ - | i370 | i860 | i960 | ia64 \ + | i370 | i860 | i960 | ia16 | ia64 \ | ip2k | iq2000 \ | k1om \ | le32 | le64 \ @@ -299,13 +296,14 @@ case $basic_machine in | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ | open8 | or1k | or1knd | or32 \ - | pdp10 | pdp11 | pj | pjl \ + | pdp10 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ | pyramid \ | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -313,7 +311,8 @@ case $basic_machine in | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ - | we32k \ + | visium \ + | wasm32 \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) basic_machine=$basic_machine-unknown @@ -327,11 +326,14 @@ case $basic_machine in c6x) basic_machine=tic6x-unknown ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; - m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) ;; ms1) basic_machine=mt-unknown @@ -360,7 +362,7 @@ case $basic_machine in ;; # Object if more than one company name word. *-*-*) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; # Recognize the basic CPU types with company name. @@ -372,17 +374,18 @@ case $basic_machine in | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ - | i*86-* | i860-* | i960-* | ia64-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ | ip2k-* | iq2000-* \ | k1om-* \ | le32-* | le64-* \ @@ -423,13 +426,15 @@ case $basic_machine in | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -437,6 +442,8 @@ case $basic_machine in | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ + | wasm32-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -450,7 +457,7 @@ case $basic_machine in # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. 386bsd) - basic_machine=i386-unknown + basic_machine=i386-pc os=-bsd ;; 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) @@ -484,7 +491,7 @@ case $basic_machine in basic_machine=x86_64-pc ;; amd64-*) - basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; amdahl) basic_machine=580-amdahl @@ -513,6 +520,9 @@ case $basic_machine in basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -526,7 +536,7 @@ case $basic_machine in os=-linux ;; blackfin-*) - basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; bluegene*) @@ -534,13 +544,13 @@ case $basic_machine in os=-cnk ;; c54x-*) - basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c55x-*) - basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c6x-*) - basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; c90) basic_machine=c90-cray @@ -629,10 +639,18 @@ case $basic_machine in basic_machine=rs6000-bull os=-bosx ;; - dpx2* | dpx2*-bull) + dpx2*) basic_machine=m68k-bull os=-sysv3 ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; ebmon29k) basic_machine=a29k-amd os=-ebmon @@ -722,9 +740,6 @@ case $basic_machine in hp9k8[0-9][0-9] | hp8[0-9][0-9]) basic_machine=hppa1.0-hp ;; - hppa-next) - os=-nextstep3 - ;; hppaosf) basic_machine=hppa1.1-hp os=-osf @@ -737,26 +752,26 @@ case $basic_machine in basic_machine=i370-ibm ;; i*86v32) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv32 ;; i*86v4*) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv4 ;; i*86v) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-sysv ;; i*86sol2) - basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` os=-solaris2 ;; i386mach) basic_machine=i386-mach os=-mach ;; - i386-vsta | vsta) + vsta) basic_machine=i386-unknown os=-vsta ;; @@ -774,17 +789,17 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux ;; m68knommu-*) - basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; - m88k-omron*) - basic_machine=m88k-omron - ;; magnum | m3230) basic_machine=mips-mips os=-sysv @@ -816,10 +831,10 @@ case $basic_machine in os=-mint ;; mips3*-*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` ;; mips3*) - basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown ;; monitor) basic_machine=m68k-rom68k @@ -838,7 +853,7 @@ case $basic_machine in os=-msdos ;; ms1-*) - basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'` + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` ;; msys) basic_machine=i686-pc @@ -880,7 +895,7 @@ case $basic_machine in basic_machine=v70-nec os=-sysv ;; - next | m*-next ) + next | m*-next) basic_machine=m68k-next case $os in -nextstep* ) @@ -925,6 +940,12 @@ case $basic_machine in nsr-tandem) basic_machine=nsr-tandem ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem + ;; op50n-* | op60c-*) basic_machine=hppa1.1-oki os=-proelf @@ -957,7 +978,7 @@ case $basic_machine in os=-linux ;; parisc-*) - basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` os=-linux ;; pbd) @@ -973,7 +994,7 @@ case $basic_machine in basic_machine=i386-pc ;; pc98-*) - basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium | p5 | k5 | k6 | nexgen | viac3) basic_machine=i586-pc @@ -988,16 +1009,16 @@ case $basic_machine in basic_machine=i786-pc ;; pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) - basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumpro-* | p6-* | 6x86-* | athlon-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) - basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pentium4-*) - basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; pn) basic_machine=pn-gould @@ -1007,23 +1028,23 @@ case $basic_machine in ppc | ppcbe) basic_machine=powerpc-unknown ;; ppc-* | ppcbe-*) - basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppcle | powerpclittle | ppc-le | powerpc-little) + ppcle | powerpclittle) basic_machine=powerpcle-unknown ;; ppcle-* | powerpclittle-*) - basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ppc64) basic_machine=powerpc64-unknown ;; - ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; - ppc64le | powerpc64little | ppc64-le | powerpc64-little) + ppc64le | powerpc64little) basic_machine=powerpc64le-unknown ;; ppc64le-* | powerpc64little-*) - basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; ps2) basic_machine=i386-ibm @@ -1077,17 +1098,10 @@ case $basic_machine in sequent) basic_machine=i386-sequent ;; - sh) - basic_machine=sh-hitachi - os=-hms - ;; sh5el) basic_machine=sh5le-unknown ;; - sh64) - basic_machine=sh64-unknown - ;; - sparclite-wrs | simso-wrs) + simso-wrs) basic_machine=sparclite-wrs os=-vxworks ;; @@ -1106,7 +1120,7 @@ case $basic_machine in os=-sysv4 ;; strongarm-* | thumb-*) - basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'` + basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'` ;; sun2) basic_machine=m68000-sun @@ -1228,6 +1242,9 @@ case $basic_machine in basic_machine=hppa1.1-winbond os=-proelf ;; + x64) + basic_machine=x86_64-pc + ;; xbox) basic_machine=i686-pc os=-mingw32 @@ -1236,20 +1253,12 @@ case $basic_machine in basic_machine=xps100-honeywell ;; xscale-* | xscalee[bl]-*) - basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'` + basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'` ;; ymp) basic_machine=ymp-cray os=-unicos ;; - z8k-*-coff) - basic_machine=z8k-unknown - os=-sim - ;; - z80-*-coff) - basic_machine=z80-unknown - os=-sim - ;; none) basic_machine=none-none os=-none @@ -1278,10 +1287,6 @@ case $basic_machine in vax) basic_machine=vax-dec ;; - pdp10) - # there are many clones, so DEC is not a safe bet - basic_machine=pdp10-unknown - ;; pdp11) basic_machine=pdp11-dec ;; @@ -1291,9 +1296,6 @@ case $basic_machine in sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; - sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) - basic_machine=sparc-sun - ;; cydra) basic_machine=cydra-cydrome ;; @@ -1313,7 +1315,7 @@ case $basic_machine in # Make sure to match an already-canonicalized machine name. ;; *) - echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 exit 1 ;; esac @@ -1321,10 +1323,10 @@ esac # Here we canonicalize certain aliases for manufacturers. case $basic_machine in *-digital*) - basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` ;; *-commodore*) - basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` ;; *) ;; @@ -1335,8 +1337,8 @@ esac if [ x"$os" != x"" ] then case $os in - # First match some system type aliases - # that might get confused with valid system types. + # First match some system type aliases that might get confused + # with valid system types. # -solaris* is a basic system type, with this one exception. -auroraux) os=-auroraux @@ -1347,45 +1349,48 @@ case $os in -solaris) os=-solaris2 ;; - -svr4*) - os=-sysv4 - ;; -unixware*) os=-sysv4.2uw ;; -gnu/linux*) os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` ;; - # First accept the basic system types. + # es1800 is here to avoid being matched by es* (a different OS) + -es1800*) + os=-ose + ;; + # Now accept the basic system types. # The portable systems comes first. - # Each alternative MUST END IN A *, to match a version number. + # Each alternative MUST end in a * to match a version number. # -sysv* is not here because it comes later, after sysvr4. -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ - | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ - | -bitrig* | -openbsd* | -solidbsd* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* | -cegcc* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ - | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ - | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ - | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1402,12 +1407,12 @@ case $os in -nto*) os=`echo $os | sed -e 's|nto|nto-qnx|'` ;; - -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ - | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \ + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) ;; -mac*) - os=`echo $os | sed -e 's|mac|macos|'` + os=`echo "$os" | sed -e 's|mac|macos|'` ;; -linux-dietlibc) os=-linux-dietlibc @@ -1416,10 +1421,10 @@ case $os in os=`echo $os | sed -e 's|linux|linux-gnu|'` ;; -sunos5*) - os=`echo $os | sed -e 's|sunos5|solaris2|'` + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` ;; -sunos6*) - os=`echo $os | sed -e 's|sunos6|solaris3|'` + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` ;; -opened*) os=-openedition @@ -1430,12 +1435,6 @@ case $os in -wince*) os=-wince ;; - -osfrose*) - os=-osfrose - ;; - -osf*) - os=-osf - ;; -utek*) os=-bsd ;; @@ -1460,7 +1459,7 @@ case $os in -nova*) os=-rtmk-nova ;; - -ns2 ) + -ns2) os=-nextstep2 ;; -nsk*) @@ -1482,7 +1481,7 @@ case $os in -oss*) os=-sysv3 ;; - -svr4) + -svr4*) os=-sysv4 ;; -svr3) @@ -1497,32 +1496,38 @@ case $os in -ose*) os=-ose ;; - -es1800*) - os=-ose - ;; - -xenix) - os=-xenix - ;; -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) os=-mint ;; - -aros*) - os=-aros - ;; -zvmoe) os=-zvmoe ;; -dicos*) os=-dicos ;; + -pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $basic_machine in + arm*) + os=-eabi + ;; + *) + os=-elf + ;; + esac + ;; -nacl*) ;; + -ios) + ;; -none) ;; *) # Get rid of the `-' at the beginning of $os. os=`echo $os | sed 's/[^-]*-//'` - echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 exit 1 ;; esac @@ -1612,12 +1617,12 @@ case $basic_machine in sparc-* | *-sun) os=-sunos4.1.1 ;; + pru-*) + os=-elf + ;; *-be) os=-beos ;; - *-haiku) - os=-haiku - ;; *-ibm) os=-aix ;; @@ -1657,7 +1662,7 @@ case $basic_machine in m88k-omron*) os=-luna ;; - *-next ) + *-next) os=-nextstep ;; *-sequent) @@ -1672,9 +1677,6 @@ case $basic_machine in i370-*) os=-mvs ;; - *-next) - os=-nextstep3 - ;; *-gould) os=-sysv ;; @@ -1784,15 +1786,15 @@ case $basic_machine in vendor=stratus ;; esac - basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` ;; esac -echo $basic_machine$os +echo "$basic_machine$os" exit # Local variables: -# eval: (add-hook 'write-file-hooks 'time-stamp) +# eval: (add-hook 'write-file-functions 'time-stamp) # time-stamp-start: "timestamp='" # time-stamp-format: "%:y-%02m-%02d" # time-stamp-end: "'" @@ -1,9 +1,10 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69. +# Generated by GNU Autoconf 2.71. # # -# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# Copyright (C) 1992-1996, 1998-2017, 2020-2021 Free Software Foundation, +# Inc. # # # This configure script is free software; the Free Software Foundation @@ -14,14 +15,16 @@ # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -31,46 +34,46 @@ esac fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi +if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -79,13 +82,6 @@ if test "${PATH_SEPARATOR+set}" != set; then fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -94,8 +90,12 @@ case $0 in #(( for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -107,30 +107,10 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. @@ -152,20 +132,22 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 -as_fn_exit 255 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then - as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + as_bourne_compatible="as_nop=: +if test \${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST -else +else \$as_nop case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( @@ -185,42 +167,53 @@ as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } -if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : +if ( set x; as_fn_ret_success y && test x = \"\$1\" ) +then : -else +else \$as_nop exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 +blah=\$(echo \$(echo blah)) +test x\"\$blah\" = xblah || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" - if (eval "$as_required") 2>/dev/null; then : + if (eval "$as_required") 2>/dev/null +then : as_have_required=yes -else +else $as_nop as_have_required=no fi - if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null +then : -else +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. - as_shell=$as_dir/$as_base + as_shell=$as_dir$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + as_run=a "$as_shell" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : CONFIG_SHELL=$as_shell as_have_required=yes - if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + if as_run=a "$as_shell" -c "$as_bourne_compatible""$as_suggested" 2>/dev/null +then : break 2 fi fi @@ -228,14 +221,21 @@ fi esac as_found=false done -$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && - { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : - CONFIG_SHELL=$SHELL as_have_required=yes -fi; } IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + as_run=a "$SHELL" -c "$as_bourne_compatible""$as_required" 2>/dev/null +then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi +fi - if test "x$CONFIG_SHELL" != x; then : + if test "x$CONFIG_SHELL" != x +then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also @@ -253,18 +253,19 @@ esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. -$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +printf "%s\n" "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi - if test x$as_have_required = xno; then : - $as_echo "$0: This script requires a shell more modern than all" - $as_echo "$0: the shells that I found on your system." - if test x${ZSH_VERSION+set} = xset ; then - $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" - $as_echo "$0: be upgraded to zsh 4.3.4 or later." + if test x$as_have_required = xno +then : + printf "%s\n" "$0: This script requires a shell more modern than all" + printf "%s\n" "$0: the shells that I found on your system." + if test ${ZSH_VERSION+y} ; then + printf "%s\n" "$0: In particular, zsh $ZSH_VERSION has bugs and should" + printf "%s\n" "$0: be upgraded to zsh 4.3.4 or later." else - $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, + printf "%s\n" "$0: Please tell bug-autoconf@gnu.org about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." @@ -291,6 +292,7 @@ as_fn_unset () } as_unset=as_fn_unset + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -308,6 +310,14 @@ as_fn_exit () as_fn_set_status $1 exit $1 } # as_fn_exit +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_mkdir_p # ------------- @@ -322,7 +332,7 @@ as_fn_mkdir_p () as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -331,7 +341,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -370,12 +380,13 @@ as_fn_executable_p () # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -387,18 +398,27 @@ fi # as_fn_append # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith +# as_fn_nop +# --------- +# Do nothing but, unlike ":", preserve the value of $?. +as_fn_nop () +{ + return $? +} +as_nop=as_fn_nop # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- @@ -410,9 +430,9 @@ as_fn_error () as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error @@ -439,7 +459,7 @@ as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -483,7 +503,7 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || - { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + { printf "%s\n" "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall @@ -497,6 +517,10 @@ as_cr_alnum=$as_cr_Letters$as_cr_digits exit } + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -510,6 +534,13 @@ case `echo -n x` in #((((( ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -575,50 +606,46 @@ MFLAGS= MAKEFLAGS= # Identity of this package. -PACKAGE_NAME= -PACKAGE_TARNAME= -PACKAGE_VERSION= -PACKAGE_STRING= -PACKAGE_BUGREPORT= -PACKAGE_URL= +PACKAGE_NAME='' +PACKAGE_TARNAME='' +PACKAGE_VERSION='' +PACKAGE_STRING='' +PACKAGE_BUGREPORT='' +PACKAGE_URL='' ac_unique_file="src/samhain.c" # Factoring default headers for most tests. ac_includes_default="\ -#include <stdio.h> -#ifdef HAVE_SYS_TYPES_H -# include <sys/types.h> -#endif -#ifdef HAVE_SYS_STAT_H -# include <sys/stat.h> +#include <stddef.h> +#ifdef HAVE_STDIO_H +# include <stdio.h> #endif -#ifdef STDC_HEADERS +#ifdef HAVE_STDLIB_H # include <stdlib.h> -# include <stddef.h> -#else -# ifdef HAVE_STDLIB_H -# include <stdlib.h> -# endif #endif #ifdef HAVE_STRING_H -# if !defined STDC_HEADERS && defined HAVE_MEMORY_H -# include <memory.h> -# endif # include <string.h> #endif -#ifdef HAVE_STRINGS_H -# include <strings.h> -#endif #ifdef HAVE_INTTYPES_H # include <inttypes.h> #endif #ifdef HAVE_STDINT_H # include <stdint.h> #endif +#ifdef HAVE_STRINGS_H +# include <strings.h> +#endif +#ifdef HAVE_SYS_TYPES_H +# include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +# include <sys/stat.h> +#endif #ifdef HAVE_UNISTD_H # include <unistd.h> #endif" +ac_header_c_list= ac_subst_vars='LTLIBOBJS LIBOBJS mydefargs @@ -638,6 +665,7 @@ mytrust mykeytag mykeyid mygpg +mysignify mykeybase my_key_4 my_key_3 @@ -780,6 +808,8 @@ enable_install_name enable_identity enable_suidcheck enable_base +with_signify +with_pubkey_checksum with_gpg with_keyid with_checksum @@ -847,7 +877,7 @@ x_includes=NONE x_libraries=NONE DESTDIR= SH_ENABLE_OPTS="selinux posix-acl asm ssp db-reload xml-log message-queue login-watch process-check port-check mounts-check logfile-monitor userfiles debug ptrace static network udp nocl stealth micro-stealth install-name identity khide suidcheck base largefile mail external-scripts encrypt srp dnmalloc ipv6 shellexpand suid" -SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver kcheck gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" +SH_WITH_OPTS="prelude libprelude-prefix database libwrap cflags libs console altconsole timeserver alttimeserver rnd egd-socket port logserver altlogserver signify pubkey-checksum gpg keyid checksum fp recipient sender trusted tmp-dir config-file log-file pid-file state-dir data-file html-file" # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" @@ -1187,9 +1217,9 @@ Try \`$0 --help' for more information." *) # FIXME: should be removed in autoconf 3.0. - $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + printf "%s\n" "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && - $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + printf "%s\n" "$as_me: WARNING: invalid host type: $ac_option" >&2 : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option} ;; @@ -1232,7 +1262,7 @@ target=$target_alias if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe - $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host. + printf "%s\n" "$as_me: WARNING: If you wanted to set the --build type, don't use --host. If a cross compiler is detected then cross compile mode will be used." >&2 elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes @@ -1262,7 +1292,7 @@ $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_myself" | +printf "%s\n" X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -1359,6 +1389,7 @@ Fine tuning of the installation directories: --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1443,9 +1474,11 @@ Optional Packages: --with-port=PORT set port to use for TCP/IP connection [49777] --with-logserver=HOST set host address for log server [none] --with-altlogserver=HOST set address for backup log server [none] + --with-signify=PATH use OpenBSD signify to verify database/config [no] + --with-pubkey-checksum=CHKSUM compile in TIGER192 checksum of signify public key [no] --with-gpg=PATH use GnuPG to verify database/config [no] --with-keyid=KEYID specify KeyID (0x...) for GPG/PGP functions [none] - --with-checksum=CHKSUM compile in gpg/pgp checksum [yes] + --with-checksum=CHKSUM compile in checksum of signing binary (e.g. gpg) [yes] --with-fp=FINGERPRINT compile in public key fingerprint [no] --with-recipient=ADDR set recipient(s) for e-mail [none] --with-sender=SENDER set sender for e-mail [daemon] @@ -1487,9 +1520,9 @@ if test "$ac_init_help" = "recursive"; then case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -1517,7 +1550,8 @@ esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } - # Check for guested configure. + # Check for configure.gnu first; this name is used for a wrapper for + # Metaconfig's "Configure" on case-insensitive file systems. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive @@ -1525,7 +1559,7 @@ ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix echo && $SHELL "$ac_srcdir/configure" --help=recursive else - $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + printf "%s\n" "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done @@ -1535,9 +1569,9 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF configure -generated by GNU Autoconf 2.69 +generated by GNU Autoconf 2.71 -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF @@ -1554,14 +1588,14 @@ fi ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext + rm -f conftest.$ac_objext conftest.beam if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1569,14 +1603,15 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err - } && test -s conftest.$ac_objext; then : + } && test -s conftest.$ac_objext +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1598,7 +1633,7 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1606,14 +1641,15 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err - }; then : + } +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1623,135 +1659,6 @@ fi } # ac_fn_c_try_cpp -# ac_fn_c_try_run LINENO -# ---------------------- -# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes -# that executables *can* be run. -ac_fn_c_try_run () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if { { ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then : - ac_retval=0 -else - $as_echo "$as_me: program exited with status $ac_status" >&5 - $as_echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - - ac_retval=$ac_status -fi - rm -rf conftest.dSYM conftest_ipa8_conftest.oo - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - as_fn_set_status $ac_retval - -} # ac_fn_c_try_run - -# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES -# ------------------------------------------------------- -# Tests whether HEADER exists, giving a warning if it cannot be compiled using -# the include files in INCLUDES and setting the cache variable VAR -# accordingly. -ac_fn_c_check_header_mongrel () -{ - as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - if eval \${$3+:} false; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -else - # Is the header compilable? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 -$as_echo_n "checking $2 usability... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -$4 -#include <$2> -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_header_compiler=yes -else - ac_header_compiler=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 -$as_echo "$ac_header_compiler" >&6; } - -# Is the header present? -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 -$as_echo_n "checking $2 presence... " >&6; } -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <$2> -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - ac_header_preproc=yes -else - ac_header_preproc=no -fi -rm -f conftest.err conftest.i conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 -$as_echo "$ac_header_preproc" >&6; } - -# So? What about this header? -case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( - yes:no: ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 -$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; - no:yes:* ) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 -$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 -$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 -$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 -$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 -$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} - ;; -esac - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else - eval "$3=\$ac_header_compiler" -fi -eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -fi - eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno - -} # ac_fn_c_check_header_mongrel - # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in @@ -1759,26 +1666,28 @@ fi ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile @@ -1789,14 +1698,14 @@ $as_echo "$ac_res" >&6; } ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - rm -f conftest.$ac_objext conftest$ac_exeext + rm -f conftest.$ac_objext conftest.beam conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -1804,17 +1713,18 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext - }; then : + } +then : ac_retval=0 -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 @@ -1829,25 +1739,28 @@ fi } # ac_fn_c_try_link -# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES -# --------------------------------------------- +# ac_fn_check_decl LINENO SYMBOL VAR INCLUDES EXTRA-OPTIONS FLAG-VAR +# ------------------------------------------------------------------ # Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR -# accordingly. -ac_fn_c_check_decl () +# accordingly. Pass EXTRA-OPTIONS to the compiler, using FLAG-VAR. +ac_fn_check_decl () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack as_decl_name=`echo $2|sed 's/ *(.*//'` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +printf %s "checking whether $as_decl_name is declared... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 -$as_echo_n "checking whether $as_decl_name is declared... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + eval ac_save_FLAGS=\$$6 + as_fn_append $6 " $5" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { #ifndef $as_decl_name #ifdef __cplusplus @@ -1861,19 +1774,22 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + eval $6=\$ac_save_FLAGS + fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno -} # ac_fn_c_check_decl +} # ac_fn_check_decl # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- @@ -1882,16 +1798,17 @@ $as_echo "$ac_res" >&6; } ac_fn_c_check_member () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 -$as_echo_n "checking for $2.$3... " >&6; } -if eval \${$4+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +printf %s "checking for $2.$3... " >&6; } +if eval test \${$4+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (ac_aggr.$3) @@ -1900,14 +1817,15 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $5 int -main () +main (void) { static $2 ac_aggr; if (sizeof ac_aggr.$3) @@ -1916,18 +1834,19 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$4=yes" -else +else $as_nop eval "$4=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$4 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_member @@ -1938,11 +1857,12 @@ $as_echo "$ac_res" >&6; } ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case <limits.h> declares $2. @@ -1950,16 +1870,9 @@ else #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, - which can conflict with char $2 (); below. - Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - <limits.h> exists even on freestanding compilers. */ - -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif + which can conflict with char $2 (); below. */ +#include <limits.h> #undef $2 /* Override any GCC internal prototype to avoid an error. @@ -1977,28 +1890,72 @@ choke me #endif int -main () +main (void) { return $2 (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : eval "$3=yes" -else +else $as_nop eval "$3=no" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to run conftest.$ac_ext, and return whether this succeeded. Assumes that +# executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +printf "%s\n" "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; } +then : + ac_retval=0 +else $as_nop + printf "%s\n" "$as_me: program exited with status $ac_status" >&5 + printf "%s\n" "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + # ac_fn_c_compute_int LINENO EXPR VAR INCLUDES # -------------------------------------------- # Tries to find the compile-time value of EXPR in a program that includes @@ -2013,7 +1970,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) >= 0)]; test_array [0] = 0; @@ -2023,14 +1980,15 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_lo=0 ac_mid=0 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; @@ -2040,9 +1998,10 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=$ac_mid; break -else +else $as_nop as_fn_arith $ac_mid + 1 && ac_lo=$as_val if test $ac_lo -le $ac_mid; then ac_lo= ac_hi= @@ -2050,14 +2009,14 @@ else fi as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) < 0)]; test_array [0] = 0; @@ -2067,14 +2026,15 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=-1 ac_mid=-1 while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) >= $ac_mid)]; test_array [0] = 0; @@ -2084,9 +2044,10 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_lo=$ac_mid; break -else +else $as_nop as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val if test $ac_mid -le $ac_hi; then ac_lo= ac_hi= @@ -2094,14 +2055,14 @@ else fi as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done -else +else $as_nop ac_lo= ac_hi= fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # Binary search between lo and hi bounds. while test "x$ac_lo" != "x$ac_hi"; do as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val @@ -2109,7 +2070,7 @@ while test "x$ac_lo" != "x$ac_hi"; do /* end confdefs.h. */ $4 int -main () +main (void) { static int test_array [1 - 2 * !(($2) <= $ac_mid)]; test_array [0] = 0; @@ -2119,12 +2080,13 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_hi=$ac_mid -else +else $as_nop as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext done case $ac_lo in #(( ?*) eval "$3=\$ac_lo"; ac_retval=0 ;; @@ -2134,12 +2096,12 @@ esac cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 -static long int longval () { return $2; } -static unsigned long int ulongval () { return $2; } +static long int longval (void) { return $2; } +static unsigned long int ulongval (void) { return $2; } #include <stdio.h> #include <stdlib.h> int -main () +main (void) { FILE *f = fopen ("conftest.val", "w"); @@ -2167,9 +2129,10 @@ main () return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : echo >>conftest.val; read $3 <conftest.val; ac_retval=0 -else +else $as_nop ac_retval=1 fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -2189,17 +2152,18 @@ rm -f conftest.val ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 -$as_echo_n "checking for $2... " >&6; } -if eval \${$3+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +printf %s "checking for $2... " >&6; } +if eval test \${$3+y} +then : + printf %s "(cached) " >&6 +else $as_nop eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof ($2)) return 0; @@ -2207,12 +2171,13 @@ if (sizeof ($2)) return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int -main () +main (void) { if (sizeof (($2))) return 0; @@ -2220,29 +2185,50 @@ if (sizeof (($2))) return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop eval "$3=yes" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$3 - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type +ac_configure_args_raw= +for ac_arg +do + case $ac_arg in + *\'*) + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append ac_configure_args_raw " '$ac_arg'" +done + +case $ac_configure_args_raw in + *$as_nl*) + ac_safe_unquote= ;; + *) + ac_unsafe_z='|&;<>()$`\\"*?[ '' ' # This string ends in space, tab. + ac_unsafe_a="$ac_unsafe_z#~" + ac_safe_unquote="s/ '\\([^$ac_unsafe_a][^$ac_unsafe_z]*\\)'/ \\1/g" + ac_configure_args_raw=` printf "%s\n" "$ac_configure_args_raw" | sed "$ac_safe_unquote"`;; +esac + cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by $as_me, which was -generated by GNU Autoconf 2.69. Invocation command line was +generated by GNU Autoconf 2.71. Invocation command line was - $ $0 $@ + $ $0$ac_configure_args_raw _ACEOF exec 5>>config.log @@ -2275,8 +2261,12 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - $as_echo "PATH: $as_dir" + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + printf "%s\n" "PATH: $as_dir" done IFS=$as_save_IFS @@ -2311,7 +2301,7 @@ do | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) - ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + ac_arg=`printf "%s\n" "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; @@ -2346,11 +2336,13 @@ done # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? + # Sanitize IFS. + IFS=" "" $as_nl" # Save into config.log some information that might help in debugging. { echo - $as_echo "## ---------------- ## + printf "%s\n" "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo @@ -2361,8 +2353,8 @@ trap 'exit_status=$? case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -2386,7 +2378,7 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; ) echo - $as_echo "## ----------------- ## + printf "%s\n" "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo @@ -2394,14 +2386,14 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then - $as_echo "## ------------------- ## + printf "%s\n" "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo @@ -2409,15 +2401,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; do eval ac_val=\$$ac_var case $ac_val in - *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + *\'\''*) ac_val=`printf "%s\n" "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac - $as_echo "$ac_var='\''$ac_val'\''" + printf "%s\n" "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then - $as_echo "## ----------- ## + printf "%s\n" "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo @@ -2425,8 +2417,8 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; echo fi test "$ac_signal" != 0 && - $as_echo "$as_me: caught signal $ac_signal" - $as_echo "$as_me: exit $exit_status" + printf "%s\n" "$as_me: caught signal $ac_signal" + printf "%s\n" "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && @@ -2440,63 +2432,48 @@ ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h -$as_echo "/* confdefs.h */" > confdefs.h +printf "%s\n" "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. -cat >>confdefs.h <<_ACEOF -#define PACKAGE_NAME "$PACKAGE_NAME" -_ACEOF +printf "%s\n" "#define PACKAGE_NAME \"$PACKAGE_NAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_TARNAME "$PACKAGE_TARNAME" -_ACEOF +printf "%s\n" "#define PACKAGE_TARNAME \"$PACKAGE_TARNAME\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_VERSION "$PACKAGE_VERSION" -_ACEOF +printf "%s\n" "#define PACKAGE_VERSION \"$PACKAGE_VERSION\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_STRING "$PACKAGE_STRING" -_ACEOF +printf "%s\n" "#define PACKAGE_STRING \"$PACKAGE_STRING\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" -_ACEOF +printf "%s\n" "#define PACKAGE_BUGREPORT \"$PACKAGE_BUGREPORT\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define PACKAGE_URL "$PACKAGE_URL" -_ACEOF +printf "%s\n" "#define PACKAGE_URL \"$PACKAGE_URL\"" >>confdefs.h # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. -ac_site_file1=NONE -ac_site_file2=NONE if test -n "$CONFIG_SITE"; then - # We do not want a PATH search for config.site. - case $CONFIG_SITE in #(( - -*) ac_site_file1=./$CONFIG_SITE;; - */*) ac_site_file1=$CONFIG_SITE;; - *) ac_site_file1=./$CONFIG_SITE;; - esac + ac_site_files="$CONFIG_SITE" elif test "x$prefix" != xNONE; then - ac_site_file1=$prefix/share/config.site - ac_site_file2=$prefix/etc/config.site + ac_site_files="$prefix/share/config.site $prefix/etc/config.site" else - ac_site_file1=$ac_default_prefix/share/config.site - ac_site_file2=$ac_default_prefix/etc/config.site + ac_site_files="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" fi -for ac_site_file in "$ac_site_file1" "$ac_site_file2" + +for ac_site_file in $ac_site_files do - test "x$ac_site_file" = xNONE && continue - if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 -$as_echo "$as_me: loading site script $ac_site_file" >&6;} + case $ac_site_file in #( + */*) : + ;; #( + *) : + ac_site_file=./$ac_site_file ;; +esac + if test -f "$ac_site_file" && test -r "$ac_site_file"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +printf "%s\n" "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ - || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + || { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi @@ -2506,19 +2483,435 @@ if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 -$as_echo "$as_me: loading cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +printf "%s\n" "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 -$as_echo "$as_me: creating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +printf "%s\n" "$as_me: creating cache $cache_file" >&6;} >$cache_file fi +# Test code for whether the C compiler supports C89 (global declarations) +ac_c_conftest_c89_globals=' +/* Does the compiler advertise C89 conformance? + Do not test the value of __STDC__, because some compilers set it to 0 + while being otherwise adequately conformant. */ +#if !defined __STDC__ +# error "Compiler does not advertise C89 conformance" +#endif + +#include <stddef.h> +#include <stdarg.h> +struct stat; +/* Most of the following tests are stolen from RCS 5.7 src/conf.sh. */ +struct buf { int x; }; +struct buf * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not \xHH hex character constants. + These do not provoke an error unfortunately, instead are silently treated + as an "x". The following induces an error, until -std is added to get + proper ANSI mode. Curiously \x00 != x always comes out true, for an + array size at least. It is necessary to write \x00 == 0 to get something + that is true only with -std. */ +int osf4_cc_array ['\''\x00'\'' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) '\''x'\'' +int xlc6_cc_array[FOO(a) == '\''x'\'' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, int *(*)(struct buf *, struct stat *, int), + int, int);' + +# Test code for whether the C compiler supports C89 (body of main). +ac_c_conftest_c89_main=' +ok |= (argc == 0 || f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]); +' + +# Test code for whether the C compiler supports C99 (global declarations) +ac_c_conftest_c99_globals=' +// Does the compiler advertise C99 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 199901L +# error "Compiler does not advertise C99 conformance" +#endif + +#include <stdbool.h> +extern int puts (const char *); +extern int printf (const char *, ...); +extern int dprintf (int, const char *, ...); +extern void *malloc (size_t); + +// Check varargs macros. These examples are taken from C99 6.10.3.5. +// dprintf is used instead of fprintf to avoid needing to declare +// FILE and stderr. +#define debug(...) dprintf (2, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + #error "your preprocessor is broken" +#endif +#if BIG_OK +#else + #error "your preprocessor is broken" +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; + +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\''\0'\''; ++i) + continue; + return 0; +} + +// Check varargs and va_copy. +static bool +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str = ""; + int number = 0; + float fnumber = 0; + + while (*format) + { + switch (*format++) + { + case '\''s'\'': // string + str = va_arg (args_copy, const char *); + break; + case '\''d'\'': // int + number = va_arg (args_copy, int); + break; + case '\''f'\'': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); + + return *str && number && fnumber; +} +' + +# Test code for whether the C compiler supports C99 (body of main). +ac_c_conftest_c99_main=' + // Check bool. + _Bool success = false; + success |= (argc != 0); + + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + success &= test_varargs ("s, d'\'' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[0] = argv[0][0]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + ok |= (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == '\''x'\'' + || dynamic_array[ni.number - 1] != 543); +' + +# Test code for whether the C compiler supports C11 (global declarations) +ac_c_conftest_c11_globals=' +// Does the compiler advertise C11 conformance? +#if !defined __STDC_VERSION__ || __STDC_VERSION__ < 201112L +# error "Compiler does not advertise C11 conformance" +#endif + +// Check _Alignas. +char _Alignas (double) aligned_as_double; +char _Alignas (0) no_special_alignment; +extern char aligned_as_int; +char _Alignas (0) _Alignas (int) aligned_as_int; + +// Check _Alignof. +enum +{ + int_alignment = _Alignof (int), + int_array_alignment = _Alignof (int[100]), + char_alignment = _Alignof (char) +}; +_Static_assert (0 < -_Alignof (int), "_Alignof is signed"); + +// Check _Noreturn. +int _Noreturn does_not_return (void) { for (;;) continue; } + +// Check _Static_assert. +struct test_static_assert +{ + int x; + _Static_assert (sizeof (int) <= sizeof (long int), + "_Static_assert does not work in struct"); + long int y; +}; + +// Check UTF-8 literals. +#define u8 syntax error! +char const utf8_literal[] = u8"happens to be ASCII" "another string"; + +// Check duplicate typedefs. +typedef long *long_ptr; +typedef long int *long_ptr; +typedef long_ptr long_ptr; + +// Anonymous structures and unions -- taken from C11 6.7.2.1 Example 1. +struct anonymous +{ + union { + struct { int i; int j; }; + struct { int k; long int l; } w; + }; + int m; +} v1; +' + +# Test code for whether the C compiler supports C11 (body of main). +ac_c_conftest_c11_main=' + _Static_assert ((offsetof (struct anonymous, i) + == offsetof (struct anonymous, w.k)), + "Anonymous union alignment botch"); + v1.i = 2; + v1.w.k = 5; + ok |= v1.i != 5; +' + +# Test code for whether the C compiler supports C11 (complete). +ac_c_conftest_c11_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} +${ac_c_conftest_c11_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + ${ac_c_conftest_c11_main} + return ok; +} +" + +# Test code for whether the C compiler supports C99 (complete). +ac_c_conftest_c99_program="${ac_c_conftest_c89_globals} +${ac_c_conftest_c99_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + ${ac_c_conftest_c99_main} + return ok; +} +" + +# Test code for whether the C compiler supports C89 (complete). +ac_c_conftest_c89_program="${ac_c_conftest_c89_globals} + +int +main (int argc, char **argv) +{ + int ok = 0; + ${ac_c_conftest_c89_main} + return ok; +} +" + +as_fn_append ac_header_c_list " stdio.h stdio_h HAVE_STDIO_H" +as_fn_append ac_header_c_list " stdlib.h stdlib_h HAVE_STDLIB_H" +as_fn_append ac_header_c_list " string.h string_h HAVE_STRING_H" +as_fn_append ac_header_c_list " inttypes.h inttypes_h HAVE_INTTYPES_H" +as_fn_append ac_header_c_list " stdint.h stdint_h HAVE_STDINT_H" +as_fn_append ac_header_c_list " strings.h strings_h HAVE_STRINGS_H" +as_fn_append ac_header_c_list " sys/stat.h sys_stat_h HAVE_SYS_STAT_H" +as_fn_append ac_header_c_list " sys/types.h sys_types_h HAVE_SYS_TYPES_H" +as_fn_append ac_header_c_list " unistd.h unistd_h HAVE_UNISTD_H" +as_fn_append ac_header_c_list " sys/time.h sys_time_h HAVE_SYS_TIME_H" + +# Auxiliary files required by this configure script. +ac_aux_files="config.guess config.sub install-sh" + +# Locations in which to look for auxiliary files. +ac_aux_dir_candidates="${srcdir}${PATH_SEPARATOR}${srcdir}/..${PATH_SEPARATOR}${srcdir}/../.." + +# Search for a directory containing all of the required auxiliary files, +# $ac_aux_files, from the $PATH-style list $ac_aux_dir_candidates. +# If we don't find one directory that contains all the files we need, +# we report the set of missing files from the *first* directory in +# $ac_aux_dir_candidates and give up. +ac_missing_aux_files="" +ac_first_candidate=: +printf "%s\n" "$as_me:${as_lineno-$LINENO}: looking for aux files: $ac_aux_files" >&5 +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in $ac_aux_dir_candidates +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + as_found=: + + printf "%s\n" "$as_me:${as_lineno-$LINENO}: trying $as_dir" >&5 + ac_aux_dir_found=yes + ac_install_sh= + for ac_aux in $ac_aux_files + do + # As a special case, if "install-sh" is required, that requirement + # can be satisfied by any of "install-sh", "install.sh", or "shtool", + # and $ac_install_sh is set appropriately for whichever one is found. + if test x"$ac_aux" = x"install-sh" + then + if test -f "${as_dir}install-sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install-sh found" >&5 + ac_install_sh="${as_dir}install-sh -c" + elif test -f "${as_dir}install.sh"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}install.sh found" >&5 + ac_install_sh="${as_dir}install.sh -c" + elif test -f "${as_dir}shtool"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}shtool found" >&5 + ac_install_sh="${as_dir}shtool install -c" + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} install-sh" + else + break + fi + fi + else + if test -f "${as_dir}${ac_aux}"; then + printf "%s\n" "$as_me:${as_lineno-$LINENO}: ${as_dir}${ac_aux} found" >&5 + else + ac_aux_dir_found=no + if $ac_first_candidate; then + ac_missing_aux_files="${ac_missing_aux_files} ${ac_aux}" + else + break + fi + fi + fi + done + if test "$ac_aux_dir_found" = yes; then + ac_aux_dir="$as_dir" + break + fi + ac_first_candidate=false + + as_found=false +done +IFS=$as_save_IFS +if $as_found +then : + +else $as_nop + as_fn_error $? "cannot find required auxiliary files:$ac_missing_aux_files" "$LINENO" 5 +fi + + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +if test -f "${ac_aux_dir}config.guess"; then + ac_config_guess="$SHELL ${ac_aux_dir}config.guess" +fi +if test -f "${ac_aux_dir}config.sub"; then + ac_config_sub="$SHELL ${ac_aux_dir}config.sub" +fi +if test -f "$ac_aux_dir/configure"; then + ac_configure="$SHELL ${ac_aux_dir}configure" +fi + # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false @@ -2529,12 +2922,12 @@ for ac_var in $ac_precious_vars; do eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 -$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) @@ -2543,24 +2936,24 @@ $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 -$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +printf "%s\n" "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else - { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 -$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +printf "%s\n" "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi - { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 -$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 -$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +printf "%s\n" "$as_me: former value: \`$ac_old_val'" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +printf "%s\n" "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in - *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_arg=$ac_var=`printf "%s\n" "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in @@ -2570,11 +2963,12 @@ $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi done if $ac_cache_corrupted; then - { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 -$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} - as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +printf "%s\n" "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`${MAKE-make} distclean' and/or \`rm $cache_file' + and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## @@ -2591,36 +2985,9 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -ac_aux_dir= -for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do - if test -f "$ac_dir/install-sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f "$ac_dir/install.sh"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f "$ac_dir/shtool"; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 -fi - -# These three variables are undocumented and unsupported, -# and are intended to be withdrawn in a future Autoconf release. -# They can cause serious problems if a builder's source tree is in a directory -# whose full name contains unusual characters. -ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. -ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. -ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. -# Find a good install program. We prefer a C program (faster), + # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install @@ -2634,20 +3001,25 @@ ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 -$as_echo_n "checking for a BSD-compatible install... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +printf %s "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then -if ${ac_cv_path_install+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test ${ac_cv_path_install+y} +then : + printf %s "(cached) " >&6 +else $as_nop as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - # Account for people who put trailing slashes in PATH elements. -case $as_dir/ in #(( - ./ | .// | /[cC]/* | \ + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + # Account for fact that we put trailing slashes in our PATH walk. +case $as_dir in #(( + ./ | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; @@ -2657,13 +3029,13 @@ case $as_dir/ in #(( # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_prog$ac_exec_ext"; then if test $ac_prog = install && - grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + grep dspmsg "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && - grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + grep pwplus "$as_dir$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else @@ -2671,12 +3043,12 @@ case $as_dir/ in #(( echo one > conftest.one echo two > conftest.two mkdir conftest.dir - if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + if "$as_dir$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir/" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then - ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + ac_cv_path_install="$as_dir$ac_prog$ac_exec_ext -c" break 3 fi fi @@ -2692,7 +3064,7 @@ IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi - if test "${ac_cv_path_install+set}" = set; then + if test ${ac_cv_path_install+y}; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a @@ -2702,8 +3074,8 @@ fi INSTALL=$ac_install_sh fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 -$as_echo "$INSTALL" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +printf "%s\n" "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. @@ -2713,13 +3085,14 @@ test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 -$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +printf %s "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} -ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` -if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_make=`printf "%s\n" "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval test \${ac_cv_prog_make_${ac_make}_set+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @@ -2735,12 +3108,12 @@ esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } SET_MAKE= else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi @@ -2748,43 +3121,42 @@ fi PACKAGE=samhain -VERSION=4.1.4 +VERSION=4.4.10 if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 fi -cat >>confdefs.h <<_ACEOF -#define PACKAGE "$PACKAGE" -_ACEOF +printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define VERSION "$VERSION" -_ACEOF +printf "%s\n" "#define VERSION \"$VERSION\"" >>confdefs.h -$as_echo "#define SAMHAIN 1" >>confdefs.h +printf "%s\n" "#define SAMHAIN 1" >>confdefs.h -# Make sure we can run config.sub. -$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || - as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 -$as_echo_n "checking build system type... " >&6; } -if ${ac_cv_build+:} false; then : - $as_echo_n "(cached) " >&6 -else + + # Make sure we can run config.sub. +$SHELL "${ac_aux_dir}config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL ${ac_aux_dir}config.sub" "$LINENO" 5 + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +printf %s "checking build system type... " >&6; } +if test ${ac_cv_build+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_build_alias=$build_alias test "x$ac_build_alias" = x && - ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` + ac_build_alias=`$SHELL "${ac_aux_dir}config.guess"` test "x$ac_build_alias" = x && as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 -ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 +ac_cv_build=`$SHELL "${ac_aux_dir}config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $ac_build_alias failed" "$LINENO" 5 fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 -$as_echo "$ac_cv_build" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +printf "%s\n" "$ac_cv_build" >&6; } case $ac_cv_build in *-*-*) ;; *) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; @@ -2803,21 +3175,22 @@ IFS=$ac_save_IFS case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 -$as_echo_n "checking host system type... " >&6; } -if ${ac_cv_host+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +printf %s "checking host system type... " >&6; } +if test ${ac_cv_host+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test "x$host_alias" = x; then ac_cv_host=$ac_cv_build else - ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || - as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 + ac_cv_host=`$SHELL "${ac_aux_dir}config.sub" $host_alias` || + as_fn_error $? "$SHELL ${ac_aux_dir}config.sub $host_alias failed" "$LINENO" 5 fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 -$as_echo "$ac_cv_host" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +printf "%s\n" "$ac_cv_host" >&6; } case $ac_cv_host in *-*-*) ;; *) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; @@ -2838,6 +3211,15 @@ case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + + + + + + + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -2846,11 +3228,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -2858,11 +3241,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2873,11 +3260,11 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -2886,11 +3273,12 @@ if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else @@ -2898,11 +3286,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2913,11 +3305,11 @@ fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "x$ac_ct_CC" = x; then @@ -2925,8 +3317,8 @@ fi else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC @@ -2939,11 +3331,12 @@ if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -2951,11 +3344,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -2966,11 +3363,11 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -2979,11 +3376,12 @@ fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -2992,15 +3390,19 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + if test "$as_dir$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3016,18 +3418,18 @@ if test $ac_prog_rejected = yes; then # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift - ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + ac_cv_prog_CC="$as_dir$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3038,11 +3440,12 @@ if test -z "$CC"; then do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else @@ -3050,11 +3453,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3065,11 +3472,11 @@ fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 -$as_echo "$CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3082,11 +3489,12 @@ if test -z "$CC"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_ac_ct_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else @@ -3094,11 +3502,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3109,11 +3521,11 @@ fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 -$as_echo "$ac_ct_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3125,34 +3537,138 @@ done else case $cross_compiling:$ac_tool_warned in yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}clang", so it can be a program name with args. +set dummy ${ac_tool_prefix}clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +printf "%s\n" "$CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "clang", so it can be a program name with args. +set dummy clang; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="clang" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +printf "%s\n" "$ac_ct_CC" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi +else + CC="$ac_cv_prog_CC" fi fi -test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +test -z "$CC" && { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. -$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 -for ac_option in --version -v -V -qversion; do +for ac_option in --version -v -V -qversion -version; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then @@ -3162,7 +3678,7 @@ $as_echo "$ac_try_echo"; } >&5 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done @@ -3170,7 +3686,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3182,9 +3698,9 @@ ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 -$as_echo_n "checking whether the C compiler works... " >&6; } -ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +printf %s "checking whether the C compiler works... " >&6; } +ac_link_default=`printf "%s\n" "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" @@ -3205,11 +3721,12 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, @@ -3226,7 +3743,7 @@ do # certainly right. break;; *.* ) - if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + if test ${ac_cv_exeext+y} && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi @@ -3242,44 +3759,46 @@ do done test "$ac_cv_exeext" = no && ac_cv_exeext= -else +else $as_nop ac_file='' fi -if test -z "$ac_file"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -$as_echo "$as_me: failed program was:" >&5 +if test -z "$ac_file" +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 -$as_echo_n "checking for C compiler default output file name... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 -$as_echo "$ac_file" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +printf %s "checking for C compiler default output file name... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +printf "%s\n" "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 -$as_echo_n "checking for suffix of executables... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +printf %s "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with @@ -3293,15 +3812,15 @@ for ac_file in conftest.exe conftest conftest.*; do * ) break;; esac done -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 -$as_echo "$ac_cv_exeext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +printf "%s\n" "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext @@ -3310,7 +3829,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <stdio.h> int -main () +main (void) { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; @@ -3322,8 +3841,8 @@ _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 -$as_echo_n "checking whether we are cross compiling... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +printf %s "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in @@ -3331,10 +3850,10 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in @@ -3342,39 +3861,40 @@ $as_echo "$ac_try_echo"; } >&5 *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} -as_fn_error $? "cannot run C compiled programs. + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 -$as_echo "$cross_compiling" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +printf "%s\n" "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 -$as_echo_n "checking for suffix of object files... " >&6; } -if ${ac_cv_objext+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +printf %s "checking for suffix of object files... " >&6; } +if test ${ac_cv_objext+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; @@ -3388,11 +3908,12 @@ case "(($ac_try" in *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 +printf "%s\n" "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then : + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in @@ -3401,31 +3922,32 @@ $as_echo "$ac_try_echo"; } >&5 break;; esac done -else - $as_echo "$as_me: failed program was:" >&5 +else $as_nop + printf "%s\n" "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 -{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +{ { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 -$as_echo "$ac_cv_objext" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +printf "%s\n" "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 -$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } -if ${ac_cv_c_compiler_gnu+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports GNU C" >&5 +printf %s "checking whether the compiler supports GNU C... " >&6; } +if test ${ac_cv_c_compiler_gnu+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { #ifndef __GNUC__ choke me @@ -3435,29 +3957,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_compiler_gnu=yes -else +else $as_nop ac_compiler_gnu=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 -$as_echo "$ac_cv_c_compiler_gnu" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +printf "%s\n" "$ac_cv_c_compiler_gnu" >&6; } +ac_compiler_gnu=$ac_cv_c_compiler_gnu + if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi -ac_test_CFLAGS=${CFLAGS+set} +ac_test_CFLAGS=${CFLAGS+y} ac_save_CFLAGS=$CFLAGS -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 -$as_echo_n "checking whether $CC accepts -g... " >&6; } -if ${ac_cv_prog_cc_g+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +printf %s "checking whether $CC accepts -g... " >&6; } +if test ${ac_cv_prog_cc_g+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no @@ -3466,57 +3992,60 @@ else /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes -else +else $as_nop CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : -else +else $as_nop ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_g=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 -$as_echo "$ac_cv_prog_cc_g" >&6; } -if test "$ac_test_CFLAGS" = set; then +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +printf "%s\n" "$ac_cv_prog_cc_g" >&6; } +if test $ac_test_CFLAGS; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then @@ -3531,94 +4060,144 @@ else CFLAGS= fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 -$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } -if ${ac_cv_prog_cc_c89+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_cv_prog_cc_c89=no +ac_prog_cc_stdc=no +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C11 features" >&5 +printf %s "checking for $CC option to enable C11 features... " >&6; } +if test ${ac_cv_prog_cc_c11+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c11=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include <stdarg.h> -#include <stdio.h> -struct stat; -/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ -struct buf { int x; }; -FILE * (*rcsopen) (struct buf *, struct stat *, int); -static char *e (p, i) - char **p; - int i; -{ - return p[i]; -} -static char *f (char * (*g) (char **, int), char **p, ...) -{ - char *s; - va_list v; - va_start (v,p); - s = g (p, va_arg (v,int)); - va_end (v); - return s; -} - -/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has - function prototypes and stuff, but not '\xHH' hex character constants. - These don't provoke an error unfortunately, instead are silently treated - as 'x'. The following induces an error, until -std is added to get - proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an - array size at least. It's necessary to write '\x00'==0 to get something - that's true only with -std. */ -int osf4_cc_array ['\x00' == 0 ? 1 : -1]; +$ac_c_conftest_c11_program +_ACEOF +for ac_arg in '' -std=gnu11 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c11=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c11" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi -/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters - inside strings and character constants. */ -#define FOO(x) 'x' -int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; +if test "x$ac_cv_prog_cc_c11" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c11" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c11" >&5 +printf "%s\n" "$ac_cv_prog_cc_c11" >&6; } + CC="$CC $ac_cv_prog_cc_c11" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c11 + ac_prog_cc_stdc=c11 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C99 features" >&5 +printf %s "checking for $CC option to enable C99 features... " >&6; } +if test ${ac_cv_prog_cc_c99+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c99_program +_ACEOF +for ac_arg in '' -std=gnu99 -std=c99 -c99 -qlanglvl=extc1x -qlanglvl=extc99 -AC99 -D_STDC_C99= +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO" +then : + ac_cv_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC +fi -int test (int i, double x); -struct s1 {int (*f) (int a);}; -struct s2 {int (*f) (double a);}; -int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); -int argc; -char **argv; -int -main () -{ -return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; - ; - return 0; -} +if test "x$ac_cv_prog_cc_c99" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c99" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +printf "%s\n" "$ac_cv_prog_cc_c99" >&6; } + CC="$CC $ac_cv_prog_cc_c99" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c99 + ac_prog_cc_stdc=c99 +fi +fi +if test x$ac_prog_cc_stdc = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC option to enable C89 features" >&5 +printf %s "checking for $CC option to enable C89 features... " >&6; } +if test ${ac_cv_prog_cc_c89+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_c_conftest_c89_program _ACEOF -for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ - -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : ac_cv_prog_cc_c89=$ac_arg fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC - fi -# AC_CACHE_VAL -case "x$ac_cv_prog_cc_c89" in - x) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 -$as_echo "none needed" >&6; } ;; - xno) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 -$as_echo "unsupported" >&6; } ;; - *) - CC="$CC $ac_cv_prog_cc_c89" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 -$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; -esac -if test "x$ac_cv_prog_cc_c89" != xno; then : +if test "x$ac_cv_prog_cc_c89" = xno +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +printf "%s\n" "unsupported" >&6; } +else $as_nop + if test "x$ac_cv_prog_cc_c89" = x +then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +printf "%s\n" "none needed" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +printf "%s\n" "$ac_cv_prog_cc_c89" >&6; } + CC="$CC $ac_cv_prog_cc_c89" +fi + ac_cv_prog_cc_stdc=$ac_cv_prog_cc_c89 + ac_prog_cc_stdc=c89 +fi fi ac_ext=c @@ -3632,11 +4211,12 @@ if test "$host" != "$build"; then do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_BUILD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_BUILD_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$BUILD_CC"; then ac_cv_prog_BUILD_CC="$BUILD_CC" # Let the user override the test. else @@ -3644,11 +4224,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_BUILD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3659,11 +4243,11 @@ fi fi BUILD_CC=$ac_cv_prog_BUILD_CC if test -n "$BUILD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $BUILD_CC" >&5 -$as_echo "$BUILD_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $BUILD_CC" >&5 +printf "%s\n" "$BUILD_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3678,40 +4262,36 @@ ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +printf %s "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + if test ${ac_cv_prog_CPP+y} +then : + printf %s "(cached) " >&6 +else $as_nop + # Double quotes because $CC needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" cpp /lib/cpp do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif +#include <limits.h> Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -3723,10 +4303,11 @@ rm -f conftest.err conftest.i conftest.$ac_ext /* end confdefs.h. */ #include <ac_nonexistent.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -3736,7 +4317,8 @@ rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : break fi @@ -3748,29 +4330,24 @@ fi else ac_cv_prog_CPP=$CPP fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 -$as_echo "$CPP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +printf "%s\n" "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. - # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since - # <limits.h> exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __STDC__ -# include <limits.h> -#else -# include <assert.h> -#endif +#include <limits.h> Syntax error _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : -else +else $as_nop # Broken: fails on valid input. continue fi @@ -3782,10 +4359,11 @@ rm -f conftest.err conftest.i conftest.$ac_ext /* end confdefs.h. */ #include <ac_nonexistent.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : +if ac_fn_c_try_cpp "$LINENO" +then : # Broken: success on invalid input. continue -else +else $as_nop # Passes both tests. ac_preproc_ok=: break @@ -3795,11 +4373,12 @@ rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext -if $ac_preproc_ok; then : +if $ac_preproc_ok +then : -else - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +else $as_nop + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi @@ -3811,26 +4390,27 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $ ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 -$as_echo_n "checking whether ln -s works... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +printf %s "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 -$as_echo "no, using $LN_S" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +printf "%s\n" "no, using $LN_S" >&6; } fi for ac_prog in gawk mawk nawk awk do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_AWK+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_AWK+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$AWK"; then ac_cv_prog_AWK="$AWK" # Let the user override the test. else @@ -3838,11 +4418,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_AWK="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3853,11 +4437,11 @@ fi fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 -$as_echo "$AWK" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +printf "%s\n" "$AWK" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -3868,8 +4452,8 @@ done ac_prog=ld if test "$GCC" = yes; then # Check if gcc -print-prog-name=ld gives a path. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 -$as_echo_n "checking for ld used by $CC... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +printf %s "checking for ld used by $CC... " >&6; } case $host in *-*-mingw*) # gcc leaves a trailing carriage return which upsets mingw @@ -3898,12 +4482,13 @@ $as_echo_n "checking for ld used by $CC... " >&6; } ;; esac else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld" >&5 -$as_echo_n "checking for ld... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ld" >&5 +printf %s "checking for ld... " >&6; } fi -if ${lt_cv_path_LD+:} false; then : - $as_echo_n "(cached) " >&6 -else +if test ${lt_cv_path_LD+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$LD"; then lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR for ac_dir in $PATH; do @@ -3932,18 +4517,19 @@ fi LD="$lt_cv_path_LD" if test -n "$LD"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 -$as_echo "$LD" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +printf "%s\n" "$LD" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 -$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } -if ${lt_cv_prog_gnu_ld+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +printf %s "checking if the linker ($LD) is GNU ld... " >&6; } +if test ${lt_cv_prog_gnu_ld+y} +then : + printf %s "(cached) " >&6 +else $as_nop # I'd rather use --version here, but apparently some GNU lds only accept -v. case `$LD -v 2>&1 </dev/null` in *GNU* | *'with BFD'*) @@ -3954,17 +4540,18 @@ case `$LD -v 2>&1 </dev/null` in ;; esac fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 -$as_echo "$lt_cv_prog_gnu_ld" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5 +printf "%s\n" "$lt_cv_prog_gnu_ld" >&6; } with_gnu_ld=$lt_cv_prog_gnu_ld # Extract the first word of "hostname", so it can be a program name with args. set dummy hostname; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_cmd_hostname+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_cmd_hostname+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $cmd_hostname in [\\/]* | ?:[\\/]*) ac_cv_path_cmd_hostname="$cmd_hostname" # Let the user override the test with a path. @@ -3974,11 +4561,15 @@ else for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_cmd_hostname="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_cmd_hostname="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -3990,11 +4581,11 @@ esac fi cmd_hostname=$ac_cv_path_cmd_hostname if test -n "$cmd_hostname"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cmd_hostname" >&5 -$as_echo "$cmd_hostname" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $cmd_hostname" >&5 +printf "%s\n" "$cmd_hostname" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -4006,8 +4597,8 @@ if test "x$GCC" = "xyes"; then GCC_VERSION="" gcc_VERSION_MAJOR=0 gcc_VERSION_MINOR=0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcc version" >&5 -$as_echo_n "checking for gcc version... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gcc version" >&5 +printf %s "checking for gcc version... " >&6; } if test "x$GCC" = "xyes" then $CC -dumpversion >/dev/null 2>&1 @@ -4017,35 +4608,79 @@ $as_echo_n "checking for gcc version... " >&6; } gcc_VERSION_MAJOR=`echo $GCC_VERSION | cut -d'.' -f1` gcc_VERSION_MINOR=`echo $GCC_VERSION | cut -d'.' -f2` -cat >>confdefs.h <<_ACEOF -#define GCC_VERSION_MAJOR ${gcc_VERSION_MAJOR} -_ACEOF +printf "%s\n" "#define GCC_VERSION_MAJOR ${gcc_VERSION_MAJOR}" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define GCC_VERSION_MINOR ${gcc_VERSION_MINOR} -_ACEOF +printf "%s\n" "#define GCC_VERSION_MINOR ${gcc_VERSION_MINOR}" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCC_VERSION" >&5 -$as_echo "$GCC_VERSION" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $GCC_VERSION" >&5 +printf "%s\n" "$GCC_VERSION" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC -dumpversion working" >&5 -$as_echo "$CC -dumpversion working" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $CC -dumpversion working" >&5 +printf "%s\n" "$CC -dumpversion working" >&6; } fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: compiler is not gcc" >&5 -$as_echo "compiler is not gcc" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: compiler is not gcc" >&5 +printf "%s\n" "compiler is not gcc" >&6; } fi fi +if test "x${gcc_VERSION_MAJOR}" != "x" +then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gcc compiler issues" >&5 +printf %s "checking for gcc compiler issues... " >&6; } + if test ${gcc_VERSION_MAJOR} -ge 11 + then + dnmalloc_ok=no + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: dnmalloc does not work with gcc 11" >&5 +printf "%s\n" "dnmalloc does not work with gcc 11" >&6; } + else + dnmalloc_ok=yes + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +printf "%s\n" "ok" >&6; } + fi +else + dnmalloc_ok=yes +fi + -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 -$as_echo_n "checking for grep that handles long lines and -e... " >&6; } -if ${ac_cv_path_GREP+:} false; then : - $as_echo_n "(cached) " >&6 -else +ac_header= ac_cache= +for ac_item in $ac_header_c_list +do + if test $ac_cache; then + ac_fn_c_check_header_compile "$LINENO" $ac_header ac_cv_header_$ac_cache "$ac_includes_default" + if eval test \"x\$ac_cv_header_$ac_cache\" = xyes; then + printf "%s\n" "#define $ac_item 1" >> confdefs.h + fi + ac_header= ac_cache= + elif test $ac_header; then + ac_cache=$ac_item + else + ac_header=$ac_item + fi +done + + + + + + + + +if test $ac_cv_header_stdlib_h = yes && test $ac_cv_header_string_h = yes +then : + +printf "%s\n" "#define STDC_HEADERS 1" >>confdefs.h + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +printf %s "checking for grep that handles long lines and -e... " >&6; } +if test ${ac_cv_path_GREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST @@ -4053,10 +4688,15 @@ else for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in grep ggrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in grep ggrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_GREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP @@ -4065,13 +4705,13 @@ case `"$ac_path_GREP" --version 2>&1` in ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'GREP' >> "conftest.nl" + printf "%s\n" 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -4099,16 +4739,20 @@ else fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 -$as_echo "$ac_cv_path_GREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +printf "%s\n" "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 -$as_echo_n "checking for egrep... " >&6; } -if ${ac_cv_path_EGREP+:} false; then : - $as_echo_n "(cached) " >&6 -else +# Autoupdate added the next two lines to ensure that your configure +# script's behavior did not change. They are probably safe to remove. + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +printf %s "checking for egrep... " >&6; } +if test ${ac_cv_path_EGREP+y} +then : + printf %s "(cached) " >&6 +else $as_nop if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else @@ -4119,10 +4763,15 @@ else for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_prog in egrep; do + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_prog in egrep + do for ac_exec_ext in '' $ac_executable_extensions; do - ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + ac_path_EGREP="$as_dir$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP @@ -4131,13 +4780,13 @@ case `"$ac_path_EGREP" --version 2>&1` in ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 - $as_echo_n 0123456789 >"conftest.in" + printf %s 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" - $as_echo 'EGREP' >> "conftest.nl" + printf "%s\n" 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val @@ -4166,165 +4815,54 @@ fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 -$as_echo "$ac_cv_path_EGREP" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +printf "%s\n" "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 -$as_echo_n "checking for ANSI C header files... " >&6; } -if ${ac_cv_header_stdc+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdlib.h> -#include <stdarg.h> -#include <string.h> -#include <float.h> -int -main () -{ - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_stdc=yes -else - ac_cv_header_stdc=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_fn_c_check_header_compile "$LINENO" "sys/ipc.h" "ac_cv_header_sys_ipc_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_ipc_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_IPC_H 1" >>confdefs.h -if test $ac_cv_header_stdc = yes; then - # SunOS 4.x string.h does not declare mem*, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <string.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "memchr" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no fi -rm -f conftest* +ac_fn_c_check_header_compile "$LINENO" "sys/sem.h" "ac_cv_header_sys_sem_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sem_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SEM_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "sys/msg.h" "ac_cv_header_sys_msg_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_msg_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_MSG_H 1" >>confdefs.h -if test $ac_cv_header_stdc = yes; then - # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <stdlib.h> - -_ACEOF -if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "free" >/dev/null 2>&1; then : - -else - ac_cv_header_stdc=no fi -rm -f conftest* +ac_fn_c_check_header_compile "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_uio_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h fi - -if test $ac_cv_header_stdc = yes; then - # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. - if test "$cross_compiling" = yes; then : - : -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <ctype.h> -#include <stdlib.h> -#if ((' ' & 0x0FF) == 0x020) -# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') -# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) -#else -# define ISLOWER(c) \ - (('a' <= (c) && (c) <= 'i') \ - || ('j' <= (c) && (c) <= 'r') \ - || ('s' <= (c) && (c) <= 'z')) -# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) -#endif - -#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) -int -main () -{ - int i; - for (i = 0; i < 256; i++) - if (XOR (islower (i), ISLOWER (i)) - || toupper (i) != TOUPPER (i)) - return 2; - return 0; -} -_ACEOF -if ac_fn_c_try_run "$LINENO"; then : - -else - ac_cv_header_stdc=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ - conftest.$ac_objext conftest.beam conftest.$ac_ext -fi - -fi -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 -$as_echo "$ac_cv_header_stdc" >&6; } -if test $ac_cv_header_stdc = yes; then - -$as_echo "#define STDC_HEADERS 1" >>confdefs.h - -fi - - -# On IRIX 5.3, sys/types and inttypes.h are conflicting. -for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ - inttypes.h stdint.h unistd.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default -" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF - -fi - -done - - -for ac_header in sys/ipc.h sys/sem.h sys/msg.h sys/uio.h fcntl.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_header_compile "$LINENO" "fcntl.h" "ac_cv_header_fcntl_h" "$ac_includes_default" +if test "x$ac_cv_header_fcntl_h" = xyes +then : + printf "%s\n" "#define HAVE_FCNTL_H 1" >>confdefs.h fi -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OS specific issues" >&5 -$as_echo_n "checking for OS specific issues... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for OS specific issues" >&5 +printf %s "checking for OS specific issues... " >&6; } mydebugflag=no myneedg3=no uid_cast="signed long" selectconfig=linux mynetbsd=no sh_use_lcaps="undef" -dnmalloc_ok=yes sh_use_pie=yes enable_asm_ok=yes @@ -4332,137 +4870,138 @@ case "$host_os" in *linux*) sh_use_lcaps="yes" - $as_echo "#define HOST_IS_LINUX 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_LINUX 1" >>confdefs.h - $as_echo "#define HAVE_EXT2_IOCTLS 1" >>confdefs.h + printf "%s\n" "#define HAVE_EXT2_IOCTLS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: use ioctl to get e2fs flags" >&5 -$as_echo "use ioctl to get e2fs flags" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: use ioctl to get e2fs flags" >&5 +printf "%s\n" "use ioctl to get e2fs flags" >&6; } case "$host_cpu" in i*86*) - $as_echo "#define HOST_IS_I86LINUX 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_I86LINUX 1" >>confdefs.h ;; x86_64) -$as_echo "#define HOST_IS_64LINUX 1" >>confdefs.h +printf "%s\n" "#define HOST_IS_64LINUX 1" >>confdefs.h ;; *) ;; esac - ;; + LDFLAGS="${LDFLAGS} -Wl,--as-needed" + ;; *osf*) -$as_echo "#define HOST_IS_OSF 1" >>confdefs.h +printf "%s\n" "#define HOST_IS_OSF 1" >>confdefs.h if test "x$GCC" != "xyes"; then CFLAGS=`echo $CFLAGS | sed 's%\-g%%' ` CFLAGS="$CFLAGS -O2 -assume noaligned_objects" myneedg3=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: compiler needs assume noaligned_objects" >&5 -$as_echo "compiler needs assume noaligned_objects" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: compiler needs assume noaligned_objects" >&5 +printf "%s\n" "compiler needs assume noaligned_objects" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } fi ;; *cygwin*) - $as_echo "#define HOST_IS_CYGWIN 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_CYGWIN 1" >>confdefs.h -$as_echo "#define USE_REGISTRY_CHECK 1" >>confdefs.h +printf "%s\n" "#define USE_REGISTRY_CHECK 1" >>confdefs.h dnmalloc_ok=no enable_asm_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no trusted paths, no dnmalloc. no asm optimize" >&5 -$as_echo "no trusted paths, no dnmalloc. no asm optimize" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no trusted paths, no dnmalloc. no asm optimize" >&5 +printf "%s\n" "no trusted paths, no dnmalloc. no asm optimize" >&6; } ;; *darwin*|*apple*) - $as_echo "#define HOST_IS_DARWIN 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_DARWIN 1" >>confdefs.h dnmalloc_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: check resource forks, no dnmalloc" >&5 -$as_echo "check resource forks, no dnmalloc" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: check resource forks, no dnmalloc" >&5 +printf "%s\n" "check resource forks, no dnmalloc" >&6; } ;; *freebsd8*|*freebsd9*) - $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd case "$host_cpu" in amd64|x86_64) dnmalloc_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no dnmalloc" >&5 -$as_echo "no dnmalloc" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no dnmalloc" >&5 +printf "%s\n" "no dnmalloc" >&6; } ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; esac ;; *freebsd7*) - $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd case "$host_cpu" in amd64|x86_64) sh_use_pie=no dnmalloc_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no dnmalloc and broken compiler toolchain" >&5 -$as_echo "no dnmalloc and broken compiler toolchain" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no dnmalloc and broken compiler toolchain" >&5 +printf "%s\n" "no dnmalloc and broken compiler toolchain" >&6; } ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; esac ;; *freebsd*) - $as_echo "#define HOST_IS_FREEBSD 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_FREEBSD 1" >>confdefs.h selectconfig=freebsd - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; *openbsd*) -$as_echo "#define HOST_IS_OPENBSD 1" >>confdefs.h +printf "%s\n" "#define HOST_IS_OPENBSD 1" >>confdefs.h selectconfig=freebsd dnmalloc_ok=no - { $as_echo "$as_me:${as_lineno-$LINENO}: result: dnmalloc does not work with pthreads" >&5 -$as_echo "dnmalloc does not work with pthreads" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: dnmalloc does not work with pthreads" >&5 +printf "%s\n" "dnmalloc does not work with pthreads" >&6; } ;; *netbsd*) mynetbsd=yes selectconfig=netbsd - { $as_echo "$as_me:${as_lineno-$LINENO}: result: bug with libresolve" >&5 -$as_echo "bug with libresolve" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: bug with libresolve" >&5 +printf "%s\n" "bug with libresolve" >&6; } ;; *solaris*) selectconfig=solaris - $as_echo "#define HOST_IS_SOLARIS 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_SOLARIS 1" >>confdefs.h case "$host_cpu" in i*86) - $as_echo "#define HOST_IS_I86SOLARIS 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_I86SOLARIS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: vsnprintf prototype" >&5 -$as_echo "vsnprintf prototype" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: vsnprintf prototype" >&5 +printf "%s\n" "vsnprintf prototype" >&6; } ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; esac if test "x$GCC" != "xyes"; then @@ -4482,14 +5021,14 @@ $as_echo "none" >&6; } *sun*) selectconfig=solaris - $as_echo "#define HOST_IS_SOLARIS 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_SOLARIS 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; *aix*) - $as_echo "#define HOST_IS_AIX 1" >>confdefs.h + printf "%s\n" "#define HOST_IS_AIX 1" >>confdefs.h selectconfig=aix5.2.0 uid_cast="unsigned long" @@ -4503,18 +5042,18 @@ $as_echo "none" >&6; } if test -z "`echo "$CFLAGS" | grep "\-qstrict" 2> /dev/null`"; then CFLAGS="$CFLAGS -qstrict" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call and optimize O3 qstrict" >&5 -$as_echo "AIX size_t in the accept call and optimize O3 qstrict" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call and optimize O3 qstrict" >&5 +printf "%s\n" "AIX size_t in the accept call and optimize O3 qstrict" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call" >&5 -$as_echo "AIX size_t in the accept call" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: AIX size_t in the accept call" >&5 +printf "%s\n" "AIX size_t in the accept call" >&6; } fi ;; *hpux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&5 -$as_echo "HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&6; } - $as_echo "#define HOST_IS_HPUX 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&5 +printf "%s\n" "HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&6; } + printf "%s\n" "#define HOST_IS_HPUX 1" >>confdefs.h if test "x$GCC" != "xyes"; then if test ! -z "`echo "$CFLAGS" | grep "\-g" 2> /dev/null`" ; then @@ -4527,22 +5066,20 @@ $as_echo "HPUX need _XOPEN_SOURCE_EXTENDED for h_errno" >&6; } ;; *ultrix*) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ULTRIX getcwd uses popen" >&5 -$as_echo "ULTRIX getcwd uses popen" >&6; } - $as_echo "#define HAVE_BROKEN_GETCWD 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ULTRIX getcwd uses popen" >&5 +printf "%s\n" "ULTRIX getcwd uses popen" >&6; } + printf "%s\n" "#define HAVE_BROKEN_GETCWD 1" >>confdefs.h ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } ;; esac -cat >>confdefs.h <<_ACEOF -#define UID_CAST ${uid_cast} -_ACEOF +printf "%s\n" "#define UID_CAST ${uid_cast}" >>confdefs.h @@ -4550,19 +5087,20 @@ _ACEOF ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do - as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 -$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } -if eval \${$as_ac_Header+:} false; then : - $as_echo_n "(cached) " >&6 -else + as_ac_Header=`printf "%s\n" "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 +printf %s "checking for $ac_hdr that defines DIR... " >&6; } +if eval test \${$as_ac_Header+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/types.h> #include <$ac_hdr> int -main () +main (void) { if ((DIR *) 0) return 0; @@ -4570,19 +5108,21 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : eval "$as_ac_Header=yes" -else +else $as_nop eval "$as_ac_Header=no" fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi eval ac_res=\$$as_ac_Header - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 -$as_echo "$ac_res" >&6; } -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +printf "%s\n" "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Header"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break @@ -4591,11 +5131,12 @@ fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +printf %s "checking for library containing opendir... " >&6; } +if test ${ac_cv_search_opendir+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4603,56 +5144,59 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char opendir (); int -main () +main (void) { return opendir (); ; return 0; } _ACEOF -for ac_lib in '' dir; do +for ac_lib in '' dir +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_opendir=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : + if test ${ac_cv_search_opendir+y} +then : break fi done -if ${ac_cv_search_opendir+:} false; then : +if test ${ac_cv_search_opendir+y} +then : -else +else $as_nop ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +printf "%s\n" "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 -$as_echo_n "checking for library containing opendir... " >&6; } -if ${ac_cv_search_opendir+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +printf %s "checking for library containing opendir... " >&6; } +if test ${ac_cv_search_opendir+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4660,142 +5204,90 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char opendir (); int -main () +main (void) { return opendir (); ; return 0; } _ACEOF -for ac_lib in '' x; do +for ac_lib in '' x +do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi - if ac_fn_c_try_link "$LINENO"; then : + if ac_fn_c_try_link "$LINENO" +then : ac_cv_search_opendir=$ac_res fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext - if ${ac_cv_search_opendir+:} false; then : + if test ${ac_cv_search_opendir+y} +then : break fi done -if ${ac_cv_search_opendir+:} false; then : +if test ${ac_cv_search_opendir+y} +then : -else +else $as_nop ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 -$as_echo "$ac_cv_search_opendir" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +printf "%s\n" "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir -if test "$ac_res" != no; then : +if test "$ac_res" != no +then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sys/types.h defines makedev" >&5 -$as_echo_n "checking whether sys/types.h defines makedev... " >&6; } -if ${ac_cv_header_sys_types_h_makedev+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> -int -main () -{ -return makedev(0, 0); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_header_sys_types_h_makedev=yes -else - ac_cv_header_sys_types_h_makedev=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_types_h_makedev" >&5 -$as_echo "$ac_cv_header_sys_types_h_makedev" >&6; } -if test $ac_cv_header_sys_types_h_makedev = no; then -ac_fn_c_check_header_mongrel "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_mkdev_h" = xyes; then : +ac_fn_c_check_header_compile "$LINENO" "sys/mkdev.h" "ac_cv_header_sys_mkdev_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_mkdev_h" = xyes +then : -$as_echo "#define MAJOR_IN_MKDEV 1" >>confdefs.h +printf "%s\n" "#define MAJOR_IN_MKDEV 1" >>confdefs.h fi +if test $ac_cv_header_sys_mkdev_h = no; then + ac_fn_c_check_header_compile "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_sysmacros_h" = xyes +then : - - if test $ac_cv_header_sys_mkdev_h = no; then - ac_fn_c_check_header_mongrel "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_sysmacros_h" = xyes; then : - -$as_echo "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h +printf "%s\n" "#define MAJOR_IN_SYSMACROS 1" >>confdefs.h fi - - fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 -$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } -if ${ac_cv_header_time+:} false; then : - $as_echo_n "(cached) " >&6 -else - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#include <sys/types.h> -#include <sys/time.h> -#include <time.h> -int -main () -{ -if ((struct tm *) 0) -return 0; - ; - return 0; -} -_ACEOF -if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_header_time=yes -else - ac_cv_header_time=no -fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 -$as_echo "$ac_cv_header_time" >&6; } -if test $ac_cv_header_time = yes; then -$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h +# Obsolete code to be removed. +if test $ac_cv_header_sys_time_h = yes; then + +printf "%s\n" "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi +# End of obsolete code. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5 -$as_echo_n "checking whether stat file-mode macros are broken... " >&6; } -if ${ac_cv_header_stat_broken+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5 +printf %s "checking whether stat file-mode macros are broken... " >&6; } +if test ${ac_cv_header_stat_broken+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/types.h> @@ -4818,87 +5310,394 @@ extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1]; #endif _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_header_stat_broken=no -else +else $as_nop ac_cv_header_stat_broken=yes fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5 -$as_echo "$ac_cv_header_stat_broken" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5 +printf "%s\n" "$ac_cv_header_stat_broken" >&6; } if test $ac_cv_header_stat_broken = yes; then -$as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h +printf "%s\n" "#define STAT_MACROS_BROKEN 1" >>confdefs.h + +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $CC options needed to detect all undeclared functions" >&5 +printf %s "checking for $CC options needed to detect all undeclared functions... " >&6; } +if test ${ac_cv_c_undeclared_builtin_options+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_CFLAGS=$CFLAGS + ac_cv_c_undeclared_builtin_options='cannot detect' + for ac_arg in '' -fno-builtin; do + CFLAGS="$ac_save_CFLAGS $ac_arg" + # This test program should *not* compile successfully. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ +(void) strchr; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + +else $as_nop + # This test program should compile successfully. + # No library function is consistently available on + # freestanding implementations, so test against a dummy + # declaration. Include always-available headers on the + # off chance that they somehow elicit warnings. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <float.h> +#include <limits.h> +#include <stdarg.h> +#include <stddef.h> +extern void ac_decl (int, char *); + +int +main (void) +{ +(void) ac_decl (0, (char *) 0); + (void) ac_decl; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + if test x"$ac_arg" = x +then : + ac_cv_c_undeclared_builtin_options='none needed' +else $as_nop + ac_cv_c_undeclared_builtin_options=$ac_arg +fi + break +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + done + CFLAGS=$ac_save_CFLAGS + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_undeclared_builtin_options" >&5 +printf "%s\n" "$ac_cv_c_undeclared_builtin_options" >&6; } + case $ac_cv_c_undeclared_builtin_options in #( + 'cannot detect') : + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot make $CC report undeclared builtins +See \`config.log' for more details" "$LINENO" 5; } ;; #( + 'none needed') : + ac_c_undeclared_builtin_options='' ;; #( + *) : + ac_c_undeclared_builtin_options=$ac_cv_c_undeclared_builtin_options ;; +esac -ac_fn_c_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include <signal.h> +ac_fn_check_decl "$LINENO" "sys_siglist" "ac_cv_have_decl_sys_siglist" "#include <signal.h> /* NetBSD declares sys_siglist in unistd.h. */ #ifdef HAVE_UNISTD_H # include <unistd.h> #endif -" -if test "x$ac_cv_have_decl_sys_siglist" = xyes; then : +" "$ac_c_undeclared_builtin_options" "CFLAGS" +if test "x$ac_cv_have_decl_sys_siglist" = xyes +then : ac_have_decl=1 -else +else $as_nop ac_have_decl=0 fi +printf "%s\n" "#define HAVE_DECL_SYS_SIGLIST $ac_have_decl" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define HAVE_DECL_SYS_SIGLIST $ac_have_decl -_ACEOF +ac_fn_c_check_header_compile "$LINENO" "stddef.h" "ac_cv_header_stddef_h" "#include <sys/types.h> -for ac_header in stddef.h libgen.h sched.h malloc.h sys/uio.h \ - sys/mman.h sys/param.h sys/inotify.h \ - sys/vfs.h mntent.h \ - sys/select.h sys/socket.h netinet/in.h \ - regex.h glob.h fnmatch.h \ - linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ - elf.h linux/elf.h auparse.h \ - paths.h arpa/nameser.h arpa/nameser_compat.h \ - rpc/rpcent.h rpc/rpc.h sys/statvfs.h -do : - as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include <sys/types.h> +" +if test "x$ac_cv_header_stddef_h" = xyes +then : + printf "%s\n" "#define HAVE_STDDEF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "libgen.h" "ac_cv_header_libgen_h" "#include <sys/types.h> " -if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -_ACEOF +if test "x$ac_cv_header_libgen_h" = xyes +then : + printf "%s\n" "#define HAVE_LIBGEN_H 1" >>confdefs.h fi +ac_fn_c_check_header_compile "$LINENO" "sched.h" "ac_cv_header_sched_h" "#include <sys/types.h> -done +" +if test "x$ac_cv_header_sched_h" = xyes +then : + printf "%s\n" "#define HAVE_SCHED_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "malloc.h" "ac_cv_header_malloc_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_malloc_h" = xyes +then : + printf "%s\n" "#define HAVE_MALLOC_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/uio.h" "ac_cv_header_sys_uio_h" "#include <sys/types.h> +" +if test "x$ac_cv_header_sys_uio_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_UIO_H 1" >>confdefs.h +fi +ac_fn_c_check_header_compile "$LINENO" "sys/mman.h" "ac_cv_header_sys_mman_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_mman_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_MMAN_H 1" >>confdefs.h -ac_fn_c_check_header_mongrel "$LINENO" "utmpx.h" "ac_cv_header_utmpx_h" "$ac_includes_default" -if test "x$ac_cv_header_utmpx_h" = xyes; then : +fi +ac_fn_c_check_header_compile "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_param_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_PARAM_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/inotify.h" "ac_cv_header_sys_inotify_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_inotify_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_INOTIFY_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/sysmacros.h" "ac_cv_header_sys_sysmacros_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_sysmacros_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SYSMACROS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/vfs.h" "ac_cv_header_sys_vfs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_vfs_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_VFS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "mntent.h" "ac_cv_header_mntent_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_mntent_h" = xyes +then : + printf "%s\n" "#define HAVE_MNTENT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/select.h" "ac_cv_header_sys_select_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_select_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SELECT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/socket.h" "ac_cv_header_sys_socket_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_socket_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_SOCKET_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_netinet_in_h" = xyes +then : + printf "%s\n" "#define HAVE_NETINET_IN_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ifaddrs.h" "ac_cv_header_ifaddrs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_ifaddrs_h" = xyes +then : + printf "%s\n" "#define HAVE_IFADDRS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "regex.h" "ac_cv_header_regex_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_regex_h" = xyes +then : + printf "%s\n" "#define HAVE_REGEX_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "glob.h" "ac_cv_header_glob_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_glob_h" = xyes +then : + printf "%s\n" "#define HAVE_GLOB_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "fnmatch.h" "ac_cv_header_fnmatch_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_fnmatch_h" = xyes +then : + printf "%s\n" "#define HAVE_FNMATCH_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/ext2_fs.h" "ac_cv_header_linux_ext2_fs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_linux_ext2_fs_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_EXT2_FS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/fs.h" "ac_cv_header_linux_fs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_linux_fs_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_FS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "ext2fs/ext2_fs.h" "ac_cv_header_ext2fs_ext2_fs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_ext2fs_ext2_fs_h" = xyes +then : + printf "%s\n" "#define HAVE_EXT2FS_EXT2_FS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "asm/segment.h" "ac_cv_header_asm_segment_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_asm_segment_h" = xyes +then : + printf "%s\n" "#define HAVE_ASM_SEGMENT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "elf.h" "ac_cv_header_elf_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_elf_h" = xyes +then : + printf "%s\n" "#define HAVE_ELF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "linux/elf.h" "ac_cv_header_linux_elf_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_linux_elf_h" = xyes +then : + printf "%s\n" "#define HAVE_LINUX_ELF_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "auparse.h" "ac_cv_header_auparse_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_auparse_h" = xyes +then : + printf "%s\n" "#define HAVE_AUPARSE_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "paths.h" "ac_cv_header_paths_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_paths_h" = xyes +then : + printf "%s\n" "#define HAVE_PATHS_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "arpa/nameser.h" "ac_cv_header_arpa_nameser_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_arpa_nameser_h" = xyes +then : + printf "%s\n" "#define HAVE_ARPA_NAMESER_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "arpa/nameser_compat.h" "ac_cv_header_arpa_nameser_compat_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_arpa_nameser_compat_h" = xyes +then : + printf "%s\n" "#define HAVE_ARPA_NAMESER_COMPAT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "rpc/rpcent.h" "ac_cv_header_rpc_rpcent_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_rpc_rpcent_h" = xyes +then : + printf "%s\n" "#define HAVE_RPC_RPCENT_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "rpc/rpc.h" "ac_cv_header_rpc_rpc_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_rpc_rpc_h" = xyes +then : + printf "%s\n" "#define HAVE_RPC_RPC_H 1" >>confdefs.h + +fi +ac_fn_c_check_header_compile "$LINENO" "sys/statvfs.h" "ac_cv_header_sys_statvfs_h" "#include <sys/types.h> + +" +if test "x$ac_cv_header_sys_statvfs_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_STATVFS_H 1" >>confdefs.h + +fi + + + +ac_fn_c_check_header_compile "$LINENO" "utmpx.h" "ac_cv_header_utmpx_h" "$ac_includes_default" +if test "x$ac_cv_header_utmpx_h" = xyes +then : sh_utmpx="yes" -else +else $as_nop sh_utmpx="no" fi - if test "x$sh_utmpx" = "xyes"; then - $as_echo "#define HAVE_UTMPX_H 1" >>confdefs.h + printf "%s\n" "#define HAVE_UTMPX_H 1" >>confdefs.h - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <utmpx.h> _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTHOST 1" >>confdefs.h + $EGREP "ut_host" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTHOST 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4906,11 +5705,12 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTADDR 1" >>confdefs.h + $EGREP "ut_addr" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTADDR 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4918,11 +5718,12 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr_v6" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTADDR_V6 1" >>confdefs.h + $EGREP "ut_addr_v6" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTADDR_V6 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4930,11 +5731,12 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_xtime" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTXTIME 1" >>confdefs.h + $EGREP "ut_xtime" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTXTIME 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4942,11 +5744,12 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTTYPE 1" >>confdefs.h + $EGREP "ut_type" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTTYPE 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -4955,11 +5758,12 @@ else _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_addr" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTADDR 1" >>confdefs.h + $EGREP "ut_addr" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTADDR 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4967,11 +5771,12 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_host" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTHOST 1" >>confdefs.h + $EGREP "ut_host" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTHOST 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4979,18 +5784,20 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ut_type" >/dev/null 2>&1; then : - $as_echo "#define HAVE_UTTYPE 1" >>confdefs.h + $EGREP "ut_type" >/dev/null 2>&1 +then : + printf "%s\n" "#define HAVE_UTTYPE 1" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -ac_fn_c_check_header_mongrel "$LINENO" "sys/acct.h" "ac_cv_header_sys_acct_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_acct_h" = xyes; then : +ac_fn_c_check_header_compile "$LINENO" "sys/acct.h" "ac_cv_header_sys_acct_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_acct_h" = xyes +then : -$as_echo "#define HAVE_SYS_ACCT_H /**/" >>confdefs.h +printf "%s\n" "#define HAVE_SYS_ACCT_H /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -4998,9 +5805,10 @@ $as_echo "#define HAVE_SYS_ACCT_H /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_utime" >/dev/null 2>&1; then : + $EGREP "ac_utime" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACUTIME /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACUTIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5008,16 +5816,17 @@ $as_echo "#define HAVE_ACUTIME /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_utime" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_utime" >/dev/null 2>&1 +then : -$as_echo "#define ACUTIME_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACUTIME_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5025,9 +5834,10 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_stime" >/dev/null 2>&1; then : + $EGREP "ac_stime" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACSTIME /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACSTIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5035,16 +5845,17 @@ $as_echo "#define HAVE_ACSTIME /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_stime" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_stime" >/dev/null 2>&1 +then : -$as_echo "#define ACSTIME_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACSTIME_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5052,9 +5863,10 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_etime" >/dev/null 2>&1; then : + $EGREP "ac_etime" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACETIME /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACETIME /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5062,16 +5874,17 @@ $as_echo "#define HAVE_ACETIME /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_etime" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_etime" >/dev/null 2>&1 +then : -$as_echo "#define ACETIME_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACETIME_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5079,9 +5892,10 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_io" >/dev/null 2>&1; then : + $EGREP "ac_io" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACIO /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACIO /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5089,16 +5903,17 @@ $as_echo "#define HAVE_ACIO /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_io" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_io" >/dev/null 2>&1 +then : -$as_echo "#define ACIO_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACIO_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5106,9 +5921,10 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_mem" >/dev/null 2>&1; then : + $EGREP "ac_mem" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACMEM /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACMEM /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5116,16 +5932,17 @@ $as_echo "#define HAVE_ACMEM /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_mem" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_mem" >/dev/null 2>&1 +then : -$as_echo "#define ACMEM_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACMEM_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5133,23 +5950,26 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_minflt" >/dev/null 2>&1; then : + $EGREP "ac_minflt" >/dev/null 2>&1 +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/acct.h> _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_majflt" >/dev/null 2>&1; then : + $EGREP "ac_majflt" >/dev/null 2>&1 +then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/acct.h> _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "ac_swaps" >/dev/null 2>&1; then : + $EGREP "ac_swaps" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_PAGING /**/" >>confdefs.h +printf "%s\n" "#define HAVE_PAGING /**/" >>confdefs.h cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5157,12 +5977,13 @@ $as_echo "#define HAVE_PAGING /**/" >>confdefs.h _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_minflt" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_minflt" >/dev/null 2>&1 +then : -$as_echo "#define ACMINFLT_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACMINFLT_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5170,12 +5991,13 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_mayflt" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_mayflt" >/dev/null 2>&1 +then : -$as_echo "#define ACMAJFLT_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACMAJFLT_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5183,24 +6005,25 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t.*ac_swaps" >/dev/null 2>&1; then : + $EGREP "comp_t.*ac_swaps" >/dev/null 2>&1 +then : -$as_echo "#define ACSWAPS_COMPT /**/" >>confdefs.h +printf "%s\n" "#define ACSWAPS_COMPT /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5208,12 +6031,13 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "comp_t" >/dev/null 2>&1; then : + $EGREP "comp_t" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_COMP_T /**/" >>confdefs.h +printf "%s\n" "#define HAVE_COMP_T /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5221,12 +6045,13 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "struct acct_v3" >/dev/null 2>&1; then : + $EGREP "struct acct_v3" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACCT_V3 /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACCT_V3 /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5234,12 +6059,13 @@ rm -f conftest* _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "struct acctv2" >/dev/null 2>&1; then : + $EGREP "struct acctv2" >/dev/null 2>&1 +then : -$as_echo "#define HAVE_ACCTV2 /**/" >>confdefs.h +printf "%s\n" "#define HAVE_ACCTV2 /**/" >>confdefs.h fi -rm -f conftest* +rm -rf conftest* @@ -5247,7 +6073,6 @@ fi - ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_statfs_f_flags" " #ifdef HAVE_SYS_TYPES_H #include <sys/types.h> @@ -5263,28 +6088,29 @@ ac_fn_c_check_member "$LINENO" "struct statfs" "f_flags" "ac_cv_member_struct_st #endif " -if test "x$ac_cv_member_struct_statfs_f_flags" = xyes; then : +if test "x$ac_cv_member_struct_statfs_f_flags" = xyes +then : -cat >>confdefs.h <<_ACEOF -#define HAVE_STRUCT_STATFS_F_FLAGS 1 -_ACEOF +printf "%s\n" "#define HAVE_STRUCT_STATFS_F_FLAGS 1" >>confdefs.h fi # Check whether --enable-largefile was given. -if test "${enable_largefile+set}" = set; then : +if test ${enable_largefile+y} +then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 -$as_echo_n "checking for special C compiler options needed for large files... " >&6; } -if ${ac_cv_sys_largefile_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +printf %s "checking for special C compiler options needed for large files... " >&6; } +if test ${ac_cv_sys_largefile_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC @@ -5298,44 +6124,47 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam CC="$CC -n32" - if ac_fn_c_try_compile "$LINENO"; then : + if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_largefile_CC=' -n32'; break fi -rm -f core conftest.err conftest.$ac_objext +rm -f core conftest.err conftest.$ac_objext conftest.beam break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 -$as_echo "$ac_cv_sys_largefile_CC" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +printf "%s\n" "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 -$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } -if ${ac_cv_sys_file_offset_bits+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +printf %s "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if test ${ac_cv_sys_file_offset_bits+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5344,22 +6173,23 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 @@ -5368,43 +6198,43 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_file_offset_bits=64; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 -$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +printf "%s\n" "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits -_ACEOF +printf "%s\n" "#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits" >>confdefs.h ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 -$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } -if ${ac_cv_sys_large_files+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +printf %s "checking for _LARGE_FILES value needed for large files... " >&6; } +if test ${ac_cv_sys_large_files+y} +then : + printf %s "(cached) " >&6 +else $as_nop while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5413,22 +6243,23 @@ else We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=no; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 @@ -5437,89 +6268,88 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ -#define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) +#define LARGE_OFF_T (((off_t) 1 << 31 << 31) - 1 + ((off_t) 1 << 31 << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_sys_large_files=1; break fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 -$as_echo "$ac_cv_sys_large_files" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +printf "%s\n" "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) -cat >>confdefs.h <<_ACEOF -#define _LARGE_FILES $ac_cv_sys_large_files -_ACEOF +printf "%s\n" "#define _LARGE_FILES $ac_cv_sys_large_files" >>confdefs.h ;; esac rm -rf conftest* fi - - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether _POSIX_SOURCE is necessary" >&5 -$as_echo_n "checking whether _POSIX_SOURCE is necessary... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether _POSIX_SOURCE is necessary" >&5 +printf %s "checking whether _POSIX_SOURCE is necessary... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <stdio.h> void fileno(int);int fdopen(int, char *); int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h +printf "%s\n" "#define _POSIX_SOURCE 1" >>confdefs.h -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + -for ac_func in strftime + for ac_func in strftime do : ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" -if test "x$ac_cv_func_strftime" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_STRFTIME 1 -_ACEOF +if test "x$ac_cv_func_strftime" = xyes +then : + printf "%s\n" "#define HAVE_STRFTIME 1" >>confdefs.h -else +else $as_nop # strftime is in -lintl on SCO UNIX. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 -$as_echo_n "checking for strftime in -lintl... " >&6; } -if ${ac_cv_lib_intl_strftime+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 +printf %s "checking for strftime in -lintl... " >&6; } +if test ${ac_cv_lib_intl_strftime+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lintl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -5528,79 +6358,430 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char strftime (); int -main () +main (void) { return strftime (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_intl_strftime=yes -else +else $as_nop ac_cv_lib_intl_strftime=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 -$as_echo "$ac_cv_lib_intl_strftime" >&6; } -if test "x$ac_cv_lib_intl_strftime" = xyes; then : - $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 +printf "%s\n" "$ac_cv_lib_intl_strftime" >&6; } +if test "x$ac_cv_lib_intl_strftime" = xyes +then : + printf "%s\n" "#define HAVE_STRFTIME 1" >>confdefs.h LIBS="-lintl $LIBS" fi fi + done +ac_fn_c_check_func "$LINENO" "memcmp" "ac_cv_func_memcmp" +if test "x$ac_cv_func_memcmp" = xyes +then : + printf "%s\n" "#define HAVE_MEMCMP 1" >>confdefs.h -for ac_func in memcmp memcpy memmove memset getpwent endpwent fpurge \ - gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ - seteuid setreuid setresuid lstat getwd getcwd ptrace \ - usleep setpriority getpeereid nanosleep \ - strptime basename sched_yield hasmntopt \ - inet_aton gethostbyname setutent setrlimit gethostname uname \ - initgroups getpagesize \ - ttyname fchmod writev mmap tzset \ - getsid getpriority getpgid statvfs \ - strerror_r getgrgid_r getpwnam_r getpwuid_r \ - gmtime_r localtime_r rand_r readdir_r strtok_r \ - mincore posix_fadvise inotify_init1 +fi +ac_fn_c_check_func "$LINENO" "memcpy" "ac_cv_func_memcpy" +if test "x$ac_cv_func_memcpy" = xyes +then : + printf "%s\n" "#define HAVE_MEMCPY 1" >>confdefs.h -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +fi +ac_fn_c_check_func "$LINENO" "memmove" "ac_cv_func_memmove" +if test "x$ac_cv_func_memmove" = xyes +then : + printf "%s\n" "#define HAVE_MEMMOVE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "memset" "ac_cv_func_memset" +if test "x$ac_cv_func_memset" = xyes +then : + printf "%s\n" "#define HAVE_MEMSET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpwent" "ac_cv_func_getpwent" +if test "x$ac_cv_func_getpwent" = xyes +then : + printf "%s\n" "#define HAVE_GETPWENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "endpwent" "ac_cv_func_endpwent" +if test "x$ac_cv_func_endpwent" = xyes +then : + printf "%s\n" "#define HAVE_ENDPWENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fpurge" "ac_cv_func_fpurge" +if test "x$ac_cv_func_fpurge" = xyes +then : + printf "%s\n" "#define HAVE_FPURGE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "explicit_memset" "ac_cv_func_explicit_memset" +if test "x$ac_cv_func_explicit_memset" = xyes +then : + printf "%s\n" "#define HAVE_EXPLICIT_MEMSET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "explicit_bzero" "ac_cv_func_explicit_bzero" +if test "x$ac_cv_func_explicit_bzero" = xyes +then : + printf "%s\n" "#define HAVE_EXPLICIT_BZERO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gettimeofday" "ac_cv_func_gettimeofday" +if test "x$ac_cv_func_gettimeofday" = xyes +then : + printf "%s\n" "#define HAVE_GETTIMEOFDAY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strlcat" "ac_cv_func_strlcat" +if test "x$ac_cv_func_strlcat" = xyes +then : + printf "%s\n" "#define HAVE_STRLCAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strlcpy" "ac_cv_func_strlcpy" +if test "x$ac_cv_func_strlcpy" = xyes +then : + printf "%s\n" "#define HAVE_STRLCPY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strstr" "ac_cv_func_strstr" +if test "x$ac_cv_func_strstr" = xyes +then : + printf "%s\n" "#define HAVE_STRSTR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strchr" "ac_cv_func_strchr" +if test "x$ac_cv_func_strchr" = xyes +then : + printf "%s\n" "#define HAVE_STRCHR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strerror" "ac_cv_func_strerror" +if test "x$ac_cv_func_strerror" = xyes +then : + printf "%s\n" "#define HAVE_STRERROR 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strsignal" "ac_cv_func_strsignal" +if test "x$ac_cv_func_strsignal" = xyes +then : + printf "%s\n" "#define HAVE_STRSIGNAL 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "seteuid" "ac_cv_func_seteuid" +if test "x$ac_cv_func_seteuid" = xyes +then : + printf "%s\n" "#define HAVE_SETEUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setreuid" "ac_cv_func_setreuid" +if test "x$ac_cv_func_setreuid" = xyes +then : + printf "%s\n" "#define HAVE_SETREUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setresuid" "ac_cv_func_setresuid" +if test "x$ac_cv_func_setresuid" = xyes +then : + printf "%s\n" "#define HAVE_SETRESUID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "lstat" "ac_cv_func_lstat" +if test "x$ac_cv_func_lstat" = xyes +then : + printf "%s\n" "#define HAVE_LSTAT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getwd" "ac_cv_func_getwd" +if test "x$ac_cv_func_getwd" = xyes +then : + printf "%s\n" "#define HAVE_GETWD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getcwd" "ac_cv_func_getcwd" +if test "x$ac_cv_func_getcwd" = xyes +then : + printf "%s\n" "#define HAVE_GETCWD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ptrace" "ac_cv_func_ptrace" +if test "x$ac_cv_func_ptrace" = xyes +then : + printf "%s\n" "#define HAVE_PTRACE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "usleep" "ac_cv_func_usleep" +if test "x$ac_cv_func_usleep" = xyes +then : + printf "%s\n" "#define HAVE_USLEEP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setpriority" "ac_cv_func_setpriority" +if test "x$ac_cv_func_setpriority" = xyes +then : + printf "%s\n" "#define HAVE_SETPRIORITY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpeereid" "ac_cv_func_getpeereid" +if test "x$ac_cv_func_getpeereid" = xyes +then : + printf "%s\n" "#define HAVE_GETPEEREID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "nanosleep" "ac_cv_func_nanosleep" +if test "x$ac_cv_func_nanosleep" = xyes +then : + printf "%s\n" "#define HAVE_NANOSLEEP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strptime" "ac_cv_func_strptime" +if test "x$ac_cv_func_strptime" = xyes +then : + printf "%s\n" "#define HAVE_STRPTIME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "basename" "ac_cv_func_basename" +if test "x$ac_cv_func_basename" = xyes +then : + printf "%s\n" "#define HAVE_BASENAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "sched_yield" "ac_cv_func_sched_yield" +if test "x$ac_cv_func_sched_yield" = xyes +then : + printf "%s\n" "#define HAVE_SCHED_YIELD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "hasmntopt" "ac_cv_func_hasmntopt" +if test "x$ac_cv_func_hasmntopt" = xyes +then : + printf "%s\n" "#define HAVE_HASMNTOPT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "inet_aton" "ac_cv_func_inet_aton" +if test "x$ac_cv_func_inet_aton" = xyes +then : + printf "%s\n" "#define HAVE_INET_ATON 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" +if test "x$ac_cv_func_gethostbyname" = xyes +then : + printf "%s\n" "#define HAVE_GETHOSTBYNAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setutent" "ac_cv_func_setutent" +if test "x$ac_cv_func_setutent" = xyes +then : + printf "%s\n" "#define HAVE_SETUTENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "setrlimit" "ac_cv_func_setrlimit" +if test "x$ac_cv_func_setrlimit" = xyes +then : + printf "%s\n" "#define HAVE_SETRLIMIT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gethostname" "ac_cv_func_gethostname" +if test "x$ac_cv_func_gethostname" = xyes +then : + printf "%s\n" "#define HAVE_GETHOSTNAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "uname" "ac_cv_func_uname" +if test "x$ac_cv_func_uname" = xyes +then : + printf "%s\n" "#define HAVE_UNAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "initgroups" "ac_cv_func_initgroups" +if test "x$ac_cv_func_initgroups" = xyes +then : + printf "%s\n" "#define HAVE_INITGROUPS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize" +if test "x$ac_cv_func_getpagesize" = xyes +then : + printf "%s\n" "#define HAVE_GETPAGESIZE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getutxent" "ac_cv_func_getutxent" +if test "x$ac_cv_func_getutxent" = xyes +then : + printf "%s\n" "#define HAVE_GETUTXENT 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "ttyname" "ac_cv_func_ttyname" +if test "x$ac_cv_func_ttyname" = xyes +then : + printf "%s\n" "#define HAVE_TTYNAME 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "fchmod" "ac_cv_func_fchmod" +if test "x$ac_cv_func_fchmod" = xyes +then : + printf "%s\n" "#define HAVE_FCHMOD 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "writev" "ac_cv_func_writev" +if test "x$ac_cv_func_writev" = xyes +then : + printf "%s\n" "#define HAVE_WRITEV 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "mmap" "ac_cv_func_mmap" +if test "x$ac_cv_func_mmap" = xyes +then : + printf "%s\n" "#define HAVE_MMAP 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "tzset" "ac_cv_func_tzset" +if test "x$ac_cv_func_tzset" = xyes +then : + printf "%s\n" "#define HAVE_TZSET 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getsid" "ac_cv_func_getsid" +if test "x$ac_cv_func_getsid" = xyes +then : + printf "%s\n" "#define HAVE_GETSID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpriority" "ac_cv_func_getpriority" +if test "x$ac_cv_func_getpriority" = xyes +then : + printf "%s\n" "#define HAVE_GETPRIORITY 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpgid" "ac_cv_func_getpgid" +if test "x$ac_cv_func_getpgid" = xyes +then : + printf "%s\n" "#define HAVE_GETPGID 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "statvfs" "ac_cv_func_statvfs" +if test "x$ac_cv_func_statvfs" = xyes +then : + printf "%s\n" "#define HAVE_STATVFS 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r" +if test "x$ac_cv_func_strerror_r" = xyes +then : + printf "%s\n" "#define HAVE_STRERROR_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getgrgid_r" "ac_cv_func_getgrgid_r" +if test "x$ac_cv_func_getgrgid_r" = xyes +then : + printf "%s\n" "#define HAVE_GETGRGID_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpwnam_r" "ac_cv_func_getpwnam_r" +if test "x$ac_cv_func_getpwnam_r" = xyes +then : + printf "%s\n" "#define HAVE_GETPWNAM_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getpwuid_r" "ac_cv_func_getpwuid_r" +if test "x$ac_cv_func_getpwuid_r" = xyes +then : + printf "%s\n" "#define HAVE_GETPWUID_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "gmtime_r" "ac_cv_func_gmtime_r" +if test "x$ac_cv_func_gmtime_r" = xyes +then : + printf "%s\n" "#define HAVE_GMTIME_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "localtime_r" "ac_cv_func_localtime_r" +if test "x$ac_cv_func_localtime_r" = xyes +then : + printf "%s\n" "#define HAVE_LOCALTIME_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "rand_r" "ac_cv_func_rand_r" +if test "x$ac_cv_func_rand_r" = xyes +then : + printf "%s\n" "#define HAVE_RAND_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "readdir_r" "ac_cv_func_readdir_r" +if test "x$ac_cv_func_readdir_r" = xyes +then : + printf "%s\n" "#define HAVE_READDIR_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "strtok_r" "ac_cv_func_strtok_r" +if test "x$ac_cv_func_strtok_r" = xyes +then : + printf "%s\n" "#define HAVE_STRTOK_R 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "mincore" "ac_cv_func_mincore" +if test "x$ac_cv_func_mincore" = xyes +then : + printf "%s\n" "#define HAVE_MINCORE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "posix_fadvise" "ac_cv_func_posix_fadvise" +if test "x$ac_cv_func_posix_fadvise" = xyes +then : + printf "%s\n" "#define HAVE_POSIX_FADVISE 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "inotify_init1" "ac_cv_func_inotify_init1" +if test "x$ac_cv_func_inotify_init1" = xyes +then : + printf "%s\n" "#define HAVE_INOTIFY_INIT1 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "scandir" "ac_cv_func_scandir" +if test "x$ac_cv_func_scandir" = xyes +then : + printf "%s\n" "#define HAVE_SCANDIR 1" >>confdefs.h fi -done ac_fn_c_check_func "$LINENO" "statfs" "ac_cv_func_statfs" -if test "x$ac_cv_func_statfs" = xyes; then : - $as_echo "#define HAVE_STATFS 1" >>confdefs.h +if test "x$ac_cv_func_statfs" = xyes +then : + printf "%s\n" "#define HAVE_STATFS 1" >>confdefs.h statfs="yes" -else +else $as_nop statfs="no" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for va_copy()" >&5 -$as_echo_n "checking for va_copy()... " >&6; } -if ${sh_cv_va_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for va_copy()" >&5 +printf %s "checking for va_copy()... " >&6; } +if test ${sh_cv_va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : sh_cv_va_copy=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5620,10 +6801,11 @@ else return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sh_cv_va_copy=yes -else +else $as_nop sh_cv_va_copy=no fi @@ -5634,17 +6816,19 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_copy" >&5 -$as_echo "$sh_cv_va_copy" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __va_copy()" >&5 -$as_echo_n "checking for __va_copy()... " >&6; } -if ${sh_cv___va_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_copy" >&5 +printf "%s\n" "$sh_cv_va_copy" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __va_copy()" >&5 +printf %s "checking for __va_copy()... " >&6; } +if test ${sh_cv___va_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : sh_cv___va_copy=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5664,10 +6848,11 @@ else return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sh_cv___va_copy=yes -else +else $as_nop sh_cv___va_copy=no fi @@ -5678,17 +6863,19 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv___va_copy" >&5 -$as_echo "$sh_cv___va_copy" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether va_lists can be copied by value" >&5 -$as_echo_n "checking whether va_lists can be copied by value... " >&6; } -if ${sh_cv_va_val_copy+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv___va_copy" >&5 +printf "%s\n" "$sh_cv___va_copy" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether va_lists can be copied by value" >&5 +printf %s "checking whether va_lists can be copied by value... " >&6; } +if test ${sh_cv_va_val_copy+y} +then : + printf %s "(cached) " >&6 +else $as_nop - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : sh_cv_va_val_copy=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5708,10 +6895,11 @@ else return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : sh_cv_va_val_copy=yes -else +else $as_nop sh_cv_va_val_copy=no fi @@ -5723,35 +6911,37 @@ fi fi if test "x$sh_cv_va_copy" = "xyes"; then - $as_echo "#define VA_COPY va_copy" >>confdefs.h + printf "%s\n" "#define VA_COPY va_copy" >>confdefs.h else if test "x$sh_cv___va_copy" = "xyes"; then - $as_echo "#define VA_COPY __va_copy" >>confdefs.h + printf "%s\n" "#define VA_COPY __va_copy" >>confdefs.h fi fi if test "x$sh_cv_va_val_copy" = "xno"; then - $as_echo "#define VA_COPY_AS_ARRAY 1" >>confdefs.h + printf "%s\n" "#define VA_COPY_AS_ARRAY 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_val_copy" >&5 -$as_echo "$sh_cv_va_val_copy" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_va_val_copy" >&5 +printf "%s\n" "$sh_cv_va_val_copy" >&6; } + -for ac_func in vsnprintf + for ac_func in vsnprintf do : ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" -if test "x$ac_cv_func_vsnprintf" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_VSNPRINTF 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 -$as_echo_n "checking for working vsnprintf... " >&6; } -if ${ac_cv_func_vsnprintf+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : +if test "x$ac_cv_func_vsnprintf" = xyes +then : + printf "%s\n" "#define HAVE_VSNPRINTF 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for working vsnprintf" >&5 +printf %s "checking for working vsnprintf... " >&6; } +if test ${ac_cv_func_vsnprintf+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : ac_cv_func_vsnprintf=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <stdio.h> @@ -5798,9 +6988,10 @@ main(void) exit(1); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_func_vsnprintf=yes -else +else $as_nop ac_cv_func_vsnprintf=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -5808,40 +6999,38 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vsnprintf" >&5 -$as_echo "$ac_cv_func_vsnprintf" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vsnprintf" >&5 +printf "%s\n" "$ac_cv_func_vsnprintf" >&6; } if test $ac_cv_func_vsnprintf = yes; then : else -$as_echo "#define HAVE_BROKEN_VSNPRINTF 1" >>confdefs.h +printf "%s\n" "#define HAVE_BROKEN_VSNPRINTF 1" >>confdefs.h fi fi -done - for ac_func in mlock -do : - ac_fn_c_check_func "$LINENO" "mlock" "ac_cv_func_mlock" -if test "x$ac_cv_func_mlock" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_MLOCK 1 -_ACEOF +done + ac_fn_c_check_func "$LINENO" "mlock" "ac_cv_func_mlock" +if test "x$ac_cv_func_mlock" = xyes +then : + printf "%s\n" "#define HAVE_MLOCK 1" >>confdefs.h fi -done if test "$ac_cv_func_mlock" = "yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether mlock is broken" >&5 -$as_echo_n "checking whether mlock is broken... " >&6; } - if ${ac_cv_have_broken_mlock+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test "$cross_compiling" = yes; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether mlock is broken" >&5 +printf %s "checking whether mlock is broken... " >&6; } + if test ${ac_cv_have_broken_mlock+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test "$cross_compiling" = yes +then : ac_cv_have_broken_mlock="assume-no" -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5872,9 +7061,10 @@ else _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_have_broken_mlock="no" -else +else $as_nop ac_cv_have_broken_mlock="yes" fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -5885,30 +7075,31 @@ fi fi if test "$ac_cv_have_broken_mlock" = "yes"; then - $as_echo "#define HAVE_BROKEN_MLOCK 1" >>confdefs.h + printf "%s\n" "#define HAVE_BROKEN_MLOCK 1" >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else if test "$ac_cv_have_broken_mlock" = "no"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: assuming no" >&5 -$as_echo "assuming no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: assuming no" >&5 +printf "%s\n" "assuming no" >&6; } fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strftime supports %z" >&5 -$as_echo_n "checking whether strftime supports %z... " >&6; } -if test "$cross_compiling" = yes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether strftime supports %z" >&5 +printf %s "checking whether strftime supports %z... " >&6; } +if test "$cross_compiling" = yes +then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5926,18 +7117,19 @@ int main() } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define HAVE_STRFTIME_Z 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRFTIME_Z 1" >>confdefs.h -else +else $as_nop -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -5945,8 +7137,8 @@ rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to get filesystem type" >&5 -$as_echo_n "checking how to get filesystem type... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to get filesystem type" >&5 +printf %s "checking how to get filesystem type... " >&6; } fstype=no # The order of these tests is important. cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -5954,8 +7146,9 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/statvfs.h> #include <sys/fstyp.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - $as_echo "#define FSTYPE_STATVFS 1" >>confdefs.h +if ac_fn_c_try_cpp "$LINENO" +then : + printf "%s\n" "#define FSTYPE_STATVFS 1" >>confdefs.h fstype=SVR4 fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -5965,8 +7158,9 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/statfs.h> #include <sys/fstyp.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - $as_echo "#define FSTYPE_USG_STATFS 1" >>confdefs.h +if ac_fn_c_try_cpp "$LINENO" +then : + printf "%s\n" "#define FSTYPE_USG_STATFS 1" >>confdefs.h fstype=SVR3 fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -5977,8 +7171,9 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/statfs.h> #include <sys/vmount.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - $as_echo "#define FSTYPE_AIX_STATFS 1" >>confdefs.h +if ac_fn_c_try_cpp "$LINENO" +then : + printf "%s\n" "#define FSTYPE_AIX_STATFS 1" >>confdefs.h fstype=AIX fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -5988,8 +7183,9 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <mntent.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - $as_echo "#define FSTYPE_MNTENT 1" >>confdefs.h +if ac_fn_c_try_cpp "$LINENO" +then : + printf "%s\n" "#define FSTYPE_MNTENT 1" >>confdefs.h fstype=4.3BSD fi rm -f conftest.err conftest.i conftest.$ac_ext @@ -6001,11 +7197,12 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | - $EGREP "f_type;" >/dev/null 2>&1; then : - $as_echo "#define FSTYPE_STATFS 1" >>confdefs.h + $EGREP "f_type;" >/dev/null 2>&1 +then : + printf "%s\n" "#define FSTYPE_STATFS 1" >>confdefs.h fstype=4.4BSD/OSF fi -rm -f conftest* +rm -rf conftest* fi if test $fstype = no; then @@ -6014,22 +7211,24 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/mount.h> #include <sys/fs_types.h> _ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - $as_echo "#define FSTYPE_GETMNT 1" >>confdefs.h +if ac_fn_c_try_cpp "$LINENO" +then : + printf "%s\n" "#define FSTYPE_GETMNT 1" >>confdefs.h fstype=Ultrix fi rm -f conftest.err conftest.i conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $fstype" >&5 -$as_echo "$fstype" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $fstype" >&5 +printf "%s\n" "$fstype" >&6; } sh_libsocket= -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 -$as_echo_n "checking for gethostbyname in -lnsl... " >&6; } -if ${ac_cv_lib_nsl_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 +printf %s "checking for gethostbyname in -lnsl... " >&6; } +if test ${ac_cv_lib_nsl_gethostbyname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6038,43 +7237,41 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gethostbyname (); int -main () +main (void) { return gethostbyname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_nsl_gethostbyname=yes -else +else $as_nop ac_cv_lib_nsl_gethostbyname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 -$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } -if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBNSL 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 +printf "%s\n" "$ac_cv_lib_nsl_gethostbyname" >&6; } +if test "x$ac_cv_lib_nsl_gethostbyname" = xyes +then : + printf "%s\n" "#define HAVE_LIBNSL 1" >>confdefs.h LIBS="-lnsl $LIBS" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 -$as_echo_n "checking for socket in -lsocket... " >&6; } -if ${ac_cv_lib_socket_socket+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socket in -lsocket" >&5 +printf %s "checking for socket in -lsocket... " >&6; } +if test ${ac_cv_lib_socket_socket+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6083,32 +7280,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char socket (); int -main () +main (void) { return socket (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_socket_socket=yes -else +else $as_nop ac_cv_lib_socket_socket=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 -$as_echo "$ac_cv_lib_socket_socket" >&6; } -if test "x$ac_cv_lib_socket_socket" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_socket" >&5 +printf "%s\n" "$ac_cv_lib_socket_socket" >&6; } +if test "x$ac_cv_lib_socket_socket" = xyes +then : ac_need_libsocket=1 -else +else $as_nop ac_try_nsl=1 fi @@ -6117,11 +7313,12 @@ if test x$ac_need_libsocket = x1; then sh_libsocket="-lsocket" fi if test x$ac_try_nsl = x1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 -$as_echo_n "checking for gethostbyname in -lnsl... " >&6; } -if ${ac_cv_lib_nsl_gethostbyname+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in -lnsl" >&5 +printf %s "checking for gethostbyname in -lnsl... " >&6; } +if test ${ac_cv_lib_nsl_gethostbyname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6130,30 +7327,29 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char gethostbyname (); int -main () +main (void) { return gethostbyname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_nsl_gethostbyname=yes -else +else $as_nop ac_cv_lib_nsl_gethostbyname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 -$as_echo "$ac_cv_lib_nsl_gethostbyname" >&6; } -if test "x$ac_cv_lib_nsl_gethostbyname" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyname" >&5 +printf "%s\n" "$ac_cv_lib_nsl_gethostbyname" >&6; } +if test "x$ac_cv_lib_nsl_gethostbyname" = xyes +then : ac_need_libnsl=1 fi @@ -6164,11 +7360,12 @@ fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_search in -lsocket" >&5 -$as_echo_n "checking for res_search in -lsocket... " >&6; } -if ${ac_cv_lib_socket_res_search+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for res_search in -lsocket" >&5 +printf %s "checking for res_search in -lsocket... " >&6; } +if test ${ac_cv_lib_socket_res_search+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6177,36 +7374,36 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char res_search (); int -main () +main (void) { return res_search (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_socket_res_search=yes -else +else $as_nop ac_cv_lib_socket_res_search=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_res_search" >&5 -$as_echo "$ac_cv_lib_socket_res_search" >&6; } -if test "x$ac_cv_lib_socket_res_search" = xyes; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 -$as_echo_n "checking for dn_skipname in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_dn_skipname+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_socket_res_search" >&5 +printf "%s\n" "$ac_cv_lib_socket_res_search" >&6; } +if test "x$ac_cv_lib_socket_res_search" = xyes +then : + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 +printf %s "checking for dn_skipname in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv_dn_skipname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6215,43 +7412,41 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dn_skipname (); int -main () +main (void) { return dn_skipname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_resolv_dn_skipname=yes -else +else $as_nop ac_cv_lib_resolv_dn_skipname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 -$as_echo "$ac_cv_lib_resolv_dn_skipname" >&6; } -if test "x$ac_cv_lib_resolv_dn_skipname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESOLV 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 +printf "%s\n" "$ac_cv_lib_resolv_dn_skipname" >&6; } +if test "x$ac_cv_lib_resolv_dn_skipname" = xyes +then : + printf "%s\n" "#define HAVE_LIBRESOLV 1" >>confdefs.h LIBS="-lresolv $LIBS" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 -$as_echo_n "checking for __dn_skipname in -lresolv... " >&6; } -if ${ac_cv_lib_resolv___dn_skipname+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 +printf %s "checking for __dn_skipname in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv___dn_skipname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6260,33 +7455,30 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char __dn_skipname (); int -main () +main (void) { return __dn_skipname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_resolv___dn_skipname=yes -else +else $as_nop ac_cv_lib_resolv___dn_skipname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 -$as_echo "$ac_cv_lib_resolv___dn_skipname" >&6; } -if test "x$ac_cv_lib_resolv___dn_skipname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESOLV 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 +printf "%s\n" "$ac_cv_lib_resolv___dn_skipname" >&6; } +if test "x$ac_cv_lib_resolv___dn_skipname" = xyes +then : + printf "%s\n" "#define HAVE_LIBRESOLV 1" >>confdefs.h LIBS="-lresolv $LIBS" @@ -6298,13 +7490,14 @@ fi LIBS="$LIBS -lsocket" fi -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_search in -lresolv" >&5 -$as_echo_n "checking for res_search in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_res_search+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for res_search in -lresolv" >&5 +printf %s "checking for res_search in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv_res_search+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6313,40 +7506,40 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char res_search (); int -main () +main (void) { return res_search (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_resolv_res_search=yes -else +else $as_nop ac_cv_lib_resolv_res_search=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_search" >&5 -$as_echo "$ac_cv_lib_resolv_res_search" >&6; } -if test "x$ac_cv_lib_resolv_res_search" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_res_search" >&5 +printf "%s\n" "$ac_cv_lib_resolv_res_search" >&6; } +if test "x$ac_cv_lib_resolv_res_search" = xyes +then : LIBS="$LIBS -lresolv" -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 -$as_echo_n "checking for dn_skipname in -lresolv... " >&6; } -if ${ac_cv_lib_resolv_dn_skipname+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for dn_skipname in -lresolv" >&5 +printf %s "checking for dn_skipname in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv_dn_skipname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6355,43 +7548,41 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char dn_skipname (); int -main () +main (void) { return dn_skipname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_resolv_dn_skipname=yes -else +else $as_nop ac_cv_lib_resolv_dn_skipname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 -$as_echo "$ac_cv_lib_resolv_dn_skipname" >&6; } -if test "x$ac_cv_lib_resolv_dn_skipname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESOLV 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv_dn_skipname" >&5 +printf "%s\n" "$ac_cv_lib_resolv_dn_skipname" >&6; } +if test "x$ac_cv_lib_resolv_dn_skipname" = xyes +then : + printf "%s\n" "#define HAVE_LIBRESOLV 1" >>confdefs.h LIBS="-lresolv $LIBS" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 -$as_echo_n "checking for __dn_skipname in -lresolv... " >&6; } -if ${ac_cv_lib_resolv___dn_skipname+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __dn_skipname in -lresolv" >&5 +printf %s "checking for __dn_skipname in -lresolv... " >&6; } +if test ${ac_cv_lib_resolv___dn_skipname+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6400,33 +7591,30 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char __dn_skipname (); int -main () +main (void) { return __dn_skipname (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_resolv___dn_skipname=yes -else +else $as_nop ac_cv_lib_resolv___dn_skipname=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 -$as_echo "$ac_cv_lib_resolv___dn_skipname" >&6; } -if test "x$ac_cv_lib_resolv___dn_skipname" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESOLV 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_resolv___dn_skipname" >&5 +printf "%s\n" "$ac_cv_lib_resolv___dn_skipname" >&6; } +if test "x$ac_cv_lib_resolv___dn_skipname" = xyes +then : + printf "%s\n" "#define HAVE_LIBRESOLV 1" >>confdefs.h LIBS="-lresolv $LIBS" @@ -6439,17 +7627,18 @@ fi fi -for ac_func in getnameinfo getaddrinfo -do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` -ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : - cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 -_ACEOF +ac_fn_c_check_func "$LINENO" "getnameinfo" "ac_cv_func_getnameinfo" +if test "x$ac_cv_func_getnameinfo" = xyes +then : + printf "%s\n" "#define HAVE_GETNAMEINFO 1" >>confdefs.h + +fi +ac_fn_c_check_func "$LINENO" "getaddrinfo" "ac_cv_func_getaddrinfo" +if test "x$ac_cv_func_getaddrinfo" = xyes +then : + printf "%s\n" "#define HAVE_GETADDRINFO 1" >>confdefs.h fi -done @@ -6457,11 +7646,12 @@ sh_auparse=no if test "x$ac_cv_header_auparse_h" = "xyes" then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for auparse_find_field in -lauparse" >&5 -$as_echo_n "checking for auparse_find_field in -lauparse... " >&6; } -if ${ac_cv_lib_auparse_auparse_find_field+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for auparse_find_field in -lauparse" >&5 +printf %s "checking for auparse_find_field in -lauparse... " >&6; } +if test ${ac_cv_lib_auparse_auparse_find_field+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lauparse $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6470,35 +7660,34 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char auparse_find_field (); int -main () +main (void) { return auparse_find_field (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_auparse_auparse_find_field=yes -else +else $as_nop ac_cv_lib_auparse_auparse_find_field=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_auparse_auparse_find_field" >&5 -$as_echo "$ac_cv_lib_auparse_auparse_find_field" >&6; } -if test "x$ac_cv_lib_auparse_auparse_find_field" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_auparse_auparse_find_field" >&5 +printf "%s\n" "$ac_cv_lib_auparse_auparse_find_field" >&6; } +if test "x$ac_cv_lib_auparse_auparse_find_field" = xyes +then : LIBS="$LIBS -lauparse" sh_auparse=yes -$as_echo "#define HAVE_AUPARSE_LIB 1" >>confdefs.h +printf "%s\n" "#define HAVE_AUPARSE_LIB 1" >>confdefs.h fi @@ -6507,8 +7696,8 @@ fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 -$as_echo_n "checking for socklen_t... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for socklen_t" >&5 +printf %s "checking for socklen_t... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6521,27 +7710,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext socklen_t x; int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -cat >>confdefs.h <<_ACEOF -#define ACCEPT_TYPE_ARG3 socklen_t -_ACEOF +printf "%s\n" "#define ACCEPT_TYPE_ARG3 socklen_t" >>confdefs.h -$as_echo "#define HAVE_SOCKLEN_T 1" >>confdefs.h +printf "%s\n" "#define HAVE_SOCKLEN_T 1" >>confdefs.h -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6555,69 +7743,63 @@ else int accept (int, struct sockaddr *, size_t *); int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: size_t" >&5 -$as_echo "size_t" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: size_t" >&5 +printf "%s\n" "size_t" >&6; } -cat >>confdefs.h <<_ACEOF -#define ACCEPT_TYPE_ARG3 size_t -_ACEOF +printf "%s\n" "#define ACCEPT_TYPE_ARG3 size_t" >>confdefs.h -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: int" >&5 -$as_echo "int" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: int" >&5 +printf "%s\n" "int" >&6; } -cat >>confdefs.h <<_ACEOF -#define ACCEPT_TYPE_ARG3 int -_ACEOF +printf "%s\n" "#define ACCEPT_TYPE_ARG3 int" >>confdefs.h fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext # Check whether --enable-selinux was given. -if test "${enable_selinux+set}" = set; then : +if test ${enable_selinux+y} +then : enableval=$enable_selinux; -else +else $as_nop enable_selinux=check fi if test "x$enable_selinux" != xno; then - for ac_header in attr/xattr.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "attr/xattr.h" "ac_cv_header_attr_xattr_h" "$ac_includes_default" -if test "x$ac_cv_header_attr_xattr_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_ATTR_XATTR_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "attr/xattr.h" "ac_cv_header_attr_xattr_h" "$ac_includes_default" +if test "x$ac_cv_header_attr_xattr_h" = xyes +then : + printf "%s\n" "#define HAVE_ATTR_XATTR_H 1" >>confdefs.h fi -done - if test $ac_cv_header_attr_xattr_h = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getxattr in -lattr" >&5 -$as_echo_n "checking for getxattr in -lattr... " >&6; } -if ${ac_cv_lib_attr_getxattr+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for getxattr in -lattr" >&5 +printf %s "checking for getxattr in -lattr... " >&6; } +if test ${ac_cv_lib_attr_getxattr+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lattr $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6626,32 +7808,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char getxattr (); int -main () +main (void) { return getxattr (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_attr_getxattr=yes -else +else $as_nop ac_cv_lib_attr_getxattr=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_getxattr" >&5 -$as_echo "$ac_cv_lib_attr_getxattr" >&6; } -if test "x$ac_cv_lib_attr_getxattr" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_attr_getxattr" >&5 +printf "%s\n" "$ac_cv_lib_attr_getxattr" >&6; } +if test "x$ac_cv_lib_attr_getxattr" = xyes +then : sh_lattr=yes -else +else $as_nop sh_lattr=no fi @@ -6663,32 +7844,34 @@ fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBATTR" - for ac_func in getxattr lgetxattr fgetxattr + + for ac_func in getxattr lgetxattr fgetxattr do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF sh_fattr=yes -else +else $as_nop sh_fattr=no fi -done +done LIBS="$OLDLIBS" fi if test x"$sh_fattr" = xyes; then -$as_echo "#define USE_XATTR 1" >>confdefs.h +printf "%s\n" "#define USE_XATTR 1" >>confdefs.h LIBS="$LIBS $LIBATTR" else if test "x$enable_selinux" != xcheck; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "--enable-selinux was given, but test for selinux support failed See \`config.log' for more details" "$LINENO" 5; } fi @@ -6697,33 +7880,30 @@ See \`config.log' for more details" "$LINENO" 5; } fi # Check whether --enable-posix-acl was given. -if test "${enable_posix_acl+set}" = set; then : +if test ${enable_posix_acl+y} +then : enableval=$enable_posix_acl; -else +else $as_nop enable_posix_acl=check fi if test "x$enable_posix_acl" != xno; then - for ac_header in sys/acl.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "sys/acl.h" "ac_cv_header_sys_acl_h" "$ac_includes_default" -if test "x$ac_cv_header_sys_acl_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_SYS_ACL_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "sys/acl.h" "ac_cv_header_sys_acl_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_acl_h" = xyes +then : + printf "%s\n" "#define HAVE_SYS_ACL_H 1" >>confdefs.h fi -done - if test $ac_cv_header_sys_acl_h = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for acl_get_file in -lacl" >&5 -$as_echo_n "checking for acl_get_file in -lacl... " >&6; } -if ${ac_cv_lib_acl_acl_get_file+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for acl_get_file in -lacl" >&5 +printf %s "checking for acl_get_file in -lacl... " >&6; } +if test ${ac_cv_lib_acl_acl_get_file+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lacl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6732,32 +7912,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char acl_get_file (); int -main () +main (void) { return acl_get_file (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_acl_acl_get_file=yes -else +else $as_nop ac_cv_lib_acl_acl_get_file=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_acl_acl_get_file" >&5 -$as_echo "$ac_cv_lib_acl_acl_get_file" >&6; } -if test "x$ac_cv_lib_acl_acl_get_file" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_acl_acl_get_file" >&5 +printf "%s\n" "$ac_cv_lib_acl_acl_get_file" >&6; } +if test "x$ac_cv_lib_acl_acl_get_file" = xyes +then : sh_lacl=yes -else +else $as_nop sh_lacl=no fi @@ -6769,32 +7948,34 @@ fi OLDLIBS="$LIBS" LIBS="$LIBS $LIBACL" - for ac_func in acl_free acl_get_file acl_get_fd + + for ac_func in acl_free acl_get_file acl_get_fd do : - as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` + as_ac_var=`printf "%s\n" "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -if eval test \"x\$"$as_ac_var"\" = x"yes"; then : +if eval test \"x\$"$as_ac_var"\" = x"yes" +then : cat >>confdefs.h <<_ACEOF -#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +#define `printf "%s\n" "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF sh_facl=yes -else +else $as_nop sh_facl=no fi -done +done LIBS="$OLDLIBS" fi if test x"$sh_facl" = xyes; then -$as_echo "#define USE_ACL 1" >>confdefs.h +printf "%s\n" "#define USE_ACL 1" >>confdefs.h LIBS="$LIBS $LIBACL" else if test "x$enable_posix_acl" != xcheck; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "--enable-posix-acl was given, but test for acl support failed See \`config.log' for more details" "$LINENO" 5; } fi @@ -6805,11 +7986,12 @@ fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long double with more range or precision than double" >&5 -$as_echo_n "checking for long double with more range or precision than double... " >&6; } -if ${ac_cv_type_long_double_wider+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for long double with more range or precision than double" >&5 +printf %s "checking for long double with more range or precision than double... " >&6; } +if test ${ac_cv_type_long_double_wider+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <float.h> @@ -6826,7 +8008,7 @@ else } int -main () +main (void) { static int test_array [1 - 2 * !((0 < ((DBL_MAX_EXP < LDBL_MAX_EXP) + (DBL_MANT_DIG < LDBL_MANT_DIG) @@ -6841,34 +8023,36 @@ return test_array [0]; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_type_long_double_wider=yes -else +else $as_nop ac_cv_type_long_double_wider=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_double_wider" >&5 -$as_echo "$ac_cv_type_long_double_wider" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_double_wider" >&5 +printf "%s\n" "$ac_cv_type_long_double_wider" >&6; } if test $ac_cv_type_long_double_wider = yes; then -$as_echo "#define HAVE_LONG_DOUBLE_WIDER 1" >>confdefs.h +printf "%s\n" "#define HAVE_LONG_DOUBLE_WIDER 1" >>confdefs.h fi ac_cv_c_long_double=$ac_cv_type_long_double_wider if test $ac_cv_c_long_double = yes; then -$as_echo "#define HAVE_LONG_DOUBLE 1" >>confdefs.h +printf "%s\n" "#define HAVE_LONG_DOUBLE 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long typedef" >&5 -$as_echo_n "checking for long long typedef... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for long long typedef" >&5 +printf %s "checking for long long typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_long long | sed -e 's% %_%g'` - if eval \${$sh_cv_typedef_foo+:} false; then : - $as_echo_n "(cached) " >&6 -else + if eval test \${$sh_cv_typedef_foo+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6881,7 +8065,7 @@ else #include <inttypes.h> #endif int -main () +main (void) { #undef long long @@ -6891,31 +8075,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_cv_typedef=yes -else +else $as_nop sh_cv_typedef=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 -$as_echo "$sh_cv_typedef" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 +printf "%s\n" "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then -$as_echo "#define HAVE_LONG_LONG 1" >>confdefs.h +printf "%s\n" "#define HAVE_LONG_LONG 1" >>confdefs.h sh_HAVE_LONG_LONG=yes else sh_HAVE_LONG_LONG=no fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint16_t typedef" >&5 -$as_echo_n "checking for uint16_t typedef... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uint16_t typedef" >&5 +printf %s "checking for uint16_t typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_uint16_t | sed -e 's% %_%g'` - if eval \${$sh_cv_typedef_foo+:} false; then : - $as_echo_n "(cached) " >&6 -else + if eval test \${$sh_cv_typedef_foo+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6928,7 +8114,7 @@ else #include <inttypes.h> #endif int -main () +main (void) { #undef uint16_t @@ -6938,31 +8124,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_cv_typedef=yes -else +else $as_nop sh_cv_typedef=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 -$as_echo "$sh_cv_typedef" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 +printf "%s\n" "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then -$as_echo "#define HAVE_UINT16_T 1" >>confdefs.h +printf "%s\n" "#define HAVE_UINT16_T 1" >>confdefs.h sh_HAVE_UINT16_T=yes else sh_HAVE_UINT16_T=no fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint32_t typedef" >&5 -$as_echo_n "checking for uint32_t typedef... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uint32_t typedef" >&5 +printf %s "checking for uint32_t typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_uint32_t | sed -e 's% %_%g'` - if eval \${$sh_cv_typedef_foo+:} false; then : - $as_echo_n "(cached) " >&6 -else + if eval test \${$sh_cv_typedef_foo+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -6975,7 +8163,7 @@ else #include <inttypes.h> #endif int -main () +main (void) { #undef uint32_t @@ -6985,31 +8173,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_cv_typedef=yes -else +else $as_nop sh_cv_typedef=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 -$as_echo "$sh_cv_typedef" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 +printf "%s\n" "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then -$as_echo "#define HAVE_UINT32_T 1" >>confdefs.h +printf "%s\n" "#define HAVE_UINT32_T 1" >>confdefs.h sh_HAVE_UINT32_T=yes else sh_HAVE_UINT32_T=no fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uint64_t typedef" >&5 -$as_echo_n "checking for uint64_t typedef... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for uint64_t typedef" >&5 +printf %s "checking for uint64_t typedef... " >&6; } sh_cv_typedef_foo=`echo sh_cv_typedef_uint64_t | sed -e 's% %_%g'` - if eval \${$sh_cv_typedef_foo+:} false; then : - $as_echo_n "(cached) " >&6 -else + if eval test \${$sh_cv_typedef_foo+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7022,7 +8212,7 @@ else #include <inttypes.h> #endif int -main () +main (void) { #undef uint64_t @@ -7032,19 +8222,20 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_cv_typedef=yes -else +else $as_nop sh_cv_typedef=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 -$as_echo "$sh_cv_typedef" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_cv_typedef" >&5 +printf "%s\n" "$sh_cv_typedef" >&6; } if test "$sh_cv_typedef" = yes; then -$as_echo "#define HAVE_UINT64_T 1" >>confdefs.h +printf "%s\n" "#define HAVE_UINT64_T 1" >>confdefs.h sh_HAVE_UINT64_T=yes else @@ -7056,17 +8247,19 @@ if test "$sh_HAVE_LONG_LONG" = "yes"; then # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5 -$as_echo_n "checking size of unsigned long long... " >&6; } -if ${ac_cv_sizeof_unsigned_long_long+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned long long" >&5 +printf %s "checking size of unsigned long long... " >&6; } +if test ${ac_cv_sizeof_unsigned_long_long+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long long))" "ac_cv_sizeof_unsigned_long_long" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_unsigned_long_long" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long long) See \`config.log' for more details" "$LINENO" 5; } else @@ -7075,43 +8268,39 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5 -$as_echo "$ac_cv_sizeof_unsigned_long_long" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_long" >&5 +printf "%s\n" "$ac_cv_sizeof_unsigned_long_long" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long -_ACEOF +printf "%s\n" "#define SIZEOF_UNSIGNED_LONG_LONG $ac_cv_sizeof_unsigned_long_long" >>confdefs.h sh_sizeof_unsigned_long_long=`echo "$ac_cv_sizeof_unsigned_long_long" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_long_long" = "8"; then -$as_echo "#define HAVE_LONG_LONG_64 1" >>confdefs.h +printf "%s\n" "#define HAVE_LONG_LONG_64 1" >>confdefs.h fi fi ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" -if test "x$ac_cv_type_ptrdiff_t" = xyes; then : +if test "x$ac_cv_type_ptrdiff_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define ptrdiff_t long -_ACEOF +printf "%s\n" "#define ptrdiff_t long" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" -if test "x$ac_cv_type_size_t" = xyes; then : +if test "x$ac_cv_type_size_t" = xyes +then : -else +else $as_nop -cat >>confdefs.h <<_ACEOF -#define size_t unsigned int -_ACEOF +printf "%s\n" "#define size_t unsigned int" >>confdefs.h fi @@ -7119,17 +8308,19 @@ fi # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char *" >&5 -$as_echo_n "checking size of char *... " >&6; } -if ${ac_cv_sizeof_char_p+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char *))" "ac_cv_sizeof_char_p" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of char *" >&5 +printf %s "checking size of char *... " >&6; } +if test ${ac_cv_sizeof_char_p+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char *))" "ac_cv_sizeof_char_p" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_char_p" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (char *) See \`config.log' for more details" "$LINENO" 5; } else @@ -7138,31 +8329,31 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char_p" >&5 -$as_echo "$ac_cv_sizeof_char_p" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char_p" >&5 +printf "%s\n" "$ac_cv_sizeof_char_p" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_CHAR_P $ac_cv_sizeof_char_p -_ACEOF +printf "%s\n" "#define SIZEOF_CHAR_P $ac_cv_sizeof_char_p" >>confdefs.h # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 -$as_echo_n "checking size of size_t... " >&6; } -if ${ac_cv_sizeof_size_t+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5 +printf %s "checking size of size_t... " >&6; } +if test ${ac_cv_sizeof_size_t+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_size_t" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (size_t) See \`config.log' for more details" "$LINENO" 5; } else @@ -7171,14 +8362,12 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 -$as_echo "$ac_cv_sizeof_size_t" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5 +printf "%s\n" "$ac_cv_sizeof_size_t" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t -_ACEOF +printf "%s\n" "#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t" >>confdefs.h @@ -7186,17 +8375,19 @@ _ACEOF # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 -$as_echo_n "checking size of unsigned long... " >&6; } -if ${ac_cv_sizeof_unsigned_long+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned long" >&5 +printf %s "checking size of unsigned long... " >&6; } +if test ${ac_cv_sizeof_unsigned_long+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long))" "ac_cv_sizeof_unsigned_long" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_unsigned_long" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned long) See \`config.log' for more details" "$LINENO" 5; } else @@ -7205,31 +8396,31 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 -$as_echo "$ac_cv_sizeof_unsigned_long" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long" >&5 +printf "%s\n" "$ac_cv_sizeof_unsigned_long" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long -_ACEOF +printf "%s\n" "#define SIZEOF_UNSIGNED_LONG $ac_cv_sizeof_unsigned_long" >>confdefs.h # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 -$as_echo_n "checking size of unsigned int... " >&6; } -if ${ac_cv_sizeof_unsigned_int+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 +printf %s "checking size of unsigned int... " >&6; } +if test ${ac_cv_sizeof_unsigned_int+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_unsigned_int" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned int) See \`config.log' for more details" "$LINENO" 5; } else @@ -7238,31 +8429,31 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 -$as_echo "$ac_cv_sizeof_unsigned_int" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 +printf "%s\n" "$ac_cv_sizeof_unsigned_int" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int -_ACEOF +printf "%s\n" "#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int" >>confdefs.h # The cast to long int works around a bug in the HP C Compiler # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. # This bug is HP SR number 8606223364. -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5 -$as_echo_n "checking size of unsigned short... " >&6; } -if ${ac_cv_sizeof_unsigned_short+:} false; then : - $as_echo_n "(cached) " >&6 -else - if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short" "$ac_includes_default"; then : - -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking size of unsigned short" >&5 +printf %s "checking size of unsigned short... " >&6; } +if test ${ac_cv_sizeof_unsigned_short+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned short))" "ac_cv_sizeof_unsigned_short" "$ac_includes_default" +then : + +else $as_nop if test "$ac_cv_type_unsigned_short" = yes; then - { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 -$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { { printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +printf "%s\n" "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "cannot compute sizeof (unsigned short) See \`config.log' for more details" "$LINENO" 5; } else @@ -7271,35 +8462,33 @@ See \`config.log' for more details" "$LINENO" 5; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5 -$as_echo "$ac_cv_sizeof_unsigned_short" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_short" >&5 +printf "%s\n" "$ac_cv_sizeof_unsigned_short" >&6; } -cat >>confdefs.h <<_ACEOF -#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short -_ACEOF +printf "%s\n" "#define SIZEOF_UNSIGNED_SHORT $ac_cv_sizeof_unsigned_short" >>confdefs.h sh_sizeof_unsigned_long=`echo "$ac_cv_sizeof_unsigned_long" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_long" = "4"; then - $as_echo "#define HAVE_LONG_32 1" >>confdefs.h + printf "%s\n" "#define HAVE_LONG_32 1" >>confdefs.h fi if test "$sh_sizeof_unsigned_long" = "8"; then - $as_echo "#define HAVE_LONG_64 1" >>confdefs.h + printf "%s\n" "#define HAVE_LONG_64 1" >>confdefs.h fi sh_sizeof_unsigned_int=`echo "$ac_cv_sizeof_unsigned_int" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_int" = "4"; then - $as_echo "#define HAVE_INT_32 1" >>confdefs.h + printf "%s\n" "#define HAVE_INT_32 1" >>confdefs.h fi sh_sizeof_unsigned_short=`echo "$ac_cv_sizeof_unsigned_short" | sed 's%^0-9%%g'` if test "$sh_sizeof_unsigned_short" = "4"; then - $as_echo "#define HAVE_SHORT_32 1" >>confdefs.h + printf "%s\n" "#define HAVE_SHORT_32 1" >>confdefs.h fi @@ -7313,15 +8502,16 @@ samhain_64_asm=no if test "x$ac_cv_sizeof_unsigned_long" = x4; then if test "x$ac_cv_sizeof_unsigned_long_long" = x8; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a known 64 bit programming environment" >&5 -$as_echo_n "checking for a known 64 bit programming environment... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for a known 64 bit programming environment" >&5 +printf %s "checking for a known 64 bit programming environment... " >&6; } # Compile and run a program that determines the programming environment - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7355,18 +8545,19 @@ choke me _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : # Program compiled and ran, so get version by adding argument. samhain_prg_ENV=`./conftest$ac_exeext x` samhain_64=yes - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_prg_ENV" >&5 -$as_echo "$samhain_prg_ENV" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $samhain_prg_ENV" >&5 +printf "%s\n" "$samhain_prg_ENV" >&6; } -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 -$as_echo "none" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: none" >&5 +printf "%s\n" "none" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -7381,8 +8572,8 @@ fi # if GCC and __i386__, use precompiled assembler # if test "x$GCC" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-apple non-cygwin i386" >&5 -$as_echo_n "checking for non-apple non-cygwin i386... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for non-apple non-cygwin i386" >&5 +printf %s "checking for non-apple non-cygwin i386... " >&6; } samhain_i386=no $CC -E -dM - < /dev/null | egrep '__i386__' >/dev/null 2>&1 if test $? = 0; then @@ -7395,41 +8586,43 @@ $as_echo_n "checking for non-apple non-cygwin i386... " >&6; } ;; esac fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_i386" >&5 -$as_echo "$samhain_i386" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $samhain_i386" >&5 +printf "%s\n" "$samhain_i386" >&6; } if test "x$samhain_i386" = xyes; then if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 -$as_echo_n "checking whether ${CC} accepts -pie -fPIE... " >&6; } -if ${pie_cv_cc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 +printf %s "checking whether ${CC} accepts -pie -fPIE... " >&6; } +if test ${pie_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop pie_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -pie -fPIE" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : pie_cv_cc=yes -else +else $as_nop pie_cv_cc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$pie_old_cflags" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 -$as_echo "$pie_cv_cc" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 +printf "%s\n" "$pie_cv_cc" >&6; } if test $pie_cv_cc = yes; then case "$host_os" in *cygwin*) @@ -7445,7 +8638,7 @@ $as_echo "$pie_cv_cc" >&6; } if test $pie_cv_cc = yes; then tiger_src=sh_tiger1.s -$as_echo "#define TIGER_32_BIT_S 1" >>confdefs.h +printf "%s\n" "#define TIGER_32_BIT_S 1" >>confdefs.h fi fi @@ -7472,14 +8665,15 @@ else case "$host_os" in *linux*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 -$as_echo_n "checking for x86_64... " >&6; } - if test "$cross_compiling" = yes; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 +printf %s "checking for x86_64... " >&6; } + if test "$cross_compiling" = yes +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7491,18 +8685,19 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -7513,14 +8708,15 @@ fi ;; *bsd*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 -$as_echo_n "checking for x86_64... " >&6; } - if test "$cross_compiling" = yes; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 +printf %s "checking for x86_64... " >&6; } + if test "$cross_compiling" = yes +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7532,18 +8728,19 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -7554,14 +8751,15 @@ fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 -$as_echo_n "checking for x86_64... " >&6; } - if test "$cross_compiling" = yes; then : + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for x86_64" >&5 +printf %s "checking for x86_64... " >&6; } + if test "$cross_compiling" = yes +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7573,18 +8771,19 @@ return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } samhain_64=yes tiger_src=sh_tiger1_64.c samhain_64_asm=yes -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -7599,34 +8798,35 @@ fi fi if test "x$samhain_64" = xyes; then -$as_echo "#define TIGER_64_BIT 1" >>confdefs.h +printf "%s\n" "#define TIGER_64_BIT 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64 bit environment" >&5 -$as_echo_n "checking for 64 bit environment... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $samhain_64" >&5 -$as_echo "$samhain_64" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for tiger source to use" >&5 -$as_echo_n "checking for tiger source to use... " >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $tiger_src" >&5 -$as_echo "$tiger_src" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for 64 bit environment" >&5 +printf %s "checking for 64 bit environment... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $samhain_64" >&5 +printf "%s\n" "$samhain_64" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for tiger source to use" >&5 +printf %s "checking for tiger source to use... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $tiger_src" >&5 +printf "%s\n" "$tiger_src" >&6; } -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 -$as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } -if ${ac_cv_struct_tm+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 +printf %s "checking whether struct tm is in sys/time.h or time.h... " >&6; } +if test ${ac_cv_struct_tm+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/types.h> #include <time.h> int -main () +main (void) { struct tm tm; int *p = &tm.tm_sec; @@ -7635,83 +8835,88 @@ struct tm tm; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_struct_tm=time.h -else +else $as_nop ac_cv_struct_tm=sys/time.h fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 -$as_echo "$ac_cv_struct_tm" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 +printf "%s\n" "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then -$as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h +printf "%s\n" "#define TM_IN_SYS_TIME 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct stat has a st_flags field" >&5 -$as_echo_n "checking whether struct stat has a st_flags field... " >&6; } -if ${e2fsprogs_cv_struct_st_flags+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether struct stat has a st_flags field" >&5 +printf %s "checking whether struct stat has a st_flags field... " >&6; } +if test ${e2fsprogs_cv_struct_st_flags+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/stat.h> int -main () +main (void) { struct stat stat; stat.st_flags = 0; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : e2fsprogs_cv_struct_st_flags=yes -else +else $as_nop e2fsprogs_cv_struct_st_flags=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags" >&5 -$as_echo "$e2fsprogs_cv_struct_st_flags" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags" >&5 +printf "%s\n" "$e2fsprogs_cv_struct_st_flags" >&6; } if test "$e2fsprogs_cv_struct_st_flags" = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether st_flags field is useful" >&5 -$as_echo_n "checking whether st_flags field is useful... " >&6; } - if ${e2fsprogs_cv_struct_st_flags_immut+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether st_flags field is useful" >&5 +printf %s "checking whether st_flags field is useful... " >&6; } + if test ${e2fsprogs_cv_struct_st_flags_immut+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <sys/stat.h> int -main () +main (void) { struct stat stat; stat.st_flags |= UF_IMMUTABLE; ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : e2fsprogs_cv_struct_st_flags_immut=yes -else +else $as_nop e2fsprogs_cv_struct_st_flags_immut=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags_immut" >&5 -$as_echo "$e2fsprogs_cv_struct_st_flags_immut" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $e2fsprogs_cv_struct_st_flags_immut" >&5 +printf "%s\n" "$e2fsprogs_cv_struct_st_flags_immut" >&6; } if test "$e2fsprogs_cv_struct_st_flags_immut" = yes; then - $as_echo "#define HAVE_STAT_FLAGS 1" >>confdefs.h + printf "%s\n" "#define HAVE_STAT_FLAGS 1" >>confdefs.h fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct cmsgcred" >&5 -$as_echo_n "checking for struct cmsgcred... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct cmsgcred" >&5 +printf %s "checking for struct cmsgcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7719,7 +8924,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/socket.h> int -main () +main (void) { struct cmsgcred cred; @@ -7730,23 +8935,24 @@ cred.cmcred_pid = 0; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_have_struct_cmsgcred=yes -else +else $as_nop sh_have_struct_cmsgcred=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_cmsgcred" >&5 -$as_echo "$sh_have_struct_cmsgcred" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_cmsgcred" >&5 +printf "%s\n" "$sh_have_struct_cmsgcred" >&6; } if test x$sh_have_struct_cmsgcred = xyes; then -$as_echo "#define HAVE_STRUCT_CMSGCRED 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_CMSGCRED 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct fcred" >&5 -$as_echo_n "checking for struct fcred... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct fcred" >&5 +printf %s "checking for struct fcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7755,7 +8961,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/ucred.h> int -main () +main (void) { struct fcred sockcred; @@ -7764,23 +8970,24 @@ struct fcred sockcred; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_have_struct_fcred=yes -else +else $as_nop sh_have_struct_fcred=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_fcred" >&5 -$as_echo "$sh_have_struct_fcred" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_fcred" >&5 +printf "%s\n" "$sh_have_struct_fcred" >&6; } if test x$sh_have_struct_fcred = xyes; then -$as_echo "#define HAVE_STRUCT_FCRED 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_FCRED 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct sockcred" >&5 -$as_echo_n "checking for struct sockcred... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for struct sockcred" >&5 +printf %s "checking for struct sockcred... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7789,7 +8996,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/ucred.h> int -main () +main (void) { struct sockcred sockcred; @@ -7798,23 +9005,24 @@ struct sockcred sockcred; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_have_struct_sockcred=yes -else +else $as_nop sh_have_struct_sockcred=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_sockcred" >&5 -$as_echo "$sh_have_struct_sockcred" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_have_struct_sockcred" >&5 +printf "%s\n" "$sh_have_struct_sockcred" >&6; } if test x$sh_have_struct_sockcred = xyes; then -$as_echo "#define HAVE_STRUCT_SOCKCRED 1" >>confdefs.h +printf "%s\n" "#define HAVE_STRUCT_SOCKCRED 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SO_PEERCRED" >&5 -$as_echo_n "checking for SO_PEERCRED... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SO_PEERCRED" >&5 +printf %s "checking for SO_PEERCRED... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -7822,7 +9030,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #include <sys/socket.h> int -main () +main (void) { int test = SO_PEERCRED; @@ -7831,48 +9039,81 @@ int test = SO_PEERCRED; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : sh_have_SO_PEERCRED=yes -else +else $as_nop sh_have_SO_PEERCRED=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $sh_have_SO_PEERCRED" >&5 -$as_echo "$sh_have_SO_PEERCRED" >&6; } +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_have_SO_PEERCRED" >&5 +printf "%s\n" "$sh_have_SO_PEERCRED" >&6; } if test x$sh_have_SO_PEERCRED = xyes; then -$as_echo "#define HAVE_SO_PEERCRED 1" >>confdefs.h +printf "%s\n" "#define HAVE_SO_PEERCRED 1" >>confdefs.h fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for union semun" >&5 +printf %s "checking for union semun... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <sys/types.h> +#include <sys/ipc.h> +#include <sys/sem.h> +int +main (void) +{ +union semun foo; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + sh_have_semun=yes +else $as_nop + sh_have_semun=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $sh_have_semun" >&5 +printf "%s\n" "$sh_have_semun" >&6; } +if test x$sh_have_semun = xyes +then + +printf "%s\n" "#define HAVE_UNION_SEMUN 1" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 -$as_echo_n "checking for inline... " >&6; } -if ${ac_cv_c_inline+:} false; then : - $as_echo_n "(cached) " >&6 -else +fi + +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +printf %s "checking for inline... " >&6; } +if test ${ac_cv_c_inline+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; -static $ac_kw foo_t static_foo () {return 0; } -$ac_kw foo_t foo () {return 0; } +static $ac_kw foo_t static_foo (void) {return 0; } +$ac_kw foo_t foo (void) {return 0; } #endif _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_inline=$ac_kw fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 -$as_echo "$ac_cv_c_inline" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +printf "%s\n" "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; @@ -7889,16 +9130,17 @@ _ACEOF ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 -$as_echo_n "checking for an ANSI C-conforming const... " >&6; } -if ${ac_cv_c_const+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 +printf %s "checking for an ANSI C-conforming const... " >&6; } +if test ${ac_cv_c_const+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { #ifndef __cplusplus @@ -7911,7 +9153,7 @@ main () /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; - /* AIX XL C 1.02.0.0 rejects this. + /* IBM XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ @@ -7939,7 +9181,7 @@ main () iptr p = 0; ++p; } - { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying + { /* IBM XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; @@ -7955,26 +9197,28 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_const=yes -else +else $as_nop ac_cv_c_const=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 -$as_echo "$ac_cv_c_const" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 +printf "%s\n" "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then -$as_echo "#define const /**/" >>confdefs.h +printf "%s\n" "#define const /**/" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 -$as_echo_n "checking whether byte ordering is bigendian... " >&6; } -if ${ac_cv_c_bigendian+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +printf %s "checking whether byte ordering is bigendian... " >&6; } +if test ${ac_cv_c_bigendian+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_c_bigendian=unknown # See if we're dealing with a universal compiler. cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -7985,7 +9229,8 @@ else typedef int dummy; _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : # Check for potential -arch flags. It is not universal unless # there are at least two -arch flags with different values. @@ -8009,7 +9254,7 @@ if ac_fn_c_try_compile "$LINENO"; then : fi done fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then # See if sys/param.h defines the BYTE_ORDER macro. cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -8018,7 +9263,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext #include <sys/param.h> int -main () +main (void) { #if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ @@ -8030,7 +9275,8 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : # It does; now see whether it defined to BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8038,7 +9284,7 @@ if ac_fn_c_try_compile "$LINENO"; then : #include <sys/param.h> int -main () +main (void) { #if BYTE_ORDER != BIG_ENDIAN not big endian @@ -8048,14 +9294,15 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_bigendian=yes -else +else $as_nop ac_cv_c_bigendian=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). @@ -8064,7 +9311,7 @@ rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext #include <limits.h> int -main () +main (void) { #if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) bogus endian macros @@ -8074,14 +9321,15 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : # It does; now see whether it defined to _BIG_ENDIAN or not. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <limits.h> int -main () +main (void) { #ifndef _BIG_ENDIAN not big endian @@ -8091,31 +9339,33 @@ main () return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_bigendian=yes -else +else $as_nop ac_cv_c_bigendian=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $ac_cv_c_bigendian = unknown; then # Compile a test program. - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : # Try to guess by grepping values from an object file. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -short int ascii_mm[] = +unsigned short int ascii_mm[] = { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; - short int ascii_ii[] = + unsigned short int ascii_ii[] = { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; int use_ascii (int i) { return ascii_mm[i] + ascii_ii[i]; } - short int ebcdic_ii[] = + unsigned short int ebcdic_ii[] = { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; - short int ebcdic_mm[] = + unsigned short int ebcdic_mm[] = { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; int use_ebcdic (int i) { return ebcdic_mm[i] + ebcdic_ii[i]; @@ -8123,14 +9373,15 @@ short int ascii_mm[] = extern int foo; int -main () +main (void) { return use_ascii (foo) == use_ebcdic (foo); ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then ac_cv_c_bigendian=yes fi @@ -8143,13 +9394,13 @@ if ac_fn_c_try_compile "$LINENO"; then : fi fi fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -else +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int -main () +main (void) { /* Are we little or big endian? From Harbison&Steele. */ @@ -8165,9 +9416,10 @@ main () return 0; } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : ac_cv_c_bigendian=no -else +else $as_nop ac_cv_c_bigendian=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -8176,17 +9428,17 @@ fi fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 -$as_echo "$ac_cv_c_bigendian" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +printf "%s\n" "$ac_cv_c_bigendian" >&6; } case $ac_cv_c_bigendian in #( yes) - $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h + printf "%s\n" "#define WORDS_BIGENDIAN 1" >>confdefs.h ;; #( no) ;; #( universal) -$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h +printf "%s\n" "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h ;; #( *) @@ -8194,129 +9446,139 @@ $as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; esac -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5 -$as_echo_n "checking for C/C++ restrict keyword... " >&6; } -if ${ac_cv_c_restrict+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5 +printf %s "checking for C/C++ restrict keyword... " >&6; } +if test ${ac_cv_c_restrict+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_cv_c_restrict=no - # The order here caters to the fact that C++ does not require restrict. - for ac_kw in __restrict __restrict__ _Restrict restrict; do + # Put '__restrict__' first, to avoid problems with glibc and non-GCC; see: + # https://lists.gnu.org/archive/html/bug-autoconf/2016-02/msg00006.html + # Put 'restrict' last, because C++ lacks it. + for ac_kw in __restrict__ __restrict _Restrict restrict; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -typedef int * int_ptr; - int foo (int_ptr $ac_kw ip) { - return ip[0]; - } +typedef int *int_ptr; + int foo (int_ptr $ac_kw ip) { return ip[0]; } + int bar (int [$ac_kw]); /* Catch GCC bug 14050. */ + int bar (int ip[$ac_kw]) { return ip[0]; } + int -main () +main (void) { int s[1]; - int * $ac_kw t = s; - t[0] = 0; - return foo(t) + int *$ac_kw t = s; + t[0] = 0; + return foo (t) + bar (t); + ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ac_cv_c_restrict=$ac_kw fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext test "$ac_cv_c_restrict" != no && break done fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5 -$as_echo "$ac_cv_c_restrict" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5 +printf "%s\n" "$ac_cv_c_restrict" >&6; } case $ac_cv_c_restrict in restrict) ;; - no) $as_echo "#define restrict /**/" >>confdefs.h + no) printf "%s\n" "#define restrict /**/" >>confdefs.h ;; - *) cat >>confdefs.h <<_ACEOF -#define restrict $ac_cv_c_restrict -_ACEOF + *) printf "%s\n" "#define restrict $ac_cv_c_restrict" >>confdefs.h ;; esac am_cv_val_SA_SIGACTION=no - ac_fn_c_check_header_mongrel "$LINENO" "signal.h" "ac_cv_header_signal_h" "$ac_includes_default" -if test "x$ac_cv_header_signal_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "signal.h" "ac_cv_header_signal_h" "$ac_includes_default" +if test "x$ac_cv_header_signal_h" = xyes +then : if test $ac_cv_header_signal_h = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SI_USER in signal.h" >&5 -$as_echo_n "checking for SI_USER in signal.h... " >&6; } -if ${am_cv_val_SI_USER+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SI_USER in signal.h" >&5 +printf %s "checking for SI_USER in signal.h... " >&6; } +if test ${am_cv_val_SI_USER+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <signal.h> int -main () +main (void) { return SI_USER ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : am_cv_val_SI_USER=yes -else +else $as_nop am_cv_val_SI_USER=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SI_USER" >&5 -$as_echo "$am_cv_val_SI_USER" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SI_USER" >&5 +printf "%s\n" "$am_cv_val_SI_USER" >&6; } if test $am_cv_val_SI_USER = yes; then -$as_echo "#define HAVE_SI_USER 1" >>confdefs.h +printf "%s\n" "#define HAVE_SI_USER 1" >>confdefs.h fi fi if test $ac_cv_header_signal_h = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SA_SIGINFO in signal.h" >&5 -$as_echo_n "checking for SA_SIGINFO in signal.h... " >&6; } -if ${am_cv_val_SA_SIGINFO+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for SA_SIGINFO in signal.h" >&5 +printf %s "checking for SA_SIGINFO in signal.h... " >&6; } +if test ${am_cv_val_SA_SIGINFO+y} +then : + printf %s "(cached) " >&6 +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <signal.h> int -main () +main (void) { return SA_SIGINFO ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : am_cv_val_SA_SIGINFO=yes -else +else $as_nop am_cv_val_SA_SIGINFO=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SA_SIGINFO" >&5 -$as_echo "$am_cv_val_SA_SIGINFO" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $am_cv_val_SA_SIGINFO" >&5 +printf "%s\n" "$am_cv_val_SA_SIGINFO" >&6; } if test $am_cv_val_SA_SIGINFO = yes; then -$as_echo "#define HAVE_SA_SIGINFO 1" >>confdefs.h +printf "%s\n" "#define HAVE_SA_SIGINFO 1" >>confdefs.h fi fi if test $am_cv_val_SI_USER = yes && test $am_cv_val_SA_SIGINFO = yes then - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : am_cv_val_SA_SIGACTION=no -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -8372,9 +9634,10 @@ int main () return (0); } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : am_cv_val_SA_SIGACTION=yes -else +else $as_nop am_cv_val_SA_SIGACTION=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -8385,26 +9648,26 @@ fi fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether sa_sigaction is supported" >&5 -$as_echo_n "checking whether sa_sigaction is supported... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether sa_sigaction is supported" >&5 +printf %s "checking whether sa_sigaction is supported... " >&6; } if test $am_cv_val_SA_SIGACTION = yes then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define SA_SIGACTION_WORKS 1" >>confdefs.h +printf "%s\n" "#define SA_SIGACTION_WORKS 1" >>confdefs.h else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi # Check whether --enable-ssp was given. -if test "${enable_ssp+set}" = set; then : +if test ${enable_ssp+y} +then : enableval=$enable_ssp; -else +else $as_nop enable_ssp=yes; fi @@ -8416,36 +9679,38 @@ if test "x$GCC" = "xyes"; then : else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libssp exists" >&5 -$as_echo_n "checking whether libssp exists... " >&6; } -if ${ssp_cv_lib+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether libssp exists" >&5 +printf %s "checking whether libssp exists... " >&6; } +if test ${ssp_cv_lib+y} +then : + printf %s "(cached) " >&6 +else $as_nop ssp_old_libs="$LIBS" LIBS="$LIBS -lssp" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ssp_cv_lib=yes -else +else $as_nop ssp_cv_lib=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$ssp_old_libs" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_lib" >&5 -$as_echo "$ssp_cv_lib" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_lib" >&5 +printf "%s\n" "$ssp_cv_lib" >&6; } if test $ssp_cv_lib = yes; then LIBS="$LIBS -lssp" fi @@ -8453,78 +9718,123 @@ $as_echo "$ssp_cv_lib" >&6; } if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector-all" >&5 -$as_echo_n "checking whether ${CC} accepts -fstack-protector-all... " >&6; } -if ${ssp_cv_cc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector-strong" >&5 +printf %s "checking whether ${CC} accepts -fstack-protector-strong... " >&6; } +if test ${ssp_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -fstack-protector-strong" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ssp_cv_cc=yes -else +else $as_nop ssp_cv_cc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$ssp_old_cflags" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 -$as_echo "$ssp_cv_cc" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 +printf "%s\n" "$ssp_cv_cc" >&6; } if test $ssp_cv_cc = no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector" >&5 -$as_echo_n "checking whether ${CC} accepts -fstack-protector... " >&6; } -if ${ssp_cv_cc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector-all" >&5 +printf %s "checking whether ${CC} accepts -fstack-protector-all... " >&6; } +if test ${ssp_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop ssp_old_cflags="$CFLAGS" - CFLAGS="$CFLAGS -fstack-protector" + CFLAGS="$CFLAGS -fstack-protector-all" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : ssp_cv_cc=yes -else +else $as_nop ssp_cv_cc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$ssp_old_cflags" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 -$as_echo "$ssp_cv_cc" >&6; } - if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" - LDFLAGS="$LDFLAGS -fstack-protector" +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 +printf "%s\n" "$ssp_cv_cc" >&6; } + if test $ssp_cv_cc = no; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-protector" >&5 +printf %s "checking whether ${CC} accepts -fstack-protector... " >&6; } +if test ${ssp_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ssp_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-protector" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + ssp_cv_cc=yes +else $as_nop + ssp_cv_cc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS="$ssp_old_cflags" + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ssp_cv_cc" >&5 +printf "%s\n" "$ssp_cv_cc" >&6; } + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector" + LDFLAGS="$LDFLAGS -fstack-protector" + +printf "%s\n" "#define ENABLE_SSP_CC 1" >>confdefs.h -$as_echo "#define ENABLE_SSP_CC 1" >>confdefs.h + fi + else + if test $ssp_cv_cc = yes; then + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" + LDFLAGS="$LDFLAGS -fstack-protector-all" +printf "%s\n" "#define ENABLE_SSP_CC 1" >>confdefs.h + + fi fi else if test $ssp_cv_cc = yes; then - CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-all" - LDFLAGS="$LDFLAGS -fstack-protector-all" + CFLAGS="$CFLAGS -D_FORTIFY_SOURCE=2 -fstack-protector-strong" + LDFLAGS="$LDFLAGS -fstack-protector-strong" -$as_echo "#define ENABLE_SSP_CC 1" >>confdefs.h +printf "%s\n" "#define ENABLE_SSP_CC 1" >>confdefs.h fi fi @@ -8533,35 +9843,76 @@ $as_echo "#define ENABLE_SSP_CC 1" >>confdefs.h if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 -$as_echo_n "checking whether ${CC} accepts -pie -fPIE... " >&6; } -if ${pie_cv_cc+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fstack-clash-protection" >&5 +printf %s "checking whether ${CC} accepts -fstack-clash-protection... " >&6; } +if test ${stackcheck_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop + stackcheck_old_cflags="$CFLAGS" + CFLAGS="$CFLAGS -fstack-clash-protection" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + stackcheck_cv_cc=yes +else $as_nop + stackcheck_cv_cc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS="$stackcheck_old_cflags" + +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $stackcheck_cv_cc" >&5 +printf "%s\n" "$stackcheck_cv_cc" >&6; } + if test $stackcheck_cv_cc = yes; then + CFLAGS="$CFLAGS -fstack-clash-protection" + fi + fi + + + + if test "X$CC" != "X"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -pie -fPIE" >&5 +printf %s "checking whether ${CC} accepts -pie -fPIE... " >&6; } +if test ${pie_cv_cc+y} +then : + printf %s "(cached) " >&6 +else $as_nop pie_old_cflags="$CFLAGS" CFLAGS="$CFLAGS -pie -fPIE" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : pie_cv_cc=yes -else +else $as_nop pie_cv_cc=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$pie_old_cflags" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 -$as_echo "$pie_cv_cc" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $pie_cv_cc" >&5 +printf "%s\n" "$pie_cv_cc" >&6; } if test $pie_cv_cc = yes; then case "$host_os" in *cygwin*) @@ -8574,6 +9925,82 @@ $as_echo "$pie_cv_cc" >&6; } fi fi + + + if test "X$CC" != "X"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fexceptions" >&5 +printf %s "checking whether ${CC} accepts -fexceptions... " >&6; } + saved_cflags="$CFLAGS" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -fexceptions | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + flag_check_cv=yes +else $as_nop + flag_check_cv=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS="$saved_cflags" + if test $flag_check_cv = yes; then + CFLAGS="$CFLAGS -fexceptions" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + fi + + + + if test "X$CC" != "X"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -mcet -fcf-protection" >&5 +printf %s "checking whether ${CC} accepts -mcet -fcf-protection... " >&6; } + saved_cflags="$CFLAGS" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -mcet -fcf-protection | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main (void) +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO" +then : + flag_check_cv=yes +else $as_nop + flag_check_cv=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext + CFLAGS="$saved_cflags" + if test $flag_check_cv = yes; then + CFLAGS="$CFLAGS -mcet -fcf-protection" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } + else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + fi + fi + fi fi @@ -8582,15 +10009,16 @@ fi if test -d "/proc/$$" then -$as_echo "#define HAVE_PROCFS 1" >>confdefs.h +printf "%s\n" "#define HAVE_PROCFS 1" >>confdefs.h fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __gmpz_init in -lgmp" >&5 -$as_echo_n "checking for __gmpz_init in -lgmp... " >&6; } -if ${ac_cv_lib_gmp___gmpz_init+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __gmpz_init in -lgmp" >&5 +printf %s "checking for __gmpz_init in -lgmp... " >&6; } +if test ${ac_cv_lib_gmp___gmpz_init+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lgmp $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -8599,42 +10027,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char __gmpz_init (); int -main () +main (void) { return __gmpz_init (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_gmp___gmpz_init=yes -else +else $as_nop ac_cv_lib_gmp___gmpz_init=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp___gmpz_init" >&5 -$as_echo "$ac_cv_lib_gmp___gmpz_init" >&6; } -if test "x$ac_cv_lib_gmp___gmpz_init" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp___gmpz_init" >&5 +printf "%s\n" "$ac_cv_lib_gmp___gmpz_init" >&6; } +if test "x$ac_cv_lib_gmp___gmpz_init" = xyes +then : sh_have_gmp=yes -else +else $as_nop sh_have_gmp=no fi if test "x${sh_have_gmp}" = xno then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mpz_init in -lgmp" >&5 -$as_echo_n "checking for mpz_init in -lgmp... " >&6; } -if ${ac_cv_lib_gmp_mpz_init+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for mpz_init in -lgmp" >&5 +printf %s "checking for mpz_init in -lgmp... " >&6; } +if test ${ac_cv_lib_gmp_mpz_init+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lgmp $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -8643,32 +10071,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char mpz_init (); int -main () +main (void) { return mpz_init (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_gmp_mpz_init=yes -else +else $as_nop ac_cv_lib_gmp_mpz_init=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_mpz_init" >&5 -$as_echo "$ac_cv_lib_gmp_mpz_init" >&6; } -if test "x$ac_cv_lib_gmp_mpz_init" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp_mpz_init" >&5 +printf "%s\n" "$ac_cv_lib_gmp_mpz_init" >&6; } +if test "x$ac_cv_lib_gmp_mpz_init" = xyes +then : sh_have_gmp=yes -else +else $as_nop sh_have_gmp=no fi @@ -8677,47 +10104,40 @@ if test "x${sh_have_gmp}" = xyes then # LIBS="-lgmp $LIBS" -$as_echo "#define HAVE_LIBGMP 1" >>confdefs.h +printf "%s\n" "#define HAVE_LIBGMP 1" >>confdefs.h fi -for ac_header in gmp.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "gmp.h" "ac_cv_header_gmp_h" "$ac_includes_default" -if test "x$ac_cv_header_gmp_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_GMP_H 1 -_ACEOF +ac_fn_c_check_header_compile "$LINENO" "gmp.h" "ac_cv_header_gmp_h" "$ac_includes_default" +if test "x$ac_cv_header_gmp_h" = xyes +then : + printf "%s\n" "#define HAVE_GMP_H 1" >>confdefs.h fi -done - -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ps" >&5 -$as_echo_n "checking for ps... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for ps" >&5 +printf %s "checking for ps... " >&6; } PS= for ff in /usr/ucb /bin /usr/bin; do if test -x "$ff/ps"; then PS="$ff/ps" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PS" >&5 -$as_echo "$PS" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PS" >&5 +printf "%s\n" "$PS" >&6; } break fi done if test x$PS = x then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } as_fn_error $? "Cannot find ps in any of /usr/ucb /bin /usr/bin" "$LINENO" 5 fi -cat >>confdefs.h <<_ACEOF -#define PSPATH _("$PS") -_ACEOF +printf "%s\n" "#define PSPATH _(\"$PS\")" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to use ps" >&5 -$as_echo_n "checking how to use ps... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking how to use ps" >&5 +printf %s "checking how to use ps... " >&6; } $PS ax >/dev/null 2>&1 if test $? -eq 0; then case "$host_os" in @@ -8751,19 +10171,18 @@ else PSARG="-e" fi -cat >>confdefs.h <<_ACEOF -#define PSARG _("$PSARG") -_ACEOF +printf "%s\n" "#define PSARG _(\"$PSARG\")" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $PS $PSARG" >&5 -$as_echo "$PS $PSARG" >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PS $PSARG" >&5 +printf "%s\n" "$PS $PSARG" >&6; } # Check whether --enable-db-reload was given. -if test "${enable_db_reload+set}" = set; then : +if test ${enable_db_reload+y} +then : enableval=$enable_db_reload; if test "x${enable_db_reload}" = xyes; then - $as_echo "#define RELOAD_DATABASE 1" >>confdefs.h + printf "%s\n" "#define RELOAD_DATABASE 1" >>confdefs.h fi @@ -8772,10 +10191,11 @@ fi # Check whether --enable-xml-log was given. -if test "${enable_xml_log+set}" = set; then : +if test ${enable_xml_log+y} +then : enableval=$enable_xml_log; if test "x${enable_xml_log}" = xyes; then - $as_echo "#define SH_USE_XML 1" >>confdefs.h + printf "%s\n" "#define SH_USE_XML 1" >>confdefs.h fi @@ -8785,28 +10205,30 @@ fi # Check whether --enable-mail was given. -if test "${enable_mail+set}" = set; then : +if test ${enable_mail+y} +then : enableval=$enable_mail; if test "x${enable_mail}" = xno; then : else - $as_echo "#define SH_WITH_MAIL 1" >>confdefs.h + printf "%s\n" "#define SH_WITH_MAIL 1" >>confdefs.h fi -else - $as_echo "#define SH_WITH_MAIL 1" >>confdefs.h +else $as_nop + printf "%s\n" "#define SH_WITH_MAIL 1" >>confdefs.h fi # Check whether --enable-suid was given. -if test "${enable_suid+set}" = set; then : +if test ${enable_suid+y} +then : enableval=$enable_suid; if test "x${enable_suid}" = xyes; then -$as_echo "#define SH_ALLOW_SUID 1" >>confdefs.h +printf "%s\n" "#define SH_ALLOW_SUID 1" >>confdefs.h fi @@ -8815,51 +10237,52 @@ fi # Check whether --enable-shellexpand was given. -if test "${enable_shellexpand+set}" = set; then : +if test ${enable_shellexpand+y} +then : enableval=$enable_shellexpand; if test "x${enable_shellexpand}" = xno; then : else -$as_echo "#define SH_EVAL_SHELL 1" >>confdefs.h +printf "%s\n" "#define SH_EVAL_SHELL 1" >>confdefs.h fi -else +else $as_nop -$as_echo "#define SH_EVAL_SHELL 1" >>confdefs.h +printf "%s\n" "#define SH_EVAL_SHELL 1" >>confdefs.h fi # Check whether --enable-external-scripts was given. -if test "${enable_external_scripts+set}" = set; then : +if test ${enable_external_scripts+y} +then : enableval=$enable_external_scripts; if test "x${enableval}" = xno; then : else - $as_echo "#define WITH_EXTERNAL 1" >>confdefs.h + printf "%s\n" "#define WITH_EXTERNAL 1" >>confdefs.h fi -else - $as_echo "#define WITH_EXTERNAL 1" >>confdefs.h +else $as_nop + printf "%s\n" "#define WITH_EXTERNAL 1" >>confdefs.h fi # Check whether --enable-message-queue was given. -if test "${enable_message_queue+set}" = set; then : +if test ${enable_message_queue+y} +then : enableval=$enable_message_queue; if test "x${ac_cv_header_sys_msg_h}" = "xyes"; then if test "x${enable_message_queue}" = xyes; then - $as_echo "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h + printf "%s\n" "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define MESSAGE_QUEUE_MODE 0700 -_ACEOF + printf "%s\n" "#define MESSAGE_QUEUE_MODE 0700" >>confdefs.h elif test "x${enable_message_queue}" != xno; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && @@ -8867,19 +10290,17 @@ _ACEOF echo "${enableval}" | \ grep '0[0123456789][0123456789][0123456789]' >/dev/null 2>&1 || as_fn_error $? "With --enable-message-queue=MODE, MODE must be an octal (0nnn) number" "$LINENO" 5 - $as_echo "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h + printf "%s\n" "#define WITH_MESSAGE_QUEUE 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define MESSAGE_QUEUE_MODE ${enable_message_queue} -_ACEOF + printf "%s\n" "#define MESSAGE_QUEUE_MODE ${enable_message_queue}" >>confdefs.h fi else echo echo "**********************************************" echo - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&5 -$as_echo "$as_me: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&5 +printf "%s\n" "$as_me: WARNING: sys/msg.h missing, --enable-message-queue disabled" >&2;} echo echo "**********************************************" echo @@ -8891,7 +10312,8 @@ fi # Check whether --with-cflags was given. -if test "${with_cflags+set}" = set; then : +if test ${with_cflags+y} +then : withval=$with_cflags; if test "x$withval" != "xno" ; then CFLAGS="$CFLAGS $withval" @@ -8902,7 +10324,8 @@ fi # Check whether --with-libs was given. -if test "${with_libs+set}" = set; then : +if test ${with_libs+y} +then : withval=$with_libs; if test "x$withval" != "xno" ; then LIBS="$LIBS $withval" @@ -8916,15 +10339,16 @@ fi # # this is from ssh # -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use libwrap" >&5 -$as_echo_n "checking whether to use libwrap... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to use libwrap" >&5 +printf %s "checking whether to use libwrap... " >&6; } LIBWRAP_LIB="" LIBWRAP_INC="" # Check whether --with-libwrap was given. -if test "${with_libwrap+set}" = set; then : - withval=$with_libwrap; { $as_echo "$as_me:${as_lineno-$LINENO}: result: $withval" >&5 -$as_echo "$withval" >&6; } +if test ${with_libwrap+y} +then : + withval=$with_libwrap; { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $withval" >&5 +printf "%s\n" "$withval" >&6; } case "$withval" in no) ;; @@ -8948,46 +10372,48 @@ $as_echo "$withval" >&6; } LIBS="$LIBWRAP_LIB $LIBS" # OLDCFLAGS="$CFLAGS" CFLAGS="$CFLAGS $LIBWRAP_INC" - ac_fn_c_check_header_mongrel "$LINENO" "tcpd.h" "ac_cv_header_tcpd_h" "$ac_includes_default" -if test "x$ac_cv_header_tcpd_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "tcpd.h" "ac_cv_header_tcpd_h" "$ac_includes_default" +if test "x$ac_cv_header_tcpd_h" = xyes +then : -else +else $as_nop as_fn_error $? "Could not find tcpd.h for libwrap. You need to install tcp_wrappers." "$LINENO" 5 fi - cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <tcpd.h> int allow_severity; int deny_severity; int -main () +main (void) { hosts_access((struct request_info *) 0); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : -$as_echo "#define SH_USE_LIBWRAP 1" >>confdefs.h +printf "%s\n" "#define SH_USE_LIBWRAP 1" >>confdefs.h -else +else $as_nop as_fn_error $? "Could not find the libwrap library." "$LINENO" 5 fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext fi -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } +else $as_nop + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi # Check whether --enable-network was given. -if test "${enable_network+set}" = set; then : +if test ${enable_network+y} +then : enableval=$enable_network; if test "x$enable_network" = xclient; then mytclient="-DSH_WITH_CLIENT" @@ -9002,7 +10428,7 @@ if test "${enable_network+set}" = set; then : elif test "x$enable_network" = xserver; then mytclient="-DSH_WITH_SERVER" yulectl_prg="yulectl" - samhainadmin_prg="scripts/samhainadmin.pl" + samhainadmin_prg="scripts/samhainadmin-gpg.pl scripts/samhainadmin-sig.pl" setpwd_prg="samhain_setpwd" sh_main_prg="yule" if test "x${sh_have_gmp}" = xyes @@ -9020,7 +10446,7 @@ if test "${enable_network+set}" = set; then : as_fn_error $? "With --enable-network=WHAT, WHAT must be client, server, or no" "$LINENO" 5 fi -else +else $as_nop mytclient="-DSH_STANDALONE" setpwd_prg= @@ -9044,7 +10470,8 @@ clmytclient=`echo ${mytclient} | sed s%\-%%` sh_no_gcc_static=no # Check whether --enable-static was given. -if test "${enable_static+set}" = set; then : +if test ${enable_static+y} +then : enableval=$enable_static; if test x$enable_static = xyes; then if test x"$mynetbsd" = xyes @@ -9056,20 +10483,26 @@ if test "${enable_static+set}" = set; then : then tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` LIBS="${tmp_LIBS}" + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --enable-static: no support for Linux Auditing System" >&5 +printf "%s\n" "$as_me: WARNING: --enable-static: no support for Linux Auditing System" >&2;} fi if test "x$GCC" = "xyes"; then + if test -n "`echo "$CFLAGS" | grep "\-flto" 2> /dev/null`" + then + as_fn_error $? "--enable-static: not compatible with link-time optimisation" "$LINENO" 5 + fi case "$host_os" in *solaris*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: option --enable-static ignored on Solaris" >&5 -$as_echo "$as_me: WARNING: option --enable-static ignored on Solaris" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: option --enable-static ignored on Solaris" >&5 +printf "%s\n" "$as_me: WARNING: option --enable-static ignored on Solaris" >&2;} ;; *) -$as_echo "#define SH_COMPILE_STATIC 1" >>confdefs.h +printf "%s\n" "#define SH_COMPILE_STATIC 1" >>confdefs.h sh_no_gcc_static=no LDFLAGS="$LDFLAGS -static" @@ -9077,7 +10510,7 @@ $as_echo "#define SH_COMPILE_STATIC 1" >>confdefs.h esac else -$as_echo "#define SH_COMPILE_STATIC 1" >>confdefs.h +printf "%s\n" "#define SH_COMPILE_STATIC 1" >>confdefs.h sh_no_gcc_static=yes case "$host_os" in @@ -9155,33 +10588,31 @@ if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then CFLAGS="$CFLAGS $PTHREAD_CFLAGS" save_LIBS="$LIBS" LIBS="$PTHREAD_LIBS $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS" >&5 -$as_echo_n "checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS" >&5 +printf %s "checking for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char pthread_join (); int -main () +main (void) { return pthread_join (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : acx_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 -$as_echo "$acx_pthread_ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 +printf "%s\n" "$acx_pthread_ok" >&6; } if test x"$acx_pthread_ok" = xno; then PTHREAD_LIBS="" PTHREAD_CFLAGS="" @@ -9242,30 +10673,31 @@ for flag in $acx_pthread_flags; do case $flag in none) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 -$as_echo_n "checking whether pthreads work without any flags... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work without any flags" >&5 +printf %s "checking whether pthreads work without any flags... " >&6; } ;; -pthread) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 -$as_echo_n "checking whether pthreads work with $flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 +printf %s "checking whether pthreads work with $flag... " >&6; } PTHREAD_CFLAGS="$flag" ;; -*) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 -$as_echo_n "checking whether pthreads work with $flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether pthreads work with $flag" >&5 +printf %s "checking whether pthreads work with $flag... " >&6; } PTHREAD_CFLAGS="$flag" ;; pthread-config) # Extract the first word of "pthread-config", so it can be a program name with args. set dummy pthread-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_acx_pthread_config+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_acx_pthread_config+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$acx_pthread_config"; then ac_cv_prog_acx_pthread_config="$acx_pthread_config" # Let the user override the test. else @@ -9273,11 +10705,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_acx_pthread_config="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9289,11 +10725,11 @@ fi fi acx_pthread_config=$ac_cv_prog_acx_pthread_config if test -n "$acx_pthread_config"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_config" >&5 -$as_echo "$acx_pthread_config" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_config" >&5 +printf "%s\n" "$acx_pthread_config" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9303,8 +10739,8 @@ fi ;; *) - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$flag" >&5 -$as_echo_n "checking for the pthreads library -l$flag... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for the pthreads library -l$flag" >&5 +printf %s "checking for the pthreads library -l$flag... " >&6; } PTHREAD_LIBS="-l$flag" ;; esac @@ -9329,7 +10765,7 @@ $as_echo_n "checking for the pthreads library -l$flag... " >&6; } /* end confdefs.h. */ #include <pthread.h> int -main () +main (void) { pthread_t th; pthread_join(th, 0); pthread_attr_init(0); pthread_cleanup_push(0, 0); @@ -9338,18 +10774,19 @@ pthread_t th; pthread_join(th, 0); return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : acx_pthread_ok=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS="$save_LIBS" LDFLAGS="$save_LDFLAGS" CFLAGS="$save_CFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 -$as_echo "$acx_pthread_ok" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $acx_pthread_ok" >&5 +printf "%s\n" "$acx_pthread_ok" >&6; } if test "x$acx_pthread_ok" = xyes; then break; fi @@ -9367,56 +10804,55 @@ if test "x$acx_pthread_ok" = xyes; then CFLAGS="$CFLAGS $PTHREAD_CFLAGS" # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 -$as_echo_n "checking for joinable pthread attribute... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for joinable pthread attribute" >&5 +printf %s "checking for joinable pthread attribute... " >&6; } attr_name=unknown for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <pthread.h> int -main () +main (void) { int attr=$attr; return attr; ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : attr_name=$attr; break fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext done - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $attr_name" >&5 -$as_echo "$attr_name" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $attr_name" >&5 +printf "%s\n" "$attr_name" >&6; } if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then -cat >>confdefs.h <<_ACEOF -#define PTHREAD_CREATE_JOINABLE $attr_name -_ACEOF +printf "%s\n" "#define PTHREAD_CREATE_JOINABLE $attr_name" >>confdefs.h fi # Solaris lossage: default is obsolete semantics for getpwnam_r, # getpwuid_r, getgrgid_r, unless _POSIX_PTHREAD_SEMANTICS is defined - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if more special flags are required for pthreads" >&5 -$as_echo_n "checking if more special flags are required for pthreads... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking if more special flags are required for pthreads" >&5 +printf %s "checking if more special flags are required for pthreads... " >&6; } flag=no case "${host_cpu}-${host_os}" in *-aix* | *-freebsd* | *-darwin*) flag="-D_THREAD_SAFE";; *-osf* | *-hpux*) flag="-D_REENTRANT";; *solaris*) flag="-D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT";; esac - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${flag}" >&5 -$as_echo "${flag}" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${flag}" >&5 +printf "%s\n" "${flag}" >&6; } if test "x$flag" != xno; then PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" fi # Detect PTHREAD_MUTEX_RECURSIVE - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for recursive mutexes" >&5 -$as_echo_n "checking for recursive mutexes... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for recursive mutexes" >&5 +printf %s "checking for recursive mutexes... " >&6; } mutex_recursive=no cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9424,7 +10860,7 @@ $as_echo_n "checking for recursive mutexes... " >&6; } #define _XOPEN_SOURCE 500 #include <pthread.h> int -main () +main (void) { pthread_mutexattr_t mta; @@ -9434,19 +10870,20 @@ return 0; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : mutex_recursive=yes fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext if test "x$mutex_recursive" = "xyes" then -$as_echo "#define HAVE_PTHREAD_MUTEX_RECURSIVE 1" >>confdefs.h +printf "%s\n" "#define HAVE_PTHREAD_MUTEX_RECURSIVE 1" >>confdefs.h fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $mutex_recursive" >&5 -$as_echo "$mutex_recursive" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $mutex_recursive" >&5 +printf "%s\n" "$mutex_recursive" >&6; } LIBS="$save_LIBS" CFLAGS="$save_CFLAGS" @@ -9457,11 +10894,12 @@ $as_echo "$mutex_recursive" >&6; } do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_PTHREAD_CC+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_PTHREAD_CC+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$PTHREAD_CC"; then ac_cv_prog_PTHREAD_CC="$PTHREAD_CC" # Let the user override the test. else @@ -9469,11 +10907,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_PTHREAD_CC="$ac_prog" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9484,11 +10926,11 @@ fi fi PTHREAD_CC=$ac_cv_prog_PTHREAD_CC if test -n "$PTHREAD_CC"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 -$as_echo "$PTHREAD_CC" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $PTHREAD_CC" >&5 +printf "%s\n" "$PTHREAD_CC" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9515,7 +10957,7 @@ fi # Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: if test x"$acx_pthread_ok" = xyes; then -$as_echo "#define HAVE_PTHREAD 1" >>confdefs.h +printf "%s\n" "#define HAVE_PTHREAD 1" >>confdefs.h : else @@ -9560,11 +11002,12 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 -$as_echo_n "checking for inflateEnd in -lz... " >&6; } -if ${ac_cv_lib_z_inflateEnd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 +printf %s "checking for inflateEnd in -lz... " >&6; } +if test ${ac_cv_lib_z_inflateEnd+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -9573,43 +11016,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inflateEnd (); int -main () +main (void) { return inflateEnd (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_z_inflateEnd=yes -else +else $as_nop ac_cv_lib_z_inflateEnd=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 -$as_echo "$ac_cv_lib_z_inflateEnd" >&6; } -if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 +printf "%s\n" "$ac_cv_lib_z_inflateEnd" >&6; } +if test "x$ac_cv_lib_z_inflateEnd" = xyes +then : zlib_cv_libz=yes -else +else $as_nop zlib_cv_libz=no fi -ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" -if test "x$ac_cv_header_zlib_h" = xyes; then : +ac_fn_c_check_header_compile "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" +if test "x$ac_cv_header_zlib_h" = xyes +then : zlib_cv_zlib_h=yes -else +else $as_nop zlib_cv_zlib_h=no fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -9621,11 +11063,12 @@ then # # If both library and header were found, use them # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 -$as_echo_n "checking for inflateEnd in -lz... " >&6; } -if ${ac_cv_lib_z_inflateEnd+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 +printf %s "checking for inflateEnd in -lz... " >&6; } +if test ${ac_cv_lib_z_inflateEnd+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -9634,66 +11077,59 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inflateEnd (); int -main () +main (void) { return inflateEnd (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_z_inflateEnd=yes -else +else $as_nop ac_cv_lib_z_inflateEnd=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 -$as_echo "$ac_cv_lib_z_inflateEnd" >&6; } -if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBZ 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 +printf "%s\n" "$ac_cv_lib_z_inflateEnd" >&6; } +if test "x$ac_cv_lib_z_inflateEnd" = xyes +then : + printf "%s\n" "#define HAVE_LIBZ 1" >>confdefs.h LIBS="-lz $LIBS" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 -$as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - for ac_func in compressBound -do : - ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" -if test "x$ac_cv_func_compressBound" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_COMPRESSBOUND 1 -_ACEOF + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 +printf %s "checking zlib in ${ZLIB_HOME}... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +printf "%s\n" "ok" >&6; } + ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" +if test "x$ac_cv_func_compressBound" = xyes +then : + printf "%s\n" "#define HAVE_COMPRESSBOUND 1" >>confdefs.h fi -done zlib_found=yes else # # If either header or library was not found, revert and bomb # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 -$as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 +printf %s "checking zlib in ${ZLIB_HOME}... " >&6; } LDFLAGS="$ZLIB_OLD_LDFLAGS" CPPFLAGS="$ZLIB_OLD_CPPFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 -$as_echo "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 +printf "%s\n" "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} fi @@ -9708,9 +11144,10 @@ else fi fi ac_fn_c_check_func "$LINENO" "pmap_getmaps" "ac_cv_func_pmap_getmaps" -if test "x$ac_cv_func_pmap_getmaps" = xyes; then : +if test "x$ac_cv_func_pmap_getmaps" = xyes +then : -$as_echo "#define HAVE_PMAP_GETMAPS /**/" >>confdefs.h +printf "%s\n" "#define HAVE_PMAP_GETMAPS /**/" >>confdefs.h fi @@ -9723,25 +11160,27 @@ fi # Check whether --with-libprelude-prefix was given. -if test "${with_libprelude_prefix+set}" = set; then : +if test ${with_libprelude_prefix+y} +then : withval=$with_libprelude_prefix; libprelude_config_prefix="$withval" -else +else $as_nop libprelude_config_prefix="" fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use prelude" >&5 -$as_echo_n "checking whether to use prelude... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether to use prelude" >&5 +printf %s "checking whether to use prelude... " >&6; } # Check whether --with-prelude was given. -if test "${with_prelude+set}" = set; then : +if test ${with_prelude+y} +then : withval=$with_prelude; if test "x${withval}" = "xno"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } if test x$libprelude_config_prefix != x ; then if test x${LIBPRELUDE_CONFIG+set} != xset ; then LIBPRELUDE_CONFIG=$libprelude_config_prefix/bin/libprelude-config @@ -9750,11 +11189,12 @@ $as_echo "yes" >&6; } # Extract the first word of "libprelude-config", so it can be a program name with args. set dummy libprelude-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_LIBPRELUDE_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_path_LIBPRELUDE_CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop case $LIBPRELUDE_CONFIG in [\\/]* | ?:[\\/]*) ac_cv_path_LIBPRELUDE_CONFIG="$LIBPRELUDE_CONFIG" # Let the user override the test with a path. @@ -9764,11 +11204,15 @@ else for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_LIBPRELUDE_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_path_LIBPRELUDE_CONFIG="$as_dir$ac_word$ac_exec_ext" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -9781,11 +11225,11 @@ esac fi LIBPRELUDE_CONFIG=$ac_cv_path_LIBPRELUDE_CONFIG if test -n "$LIBPRELUDE_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPRELUDE_CONFIG" >&5 -$as_echo "$LIBPRELUDE_CONFIG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $LIBPRELUDE_CONFIG" >&5 +printf "%s\n" "$LIBPRELUDE_CONFIG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -9802,8 +11246,8 @@ fi ;; *) min_libprelude_version=0.9.6 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libprelude - version >= $min_libprelude_version" >&5 -$as_echo_n "checking for libprelude - version >= $min_libprelude_version... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for libprelude - version >= $min_libprelude_version" >&5 +printf %s "checking for libprelude - version >= $min_libprelude_version... " >&6; } no_libprelude="" if test "$LIBPRELUDE_CONFIG" = "no" ; then no_libprelude=yes @@ -9824,9 +11268,10 @@ $as_echo_n "checking for libprelude - version >= $min_libprelude_version... " >& LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" LIBS="$LIBS $LIBPRELUDE_LIBS" rm -f conf.libpreludetest - if test "$cross_compiling" = yes; then : + if test "$cross_compiling" = yes +then : echo $ac_n "cross compiling; assumed OK... $ac_c" -else +else $as_nop cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -9885,9 +11330,10 @@ main () } _ACEOF -if ac_fn_c_try_run "$LINENO"; then : +if ac_fn_c_try_run "$LINENO" +then : -else +else $as_nop no_libprelude=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ @@ -9900,11 +11346,11 @@ fi fi if test "x$no_libprelude" = x ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } -$as_echo "#define HAVE_LIBPRELUDE 1" >>confdefs.h +printf "%s\n" "#define HAVE_LIBPRELUDE 1" >>confdefs.h CFLAGS="$CFLAGS $LIBPRELUDE_PTHREAD_CFLAGS" LDFLAGS="$LDFLAGS $LIBPRELUDE_LDFLAGS" @@ -9914,8 +11360,8 @@ $as_echo "#define HAVE_LIBPRELUDE 1" >>confdefs.h if test -f conf.libpreludetest ; then : else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi if test "$LIBPRELUDE_CONFIG" = "no" ; then echo "*** The libprelude-config script installed by LIBPRELUDE could not be found" @@ -9939,14 +11385,15 @@ $as_echo "no" >&6; } #include <libprelude/prelude.h> int -main () +main (void) { return !!prelude_check_version(NULL); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : echo "*** The test program compiled, but did not run. This usually means" echo "*** that the run-time linker is not finding LIBPRELUDE or finding the wrong" echo "*** version of LIBPRELUDE. If it is not finding LIBPRELUDE, you'll need to set your" @@ -9957,13 +11404,13 @@ if ac_fn_c_try_link "$LINENO"; then : echo "*** If you have an old version installed, it is best to remove it, although" echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" echo "***" -else +else $as_nop echo "*** The test program failed to compile or link. See the file config.log for the" echo "*** exact error that occured. This usually means LIBPRELUDE was incorrectly installed" echo "*** or that you have moved LIBPRELUDE since it was installed. In the latter case, you" echo "*** may want to edit the libprelude-config script: $LIBPRELUDE_CONFIG" fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext CFLAGS="$ac_save_CFLAGS" LDFLAGS="$ac_save_LDFLAGS" @@ -9992,10 +11439,10 @@ rm -f core conftest.err conftest.$ac_objext \ fi fi -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10006,8 +11453,13 @@ fi # # Check whether --with-database was given. -if test "${with_database+set}" = set; then : +if test ${with_database+y} +then : withval=$with_database; + if test x"$enable_static" = xyes; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: With --enable-static, --with-database may fail to compile." >&5 +printf "%s\n" "$as_me: WARNING: With --enable-static, --with-database may fail to compile." >&2;} + fi if test x"$enable_xml_log" != xyes; then as_fn_error $? "With --with-database, --enable-xml-log is required as well." "$LINENO" 5 fi @@ -10041,11 +11493,12 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 -$as_echo_n "checking for inflateEnd in -lz... " >&6; } -if ${ac_cv_lib_z_inflateEnd+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 +printf %s "checking for inflateEnd in -lz... " >&6; } +if test ${ac_cv_lib_z_inflateEnd+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -10054,43 +11507,42 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inflateEnd (); int -main () +main (void) { return inflateEnd (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_z_inflateEnd=yes -else +else $as_nop ac_cv_lib_z_inflateEnd=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 -$as_echo "$ac_cv_lib_z_inflateEnd" >&6; } -if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 +printf "%s\n" "$ac_cv_lib_z_inflateEnd" >&6; } +if test "x$ac_cv_lib_z_inflateEnd" = xyes +then : zlib_cv_libz=yes -else +else $as_nop zlib_cv_libz=no fi -ac_fn_c_check_header_mongrel "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" -if test "x$ac_cv_header_zlib_h" = xyes; then : +ac_fn_c_check_header_compile "$LINENO" "zlib.h" "ac_cv_header_zlib_h" "$ac_includes_default" +if test "x$ac_cv_header_zlib_h" = xyes +then : zlib_cv_zlib_h=yes -else +else $as_nop zlib_cv_zlib_h=no fi - ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' @@ -10102,11 +11554,12 @@ then # # If both library and header were found, use them # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 -$as_echo_n "checking for inflateEnd in -lz... " >&6; } -if ${ac_cv_lib_z_inflateEnd+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for inflateEnd in -lz" >&5 +printf %s "checking for inflateEnd in -lz... " >&6; } +if test ${ac_cv_lib_z_inflateEnd+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -10115,77 +11568,71 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char inflateEnd (); int -main () +main (void) { return inflateEnd (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_z_inflateEnd=yes -else +else $as_nop ac_cv_lib_z_inflateEnd=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 -$as_echo "$ac_cv_lib_z_inflateEnd" >&6; } -if test "x$ac_cv_lib_z_inflateEnd" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBZ 1 -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_z_inflateEnd" >&5 +printf "%s\n" "$ac_cv_lib_z_inflateEnd" >&6; } +if test "x$ac_cv_lib_z_inflateEnd" = xyes +then : + printf "%s\n" "#define HAVE_LIBZ 1" >>confdefs.h LIBS="-lz $LIBS" fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 -$as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 -$as_echo "ok" >&6; } - for ac_func in compressBound -do : - ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" -if test "x$ac_cv_func_compressBound" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_COMPRESSBOUND 1 -_ACEOF + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 +printf %s "checking zlib in ${ZLIB_HOME}... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +printf "%s\n" "ok" >&6; } + ac_fn_c_check_func "$LINENO" "compressBound" "ac_cv_func_compressBound" +if test "x$ac_cv_func_compressBound" = xyes +then : + printf "%s\n" "#define HAVE_COMPRESSBOUND 1" >>confdefs.h fi -done zlib_found=yes else # # If either header or library was not found, revert and bomb # - { $as_echo "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 -$as_echo_n "checking zlib in ${ZLIB_HOME}... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking zlib in ${ZLIB_HOME}" >&5 +printf %s "checking zlib in ${ZLIB_HOME}... " >&6; } LDFLAGS="$ZLIB_OLD_LDFLAGS" CPPFLAGS="$ZLIB_OLD_CPPFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 -$as_echo "failed" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 -$as_echo "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +printf "%s\n" "failed" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&5 +printf "%s\n" "$as_me: WARNING: zlib not found in ZLIB_HOME, /usr/local, or /usr" >&2;} fi fi # Extract the first word of "mysql_config", so it can be a program name with args. set dummy mysql_config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_HAVE_MYSQL_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_HAVE_MYSQL_CONFIG+y} +then : + printf %s "(cached) " >&6 +else $as_nop if test -n "$HAVE_MYSQL_CONFIG"; then ac_cv_prog_HAVE_MYSQL_CONFIG="$HAVE_MYSQL_CONFIG" # Let the user override the test. else @@ -10193,11 +11640,15 @@ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then ac_cv_prog_HAVE_MYSQL_CONFIG="yes" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 break 2 fi done @@ -10209,11 +11660,11 @@ fi fi HAVE_MYSQL_CONFIG=$ac_cv_prog_HAVE_MYSQL_CONFIG if test -n "$HAVE_MYSQL_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_MYSQL_CONFIG" >&5 -$as_echo "$HAVE_MYSQL_CONFIG" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $HAVE_MYSQL_CONFIG" >&5 +printf "%s\n" "$HAVE_MYSQL_CONFIG" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi @@ -10225,8 +11676,8 @@ fi sh_mysql_cflags="`eval echo ${sh_mysql_cflags}`" CPPFLAGS="$CPPFLAGS ${sh_mysql_cflags}" else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME" >&5 -$as_echo_n "checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME" >&5 +printf %s "checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME... " >&6; } mysql_directory="/usr /usr/local /usr/local/mysql ${MYSQL_HOME}" for i in $mysql_directory; do @@ -10309,15 +11760,15 @@ $as_echo_n "checking for MySQL in /usr /usr/local /usr/local/mysql MYSQL_HOME... fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } LIBS="$LIBS -L${MYSQL_LIB_DIR} -lmysqlclient" # CFLAGS="$CFLAGS -I${MYSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${MYSQL_INC_DIR}" fi - $as_echo "#define WITH_MYSQL 1" >>confdefs.h + printf "%s\n" "#define WITH_MYSQL 1" >>confdefs.h - $as_echo "#define WITH_DATABASE 1" >>confdefs.h + printf "%s\n" "#define WITH_DATABASE 1" >>confdefs.h if test "x$zlib_found" = "xyes" then @@ -10345,22 +11796,17 @@ $as_echo "yes" >&6; } echo as_fn_error $? "Could not find libmysql, or it is not useable." "$LINENO" 5 fi - for ac_header in mysql/mysql.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "mysql/mysql.h" "ac_cv_header_mysql_mysql_h" "$ac_includes_default" -if test "x$ac_cv_header_mysql_mysql_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_MYSQL_MYSQL_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "mysql/mysql.h" "ac_cv_header_mysql_mysql_h" "$ac_includes_default" +if test "x$ac_cv_header_mysql_mysql_h" = xyes +then : + printf "%s\n" "#define HAVE_MYSQL_MYSQL_H 1" >>confdefs.h fi -done - elif test "x${withval}" = "xpostgresql"; then - $as_echo "#define WITH_POSTGRES 1" >>confdefs.h + printf "%s\n" "#define WITH_POSTGRES 1" >>confdefs.h - $as_echo "#define WITH_DATABASE 1" >>confdefs.h + printf "%s\n" "#define WITH_DATABASE 1" >>confdefs.h # PGCONF="no" @@ -10379,8 +11825,8 @@ done # if test "x${PGCONF}" = "xno" then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME" >&5 -$as_echo_n "checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME" >&5 +printf %s "checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /usr PGSQL_HOME... " >&6; } pgsql_directory="/usr/local/pgsql /usr/pgsql /usr/local /usr ${PGSQL_HOME}" for i in $pgsql_directory; do if test -r $i/include/pgsql/libpq-fe.h; then @@ -10470,8 +11916,8 @@ $as_echo_n "checking for PostgreSQL in /usr/local/pgsql /usr/pgsql /usr/local /u fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } LIBS="$LIBS -L${PGSQL_LIB_DIR} -lpq -lm" if test x"$enable_static" = xyes; then @@ -10481,30 +11927,20 @@ $as_echo "yes" >&6; } fi # CFLAGS="$CFLAGS -I${PGSQL_INC_DIR}" CPPFLAGS="$CPPFLAGS -I${PGSQL_INC_DIR}" - for ac_header in pgsql/libpq-fe.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "pgsql/libpq-fe.h" "ac_cv_header_pgsql_libpq_fe_h" "$ac_includes_default" -if test "x$ac_cv_header_pgsql_libpq_fe_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_PGSQL_LIBPQ_FE_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "pgsql/libpq-fe.h" "ac_cv_header_pgsql_libpq_fe_h" "$ac_includes_default" +if test "x$ac_cv_header_pgsql_libpq_fe_h" = xyes +then : + printf "%s\n" "#define HAVE_PGSQL_LIBPQ_FE_H 1" >>confdefs.h fi -done - - for ac_header in postgresql/libpq-fe.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "postgresql/libpq-fe.h" "ac_cv_header_postgresql_libpq_fe_h" "$ac_includes_default" -if test "x$ac_cv_header_postgresql_libpq_fe_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_POSTGRESQL_LIBPQ_FE_H 1 -_ACEOF + ac_fn_c_check_header_compile "$LINENO" "postgresql/libpq-fe.h" "ac_cv_header_postgresql_libpq_fe_h" "$ac_includes_default" +if test "x$ac_cv_header_postgresql_libpq_fe_h" = xyes +then : + printf "%s\n" "#define HAVE_POSTGRESQL_LIBPQ_FE_H 1" >>confdefs.h fi -done - else pg_lib_dir=`${PGCONF} --libdir` if test x"$enable_static" = xyes; then @@ -10517,8 +11953,8 @@ done CPPFLAGS="$CPPFLAGS -I${pg_inc_dir}" fi elif test "x${withval}" = "xodbc"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for odbc in /usr /usr/local ODBC_HOME" >&5 -$as_echo_n "checking for odbc in /usr /usr/local ODBC_HOME... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for odbc in /usr /usr/local ODBC_HOME" >&5 +printf %s "checking for odbc in /usr /usr/local ODBC_HOME... " >&6; } odbc_directory="/usr /usr/local" for i in $odbc_directory; do @@ -10576,19 +12012,19 @@ $as_echo_n "checking for odbc in /usr /usr/local ODBC_HOME... " >&6; } fi - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } CPPFLAGS="${CPPFLAGS} -I${ODBC_INC_DIR}" LIBS="${LIBS} -L${ODBC_LIB_DIR} -l$ODBC_LIB" - $as_echo "#define WITH_ODBC 1" >>confdefs.h + printf "%s\n" "#define WITH_ODBC 1" >>confdefs.h - $as_echo "#define WITH_DATABASE 1" >>confdefs.h + printf "%s\n" "#define WITH_DATABASE 1" >>confdefs.h elif test "x${withval}" = "xoracle"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for oracle in ORACLE_HOME /usr/local /usr" >&5 -$as_echo_n "checking for oracle in ORACLE_HOME /usr/local /usr... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for oracle in ORACLE_HOME /usr/local /usr" >&5 +printf %s "checking for oracle in ORACLE_HOME /usr/local /usr... " >&6; } oracle_directory="/usr /usr/local ${ORACLE_HOME}" for i in $oracle_directory; do @@ -10654,8 +12090,8 @@ $as_echo_n "checking for oracle in ORACLE_HOME /usr/local /usr... " >&6; } ORACLE_CPP_FLAGS="-I$ORACLE_INC" ORACLE_LIB_DIR="$ORACLE_LIB" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ORACLE_INC $ORACLE_LIB" >&5 -$as_echo "$ORACLE_INC $ORACLE_LIB" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ORACLE_INC $ORACLE_LIB" >&5 +printf "%s\n" "$ORACLE_INC $ORACLE_LIB" >&6; } CPPFLAGS="${CPPFLAGS} ${ORACLE_CPP_FLAGS}" @@ -10674,9 +12110,9 @@ $as_echo "$ORACLE_INC $ORACLE_LIB" >&6; } CFLAGS="${CFLAGS} -fno-strict-aliasing" fi fi - $as_echo "#define WITH_ORACLE 1" >>confdefs.h + printf "%s\n" "#define WITH_ORACLE 1" >>confdefs.h - $as_echo "#define WITH_DATABASE 1" >>confdefs.h + printf "%s\n" "#define WITH_DATABASE 1" >>confdefs.h else @@ -10689,13 +12125,12 @@ fi # Check whether --with-console was given. -if test "${with_console+set}" = set; then : +if test ${with_console+y} +then : withval=$with_console; if test "x${withval}" != xno; then mycons="$withval" - cat >>confdefs.h <<_ACEOF -#define DEFAULT_CONSOLE _("${mycons}") -_ACEOF + printf "%s\n" "#define DEFAULT_CONSOLE _(\"${mycons}\") " >>confdefs.h fi @@ -10704,7 +12139,8 @@ fi # Check whether --with-altconsole was given. -if test "${with_altconsole+set}" = set; then : +if test ${with_altconsole+y} +then : withval=$with_altconsole; if test "x${withval}" != xno; then myaltcons="$withval" @@ -10712,62 +12148,59 @@ if test "${with_altconsole+set}" = set; then : myaltcons="NULL" fi -else +else $as_nop myaltcons="NULL" fi -cat >>confdefs.h <<_ACEOF -#define ALT_CONSOLE _("${myaltcons}") -_ACEOF +printf "%s\n" "#define ALT_CONSOLE _(\"${myaltcons}\") " >>confdefs.h # Check whether --with-timeserver was given. -if test "${with_timeserver+set}" = set; then : +if test ${with_timeserver+y} +then : withval=$with_timeserver; if test "x${withval}" != xno; then mytimeserv="$withval" - $as_echo "#define HAVE_NTIME 1" >>confdefs.h + printf "%s\n" "#define HAVE_NTIME 1" >>confdefs.h else mytimeserv="NULL" fi -else +else $as_nop mytimeserv="NULL" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_TIMESERVER _("${mytimeserv}") -_ACEOF +printf "%s\n" "#define DEFAULT_TIMESERVER _(\"${mytimeserv}\") " >>confdefs.h # Check whether --with-alttimeserver was given. -if test "${with_alttimeserver+set}" = set; then : +if test ${with_alttimeserver+y} +then : withval=$with_alttimeserver; if test "x${withval}" != xno; then myalttimeserv="$withval" - $as_echo "#define HAVE_NTIME 1" >>confdefs.h + printf "%s\n" "#define HAVE_NTIME 1" >>confdefs.h else myalttimeserv="NULL" fi -else +else $as_nop myalttimeserv="NULL" fi -cat >>confdefs.h <<_ACEOF -#define ALT_TIMESERVER _("${myalttimeserv}") -_ACEOF +printf "%s\n" "#define ALT_TIMESERVER _(\"${myalttimeserv}\") " >>confdefs.h # Check whether --enable-login-watch was given. -if test "${enable_login_watch+set}" = set; then : +if test ${enable_login_watch+y} +then : enableval=$enable_login_watch; if test "x${enable_login_watch}" = xyes; then - $as_echo "#define SH_USE_UTMP 1" >>confdefs.h + printf "%s\n" "#define SH_USE_UTMP 1" >>confdefs.h fi @@ -10776,10 +12209,11 @@ fi # Check whether --enable-mounts-check was given. -if test "${enable_mounts_check+set}" = set; then : +if test ${enable_mounts_check+y} +then : enableval=$enable_mounts_check; if test "x${enable_mounts_check}" = xyes; then - $as_echo "#define SH_USE_MOUNTS 1" >>confdefs.h + printf "%s\n" "#define SH_USE_MOUNTS 1" >>confdefs.h fi @@ -10788,46 +12222,48 @@ fi # Check whether --enable-logfile-monitor was given. -if test "${enable_logfile_monitor+set}" = set; then : +if test ${enable_logfile_monitor+y} +then : enableval=$enable_logfile_monitor; if test "x${enable_logfile_monitor}" = xyes; then - ac_fn_c_check_header_mongrel "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default" -if test "x$ac_cv_header_pcre_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "pcre.h" "ac_cv_header_pcre_h" "$ac_includes_default" +if test "x$ac_cv_header_pcre_h" = xyes +then : -$as_echo "#define USE_LOGFILE_MONITOR 1" >>confdefs.h +printf "%s\n" "#define USE_LOGFILE_MONITOR 1" >>confdefs.h LIBS="-lpcre $LIBS" -else +else $as_nop - ac_fn_c_check_header_mongrel "$LINENO" "pcre/pcre.h" "ac_cv_header_pcre_pcre_h" "$ac_includes_default" -if test "x$ac_cv_header_pcre_pcre_h" = xyes; then : + ac_fn_c_check_header_compile "$LINENO" "pcre/pcre.h" "ac_cv_header_pcre_pcre_h" "$ac_includes_default" +if test "x$ac_cv_header_pcre_pcre_h" = xyes +then : -$as_echo "#define USE_LOGFILE_MONITOR 1" >>confdefs.h +printf "%s\n" "#define USE_LOGFILE_MONITOR 1" >>confdefs.h -$as_echo "#define HAVE_PCRE_PCRE_H 1" >>confdefs.h +printf "%s\n" "#define HAVE_PCRE_PCRE_H 1" >>confdefs.h LIBS="-lpcre $LIBS" -else +else $as_nop as_fn_error $? "The --enable-logfile-monitor option requires libpcre. For compiling the pcre development package is needed." "$LINENO" 5 fi - fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pcre_dfa_exec in -lpcre" >&5 -$as_echo_n "checking for pcre_dfa_exec in -lpcre... " >&6; } -if ${ac_cv_lib_pcre_pcre_dfa_exec+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for pcre_dfa_exec in -lpcre" >&5 +printf %s "checking for pcre_dfa_exec in -lpcre... " >&6; } +if test ${ac_cv_lib_pcre_pcre_dfa_exec+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lpcre $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -10836,39 +12272,38 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char pcre_dfa_exec (); int -main () +main (void) { return pcre_dfa_exec (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_pcre_pcre_dfa_exec=yes -else +else $as_nop ac_cv_lib_pcre_pcre_dfa_exec=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcre_pcre_dfa_exec" >&5 -$as_echo "$ac_cv_lib_pcre_pcre_dfa_exec" >&6; } -if test "x$ac_cv_lib_pcre_pcre_dfa_exec" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pcre_pcre_dfa_exec" >&5 +printf "%s\n" "$ac_cv_lib_pcre_pcre_dfa_exec" >&6; } +if test "x$ac_cv_lib_pcre_pcre_dfa_exec" = xyes +then : -$as_echo "#define HAVE_PCRE_DFA_EXEC 1" >>confdefs.h +printf "%s\n" "#define HAVE_PCRE_DFA_EXEC 1" >>confdefs.h -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: pcre_dfa_exec not available" >&5 -$as_echo "$as_me: WARNING: pcre_dfa_exec not available" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: pcre_dfa_exec not available" >&5 +printf "%s\n" "$as_me: WARNING: pcre_dfa_exec not available" >&2;} fi @@ -10880,14 +12315,16 @@ fi # Check whether --enable-process-check was given. -if test "${enable_process_check+set}" = set; then : +if test ${enable_process_check+y} +then : enableval=$enable_process_check; if test "x${enable_process_check}" = xyes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sched_getparam in -lrt" >&5 -$as_echo_n "checking for sched_getparam in -lrt... " >&6; } -if ${ac_cv_lib_rt_sched_getparam+:} false; then : - $as_echo_n "(cached) " >&6 -else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for sched_getparam in -lrt" >&5 +printf %s "checking for sched_getparam in -lrt... " >&6; } +if test ${ac_cv_lib_rt_sched_getparam+y} +then : + printf %s "(cached) " >&6 +else $as_nop ac_check_lib_save_LIBS=$LIBS LIBS="-lrt $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -10896,32 +12333,31 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif char sched_getparam (); int -main () +main (void) { return sched_getparam (); ; return 0; } _ACEOF -if ac_fn_c_try_link "$LINENO"; then : +if ac_fn_c_try_link "$LINENO" +then : ac_cv_lib_rt_sched_getparam=yes -else +else $as_nop ac_cv_lib_rt_sched_getparam=no fi -rm -f core conftest.err conftest.$ac_objext \ +rm -f core conftest.err conftest.$ac_objext conftest.beam \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_sched_getparam" >&5 -$as_echo "$ac_cv_lib_rt_sched_getparam" >&6; } -if test "x$ac_cv_lib_rt_sched_getparam" = xyes; then : +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_rt_sched_getparam" >&5 +printf "%s\n" "$ac_cv_lib_rt_sched_getparam" >&6; } +if test "x$ac_cv_lib_rt_sched_getparam" = xyes +then : sh_lrt=yes -else +else $as_nop sh_lrt=no fi @@ -10932,7 +12368,7 @@ fi fi LIBS="$LIBS $LIBRT" -$as_echo "#define SH_USE_PROCESSCHECK 1" >>confdefs.h +printf "%s\n" "#define SH_USE_PROCESSCHECK 1" >>confdefs.h fi @@ -10941,11 +12377,12 @@ fi # Check whether --enable-port-check was given. -if test "${enable_port_check+set}" = set; then : +if test ${enable_port_check+y} +then : enableval=$enable_port_check; if test "x${enable_port_check}" = xyes; then -$as_echo "#define SH_USE_PORTCHECK 1" >>confdefs.h +printf "%s\n" "#define SH_USE_PORTCHECK 1" >>confdefs.h fi @@ -10954,10 +12391,11 @@ fi # Check whether --enable-userfiles was given. -if test "${enable_userfiles+set}" = set; then : +if test ${enable_userfiles+y} +then : enableval=$enable_userfiles; if test "x${enableval}" = "xyes"; then - $as_echo "#define SH_USE_USERFILES 1" >>confdefs.h + printf "%s\n" "#define SH_USE_USERFILES 1" >>confdefs.h fi @@ -10966,24 +12404,25 @@ fi # Check whether --enable-debug was given. -if test "${enable_debug+set}" = set; then : +if test ${enable_debug+y} +then : enableval=$enable_debug; if test "x${enable_debug}" = "xyes"; then if test "x${mydebugflag}" != "xyes"; then - $as_echo "#define MEM_DEBUG 1" >>confdefs.h + printf "%s\n" "#define MEM_DEBUG 1" >>confdefs.h fi - $as_echo "#define WITH_TPT 1" >>confdefs.h + printf "%s\n" "#define WITH_TPT 1" >>confdefs.h - $as_echo "#define SL_DEBUG 1" >>confdefs.h + printf "%s\n" "#define SL_DEBUG 1" >>confdefs.h -$as_echo "#define DNMALLOC_CHECKS 1" >>confdefs.h +printf "%s\n" "#define DNMALLOC_CHECKS 1" >>confdefs.h -$as_echo "#define PARANOIA 0" >>confdefs.h +printf "%s\n" "#define PARANOIA 0" >>confdefs.h - $as_echo "#define SL_FAIL_ON_ERROR 1" >>confdefs.h + printf "%s\n" "#define SL_FAIL_ON_ERROR 1" >>confdefs.h if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" @@ -10991,9 +12430,21 @@ $as_echo "#define PARANOIA 0" >>confdefs.h mydebugdef="-g" fi mydebugit="yes" + elif test "x${enable_debug}" = "xmem"; then + printf "%s\n" "#define MEM_DEBUG 1" >>confdefs.h + + +printf "%s\n" "#define SH_ABORT_ON_ERROR 1" >>confdefs.h + + if test "x${myneedg3}" = "xyes"; then + mydebugdef="-g3" + else + mydebugdef="-g" + fi + mydebugit="yes" elif test "x${enable_debug}" = "xgdb"; then -$as_echo "#define SH_ABORT_ON_ERROR 1" >>confdefs.h +printf "%s\n" "#define SH_ABORT_ON_ERROR 1" >>confdefs.h if test "x${myneedg3}" = "xyes"; then mydebugdef="-g3" @@ -11014,7 +12465,8 @@ else sh_enable_asm=no fi # Check whether --enable-asm was given. -if test "${enable_asm+set}" = set; then : +if test ${enable_asm+y} +then : enableval=$enable_asm; if test "x${enable_asm}" = xno; then sh_enable_asm=no @@ -11027,17 +12479,18 @@ fi if test "x${samhain_64_asm}" = xyes; then if test "x${sh_enable_asm}" = xyes; then -$as_echo "#define TIGER_OPT_ASM 1" >>confdefs.h +printf "%s\n" "#define TIGER_OPT_ASM 1" >>confdefs.h fi fi # Check whether --enable-ipv6 was given. -if test "${enable_ipv6+set}" = set; then : +if test ${enable_ipv6+y} +then : enableval=$enable_ipv6; if test "x${enable_ipv6}" = xno; then -$as_echo "#define USE_IPV4 1" >>confdefs.h +printf "%s\n" "#define USE_IPV4 1" >>confdefs.h fi @@ -11052,7 +12505,8 @@ else fi # Check whether --enable-dnmalloc was given. -if test "${enable_dnmalloc+set}" = set; then : +if test ${enable_dnmalloc+y} +then : enableval=$enable_dnmalloc; if test "x${enable_dnmalloc}" = xno; then sh_dnmalloc_enabled=no @@ -11080,16 +12534,17 @@ fi if test "x${sh_dnmalloc_enabled}" = xno; then -$as_echo "#define USE_SYSTEM_MALLOC 1" >>confdefs.h +printf "%s\n" "#define USE_SYSTEM_MALLOC 1" >>confdefs.h fi # Check whether --enable-ptrace was given. -if test "${enable_ptrace+set}" = set; then : +if test ${enable_ptrace+y} +then : enableval=$enable_ptrace; if test "x${enable_ptrace}" = xyes; then if test "x$mydebugit" != "xyes"; then - $as_echo "#define SCREW_IT_UP 1" >>confdefs.h + printf "%s\n" "#define SCREW_IT_UP 1" >>confdefs.h fi fi @@ -11111,7 +12566,7 @@ if test "x$GCC" = "xyes"; then CFLAGS="$CFLAGS -Wall -W -Wno-missing-braces " ;; *) - CFLAGS="$CFLAGS -Wall -W " + CFLAGS="$CFLAGS -Wall -W -Werror=implicit-function-declaration " ;; esac fi @@ -11123,36 +12578,38 @@ if test "x$GCC" = "xyes"; then if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fno-strength-reduce" >&5 -$as_echo_n "checking whether ${CC} accepts -fno-strength-reduce... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fno-strength-reduce" >&5 +printf %s "checking whether ${CC} accepts -fno-strength-reduce... " >&6; } saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Werror -fno-strength-reduce" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -fno-strength-reduce | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : flag_check_cv=yes -else +else $as_nop flag_check_cv=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$saved_cflags" - if test $flag_check_cv = yes; then CFLAGS="$CFLAGS -fno-strength-reduce" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi fi @@ -11166,36 +12623,38 @@ $as_echo "no" >&6; } if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fno-omit-frame-pointer" >&5 -$as_echo_n "checking whether ${CC} accepts -fno-omit-frame-pointer... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -fno-omit-frame-pointer" >&5 +printf %s "checking whether ${CC} accepts -fno-omit-frame-pointer... " >&6; } saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Werror -fno-omit-frame-pointer" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -fno-omit-frame-pointer | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : flag_check_cv=yes -else +else $as_nop flag_check_cv=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$saved_cflags" - if test $flag_check_cv = yes; then CFLAGS="$CFLAGS -fno-omit-frame-pointer" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi fi @@ -11207,36 +12666,38 @@ fi if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -Wno-empty-body" >&5 -$as_echo_n "checking whether ${CC} accepts -Wno-empty-body... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -Wno-empty-body" >&5 +printf %s "checking whether ${CC} accepts -Wno-empty-body... " >&6; } saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Werror -Wno-empty-body" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -Wno-empty-body | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : flag_check_cv=yes -else +else $as_nop flag_check_cv=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$saved_cflags" - if test $flag_check_cv = yes; then CFLAGS="$CFLAGS -Wno-empty-body" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi fi @@ -11244,48 +12705,51 @@ $as_echo "no" >&6; } if test "X$CC" != "X"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -Wno-invalid-source-encoding" >&5 -$as_echo_n "checking whether ${CC} accepts -Wno-invalid-source-encoding... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether ${CC} accepts -Wno-invalid-source-encoding" >&5 +printf %s "checking whether ${CC} accepts -Wno-invalid-source-encoding... " >&6; } saved_cflags="$CFLAGS" - CFLAGS="$CFLAGS -Werror -Wno-invalid-source-encoding" + # any -Wno- option will always succeed :-( + flag_check_opt=`echo -Wno-invalid-source-encoding | sed 's,-Wno-,-W,'` + CFLAGS="$CFLAGS -Werror $flag_check_opt" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int -main () +main (void) { ; return 0; } _ACEOF -if ac_fn_c_try_compile "$LINENO"; then : +if ac_fn_c_try_compile "$LINENO" +then : flag_check_cv=yes -else +else $as_nop flag_check_cv=no fi -rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +rm -f core conftest.err conftest.$ac_objext conftest.beam conftest.$ac_ext CFLAGS="$saved_cflags" - if test $flag_check_cv = yes; then CFLAGS="$CFLAGS -Wno-invalid-source-encoding" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking which random module to use" >&5 -$as_echo_n "checking which random module to use... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking which random module to use" >&5 +printf %s "checking which random module to use... " >&6; } # Check whether --with-rnd was given. -if test "${with_rnd+set}" = set; then : +if test ${with_rnd+y} +then : withval=$with_rnd; use_static_rnd=$withval -else +else $as_nop use_static_rnd=default fi @@ -11296,27 +12760,26 @@ fi case "$use_static_rnd" in egd | dev | unix | default ) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_static_rnd" >&5 -$as_echo "$use_static_rnd" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $use_static_rnd" >&5 +printf "%s\n" "$use_static_rnd" >&6; } ;; * ) - { $as_echo "$as_me:${as_lineno-$LINENO}: result: invalid argument" >&5 -$as_echo "invalid argument" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: invalid argument" >&5 +printf "%s\n" "invalid argument" >&6; } as_fn_error $? "Option --with-rnd=module used with unsupported module ${use_static_rnd}" "$LINENO" 5 ;; esac # Check whether --with-egd-socket was given. -if test "${with_egd_socket+set}" = set; then : +if test ${with_egd_socket+y} +then : withval=$with_egd_socket; egd_socket_name="$withval" -else +else $as_nop egd_socket_name="" fi -cat >>confdefs.h <<_ACEOF -#define EGD_SOCKET_NAME _("$egd_socket_name") -_ACEOF +printf "%s\n" "#define EGD_SOCKET_NAME _(\"$egd_socket_name\") " >>confdefs.h @@ -11327,12 +12790,12 @@ dev | default ) try_dev_random=yes ;; egd) - $as_echo "#define HAVE_EGD_RANDOM 1" >>confdefs.h + printf "%s\n" "#define HAVE_EGD_RANDOM 1" >>confdefs.h try_dev_random=no ;; unix) - $as_echo "#define HAVE_UNIX_RANDOM 1" >>confdefs.h + printf "%s\n" "#define HAVE_UNIX_RANDOM 1" >>confdefs.h try_dev_random=no ;; @@ -11340,43 +12803,35 @@ esac if test "x$try_dev_random" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether /dev/random exists" >&5 -$as_echo_n "checking whether /dev/random exists... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether /dev/random exists" >&5 +printf %s "checking whether /dev/random exists... " >&6; } if test -r "/dev/srandom" && test -c "/dev/srandom"; then - $as_echo "#define HAVE_URANDOM 1" >>confdefs.h + printf "%s\n" "#define HAVE_URANDOM 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define NAME_OF_DEV_RANDOM _("/dev/srandom") -_ACEOF + printf "%s\n" "#define NAME_OF_DEV_RANDOM _(\"/dev/srandom\") " >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } if test -r "/dev/urandom" && test -c "/dev/urandom"; then - cat >>confdefs.h <<_ACEOF -#define NAME_OF_DEV_URANDOM _("/dev/urandom") -_ACEOF + printf "%s\n" "#define NAME_OF_DEV_URANDOM _(\"/dev/urandom\") " >>confdefs.h fi else if test -r "/dev/random" && test -c "/dev/random"; then - $as_echo "#define HAVE_URANDOM 1" >>confdefs.h + printf "%s\n" "#define HAVE_URANDOM 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define NAME_OF_DEV_RANDOM _("/dev/random") -_ACEOF + printf "%s\n" "#define NAME_OF_DEV_RANDOM _(\"/dev/random\") " >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } if test -r "/dev/urandom" && test -c "/dev/urandom"; then - cat >>confdefs.h <<_ACEOF -#define NAME_OF_DEV_URANDOM _("/dev/urandom") -_ACEOF + printf "%s\n" "#define NAME_OF_DEV_URANDOM _(\"/dev/urandom\") " >>confdefs.h fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - $as_echo "#define HAVE_UNIX_RANDOM 1" >>confdefs.h + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } + printf "%s\n" "#define HAVE_UNIX_RANDOM 1" >>confdefs.h fi fi @@ -11384,10 +12839,11 @@ fi # Check whether --enable-udp was given. -if test "${enable_udp+set}" = set; then : +if test ${enable_udp+y} +then : enableval=$enable_udp; if test "x${enable_udp}" = xyes; then - $as_echo "#define INET_SYSLOG 1" >>confdefs.h + printf "%s\n" "#define INET_SYSLOG 1" >>confdefs.h fi @@ -11397,7 +12853,8 @@ fi myencrypt=yes # Check whether --enable-encrypt was given. -if test "${enable_encrypt+set}" = set; then : +if test ${enable_encrypt+y} +then : enableval=$enable_encrypt; if test "x${enable_encrypt}" = xno; then myencrypt=no @@ -11407,15 +12864,16 @@ if test "${enable_encrypt+set}" = set; then : fi if test "x${myencrypt}" = "xyes"; then - $as_echo "#define SH_ENCRYPT 1" >>confdefs.h + printf "%s\n" "#define SH_ENCRYPT 1" >>confdefs.h - $as_echo "#define SH_ENCRYPT_2 1" >>confdefs.h + printf "%s\n" "#define SH_ENCRYPT_2 1" >>confdefs.h fi sh_use_srp_proto=yes # Check whether --enable-srp was given. -if test "${enable_srp+set}" = set; then : +if test ${enable_srp+y} +then : enableval=$enable_srp; if test "x${enable_srp}" = xno; then sh_use_srp_proto=no @@ -11425,31 +12883,31 @@ if test "${enable_srp+set}" = set; then : fi if test "x${sh_use_srp_proto}" = xyes; then - $as_echo "#define USE_SRP_PROTOCOL 1" >>confdefs.h + printf "%s\n" "#define USE_SRP_PROTOCOL 1" >>confdefs.h fi # Check whether --with-port was given. -if test "${with_port+set}" = set; then : +if test ${with_port+y} +then : withval=$with_port; echo "${withval}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --with-port=PORT, PORT must be numeric." "$LINENO" 5 myport=${withval} -else +else $as_nop myport="49777" fi -cat >>confdefs.h <<_ACEOF -#define SH_DEFAULT_PORT ${myport} -_ACEOF +printf "%s\n" "#define SH_DEFAULT_PORT ${myport}" >>confdefs.h # Check whether --with-logserver was given. -if test "${with_logserver+set}" = set; then : +if test ${with_logserver+y} +then : withval=$with_logserver; case "$withval" in *.* | localhost) @@ -11460,19 +12918,18 @@ if test "${with_logserver+set}" = set; then : ;; esac -else +else $as_nop mylogsrv="NULL" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_LOGSERVER _("${mylogsrv}") -_ACEOF +printf "%s\n" "#define DEFAULT_LOGSERVER _(\"${mylogsrv}\") " >>confdefs.h # Check whether --with-altlogserver was given. -if test "${with_altlogserver+set}" = set; then : +if test ${with_altlogserver+y} +then : withval=$with_altlogserver; case "$withval" in *.* | localhost) @@ -11483,13 +12940,11 @@ if test "${with_altlogserver+set}" = set; then : ;; esac -else +else $as_nop myaltlogsrv="NULL" fi -cat >>confdefs.h <<_ACEOF -#define ALT_LOGSERVER _("${myaltlogsrv}") -_ACEOF +printf "%s\n" "#define ALT_LOGSERVER _(\"${myaltlogsrv}\")" >>confdefs.h @@ -11497,10 +12952,11 @@ _ACEOF nocl_code= xor_code=0 # Check whether --enable-nocl was given. -if test "${enable_nocl+set}" = set; then : +if test ${enable_nocl+y} +then : enableval=$enable_nocl; if test "x${enableval}" != "x"; then - $as_echo "#define SH_STEALTH_NOCL 1" >>confdefs.h + printf "%s\n" "#define SH_STEALTH_NOCL 1" >>confdefs.h fi if test "x${enableval}" = "xstop" || test "x${enableval}" = "xstart"; then @@ -11520,14 +12976,13 @@ if test "${enable_nocl+set}" = set; then : fi -cat >>confdefs.h <<_ACEOF -#define NOCL_CODE _("${nocl_code}") -_ACEOF +printf "%s\n" "#define NOCL_CODE _(\"${nocl_code}\") " >>confdefs.h # Check whether --enable-stealth was given. -if test "${enable_stealth+set}" = set; then : - enableval=$enable_stealth; $as_echo "#define SH_STEALTH 1" >>confdefs.h +if test ${enable_stealth+y} +then : + enableval=$enable_stealth; printf "%s\n" "#define SH_STEALTH 1" >>confdefs.h if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && @@ -11546,7 +13001,7 @@ if test "${enable_stealth+set}" = set; then : fi stegin_prg="samhain_stealth" -else +else $as_nop stegin_prg= @@ -11554,11 +13009,12 @@ else fi # Check whether --enable-micro-stealth was given. -if test "${enable_micro_stealth+set}" = set; then : +if test ${enable_micro_stealth+y} +then : enableval=$enable_micro_stealth; - $as_echo "#define SH_STEALTH 1" >>confdefs.h + printf "%s\n" "#define SH_STEALTH 1" >>confdefs.h - $as_echo "#define SH_STEALTH_MICRO 1" >>confdefs.h + printf "%s\n" "#define SH_STEALTH_MICRO 1" >>confdefs.h if test "x${enableval}" != "xyes"; then echo "${enableval}" | grep '[^0123456789]' >/dev/null 2>&1 && @@ -11582,7 +13038,8 @@ fi install_name="samhain" INSTALL_NAME="SAMHAIN" # Check whether --enable-install-name was given. -if test "${enable_install_name+set}" = set; then : +if test ${enable_install_name+y} +then : enableval=$enable_install_name; if test "x${enableval}" != "xyes"; then install_name="${enableval}" @@ -11592,7 +13049,7 @@ if test "${enable_install_name+set}" = set; then : INSTALL_NAME=`echo "${sh_main_prg}" | tr a-z A-Z` fi -else +else $as_nop install_name="${sh_main_prg}" INSTALL_NAME=`echo "${sh_main_prg}" | tr a-z A-Z` @@ -11605,7 +13062,8 @@ fi need_user_install=0 # Check whether --enable-identity was given. -if test "${enable_identity+set}" = set; then : +if test ${enable_identity+y} +then : enableval=$enable_identity; if test x"$enableval" = xno; then myident="daemon" @@ -11617,39 +13075,37 @@ if test "${enable_identity+set}" = set; then : myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" = x; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&5 -$as_echo "$as_me: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&5 +printf "%s\n" "$as_me: WARNING: Option --enable-identity used, user ${myident} will be added upon install." >&2;} need_user_install=1 fi -else +else $as_nop for myident in ${install_name} daemon nobody; do - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for user ${myident}" >&5 -$as_echo_n "checking for user ${myident}... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for user ${myident}" >&5 +printf %s "checking for user ${myident}... " >&6; } myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ grep "^${myident}:" | awk -F: '{ print $3; }'` if test x"${myident_uid}" != x; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +printf "%s\n" "yes" >&6; } break; else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } fi done if test x"${myident_uid}" = x; then myident=${install_name} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --enable-identity: user ${myident} will be added upon install" >&5 -$as_echo "$as_me: WARNING: --enable-identity: user ${myident} will be added upon install" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --enable-identity: user ${myident} will be added upon install" >&5 +printf "%s\n" "$as_me: WARNING: --enable-identity: user ${myident} will be added upon install" >&2;} need_user_install=1 fi fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_IDENT _("${myident}") -_ACEOF +printf "%s\n" "#define DEFAULT_IDENT _(\"${myident}\") " >>confdefs.h @@ -11659,13 +13115,9 @@ _ACEOF -cat >>confdefs.h <<_ACEOF -#define XOR_CODE ${xor_code} -_ACEOF +printf "%s\n" "#define XOR_CODE ${xor_code}" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define SH_SYSCALLTABLE ${sh_syscalltable} -_ACEOF +printf "%s\n" "#define SH_SYSCALLTABLE ${sh_syscalltable}" >>confdefs.h @@ -11673,25 +13125,20 @@ exepack_state0=`${srcdir}/c_random.sh 2>/dev/null` exepack_state1=`${srcdir}/c_random.sh 2>/dev/null` exepack_state2=`${srcdir}/c_random.sh 2>/dev/null` -cat >>confdefs.h <<_ACEOF -#define EXEPACK_STATE_0 ${exepack_state0} -_ACEOF +printf "%s\n" "#define EXEPACK_STATE_0 ${exepack_state0}" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define EXEPACK_STATE_1 ${exepack_state1} -_ACEOF +printf "%s\n" "#define EXEPACK_STATE_1 ${exepack_state1}" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define EXEPACK_STATE_2 ${exepack_state2} -_ACEOF +printf "%s\n" "#define EXEPACK_STATE_2 ${exepack_state2}" >>confdefs.h # Check whether --enable-suidcheck was given. -if test "${enable_suidcheck+set}" = set; then : +if test ${enable_suidcheck+y} +then : enableval=$enable_suidcheck; if test "x${enableval}" = "xyes"; then - $as_echo "#define SH_USE_SUIDCHK 1" >>confdefs.h + printf "%s\n" "#define SH_USE_SUIDCHK 1" >>confdefs.h fi @@ -11701,14 +13148,15 @@ fi # Check whether --enable-base was given. -if test "${enable_base+set}" = set; then : +if test ${enable_base+y} +then : enableval=$enable_base; - { $as_echo "$as_me:${as_lineno-$LINENO}: checking base key setting" >&5 -$as_echo_n "checking base key setting... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking base key setting" >&5 +printf %s "checking base key setting... " >&6; } my_key_A=`echo ${enableval} | awk 'BEGIN{FS=","}{print $1}'` my_key_B=`echo ${enableval} | awk 'BEGIN{FS=","}{print $2}'` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 -$as_echo "${my_key_A} ${my_key_B}" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 +printf "%s\n" "${my_key_A} ${my_key_B}" >&6; } if test "x${my_key_A}" = x; then as_fn_error $? "Option --enable-base=B1,B2 used with invalid first base key (zero length)." "$LINENO" 5 fi @@ -11720,10 +13168,10 @@ $as_echo "${my_key_A} ${my_key_B}" >&6; } echo "${my_key_B}" | grep '[^0123456789]' >/dev/null 2>&1 && as_fn_error $? "For --enable-base=B1,B2, B1 and B2 must be numeric in the range 0 to 2147483647." "$LINENO" 5 -else +else $as_nop - { $as_echo "$as_me:${as_lineno-$LINENO}: checking base key setting .. collecting entropy" >&5 -$as_echo_n "checking base key setting .. collecting entropy... " >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking base key setting .. collecting entropy" >&5 +printf %s "checking base key setting .. collecting entropy... " >&6; } my_key_1=`${srcdir}/c_random.sh 2>/dev/null` my_key_2=`${srcdir}/c_random.sh 2>/dev/null` my_key_3=`${srcdir}/c_random.sh 2>/dev/null` @@ -11734,8 +13182,8 @@ $as_echo_n "checking base key setting .. collecting entropy... " >&6; } my_key_B=`expr $my_key_3 \* 32767` my_key_B=`echo ${my_key_B} | sed 's%^0*%%g' 2>/dev/null` my_key_B=`expr $my_key_B \+ $my_key_4` - { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 -$as_echo "${my_key_A} ${my_key_B}" >&6; } + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${my_key_A} ${my_key_B}" >&5 +printf "%s\n" "${my_key_A} ${my_key_B}" >&6; } fi @@ -11754,31 +13202,136 @@ my_key_4=`expr $my_key_B \/ 65536` -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking key position" >&5 -$as_echo_n "checking key position... " >&6; } +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking key position" >&5 +printf %s "checking key position... " >&6; } pos_tf_1=`${srcdir}/c_random.sh 2>/dev/null` pos_tf_2=`expr $pos_tf_1 \% 8` pos_tf=`expr $pos_tf_2 + 1` -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${pos_tf}" >&5 -$as_echo "${pos_tf}" >&6; } -cat >>confdefs.h <<_ACEOF -#define POS_TF ${pos_tf} -_ACEOF +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: ${pos_tf}" >&5 +printf "%s\n" "${pos_tf}" >&6; } +printf "%s\n" "#define POS_TF ${pos_tf} " >>confdefs.h mykeybase=`echo ${my_key_A},${my_key_B}` -cat >>confdefs.h <<_ACEOF -#define DEFKEY ${mykeybase} -_ACEOF +printf "%s\n" "#define DEFKEY ${mykeybase} " >>confdefs.h + + + + + + +# Check whether --with-signify was given. +if test ${with_signify+y} +then : + withval=$with_signify; + if test "x${withval}" != "xno"; then + if test "x${cross_compiling}" = xyes; then + mysignify="${withval}" + else + if test -f "${withval}"; then + mysignify="${withval}" + mychk0=`gpg --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + mychktest=no + for sam_pre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do + if test x"${mychktest}" = xyes + then + : + else + if test -f ${sam_pre} + then + echo "use existing ${sam_pre} for signify checksum" + mychk0=`${sam_pre} -H ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + if test "x${nocl_code}" != "x"; then + mychk0=`echo -H ${withval} | ${sam_pre} ${nocl_code} 2>/dev/null` + if test "x$?" != "x0"; then + : + else + mychk="${mychk0}" + mychktest=yes + fi + fi + else + mychk="${mychk0}" + mychktest=yes + fi + fi + fi + done + if test x${mychktest} = xno; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-signify: cannot determine TIGER192 checksum of ${withval}" >&5 +printf "%s\n" "$as_me: WARNING: --with-signify: cannot determine TIGER192 checksum of ${withval}" >&2;} + echo "-------------------------------------------------------------" + echo " I cannot find an existing GnuPG or samhain binary to use." + echo " You can:" + echo " (a) run make to compile a samhain binary, then repeat" + echo " ./configure and make" + echo " (b) ignore the failure. The checksum of the signify binary" + echo " will not get compiled in, thus allowing an attacker" + echo " to replace signify with a trojan and subverting the" + echo " signature verification of configure and database files." + echo + echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" + echo "-------------------------------------------------------------" + fi + else + mychk="${mychk0}" + fi + else + as_fn_error $? "--with-signify: cannot find signify PATH=${withval}" "$LINENO" 5 + fi + fi + +printf "%s\n" "#define WITH_SIG 1" >>confdefs.h + + +printf "%s\n" "#define WITH_SIGNIFY 1" >>confdefs.h + + +printf "%s\n" "#define DEFAULT_SIG_PATH _(\"${mysignify}\")" >>confdefs.h + fi + + +fi + + + +# Check whether --with-pubkey-checksum was given. +if test ${with_pubkey_checksum+y} +then : + withval=$with_pubkey_checksum; + if test "x${withval}" != "xno"; then + if test "x${withval}" == "xyes"; then + as_fn_error $? "Option --with-pubkey-checksum=CHKSUM: checksum CHKSUM of signify public key not specified." "$LINENO" 5 + else + if test "x${withval}" = "x"; then + as_fn_error $? "Option --with-checksum=CHKSUM: checksum CHKSUM of the signify public key not specified." "$LINENO" 5 + fi + fi + +printf "%s\n" "#define HAVE_SIG_KEY_HASH 1" >>confdefs.h + + +printf "%s\n" "#define SIG_KEY_HASH _(\"${withval}\")" >>confdefs.h + + fi + + +fi # Check whether --with-gpg was given. -if test "${with_gpg+set}" = set; then : +if test ${with_gpg+y} +then : withval=$with_gpg; + if test "x${mysignify}" != "x"; then + as_fn_error $? "--with-gpg: already using --with-signify" "$LINENO" 5 + fi if test "x${withval}" != "xno"; then if test "x${cross_compiling}" = xyes; then mygpg="${withval}" @@ -11815,8 +13368,8 @@ if test "${with_gpg+set}" = set; then : fi done if test x${mychktest} = xno; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&5 -$as_echo "$as_me: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&5 +printf "%s\n" "$as_me: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${withval}" >&2;} echo "-------------------------------------------------------------" echo " Your gpg binary does not support the TIGER192 checksum, " echo " and I cannot find an existing samhain binary to use instead." @@ -11838,11 +13391,13 @@ $as_echo "$as_me: WARNING: --with-gpg: cannot determine TIGER192 checksum of ${w as_fn_error $? "--with-gpg: cannot find GnuPG PATH=${withval}" "$LINENO" 5 fi fi - $as_echo "#define WITH_GPG 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define DEFAULT_GPG_PATH _("${mygpg}") -_ACEOF +printf "%s\n" "#define WITH_SIG 1" >>confdefs.h + + printf "%s\n" "#define WITH_GPG 1" >>confdefs.h + + +printf "%s\n" "#define DEFAULT_SIG_PATH _(\"${mygpg}\")" >>confdefs.h fi @@ -11855,7 +13410,8 @@ fi # Check whether --with-keyid was given. -if test "${with_keyid+set}" = set; then : +if test ${with_keyid+y} +then : withval=$with_keyid; if test "x${withval}" != "x"; then echo "${withval}" | awk '{if((length($0)==10)||(length($0)==18)){exit 2}else{exit 0}}' && @@ -11876,48 +13432,49 @@ fi - # Check whether --with-checksum was given. -if test "${with_checksum+set}" = set; then : +if test ${with_checksum+y} +then : withval=$with_checksum; if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then if test "x${mychk}" != "x"; then if test "x${mychk}" != "x${withval}"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: possible gpg CHKSUM problem" >&5 -$as_echo "$as_me: WARNING: --with-checksum: possible gpg CHKSUM problem" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: CHKSUM=${withval}" >&5 -$as_echo "$as_me: WARNING: --with-checksum: CHKSUM=${withval}" >&2;} - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: autodetected=${mychk}" >&5 -$as_echo "$as_me: WARNING: --with-checksum: autodetected=${mychk}" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: possible signing binary CHKSUM problem" >&5 +printf "%s\n" "$as_me: WARNING: --with-checksum: possible signing binary CHKSUM problem" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: CHKSUM=${withval}" >&5 +printf "%s\n" "$as_me: WARNING: --with-checksum: CHKSUM=${withval}" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-checksum: autodetected=${mychk}" >&5 +printf "%s\n" "$as_me: WARNING: --with-checksum: autodetected=${mychk}" >&2;} fi fi mychk="${withval}" else if test "x${mychk}" = "x"; then - as_fn_error $? "Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified." "$LINENO" 5 + as_fn_error $? "Option --with-checksum=CHKSUM: checksum CHKSUM of the signing binary not specified." "$LINENO" 5 fi fi - $as_echo "#define HAVE_GPG_CHECKSUM 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define GPG_HASH _("${mychk}") -_ACEOF +printf "%s\n" "#define HAVE_SIG_CHECKSUM 1" >>confdefs.h + + +printf "%s\n" "#define SIG_HASH _(\"${mychk}\")" >>confdefs.h - echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h fi -else +else $as_nop - if test "x${mygpg}" != "x"; then + if test "x${mygpg}" != "x" || test "x${mysignify}" != "x" + then if test "x${mychk}" != "x"; then - $as_echo "#define HAVE_GPG_CHECKSUM 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define GPG_HASH _("${mychk}") -_ACEOF +printf "%s\n" "#define HAVE_SIG_CHECKSUM 1" >>confdefs.h + - echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h +printf "%s\n" "#define SIG_HASH _(\"${mychk}\")" >>confdefs.h + + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h fi fi @@ -11927,7 +13484,8 @@ fi # Check whether --with-fp was given. -if test "${with_fp+set}" = set; then : +if test ${with_fp+y} +then : withval=$with_fp; if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then @@ -11940,11 +13498,9 @@ if test "${with_fp+set}" = set; then : if test "x${sh_len0}" = "x40" || test "x${sh_len0}" = "x32" then myfp="${withval0}" - $as_echo "#define USE_FINGERPRINT 1" >>confdefs.h + printf "%s\n" "#define USE_FINGERPRINT 1" >>confdefs.h - cat >>confdefs.h <<_ACEOF -#define SH_GPG_FP _("${myfp}") -_ACEOF + printf "%s\n" "#define SH_GPG_FP _(\"${myfp}\") " >>confdefs.h echo "${myfp}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef FINGERPRINT_H"; print "#define FINGERPRINT_H"; printf "char gpgfp[%d];\n", m+1; for (i=1; i <= m; i++) printf "gpgfp[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgfp[%d] = %c%c0%c;\n", m, 39, 92, 39; print "#endif"; }' > sh_gpg_fp.h else @@ -11962,7 +13518,8 @@ fi # Check whether --with-recipient was given. -if test "${with_recipient+set}" = set; then : +if test ${with_recipient+y} +then : withval=$with_recipient; withval0=`echo ${withval} | sed 's%,% %g'` for sh_item in ${withval0} @@ -11984,38 +13541,36 @@ if test "${with_recipient+set}" = set; then : done myrcp="$withval0" -else +else $as_nop myrcp="NULL" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_MAILADDRESS _("${myrcp}") -_ACEOF +printf "%s\n" "#define DEFAULT_MAILADDRESS _(\"${myrcp}\") " >>confdefs.h # Check whether --with-sender was given. -if test "${with_sender+set}" = set; then : +if test ${with_sender+y} +then : withval=$with_sender; mysender="${withval}" -else +else $as_nop mysender="daemon" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_SENDER _("${mysender}") -_ACEOF +printf "%s\n" "#define DEFAULT_SENDER _(\"${mysender}\") " >>confdefs.h # Check whether --with-trusted was given. -if test "${with_trusted+set}" = set; then : +if test ${with_trusted+y} +then : withval=$with_trusted; sh_tmp_test=no sh_tmp=`echo ${withval} | sed 's%,% %g'` @@ -12034,13 +13589,11 @@ if test "${with_trusted+set}" = set; then : fi mytrust="${withval}" -else +else $as_nop mytrust="0" fi -cat >>confdefs.h <<_ACEOF -#define SL_ALWAYS_TRUSTED ${mytrust} -_ACEOF +printf "%s\n" "#define SL_ALWAYS_TRUSTED ${mytrust} " >>confdefs.h @@ -12048,29 +13601,24 @@ mytmpdir= # Check whether --with-tmp-dir was given. -if test "${with_tmp_dir+set}" = set; then : +if test ${with_tmp_dir+y} +then : withval=$with_tmp_dir; if test "x${cross_compiling}" = xyes; then mytmpdir="$withval" - cat >>confdefs.h <<_ACEOF -#define SH_TMPDIR _("${mytmpdir}") -_ACEOF + printf "%s\n" "#define SH_TMPDIR _(\"${mytmpdir}\") " >>confdefs.h else if test -d "${withval}"; then mytmpdir="$withval" - cat >>confdefs.h <<_ACEOF -#define SH_TMPDIR _("${mytmpdir}") -_ACEOF + printf "%s\n" "#define SH_TMPDIR _(\"${mytmpdir}\") " >>confdefs.h else mytmpdir="$withval" - cat >>confdefs.h <<_ACEOF -#define SH_TMPDIR _("${mytmpdir}") -_ACEOF + printf "%s\n" "#define SH_TMPDIR _(\"${mytmpdir}\") " >>confdefs.h - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&5 -$as_echo "$as_me: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&5 +printf "%s\n" "$as_me: WARNING: --with-tmp-dir: tmp directory ${withval} does not exist" >&2;} fi fi @@ -12155,14 +13703,15 @@ fi # Check whether --with-config-file was given. -if test "${with_config_file+set}" = set; then : +if test ${with_config_file+y} +then : withval=$with_config_file; myconffile="${withval}" tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` sysconfdir=`echo ${tmp} | sed 's%/[^/][^/]*$%%'` myrpmconffile="${tmp}" -else +else $as_nop myconffile="${sysconfdir}/${install_name}rc" myrpmconffile="${myconffile}" @@ -12170,21 +13719,20 @@ else fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_CONFIGFILE _("${myconffile}") -_ACEOF +printf "%s\n" "#define DEFAULT_CONFIGFILE _(\"${myconffile}\") " >>confdefs.h # Check whether --with-log-file was given. -if test "${with_log_file+set}" = set; then : +if test ${with_log_file+y} +then : withval=$with_log_file; mylogfile="$withval" mylogdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` -else +else $as_nop if test "x${mytclient}" = "x-DSH_WITH_SERVER"; then mylogfile="${localstatedir}/log/${install_name}/${install_name}_log" @@ -12197,25 +13745,22 @@ else fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_ERRFILE _("${mylogfile}") -_ACEOF +printf "%s\n" "#define DEFAULT_ERRFILE _(\"${mylogfile}\") " >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define DEFAULT_LOGDIR _("${mylogdir}") -_ACEOF +printf "%s\n" "#define DEFAULT_LOGDIR _(\"${mylogdir}\") " >>confdefs.h # Check whether --with-pid-file was given. -if test "${with_pid_file+set}" = set; then : +if test ${with_pid_file+y} +then : withval=$with_pid_file; mylockfile="$withval" mylockdir=`echo ${withval} | sed 's%/[^/][^/]*$%%'` -else +else $as_nop if test -h /var/run && test -d /run; then mylockfile="/run/${install_name}.pid" @@ -12228,24 +13773,21 @@ else fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_ERRLOCK _("${mylockfile}") -_ACEOF +printf "%s\n" "#define DEFAULT_ERRLOCK _(\"${mylockfile}\") " >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define DEFAULT_PIDDIR _("${mylockdir}") -_ACEOF +printf "%s\n" "#define DEFAULT_PIDDIR _(\"${mylockdir}\") " >>confdefs.h # Check whether --with-state-dir was given. -if test "${with_state_dir+set}" = set; then : +if test ${with_state_dir+y} +then : withval=$with_state_dir; mydataroot="$withval" -else +else $as_nop mydataroot="${localstatedir}/lib/${install_name}" @@ -12254,7 +13796,8 @@ fi # Check whether --with-data-file was given. -if test "${with_data_file+set}" = set; then : +if test ${with_data_file+y} +then : withval=$with_data_file; mydatafile="$withval" tmp=`echo ${withval} | sed 's%^REQ_FROM_SERVER%%'` @@ -12271,48 +13814,41 @@ if test "${with_data_file+set}" = set; then : as_fn_error $? "Option --with-data-file=FILE used with invalid path ${withval}." "$LINENO" 5 fi -else +else $as_nop mydatafile="${mydataroot}/${install_name}_file" myrpmdatafile="${mydatafile}" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_DATA_FILE _("${mydatafile}") -_ACEOF +printf "%s\n" "#define DEFAULT_DATA_FILE _(\"${mydatafile}\") " >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define DEFAULT_DATAROOT _("${mydataroot}") -_ACEOF +printf "%s\n" "#define DEFAULT_DATAROOT _(\"${mydataroot}\") " >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define DEFAULT_QDIR _("${mydataroot}/.quarantine") -_ACEOF +printf "%s\n" "#define DEFAULT_QDIR _(\"${mydataroot}/.quarantine\") " >>confdefs.h # Check whether --with-html-file was given. -if test "${with_html_file+set}" = set; then : +if test ${with_html_file+y} +then : withval=$with_html_file; myhtmlfile="$withval" -else +else $as_nop myhtmlfile="${mylogdir}/${install_name}.html" fi -cat >>confdefs.h <<_ACEOF -#define DEFAULT_HTML_FILE _("${myhtmlfile}") -_ACEOF +printf "%s\n" "#define DEFAULT_HTML_FILE _(\"${myhtmlfile}\") " >>confdefs.h @@ -12329,23 +13865,17 @@ fi -cat >>confdefs.h <<_ACEOF -#define SH_INSTALL_DIR _("${sbindir}") -_ACEOF +printf "%s\n" "#define SH_INSTALL_DIR _(\"${sbindir}\")" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define SH_INSTALL_PATH _("${sbindir}/${install_name}") -_ACEOF +printf "%s\n" "#define SH_INSTALL_PATH _(\"${sbindir}/${install_name}\")" >>confdefs.h -cat >>confdefs.h <<_ACEOF -#define SH_INSTALL_NAME _("${install_name}") -_ACEOF +printf "%s\n" "#define SH_INSTALL_NAME _(\"${install_name}\")" >>confdefs.h ac_config_headers="$ac_config_headers config.h" -ac_config_files="$ac_config_files Makefile samhain-install.sh init/samhain.startLSB init/samhain.startLinux init/samhain.startGentoo init/samhain.startFreeBSD init/samhain.startSolaris init/samhain.startHPUX init/samhain.startIRIX init/samhain.startMACOSX samhain.spec rules.deb rules.deb-light hp_ux.psf scripts/logrotate scripts/samhain.spec scripts/redhat_i386.client.spec scripts/samhain.ebuild scripts/samhain.ebuild-light scripts/samhainadmin.pl scripts/yuleadmin.pl scripts/check_samhain.pl deploy.sh" +ac_config_files="$ac_config_files Makefile samhain-install.sh init/samhain.startLSB init/samhain.startLinux init/samhain.startSystemd init/samhain.startGentoo init/samhain.startFreeBSD init/samhain.startSolaris init/samhain.startHPUX init/samhain.startIRIX init/samhain.startMACOSX samhain.spec rules.deb rules.deb-light hp_ux.psf scripts/logrotate scripts/samhain.spec scripts/redhat_i386.client.spec scripts/samhain.ebuild scripts/samhain.ebuild-light scripts/samhainadmin-gpg.pl scripts/samhainadmin-sig.pl scripts/yuleadmin.pl scripts/check_samhain.pl deploy.sh" ac_config_commands="$ac_config_commands default" @@ -12376,8 +13906,8 @@ _ACEOF case $ac_val in #( *${as_nl}*) case $ac_var in #( - *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 -$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + *_cv_*) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +printf "%s\n" "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( @@ -12407,15 +13937,15 @@ $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; /^ac_cv_env_/b end t clear :clear - s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + s/^\([^=]*\)=\(.*[{}].*\)$/test ${\1+y} || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 -$as_echo "$as_me: updating cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +printf "%s\n" "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else @@ -12429,8 +13959,8 @@ $as_echo "$as_me: updating cache $cache_file" >&6;} fi fi else - { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 -$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +printf "%s\n" "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache @@ -12447,7 +13977,7 @@ U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' - ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + ac_i=`printf "%s\n" "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" @@ -12464,8 +13994,8 @@ LTLIBOBJS=$ac_ltlibobjs ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 -$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +printf "%s\n" "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL @@ -12488,14 +14018,16 @@ cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh -if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : +as_nop=: +if test ${ZSH_VERSION+y} && (emulate sh) >/dev/null 2>&1 +then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST -else +else $as_nop case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( @@ -12505,46 +14037,46 @@ esac fi + +# Reset variables that may have inherited troublesome values from +# the environment. + +# IFS needs to be set, to space, tab, and newline, in precisely that order. +# (If _AS_PATH_WALK were called with IFS unset, it would have the +# side effect of setting IFS to empty, thus disabling word splitting.) +# Quoting is to prevent editors from complaining about space-tab. as_nl=' ' export as_nl -# Printing a long string crashes Solaris 7 /usr/bin/printf. -as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo -as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo -# Prefer a ksh shell builtin over an external printf program on Solaris, -# but without wasting forks for bash or zsh. -if test -z "$BASH_VERSION$ZSH_VERSION" \ - && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='print -r --' - as_echo_n='print -rn --' -elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then - as_echo='printf %s\n' - as_echo_n='printf %s' -else - if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then - as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' - as_echo_n='/usr/ucb/echo -n' - else - as_echo_body='eval expr "X$1" : "X\\(.*\\)"' - as_echo_n_body='eval - arg=$1; - case $arg in #( - *"$as_nl"*) - expr "X$arg" : "X\\(.*\\)$as_nl"; - arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; - esac; - expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" - ' - export as_echo_n_body - as_echo_n='sh -c $as_echo_n_body as_echo' - fi - export as_echo_body - as_echo='sh -c $as_echo_body as_echo' -fi +IFS=" "" $as_nl" + +PS1='$ ' +PS2='> ' +PS4='+ ' + +# Ensure predictable behavior from utilities with locale-dependent output. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# We cannot yet rely on "unset" to work, but we need these variables +# to be unset--not just set to an empty or harmless value--now, to +# avoid bugs in old shells (e.g. pre-3.0 UWIN ksh). This construct +# also avoids known problems related to "unset" and subshell syntax +# in other old shells (e.g. bash 2.01 and pdksh 5.2.14). +for as_var in BASH_ENV ENV MAIL MAILPATH CDPATH +do eval test \${$as_var+y} \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done + +# Ensure that fds 0, 1, and 2 are open. +if (exec 3>&0) 2>/dev/null; then :; else exec 0</dev/null; fi +if (exec 3>&1) 2>/dev/null; then :; else exec 1>/dev/null; fi +if (exec 3>&2) ; then :; else exec 2>/dev/null; fi # The user is always right. -if test "${PATH_SEPARATOR+set}" != set; then +if ${PATH_SEPARATOR+false} :; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || @@ -12553,13 +14085,6 @@ if test "${PATH_SEPARATOR+set}" != set; then fi -# IFS -# We need space, tab and new line, in precisely that order. Quoting is -# there to prevent editors from complaining about space-tab. -# (If _AS_PATH_WALK were called with IFS unset, it would disable word -# splitting by setting IFS to empty value.) -IFS=" "" $as_nl" - # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( @@ -12568,8 +14093,12 @@ case $0 in #(( for as_dir in $PATH do IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + test -r "$as_dir$0" && as_myself=$as_dir$0 && break done IFS=$as_save_IFS @@ -12581,30 +14110,10 @@ if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then - $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + printf "%s\n" "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi -# Unset variables that we do not need and which cause bugs (e.g. in -# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" -# suppresses any "Segmentation fault" message there. '((' could -# trigger a bug in pdksh 5.2.14. -for as_var in BASH_ENV ENV MAIL MAILPATH -do eval test x\${$as_var+set} = xset \ - && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : -done -PS1='$ ' -PS2='> ' -PS4='+ ' - -# NLS nuisances. -LC_ALL=C -export LC_ALL -LANGUAGE=C -export LANGUAGE - -# CDPATH. -(unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] @@ -12617,13 +14126,14 @@ as_fn_error () as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack - $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + printf "%s\n" "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi - $as_echo "$as_me: error: $2" >&2 + printf "%s\n" "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error + # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. @@ -12650,18 +14160,20 @@ as_fn_unset () { eval $1=; unset $1;} } as_unset=as_fn_unset + # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. -if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null +then : eval 'as_fn_append () { eval $1+=\$2 }' -else +else $as_nop as_fn_append () { eval $1=\$$1\$2 @@ -12673,12 +14185,13 @@ fi # as_fn_append # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. -if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null +then : eval 'as_fn_arith () { as_val=$(( $* )) }' -else +else $as_nop as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` @@ -12709,7 +14222,7 @@ as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X/"$0" | +printf "%s\n" X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q @@ -12731,6 +14244,10 @@ as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits + +# Determine whether it's possible to make 'echo' print without a newline. +# These variables are no longer used directly by Autoconf, but are AC_SUBSTed +# for compatibility with existing Makefiles. ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) @@ -12744,6 +14261,12 @@ case `echo -n x` in #((((( ECHO_N='-n';; esac +# For backward compatibility with old third-party macros, we provide +# the shell variables $as_echo and $as_echo_n. New code should use +# AS_ECHO(["message"]) and AS_ECHO_N(["message"]), respectively. +as_echo='printf %s\n' +as_echo_n='printf %s' + rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file @@ -12785,7 +14308,7 @@ as_fn_mkdir_p () as_dirs= while :; do case $as_dir in #( - *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *\'*) as_qdir=`printf "%s\n" "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" @@ -12794,7 +14317,7 @@ $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$as_dir" | +printf "%s\n" X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -12857,7 +14380,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # values after options handling. ac_log=" This file was extended by $as_me, which was -generated by GNU Autoconf 2.69. Invocation command line was +generated by GNU Autoconf 2.71. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS @@ -12919,14 +14442,16 @@ $config_commands Report bugs to the package provider." _ACEOF +ac_cs_config=`printf "%s\n" "$ac_configure_args" | sed "$ac_safe_unquote"` +ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\''/g"` cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 -ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ config.status -configured by $0, generated by GNU Autoconf 2.69, +configured by $0, generated by GNU Autoconf 2.71, with options \\"\$ac_cs_config\\" -Copyright (C) 2012 Free Software Foundation, Inc. +Copyright (C) 2021 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." @@ -12965,15 +14490,15 @@ do -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) - $as_echo "$ac_cs_version"; exit ;; + printf "%s\n" "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) - $as_echo "$ac_cs_config"; exit ;; + printf "%s\n" "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" @@ -12981,7 +14506,7 @@ do --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in - *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + *\'*) ac_optarg=`printf "%s\n" "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; @@ -12990,7 +14515,7 @@ do as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) - $as_echo "$ac_cs_usage"; exit ;; + printf "%s\n" "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; @@ -13018,7 +14543,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift - \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + \printf "%s\n" "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" @@ -13032,7 +14557,7 @@ exec 5>>config.log sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX - $as_echo "$ac_log" + printf "%s\n" "$ac_log" } >&5 _ACEOF @@ -13050,6 +14575,7 @@ do "samhain-install.sh") CONFIG_FILES="$CONFIG_FILES samhain-install.sh" ;; "init/samhain.startLSB") CONFIG_FILES="$CONFIG_FILES init/samhain.startLSB" ;; "init/samhain.startLinux") CONFIG_FILES="$CONFIG_FILES init/samhain.startLinux" ;; + "init/samhain.startSystemd") CONFIG_FILES="$CONFIG_FILES init/samhain.startSystemd" ;; "init/samhain.startGentoo") CONFIG_FILES="$CONFIG_FILES init/samhain.startGentoo" ;; "init/samhain.startFreeBSD") CONFIG_FILES="$CONFIG_FILES init/samhain.startFreeBSD" ;; "init/samhain.startSolaris") CONFIG_FILES="$CONFIG_FILES init/samhain.startSolaris" ;; @@ -13065,7 +14591,8 @@ do "scripts/redhat_i386.client.spec") CONFIG_FILES="$CONFIG_FILES scripts/redhat_i386.client.spec" ;; "scripts/samhain.ebuild") CONFIG_FILES="$CONFIG_FILES scripts/samhain.ebuild" ;; "scripts/samhain.ebuild-light") CONFIG_FILES="$CONFIG_FILES scripts/samhain.ebuild-light" ;; - "scripts/samhainadmin.pl") CONFIG_FILES="$CONFIG_FILES scripts/samhainadmin.pl" ;; + "scripts/samhainadmin-gpg.pl") CONFIG_FILES="$CONFIG_FILES scripts/samhainadmin-gpg.pl" ;; + "scripts/samhainadmin-sig.pl") CONFIG_FILES="$CONFIG_FILES scripts/samhainadmin-sig.pl" ;; "scripts/yuleadmin.pl") CONFIG_FILES="$CONFIG_FILES scripts/yuleadmin.pl" ;; "scripts/check_samhain.pl") CONFIG_FILES="$CONFIG_FILES scripts/check_samhain.pl" ;; "deploy.sh") CONFIG_FILES="$CONFIG_FILES deploy.sh" ;; @@ -13081,9 +14608,9 @@ done # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then - test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files - test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers - test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands + test ${CONFIG_FILES+y} || CONFIG_FILES=$config_files + test ${CONFIG_HEADERS+y} || CONFIG_HEADERS=$config_headers + test ${CONFIG_COMMANDS+y} || CONFIG_COMMANDS=$config_commands fi # Have a temporary directory for convenience. Make it in the build tree @@ -13419,7 +14946,7 @@ do esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac - case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + case $ac_f in *\'*) ac_f=`printf "%s\n" "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done @@ -13427,17 +14954,17 @@ do # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` - $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + printf "%s\n" "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" - { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 -$as_echo "$as_me: creating $ac_file" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +printf "%s\n" "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) - ac_sed_conf_input=`$as_echo "$configure_input" | + ac_sed_conf_input=`printf "%s\n" "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac @@ -13454,7 +14981,7 @@ $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || -$as_echo X"$ac_file" | +printf "%s\n" X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q @@ -13478,9 +15005,9 @@ $as_echo X"$ac_file" | case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) - ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + ac_dir_suffix=/`printf "%s\n" "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. - ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + ac_top_builddir_sub=`printf "%s\n" "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; @@ -13537,8 +15064,8 @@ ac_sed_dataroot=' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 -$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +printf "%s\n" "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' @@ -13581,9 +15108,9 @@ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 -$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +printf "%s\n" "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" @@ -13599,27 +15126,27 @@ which seems to be undefined. Please make sure it is defined" >&2;} # if test x"$ac_file" != x-; then { - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then - { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 -$as_echo "$as_me: $ac_file is unchanged" >&6;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +printf "%s\n" "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else - $as_echo "/* $configure_input */" \ + printf "%s\n" "/* $configure_input */" >&1 \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; - :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 -$as_echo "$as_me: executing $ac_file commands" >&6;} + :C) { printf "%s\n" "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +printf "%s\n" "$as_me: executing $ac_file commands" >&6;} ;; esac @@ -13628,7 +15155,8 @@ $as_echo "$as_me: executing $ac_file commands" >&6;} "default":C) echo timestamp > stamp-h chmod +x samhain-install.sh -chmod +x scripts/samhainadmin.pl +chmod +x scripts/samhainadmin-gpg.pl +chmod +x scripts/samhainadmin-sig.pl chmod +x scripts/yuleadmin.pl chmod +x scripts/check_samhain.pl @@ -13667,13 +15195,23 @@ if test "$no_create" != yes; then $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 -$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +printf "%s\n" "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi chmod +x deploy.sh +if test "x${mysignify}" != x +then + cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl +fi +if test "x${mygpg}" != x +then + cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl +fi + + if test "x${cross_compiling}" = xyes then @@ -13732,3 +15270,4 @@ then fi + diff --git a/configure.ac b/configure.ac index 1b3e2ac..ffffb3a 100644 --- a/configure.ac +++ b/configure.ac @@ -11,7 +11,7 @@ AC_ARG_VAR([LIBS], [libraries to link against, e.g. -lintl]) dnl dnl start dnl -AM_INIT_AUTOMAKE(samhain, 4.1.4) +AM_INIT_AUTOMAKE(samhain, 4.4.10) AC_DEFINE([SAMHAIN], 1, [Application is samhain]) AC_CANONICAL_HOST @@ -38,6 +38,22 @@ if test "x$GCC" = "xyes"; then SH_GCC_VERSION fi +if test "x${gcc_VERSION_MAJOR}" != "x" +then + AC_MSG_CHECKING([for gcc compiler issues]) + if test ${gcc_VERSION_MAJOR} -ge 11 + then + dnmalloc_ok=no + AC_MSG_RESULT([dnmalloc does not work with gcc 11]) + else + dnmalloc_ok=yes + AC_MSG_RESULT([ok]) + fi +else + dnmalloc_ok=yes +fi + + AC_HEADER_STDC AC_CHECK_HEADERS([sys/ipc.h sys/sem.h sys/msg.h sys/uio.h fcntl.h]) @@ -50,7 +66,6 @@ uid_cast="signed long" selectconfig=linux mynetbsd=no sh_use_lcaps="undef" -dnmalloc_ok=yes sh_use_pie=yes enable_asm_ok=yes @@ -71,7 +86,8 @@ case "$host_os" in *) ;; esac - ;; + LDFLAGS="${LDFLAGS} -Wl,--as-needed" + ;; *osf*) AC_DEFINE([HOST_IS_OSF], 1, [Define if host OS is OSF]) @@ -242,9 +258,9 @@ AC_HEADER_STAT AC_DECL_SYS_SIGLIST AC_CHECK_HEADERS(stddef.h libgen.h sched.h malloc.h sys/uio.h \ - sys/mman.h sys/param.h sys/inotify.h \ + sys/mman.h sys/param.h sys/inotify.h sys/sysmacros.h \ sys/vfs.h mntent.h \ - sys/select.h sys/socket.h netinet/in.h \ + sys/select.h sys/socket.h netinet/in.h ifaddrs.h \ regex.h glob.h fnmatch.h \ linux/ext2_fs.h linux/fs.h ext2fs/ext2_fs.h asm/segment.h \ elf.h linux/elf.h auparse.h \ @@ -378,17 +394,18 @@ dnl dnl ***************************************** AC_FUNC_STRFTIME AC_CHECK_FUNCS(memcmp memcpy memmove memset getpwent endpwent fpurge \ + explicit_memset explicit_bzero \ gettimeofday strlcat strlcpy strstr strchr strerror strsignal \ seteuid setreuid setresuid lstat getwd getcwd ptrace \ usleep setpriority getpeereid nanosleep \ strptime basename sched_yield hasmntopt \ inet_aton gethostbyname setutent setrlimit gethostname uname \ - initgroups getpagesize \ + initgroups getpagesize getutxent \ ttyname fchmod writev mmap tzset \ getsid getpriority getpgid statvfs \ strerror_r getgrgid_r getpwnam_r getpwuid_r \ gmtime_r localtime_r rand_r readdir_r strtok_r \ - mincore posix_fadvise inotify_init1 + mincore posix_fadvise inotify_init1 scandir ) AC_CHECK_FUNC(statfs, AC_DEFINE(HAVE_STATFS) statfs="yes", statfs="no") SL_CHECK_VA_COPY @@ -671,6 +688,15 @@ if test x$sh_have_SO_PEERCRED = xyes; then AC_DEFINE(HAVE_SO_PEERCRED,1,[Have SO_PEERCRED define]) fi +AC_MSG_CHECKING(for union semun) +AC_TRY_COMPILE([#include <sys/types.h> +#include <sys/ipc.h> +#include <sys/sem.h>],[union semun foo;], [sh_have_semun=yes], [sh_have_semun=no]) +AC_MSG_RESULT($sh_have_semun) +if test x$sh_have_semun = xyes +then + AC_DEFINE(HAVE_UNION_SEMUN, 1, [union semun already defined in sys/ipc.h or sys/sem.h]) +fi dnl ***************************************** dnl checks for compiler characteristics @@ -695,8 +721,10 @@ if test "x$GCC" = "xyes"; then else GCC_STACK_PROTECT_LIB GCC_STACK_PROTECT_CC -dnl GCC_STACK_CHECK_CC - GCC_PIE_CC + GCC_STACK_CHECK_CC + GCC_PIE_CC + GCC_FLAG_CHECK([-fexceptions]) + GCC_FLAG_CHECK([-mcet -fcf-protection]) fi fi @@ -969,7 +997,7 @@ dnl [sh_use_lcaps="no"]) elif test "x$enable_network" = xserver; then mytclient="-DSH_WITH_SERVER" yulectl_prg="yulectl" - samhainadmin_prg="scripts/samhainadmin.pl" + samhainadmin_prg="scripts/samhainadmin-gpg.pl scripts/samhainadmin-sig.pl" setpwd_prg="samhain_setpwd" sh_main_prg="yule" if test "x${sh_have_gmp}" = xyes @@ -1027,10 +1055,15 @@ AC_ARG_ENABLE(static, then tmp_LIBS=`echo $LIBS | sed 's%\-lauparse%%' ` LIBS="${tmp_LIBS}" + AC_MSG_WARN([--enable-static: no support for Linux Auditing System]) fi if test "x$GCC" = "xyes"; then + if test -n "`echo "$CFLAGS" | grep "\-flto" 2> /dev/null`" + then + AC_MSG_ERROR([--enable-static: not compatible with link-time optimisation]) + fi case "$host_os" in *solaris*) @@ -1121,7 +1154,7 @@ AC_CHECK_FUNC(pmap_getmaps, # # this is from the snort configure.in # -AC_DEFUN(FAIL_MESSAGE,[ +AC_DEFUN([FAIL_MESSAGE],[ echo echo echo "**********************************************" @@ -1195,6 +1228,9 @@ dnl AC_CHECK_PROG(HAVE_PRELUDE_CONFIG, libprelude-config, yes, no) AC_ARG_WITH(database, [ --with-database=[[mysql|postgresql|oracle|odbc]] database support [[no]]], [ + if test x"$enable_static" = xyes; then + AC_MSG_WARN([With --enable-static, --with-database may fail to compile.]) + fi if test x"$enable_xml_log" != xyes; then AC_MSG_ERROR([With --with-database, --enable-xml-log is required as well.]) fi @@ -1674,6 +1710,15 @@ AC_ARG_ENABLE(debug, mydebugdef="-g" fi mydebugit="yes" + elif test "x${enable_debug}" = "xmem"; then + AC_DEFINE(MEM_DEBUG) + AC_DEFINE(SH_ABORT_ON_ERROR, 1, [Use abort]) + if test "x${myneedg3}" = "xyes"; then + mydebugdef="-g3" + else + mydebugdef="-g" + fi + mydebugit="yes" elif test "x${enable_debug}" = "xgdb"; then AC_DEFINE(SH_ABORT_ON_ERROR, 1, [Use abort]) if test "x${myneedg3}" = "xyes"; then @@ -1780,7 +1825,7 @@ dnl -W is the older name for -Wextra CFLAGS="$CFLAGS -Wall -W -Wno-missing-braces " ;; *) - CFLAGS="$CFLAGS -Wall -W " + CFLAGS="$CFLAGS -Wall -W -Werror=implicit-function-declaration " ;; esac fi @@ -2198,12 +2243,101 @@ AC_SUBST(mykeybase) dnl -dnl GPG/PGP options +dnl Signify/GnuPG options dnl +AC_ARG_WITH(signify, + [ --with-signify=PATH use OpenBSD signify to verify database/config [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${cross_compiling}" = xyes; then + mysignify="${withval}" + else + if test -f "${withval}"; then + mysignify="${withval}" + mychk0=`gpg --load-extension tiger --print-md TIGER192 ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + mychktest=no + for sam_pre in ./samhain ./yule /usr/local/sbin/samhain /usr/local/bin/samhain /usr/bin/samhain /usr/sbin/samhain /usr/local/sbin/yule /usr/local/bin/yule /usr/bin/yule /usr/sbin/yule; do + if test x"${mychktest}" = xyes + then + : + else + if test -f ${sam_pre} + then + echo "use existing ${sam_pre} for signify checksum" + mychk0=`${sam_pre} -H ${withval} 2>/dev/null` + if test "x$?" != "x0"; then + if test "x${nocl_code}" != "x"; then + mychk0=`echo -H ${withval} | ${sam_pre} ${nocl_code} 2>/dev/null` + if test "x$?" != "x0"; then + : + else + mychk="${mychk0}" + mychktest=yes + fi + fi + else + mychk="${mychk0}" + mychktest=yes + fi + fi + fi + done + if test x${mychktest} = xno; then + AC_MSG_WARN([--with-signify: cannot determine TIGER192 checksum of ${withval}]) + echo "-------------------------------------------------------------" + echo " I cannot find an existing GnuPG or samhain binary to use." + echo " You can:" + echo " (a) run make to compile a samhain binary, then repeat" + echo " ./configure and make" + echo " (b) ignore the failure. The checksum of the signify binary" + echo " will not get compiled in, thus allowing an attacker" + echo " to replace signify with a trojan and subverting the" + echo " signature verification of configure and database files." + echo + echo " PLEASE IGNORE THIS MESSAGE IF YOU ALSO USE --with-checksum" + echo "-------------------------------------------------------------" + fi + else + mychk="${mychk0}" + fi + else + AC_MSG_ERROR([--with-signify: cannot find signify PATH=${withval}]) + fi + fi + AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.]) + AC_DEFINE([WITH_SIGNIFY], 1, [Define if using OpenBSD signify for signature checking.]) + AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mysignify}"), [Define as path to signing binary]) + AC_SUBST(mysignify) + fi + ] +) + +AC_ARG_WITH(pubkey-checksum, + [ --with-pubkey-checksum=CHKSUM compile in TIGER192 checksum of signify public key [[no]]], + [ + if test "x${withval}" != "xno"; then + if test "x${withval}" == "xyes"; then + AC_MSG_ERROR([Option --with-pubkey-checksum=CHKSUM: checksum CHKSUM of signify public key not specified.]) + else + if test "x${withval}" = "x"; then + AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signify public key not specified.]) + fi + fi + AC_DEFINE([HAVE_SIG_KEY_HASH], 1, [Define if signing binary checksum available.]) + AC_DEFINE_UNQUOTED([SIG_KEY_HASH], _("${withval}"), [Define as the signify public key checksum.] ) + fi + ] +) + + AC_ARG_WITH(gpg, [ --with-gpg=PATH use GnuPG to verify database/config [[no]]], [ + if test "x${mysignify}" != "x"; then + AC_MSG_ERROR([--with-gpg: already using --with-signify]) + fi if test "x${withval}" != "xno"; then if test "x${cross_compiling}" = xyes; then mygpg="${withval}" @@ -2262,8 +2396,9 @@ AC_ARG_WITH(gpg, AC_MSG_ERROR([--with-gpg: cannot find GnuPG PATH=${withval}]) fi fi + AC_DEFINE([WITH_SIG], 1, [Define if signature checking is supported.]) AC_DEFINE(WITH_GPG) - AC_DEFINE_UNQUOTED(DEFAULT_GPG_PATH, _("${mygpg}") ) + AC_DEFINE_UNQUOTED([DEFAULT_SIG_PATH], _("${mygpg}"), [Define as path to signing binary]) AC_SUBST(mygpg) fi ] @@ -2290,21 +2425,14 @@ AC_ARG_WITH(keyid, ] ) -dnl AC_ARG_WITH(pgp, -dnl [ --with-pgp=PATH Use PGP to verify database/config (no).], -dnl [myppg="$withval" -dnl AC_DEFINE(WITH_PGP) -dnl AC_DEFINE_UNQUOTED(DEFAULT_PGP_PATH, _("${myppg}") ) -dnl ]) - AC_ARG_WITH(checksum, - [ --with-checksum=CHKSUM compile in gpg/pgp checksum [[yes]]], + [ --with-checksum=CHKSUM compile in checksum of signing binary (e.g. gpg) [[yes]]], [ if test "x${withval}" != "xno"; then if test "x${withval}" != "xyes"; then if test "x${mychk}" != "x"; then if test "x${mychk}" != "x${withval}"; then - AC_MSG_WARN([--with-checksum: possible gpg CHKSUM problem]) + AC_MSG_WARN([--with-checksum: possible signing binary CHKSUM problem]) AC_MSG_WARN([--with-checksum: CHKSUM=${withval}]) AC_MSG_WARN([--with-checksum: autodetected=${mychk}]) fi @@ -2312,20 +2440,21 @@ AC_ARG_WITH(checksum, mychk="${withval}" else if test "x${mychk}" = "x"; then - AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the gpg binary not specified.]) + AC_MSG_ERROR([Option --with-checksum=CHKSUM: checksum CHKSUM of the signing binary not specified.]) fi fi - AC_DEFINE(HAVE_GPG_CHECKSUM) - AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) - echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.]) + AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h fi ], [ - if test "x${mygpg}" != "x"; then + if test "x${mygpg}" != "x" || test "x${mysignify}" != "x" + then if test "x${mychk}" != "x"; then - AC_DEFINE(HAVE_GPG_CHECKSUM) - AC_DEFINE_UNQUOTED(GPG_HASH, _("${mychk}") ) - echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char gpgchk[50];"; for (i=1; i <= m; i++) printf "gpgchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "gpgchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_gpg_chksum.h + AC_DEFINE([HAVE_SIG_CHECKSUM], 1, [Define if signing binary checksum available.]) + AC_DEFINE_UNQUOTED([SIG_HASH], _("${mychk}"), [Define as the signing binary TIGER192 checksum.] ) + echo "${mychk}" | sed 's,.*:,,g' | sed 's, ,,g' | sed 's,\(.\),\1:,g' | awk '{ split($0, arr, ":"); m = length($1)/2; print "#ifndef CHKSUM_H"; print "#define CHKSUM_H"; print "char sigchk[50];"; for (i=1; i <= m; i++) printf "sigchk[%d] = %c%s%c;\n", i-1, 39, arr[i], 39; printf "sigchk[48] = %c%c0%c;\n", 39, 92, 39; print "#endif"; }' > sh_sig_chksum.h fi fi ] @@ -2672,6 +2801,7 @@ Makefile samhain-install.sh init/samhain.startLSB init/samhain.startLinux +init/samhain.startSystemd init/samhain.startGentoo init/samhain.startFreeBSD init/samhain.startSolaris @@ -2687,7 +2817,8 @@ scripts/samhain.spec scripts/redhat_i386.client.spec scripts/samhain.ebuild scripts/samhain.ebuild-light -scripts/samhainadmin.pl +scripts/samhainadmin-gpg.pl +scripts/samhainadmin-sig.pl scripts/yuleadmin.pl scripts/check_samhain.pl deploy.sh @@ -2695,7 +2826,8 @@ deploy.sh [ echo timestamp > stamp-h chmod +x samhain-install.sh -chmod +x scripts/samhainadmin.pl +chmod +x scripts/samhainadmin-gpg.pl +chmod +x scripts/samhainadmin-sig.pl chmod +x scripts/yuleadmin.pl chmod +x scripts/check_samhain.pl ] @@ -2703,6 +2835,16 @@ chmod +x scripts/check_samhain.pl chmod +x deploy.sh +if test "x${mysignify}" != x +then + cp -a scripts/samhainadmin-sig.pl scripts/samhainadmin.pl +fi +if test "x${mygpg}" != x +then + cp -a scripts/samhainadmin-gpg.pl scripts/samhainadmin.pl +fi + + if test "x${cross_compiling}" = xyes then @@ -1,18 +1,18 @@ # DO NOT DELETE THIS LINE -samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h -sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_ignore.h +samhain.o: $(srcsrc)/samhain.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_getopt.h $(srcinc)/sh_readconf.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_restrict.h $(srcinc)/sh_nmail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_mem.h $(srcinc)/sh_xfer.h $(srcinc)/sh_tools.h $(srcinc)/sh_hash.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h $(srcinc)/sh_ignore.h $(srcinc)/sh_prelink.h $(srcinc)/sh_sem.h sh_MK.h $(srcinc)/sh_schedule.h +sh_unix.o: $(srcsrc)/sh_unix.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_hash.h $(srcinc)/sh_tools.h $(srcinc)/sh_restrict.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_tiger.h $(srcinc)/sh_prelink.h $(srcinc)/sh_pthread.h $(srcinc)/sh_sem.h $(srcinc)/sh_static.h $(srcinc)/sh_prelude.h $(srcinc)/zAVLTree.h $(srcinc)/sh_subuid.h $(srcinc)/sh_ignore.h sh_utils.o: $(srcsrc)/sh_utils.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_entropy.h $(srcinc)/sh_pthread.h sh_error.o: $(srcsrc)/sh_error.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_database.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_nmail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_prelude.h $(srcinc)/sh_pthread.h $(srcinc)/sh_tools.h $(srcinc)/sh_extern.h $(srcinc)/sh_checksum.h sh_files.o: $(srcsrc)/sh_files.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_hash.h $(srcinc)/sh_ignore.h $(srcinc)/sh_inotify.h $(srcinc)/zAVLTree.h $(srcinc)/sh_dbIO.h $(srcinc)/CuTest.h sh_getopt.o: $(srcsrc)/sh_getopt.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_getopt.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_utils.h $(srcinc)/sh_mail.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbCheck.h $(srcinc)/sh_dbCreate.h $(srcinc)/sh_sem.h $(srcinc)/sh_extern.h -sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_gpg.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h +sh_readconf.o: $(srcsrc)/sh_readconf.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_calls.h $(srcinc)/sh_error.h $(srcinc)/sh_extern.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_xfer.h $(srcinc)/sh_sig.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_ignore.h $(srcinc)/sh_database.h $(srcinc)/sh_mail.h $(srcinc)/sh_modules.h $(srcinc)/sh_nmail.h $(srcinc)/sh_prelink.h $(srcinc)/sh_prelude.h $(srcinc)/sh_tiger.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_restrict.h $(srcinc)/sh_socket.h sh_tiger0.o: $(srcsrc)/sh_tiger0.c Makefile config_xor.h $(srcinc)/sh_tiger.h $(srcinc)/sh_unix.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_pthread.h $(srcinc)/sh_string.h $(srcinc)/sh_checksum.h sh_tiger1.o: $(srcsrc)/sh_tiger1.c Makefile config_xor.h sh_tiger2.o: $(srcsrc)/sh_tiger2.c Makefile config_xor.h sh_tiger1_64.o: $(srcsrc)/sh_tiger1_64.c Makefile config_xor.h sh_tiger2_64.o: $(srcsrc)/sh_tiger2_64.c Makefile config_xor.h -sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_gpg.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h +sh_hash.o: $(srcsrc)/sh_hash.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_hash.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_sig.h $(srcinc)/sh_unix.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h $(srcinc)/sh_pthread.h $(srcinc)/sh_xfer.h $(srcinc)/sh_hash.h $(srcinc)/sh_checksum.h sh_mail.o: $(srcsrc)/sh_mail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_mail.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_pthread.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/sh_nmail.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_static.h $(srcinc)/sh_tools.h sh_mem.o: $(srcsrc)/sh_mem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_mem.h $(srcinc)/sh_pthread.h sh_entropy.o: $(srcsrc)/sh_entropy.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_calls.h $(srcinc)/sh_pthread.h $(srcinc)/sh_static.h $(srcinc)/sh_pthread.h $(srcinc)/CuTest.h @@ -27,7 +27,7 @@ sh_tools.o: $(srcsrc)/sh_tools.c Makefile config_xor.h $(srcinc)/samhain.h $(src sh_html.o: $(srcsrc)/sh_html.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_xfer.h $(srcinc)/sh_error.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_html.h $(srcinc)/zAVLTree.h sh_gpg.o: $(srcsrc)/sh_gpg.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_gpg.h sh_cat.o: $(srcsrc)/sh_cat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_cat.h -sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_calls.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h +sh_calls.o: $(srcsrc)/sh_calls.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_ipvx.h $(srcinc)/sh_sub.h $(srcinc)/sh_utils.h sh_extern.o: $(srcsrc)/sh_extern.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_tiger.h $(srcinc)/sh_extern.h $(srcinc)/sh_calls.h $(srcinc)/sh_filter.h $(srcinc)/sh_static.h sh_database.o: $(srcsrc)/sh_database.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_cat.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h sh_err_log.o: $(srcsrc)/sh_err_log.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_error.h $(srcinc)/sh_utils.h $(srcinc)/sh_tiger.h @@ -91,7 +91,7 @@ sh_sub.o: $(srcsrc)/sh_sub.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc) sh_fInotify.o: $(srcsrc)/sh_fInotify.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_modules.h $(srcinc)/sh_pthread.h $(srcinc)/sh_inotify.h $(srcinc)/sh_unix.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_files.h $(srcinc)/sh_ignore.h sh_checksum.o: $(srcsrc)/sh_checksum.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_checksum.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h sh_guid.o: $(srcsrc)/sh_guid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/CuTest.h -sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_gpg.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h +sh_dbIO.o: $(srcsrc)/sh_dbIO.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_hash.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_sig.h $(srcinc)/sh_tiger.h $(srcinc)/sh_xfer.h $(srcinc)/sh_pthread.h $(srcinc)/sh_socket.h $(srcinc)/sh_files.h $(srcinc)/zAVLTree.h sh_dbCheck.o: $(srcsrc)/sh_dbCheck.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_tiger.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h sh_dbCreate.o: $(srcsrc)/sh_dbCreate.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_hash.h $(srcinc)/sh_files.h $(srcinc)/sh_dbIO.h $(srcinc)/sh_dbIO_int.h $(srcinc)/sh_pthread.h $(srcinc)/sh_guid.h sh_xfer_client.o: $(srcsrc)/sh_xfer_client.c Makefile config_xor.h $(srcinc)/sh_ipvx.h $(srcinc)/samhain.h $(srcinc)/sh_tiger.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_xfer.h $(srcinc)/sh_srp.h $(srcinc)/sh_fifo.h $(srcinc)/sh_tools.h $(srcinc)/sh_entropy.h $(srcinc)/sh_html.h $(srcinc)/sh_nmail.h $(srcinc)/sh_socket.h $(srcinc)/sh_static.h $(srcinc)/rijndael-api-fst.h @@ -99,3 +99,5 @@ sh_xfer_server.o: $(srcsrc)/sh_xfer_server.c Makefile config_xor.h $(srcinc)/sh_ sh_xfer_syslog.o: $(srcsrc)/sh_xfer_syslog.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_tools.h $(srcinc)/sh_utils.h $(srcinc)/sh_ipvx.h sh_xload_client.o: $(srcsrc)/sh_xload_client.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_guid.h sh_sem.o: $(srcsrc)/sh_sem.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_sem.h $(srcinc)/sh_error_min.h +sh_subuid.o: $(srcsrc)/sh_subuid.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_unix.h +sh_sig.o: $(srcsrc)/sh_sig.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_utils.h $(srcinc)/sh_error.h $(srcinc)/sh_tiger.h $(srcinc)/sh_static.h $(srcinc)/sh_sig.h @@ -1 +1 @@ -2959213307 +3600310821 diff --git a/docs/#Changelog# b/docs/#Changelog# deleted file mode 100644 index 3e7b4ff..0000000 --- a/docs/#Changelog# +++ /dev/null @@ -1,2552 +0,0 @@ -4.1.4: - * fix problems with wildcard pattern re-evaluation: - - not stored if no match at startup - - only one (the first) stored if same pattern for file and dir - * fix problems with directory creation in inotify watched tree - - recursive depth not decreased - - watched as directory even when recursion depth should drop below zero - -4.1.3: - * on Cygwin, the AvoidBlock function is now off by default - (problem reported by Fred C) - * tighter sanity checks in sh_static.c - * fix regression with '--enable-static' in sh_static.c - (reported by amaiket). - -4.1.2: - * add options --enable-selinux and --enable-posix-acl for "hard fail" - if libraries aren't found (requested feature) - * fix wrong policy assignment when inotify is active and change occurs - during a reload (reported by Bond) - * fix failure to detect open UDP port for some daemons - (reported by James) - * fix broken 'rpm' and 'rpm-light' makefile targets - (reported by Bond) - * fix message for self-check - -4.1.1: - * fix problem with timezone calculation on month rollover for - negative timezones (west of GMT; reported by Bond) - * fix problem with rotated logfiles when content is always constant, - i.e. checksum does not change (reported by Bond). - * fix problem with baseline update on FreeBSD and probably other - non-GNU/Linux systems (reported by L.Vasiliev) - * fix bad check_libwrap() call in sh_xfer_server.c - (reported by L.Vasiliev) - -4.1.0: - * fix quirks with Linux audit support - * implement 'silent check' (requested feature) - * fix call of self_check for exit on sigterm - * fix safe_logger() - uses the logger utility with a non-posix option - * fix missing reporting on shell expansion capability in --version - * fix missing error message on invalid list for skipchecksum - (reported by Bond) - * fix missing definition for a sh_dummy_ var on BSD et al. - (reported by Andrew) - -4.0.0: - * fix and document default settings for mounts check - * new -w CL option to wait on scan completion - * new option ReportCheckflags - * enhance testsuite to cover new functionality - * implement draft for change control integration: - * new database format to store change flags - * refactoring of db I/O and client/server code - * option StartupLoadDelay - * --create-database CL option - * --outfile CL option - * --binary, --list-filter CL options - * --verify-database CL option - * yulectl -c DELTA:<uuid> command - * option SetDeltaRetryCount - * option SetDeltaRetryInterval - * update documentation - * remove old/unused code - * fix compiler warnings with gcc 5.1.0 - * update config.sub, config.guess - -3.1.6 (08-06-2015): - * Modify testcompile.sh to remove 'smatch' and use 'clang' - instead. - * Fix compile problems with clang. - * Modify testcompile.sh to remove 'uno' and use 'cppcheck' - for static checking - * Move AC_CHECK_FUNCS( getnameinfo getaddrinfo ) behind - the check for libsocket to have them found on Solaris - * Fix IPv4-only bug in bind_addr use in retry_connect() - * Add more debug code in connect_port() - -3.1.5 (26-03-2015): - * Fix IPv6 issue with portcheck (need to be able to specify - IPv6 interfaces). - * Fix minor issues with bugs in testing code - * Add command line option '--server-host' to set the log server - * In samhain.startLinux.in start script template, add code to read - options from /etc/sysconfig/${NAME} for RedHat - -3.1.4 (17-02-2015): - * Add non-existent file to the regression test config - * Fix erroneous call to sh_hash_init when a missing file - is specified in the configuration - * Fix buffer allocation for getgrnam_r for large groups - (problem reported by Sergio B) - * Search RPM in $HOME/rpmbuild if test -d _topdir fails (CentOS - recommends '%(echo $HOME)/topdir', reported by E. Taft) - -3.1.3 (01-11-2014): - * Remove initgroups() from the popen call in unix entropy gatherer - * Add error message for update mode if local baseline cannot be found - -3.1.2 (07-08-2014): - * Fixed incorrect memset in sh_checksum.c (sha256) - * Circumvent a gcc compiler bug with inline asm (gcc 4.8) - * Allow multiple exclusions for SUID check - * Use calloc instead of malloc - * Add overflow check in minilzo.c (but the potential integer - overflow [CVE-2014-4607,LMS-2014-06-16-1] is irrelevant anyway - because the function is never used on external data). - * Fixed a minor bug in exepack_fill.c that was unearthed by the minilzo - overflow check (the required buffer length information for the check - wasn't provided) - * Fixed incorrect logic in setting the ALLIGNORE flag (more specific - directory / file directives were ignored) - * Fix for tickets #358 (repetitive lstat warning about deleted - directory) and #359 (reporting of deleted/added top level directory) - * Fix a free() on NULL (harmless but avoids spurious warning) - -3.1.1 (01-05-2014): - * Disable inline asm on Cygwin (issue reported by Erik) - * Fix sh_ipvx_is_ipv4 such that numeric hostnames are not - incorrectly recognised as IP address (reported by A. Hofland) - * Fix sh_ipvx_is_ipv6 - -3.1.0 (31-10-2013): - * Add support for SHA2-256 checksum function - * Drop support for --enable-khide on kernel version 3.x and above - * Fix IgnoreAdded to anchor regex at beginning of path (reported by - R.Lindner) - * Add check to detect availability of pmap_getmaps() (missing in - static library on recent Linux systems as reported by Ian Baldwin) - * Fixes for Ubuntu 13.4: - - no error msg for failing stat on /run/user/Username/gvfs in - suidcheck - - no error message for failing hardlink check on /run/user/Username - - eliminate compiler warnings - * Add option '--disable-asm' to work around a gcc issue in Debian - unstable (reported by micah) - * Remove option '-i' from mkitab in samhain-install.sh.in (reported - by N. Kerski) - -3.0.13 (11-06-2013): - * Fix detection of nonfunctional /dev/kmem - * Fix race condition in GrowingLogfiles policy that - causes spurious reports (problem noticed by J. Daubert) - -3.0.12 (16-05-2013): - * Fix compiler warning in bignum.c (unused parameter) - * Detect if /var/run is a symlink and /run exists - * Fix for broken support for audit subsystem (reported - by isquish) - * Fix for incorrect use of sh_inotify_add_watch_later - which causes a steady increase in memory usage - (issue reported by Maxime V) - * Fix for potential minor memory leak - * Fix for bug in negated conditionals for config file - (reported by M. Ward) - -3.0.11 (08-04-2013): - * Fix for compile error on HP-UX (reported by P. Alves) - * Propagate ERANGE error from getgrxxx_r (issue raised by C. Feikes) - * Fix reconnecting to database for Oracle - * Add better logrotate handling for the GrowingLogs policy (search - rotated log and verify it, don't report if this succeeds) - * Add ability to create debian packages with preset password (use - env var PASSWORD) - * Add option KernelCheckProc (bool) to suppress kernel /proc test - * Add option IgnoreModified to cover transient files that - not only get added/deleted but also modified - -3.0.10 (13-01-2013): - * Revert to previous logic in samhain.c because it will block - otherwise (reported by Alexandr Sabitov) - -3.0.9 (21-12-2012): - * Fixed a Cygwin compile warning - * Change logic in samhain.c to make sure inotify doesn't cause - excessive full scans - * Add option IgnoreTimestampsOnly in Windows registry check (ignore - changes if only timestamp has changed) - * Fix the probe command (misses clients if their startup message - has been missed) - * Fix the RPM spec file for --enable-network=client and no password - (reported by Mitch St Martin) - * Fix build error with Linux audit (reported by Andy Jack) - * Fix detection of utmpx.h (reported by D. Thiel) - -3.0.8 (01-11-2012): - * rename to 3.0.8 for release - * useful exit status for samhainadmin.pl --examine - -3.0.7a (25-12-2012): - * add ability to create RPM with preset password (use - env var PASSWORD) - * fix the rpm-light makefile target - * fix minor bug in samhain_setpwd.c (incorrect error message) - -3.0.7 (25-10-2012): - * update documentation for prelude - * fix configure to properly search for Oracle Instantclient SDK - * pass through TNS_ADMIN environment variable for Oracle - * optimize audit rules automatically - * zero out the html status file at server exit - * don't check for assembly optimization unless linux or *BSD - -3.0.6 (01-09-2012): - * install logrotate script if /etc/logrotate.d is detected - * new option --enable-suid for nagios - * fix for --enable-ptrace: make the save_tv variable thread specific - * fix bug in inotify code which made it follow symlinks (by [anonymous]) - * fix two missing SH_MUTEX_LOCK(mutex_thread_nolog) (by [anonymous]) - * fix for 'no such process' message from sh_fInotify_init_internal() - (by [anonymous]) - * fix for --enable-ptrace with threads (by [anonymous]) - * option SetReportFile for writing out summary after file check - -3.0.5 (11-07-2012): - * fix xml format templates for registry check - * fix database download on registry check init (reported by ldieu) - -3.0.4 (01-05-2012): - * fix verbosity of message for alerts on already deleted watches - (set it to debug - suggested by xrx) - * fix extraneous error messages about file not found from - sh_fInotify_init_internal() (bug reports by xrx and aj) - -3.0.3 (28-03-2012): - * fix potential deadlock in sh_ext_popen() - * make sure sh_processes_readps cannot hang forever - * fix for deadlock if sh_processes_readps hangs - * fix for deadlock if suid check and inotify are used together - (reported by A. Jack) - * fixed problem with samhain_stealth.c (handle input config - files that don't end with a newline) - * fixed compiler warnings for yulectl.c with stealth - * fixed lacking support for O_NOATIME on 64bit linux - -3.0.2a (23-02-2012): - * Fix compile error on Solaris 10 - -3.0.2 (16-02-2012): - * change sql init scripts to make bigint fields unsigned (problem - reported by A. Sabitov) - * patch by Andy Jack for issue with the --with-gpg option (hangs with - high cpu load at startup) - * call ./samhain-install.sh as /bin/sh ./samhain-install.sh in the - RPM spec file, because /var might be mounted noexec (reported by GC) - * fixed configure.ac for the case that --with-gpg and --enable-nocl are - used (./samhain for gpg checksum; problem report by Andy Jack) - * fixed a potential NULL pointer dereference in sh_inotify.c on - systems where inotify is not available (reported by <anonymous>) - * fixed: the config file template mentions (in a comment) the - non-existent directive SetLockPath instead of the correct - SetLockfilePath (reported by Curtis). - * fixed: the definition of O_NOATIME isn't seen in sh_files.c. - -3.0.1 (07-12-2011): - * fix a memory leak (reported by C. Westlake) - * fix an uninitialized variable in the suidcheck code (problem - reports by T- Luettgert and Kai) - * fix a bug in the port check with --disable-ipv6 (reported - by C. Westlake) - * fix potential deadlock in sh_files.c (reported by S. Mirolo) - * change Makefile.in to stop on compile error rather than at link stage - (suggested by S. Mirolo) - * fix compile errors caused by missing #define (pthread disabled) and - wrong function call (OSX specific code), reported by S. Mirolo - * fix warning by the llvm/clang static checker - * fix compile issues on freebsd - * handle (ignore) SIGPIPE more thoroughly - * update config.guess, config.sub - -3.0.0a (06-10-2011): - * Fix compile-time issues on RHEL5 (reported by Thomas) - -3.0.0 (01-11-2011): - * Add support for the inotify API - * If --disable-shellexpand is used, also disable setting - the prelink/ps paths - * Fix missing check_mask storage for glob pattern - * Add support for integer keys in zAVL - * Fix compiler warnings with gcc 4.6.1 (variables that get set - but then remain unused) - * Add more server-side debugging for IPv6 - * Make kern_head compile with 3.x kernels - -2.8.6 (20-09-2011): - * Manual updated. - * Added an option LogmonDeadtime to avoid repetitive reporting - on correlated events. - * Fix problems with timestamp handling in logfile correlation - (problem reported by D. Dearmore) - * List the policy under which a directory/file is checked - * Option to use a textfile with a list of files for update - * Fix --enable-db-reload option (reported by David L.) - * Fix samhain_kmem compilation, need to compile under chosen - name if --enable-install-name is used (reported by David L.) - * Fix uninitialized string in error message (reported by mimox) - -2.8.5a (16-06-2011): - * Fix autolocal.m4 for new configure option - -2.8.5 (15-06-2011): - * Detect non-working /dev/kmem in configure script, and fix - a bug in the samhain_kmem kernel module. - * Fix wrong handler for LogmonMarkSeverity (reported by S. Chittenden) - * Better protection against the 'intruder on server' scenario - pointed out by xrx. Add option to disable shell expansion in - configuration files, and check gpg signature earlier. - * Support /opt/local/bin in the Unix entropy gatherer (suggestion - by Sean Chittenden) - * Cache timeserver response for one second (suggestion by - Sean Chittenden) - -2.8.4a (11-05-2011): - * Fix for compile error with --with-prelude - (reported by Sean Chittenden), missing regression test added - * Fix for compile error with --enable-udp (reported by Sean Chittenden), - missing regression test added - -2.8.4 (30-04-2011): - * Fix another reload bug in the log monitoring module - * Add unit tests for IgnoreAdded/IgnoreDeleted configuration directives - * Fix deadlock after reload when compiled with --enable-login-watch - (reported by M. Teege and O. Cobanoglu) - * Fix compile error for samhain_hide.ko with recent kernel - * Include patch by J. Graumann to specify the location of the - secret keyring with samhainadmin.pl - * Fix potential timeout problem in sh_sub_stat_int() and propagate the - error (issue reported by mtg) - * Add support for X-Forwarded-For in apache logfile parser, add - option 'RE{regex}' to insert arbitrary regex - * New options PortcheckMinPort, PortcheckMaxPort for the open ports - check - -2.8.3a (23-03-2011): - * Fix two 'label at end of compound statement' errors on FreeBSD - (reported by David E. Thiel) - -2.8.3 (22-03-2011): - * init scripts: load samhain_kmem.ko before samhain starts - * slib.c: eliminate mutex from sl_create_ticket() - * sh_entropy.c: move pthread usage out of child - * sh_hash.c, sh_pthread.c, sh_pthread.h: sh_hash_hashdelete() - needs deadlock detection, may be called from within sh_hash_init() - via atexit handler on error condition - * sh_suidchk.c, sh_calls.c, sh_calls.h: need a nosub version of lstat() - to use with relative path after chdir() - * samhain.c, sh_calls.c, sh_calls.h: only run (l)stat() in subprocess - after reading config file (to allow disabling) - * sh_unix.c: run sh_sub_kill() in parent after forking the daemon - * fix zeroing of result from getnameinfo() (problem reported by Richard) - * fix spurious warnings about unsupported address family (reported - by N Silverman) - * option to run lstat/stat in subprocess to avoid hanging on NFS mounts - (off by default) - * fix Windows/Cygwin compile error (reported by A. Schmidt) - -2.8.2 (16-02-2011): - * add function to skip checksumming - * Fix missing check for recursion depth >= 0 if not IgnoreAll - * Fix hardcoded path for temp directory in deployment scripts - * Fix bad compile on CentOS 4.8 with gcc 4.1.2 - * Fix minor bug in check_samhain.pl (pointed out by J.-S. Eon long ago) - -2.8.1 (17-11-2010): - * Document handling of missing files with secondary schedule - * Fix incorrect handling of missing files when secondary schedule - is used (reported by Sergey) - * Fix null pointer dereference in config parse handler for SetMailAlias - (reported by Sergey) - * Fix incorrect memset() in sh_kern.c (passed struct by value...), - reported by Roman and Stefan - * Fix 'make install' to create user-defined directory - * fix minor issues noticed by T. Luettgert (test code assumes port - 0/tcp is unused, wrong ifdef order (without impact on compilation)) - * fix compile error on AIX 5.3 with --enable-login-watch, - reported by M. El Nahass (time.h missing in src/sh_login_track.c) - -2.8.0 (01-11-2010): - * Support IPv6 - * Add registry checking - * Use auditd records to find out who did it - -2.7.2c (23-09-2010): - * Fix uppercase hostname problem in client/server communication - - -2.7.2b (05-09-2010): - * Fix compile errors on Solaris 10 (reported by A. Saheba) - -2.7.2a (23-08-2010): - * rewrote rijndaelKeySched() in a more conservative way to fix - compile problem on SLES 11. - -2.7.2 (16-08-2010): - * sh_utils.c: fixed an endianess issue that prevented cross-verification - of email signatures (reported by A. Zangerl) - * sh_login_track.c: fix compiler warning (ignored return value - of fwrite) - * sh_readconf.c: fix comparison of SeverityUserX string - (reported by max__) - * sh_processcheck.c: sh_prochk_set_maxpid: set retval on success - (reported by max__) - * fixed some compiler warnings on cygwin - * sh_extern.c: As reported by T. Luettgert, gcc 4.4.4 on Fedora 13 - will throw a warning if execve is called with a NULL argv pointer. - Need to provide a dummy argp[]. - -2.7.1 (07-06-2010): - * samhain_kmem.c: fix compile problems - * fix problems with config file parser: increase max. line length, - support quoting/escaping of filenames (as in 'ls --quoting-style=c') - * check for pcre_dfa_exec (not available in old versions - of libpcre, reported by Shinoj) - * patch to allow server to log client reports to prelude - (by J. Ventura) - -2.7.0a (09-05-2010): - * fix /dev/kmem detection (reported by S. Clormann) - -2.7.0 (01-05-2010): - * sh_utmp.c, sh_login_track.c: additional login checks - * sh_unix.c: use SIGTTIN as alternative for SIGABRT - (SIGABRT seems not to work on AIX, reported by Peter) - * sh_utmp.c: fix compile error without pthreads (inotify_watch used) - * sh_kern.c, kern_head.c: fix some 64bit issues - * dnmalloc.c: fix compiler warning (ignored ret value) - * Fix LSB init script for kernel module - * samhain_kmem kernel module for /proc/kmem added - -2.6.4 (22-03-2010): - * Don't read proc_root_iops in sh_kern.c (Problem report - by H. R.) - * Logfile check can check output of shell commands - * Use data directory as default for logfile checkpoints - * Fix broken checkpoint save/restore for logfiles - -2.6.3 (10-03-2010): - * Fix bug in mail module, recipients incorrectly flagged - as aliases, which breaks immediate mail for 'alert' - (reported by Jesse) - -2.6.2 (28-01-2010): - * Makefile.in: fix problem in deploy system caused - by adding build number for debs in 2.5.9 (reported - by roman) - * add option for per-rule email alias in log monitoring - module - * sh_readconf.c: make keywords case-independent - * sh_mail.c: on error, report full reply of mail server - * sh_mail.c: report smtp transcript at debug level - * make sure mail aliases are not emailed twice, and - recipients cannot be defined after aliasing them - * handle named pipes in log monitoring module - (open in nonblocking mode, ignore read error if empty) - * fix bug in the server function to probe for necessity - of configuration reload for client - -2.6.1b (23-12-2009): - * fix missing include for sh_inotify.h in sh_inotify.c - (reported by Ack) - -2.6.1a (22-12-2009): - * fix typo in code for older inotify versions without - inotify_init1(), reported by Forll - -2.6.1 (21-12-2009): - * add a routine to log monitoring module to guess the proper year - for timestamps without year (standard syslog) - * add feature to automatically detect and report bursts of - similar messages in log monitoring module - * add feature to check for missing heartbeat messages in - log monitoring module - * cache UIDs/GIDs to reduce the number of lookups - * use inotify to track login/logout (sh_inotify.c, sh_utmp.c) - * support event correlation in log monitoring module - * make sure host matching is done in a case insensitive way - (reported by Tracy) - * fix invalid use of mutex_mlock in src/sh_unix.c, function - sh_unix_count_mlock() (reported by Remco Landegge). - -2.6.0 (01-11-2009): - * don't use statvfs() for process checking on FreeBSD - * fix bug with parallel compilation of cutest in Makefile - * sh_mem.c: fix deadlock in debug-only code - * Evaluate glob patterns for each run of file check - * Add compile option to disable compiling with SSP - * Run SUID check in seperate thread - * By default disable scanning ..namedfork/rsrc (deprecated by Apple) - -2.5.10 (12-10-2009): - * sh_suidchk.c: handle $HOME/.gvfs mount gracefully - * slib.c: fix race condition caused by closing a stream and the fd - -2.5.9c (01-10-2009): - * move stale file record error message closer to problem zone - * sh_port2proc.c: fix flawed logic for interpreting /proc/net/udp,tcp - -2.5.9b (22-09-2009): - * remove stale file record when creating handle, and raise diagnostic - error to find origin of stale record - * sh_port2proc.c: check /proc/net/upd6 for IPv6-only UDP sockets - -2.5.9a (17-09-2009): - * fixed a race condition in closing of file handles - -2.5.9 (11-09-2009): - * added code to generate directory for pid file, since it - would get cleaned if /var/run is a tmpfs mount (problem - reported by M. Athanasiou) - * fixed a bug that prevented reporting of user/executable path - for open UDP ports (issue reported by N. Rath) - * added more debugging code - -2.5.8a (18-08-2009): - * fixed a bug in sh_files.c that would prevent samhain from - running on MacOS X (reported by David) - -2.5.8 (06-08-2009): - * fixed a bug in the MX resolver routine which causes it to fail - sometimes (issue reported by N. Rath). - * fixed deadlock with mutex_listall in sh_nmail_test_recipients() if - error occurs within sh_nmail_flush (problem reported by N. Rath) - -2.5.7 (21-07-2009): - * sh_userfiles.c: set userUids = NULL at reconfiguration (issue - reported by U. Melzer) - * if available, use %z to print timezone as hour offset from GMT - in email date headers (problem reported by NP, solution suggested - by TimB). - * eliminate C99-style comments (problem reported by - venkat) - * fix bad variable name for AC_CACHE_CHECK - * fix potential deadlock when external programm is called - (problem reported by A. Dunkel) - -2.5.6 (09-06-2009): - * recognize fdesc filesystem on MacOS X for suid check (Problem - reported by David) - -2.5.5 (01-05-2009): - * fix some warnings from gcc 4.4 (strict aliasing) - * fix minor memory leak in process check - * t-test1.c: change function names because of clashes with an - AIX system header file - * fix warnings with -fstack-check (too large stack frames) - * fix for incorrect handling of hostnames in database insertion - (reported by byron) - -2.5.4 (04-03-2009): - * fix for incorrect input check in SRP implementation (discovered - by Thomas Ptacek) - * option KernelCheckPCI to switch off check of PCI expansion ROMs - -2.5.3 (25-02-2009): - * disable dnmalloc on MacOS X, doesn't work properly - * stat -> lstat in sh_unix_file_exists (OS X nameforks, report - by David) - * Fix problem in standalone trustfile, does not work correctly on - group-writeable files (reported by David). - * Option SetThrottle to throttle throughput for db download - * Option SetConnectionTimeout to configure the client connection - timeout configurable - * Provide getrpcbynumber, getservbyname implementations - to avoid dependencies with static linkage - * Fix missing sh.host.(system|release|machine) on FreeBSD, - reported by D.Lowry - * New option SetMailPort to allow setting of SMTP port (patch - by lucas sizzo org) - * allow POSIX regexes for filters - * consolidate filtering code from sh_extern.c, sh_(n)mail.c - * rewrite mail subsystem to allow individual filtering - for recipients - * allow shell expansion for values of config file options - * allow list as value for option PortCheckInterface - * fix bug in trustfile.c (with slapping on "/../" for symlinks) - * lock baseline database upon writing - -2.5.2b (29-01-2009): - * turn warnings into errors in the compile test suite - * fix missing define in sh_portcheck.c to eliminate compiler warning - (reported by joerg) - -2.5.2a (26-01-2009): - * fix problem building deb package (bit rot; reported by joerg) - -2.5.2 (22-01-2009): - * samhain.c: report module failure with positive offset - * sh_database.c: parse numerical fields into ulong - * fix regression test script for postgresql - * fix regression test script for SELinux/ACL test - * fix reporting of user for open ports to prelude - * report process pid for open ports - * replace _exit() by raise(SIGKILL) b/o pthread problem - * new option LooseDirCheck ([false]/true), request by - Alexander - * improved help output of samhain_stealth (as suggested - by Michael Athanasiou) - * new option ProcessCheckIsOpenVZ ([false]/true) - -2.5.1 (07-12-2008): - * workaround for freebsd7 amd64 lossage (compiler toolchain, - no mmap to 32bit address space) - * samhain-install.sh: check for presence of stealth_template.ps - before trying to create it - * use -Wno-empty-body if supported to suppress warnings about - glibc pthread_cleanup_pop implementation - * fix text relocations for i386 in src/sh_tiger1.s - * implement server->client SCAN command to initiate file check - * implement @if / @else conditionals with more tests in config file - * new option SetDropCache to drop checksummed files from cache - * report process/user for open ports on FreeBSD (code - lifted from FreeBSD sockstat.c) - * fix for config reload issue with stealth mode (reported by - siim) - * add -fstack-protector flags to LDFLAGS - * cygwin fix: don't use dnmalloc, doesn't work with pthreads - * cygwin fix: make trust check in samhain-install.sh return zero - * improved diagnostics for file read errors - * fixed script permissions (754 -> 755), reported by Christoph - * constness patch by Joe MacDonald - * GnuPG key ID patch by Jim Dutton - * sh_kern.c: more error checking for reads from kernel - -2.5.0 (01-11-2008): - * dnmalloc.c: fix inconsistent chunksize on 64bit systems - * fix improved error reporting for failed fstat in checksumming - * report process/user for open ports (Linux only currently) - * fix deadlock on exit in sh_hash_init() - * fix --enable-mounts-check for FreeBSD 7.0 (no MNT_NODEV anymore) - * log monitoring support - * fixed constness in trustfile interface - * remove libprelude 0.8 support (obsolete) - * sh_forward.c: increase TIME_OUT_DEF to 900 secs - * dnmalloc.c: initialize rc in dnmalloc_fork_child(), - reported by B. Podlipnik - -2.4.6a (09-10-2008): - * fix compile problem on Fedora 9 (reported by pierpaolo), - 'struct ucred' in sh_socket.c requires _GNU_SOURCE - -2.4.6 (27-08-2008): - * fix compile failure on win2k/cygwin (sh_unix_mlock prototype), - reported by jhamilton - * fix potential deadlock with dnmalloc upon fork() - * fix non-portable use of 'hostname -f' in regression test suite - (reported by Borut Podlipnik) - -2.4.5a (18-08-2008): - * fix compile problem in dnmalloc.c (remove prototypes for - memset/memcpy), problem reported by Juergen Daubert - -2.4.5 (07-08-2008): - * testscripts: 'chmod -R' -> 'chmod -f -R', since Solaris 10 - bails out on a chmod on a dangling link - * fix bug in check_samhain.pl nagios script (J.-S. Eon) - * use the UNO static checker - * compile as position independent executable (PIE) - * handle EINPROGRESS error (Windows/cygwin issue) - * make sure every function uses less than one page of stack - (proactive security against gap jumping, Gael Delalleau) - * use dnmalloc instead of system malloc - (proactive security against heap buffer overflows) - * fix dnmalloc bugs and portability problems - * check for compressBound, since older zlibs don't have it - -2.4.4 (30-04-2008): - * sh_database.c: fix maximum size of sql query string, maximum - size of strings in struct dbins_ - * sh_hash.c: fix maximum size of message string - * fix typo in the base64 decoder - * fix 'make cutest' for parallel compiling - * fix compile warnings with -Wstrict-prototypes - * sh_static.c: override getgrgid, getpwuid for libacl - * fix more warnings about variables clobbered by 'longjmp' - or 'vfork' (due to library internal handling of mutexes) - * fix configure warning about unused datarootdir - * configure.ac: warn, but accept nonexistent tmp dir - (Problem reported by Brian) - * sh_unix.c: undef P_ALL, P_PID, P_PGID before including - sys/wait.h (compile problem reported by Reputation) - * syslog function tested ok with Syslog Fuzzer v0.1 - by Jaime Blasco (c) 2008 - * slib.c: call fflush when writing trace to file - * sh_readconf.c: don't set OnlyStderr to false if gpg (problem - reported by Irene Reed) - * fix unconditional removal of pid file in atexit handler (bug - reported by Brian) - * fix invalid free() in sh_unix_checksum_size() - * sh_processcheck.c: workaround for stupid OpenBSD bug (returns - ENODEV instead of EAGAIN, because fgetc does - fcntl(0,F_SETFL,O_NONBLOCK) [ENODEV] internally), problem - reported by Roman R. - * fix buf that cause incomplete reporting of modified symlink if - symlink has changed and both old and new paths are >48 bytes - * fix bug that prevented mount check from running in one-shot mode - * enable mount check for openbsd - * fix processcheck default options and test script for openbsd - * option --list-file to list content of file (if saved) - * sh_tools.c: use strcasecmp in reverse lookup since DNS is case - insensitive (bug reported by Phil) - * fill content if MODI_TXT, zlib compress, base64 encode and add - as link_path in sh_unix.c; add to report in sh_hash.c - * testsuite: add test for gpg fingerprint option - * sh_extern.c: add 'CloseCommand' for syntactic sugar, - add in testsuite - -2.4.3a (12-02-2008): - * fix compile error caused by open() with O_CREAT and no third argument - (reported by J.-S. Eon) - -2.4.3 (31-01-2008): - * sh_kern.c: don't require asm/segment.h for kernel check module - * use global var with pid of initial thread instead of getpid(), - since LinuxThreads returns different value in each thread (problem - reported by Steffen Mueller) - * sh_kern.c: no inode check for pci rom (creates spurious messages) - * slib.c: eliminate prototype for vsnprintf (compile problem reported - by eddy_cs) - * Makefile.in: fix missing dependency on 'encode' for $(OBJECTS) - (reported by Matthias Ehrmann) - -2.4.2 (17-01-2008): - * fix broken option --with-checksum (reported by halosfan), - regression test added - * change HP-UX default optimization to +O2 since +O3 breaks - cutest unit testing framework - * put result vector of rng in skey struct - * fix more compiler warnings, and a potential (compiler-dependent) - NULL dereference in the unix entropy collector - * fix some compiler warnings - * use -D_FORTIFY_SOURCE=1 -fstack-protector-all instead - of -fstack-protector - * always add PTHREAD_CFLAGS to LDFLAGS - * sh_tiger0.c: checksum functions return length of file hashed, - needed to fix GrowingLogfile bug (researched by - siim at p6drad dash teel dot net) - * sh_static.c: fix more 'label at end of compound statement' - (SH_MUTEX_UNLOCK closing brace; reported anonymously) - * make sh_hash.c thread-safe - * remove plenty of tiny allocations - * improve sh_mem_dump - * modify port check to run as thread - * new option PortCheckSkip to skip ports - * fix unsetting of sh_thread_pause_flag (was too early) - -2.4.1a (28-11-2007): - * fix overwrite of ErrFlags (functionality bug) - -2.4.1 (26-11-2007): - * security fix: regression in the seeding routine for the PRNG - (detected by C. Mueller) - * regression test added for PRNG seeding routine - * fix problem with PCI ROM check (spurious messages about modified - timestamps, reported by S. Clormann) - -2.4.0a (08-11-2007): - * fix compile failure with --enable-static (reported by S. Clormann) - * fix potential deadlock if SIGHUP is received while suspended - -2.4.0 (01-11-2007): - * eliminate alarm() for I/O timeout (replaced by select) - * use getgrgid_r, getpwnam_r, getpwuid_r, gmtime_r, localtime_r, - rand_r, strtok_r if available - * protect readdir(), getpwent(), gethostname() with mutexes - (readdir_r considered harmful) - * make checksum/hash, entropy, rng functions reentrant - * use thread-specific conversion buffer for globber() - * fixed compile problems and problems with test suite - * modify login watch to run as thread - * modify process check to run as thread - -2.3.8 (03-10-2007): - * new option PortCheckIgnore = interface:portlist - -2.3.7 (13-09-2007): - * Makefile.in: fix 'make deb' target, wrong name of config file - written to debian/conffiles (reported by marc) - * configure.ac: fix incorrect order of with-prelude, enable-static - (libprelude test was always without -static) - -2.3.6 (06-09-2007): - * added yuleadmin.pl script contributed by Riccardo Murri - * fix compile error with -f-stack-protector on some systems (reported - by marc); we now check for libssp - * fix local DoS attack on BSD systems lacking getpeereid() (reported - by Rob Holland). - * fix yulectl password reading from $HOME/.yulectl_cred, erroneously - rejected passwords with exactly 14 chars (reported by Jerry Brown) - * introduce 'fflags' flag for suid files to detect new files already - found in regular file check (problem reported by J. Crutchfield); - also add regression test to ascertain that files in baseline - database are not quarantined erroneously - * sh_hash.c: replace check for prefix 'K' with check for not prefix'/' - to allow for arbitrary module-specific store/lookup in db - * replace 'visited', 'reported', 'allignore' with generic 'fflags' field - * sh_cat.c: reduce priority of MSG_TCP_RESET to avoid spamming if - port checking is used on same host as server (reported by kadafax) - * Install.sh: don't use --separate-output with non-checklist - widgets (problem discovered by D. Denton) - * sh_gpg.c, sh_userfiles.c: use sh_getpwnam et al. wrappers - -2.3.5 (20-06-2007): - * sh_portcheck.c: try to tear down connections more gracefully - (request by S. Petersen) - * fix incorrect handling of files with zero size in GrowingLogFiles - (problem reported by S. Petersen) - * fix incorrect encoding of null checksums in stealth mode - * sh_hash.c: fix repeated printing of acl/attributes in database dump - * sh_unix.c: fix option useaclcheck ignored if both useaclcheck and - useselinuxcheck are supported - -2.3.4 (01-05-2007): - * sh_processcheck.c: fix missing init of sh_prochk_res array before - check (leads to degrading functionality over time and 'fake pid' - warnings; reported by D. Ossenbrueggen and - soren dot petersen at musiker dot nu) - * sh_processcheck.c: fix memory leak - * sh_kern.c: for 2.6.21+ don't check proc_root_lookup (not possible - anymore? proc_root_inode.lookup != proc_root_lookup) - * sh_extern.c: flush streams before forking (problem if [Prelink] - used together with prelude logging, reported by M. deJong) - * fixed compilation of kern_head (regression cause by cross-compiling - fix; problem reported by S. Clormann) - * more typos fixed (reported by John Horne) - -2.3.3 (27-03-2007): - * fixed typos in configure.ac and manual (reported by John Horne) - * don't use mysql_options on x86_64, since libmysql is broken - * fixed cross-compiling (patch by Joe MacDonald) - * refactor sh_kern.c, sh_suidchk.c - * fix bug with leading slashes in linked path of symlinks within - the root directory - * sh_kern.c: check PCI ROM (Linux), refactor code - * move file descriptor closing more towards program startup - * kernel check: support OpenBSD 4.0 (wishlist) - * fix samhain_hide module (in-)compatibility with recent kernels - (reported by Jonny Halfmoon) - -2.3.2 (29-01-2007): - * fix regression in full stealth mode (incorrect comparison of - bytes read vs. maximum capacity), reported by B. Fleming - -2.3.1a (21-01-2007): - * fix incorrect use of sh_gpg_fill_startup if option --with-fp is used - (reported by zeroXten) - -2.3.1 (21-01-2007): - * fix bug that may cause accidental closure of yule TCP socket - (problem reported by B. Masuda) - * fix sh_kern.c for kernel 2.6.19 (reported by S. Clormann) - * don't use sstrip in 'make deb', since dh_shlibdeps uses objdump - (reported by B. Masuda) - * rm report.pl from rules.deb.in (reported by B. Masuda) - * samhainctl(): longer timeout (bad status reporting at startup, - reported by Phil and by Dan Track) - * sh_portcheck.c: make connect errors more descriptive - * sh_portcheck.c: fix ignored setting of PortCheckActive - * sh_processcheck.c: add statvfs, and wrap for EINTR - * sh_portcheck.c: add wrappers for EINTR - * report user and executable for hidden processes - * fix update failure if reportonlyonce = false (reported - by D. Strine) - * fix compile error in sh_portcheck.c (problem on cygwin - reported by J. D. Fiori) - * check filenames ending in space (also for utf8 spaces) - * check and escape csv formatted db listing - * cache results of sl_trustfile_euid() - * trustfile: use 4096 for MAXFILENAME, switch to strncpy - * CL option -v|--version for info on version and compiled-in options - -2.3.0a (01-11-2006): - * fix compile failure with portcheck + stealth (reported by lucas) - -2.3.0 (01-11-2006): - * fix concurrency for inserts in oracle db - * add acl_(new|old) to database schema - * check for selix attributes and/or posix acl - * new option UseSelinuxCheck (bool) - * new option UseAclCheck (bool) - * regression tests for above - * add module to check for open ports - * add module to check processes (hidden/fake/missing) - * use const char* for argument of module configuration callbacks - -2.2.6 (31-10-2006): - * fix missing support for MacOX X init script (reported - by Daniel Kowalewski) - * fix error about non-readable file with no checksum required - * fix server warning about 'no server name known' - * fix 'make deb' makefile target - * fix default export severity for server - -2.2.5 (05-10-2006): - * fix broken Install.sh, reported by Alexander Kraemer - * workaround for glob(3) sillyness on MacOS X (reported by David) - * fix for broken resorce fork check (reported by David) - * fix for broken compilation on cygwin (reported by Elias) - -2.2.4 (03-09-2006): - * add regression test for the GrowingLogFiles issue to test suite - * fixed sh_unix.c: bug in database init if GrowingLogFiles used - with signed database (reported by Timothy Stotts) - * bug in manual fixed (incorrect documentation of --enable-user, - noticed by M. Brown) - * rc.subr compatible init script for FreeBSD/NetBSD - * improve routine to find rpm after build - * add netbsd rc file from Brian Seklecki (taken from pkgsrc-wip) - * fix error in manual (location of lock file) - * fix bug with SuidExclude (files in directory were still checked) - -2.2.3 (31-07-2006): - * fix samhainadmin.pl: check for gpg-agent running if use-agent is set - (ticket #28 by anonymous) - * fix stealth mode (regression in parser), problem reported by - Joschi Kuphal - * fix minor typo in sh_database.c (compile problem reported by - Joschi Kuphal) - -2.2.2 (17-07-2006) - * minor fixes for regression test scripts - * minor updates to the manual (suggested by Brian A. Seklecki) - * fix sh_kern.c, kern_head.c: kernel rootkit detection for 2.6.17+ - (problem reported by Leonhard Maylein) - * fix samhain_hide.c for 2.6.17+: use module_param() if MODULE_PARM - is not defined - -2.2.1c (11-07-2006) - * fix sh_extern.c: sh_ext_add_default() cast to (void) was too early - (Solaris 8 build failure reported by Jesse) - * fix sh_unix.c: wrong prototype for sh_unix_mlock() - if HAVE_BROKEN_MLOCK (AIX 5.2 build failure reported by - Jonathan Kaufman) - -2.2.1b (20-06-2006): - * fix compile error on SuSE 10.1 (reported by Leonhard Maylein) - -2.2.1a (15-06-2006): - * fix compile error on i686/MacOS X (reported by Andreas Neth) - -2.2.1 (13-06-2006): - * fix gcc 4 warnings and build failure on x86_64 (debian bug #370808) - * fix compiling with Oracle (noticed by Colapinto Giovanni) - * fix configure.ac for most recent autoconf version - (debian bug #369503) - * fix a regression that would make impossible local updates w/clients - * fix a few missing '\n' in sh_getopt.c - * sh_kern.c: fall back on mmap() if read() fails on /dev/kmem - * fix Solaris package creation - * recognize Solaris doors and event ports - * fix the idmef_inode_t patch: provide required info to avoid stat() - * fix bug on database update: fill in dev and rdev fields - * fix get_file_infos() in sh_prelude.c: avoid premature return - * GCC_STACK_PROTECT_CC: AC_TRY_COMPILE -> AC_TRY_LINK - * deploy.sh: allow to set a group for hosts upon installation - * patch by Yoann: fix an issue when setting the idmef_inode_t object - * fix memory leaks in error paths in sh_prelude.c - * fix concurrent inserts with postgres in sh_database.c - * code cleanup - * fix manual version in spec file, first noticed by Imre Gergely - -2.2.0 (01-05-2006): - * patch by Jim Simmons for samhainadmin.pl.in - * fix testsuite portability problems - * fix md5 endianess problem detected on HP-UX 11i / PA-RISC 8700 - * fix potential NULL dereference in sh_utmp_endutent() - * patch by Neil Gorsuch for suidchk.c (do not scan lustre, afs, mmfs) - * fix sh_ext_popen (OpenBSD needs non-null argv[0] in execve) - * fix make_tests.sh portability (echo '"\n"' does not work on OpenBSD) - * fix bug in sh_utils_obscurename (check isascii) - * scan h_aliases for FQDN if h_name is not - * add copyright/license info to test scripts - * add copyright/license info to deployment system scripts - * support server-to-server relay - * new CL option --server-port - * minor improvements in manual - * patch by Yoann Vandoorselaere for sh_prelude.c - * allow --longopt arg as well as --longopt=arg - * verify checksum of growing log files (up to previous size) - * rewrite of the test suite - * added a bit of unit testing - * minor optimizations in various places - * optimized implementation of tiger checksum algorithm - * read in 64k blocks (faster than 4k) - * sh_unix.c, sh_hash.c: support file flags on *BSD, update Linux - file attribute code - * kern_head: fix compilation of kernel check module on OpenBSD - * updated samhainrc.linux, samhainrc.freebsd - * sh_unix.c: fix setrlimit (RLIMIT_NOFILE, ..) - * sh_files.c: fix missing use of flag_err_info - * sh_tiger0.c: remove repetitive use of mlock - * slib.c: remove fcntl's from sl_read_timeout (caller sets O_NONBLOCK), - add function sl_read_timeout_prep - -2.1.3 (13-03-2006): - * fix compile problem in slib.c (reported by Lawrence Bowie) - * fix bug with combination of one-shot update mode and file check - schedule (reportedby Dan Track) - * improved the windows howto according to suggestions by - Jorge Morgado - * fix samhain_hide kernel module for new linux kernel versions - * fix minor problem with dead client detection (problem reported - by Michal Kustosik) - -2.1.2 (10-01-2006): - * fix startup error with combination of gpg+prelude - -2.1.1a (22-12-2005): - * fixed a stupid bug in sh_files.c (break if file = dir) - -2.1.1 (21-12-2005): - * sh_calls.c: protect sh_calls_set_bind_addr against overriding - * comINSTALL, updateDB: use locking - * samhainadmin.pl: use locking - * fix typos in samhainrc.solaris (noticed by Robby Cauwerts) - * improve zAVLSearch (remove redundant strcmp) - * use AVL tree in sh_files.c instead of linked list (better scaling) - * fix bug with suidcheck (no update/check in one-shot mode with - schedule instead of check interval; noticed by R. Rati) - * fix for problem with '-t update -i' if daemon mode (problem report - by Peter van der Does) - * fix for bug in sh_util_ask_update (two returns were required ...) - -2.1.0 (31-10-2005): - * minor fix for cross-compiling with --with-kcheck - * sh_forward.c: handle bad fds in the select() fd sets - (reported by hmy) - * sh_extern.c: fix debugging code - * slib.c, sh_calls.c, sh_calls.h: improve handling of O_NOATIME - (reported by Gabor Kiss) - * makefile.in: fix for solaris package creation - * sh_mail.c, sh_readconf.c: mail filtering options - * sh_database.c: Oracle reconnect on connection failure - (bug report by Alexander A. Sobyanin) - * sh_unix.c: don't purge MYSQL_UNIX_PORT environment variable - (problem reported by Peter) - * sh_calls.c: fix for a HP-UX accept() problem caused by the gcc4 fix - * fixes for gcc 4.0.2 compiler warnings - * ability to use daemon mode together with update - (wishlist Yoan Vandoorselaere) - * fixes for debugging - -2.0.10a (22-08-2005): - * fix for overlapping directory check specification (reported by Bub) - -2.0.10 (21-08-2005): - * fix for segfault (free() on a constant string) with libprelude - (problem reported by Grae Noble) - * upgrade FreeBSD kernel check to 5.4, minor fixes - * useful script for users of Linux kernel check - (contributed by marc heisterkamp) - * documentation improvements (suggested by Brian Seklecki and Robby) - -2.0.9 (25-08-2005): - * samhain_erase.c: add #define for NULL - * sh_suidchk.c: fix incorrect use of escaped filename - * sh_prelude.[ch], sh_readconf.c: configurable mapping from - samhain severity to prelude severity - * sh_unix.h: second arg of gettimeofday should be NULL - * sh_files.c: fix checking of directory special file (use specified - policy, not that of parent dir, problem found by Brian A. Seklecki) - * sh_entropy.c: longer timeout for entropy collector - * sh_socket.c, sh_forward.c: allow probing of clients for - necessity of configuration reload - * yulectl: minor fixes, option -v (verbose), new command PROBE - * fix 'File not found' messages for files flagged with IgnoreMissing - * sh_database.c: strip newline from oracle error messages - * sh_files.c: fix rsrc fork issue with MacOS X Tiger - (reported by A. Koren) - * never compute checksum if not checked (problem report by D.Hughes) - * sh_prelude.c: cleanup and bugfix by Yoann - * sh_hash.c: for prelude, make sure mode is supplied with user/group - and vice versa - * sh_prelude.c: provide proper FileAccess objects (bug - report by Mihai Ilinca) - -2.0.8 (03-07-2005): - * configure.ac: use $LIBPRELUDE_PTHREAD_CFLAGS rather than - $LIBPRELUDE_CFLAGS (bugfix by Yoann) - * samhain.spec.in: remove support for chkconfig (it's too buggy). - Strangely, if invoked as install_initd it behaves sanely ... - * src/sh_err_log.c: fix key input (this time for real) - * fix --with-altlogserver (bug from 2.0.7b) - * remove server socket in start/stop script - -2.0.7e (not released): - * Makefile.in: introduce a total of 6 sec delay for 'make' utilities - that use 1 sec resolution, and consider target out-of-date if - timestamp(target) = timestamp(dependency) ... - * src/sh_err_log.c: fix key input - * another fix for yulectl (use pwent->pw_dir) - * dsys/comINSTALL, dsys/comUNINSTALL, dsys/comBUILD: fix PATH - -2.0.7d (not released): - * one more fix for the spec file (stupid rpm finds tags in comments!!!) - -2.0.7c (not released): - * test/testrun_1b.sh, test/testrun_2b.sh: use $GPG_PATH - * dsys/comINSTALL, dsys/funcDB, dsys/funcINSTALL: some bugfixes - * samhain-install.sh.in: fix test -z $verbose - * sh_hash.c: speedup database reading - * Makefile.in: fix the problem that BSD make would make too much - * deploy: yulerc.clients -> yulerc.install.db, provide - $defdatabase for backward compatibility - * deploy: allow for comma in client_install_date - -2.0.7b (not released): - * hp_ux.psf.in: fix psf file - * dsys/comINSTALL: fix $yule_date -> $yule_data - * Makefile.in: fix 'make depot' - * sh_tools.c, sh_unix.c: fix detection of open file limit - * sh_readconf.c: reset read_mode after reading conf file - * yulectl.c: better error messages, use homedir from getpwuid(geteuid) - * init/samhain.startLSB.in: fix misleading message in lsb init script - * sh_forward.c: better display for nonce u in debug mode - * sh_tiger*.c: fix checksum for HP-UX 64bit - * samhain.c: don't fetch database twice - * configure.ac: accept nodename for --with-logserver=... - * samhain_setpwd.c: return proper exit status for samhain_setpwd - * respond to SIGTERM on initializing - * fix problems with samhainadmin.pl - * sh_utils.c: fix bug with AddOKChars (found by Karol) - -2.0.7a (not released): - * remove 'df' from entropy gatherer (NFS may hang) - * modify va_copy check (doesn't work with HP-UX PA64 compiler) - * fix compile warnings in sh_database.c - * samhain-install.sh.in: check for /usr/bin/false in /etc/shells - * fix install-boot on HP-UX - * aclocal.m4: fix configure CL parsing to recognize VAR=VALUE - -2.0.7 (11-06-2005): - * yet another fix for the spec file (use internal dependency generator) - * sh_error.c, sh_prelude.c: init libprelude after open fds are closed - * error message if queue is full - * fix two compiler warnings on HP-UX - * fix sh_mail.c for Interix (no resolver routines) - * fix sh_unix_initgroups2() if no initgroups() function (bug reported - by Geries Handal) - * remove references to 'struct timezone' (Interix; problem - reported by Geries Handal) - * init/stop for prelude on SIGHUP - * sh_cat.h: fix a stupid bug with messages classes - * manual: new section on nagios (with help from kiarna), - more on prelude - * sh_prelude.c: cleanup and improvements (Yoann Vandorselaere) - * default prelude profile name now is 'samhain' (lowercase) - * sh_readconf.c: new option PreludeProfile (by Yoann Vandorselaere) - * remove obsolete check for linux/module.h, linux/unistd.h - * remove dependency on virtual/glibc in gentoo ebuild - (problem reported by Willis Sarka) - -2.0.6 (01-03-2005): - * sh_prelude.c, configure.ac, aclocal.m4: support for - libprelude 0.9 (Yoann Vandoorselaere) - * sh_html.c: fix bug with entry.html template (reported by - Stephane Sanchez) - * Install.sh: fix mandir option (reported by Rodney Smith) - * Fixed Linux/64bit bug in definition of EUIDSLOT - * New targets 'make depot', 'make depot-light' (HP-UX, untested) - * Use sstrip for RPMs and DEBs (automatic stripping disabled) - * Fix aclocal.m4 for autoconf 2.59 (missing $ac_cr_alnum et al., - problem noticed by Yoann Vandoorselaere) - * Modify samhain.spec.in to disable automatic stripping upon install - * Fix deploy.sh + '--enable-gpg', and fix 'make rpm' and 'make deb' - for '--with-khide' (problems reported by Mark) - * Fix compile error in sh_tools.c on HP-UX 10.20 - (problem reported by Dennis Boylan) - * Runtime configuration of server listening port (wishlist) - * Runtime configuration of server listening interface (wishlist) - * Ignore SIGTTIN (consistency) - * Use SIGTTOU to force file check (wishlist) - -2.0.5b (01-04-2005): - * Fix build problem b/o timestamp on stamp file - -2.0.5a (16-03-2005): - * Fix problem with 'make rpm' (reported by Dirk Brümmer) - -2.0.5 (02-03-2005): - * Fix bug with partial reads from clients in server - (bug report by Brian) - * Support gpg checksum bootstrap with yule - * Support mount option check on HP-UX - * For MAIL FROM, use 'example.com' as domain part if - hostname is numeric (problem reported by Eric Raymond) - * The HOWTO-write-modules has been updated. - * Convenience functions to insert data in database have been - added. - * Use int0x03 only on i386 in sh_derr() (portability problem - reported by John Mandeville) - -2.0.4 (09-02-2005): - * Fixed broken 'make deb' (problem report by olfi) - * Fixed minor bug in test scripts (detection of gmake vs. make) - * Fixed Tru64/OSF compile warnings (reported by B. Terp) - * Normalize list parsing to allow comma, space, and tab as separators - * Some more descriptive error messages in kern_head.c - * Absolute path to utilities in init/samhain.startLinux.in - * Fixed is_root variable in deploy.sh - * Fixed 'deploy.sh info' - * Fixed 'deploy.sh install' client startup - * Fixed 'make tbz': don't remove ebuild scripts in 'make dist' - (issue reported by W. Sarky) - -2.0.3 (14-12-2004): - * Fix CPPFLAGS with mysql/postgresql (repoted by P. Smith) - * Fix missing sys/time.h include in slib.c (reported by Jonas) - * Workaround for file closing problem with Prelude+GPG - * Fixed memory leak with Prelude. - * Fixed bug in samhain_stealth (PGP signature not correctly - retrieved from hidden configuration; report and patch by V. Tuska) - * Added Perl script to concatenate file signature database files - * Fix compile error with combination of --enable-nocl and - --enable-stealth (reported by Zdenek Polach) - * Fix bug in dsys/initscript with --enable-nocl - * Fix declaration of sh_kern_timer() - * Fix missing Mounts+Userfiles options in appendix of manual - * Updated the README (bug report by H. Franzke) - * Fix some compiler warnings - -2.0.2a (09-11-2004): - * Fixed OoM condition when client rc file not found (reported by Eilko) - -2.0.2 (08-11-2004): - * Fixed buffer overflow in sh_hash_compdata() (only in 'update' code) - * Fixed uninitialized variable in sh_mail_msg() (problem reported - by Michael Milvich) - * Fixed potential NULL pointer dereference in sh_hash_compdata() - -2.0.1 (01-11-2004): - * Fixed compilation bug reported by jue (--with-kcheck broken). - * Fixed start option (bug reported by sanek). Behaviour wrt. - environment variables depended on the way the daemon was started. - -2.0.0 (31-10-2004): - * The deployment system has been rewritten from scratch in - a cleaner and more modular and extensible way. Deployment - of native packages is supported now. - * The build system has been revised. Building outside the source - directory is supported now. - * Support for checksumming of prelinked executables / libraries - has been added. - * The configure script now checks for the SSP/ProPolice patch in GCC, - and enables it if present. - * The install-boot option in samhain-install.sh has been fixed - (use absolute paths for sbin utilities). - * A nagios plugin (scripts/check_samhain.pl) has been added. - * The LSB (Linux Standard Base) init script has been fixed (the output - was incorrect). - * Fetching of built binary packages has been - fixed ($(PACKAGE)->@install_name@). - * For files in proc, the timeout has been reduced, and no error - messages are issued upon timeout. - * A function has been added to print out full details for missing - files if encountered while in sh_files(). - * The reporting for SuidCheck has been fixed (incorrect policy - noticed by JiM). - * On Linux, SuidCheck does not report on files marked as candidates - for mandatory locking (group-id bit set, group-execute bit cleared). - * Fix for oracle init script (by Matt Warner) - -1.8.12b (11-10-2004): - * fix bug in MSG_MSTAMP (%ld -> %lu) - * fix bugs in sh_suidchk.c (%ld -> %lu), check fopen for NULL, - mkdir mode for quarantine directory - * fix the fix for modlist_lock search in System.map - -1.8.12a (01-10-2004): - * fix bug in samhain-install.sh.in (only occurs on Solaris), reported - by J. Roland - -1.8.12 (27-09-2004): - * fix compile bug with --enable-static + --with-database=postgresql - * fix search for modlist_lock in System.map - * password auth for yule command socket (request by D. Kocic) - * more info about pending/sent commands to clients - -1.8.11 (30-08-2004): - * fix static linking on Linux by use of replacement routines from - uClib - however, this means, there is no NIS support anymore - * new option AddOKChars=... to modify the set of characters for - filenames considered 'obscure' - * new option HardlinkOffset=... to specify an offset from the canonical - hardlink count for a directory - * fix some warning with HP 11.23 native compiler - * fix minor OpenBSD portability problems (EIDRM, compiler warning) - * samhainrc.5, samhain.8: updated the man pages - * sh_unix.c, sh_files.c: ignore 'no user/group' and 'obscure name' - for AllIgnore - * sh_kern.c: fix 'update' to display modifications - * sh_kern.c: fix bug with IDT check (spurious alerts b/o uninitialized - fields) - * stealth kernel modules: fix for linux 2.6, fix - redefine of KERNEL_VERSION - * warn about stealth kernel module problem with 2.6 in manual - * sh_unix.c: remove some cruft - * fix a typo in the manual (noticed by J. Rubin) - * configure.ac: re-order output from libprelude-config (required - for static linking - problem reported by E. Neber) - * kern_head.h, kern_head.c: fixes for Linux 2.6 kernel - -1.8.10b (13-07-2004): - * fix incorrect usage of 'retry_msleep()' in sh_kern.c (reported - by Pat Smith) - -1.8.10a (13-07-2004): - * depend-gen.c: fix for FreeBSD 'make' which does not understand - the dependencies ... (problem reported by David Thiel) - -1.8.10 (13-07-2004): - * sh_unix.c/sh_unix.h: fix defaults for 'GrowingLogFiles' policy - (bug report by VZoubkov) - * fix some warnings (unreachable statement) with HP-UX native compiler - * kern_check.c: silence warning about 'sendfile' for 4.10 - (noticed by Ryan Beasley) - * modify depend-gen.c to ignore sh_gpg_chksum.h - * add a non-plaintext version of GPG_HASH (sh_gpg_chksum.h) - * .. and for fingerprint - * sh_suidchk.c: fix some compiler warnings on solaris - * allow commas to separate multiple entries in a RedefXXX= directive - * replace sleep/usleep with nanosleep wrapper function - * replace alarm() for read timeout with select() in sl_read_timeout - (should fix bug reported by Scott Kelley) - * increase lstat/open timeout to 6 sec - -1.8.9 (16-06-2004): - * made 'no action specified' error message more informative - (suggested by Stephen Gill) - * fix memory leak in mysql sh_database_query() (bug report by Dejan) - * remove some cruft from the code - * sh_files.c: check MacOS X resource forks (idea from Osiris) - * sh_files.c: no hardlink check for MacOS X - * sh_util_ask_update: fix bug with no terminal in non-interactive mode - (report and debug data by Kris Dom) - * manual refactored - * fix redundant messages when updating with suidcheck - * allow interactive update for suid files - * don't remove the TZ environment variable to guard against - misconfigured hosts - * also use gethostname if uname returns possibly truncated name - * fix improper file descriptor handling in sh_mail.c (bug report - by Alex Weiss) - * cleanup MBLK cruft - * use SH_ALLOC/SH_FREE in sh_prelude.c - * update sstrip to Version 2.0 - -1.8.8 (25-05-2004): - * fix compilation problem on AIX 5.2 (nameser_compat.h; report by - Tim Evans and Ian McCulloch) - * don't check for trusted paths on Cygwin - * add Windows HOWTO written by Kris Dom - * kern_check.h: extend FreeBSD syscall table for 5.x - -1.8.7a (03-05-2004): - * sh_mail.c: fix subject length - * sh_mail.c: fix the sh.mailNum.alarm_last fix (report by Kris Dom) - * sh_utils.c: sh_util_ask_update(): fix ISO C conformance bug - (compile problem reported by Kris Dom) - -1.8.7 (01-05-2004): - * sh_mail.c: fix incorrect count of sh.mailNum.alarm_last, causing - empty mails (introduced with segfault fix in 1.8.6, report - by Kris Dom) - * sh_utils.c: sh_util_ask_update(): check whether stdin is a terminal, - try to reopen on controlling terminal if not - * sh_utmp.c: fix order of options (problem report by Uri) - * sh_files.c: sh_files_chk(): set tmp = NULL at end of loop - (may cause segfault on null dereference for missing files) - * sh_unix.c: patch by Marc Schütz (order of sh_unix_getinfo_type, - sh_unix_getinfo_attr) - * don't use dh_installmanpages in 'make deb' (samhain/yule conflict - reported by xavier) - * on HP-UX, define _XOPEN_SOURCE_EXTENDED in sh_mail.c and sh_tools.c - (suggested by Kris) - * include nameser_compat.h in sh_mail.c (for MacOS X, - suggestion by jna) - * sh_utmp.c: fix time for logout events (reported by Erich - van der Velde) - -1.8.6 (15-04-2004): - * add CL option to set threshold for prelude and RDBMS - * sh_mail.c: fix bug with MailSubject option (segfault on NULL pointer - dereference; reported by Micha Silver) - * fix compiling with --disable-encrypt (reported by Pat Smith) - * fix minor problem in scheduler (don't return before all schedules - are tested, to set last_exec correctly) - -1.8.5 (05-04-2004): - * fix bugs in sh_utmp.c (unlinking of list head); may fix an OpenBSD - problem (endless loop; report and debugging aid by Joe MacDonald) - * fix hardlink check (null dereference in error message, segfaults - on solaris - noticed by Bob Bloom) - * sh_suidcheck: don't truncate quarantined file if nlink > 1 - * fix Install.sh (no --seperate-output with --radiolist); patch by - Greg Kimberly - -1.8.4 (17-03-2004): - * add Prelude patch by Patrice Bourgin - * add license statement to sh_mounts.c, sh_userfiles.c after - receiving a clarifying e-mail from Cian Synnott - * support UsePersistent = no for Oracle (problem spotted and fix - tested by Michael Somers) - * fix bug in samhainadmin.pl - * sh_gpg.c: describe type of gpg error (if any) - * fix persistent connections with postgresql (reported by - Erwin Van de Velde) - * prelude: local 'meaning' shadows global in sh_prelude_alert - (spotted by David Maciejak) - * uname: workaround for cases where nodename would be a possibly - truncated FQDN (problem reported by Cian Synnott) - * re-write parts of sh_kern.c, store kernel info in baseline database - -> no need to recompile after kernel upgrade - * modify timeouts in sh_unix_getinfo, add timeout warning - * change handling of dangling symlinks (store in db) - * fix typo with MSG_FI_OBSC2 (double slash) - * remove redundant operation in sh_utils_safe_name - * fix occasional random start bytes of long messages in - sh_error_string (sl_strlcat -> sl_strlcpy) - * provide details for missing files (as for added files) - * remove duplicate message for no such group/user - * add fixes for samhain.oracle.init (supplied by Michael Somers) - * fix date insertion for Oracle (fix by Michael Somers) - * manual: fix incorrect statement about RPM (noticed by - Lars Kellogg-Stedman) - -1.8.3 (02-02-2004): - * add a HOWTO-client+server-troubleshooting document - * fix another bug with SIGUSR2 (suspend mode) - * new option SetBindAddress (--bind-address=...) to force - interface for outgoing connections on multi-interface box - * don't link against libgmp if not required (i.e. standalone) - * test for ext2fs/ext2_fs.h or linux/ext2_fs.h - * new make targets 'emerge' and 'tbz2' for gentoo - * update rules.deb.in based on the Debian package - by Javier Fernandez-Sanguino - * updated config.guess, config.sub to version 2002-09-05 - * external command: report failure only once - * console: reset failure status after success - * README.UPGRADE: explain 1.7.x <-> 1.8.x client/server compatibility - * use persistent connection to database by default - * option UsePersistent=no to switch off persistent connection - -1.8.2 (19-01-2004): - * sh_userfiles.c: new option UserfilesCheckUids (requested) - * sh_error.c: server: don't log to logfile before dropping root - * new script scripts/samhainadmin.pl (administrative tasks for - signed config/database files) - * add changes code to log_msg for reports on modified files - * change default log threshold to 'mark', as 'none' tends - to confuse new users - * faster response time for SIGUSR2 - * revised (mostly backward-compatible) message classes - * fix missing check of mailTime in server select loop - * add support for libprelude (version 0.8.10) - * fix format for MSG_E_GRNULL (reported by Stefan Hudson) - * fix Bourne shell incompatibility (export) in samhain-install.sh - (first reported by David Thiel) - * fix typo in spec file (first reported by Christian Vanguers) - * remove some cruft (signal handler, memory handling) - * return from sigterm handler, rather than exit directly - (re-entrancy problem causes more problems than it's worth) - -1.8.1 (03-12-2003): - * fix gmp detection (problem pointed out by Nix) - * fix/improve the error message if test compiling with mysql fails - * new CL option --interactive for interactive db update - * fix some compiler warnings from IRIX MIPS compiler - * kern_head.h, kern_head.c: option to disable IDT check - * kern_head.h, kern_head.c: update kernel syscall table (2.4.20,2.6) - * sh_utmp.c: count number of logins (request by Erwin Van De Velde) - * change username -> userid, remove (long) userid (bug noticed - by Erwin Van De Velde) - * emit ADDED message for new SUID/SGID files - * add trailing slash to excluded directory if there is none - -1.8.0a (04-11-2003): - * sh_error.c: remove two debug printf's - -1.8.0 (31-10-2003): - * manual: make ps file fit on both a4 and letter paper - * sh_socket.c, sh_socket.h, sh_forward.c: socket interface - to send (quit/reload) commands to clients - * sh_forward.c, configure.ac: enable build with libwrap - (Wietse Venema's TCP Wrappers library) - * sh_ignore.c, sh_ignore.h, sh_files.c, sh_hash.c, sh_readconf.c: - new option to suppress messages for new and/or deleted files - * samhainrc.aix5.2.0: contributed by Christoph Kiefer - * samhain.c: fix compile warning on solaris (noticed by Ian Hunt) - * sh_database.c: undef debug code for oracle - * samhain.oracle.init: contributed by Joern Michael Krueger - * configure.ac, sh_utils.ac, Makefile.in, sh_modules.c, - sh_cat.c, sh_cat.h, sh_mounts.c/h, sh_userfiles.c/h: - check-mounts and userfiles modules contributed by eircom.net - * sh_utils.c: fix off-by-one bug in sh_util_compress() - * sh_forward.c, sh_tools.c, configure.ac: - version 2 client/server protocol - * sh_mail.c: add %S to include severity in subject (user request) - * sh_suidchk.c, 1093: fix warning about unused var 'flags' on FreeBSD - * samhain.h, sh_unix.h, sh_unix.c: extern inline -> static inline - for --enable-ptrace - * samhain.c: lower priority for 'uninitialized module' message - * sh_entropy.c: lower priority for message if /dev/random blocks and - /dev/urandom is available - * improved error messages in sh_readconf.c - * print system error message for getpwuid, getgrgid - * fix missing module init after SIGHUP (noticed by Cian Synnott) - -1.7.12 (13-10-2003): - * sh_mail.c: fix buffer overflow in mail handler (introduced in 1.7.10) - thanks to bug reports by Jason Martin and Matthew P. Cox - -1.7.11 (01-09-2003): - * samhain.c, samhain.h, sh_unix.c, sh_forward.c, sh_html.h: - - change SIG_USR1 to switch between dbg on/off - - change SIG_USR2 to switch between suspend on/off - - fix CLT_ILLEGAL to actually work - - introduce new state CLT_SUSPEND - - force reauthentication after suspend - * slib.c: change MAXFD from FOPEN_MAX (16) -> 1024 - * sh_suidchk.c: better AIX fs detection (Christoph) - * sh_entropy.c: increase buffer size for unix entropy gatherer - (problem reported by D. Danielson) - * default config files: add lots of comments, list more options - * sh_error.c: set default severities to 'crit' - * sh_readconf.c, sh_cat.c, sh_cat.h: stricter check on config - file syntax, issue warnings (triggered by C. Kiefer) - * Makefile.in: handle depend-gen errors more gracefully - * sh_err_console.c: fix bug in enable_msgq (reported by F. Behrens) - * configure.ac: workaround for mysql_config weird output - (reported by G. Faron) - * sh_unix.c, sh_tiger0.c: check IO limit during read of large files - * depend-gen.c: close streams before attempting to rename (Cygwin) - * Makefile.in: fail gracefully if depend-gen fails - * sh_database.c: sh_database_query(postgresql): fixed missing SL_ENTER - -1.7.10 (27-07-2003): - * FreeBSD init script: define $pidfile (reported by D. Thiel) - * sh_unix.c, sh_unix.h: fix compile error on AIX 4.2 - * sh_schedule.c: fix bad array size - * samhain.c: fix pid_t <> int casts - * sh_kern.c: fix repetitive messages - * configure.ac: try to bootstrap if TIGER192 not supported by gpg, - provide a detailed error message - * configure.ac: try harder to locate mysql - * docs/Changelog: retroactively add release dates, if known - * sh_mail.c: fix potential message truncation in mailer - * sh_unix.c, samhain.c, samhain.h: make --enable-ptrace more portable - * sh_readconf.c: fix segfault (dereference of uninitialized pointer) - if --with-gpg and --enable-stealth are used together (reported - by Anthony Caetano) - * sh_unix.c, samhain.c, sh_calls.c: fix problems with descriptive - error messages (larger GLOB_LEN, stat fills aud_err_message) - -1.7.9 (30-06-2003): - * sh_err_log.c: fix segfault on SIGABRT (dereference of freed memory), - problems with SIGABRT noticed by Brian and Alf B Lervåg - * deploy.sh.in: fix some bugs (found by Alf B Lervåg) - * scripts/chroot.sh: fix typo (found by Alf B Lervåg) - * configure.ac (khide): search also for 'd sys_call_table' (noted by - cuek_saja) - * strip whitespace before checking gpg checksum (noted by D. Thiel) - * manual (faq section): explain how to stop console output - * Makefile.in: fix re-naming of yule with --enable-install-name - * HOWTO-client+server.html: fix typo (noted by xavier renaut) - * configure.ac: escape '-' in awk regex (required by GNU awk 3.1.1) - -1.7.8 (28-05-2003): - * sh_unix.c: new mlock implementation with reference count - and page alignment (fix for solaris problem) - * kern_head.c: search also for 'xxxxxxxx d sys_call_table' - * sh_html.c: write status comment (for Beltane 2) - * add CL option --delimited for comma-delimited signature database dump - * sh_mail.c: check exit status of push_list to fix counting bug - (bug reported by Alan Moore) - * configure.ac: add error message to --with-libs - * fix spelling of $DAEMON in init script (noted by C. Grigoriu) - * fix missing initgroups() - -1.7.7 (06-05-2003): - * sh_forward.c: fix bug if compiled with --enable-udp, but disabled - in config file (found by Andy OBrien) - * sh_database.c: sh_database_entry(): size -> c_size (two places) - to fix writing of '\0' to arbitrary places :( - (problem pointed out by Stefan Giesen) - * profiles/*/configopts: fix --with-base -> --enable-base - -1.7.6 (24-04-2003): - * sh_forward.c, entry.html, head.html: fix/additions by Stefan Giesen - * fix samhain_hide for the O(1) scheduler used by RedHat: - configure.ac, acconfig.h: check for next_task in struct task_struct - samhain_hide.c: use find_task_by_pid if no next_task in task_struct - * samhain_erase.c: add MODULE_LICENSE("GPL") to fix warning - -1.7.5 (15-04-2003): - * sh_cat.c, sh_forward.c, sh_hash.c: fix double 'msg' tag - * manual: point out the bmaxdata problem on AIX in faq section - * trustfile.c: don't check symlinks (permissions of directory count) - * sh_schedule.c: fix problem with daylight saving switchover - * sh_samhain.c: close all open fd's >2 before reading the conf file - * sh_unix.c: fix dereferenced NULL pointer when exiting on non-existing - user - * sh_forward.c: fix dereferenced NULL pointer when exiting on udp error - * sh_forward.c: place timestamp code before select() timeout handler - * fix incorrect class of timestamp messages (conflict with manual) - * sh_readconf.c, sh_forward.c: new config option SetStripDomain - * configure.ac: add warning if /lib/modules/`uname -r`/build/include - not found - * samhain_hide.c: adapt for RedHat 2.4 kernel (fetch sys_call_table - address from System.map) - * sh_err_syslog.c: fix for Solaris - * samhain.spec.in: strip REQ_FROM_SERVER from config file install path - -1.7.4 (21-03-2003): - * configure.ac: fix bug in defargs (--with-base > --enable-base) - * aclocal.ac: detect unsupported options - * kern_check: add syscalls, skip unused syscalls - * fix Manual (--enable.../--with... inconsistency) - * add two HOWTOs (signed files, server/client) - * moved manual into new subdirectory docs/ - * add admin scripts by S.Bailey/M.Redinger - * option to have a version string in db file - -1.7.3 (23-02-2003): - * samhain-install.sh: use yule user key for signing on install - * fix a bug in sh_err_console.c (attempted write to const char) - * sh_gpg.c: if server, always use ~unprivileged_user/.gnupg - * Makefile.in: make target 'trustfile' depend on config.h - * configure.ac: don't use install_name before it is defined ... - * sh_tiger0.c: fix bug in checksum computation introduced in 1.7.2 - * samhain.c: make sure daemon cannot be forced into 'update' mode - * sh_hash.c: remove AIX workaround (AIX has been fixed meanwhile) - -1.7.2 (04-02-2003): - * sh_kern.c: use sys_call_table address from System.map - * fix for reserved SQL keyword 'group' - * add AC_SYS_LARGEFILE to configure.ac - * allow separate client-specific log files for server - * sstrip.c: compile sstrip code only for i386 - * sh_unix.c: closeall: don't close trace file - * slib.c: don't trace sl_is_suid (leads to recursion in trace handler) - * samhain-install.sh.in: fix detection of LSB compliant systems - * sh_tools.c: get_client_*_file: lstat -> stat to allow symlinks - * sh_forward.c: sh_forward_do_write: set O_NONBLOCK for fd - (may block otherwise, for no good reason apparently ...) - * samhain.spec.in: replace %configure with ./configure - * sh_unix.c: re-write signal handling (use __malloc_hook et al. to - check whether we are in the middle of a free/malloc/realloc/memalign) - * sh_unix.c: use new safe_logger() function to log from signal handler - * sh_err_log.c: fix xml - * - * fix Makefile.in to exit non-zero on compile failure - * database init: create index on log_host, entry_status - * sh_suidchk.c: fix path building - * sh_tiger0.c: read larger blocks - * sh_hash.c: cast inode to UINT32 - * sh_tools.c: check that config/database files size fits in uint - * sh_error.c: export flag_err_debug to avoid unnecessary calls - * sh_unix.c: save the open() call in sh_unix_getinfo_attr() - * profiles/redhat_i386/bootscript: add # description field - * deploy.sh.in: set owner + permissions for files in yule_filedir - * profiles/debianlinux_i386: fix bootscript - * Makefile.in: fix deploy file lists and targets (include init+scripts) - * MLOCK GOOD/BAD -> SL_FALSE/SL_TRUE - * sh_mail.c: GOOD/BAD -> SL_FALSE/SL_TRUE (AIX sys/param.h) - * sh_err_syslog.c: split long messages rather than truncating - * sh_error.c: allocate msg to fix truncation limit - * sh_unix.c: closeall fd's >= 3 in non-daemon mode (inherited - filedescriptors may exceed FOPEN_MAX, causing problems in - sl_open_file) - * sh_err_console.c: avoid stdio - * trustfile: dirz: make swp[] static - * slib.c: speed up sl_strlcat - * clean up some bad heap allocation (PATH_MAX+(1|2) -> PATH_MAX) - * remove some unused code - * slib.c: support long long int in the snprintf replacement - * configure.ac: new configure macro to check whether sa_sigaction works - * Makefile.in: make sstrip, encode dependent on config.h - -1.7.1a (08-01-2003): - * fix a syntax error in samhain-install.sh.in - -1.7.1 (07-01-2003): - * search runlevel scripts in ./init or ./ - * handle all distro-specific Linux runlevel script issues - within a single script - * support install-boot on Yellow Dog Linux and Slackware - * samhain-install.sh: fix a bug for unknown Linux - ('"' not closed, DVER not set) - * samhain-install.sh: check for /etc/yellowdog-release - * sh_database.c: fix missing entry for 'userid' in attr_tab[] - * fix debian.rules.in (disable sstrip) - * update make targets: 'srpm', 'srpm-dist', 'rpm' - * check for zlib if mysql is used - * workaround for NetBSD bug with libresolve - * fixed problems with spec files - -1.7.0 (22-12-2002): - * improved spec files (Andre Oliveira da Costa <brblueser@uol.com.br>) - * sh_unix.c: fix a dereferenced static pointer in tf_trust_check - * runlevel scripts: remove pid file after stop - * make the data directory read-only for the daemon - * treat 'localhost' specially in MX resolver - * sh_err_log.c: set sh.flag.log_start == TRUE after writing </trail> - * deploy.sh.in: fix quoting (fix by Simon Bailey) - * slib.c: make sl_get_euid et al. behave well if uids not stored - * trustfile.c: use euid = uid(SH_IDENT) if server - * sh_mail.c: include an MX resolver - * Makefile.in: install-user routine for user installation - * have yule drop root - * sh_tools.c: open_temp use logdir if server - * unified options for runlevel script - * HP-UX, IRIX runlevel scripts - * AIX inittab entry - -1.6.6 (13-12-2002): - * configure.ac: solaris cc -O2 -> -xO2 - * sstrip.c: avoid alpha architecture - * profiles/solaris/configopts: no --enable-static - * sh_forward.c: sh_forward_req_file: copy argument to local array - -1.6.5 (04-12-2002): - * sh_utmp.c: set userlist = NULL in sh_utmp_end () - * sh_unix.c: do not assume that environ is sane - * exit handler: write </trail> - * sh_log_file(NULL): test sh.flag.log_start != S_TRUE - * FreeBSD rc script does not blindly accept content of pid file - * configure.ac: allow 'localhost' for log server - * sh_calls.c: retry_connect: ntohs (port) - * testrun_2[abc].sh: --with-logserver=localhost for client - -1.6.4 (12-11-2002): - * sh_tools.c: fix error when escaping '=<' - * fix the 'make srpm' target - * deploy.sh.in: avoid that client is named 'yule' - * define memset to sl_memset - * fix type cast of uid_t, gid_t - -1.6.3 (31-10-2002): - * fix options for Sun/Solaris native compiler - * sh_unix.c: MSG_FI_LIST (line 2333): cast theFile->size to fix error - * test sstrip on freebsd - * default config file for freebsd - * make target to build .deb packages - * sh_readconf.c: fix bug in error message - * samhain.c, sh_suidchk.c: fix initialization of suidchk - * samhain-install.sh.in: don't remove config file by default - * samhain-install.sh.in: support complete de-installation - * samhain-install.sh.in: add support for Gentoo, FreeBSD, and Solaris - * samhain-install.sh.in: check more paths - * sh_unix.c: fix sys_siglist declaration [NetBSD portability issue] - * sh_calls.c: save error message in retry_lstat() - -1.6.2 (04-10-2002): - * make target to build rpms - * update samhain.spec.in, samhain.startRedHat - * support DESTDIR, as in 'make DESTDIR=/what/ever install' - * explicitely set -fno-omit-frame-pointer b/o gcc bug - * mv configure.in to configure.ac to benefit from autoconf wrapper - * sh_modules.c, sh_modules.h: add mod_reconf() to run at SIGHUP - * slib.c: fix debug messages (no msgs for dlogActive <= 1) - * sh_schedule.c, samhain.c, sh_suidchk.c: - scheduler may accept multiple schedules - -1.6.1 (04-09-2002): - * sh_schedule.c: bugfix (executes only after first day) - * rm obsolete WITH_TRACE stuff - * new dlog() function for debug logging - * some more descriptive error messages - -1.6.0 (27-08-2002): - * omit the -fomit-frame-pointer option (bugs in some gcc versions ?) - * sh_error.c: fix escape mode when logging to database - * sh_forward.c: fix error (twice escape) in recv_syslog_socket - * sh_tools.c: change escape mode for server-received data - * sh_mem.c: change ulong -> size_t in sh_mem_malloc() - * configure.in: fix localstatedir if --prefix=USR - * sh_hash.c: snprintf() -> sl_snprintf() - -1.5.5 (07-08-2002): - * sh_err_log.c: fix incorrect xml syntax for client messages - logged by server - * sh_err_log.c: fix incorrect '</trail>' entries on client EXIT - * sh_files.c: introduce file_class_next - this fixes the problem that a policy for the directory - inode erroneously becomes a policy for the directory itself. - -1.5.4 (17-07-2002): - * sh_hash.c: fix buffer overflow with (micro-)stealth - * sh_database.c: set path[] 1024 -> 12288 - * sh_database.c: set query[] 2048 -> 16383 - * sh_database.c: set values[] 1024 -> 16383 - * sh_forward.c: larger limit for message size (16 kB) - * trustfile.c: set MAXFILENAME 2048 -> 4096 - * fixed a bug in the handling of filenames with embedded newlines - * sh_files.c: fix missing sh_util_safe_name() in debug output - * --with-sender can specify a full address - * fix xml log in a backwards compatible way - -1.5.3 (03-07-2002): - * fix combination of stealth and sql logging - * fix some more places where invalid UIDs/GIDs trigger errors - -1.5.2 (01-07-2002): - * include solaris config file from (sean [at] boran d.o.t com) - * test for files/dirz defined twice in the configuration file - * option to disable reverse lookup on outbound connections - * option to use socket peer as client name (with name resolving) - * sh_html.c: fix an HTML bug (twice </head><body>) - * sh_suidchk.c: fix warning on AIX b/o dirname() - * allow logging server -> syslog if yule is NOT configured to - receive syslog messages - * define PRIi64 to "lld" if undefined - * invalid UIDs: use gid/uid as name, error level SeverityNames - * minor fixes for connect_port - * sh_hash.c: flush output of db listing before _exit() - * configure.in: fix incorrect default ${install_name} for server - * configure.in: try harder to find mysql.h / libpq-fe.h - * sh_files.c: sh_files_checkdir: - closedir() early to not exhaust OPEN_MAX - -1.5.1a (30-05-2002): - * fix missing LSB init script - -1.5.1 (27-05-2002): - * fix '-t update' option - -1.5.0a (23-05-2002): - * fix configure.in - -1.5.0 (22-05-2002): - * include solaris nosuid patch from (nathoo [at] co d.o.t ru) - * similar fix for bsd nosuid - * speed up -t update - * convert manual to DocBook, distribute html and ps - * fix some more problems with configure.in, Makefile.in - * fix testsuite, add tests for udp, mysql - * MSG_TCP_MSG: host -> remote_host - * convert to autoconf 2.53 - * make c_bits.sh exit with status 0 - * sh_database.c #include "mysql.h" --> <mysql.h>, ditto libpq-fe.h - to avoid dependency tracking problems - * samhain.c remove *YULE* #ifdefs - * acconfig.h remove *YULE* #undefs - * samhain.c: procdirSamhain: lstat --> stat (allow symlink) - * configure.in: add checks for correct user input - * Makefile.in: add automatic dependency tracking - * depend-gen: tool to figure out dependencies - * chkconfig comments in redhat start scripts - -1.4.8: - * sh_database.c: fix missing attr_old, attr_new, (from)host columns - * configure.in, Makefile.in: fix an error in the configfile - definition with REQ_FROM_SERVER - * sh_err_console, sh_err_log: avoid recurrent failure messages - * timeout on read from files (/proc) - * fix errrors with setjmp/longjmp/alarm - * fix memory leak in server (~20 byte/file download in sh_tools, 930) - * check gpg signature for files downloaded from server, add a - regression test - * fix chown in solaris bootscript - * provide second scheduler for file check - * provide scheduler for file check - * provide scheduler for SUID check - -1.4.7 (08-04-2002): - * make daemon control LSB-compliant (arguments, exit status) - * set log_ref = 0 for server messages - * boolean option SetDBServerTstamp to disable entering server - timestamps for received client messages into database - * sh_suidcheck: check for "nosuid" mount option if getmntent is used - * fix logrotate script in manual (reported by Scott Worthington) - * don't strip numerical IP addresses - * check item->status_now != CLT_TOOLONG in client_time_check() - * set log_host to client in db client message - -1.4.6a (20-03-2002): - * define prefix in deploy.sh - -1.4.6 (19-03-2002): - * modify samhain_hide.c to hide processes on new Linux kernels - * better error diagnostics in kern_head.c - * fix compile error in all_items () - * check length of install-name in enable-khide (max is 15) - * define exec_prefix in deploy.sh.in - * make configure a bit more cross-compiler friendly - -1.4.5 (07-03-2002): - * Make sure missing file is reported even if ptr->reported == S_TRUE - because the file has been added. - * propagate 'reported' flag from sh_files_checkdir() into file list - * close checkfd in sh_gpg_check_file_sign() - * sh_derr(): kill(parent, SIGCONT) after ptrace(PT_DETACH,...) - * use sh.srvcons.name in dbg() to get debugging info from daemon - * option to log file timestamps with localtime instead of GMT - * comment out MSG_FI_ADD in sh_dirs_chk () - obsoleted by mandatory - sh_files_filecheck(directory) that triggers MSG_FI_ADD in sh_hash.c - * set ptr->reported = S_FALSE; for reappeared files in sh_files_chk() - to make sure re-disappearing will get reported - * new function sh_hash_set_missing() to remove file record - without (duplicate) 'missing' message - * make sure all items are reported for added files - * fix stealth mode with sh_kern (encode sh_ks.h -> sh_ks_xor.h) - * clarify in the documentation which gpg options to use for signing - -1.4.4 (11-02-2002): - * check that parent process has exited before writing PID file - * promote MGG_W_CHDIR to SH_ERR_ERR - * add error message to sh_unix_testlock - * fix missing _() macro in sh_aud_set_functions - -1.4.3 (05-02-2002): - * don't check attributes for symlinks (may cause device access) - * add USE mysql; USE samhain; to samhain.mysql.init - * point out the MessageHeader/mysql problem in manual - * add -lz to LIBS for mysql - * strip after install, avoid double strip - -1.4.2 (27-01-2002): - * support for EGD - * fix some more problems with install-deploy / deploy.sh - * fix a bug in profiles/suselinux_i386/bootscript (INSTALL_NAME_) - * fixed the 'external logging' test (init rather than none in rc file) - -1.4.1: - * SuSE: include run level 4+5 - * install location of hiding kernel modules changed - some insmod - variants do not test for /lib/modules/$(uname -r)/module_name.o - * new make targets 'install-deploy', 'uninstall-deploy' - * fixed make targets 'deploydir', 'deploydirfast' - * bail on unsupported CL option in deploy.sh - * fix various bugs in deploy.sh - -1.4.0 (16-01-2002): - * fixed missing 'dirname' on Mac OS X - * fixed && tested for/with postgres - * 'user=' -> 'userid=' (reserved word in sql) - * fix the endianess + size of file database; this changes db format - for any non-Linux OS - * --enable-old-format for old (V1.3) database format - * getopt, samhain.c, samhain.h: option -f to loop if not daemon - * sh_hash: list numeric + char data to allow file db update on - server side - * sh_database: modify handling of integer (long) data - * sh_database: datetime in database - * sh_database: hash field in database - * sh_database: rewrite database insert string construction - [use INSERT INTO log (fields) VALUES (values);] - * makefile suse 7.x runlevel entries - -1.3.7 (06-01-2002): - * fix incorrect escape in sh_tools_safe_name - * fix sh_error_handle (4. argument) in sh_extern.c - -1.3.6c: - * fix segfault in sh_database (mysql logging) on solaris - -1.3.6b (03-01-2002): - * fix syntax error ('==') in Makefile.in - * fix configure.in (path for /lib/modules/$(uname -r)/build/include) - * fix sh_kern.c (redeclaration of 'j') - -1.3.6 (03-01-2002): - * sh_kern.c: check integrity of int 80h vector - (SucKIT rootkit - Phrack 58) - * make sure childs in sh_kern are wait()'ed for - * provide start/stop/restart/reload/status interface - * fix a potential segfault (dereferenced NULL pointer) in the server - * use sh_util_flagval for sh_unix_setdaemon - * documentation for logging to SQL database - * configure.in: check for -I/lib/modules/$(uname -r)/build/include - * fix trustfile.c to ignore invalid users - * separate 'make install-samhain' and 'make install-yule' - * separate default log/pid/config files for server/client - - less problems running server and client on same host - * rewrite deploy.sh(.in): - - don't use (make|install) if deploying - - use command line options - - better integrate into server environment - - write install db - * always write a pidfile if daemon - * don't use server's config file as fallback for downloading client - * don't overwrite config file when doing 'make install' - -1.3.5 (28-12-2001): - * fix --enable-message-queue for newer glibc versions - * log to SQL database: implemented, but undocumented yet, - needs to be tested further - * xml: escape received syslog messages - * xml: rename 'time' to 'tstamp' - * make targets: make [un]install-[boot-]yule - (for server-only installation) - * fix samhain_hide.c for 2.4 kernel - * fix sh_kern for updated samhain_hide.c - * new option -j to just list the logfile - * sh_getopt.c: recognize -Dt check for -D -t check - * sh_tiger0.c: fix compiler warning (memmove) on Solaris - -1.3.4 (12-12-2001): - * sh_suidchk.c: option to limit files per second - * sh_unix.c: option to limit (kilo)bytes per second - * sh_hash.c: fix potential problem with '\n' in filename - (not backward compatible if there are filenames with '=') - -1.3.3 (03-12-2001): - * sh_readconf.c, samhain.h, samhain.c, sh_suidchk.c: - option SetNiceLevel to set scheduling priority - * sh_hash.c: bugfix for database listing on Solaris - * taus_seed: bugfix for emergency backup rng seed - * sh_util_safe_name: fix for XML - * sh_utmp_set_login_activate: use sh_util_flagval - * sh_utils.c: sh_util_obscurename: rm 'space' from list - * more backtrace macros - * sh_util_flagval: fix bug to recognize 1/0 - * fix test scripts testtimesrv.sh, testext.sh (test.sh 6/5) - * rm stray debug fprintf in sh_srp.c - -1.3.2 (27-11-2001): - * sh_hash.c: fix an error introduced in 1.3.1 - * set RLIMIT_CORE to RLIM_INFINITY if --enable-debug - -1.3.1 (25-11-2001): - * slib.c: get backtrace with --enable-debug - * sh_unix.c: allow core dumps when --enable-debug - * configure.in: fix default message queue permissions - * sh_suidchk.c: automatically include suid/sgid files in database - * sh_suidchk.c: check all suid/sgid files - * sh_hash.c: don't insert duplicates when reading the database - * sh_utmp, sh_kern, samhain: fix 1sec offset in timer - * sh_unix.c: don't require /dev/random to be non-world-writeable - * server: fix segfault in zAVLTree.c if avltree == NULL (no clients) - * client: fix segfault on Solaris if path_conf == NULL - * testrun_1b.sh: \(^/.*\) -> \(/.*\) for Solaris sed - -1.3.0 (31-10-2001): - * support compiling with GNU gmp library - * set 3 sec timer on client_time_check to avoid excessive (and - unnecessary) calls under heavy load - * replace sl_strlen with a macro - * store client_t structure in AVL tree - * database format incompatible with previous format, up the magic# - * sh_html.c: cache entry template for speedup - * slib.c: reset islong(double) in sl_printf_count - * sh_hash.c: report on rdev change - * sh_hash.c: print size in 64 bit - * sh_hash.c: save in absolute size types - * sh_unix.c: get values as appropriate type (time_t, dev_t, ...) - -1.2.10: - * update MANUAL - * sh_unix.c: tiger_hash -> tiger_generic_hash - * sh_readcon.c: DigestAlgo option - * sh_tiger0.c: add MD5 and SHA1 - * sh_unix.c: fix minor problem with win2k/cygwin - -1.2.9 (17-10-2001): - * fix problem with entry template/empty hostname - * fix MASK_USER_ (MTM -> ATM) - * typo fixed in configure.in (${install_name} -> {install_name}) - * bugfix group_old -> size_old in XML code - * skip armor header in signed files - -1.2.8 (29-09-2001): - * Mac OS X: in sh_getopt.c, rename table[] to op_table[] to avoid - obscure compiler warning - * Mac OS X: fix test scripts - * Mac OS X: import newest config.guess, config.sub from ftp.gnu.org - * implement deadtime in syslog recv code to protect against flooding - * sh_err_log: sl_close(fd) if lock|forward fails - * compliance with Filesystem Hierarchy Standard -- Version 2.2 final - * add policies User0, User1 - * fix compile problem (FreeBSD) in sh_suidchk.c - * macro to check for debugger breakpoints (linux/i386) - * check for solaris (does not work) in sh_derr (--enable-ptrace) - * option to listen on 514/udp for syslog, drop root - irrevocably if compiled thus - * use (check_mask & MODI_ATM) to decide whether to reset utime - * reset the policy masks on sighup - * option to write XML log messages - * cleanup of message catalog - * modified error messages for BADCONN - * error messages for Rijndael - * block recursive error messages within sh_error_handler() - - would hang the machine ... - - -1.2.7: - * sh_files, sh_utils: check top level directory - * sh_kern, sh_cat, kern_head: check syscall code, fork subprocess - for reading from /dev/kmem - * include /boot in default samhainrc - * change source distribution signing/packaging system - * Makefile, README, MANUAL: adhere to file system standard, - document new locations - * fix a bug in samhain_hide.c - -1.2.6: - * reset list of trusted users before config file re-read - * TrustedUser=... can be a list - * fix severity for files missing from IgnoreAll - -1.2.5: - * include example_pager.pl, example_sms.pl scripts - * explain paging/sms setup in docs - * allow manual exclusion of a directory in suidcheck - * automatically track all file changes - * remove missing files from in-memory database - * add $(KERN) to DEPLOYFILES - -1.2.4: - * log IP address for login/logout events, if supported by the OS - * release block in globerr (callback) - -------------- - -1.2.3: - * fix problem with reading stealth configuration - * fix a few formats in sh_cat.c - * always use strncmp for file system type check in sh_suidchk.c - (trailing 'fs' may be system specific for some types) - * no bare LF in messages (RFC 2822) - * no lines longer than 998 chars (RFC 2822) - * fix error in testrc_1 - -1.2.2: - * make tmp file directory a compile time option - * fix minor bugs in tmp file allocator (potential memory leak, - double slash if root directory) - * obsolete testpipe script removed - -1.2.1: - * fix memory alignment in rijndael-api-fst.c: blockEncrypt() - * fix byte order in HMAC code (compatibility fix for Linux/HP-UX) - * removed a debug fprintf() - -1.2.0: - * fix a bug in the HMAC implementation (thanks to Cesar Tascon - for help in tracking down this one) - * module to check the file system for SUID/SGID files - -1.1.16 (never released): - * fix the recursion depth -1 option as described in the manual - * optional database reload on SIGHUP - * fix a race condition when checking that /dev/random is a charakter - device - * redirect stderr to /dev/null for c_random - (AIX may segfault in netstat...) - * check whether /dev/random is a charakter device in c_random.sh - (we know at least one sysadmin who has set up a fake /dev/random ...) - * don't give NULL as 2. and 3. arg to execve if not Linux - some - Unices (notably Solaris) don't like it - * init ptr = NULL in my_malloc (compiler warning) - * make the bitmask for tests configureable (suggestion by A. Dunkel) - * make the bitmask for tests a static variable - * make (database/logfile/lockfile) path configurable - (to run multiple instances of samhain from an NFS share - on the - wishlist of J. Patton) - -1.1.15 (never released): - * fix minor error in testcompile.sh (rm test_log only at start) - * return from subroutines on sig_terminate == 1 - (faster exit on SIGTERM) - * fix re-configuration of addresses - * use sh_util_flagval() in sh_mail_setFlag and sh_kern_set_activate - * SysV message queue as compile option - * config file option to set console device - * removed the pre 1.1.9 code bloat - * don't print the LOGKEY to the console - -1.1.14: - * fix an error in the setup consistency check - * make target to uninstall runtime files - * trustfile.c: check return code of readlink(), fix off-by-one error - * sh_files.c: fix placement of terminator after readlink() call - * sh_files.c: fix a missing set_suid()/unset_suid() - - suid should work, but is not recommended - - * more debug statements in c/s code - * avoid re-entry in sh_unix_sigexit - * put a block around free() and malloc() in wrapper functions - * ditto for glob()/globfree(), regcomp()/regfree(), fdopen()/fclose() - - i.e. avoid corrupting the heap from a signal handler - - -1.1.13: - * optimized the size of the configure script somewhat - * modify the compile and hash test scripts - * read '\0's in sh_unix_getline - * exponential schedule for connection attempts - * make stealth working properly with signed files - - config file should be signed now before embedding in picture - - * fix a race in using signed files - * updated err messages for PWNULL, GRNULL - * add missing shell script for test 11 - * add mandatory source file/line info with -p debug - * add mandatory source line info with BADCONN - * fix a latex error in the manual - -1.1.12: - * debug output to console if compiled with --enable-debug and - running as daemon - * make reportonlyonce=true the default - * make sure state changes of a file are always reported, even - with reportonlyonce=true - * Linux kernel modules (samhain_hide, samhain_erase) - * fixed incorrect return value of sh_util_flagval - * fixed an error in sh_files.c: happens with -t init and first - file that is checked does not exist - * revised install/uninstall targets in the Makefile - * module to check for clobbered kernel syscalls (tested on Linux 2.2) - * more diagnostic error messages in sh_gpg.c - * more diagnostic error messages in sh_mail.c - * error in mail.c fixed - (address -> address_list[i] for multiple recipients) - * docs updated, better(?) explanation of signed files - * skip over path in gpg checksum output - * check client name against IP address and FQDN - * fix for --disable-* in config file - * fixed a server crash (MSG_TCP_OKMSG without arg) - if the server is run with debug level output threshold - * catch EAGAIN in sh_gpg.c pipe reader - * fix the 'external logging' test to make it work on BSD - * error message if no local path to init DB - * check for i86/Solaris in configure (vsnprintf prototype) - * make SRP the default - -1.1.11: - * make log file verification more convenient - * fix problem with message classes in stealth mode - * linux: do not try to read file attributes for devices - * handle the root directory correctly (avoid "//" in listing) - * fix problems with blockin on FIFOs/char dev - pointed out by I. Rogalsky (rog@iis.fhg.de) - - open in nonblocking mode for read, then set to blocking - - open file only if regular - * fix alignment in memory profiler - -1.1.10: - * minor code cleanup - * fix an error in trustfile.c (handling of empty/incomplete - group entries in /etc/group, bug report by A. Capriotti ) - -1.1.9: - * compatibility option for old behaviour (plain hash instead - of HMAC, ECB instead of CBC mode) - * use CBC rather than ECB mode for encryption - * use HMAC-TIGER for message authentication codes - * handle NULL data in sh_tiger_hash - * option to set syslog facility (default is LOG_AUTHPRIV) - * longer timeout (300 sec) on /dev/random if no /dev/urandom - * fix minor output error with stealth option - * option not to log names of config/database files on startup - -1.1.8: - * fix error in syslog routine - * fix missing 'test' in configure.in - * fix error in replace_tab() in sh_html.c - * fix minor memory leak in sh_util_regcmp() - -1.1.7: - * timeout on read_mbytes (from /dev/random; fallback to /dev/urandom) - * fix for FreeBSD: ut_user -> ut_name in sh_utmp.c - * fix for Alpha: consider $ac_cv_sizeof_unsigned_int_ in configure.in - * fix for Alpha: format string in sh_tiger0.sh - * on Linux, now compiles cleanly with - -Wall -W -Wstrict-prototypes -Wcast-align - * fix problem with recursion depth - (pointed out by Vic <hvicha@mail.ru>) - * #include "sh_tools.h" in sh_unix.c and fix the - --with-timeserver option (reported by Vic <hvicha@mail.ru>) - * place read_port(), MSG_TCP_NETRP outside ifdefs - * close fd/zero skey before execve - * verify client name against socket peer - * ... with configureable error priority - * use strcmp() rather than strncmp() in search_register() - * fix race between lstat() and open() for checksum - (reported by dynamo <dynamo@ime.net>, - JJohnson <JJohnson@penguincomputing.com>) - * enable globbing for filenames - * fix Solaris problem: siginfo_t may be NULL - * fix missing SL_EBADGID in tf_trust_check - * test case for external scripts, fix flushing pipe - * fix a typo in sh_ext_type - * do an fdexec w/checksum on Linux if calling external program - * even safer tmp file creation - * allow db update - * fix compile options for --enable-debug - * fixed a spelling error in the output - * test program for full CS support (config/database download) - * tell which file is searched for cs download - -1.1.6: - * fix bug in sh_readconf_line (segfault on erroneous config lines) - -1.1.5: - * sh_unix.c: sh_unix_getinfo_attr: f -> flags - * use gettimeofday as last resort -1.1.4: - * fix AIX compiler warning in sh_forward (cast arg1 of sh_tiger_hash - to (char *) - * configure: add static link flags for some more os (from tar) - * don't strip twice (some stupid systems abort) - * fix for reading from /dev/random on non-Linux systems (untested) - * sh_mail.c: end all message lines with \r\n - * stealth: ignore \r, \" - * take out tracing from --enable-debug (presently useless anyway) - * fix some remaining cleartext with debug && stealth combined - * fixed a small memory leak in sh_err_log.c - -1.1.3: - * fixed circular logic in taus_seed() (fallback method only) - * fix for missing _SC_OPEN_MAX (runaway close()) - -1.1.2: - * implement message classes - * let server recognize client message severity and class - * secondary log server - * keep database in memory (allows to close file - if retrieved from server) - * encrypt client/server communication - -1.1.1: - * Compilation problems with native Solaris compiler fixed - * fill in euid/ruid variable - * manual.pdf --> MANUAL.pdf - * debug sh_util_formatted() - * http refresh 120sec for server stat page - * trace/debug options - * fixed problem with utmp.c options - * fixed problem with sh_mail_setaddress - * option for custom message header - * fixed problem in compdata - * fixed problem in mail verification - * remove eventual trailing '/' in file names - * fixed problem with report string for modified files - * option to report in full detail - -1.1.0: - * Move error messages to catalog - * Make error message format more uniform - * Wrap sytem calls that could be interrupted by signals - * Warn on append to database - * Option for full details on mod. files - * Option to report only once on mod. files - * Generally speaking, major modifications with potential new bugs - -0.9.5: - * sh_hash.c: fixed erroneous checksum for config file - * sh_html.c: fixed erroneous timestamp (last) - * sh_tools.c: fixed connect_port (set port for cached address) - * sh_srp.c: fix for '00' (='\0') in pw - (last two fixes by Andreas Piesk) - -0.9.4: - * samhain.c: fcntl(1, ..) -> fcntl(2, ..) - * sh_hash.c: copy 12 instead of 10 byte for c_attributes - * 'empty directory' WARN -> INFO - -0.9.3: - * FreeBSD fixes: - - c_random.sh: make sure /dev/random provides something - rather than nothing - - check for <netinet/in.h> and include it - - include <sys/types.h> early - - sh_utmp.c: fixed an occurence of ut_user - - sh_utmp.c: #ifdef HAVE_UTTYPE static char terminated_line #endif - - sh_forward.c: EBADMSG -> ENOMSG - * sh_unix.c: check return value of gethostbyname - * sh_entropy.c: fallback on /dev/urandom if /dev/random blocks for - more than 30 sec - * ... and fix the timestamp format ... - -0.9.2: - * ISO 8601 timestamps - * Bugfix in sh_utmp (timestring overwrite) - * don't use siginfo_t on Linux (garbage as of 2.2.14) - * check for Linux capabilities bug when dropping root - * include README for gcc compiler bug (pointed out by A. Piesk) - * explicitely set -fno-strength-reduce with gcc - * fixed ignoring missing files with the IgnoreAll policy - -0.9.1: - * more ext2flags (breaks backward database compatibility on Linux) - * IgnoreAll policy modified - missing/added files reported with - SeverityIgnoreAll (to handle files that may or may not be present) - * Check all files, not only regular ones - (bug in sh_files, originally introduced because checksum of - regular files only is computed) - -0.9: - * use O_NOATIME if supported - * --with-nocl takes argument (PW to re-enable CL parsing) - * no daemon mode if initializing database - * fixed segfault in yule with 'unknown file type' request - * enlarged MAX_GLOBS 24 -> 32 and made the array linear - * server uses last registry entry for any given client now - * deploy.sh script to deploy clients to remote hosts - * enhanced signal handling: SIGUSR1/SIGUSR2/SIGABRT/SIGQUIT/SIGHUP - * allow y/Y/n/N for login monitoring (in addition to 0/1) - * external logging scripts/programs - * trustfile.c: define STICKY on Linux - * reset signal mask when initializing - * EINTR_RETRY wrapper - * slib: sl_read, sl_write EINTR update - * use sstrip when installing - * more compact database format (breaks backward database compatibility) - * larger download packets - * TcpFlags unsigned char - * cast to (char *) head in write_port - * m(un)lock cast to (char *) - * (1 << 31) --> (1UL << 31) - * support e2fs attributes on Linux - * fixes for AIX and Solaris native compilers - * fixed Makefile for non-GNU make (pattern rule --> suffix rule) - -0.8.1: - * fixed 'is_numeric()' return value - -0.8: - * added option for static compilation - * added option for stealth with non-hidden config file - * added option for disabling command line parsing - * all options can be set in the configuration file now - * stealth: xor strings in database file - * fixed bug in mailer code ([] in HELO) - * print timestamp when asking for key - * 'micro' stealth mode (no hidden configuration file) - * simplified slib - * int->long for uids/gids in trustfile - * moved mailkey from data to code - * shell script for entropy (stronger default key) - * general code cleanup - * better error checking in client/server code - * detect out-of-sync messages - * check state across protocol passes in server - * make sure authentication is mutual - * file download to client - * reserve six file descriptors in server - * mlock queue buffer if LOG_KEY - * improved robustness in bignum (don't fail on free()) - * per-directory recursion depths - * RFC821 compliance: empty line at end of header, To field, Date field - * RFC821 compliance: make e-mail transfer relieable - * fix detection of hardlink changes - * checksum verification for calling gpg/pgp - * CL option '-S' not required for server-only binary - * eliminate CL options that may leak privileged information - if the program is SUID - * skip leading white space in configuration file - * allow nested conditionals in configuration file - * allow whitespace before and after '=' in configuration file - * don't leak file descriptors to child processes - * make message transfer relieable - * always report error on abnormal termination of connection - -0.7: - * support for alpha machines - * stop TCP logging after exit message - * limit connections in server (DoS attacks) - * move string handling to slib - * move file handling to slib - * timestring without space - * changed report format - * SUID bugfix - use euid when checking logfile ownership - * SUID bugfix - get root for lstat() - * SUID bugfix - get root for opendir() - * store number of hardlinks - * send no message if polling empty queue - * include tiger 64-bit implementation (portability) - * codes for error conditions - * mail check: handle multiple, overlapping audit trails - * security fix: no append to database if SUID - * fix sh_entropy.c (BUFSIZ -> BUF_ENT) - * read command line before config file - * PGP signing of config/database files - * checksum of config file reported - * checking for attributes only - -0.6: - * more syslogish priority specification - * fixed segfault in sh_mem_check, apparently this was also - the reason for the segfault in atexit() - * allow for compilation with SRP authentication - * fixed tiger checksum computation - * fixed broken logfile verification for second and further audit trails - * test program added - * documentation improved - * sh_forward_make_client: bug fixed in[8]->in[i] - * sh_error.h: fixed missing #include <errno.h> - * configure.in: fixed missing strerror() test - * sh_utmp.c: check logins/logouts - * check for missing files - * only reset access time if necessary - * O_EXCL in open() - * limit environment to TZ in execve (sh_entropy.c, not used on Linux) - * use trustfile() to determine whether logfile dir is trustworthy - * strip head instead of tail for numerical address - * store messages in fifo during log server outage - * re-init session key after server outage - -0.5 (21-12-1999): - * added option for mail relay server - * own popen() implementation in sh_entropy() (portability) - * fixed error in sh_util_basename() (returned NULL for base == "/") - * fixed segfault in strlcpy/strlcat (check for src == NULL) - * FILENAME_MAX -> PATH_MAX (HP-UX 10.20) - * use TIGER for 32-byte compilers (portability) - * fixed hash function (do not include stdlib.h) - * flush buffer before write in mailer code (IBM AIX 4.1) - * make mailer code non-forking - * cast argument of is...() to int (portability) - * return() after _exit() for braindead compilers (portability) - * optionally use inet_addr (portability) - * check for broken mlock() (HP-UX 10.20) - * minor code cleanups - * fixed incorrect size of munlock()'ed memory in sh_error_string() - * fixed a buffer overflow in the error printing routine - * fixed a buffer overflow in sh_util_safe_name () - * implement SRP session key exchange - * implement client/server facility - * implement @host/@end construct in configuration file - * preferably use uname(), and do gethostbyname() for FQDN - * make vernam cipher base numeric - * make OnlyStderr private in sh_error - * test -e "/dev/random" --> test -r "/dev/random" (portability) - * check for libsocket (portability) - * add #defines for IPPORT_SMTP, IPPORT_TIMESERVER (portability) - * eliminate superfluous /proc test - * some unreachable code removed - * cast to (byte*) replaced by cast to (word64*) in sh_tiger_hash() - * check for setresuid() if no seteuid() (HP-UX 10.20) - -0.4 (09-11-1999): - * make sure output from /dev/random has no NULL's - * one-time pad encryption for emailed keys - (better than nothing ...) - -0.3 (04-11-1999): - * logfile readable for group - * verify signatures for any file - * signature block in tarball - * use select() in time server routine - * better protection for session keys (mlock) - -0.2: - * fixed incorrect man page - * fixed incorrect example rc file - * recursive error logging should work now - -0.1: - * initial release -- on Samhain 1999, of course - -development start: - * probably 29-06-1999 - diff --git a/docs/Changelog b/docs/Changelog index c29cefe..d7e3594 100644 --- a/docs/Changelog +++ b/docs/Changelog @@ -1,4 +1,145 @@ -4.1.4: +4.4.10: + * fix for (very minor) memleak in sh_unix.c: sh_check_rotated_log() + * fix for memleak in sh_files.c: sh_files_checkdir(), not all cases for + scandir() covered (issue reported by T. Greulich) + +4.4.9: + * fix for double newline stripping when reading from database + +4.4.8 (01-05-2022): + * new server option Alias=alias@hostname (based on + patch by A. Hofland) + +4.4.7 (07-03-2022): + * fix compile error on MacOS + * disable dnmalloc for gcc 11 (regexec does not work) + * fix minor compile issues with gcc 11.2 + * fix problem with login/logout monitoring on MacOS (reported + by Peter) + * fix problem caused by switch from pubkey.gpg to pubkey.kbx + (reported by A. Hofland) + +4.4.6 (05-10-2021): + * fix Debian 10 compile problem in dnmalloc (mallinfo2), + reported by A. Hofland and others + * fix compile problem on Ubuntu 20 with 'make deb' + (Debian optimization CFLAGS clash with ASM for Tiger) + * fix 'make deb' issue when compiling as client + (reported by A. Hofland) + * fix issue with inotify (reported by Thorsten) + +4.4.5 (01-07-2021): + * fix a memory leak introduced in 4.4.4 + +4.4.4 (30-06-2021): + * fix more gcc 10 compiler warnings + * fix bug with signify-openbsd in client/server setup (reported + by Sdoba) + * patch by K. Hacene for reproducible database generation + * fix recognition of invalid compiler options in configure.ac + +4.4.3 (31-10-2020): + * allow console logging to a unix domain socket + * fix spurious cppcheck warnings + * fix gcc 10 compiler warning in sh_audit.c + * fix gcc 10 compiler warning in sh_ipvx.c + * fix gcc 10 compile problem in sh_tiger1_64.c + * fix gcc 10 compiler warning in sh_portcheck.c + +4.4.2 (01-08-2020): + * re-enabled reading options from option group [samhain] in my.cnf + * fix server install in configure.ac: samhainadmin.pl <-> ..-gpg.pl, ..-sig.pl + * add more verbosity to portable binary installer, fix minor issues + +4.4.1 (27-02-2020): + * fix compatibility problem with older (version 2.0.x) GnuPG + +4.4.0 (31-10-2019): + * support for OpenBSD signify as alternative to GnuPG + +4.3.3 (11-07-2019): + * fix broken 'make deb' makefile target + * eliminate obsolete 'sstrip' utility + * systemd support + * fix broken rpm specfile (patch by Franky Van L.) + * fix broken mysql init script + * fix some issues with link-time optimisation (option -flto with + recent gcc versions) + * fix compiler warning in sh_prelude.c + * add patch (by Kamel H.) to init for alternative root fs) + +4.3.2 (07-01-2019): + * fix compile failure on OpenBSD (reported by Mithrond) + +4.3.1 (25-09.2018): + * fix compile failure on non-Linux systems (reported by Romain and Tim) + * provide more information for error message about bad baseline + database file (issue raised by Romain) + +4.3.0 (10-09-2018): + * add support for /etc/subuid, /etc/subgid maps + * fix compiler warning on Ubuntu 18.04 + +4.2.4 (21-12-2017): + * fix 'clobbered by..' compiler warning is src/sh_portcheck.c + * fix compiler warning because of deprecated _BSD_SOURCE macro + * fix 'make deb' for Debian stretch (reported by Alasdair) + * add RPM spec file patch for SLES12 (by Pirmin) + * better fix for RPMTOP detection + * fix missing entry for yuleadmin.pl in RPM spec file + * fix bug in static dns resolver (reported by Piotr G.) + +4.2.3 (31-10-2017): + * fix order of search directories for 'make rpm' (issue reported by + Z. Drableg) + +4.2.2 (03-07-2017): + * fix bug with PortCheckSkip: for any given port, only first interface + specified in config is checked (reported by A. Hofland) + * fix PortCheck bug that occasionally causes spurious detections of + open ports (patch by A. Hofland) + * add success/failure message for closing baseline database at init + +4.2.1 (06-04-2017): + * fix for broken SetSocketPassword authentication + (reported by Todd Stansell) + * fix compile issue on Solaris 11 (reported by Rolf) + * fix alignment problem with semget() (reported by Rolf) + * fix dependency on chkconfig package on Redhat/CentOS: search + /etc/init.d/functions also under /etc/rc.d/init.d/functions + (issue reported by Ernie) + * fix build issue with musl libc (report & patch by A. Kuster) + * fix case sensitivity (tcp vs TCP, udp vs UDP) in portcheck + directives (reported by A. Hofland) + * fix documentation typo ('make deploy-install' -> + 'make install-deploy', reported by Ben) + * fix dsys/funcINSTALL: proper error message if no binary + packages built yet (problem reported by Ben) + * fix install-data: make datadir chmod conditional and + align with documentation + +4.2.0 (31-10-2016): + * fix handle tracefs (permission for stat denied) when running + suidcheck without root privilege (for testing) + * fix compiler warnings on gcc 6.2 + * fix incorrect mandir option in Install.sh (reported by David) + * add option 'SetAuditdFlags = r|w|x|a' to (re-)define flags supplied + to auditd (request by David) + * fix minor bug in error message (tf_trust_errfile needs copy to + keep relevant value). + * fix SH_DEADFILE (too big, some architectures have nlink_t + as uint16, e.g. FreeBSD). + * add portcheck option 'PortCheckDevice = device' to monitor a + device regardless of address assigned to it (patch by A. Hofland, plus + some additions) + * fix case sensitivity of severity/class options (issue raised by + A. Hofland). + * clarify restrictions for ProcessCheckPSArg (user manual) + +4.1.5 (09-08-2016): + * fix memory leak in server (reported by C. Doerr). + +4.1.4 (02-06-2016): * fix problems with wildcard pattern re-evaluation (reported by A. Ansari): - not stored if no match at startup @@ -487,7 +628,7 @@ * sh_mem.c: fix deadlock in debug-only code * Evaluate glob patterns for each run of file check * Add compile option to disable compiling with SSP - * Run SUID check in seperate thread + * Run SUID check in separate thread * By default disable scanning ..namedfork/rsrc (deprecated by Apple) 2.5.10 (12-10-2009): @@ -1394,7 +1535,7 @@ * fix hardlink check (null dereference in error message, segfaults on solaris - noticed by Bob Bloom) * sh_suidcheck: don't truncate quarantined file if nlink > 1 - * fix Install.sh (no --seperate-output with --radiolist); patch by + * fix Install.sh (no --separate-output with --radiolist); patch by Greg Kimberly 1.8.4 (17-03-2004): diff --git a/docs/FAQ.html b/docs/FAQ.html index b34f60c..facc7af 100644 --- a/docs/FAQ.html +++ b/docs/FAQ.html @@ -138,7 +138,7 @@ h1, h2, h3, h4, h5, h6 { the <a href="http://www.la-samhna.de/samhain/HOWTO-client+server-troubleshooting.html">HOWTO client+server troubleshooting</a> document.</li> </ul> </div> -<p><i>FAQ Revised: Wednesday 14 January 2015 20:41:15</i></p> +<p><i>FAQ Revised: Monday 17 September 2018 15:13:17</i></p> <hr><h2>Table of Contents</h2> <dl> <dt><b>1. Most frequently</b></dt> @@ -146,22 +146,21 @@ h1, h2, h3, h4, h5, h6 { <li><a href="#Most frequently0">1.1. Owner not trustworthy / Group writeable and member not trustworthy</a></li> <li><a href="#Most frequently1">1.2. samhain exits with the message "Untrusted path" for config/log/pid/database files</a></li> <li><a href="#Most frequently2">1.3. It does not log anything / Can't stop logging to console</a></li> -<li><a href="#Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></li> -<li><a href="#Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></li> +<li><a href="#Most frequently3">1.4. samhain exits with the message "Record with bad version number in file signature database"</a></li> +<li><a href="#Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></li> +<li><a href="#Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></li> </ul></dd> <dt><b>2. Build and install</b></dt> <dd><ul> -<li><a href="#Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></li> -<li><a href="#Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></li> -<li><a href="#Build and install2">2.3. "make" loops infinitely !</a></li> -<li><a href="#Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li> -<li><a href="#Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li> -<li><a href="#Build and install5">2.6. The executable is corrupted after installation</a></li> -<li><a href="#Build and install6">2.7. --enable-xml-log has no effect</a></li> -<li><a href="#Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></li> -<li><a href="#Build and install8">2.9. What is sh_tiger1.s?</a></li> -<li><a href="#Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li> -<li><a href="#Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></li> +<li><a href="#Build and install0">2.1. "make" loops infinitely !</a></li> +<li><a href="#Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li> +<li><a href="#Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li> +<li><a href="#Build and install3">2.4. The executable is corrupted after installation</a></li> +<li><a href="#Build and install4">2.5. --enable-xml-log has no effect</a></li> +<li><a href="#Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></li> +<li><a href="#Build and install6">2.7. What is sh_tiger1.s?</a></li> +<li><a href="#Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li> +<li><a href="#Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></li> </ul></dd> <dt><b>3. File checking</b></dt> <dd><ul> @@ -281,7 +280,11 @@ PrintSeverity=none Defining <tt>/dev/null</tt> as console device works as well, but is a bad idea, because samhain will open the device and write (i.e. it is a very inefficient method).<br><br></dd> -<dt><b><a name="Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></b></dt> +<dt><b><a name="Most frequently3">1.4. samhain exits with the message "Record with bad version number in file signature database"</a></b></dt> +<dd>This typically happens when the initialisation of the database has been +done repeatedly, i.e. by using '-t init' multiple times, without (re)moving +the previous database first before an initialisation.<br><br></dd> +<dt><b><a name="Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></b></dt> <dd><ul> <li>Nslookup is a program to query Internet domain name servers. </li> @@ -332,7 +335,7 @@ Below you can find some examples of good and bad <tt>/etc/hosts</tt> files: 127.0.0.1 localhost myhost xxx.xxx.xxx.xxx myhost.mydomain.tld myhost </pre></div><br><br></dd> -<dt><b><a name="Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></b></dt> +<dt><b><a name="Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></b></dt> <dd>The default is to log the hostname only, if you want the FQDN then there is an option for the server configuration: <div class="block"><pre> @@ -342,26 +345,18 @@ then there is an option for the server configuration: </dl> <hr><h2>2. Build and install</h2> <dl> -<dt><b><a name="Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></b></dt> -<dd>The Fedora Core kernel is patched to unconditionally deny reading -from /dev/kmem. Compiling the stealth kernel modules is not possible -under these circumstances.<br><br></dd> -<dt><b><a name="Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></b></dt> -<dd>The Fedora Core kernel is patched to unconditionally deny reading -from /dev/kmem. Checking the kernel for the presence of rootkits is -not possible under these circumstances.<br><br></dd> -<dt><b><a name="Build and install2">2.3. "make" loops infinitely !</a></b></dt> +<dt><b><a name="Build and install0">2.1. "make" loops infinitely !</a></b></dt> <dd>This may happen (e.g. when building via NFS for multiple architectures) if the relative timestamps in the source directory are wrong (time not in sync on different machines) or some intermediate target is unusable (up-to-date, but built for a different OS). Use "touch * && make distclean" in the source directory to recover.<br><br></dd> -<dt><b><a name="Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt> +<dt><b><a name="Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt> <dd>Ingo Rogalsky has provided the following information: It isn't possible to link Samhain statically with Solaris. This is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.<br><br></dd> -<dt><b><a name="Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt> +<dt><b><a name="Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt> <dd>For Linux, this is a known problem with --enable-static if you compile in MySQL support. The problem is that the <tt>mysql_config</tt> that comes as part of the MySQL @@ -377,7 +372,7 @@ not possible under these circumstances.<br><br></dd> <tt>mysql_config</tt>: search for the <i>client_libs</i> variable, and remove all instances of <i>-lnss_files</i> and <i>-lnss_dns</i>.<br><br></dd> -<dt><b><a name="Build and install5">2.6. The executable is corrupted after installation</a></b></dt> +<dt><b><a name="Build and install3">2.4. The executable is corrupted after installation</a></b></dt> <dd>The executable will get stripped during the installation. On suitable systems (i386 Linux/FreeBSD currently), additionally the "sstrip" @@ -387,14 +382,14 @@ not possible under these circumstances.<br><br></dd> The "strip" utility cannot handle the resulting executable, therefore trying to strip manually after installation will corrupt the executable.<br><br></dd> -<dt><b><a name="Build and install6">2.7. --enable-xml-log has no effect</a></b></dt> +<dt><b><a name="Build and install4">2.5. --enable-xml-log has no effect</a></b></dt> <dd>If you have compiled for stealth, you won't see much, because if obfuscated, then both a 'normal' and an XML logfile look, well ... obfuscated. Use <code>samhain -jL /path/to/logfile</code> to view the logfile.<br><br></dd> -<dt><b><a name="Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></b></dt> +<dt><b><a name="Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></b></dt> <dd>Install the SUNWbtool package.<br><br></dd> -<dt><b><a name="Build and install8">2.9. What is sh_tiger1.s?</a></b></dt> +<dt><b><a name="Build and install6">2.7. What is sh_tiger1.s?</a></b></dt> <dd>This is a precompiled assembly file for the i386 architecture generated from sh_tiger1.c using gcc 3.4.0 with the following options, that were found to generate the fastest code: @@ -410,11 +405,11 @@ because different versions of gcc can have very different performance, require different options to compile optimal code, and it would be impossible to maintain a library of optimal compile options for every version of gcc.<br><br></dd> -<dt><b><a name="Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt> +<dt><b><a name="Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt> <dd>Static linking is not supported on MacOS X, see <a href="http://developer.apple.com/qa/qa2001/qa1118.html">Technical Q&A QA1118</a>. This is a MacOS X issue and not a bug in samhain.<br><br></dd> -<dt><b><a name="Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></b></dt> +<dt><b><a name="Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></b></dt> <dd>The reason is often the shell script 'mysql_config' that comes as part of MySQL. This script is intended to print appropriate compiler flags for compiling applications that use MySQL. Unfortunately, since Sun compiles @@ -804,7 +799,7 @@ SetDBServerTstamp = true/false </pre></div> This will enable/disable logging of the server timestamp for client - messages. The server timestamp will be written to a seperate record, + messages. The server timestamp will be written to a separate record, with <i>log_ref</i> set to the value of <i>log_index</i> of the corresponding client message.<br><br></dd> <dt><b><a name="Database2">7.3. I don't want the client TIMESTAMP messages in the SQL database</a></b></dt> diff --git a/docs/HOWTO-client+server.html b/docs/HOWTO-client+server.html index e2d7d8e..12b6c14 100644 --- a/docs/HOWTO-client+server.html +++ b/docs/HOWTO-client+server.html @@ -143,7 +143,7 @@ you need to run a samhain client on this host as well. <p> Client and server are <b>distict applications</b>, and must be -built seperately. By default, installation names and paths (e.g. +built separately. By default, installation names and paths (e.g. the configuration file) are different. Do not blame us if you abuse './configure' options to cause name clashes, if you install both on the same host. diff --git a/docs/HOWTO-samhain+GnuPG.html b/docs/HOWTO-samhain+GnuPG.html index 013327f..43d31c6 100644 --- a/docs/HOWTO-samhain+GnuPG.html +++ b/docs/HOWTO-samhain+GnuPG.html @@ -328,7 +328,7 @@ to te secret key used for signing into the correct <b>pubring.gpg</b> file (this file can hold many public keys, e.g. of people sending you emails signed by them). </p><p> -So which is the correct file? Here we have to consider two seperate +So which is the correct file? Here we have to consider two separate cases: </p> <ol> diff --git a/docs/MANUAL-2_4.epub b/docs/MANUAL-2_4.epub Binary files differindex 2e5d3c7..55879f7 100644 --- a/docs/MANUAL-2_4.epub +++ b/docs/MANUAL-2_4.epub diff --git a/docs/MANUAL-2_4.html.tar b/docs/MANUAL-2_4.html.tar Binary files differindex b5fea43..ecd5f5d 100644 --- a/docs/MANUAL-2_4.html.tar +++ b/docs/MANUAL-2_4.html.tar diff --git a/docs/MANUAL-2_4.pdf b/docs/MANUAL-2_4.pdf Binary files differindex c83b2bd..c680640 100644 --- a/docs/MANUAL-2_4.pdf +++ b/docs/MANUAL-2_4.pdf diff --git a/docs/README b/docs/README index a512389..9c2957b 100644 --- a/docs/README +++ b/docs/README @@ -136,7 +136,7 @@ CLIENT/SERVER: ./configure --enable-network=client|server [more options] NOTE: client and server are __distict__ applications, and must be - built seperately. By default, installation names and paths are + built separately. By default, installation names and paths are different. Do not blame us if you abuse './configure' options to cause name clashes, if you install both on the same host. diff --git a/docs/README.sstrip b/docs/README.sstrip deleted file mode 100644 index b96c171..0000000 --- a/docs/README.sstrip +++ /dev/null @@ -1,40 +0,0 @@ -sstrip is a small utility that removes the contents at the end of an -ELF file that are not part of the program's memory image. - -Most ELF executables are built with both a program header table and a -section header table. However, only the former is required in order -for the OS to load, link and execute a program. sstrip attempts to -extract the ELF header, the program header table, and its contents, -leaving everything else in the bit bucket. It can only remove parts of -the file that occur at the end, after the parts to be saved. However, -this almost always includes the section header table, and occasionally -a few random sections that are not used when running a program. - -It should be noted that the GNU bfd library is (understandably) -dependent on the section header table as an index to the file's -contents. Thus, an executable file that has no section header table -cannot be used with gdb, objdump, or any other program based upon the -bfd library, at all. In fact, the program will not even recognize the -file as a valid executable. (This limitation is noted in the source -code comments for bfd, and is marked "FIXME", so this may change at -some future date. However, I would imagine that it is a pretty -low-priority item, as executables without a section header table are -rare in the extreme.) This probably also explains why strip doesn't -offer the option to do this. - -Shared library files may also have their section header table removed. -Such a library will still function; however, it will no longer be -possible for a compiler to link a new program against it. - -As an added bonus, sstrip also tries to removes trailing zero bytes -from the end of the file. (This normally cannot be done with an -executable that has a section header table.) - -sstrip is a very simplistic program. It depends upon the common -practice of putting the parts of the file that contribute to the -memory image at the front, and the remaining material at the end. This -permits it to discard the latter material without affecting file -offsets and memory addresses in what remains. However, the ELF -standard permits files to be organized in almost any order. So -although this procedure usually works in practice, it is not meant to -be taken too seriously. diff --git a/dsys/funcINSTALL b/dsys/funcINSTALL index 1e7f3d1..54b1ca2 100644 --- a/dsys/funcINSTALL +++ b/dsys/funcINSTALL @@ -399,6 +399,10 @@ selbinARCH() { then command="$command other" fi + if test $n -eq 0 + then + printFATAL "No binary packages built yet !" + fi eval ${command} m=$? diff --git a/include/sh_calls.h b/include/sh_calls.h index 7af5e08..a48ad88 100644 --- a/include/sh_calls.h +++ b/include/sh_calls.h @@ -75,8 +75,8 @@ long int retry_connect(const char * file, int line, long int retry_aud_dup2 (const char * file, int line, int fd, int fd2); long int retry_aud_execve (const char * file, int line, - const char *dateiname, char * argv[], - char *envp[]); + const char *dateiname, char *const argv[], + char *const envp[]); long int retry_aud_dup (const char * file, int line, int fd); long int retry_aud_chdir (const char * file, int line, diff --git a/include/sh_cat.h b/include/sh_cat.h index 0096206..806c7fd 100644 --- a/include/sh_cat.h +++ b/include/sh_cat.h @@ -75,7 +75,8 @@ enum { MSG_CHECK_0, MSG_CHECK_1, MSG_CHECK_2, - MSG_STAMP, + MSG_STAMP, + MSG_DCLOSE, MSG_D_START, MSG_D_DSTART, @@ -227,7 +228,8 @@ enum { MSG_TCP_EZERO, MSG_TCP_EBGN, - MSG_TCP_CREG, + MSG_TCP_CREG, + MSG_TCP_AREG, MSG_TCP_FAUTH, MSG_TCP_TIMOUT, diff --git a/include/sh_dbIO.h b/include/sh_dbIO.h index bbb316a..f06a588 100644 --- a/include/sh_dbIO.h +++ b/include/sh_dbIO.h @@ -58,4 +58,12 @@ int sh_dbIO_load_delta(); int sh_dbIO_list_binary (const char * c); int sh_dbIO_list_filter (const char * c); +/* alternative rootfs */ + +int sh_dbIO_init_rootfs (const char * rootfs); +size_t sh_dbIO_get_rootfs_len(); +char * sh_dbIO_rootfs_prepend(char * path); +char * sh_dbIO_rootfs_strip(char * path); +char * sh_dbIO_rootfs_strip_link(char * path); + #endif diff --git a/include/sh_dbIO_int.h b/include/sh_dbIO_int.h index 7dfd01d..4595852 100644 --- a/include/sh_dbIO_int.h +++ b/include/sh_dbIO_int.h @@ -21,7 +21,7 @@ #ifndef SH_DBIO_INT_H #define SH_DBIO_INT_H -#define SH_DEADFILE 0x44454144 +#define SH_DEADFILE 65535 typedef struct store_info_old { diff --git a/include/sh_files.h b/include/sh_files.h index c51c68e..15ad551 100644 --- a/include/sh_files.h +++ b/include/sh_files.h @@ -23,7 +23,8 @@ void sh_audit_mark (const char * file); void sh_audit_commit (); void sh_audit_delete_all (); -char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, char * result, size_t rsize); +int sh_audit_set_flags(const char * str); +char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, time_t atime, char * result, size_t rsize); struct sh_dirent { char * sh_d_name; diff --git a/include/sh_gpg_chksum.h b/include/sh_gpg_chksum.h deleted file mode 100644 index e5c31f0..0000000 --- a/include/sh_gpg_chksum.h +++ /dev/null @@ -1,53 +0,0 @@ -#ifndef CHKSUM_H -#define CHKSUM_H -char gpgchk[50]; -gpgchk[0] = '4'; -gpgchk[1] = '0'; -gpgchk[2] = '7'; -gpgchk[3] = '8'; -gpgchk[4] = '4'; -gpgchk[5] = '6'; -gpgchk[6] = '0'; -gpgchk[7] = '1'; -gpgchk[8] = '7'; -gpgchk[9] = '5'; -gpgchk[10] = 'D'; -gpgchk[11] = '0'; -gpgchk[12] = '1'; -gpgchk[13] = 'B'; -gpgchk[14] = '4'; -gpgchk[15] = '4'; -gpgchk[16] = 'B'; -gpgchk[17] = '5'; -gpgchk[18] = 'E'; -gpgchk[19] = '3'; -gpgchk[20] = 'A'; -gpgchk[21] = '4'; -gpgchk[22] = '0'; -gpgchk[23] = 'E'; -gpgchk[24] = '4'; -gpgchk[25] = '4'; -gpgchk[26] = '0'; -gpgchk[27] = '1'; -gpgchk[28] = '6'; -gpgchk[29] = '3'; -gpgchk[30] = '3'; -gpgchk[31] = '3'; -gpgchk[32] = 'C'; -gpgchk[33] = 'F'; -gpgchk[34] = '3'; -gpgchk[35] = 'C'; -gpgchk[36] = '5'; -gpgchk[37] = '6'; -gpgchk[38] = 'A'; -gpgchk[39] = '7'; -gpgchk[40] = 'A'; -gpgchk[41] = 'B'; -gpgchk[42] = 'D'; -gpgchk[43] = '9'; -gpgchk[44] = '1'; -gpgchk[45] = '9'; -gpgchk[46] = '6'; -gpgchk[47] = '6'; -gpgchk[48] = '\0'; -#endif diff --git a/include/sh_ipvx.h b/include/sh_ipvx.h index 4231044..03eae9c 100644 --- a/include/sh_ipvx.h +++ b/include/sh_ipvx.h @@ -47,7 +47,7 @@ int sh_ipvx_set_port(struct sh_sockaddr * ss, int port); /* Get the port */ -int sh_ipvx_get_port(struct sockaddr * ss, int sa_family); +int sh_ipvx_get_port(struct sh_sockaddr * ss); /* Save a sockaddress */ diff --git a/include/sh_gpg.h b/include/sh_sig.h index c6a1394..e3815c2 100644 --- a/include/sh_gpg.h +++ b/include/sh_sig.h @@ -17,30 +17,38 @@ /* along with this program; if not, write to the Free Software */ /* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#if (defined(WITH_GPG) || defined(WITH_PGP)) +#if defined(WITH_SIG) -#ifndef SH_GPG_H -#define SH_GPG_H +#ifndef SH_SIG_H +#define SH_SIG_H -#define SIG_CONF 1 -#define SIG_DATA 2 +typedef enum { + SIG_CONF, + SIG_DATA +} ShSigFile; /* Top level function to verify file. */ -SL_TICKET sh_gpg_extract_signed(SL_TICKET fd); +SL_TICKET sh_sig_extract_signed(SL_TICKET fd); +SL_TICKET sh_sig_extract_signed_data(SL_TICKET fd); /* this function exits if configuration file * and/or database cannot be verified; otherwise returns 0 */ -int sh_gpg_check_sign (long file, int what); +int sh_sig_check_signature (SL_TICKET file, ShSigFile what); + +int sh_sig_msg_start(const char * line); +int sh_sig_msg_startdata(const char * line); +int sh_sig_msg_end(const char * line); +int sh_sig_data_end(const char * line); /* log successful startup */ -void sh_gpg_log_startup (void); +void sh_sig_log_startup (void); #endif -/* #ifdef WITH_GPG */ +/* #ifdef WITH_SIG */ #endif diff --git a/include/sh_string.h b/include/sh_string.h index a0da6c2..dfa0cdb 100644 --- a/include/sh_string.h +++ b/include/sh_string.h @@ -67,6 +67,8 @@ size_t sh_string_read_cont(sh_string * s, FILE * fp, size_t maxlen, char *cont); * The number of fields is returned in 'nfields', their * lengths in 'lengths'. * A single delimiter will return two empty fields. + * The returned array is allocated memory, and its fields + * are modified parts of the 'line' parameter. */ char ** split_array(char *line, unsigned int * nfields, char delim, size_t * lengths); @@ -77,6 +79,8 @@ char ** split_array(char *line, unsigned int * nfields, * The number of fields is returned in nfields. * An empty string will return zero fields. * If nfields < actual fields, last string will be remainder. + * The returned array is allocated memory, and its fields + * are modified parts of the 'line' parameter. */ char ** split_array_ws(char *line, unsigned int * nfields, size_t * lengths); diff --git a/include/sh_subuid.h b/include/sh_subuid.h new file mode 100644 index 0000000..cedd0dd --- /dev/null +++ b/include/sh_subuid.h @@ -0,0 +1,24 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2018 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +/* These functions return NULL if the subuid/subgid is not found; + * else the user/group name is returned (needs to be copied). + */ +char * sh_get_subuid (unsigned long subuid); +char * sh_get_subgid (unsigned long subgid); diff --git a/include/sh_utils.h b/include/sh_utils.h index 2f4519c..986c6ab 100644 --- a/include/sh_utils.h +++ b/include/sh_utils.h @@ -178,9 +178,9 @@ char * sh_util_dirname(const char * fullpath); /* returns freshly allocated memory, return value should be free'd */ -char * sh_util_safe_name (const char * name) SH_GNUC_MALLOC SH_GNUC_PURE; +char * sh_util_safe_name (const char * name) SH_GNUC_MALLOC; -char * sh_util_safe_name_keepspace (const char * name) SH_GNUC_MALLOC SH_GNUC_PURE; +char * sh_util_safe_name_keepspace (const char * name) SH_GNUC_MALLOC; /* check max size of printf result string */ diff --git a/include/sh_xfer.h b/include/sh_xfer.h index f4d6108..c041828 100644 --- a/include/sh_xfer.h +++ b/include/sh_xfer.h @@ -83,6 +83,10 @@ int sh_xfer_set_interface(const char * c); */ void sh_xfer_html_write(void); +/* register an alias + */ +int sh_xfer_register_alias (const char * str); + /* register a client */ int sh_xfer_register_client (const char * str); diff --git a/include/slib.h b/include/slib.h index 9ca3608..fe9ae65 100644 --- a/include/slib.h +++ b/include/slib.h @@ -107,6 +107,7 @@ typedef long int SL_TICKET; /* Unique ID for opened files. */ #define SL_EREAD -1036 /* Read error. Check errno. */ #define SL_EWRITE -1037 /* Write error. Check errno. */ #define SL_ESYNC -1038 /* Write error. Check errno. */ +#define SL_ECLOSE -1039 /* Close error. Check errno. */ #define SL_EBADNAME -1040 /* Invalid name. */ #define SL_ESTAT -1041 /* stat of file failed. Check errno. */ @@ -225,6 +226,7 @@ extern "C" { * robust strn[case]cmp replacement */ int sl_strncmp(const char * a, const char * b, size_t n); + int sl_ts_strncmp(const char * a, const char * b, size_t n); int sl_strncasecmp(const char * a, const char * b, size_t n); @@ -437,6 +439,9 @@ extern "C" { int sl_read_timeout_fd (int fd, void * buf, size_t count, int timeout, int is_nonblocking); + int sl_read_timeout_fd_once (int fd, void * buf, + size_t count, int timeout, int is_nonblocking); + int sl_read_timeout (SL_TICKET ticket, void * buf, size_t count, int timeout, int is_nonblocking); diff --git a/init/samhain.startLSB.in b/init/samhain.startLSB.in index 2f23f99..f4585d1 100755 --- a/init/samhain.startLSB.in +++ b/init/samhain.startLSB.in @@ -2,8 +2,8 @@ ### BEGIN INIT INFO # Provides: @install_name@ -# Required-Start: $syslog $network -# Required-Stop: $syslog $network +# Required-Start: $syslog $network $remote_fs +# Required-Stop: $syslog $network $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Keep an eye on stuff diff --git a/init/samhain.startLinux.in b/init/samhain.startLinux.in index 81c5e92..55ceaaf 100644 --- a/init/samhain.startLinux.in +++ b/init/samhain.startLinux.in @@ -11,8 +11,8 @@ ### BEGIN INIT INFO # Provides: @install_name@ -# Required-Start: $syslog $network -# Required-Stop: $syslog $network +# Required-Start: $syslog $network $remote_fs +# Required-Stop: $syslog $network $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Keep an eye on stuff @@ -39,8 +39,15 @@ fi # Sort out sourcing in the distribution specific library functions # and the command to run them. if [ -f /etc/redhat-release ]; then + if [ -f /etc/init.d/functions ]; then . /etc/init.d/functions DISTRO=redhat + elif [ -f /etc/rc.d/init.d/functions ]; then + . /etc/rc.d/init.d/functions + DISTRO=redhat + else + DISTRO=generic + fi elif [ -f /etc/mandrake-release ]; then . /etc/init.d/functions DISTRO=redhat diff --git a/init/samhain.startSystemd b/init/samhain.startSystemd new file mode 100644 index 0000000..280be43 --- /dev/null +++ b/init/samhain.startSystemd @@ -0,0 +1,16 @@ + +[Unit] +Description=The samhain Service +After=network.target remote-fs.target nss-user-lookup.target + +[Service] +Type=forking +PIDFile=/run/samhain.pid +ExecStart=/usr/local/sbin/samhain start +ExecStop=/usr/local/sbin/samhain stop +ExecReload=/usr/local/sbin/samhain reload +Restart=on-abort +TimeoutStartSec=infinity + +[Install] +WantedBy=multi-user.target diff --git a/init/samhain.startSystemd.in b/init/samhain.startSystemd.in new file mode 100644 index 0000000..c043ed5 --- /dev/null +++ b/init/samhain.startSystemd.in @@ -0,0 +1,16 @@ + +[Unit] +Description=The @install_name@ Service +After=network.target remote-fs.target nss-user-lookup.target + +[Service] +Type=forking +PIDFile=@mylockfile@ +ExecStart=@sbindir@/@install_name@ start +ExecStop=@sbindir@/@install_name@ stop +ExecReload=@sbindir@/@install_name@ reload +Restart=on-abort +TimeoutStartSec=infinity + +[Install] +WantedBy=multi-user.target diff --git a/rules.deb-light.in b/rules.deb-light.in index 6b372d5..044aee6 100644 --- a/rules.deb-light.in +++ b/rules.deb-light.in @@ -7,25 +7,22 @@ # Modified to use mydefargs by Rainer Wichmann. # -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 -# This is the debhelper compatability version to use. -export DH_COMPAT=4 +%: + dh $@ --with-autoreconf -package=@install_name@ -# CAVEAT: including the --enable-base= option is for packages to be -# distributed INTERNALLY on your network, NOT for packages -# to be distributed to THIRD PARTIES +override_dh_clean: + [ ! -f Makefile ] || $(MAKE) distclean + -rm -f samhainrc.install + -rm -f build-stamp build-server-stamp build-client-stamp + dh_clean -build: build-stamp -build-stamp: - dh_testdir +override_dh_auto_configure: @top_srcdir@/configure @mydefargs@ - $(MAKE) - echo '#!/bin/sh' > ./sstrip - echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + +override_dh_auto_build: + dh_auto_build if ! test x$(PASSWORD) = x; then \ if test -f samhain_setpwd; then \ ./samhain_setpwd samhain new $(PASSWORD); \ @@ -33,81 +30,43 @@ build-stamp: mv samhain.new samhain; \ fi; \ fi - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp - -[ -f Makefile ] && $(MAKE) distclean - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs +override_dh_auto_install: $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/@install_name@ - # $(MAKE) install-light install-boot DESTDIR=`pwd`/debian/tmp - # However, remove the rc.d links - -rm -rf `pwd`/debian/tmp/etc/rc?.d +override_dh_install: + # However, remove the rc.d links + -rm -rf `pwd`/debian/@install_name@/etc/rc?.d # Remove samhain_stealth for light install - -rm -f `pwd`/debian/tmp/@sbindir@/@install_name@_stealth - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - - -# Build architecture-dependent files here. -binary-arch: build install -# dh_testversion - dh_testdir - dh_testroot - dh_installdebconf - # dh_installdocs - dh_installmenu - dh_installinit -- defaults 19 - [ -f debian/@install_name@.postinst.debhelper ] && \ - cd debian && \ - cat @install_name@.postinst.debhelper | \ - sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ - mv postinst.tmp @install_name@.postinst.debhelper - [ -f debian/@install_name@.postinst.debhelper ] && \ - cd debian && \ - cat @install_name@.postinst.debhelper | \ - sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ - mv postinst.tmp @install_name@.postinst.debhelper - [ -f debian/@install_name@.prerm.debhelper ] && \ - cd debian && \ - cat @install_name@.prerm.debhelper | \ - sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ - mv prerm.tmp @install_name@.prerm.debhelper - [ -f debian/@install_name@.prerm.debhelper ] && \ - cd debian && \ - cat @install_name@.prerm.debhelper | \ - sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ - mv prerm.tmp @install_name@.prerm.debhelper - # dh_installmanpages - # dh_installchangelogs @top_srcdir@/docs/Changelog - dh_link - dh_strip - dh_compress - dh_fixperms - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb + -rm -f `pwd`/debian/@install_name@/@sbindir@/@install_name@_stealth + # remove samhain_setpwd if not needed + if ! test x$(PASSWORD) = x; then \ + rm -f `pwd`/debian/@install_name@/@sbindir@/@install_name@_setpwd; \ + fi + +override_dh_installdocs: + # do nothing + +override_dh_installchangelogs: + # do nothing +override_dh_installman: + # do nothing -define checkdir - test -f debian/rules -endef +override_dh_installinit: + dh_installinit --no-start -- defaults 19 + +override_dh_usrlocal: + # do nothing + +override_dh_fixperms: + dh_fixperms + # Fix the permissions + chmod o-rX `pwd`/debian/@install_name@/@mydataroot@ \ + `pwd`/debian/@install_name@/@myrpmconffile@ + if ! test "x@mylogdir@" = "x/var/log"; then \ + chmod o-rX `pwd`/debian/@install_name@/@mylogdir@; \ + fi -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install diff --git a/rules.deb.in b/rules.deb.in index 32cc550..f3aaee9 100644 --- a/rules.deb.in +++ b/rules.deb.in @@ -7,25 +7,20 @@ # Modified to use mydefargs by Rainer Wichmann. # -# Uncomment this to turn on verbose mode. -#export DH_VERBOSE=1 +%: + dh $@ --with-autoreconf -# This is the debhelper compatability version to use. -export DH_COMPAT=4 - -package=@install_name@ - -# CAVEAT: including the --enable-base= option is for packages to be -# distributed INTERNALLY on your network, NOT for packages -# to be distributed to THIRD PARTIES +override_dh_clean: + [ ! -f Makefile ] || $(MAKE) distclean + -rm -f samhainrc.install + -rm -f build-stamp build-server-stamp build-client-stamp + dh_clean -build: build-stamp -build-stamp: - dh_testdir +override_dh_auto_configure: @top_srcdir@/configure @mydefargs@ - $(MAKE) - echo '#!/bin/sh' > ./sstrip - echo 'echo "*** SSTRIP DISABLED ***"' >> ./sstrip + +override_dh_auto_build: + dh_auto_build if ! test x$(PASSWORD) = x; then \ if test -f samhain_setpwd; then \ ./samhain_setpwd samhain new $(PASSWORD); \ @@ -33,102 +28,39 @@ build-stamp: mv samhain.new samhain; \ fi; \ fi - touch build-stamp - -clean: - dh_testdir - dh_testroot - rm -f build-stamp - -[ -f Makefile ] && $(MAKE) distclean - dh_clean - -install: build - dh_testdir - dh_testroot - dh_clean -k - dh_installdirs - # Fix the permissions - #chmod o-rX `pwd`/debian/tmp/var/log/samhain \ - # `pwd`/debian/tmp/var/run/samhain \ - # `pwd`/debian/tmp/var/lib/samhain \ - # `pwd`/debian/tmp/etc/samhain - - # $(MAKE) install install-boot DESTDIR=`pwd`/debian/tmp +override_dh_auto_install: $(MAKE) install install-boot DESTDIR=`pwd`/debian/@install_name@ +override_dh_install: # However, remove the rc.d links - -rm -rf `pwd`/debian/tmp/etc/rc?.d - - # install -m 755 encode `pwd`/debian/tmp/usr/bin/samhain_encode + -rm -rf `pwd`/debian/@install_name@/etc/rc?.d - # install -m 644 profiles/debianlinux_i386/samhainrc `pwd`/debian/tmp@myconffile@ - # install -m 644 debian/samhain.logrotate `pwd`/debian/tmp/etc/logrotate.d/samhain - -# Build architecture-independent files here. -binary-indep: build install -# We have nothing to do by default. - - -# Build architecture-dependent files here. -binary-arch: build install -# dh_testversion - dh_testdir - dh_testroot - dh_installdebconf - dh_installdocs +override_dh_installdocs: + dh_installdocs [ -f debian/@install_name@/usr/share/doc/@install_name@/MANUAL-2_4.html.tar ] && \ cd debian/@install_name@/usr/share/doc/@install_name@ && \ tar xf MANUAL-2_4.html.tar && mv MANUAL-2_4 manual.html && \ - rm -f MANUAL-2_4.html.tar && \ + rm -f MANUAL-2_4.html.tar + [ -f debian/@install_name@/usr/share/doc/@install_name@/MANUAL-2_4.pdf ] && \ + cd debian/@install_name@/usr/share/doc/@install_name@ && \ mv MANUAL-2_4.pdf manual.pdf - dh_installexamples @top_srcdir@/scripts/example_pager.pl \ - @top_srcdir@/scripts/example_sms.pl \ - @top_srcdir@/scripts/concat.pl \ - @top_srcdir@/scripts/samhain.logrotator \ - @top_srcdir@/scripts/samhainadmin.pl \ - @top_srcdir@/scripts/check_samhain.pl \ - @top_srcdir@/yulerc.template \ - @top_srcdir@/samhainrc.linux - dh_installmenu - dh_installinit -- defaults 19 - [ -f debian/@install_name@.postinst.debhelper ] && \ - cd debian && \ - cat @install_name@.postinst.debhelper | \ - sed 's%/etc/init.d/@install_name@ start%:%' > postinst.tmp && \ - mv postinst.tmp @install_name@.postinst.debhelper - [ -f debian/@install_name@.postinst.debhelper ] && \ - cd debian && \ - cat @install_name@.postinst.debhelper | \ - sed 's%invoke-rc.d @install_name@ start%:%' > postinst.tmp && \ - mv postinst.tmp @install_name@.postinst.debhelper - [ -f debian/@install_name@.prerm.debhelper ] && \ - cd debian && \ - cat @install_name@.prerm.debhelper | \ - sed 's%/etc/init.d/@install_name@ stop%/etc/init.d/@install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ - mv prerm.tmp @install_name@.prerm.debhelper - [ -f debian/@install_name@.prerm.debhelper ] && \ - cd debian && \ - cat @install_name@.prerm.debhelper | \ - sed 's%invoke-rc.d @install_name@ stop%invoke-rc.d @install_name@ stop || echo service @install_name@ already stopped%' > prerm.tmp && \ - mv prerm.tmp @install_name@.prerm.debhelper - # dh_installmanpages - dh_installchangelogs @top_srcdir@/docs/Changelog - dh_link - dh_strip - dh_compress - dh_fixperms - dh_installdeb - dh_shlibdeps - dh_gencontrol - dh_md5sums - dh_builddeb +override_dh_installchangelogs: + dh_installchangelogs docs/Changelog -define checkdir - test -f debian/rules -endef +override_dh_installinit: + dh_installinit --no-start -- defaults 19 -binary: binary-indep binary-arch -.PHONY: build clean binary-indep binary-arch binary install +override_dh_usrlocal: + # do nothing + +override_dh_fixperms: + dh_fixperms + # Fix the permissions + chmod o-rX `pwd`/debian/@install_name@/@mydataroot@ \ + `pwd`/debian/@install_name@/@myrpmconffile@ + if ! test "x@mylogdir@" = "x/var/log"; then \ + chmod o-rX `pwd`/debian/@install_name@/@mylogdir@; \ + fi diff --git a/samhain-install.sh.in b/samhain-install.sh.in index 195dfe1..fa7b1a9 100644 --- a/samhain-install.sh.in +++ b/samhain-install.sh.in @@ -892,7 +892,7 @@ then rc_main=/etc/init.d rc_dirz= rc_inst="/usr/lib/lsb/install_initd /etc/init.d/@install_name@" - rc_uinst="/usr/lib/lsb/remove_initd /etc/init.d/@install_name@" + rc_uinst="test -f /etc/init.d/@install_name@ && /usr/lib/lsb/remove_initd /etc/init.d/@install_name@" else rc_inst= rc_uinst= @@ -1031,6 +1031,15 @@ then exit 1 fi + rc_systemd= + if command -v pkg-config >/dev/null 2>&1 + then + if pkg-config --exists systemd >/dev/null 2>&1 + then + rc_systemd=`pkg-config --variable=systemdsystemunitdir systemd` + fi + fi + if test x"${act}" = xboot then @@ -1105,6 +1114,33 @@ then eval ${rc_inst} fi fi + + if test x"${rc_systemd}" != x + then + if test x"$DESTDIR" = x + then + : + else + ${mkinstalldirs} ${DESTDIR}/${rc_systemd} + fi + if test -f init/samhain.startSystemd + then + servicescript=init/samhain.startSystemd + elif test -f samhain.startSystemd + then + servicescript=samhain.startSystemd + else + echo "${0}: cannot find samhain.startSystemd in ./ or ./init" + fi + if test -f ${DESTDIR}/${rc_systemd}/${samhain}.service && test x"$force" != xyes + then + echo " ${DESTDIR}/${rc_systemd}/${samhain}.service exists ... not overwritten (or use --force)" + else + test -z "$verbose" || echo " installing ${servicescript} as ${DESTDIR}/${rc_systemd}/${samhain}.service" + ${INSTALL_DATA} ${servicescript} "${DESTDIR}/${rc_systemd}/${samhain}.service" + fi + fi + echo "installing init scripts completed" fi @@ -1122,14 +1158,20 @@ then for ff in $rlv do test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" - rm -f ${rc_dirz}${ff}.d/S99${samhain} + rm -f "${rc_dirz}${ff}.d/S99${samhain}" test -z "$verbose" || echo " rm -f ${rc_dirz}${ff}.d/S99${samhain}" - rm -f ${rc_dirz}${ff}.d/K10${samhain} + rm -f "${rc_dirz}${ff}.d/K10${samhain}" done fi test -z "$verbose" || echo " rm -f ${rc_main}/${samhain}" - rm -f ${rc_main}/${samhain} + rm -f "${rc_main}/${samhain}" + + if test x"${rc_systemd}" != x + then + test -z "$verbose" || echo " rm -f ${rc_systemd}/${samhain}.service" + rm -f "${rc_systemd}/${samhain}.service" + fi echo " uninstalling init scripts completed" fi @@ -1297,6 +1339,7 @@ then CONVERT= GPGPATH=@mygpg@ + SIGNIFY_PATH=@mysignify@ TARGETKEYID=@mykeyid@ KEYTAG=@mykeytag@ @@ -1374,6 +1417,42 @@ then echo "**********************************************************" cp ${RCFILE} samhainrc.pre fi + elif test x"${SIGNIFY_PATH}" != x + then + echo + echo "You need to sign the config file now" + echo + test -z "$verbose" || echo " ${SIGNIFY_PATH} -Se -s ~/.signify/samhain.sec -m $RCFILE" + if test x"${NTEST}" = "x-DSH_WITH_SERVER" + then + myident_uid=`(cat /etc/passwd; ypcat passwd) 2>/dev/null |\ + grep "^${samhain}:" | awk -F: '{ print $3; }'` + if test x"${myident_uid}" != x + then + DOT_SIGNIFY=`eval echo ~${samhain}/.signify` + test -z "$verbose" || echo " using home directory ${DOT_SIGNIFY}" + ${SIGNIFY_PATH} -Se -s ${DOT_GNUPG}/samhain.sec $RCFILE + else + ${SIGNIFY_PATH} -Se -s ~/.signify/samhain.sec -m $RCFILE + fi + else + ${SIGNIFY_PATH} -Se -s ~/.signify/samhain.sec -m $RCFILE + fi + + if test -f ${RCFILE}.sig + then + test -z "$verbose" || echo " mv -f ${RCFILE}.sig samhainrc.pre" + mv -f ${RCFILE}.sig samhainrc.pre + else + echo "**********************************************************" + echo + echo "${0}: ERROR: cannot find signed file ${RCFILE}.sig" + echo + echo " --- You need to sign the configuration file ---" + echo + echo "**********************************************************" + cp ${RCFILE} samhainrc.pre + fi else test -z "$verbose" || echo " cp $RCFILE samhainrc.pre" cp $RCFILE samhainrc.pre diff --git a/samhain.spec b/samhain.spec index 41e2b43..014f831 100644 --- a/samhain.spec +++ b/samhain.spec @@ -5,7 +5,7 @@ Summary: File integrity and host-based IDS Name: samhain -Version: 4.1.4 +Version: 4.4.10 Release: 1 License: GPL Group: System Environment/Base @@ -13,7 +13,11 @@ Source: samhain-%{version}.tar.gz BuildRoot: %{_tmppath}/samhain-%{version}-root Packager: Andre Oliveira da Costa <brblueser@uol.com.br> Provides: %{name} +%if 0%{?suse_version} +Requires(pre): shadow +%else Requires(pre): shadow-utils +%endif # dummy (fix configure warning) # datarootdir = @datarootdir@ @@ -65,10 +69,10 @@ for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done # # configure with the user-supplied arguments to './configure' # -./configure --enable-base=6365215,1343398076 +./configure --enable-base=1446395499,305967056 make %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" -%if 0%{?password} +%if "%{password}" != "" ./samhain_setpwd samhain new %{password} mv samhain samhain.old mv samhain.new samhain @@ -87,7 +91,7 @@ make DESTDIR=${RPM_BUILD_ROOT} install # copy script files to /var/lib/samhain so that we can use them right # after the package is installed # -install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}/var/lib/samhain +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB init/samhain.startSystemd ${RPM_BUILD_ROOT}/var/lib/samhain # # file list (helpful advice from Lars Kellogg-Stedman) # @@ -110,19 +114,13 @@ fi exit 0 %post -if test "x@sh_lkm@" = x; then - : -else - if test -f /sbin/depmod; then - /sbin/depmod -a - fi -fi if [ "$1" -ge 1 ]; then # Activate boot-time start up cd /var/lib/samhain /bin/sh ./samhain-install.sh --verbose install-boot rm -f ./samhain.startLSB rm -f ./samhain.startLinux + rm -f ./samhain.startSystemd if [ -f /usr/local/sbin/samhain_stealth ]; then rm -f samhain-install.sh fi @@ -188,8 +186,12 @@ fi %files -f sh_file_list %defattr(-,root,root) -%dir /run -%dir /var/log +%if "/run" != "/run" || "/run" != "/var/run" + %dir /run +%endif +%if "/var/log" != "/var/log" + %dir /var/log +%endif %doc docs/BUGS COPYING docs/Changelog %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README* /var/lib/samhain @@ -201,6 +203,8 @@ fi %endif %if "%{withpwd_prg}" == "xDSH_WITH_SERVER" /usr/local/sbin/samhainctl + /usr/local/sbin/samhainadmin-sig.pl + /usr/local/sbin/samhainadmin-gpg.pl %exclude /usr/local/sbin/samhain_setpwd %endif %attr(644,root,root) /usr/local/man/man5/samhain* @@ -213,6 +217,18 @@ fi %config(noreplace) /etc/samhainrc %changelog +* Tue Jul 28 2020 Rainer Wichmann +- fix bogus date +- fix for recent split into samhainadmin-gpg.pl, samhainadmin-sig.pl + +* Wed May 01 2019 Rainer Wichmann +- remove obsolete part fpr sh_lkm +- add fixes by Franky Van L. (password, directory ownership) + +* Mon Dec 18 2017 Rainer Wichmann +- patch for SLES12 by Pirmin +- fix missing yuleadmin.pl file + * Tue Oct 23 2012 Rainer Wichmann - fixes for yule installation @@ -251,7 +267,7 @@ fi - Fixed typo in samhain.spec - Compiled on RedHat Enterprise Linux ES 3 -* Thu Mar 26 2003 Rainer Wichmann +* Wed Mar 26 2003 Rainer Wichmann - strip REQ_FROM_SERVER in config file path (%config(noreplace) ...) * Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de> diff --git a/samhain.spec.in b/samhain.spec.in index d73ea55..2dbc439 100644 --- a/samhain.spec.in +++ b/samhain.spec.in @@ -13,7 +13,11 @@ Source: samhain-%{version}.tar.gz BuildRoot: %{_tmppath}/samhain-%{version}-root Packager: Andre Oliveira da Costa <brblueser@uol.com.br> Provides: %{name} +%if 0%{?suse_version} +Requires(pre): shadow +%else Requires(pre): shadow-utils +%endif # dummy (fix configure warning) # datarootdir = @datarootdir@ @@ -68,7 +72,7 @@ for i in `seq 6` %{?_with_gpg:7}; do ./test/test.sh $i; done ./configure @mydefargs@ make %if "%{withpwd_prg}" == "xDSH_WITH_CLIENT" -%if 0%{?password} +%if "%{password}" != "" ./samhain_setpwd samhain new %{password} mv samhain samhain.old mv samhain.new samhain @@ -87,7 +91,7 @@ make DESTDIR=${RPM_BUILD_ROOT} install # copy script files to /var/lib/samhain so that we can use them right # after the package is installed # -install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB ${RPM_BUILD_ROOT}@mydataroot@ +install -m 700 samhain-install.sh init/samhain.startLinux init/samhain.startLSB init/samhain.startSystemd ${RPM_BUILD_ROOT}@mydataroot@ # # file list (helpful advice from Lars Kellogg-Stedman) # @@ -110,19 +114,13 @@ fi exit 0 %post -if test "x@sh_lkm@" = x; then - : -else - if test -f /sbin/depmod; then - /sbin/depmod -a - fi -fi if [ "$1" -ge 1 ]; then # Activate boot-time start up cd @mydataroot@ /bin/sh ./samhain-install.sh --verbose install-boot rm -f ./samhain.startLSB rm -f ./samhain.startLinux + rm -f ./samhain.startSystemd if [ -f @sbindir@/@install_name@_stealth ]; then rm -f samhain-install.sh fi @@ -188,8 +186,12 @@ fi %files -f sh_file_list %defattr(-,root,root) -%dir @mylockdir@ -%dir @mylogdir@ +%if "@mylockdir@" != "/run" || "@mylockdir@" != "/var/run" + %dir @mylockdir@ +%endif +%if "@mylogdir@" != "/var/log" + %dir @mylogdir@ +%endif %doc docs/BUGS COPYING docs/Changelog %doc LICENSE docs/FAQ.html docs/HOWTO* docs/MANUAL-2_4.* docs/README* @mydataroot@ @@ -201,6 +203,8 @@ fi %endif %if "%{withpwd_prg}" == "xDSH_WITH_SERVER" @sbindir@/@install_name@ctl + @sbindir@/@install_name@admin-sig.pl + @sbindir@/@install_name@admin-gpg.pl %exclude @sbindir@/@install_name@_setpwd %endif %attr(644,root,root) @mandir@/man5/@install_name@* @@ -213,6 +217,18 @@ fi %config(noreplace) @myrpmconffile@ %changelog +* Tue Jul 28 2020 Rainer Wichmann +- fix bogus date +- fix for recent split into samhainadmin-gpg.pl, samhainadmin-sig.pl + +* Wed May 01 2019 Rainer Wichmann +- remove obsolete part fpr sh_lkm +- add fixes by Franky Van L. (password, directory ownership) + +* Mon Dec 18 2017 Rainer Wichmann +- patch for SLES12 by Pirmin +- fix missing yuleadmin.pl file + * Tue Oct 23 2012 Rainer Wichmann - fixes for yule installation @@ -251,7 +267,7 @@ fi - Fixed typo in samhain.spec - Compiled on RedHat Enterprise Linux ES 3 -* Thu Mar 26 2003 Rainer Wichmann +* Wed Mar 26 2003 Rainer Wichmann - strip REQ_FROM_SERVER in config file path (%config(noreplace) ...) * Sun Jan 12 2003 Rainer Wichmann <support at la-samhna dot de> diff --git a/scripts/makeself/makeself.sh b/scripts/makeself/makeself.sh index 0859fd0..0428fa4 100755 --- a/scripts/makeself/makeself.sh +++ b/scripts/makeself/makeself.sh @@ -292,7 +292,8 @@ DATE=`LC_ALL=C date` echo About to compress $USIZE KB of data... echo Adding files to archive named \"$archname\"... (cd "$archdir"; tar $TAR_ARGS - * | eval "$GZIP_CMD" ) >> "$tmpfile" || { echo Aborting; rm -f "$tmpfile"; exit 1; } -echo >> "$tmpfile" >&- # try to close the archive +# The following command seems both superfluous and causing an 'I/O error' message +# echo >> "$tmpfile" >&- # try to close the archive fsize=`cat "$tmpfile" | wc -c | tr -d " "` diff --git a/scripts/samhainadmin.pl.in b/scripts/samhainadmin-gpg.pl.in index 661c267..661c267 100755 --- a/scripts/samhainadmin.pl.in +++ b/scripts/samhainadmin-gpg.pl.in diff --git a/scripts/samhainadmin-sig.pl.in b/scripts/samhainadmin-sig.pl.in new file mode 100755 index 0000000..10bb6ea --- /dev/null +++ b/scripts/samhainadmin-sig.pl.in @@ -0,0 +1,636 @@ +#! /usr/bin/perl + +# Copyright Rainer Wichmann (2004) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +use warnings; +use strict; +use Getopt::Long; +use File::Basename; +use File::Copy; +use File::stat; +use File::Temp qw/ tempfile tempdir unlink0 /; +use IO::Handle; +use Fcntl qw(:DEFAULT :flock); +use Tie::File; + +# Do I/O to the data file in binary mode (so it +# wouldn't complain about invalid UTF-8 characters). +use bytes; + +File::Temp->safe_level( File::Temp::HIGH ); + +my %opts = (); +my $action; +my $file1; +my $file2; +my $passphrase; +my $secretkey; +my $return_from_sign = 0; +my $no_print_examine = 0; +my $no_remove_lock = 0; +my $base = basename($0); + +my $cfgfile = "@myconffile@"; +my $datafile = "@mydatafile@"; +my $daemon = "@sbindir@/@install_name@"; +my $signify = "@mysignify@"; + +my $SIGDIR = "$ENV{'HOME'}/.signify"; +my $KEYID = "@install_name@"; + +$cfgfile =~ s/^REQ_FROM_SERVER//; +$datafile =~ s/^REQ_FROM_SERVER//; + +$signify = "signify-openbsd" if ($signify eq ""); + +sub usage() { + print "Usage:\n"; + print " $base { -m F | --create-cfgfile } [options] [in.cfgfile]\n"; + print " Sign the configuration file. If in.cfgfile is given, sign it\n"; + print " and install it as configuration file.\n\n"; + + print " $base { -m f | --print-cfgfile } [options] \n"; + print " Print the configuration file to stdout. Signatures are removed.\n\n"; + + print " $base { -m D | --create-datafile } [options] [in.datafile]\n"; + print " Sign the database file. If in.datafile is given, sign it\n"; + print " and install it as database file.\n\n"; + + print " $base { -m d | --print-datafile } [options] \n"; + print " Print the database file to stdout. Signatures are removed. Use\n"; + print " option --list to list files in database rather than printing the raw file.\n\n"; + + print " $base { -m R | --remove-signature } [options] file1 [file2 ...]\n"; + print " Remove cleartext signature from input file(s). The file\n"; + print " is replaced by the non-signed file.\n\n"; + + print " $base { -m E | --sign } [options] file1 [file2 ...]\n"; + print " Sign file(s) with a cleartext signature. The file\n"; + print " is replaced by the signed file.\n\n"; + + print " $base { -m e | --examine } [options] file1 [file2 ...]\n"; + print " Report signature status of file(s).\n\n"; + + print " $base { -m G | --generate-keys } [options] \n"; + print " Generate a signify keypair to use for signing.\n\n"; + + print "Options:\n"; + print " -c cfgfile --cfgfile cfgfile\n"; + print " Select an alternate configuration file.\n\n"; + + print " -d datafile --datafile datafile\n"; + print " Select an alternate database file.\n\n"; + + print " -p passphrase --passphrase passphrase\n"; + print " Set the passphrase for signify. By default, signify will ask.\n\n"; + + print " -s signify_dir --signify-dir signify_dir\n"; + print " Select an alternate directory to locate the secret keyring.\n"; + print " Will use '$ENV{'HOME'}/.signify/' by default.\n\n"; + + print " -k keyid --keyid keyid\n"; + print " Select the keyid to use for signing.\n\n"; + + print " -l --list\n"; + print " List the files in database rather than printing the raw file.\n\n"; + + print " -v --verbose\n"; + print " Verbose output.\n\n"; + return; +} + +sub check_signify_uid () { + if (0 != $>) { + print "--------------------------------------------------\n"; + print "\n"; + print " You are not root. Please remember that samhain/yule\n"; + print " will use the public key of root to verify a signature.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } else { + if (!("@yulectl_prg@" =~ //)) { + print "--------------------------------------------------\n"; + print "\n"; + print " Please remember that yule will drop root after startup. Signature\n"; + print " verification on SIGHUP will fail if you do not import the public key\n"; + print " into the ~/.signify/ directory of the non-root yule user.\n"; + print "\n"; + print "--------------------------------------------------\n"; + } + } +} + +sub check_signify_sign () { + if ( defined($secretkey)) { + if ( (!-d "$secretkey")){ + print "--------------------------------------------------\n"; + print "\n"; + print " Secret key $secretkey not found!\n"; + print "\n"; + print " Please check the path/name of the alternate secret key.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } + } else { + if ( (!-d "$SIGDIR") || (!-e "${SIGDIR}/${KEYID}.sec")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$SIGDIR") { + print " Directory $SIGDIR not found!\n"; + } else { + print " Secret key ${SIGDIR}/${KEYID}.sec not found!\n"; + } + print "\n"; + print " This indicates that you have never created a \n"; + print " public/private keypair, and thus cannot sign.\n"; + print " \n"; + print " Please use $0 --generate-keys or\n"; + print " $signify -G -s ${SIGDIR}/${KEYID}.sec -p ${SIGDIR}/${KEYID}.pub\n"; + print " to generate a public/private keypair first.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } + } +} + +sub check_signify_verify () { + if ( (!-d "${SIGDIR}") || (!-e "${SIGDIR}/${KEYID}.pub")) { + print "--------------------------------------------------\n"; + print "\n"; + if (!-d "$SIGDIR") { + print " Directory $SIGDIR not found!\n"; + } else { + print " Public key ${SIGDIR}/${KEYID}.pub not found!\n"; + } + print "\n"; + print " This indicates that you have no public key\n"; + print " to verify signatures.\n"; + print " \n"; + print " Please copy the public key ${KEYID}.pub of\n"; + print " the user who is signing the configuration/database files\n"; + print " into the directory $SIGDIR.\n"; + print "\n"; + print "--------------------------------------------------\n"; + print "\n"; + exit; + } +} + + +sub generate () { + my $command = "$signify -G -s ${SIGDIR}/${KEYID}.sec -p ${SIGDIR}/${KEYID}.pub"; + if (!-d "${SIGDIR}") { + unless(mkdir "$SIGDIR", 0750) { + die "Creating directory $SIGDIR failed: $?"; + } + } + check_signify_uid(); + system ($command) == 0 + or die "system $command failed: $?"; + exit; +} + +sub examine () { + my $iscfg = 0; + my $have_fp = 0; + my $have_sig = 0; + my $message = ''; + my $retval = 9; + my $fh; + my $filename; + + if (!($file1 =~ /^\-$/)) { + die ("Cannot open $file1 for read: $!") unless ((-e $file1) && (-r _)); + } + open FIN, "<$file1" or die "Cannot open $file1 for read: $!"; + + my $dir = tempdir( CLEANUP => 1 ); + $filename = $dir . "/exa_jhfdbilw." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + autoflush $fh 1; + + while (<FIN>) { + print $fh $_; + if ($_ =~ /^\s*\[Misc\]/) { + $iscfg = 1; + } + } + if ($iscfg == 1) { + $message .= "File $file1 is a configuration file\n\n"; + } else { + $message .= "File $file1 is a database file\n\n"; + } + + + my $command = "$signify -Vem /dev/null -p ${SIGDIR}/${KEYID}.pub "; + $command .= "-x $filename "; + if (defined($opts{'v'})) { + $command .= "2>&1"; + } else { + $command .= "2>/dev/null"; + } + + print STDOUT "Using: $command\n\n" if (defined($opts{'v'})); + open SIGIN, "$command |" or die "Cannot fork: $!"; + + while (<SIGIN>) { + chomp ($_); + if ($_ =~ /^Signature Verified$/) { + $message .= "GOOD signature with key: ${SIGDIR}/${KEYID}.pub\n"; + $have_sig = 1; + $retval = 0; + } + print STDOUT $_ if (defined($opts{'v'})); + } + close (SIGIN); + print STDOUT "\n" if (defined($opts{'v'})); + if ($have_sig == 0) { + $message .= "NO valid signature found\n"; + } + close (FIN); + if ($no_print_examine == 0) { + print STDOUT $message; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return $retval; +} + +sub wstrip ($) { + $_ = shift; + $_ =~ s/\s+//g; + return $_; +} + +sub remove () { + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $filename = ""; + my $fh; + my $stats; + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + if (!($file1 =~ /^\-$/)) { + flock(FH, LOCK_EX) unless ($no_remove_lock == 1); + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename = $dir . "/rem_iqegBCQb." . $$; + open $fh, ">$filename" or die "Cannot open $filename"; + $stats = stat($file1); + } else { + open $fh, ">$file1" or die "Cannot open file $file1 for write: $!"; + } + autoflush $fh 1; + while (<FH>) { + if ($_ =~ /^untrusted comment: /) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && (wstrip($_) =~ m{^(?: [A-Za-z0-9+/]{4} )*(?:[A-Za-z0-9+/]{2} [AEIMQUYcgkosw048]=|[A-Za-z0-9+/][AQgw]==)?$}xm )) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif (($sigstart == 1) && ($bodystart == 0)) { + # comment NOT followed by signature + $sigstart = 0; + next; + } + + if ($bodystart == 1) { + print $fh $_; + } + } + if (!($file1 =~ /^\-$/)) { + copy("$filename", "$file1") + or die "Copy $filename to $file1 failed: $!"; + chmod $stats->mode, $file1; + chown $stats->uid, $stats->gid, $file1; + flock(FH, LOCK_UN) unless ($no_remove_lock == 1); + close FH; + } + unlink0( $fh, $filename ) or die "Cannot unlink $filename safely"; + return; +} + +sub print_cfgfile () { + my $bodystart = 0; + my $sigstart = 0; + + if (!defined($file2)) { + $file2 = '-'; + } + + open FH, "<$file1" or die "Cannot open file $file1 for read: $!"; + open FO, ">$file2" or die "Cannot open file $file2 for write: $!"; + while (<FH>) { + if ($_ =~ /^untrusted comment: /) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && (wstrip($_) =~ m{^(?: [A-Za-z0-9+/]{4} )*(?:[A-Za-z0-9+/]{2} [AEIMQUYcgkosw048]=|[A-Za-z0-9+/][AQgw]==)?$}xm )) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif (($sigstart == 1) && ($bodystart == 0)) { + # comment NOT followed by signature + $sigstart = 0; + next; + } + if ($bodystart == 1) { + print FO $_; + } + } + exit; +} + +sub print_datafile () { + die ("Cannot find program $daemon") + unless (-e $daemon); + if (defined($opts{'v'})) { + open FH, "$daemon --full-detail -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } else { + open FH, "$daemon -d $datafile |" + or die "Cannot open datafile $datafile for read: $!"; + } + while (<FH>) { + print $_; + } + exit; +} + +sub sign_file () { + + my $fileout = ''; + my $bodystart = 1; + my $sigstart = 0; + my $sigend = 0; + my $stats; + my $fh1; + my $filename1; + my $flag1 = 0; + + check_signify_uid(); + + if (!defined($file2)) { + $file2 = $file1; + } + + if ($file1 =~ /^\-$/) { + my $dir = tempdir( CLEANUP => 1 ) or die "Tempdir failed"; + $filename1 = $dir . "/sig_vs8827sd." . $$; + open $fh1, ">$filename1" or die "Cannot open $filename1"; + $flag1 = 1; + # my ($fh1, $filename1) = tempfile(UNLINK => 1); + + while (<STDIN>) { + if ($_ =~ /^untrusted comment: /) { + $sigstart = 1; + $bodystart = 0; + next; + } elsif (($sigstart == 1) && (wstrip($_) =~ m{^(?: [A-Za-z0-9+/]{4} )*(?:[A-Za-z0-9+/]{2} [AEIMQUYcgkosw048]=|[A-Za-z0-9+/][AQgw]==)?$}xm )) { + $sigstart = 0; + $bodystart = 1; + next; + } elsif (($sigstart == 1) && ($bodystart == 0)) { + #comment NOT followed by signature + $sigstart = 0; + next; + } + + if ($bodystart == 1) { + print $fh1 $_; + } + } + $file1 = $filename1; + $fileout = '-'; + } else { + open (LOCKFILE, "<$file1") or die "Cannot open $file1: $!"; + flock(LOCKFILE, LOCK_EX); + $no_print_examine = 1; + $no_remove_lock = 1; + if (examine() < 2) { + remove(); + } + $fileout = $file1 . ".sig"; + $stats = stat($file1) + or die "No file $file1: $!"; + } + + my $command = "$signify -Se "; + $command .= "-s ${SIGDIR}/${KEYID}.sec "; + $command .= "-x ${fileout} "; + $command .= "-m $file1"; + + if (defined($passphrase)) { + local $SIG{PIPE} = 'IGNORE'; + open (FH, "|$command") or die "can't fork: $!"; + print FH "$passphrase" or die "can't write: $!"; + close FH or die "can't close: status=$?"; + } else { + system("$command") == 0 + or die "system $command failed: $?"; + } + + if (!($fileout =~ /^\-$/)) { + my $st_old = stat($file1) + or die "No file $file1: $!"; + my $st_new = stat($fileout) + or die "No file $fileout: $!"; + die ("Signed file is smaller than unsigned file") + unless ($st_new->size > $st_old->size); + move("$fileout", "$file2") + or die "Move $fileout to $file2 failed: $!"; + chmod $stats->mode, $file2; + chown $stats->uid, $stats->gid, $file2; + flock(LOCKFILE, LOCK_UN); + } + + if ($flag1 == 1) { + unlink0( $fh1, $filename1 ) or die "Cannot unlink $filename1 safely"; + } + if ($return_from_sign == 1) { + return; + } + exit; +} + +Getopt::Long::Configure ("posix_default"); +Getopt::Long::Configure ("bundling"); +# Getopt::Long::Configure ("debug"); + +GetOptions (\%opts, 'm=s', 'h|help', 'v|verbose', 'l|list', + 'c|cfgfile=s', + 'd|datafile=s', + 'p|passphrase=s', + 's|secretkey=s', + 'k|keyid=s', + 'create-cfgfile', # -m F + 'print-cfgfile', # -m f + 'create-datafile', # -m D + 'print-datafile', # -m d + 'remove-signature',# -m R + 'sign', # -m E + 'examine', # -m e + 'generate-keys'); # -m G + +if (defined ($opts{'h'})) { + usage(); + exit; +} + +if (defined($opts{'k'})) { + $KEYID = $opts{'k'}; +} +if (defined($opts{'c'})) { + $cfgfile = $opts{'c'}; +} +if (defined($opts{'d'})) { + $datafile = $opts{'d'}; +} +if (defined($opts{'p'})) { + $passphrase = $opts{'p'}; +} +if (defined($opts{'s'})) { + $SIGDIR = $opts{'s'}; +} + +if (defined ($opts{'m'}) && ($opts{'m'} =~ /[FfDdREeG]{1}/) ) { + $action = $opts{'m'}; +} +elsif (defined ($opts{'create-cfgfile'})) { + $action = 'F'; +} +elsif (defined ($opts{'print-cfgfile'})) { + $action = 'f'; +} +elsif (defined ($opts{'create-datafile'})) { + $action = 'D'; +} +elsif (defined ($opts{'print-datafile'})) { + $action = 'd'; +} +elsif (defined ($opts{'remove-signature'})) { + $action = 'R'; +} +elsif (defined ($opts{'sign'})) { + $action = 'E'; +} +elsif (defined ($opts{'examine'})) { + $action = 'e'; +} +elsif (defined ($opts{'generate-keys'})) { + $action = 'G'; +} +else { + usage(); + die ("No valid action specified !"); +} + +if (defined($ARGV[0])) { + $file1 = $ARGV[0]; +} +if (defined($ARGV[1])) { + $file2 = $ARGV[1]; +} + + +if (($action =~ /[REe]{1}/) && !defined($file1)) { + usage(); + die("Option -m $action requires a filename (or '-' for stdio)\n"); +} + +if ($action =~ /^F$/) { + if (!defined($file1)) { + $file1 = $cfgfile; + } + $file2 = $cfgfile; + sign_file (); +} + +if ($action =~ /^D$/) { + if (!defined($file1)) { + $file1 = $datafile; + } + $file2 = $datafile; + sign_file (); +} + +if ($action =~ /^R$/) { + # $file1 defined + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + remove (); + ++$i; + } +} + +if ($action =~ /^E$/) { + # $file1 defined + # default: $file2 = $file1 + check_signify_sign(); + my $i = 0; + while (defined($ARGV[$i])) { + $file1 = $ARGV[$i]; + $file2 = $file1; + $return_from_sign = 1; + sign_file (); + ++$i; + } +} + +if ($action =~ /^e$/) { + # $file1 defined + # default: $file2 = stdout + check_signify_verify(); + my $i = 0; + my $ret = 0; + while (defined($ARGV[$i])) { + print "\n"; + $file1 = $ARGV[$i]; + $ret += examine (); + ++$i; + print "\n--------------------------------\n" if (defined($ARGV[$i])); + } + exit($ret); +} + +if ($action =~ /^f$/) { + $file1 = $cfgfile; + $file2 = "-"; + print_cfgfile (); +} + +if ($action =~ /^d$/) { + # $file1 irrelevant + if (defined($opts{'l'})) { + print_datafile (); + } else { + $file1 = $datafile; + $file2 = "-"; + print_cfgfile (); + } +} + + + diff --git a/scripts/yuleadmin.pl.in b/scripts/yuleadmin.pl.in index d63e960..41b9e6b 100755 --- a/scripts/yuleadmin.pl.in +++ b/scripts/yuleadmin.pl.in @@ -37,18 +37,11 @@ my $outfile; my $verbose; my $base = basename($0); -#my $cfgfile = "yulerc"; -#my $yule = "./yule"; -#my $gpg = "/usr/bin/gpg"; - my $cfgfile = "@myconffile@"; my $yule = "@sbindir@/@install_name@"; -my $gpg = "@mygpg@"; $cfgfile =~ s/^REQ_FROM_SERVER//; -$gpg = "gpg" if ($gpg eq ""); - sub usage() { print <<__END_OF_TEXT__ Usage: diff --git a/sql_init/samhain.mysql.init b/sql_init/samhain.mysql.init index f852384..7826578 100644 --- a/sql_init/samhain.mysql.init +++ b/sql_init/samhain.mysql.init @@ -1,6 +1,4 @@ CREATE DATABASE samhain; -USE mysql; -INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES ('localhost','samhain','','N','Y','N','N','N','N'); USE samhain; CREATE TABLE samhain.log ( log_index BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY, diff --git a/src/#sh_unix.c# b/src/#sh_unix.c# deleted file mode 100644 index 695d46f..0000000 --- a/src/#sh_unix.c# +++ /dev/null @@ -1,5710 +0,0 @@ -/* SAMHAIN file system integrity testing */ -/* Copyright (C) 1999 Rainer Wichmann */ -/* */ -/* This program is free software; you can redistribute it */ -/* and/or modify */ -/* it under the terms of the GNU General Public License as */ -/* published by */ -/* the Free Software Foundation; either version 2 of the License, or */ -/* (at your option) any later version. */ -/* */ -/* This program is distributed in the hope that it will be useful, */ -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ -/* GNU General Public License for more details. */ -/* */ -/* You should have received a copy of the GNU General Public License */ -/* along with this program; if not, write to the Free Software */ -/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - -#include "config_xor.h" - - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> -#ifdef HAVE_LINUX_FS_H -#include <linux/fs.h> -#endif - -#ifdef HAVE_MEMORY_H -#include <memory.h> -#endif - -#ifdef HAVE_UNISTD_H -#include <errno.h> -#include <signal.h> -#include <pwd.h> -#include <grp.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/resource.h> -#include <fcntl.h> -#include <unistd.h> -/* need to undef these, since the #define's may be picked up from - * linux/wait.h, and will clash with a typedef in sys/wait.h - */ -#undef P_ALL -#undef P_PID -#undef P_PGID -#include <sys/wait.h> - -/********************* -#ifdef HAVE_SYS_VFS_H -#include <sys/vfs.h> -#endif -**********************/ -#endif - -#if TIME_WITH_SYS_TIME -#include <sys/time.h> -#include <time.h> -#else -#if HAVE_SYS_TIME_H -#include <sys/time.h> -#else -#include <time.h> -#endif -#endif - -#ifdef HAVE_SYS_SELECT_H -#include <sys/select.h> -#endif - -#ifndef FD_SET -#define NFDBITS 32 -#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS))) -#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS))) -#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS))) -#endif /* !FD_SET */ -#ifndef FD_SETSIZE -#define FD_SETSIZE 32 -#endif -#ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) -#endif - - -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) -#include <sys/mman.h> -#endif - -#include "samhain.h" -#include "sh_error.h" -#include "sh_unix.h" -#include "sh_utils.h" -#include "sh_mem.h" -#include "sh_hash.h" -#include "sh_tools.h" -#include "sh_restrict.h" -#include "sh_ipvx.h" -#include "sh_tiger.h" -#include "sh_prelink.h" -#include "sh_pthread.h" -#include "sh_sem.h" - -/* moved here from far below - */ -#include <netdb.h> - -#define SH_NEED_PWD_GRP -#define SH_NEED_GETHOSTBYXXX -#include "sh_static.h" - -#ifndef HAVE_LSTAT -#define lstat stat -#endif - -#if defined(S_IFLNK) && !defined(S_ISLNK) -#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) -#else -#if !defined(S_ISLNK) -#define S_ISLNK(mode) (0) -#endif -#endif - -#if defined(S_IFSOCK) && !defined(S_ISSOCK) -#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) -#else -#if !defined(S_ISSOCK) -#define S_ISSOCK(mode) (0) -#endif -#endif - -#if defined(S_IFDOOR) && !defined(S_ISDOOR) -#define S_ISDOOR(mode) (((mode) & S_IFMT) == S_IFDOOR) -#else -#if !defined(S_ISDOOR) -#define S_ISDOOR(mode) (0) -#endif -#endif - -#if defined(S_IFPORT) && !defined(S_ISPORT) -#define S_ISPORT(mode) (((mode) & S_IFMT) == S_IFPORT) -#else -#if !defined(S_ISPORT) -#define S_ISPORT(mode) (0) -#endif -#endif - -#define SH_KEY_NULL _("000000000000000000000000000000000000000000000000") - -#undef FIL__ -#define FIL__ _("sh_unix.c") - -unsigned long mask_PRELINK = MASK_PRELINK_; -unsigned long mask_USER0 = MASK_USER_; -unsigned long mask_USER1 = MASK_USER_; -unsigned long mask_USER2 = MASK_USER_; -unsigned long mask_USER3 = MASK_USER_; -unsigned long mask_USER4 = MASK_USER_; -unsigned long mask_ALLIGNORE = MASK_ALLIGNORE_; -unsigned long mask_ATTRIBUTES = MASK_ATTRIBUTES_; -unsigned long mask_LOGFILES = MASK_LOGFILES_; -unsigned long mask_LOGGROW = MASK_LOGGROW_; -unsigned long mask_READONLY = MASK_READONLY_; -unsigned long mask_NOIGNORE = MASK_NOIGNORE_; - - -extern char **environ; - -int sh_unix_maskreset() -{ - mask_PRELINK = MASK_PRELINK_; - mask_USER0 = MASK_USER_; - mask_USER1 = MASK_USER_; - mask_USER2 = MASK_USER_; - mask_USER3 = MASK_USER_; - mask_USER4 = MASK_USER_; - mask_ALLIGNORE = MASK_ALLIGNORE_; - mask_ATTRIBUTES = MASK_ATTRIBUTES_; - mask_LOGFILES = MASK_LOGFILES_; - mask_LOGGROW = MASK_LOGGROW_; - mask_READONLY = MASK_READONLY_; - mask_NOIGNORE = MASK_NOIGNORE_; - return 0; -} - - -#ifdef SYS_SIGLIST_DECLARED -/* extern const char * const sys_siglist[]; */ -#else -char * sh_unix_siglist (int signum) -{ - switch (signum) - { -#ifdef SIGHUP - case SIGHUP: - return _("Hangup"); -#endif -#ifdef SIGINT - case SIGINT: - return _("Interrupt"); -#endif -#ifdef SIGQUIT - case SIGQUIT: - return _("Quit"); -#endif -#ifdef SIGILL - case SIGILL: - return _("Illegal instruction"); -#endif -#ifdef SIGTRAP - case SIGTRAP: - return _("Trace/breakpoint trap"); -#endif -#ifdef SIGABRT - case SIGABRT: - return _("IOT trap/Abort"); -#endif -#ifdef SIGBUS - case SIGBUS: - return _("Bus error"); -#endif -#ifdef SIGFPE - case SIGFPE: - return _("Floating point exception"); -#endif -#ifdef SIGUSR1 - case SIGUSR1: - return _("User defined signal 1"); -#endif -#ifdef SIGSEGV - case SIGSEGV: - return _("Segmentation fault"); -#endif -#ifdef SIGUSR2 - case SIGUSR2: - return _("User defined signal 2"); -#endif -#ifdef SIGPIPE - case SIGPIPE: - return _("Broken pipe"); -#endif -#ifdef SIGALRM - case SIGALRM: - return _("Alarm clock"); -#endif -#ifdef SIGTERM - case SIGTERM: - return _("Terminated"); -#endif -#ifdef SIGSTKFLT - case SIGSTKFLT: - return _("Stack fault"); -#endif -#ifdef SIGCHLD - case SIGCHLD: - return _("Child exited"); -#endif -#ifdef SIGCONT - case SIGCONT: - return _("Continued"); -#endif -#ifdef SIGSTOP - case SIGSTOP: - return _("Stopped"); -#endif -#ifdef SIGTSTP - case SIGTSTP: - return _("Stop typed at tty"); -#endif -#ifdef SIGTTIN - case SIGTTIN: - return _("Stopped (tty input)"); -#endif -#ifdef SIGTTOU - case SIGTTOU: - return _("Stopped (tty output)"); -#endif -#ifdef SIGURG - case SIGURG: - return _("Urgent condition"); -#endif -#ifdef SIGXCPU - case SIGXCPU: - return _("CPU time limit exceeded"); -#endif -#ifdef SIGXFSZ - case SIGXFSZ: - return _("File size limit exceeded"); -#endif -#ifdef SIGVTALRM - case SIGVTALRM: - return _("Virtual time alarm"); -#endif -#ifdef SIGPROF - case SIGPROF: - return _("Profile signal"); -#endif -#ifdef SIGWINCH - case SIGWINCH: - return _("Window size changed"); -#endif -#ifdef SIGIO - case SIGIO: - return _("Possible I/O"); -#endif -#ifdef SIGPWR - case SIGPWR: - return _("Power failure"); -#endif -#ifdef SIGUNUSED - case SIGUNUSED: - return _("Unused signal"); -#endif - } - return _("Unknown"); -} -#endif - - -/* Log from within a signal handler without using any - * functions that are not async signal safe. - * - * This is the safe_itoa helper function. - */ -char * safe_itoa(int i, char * str, int size) -{ - unsigned int u; - int iisneg = 0; - char *p = &str[size-1]; - - *p = '\0'; - if (i < 0) { - iisneg = 1; - u = ((unsigned int)(-(1+i))) + 1; - } else { - u = i; - } - do { - --p; - *p = '0' + (u % 10); - u /= 10; - } while (u && (p != str)); - if ((iisneg == 1) && (p != str)) { - --p; - *p = '-'; - } - return p; -} - -/* Log from within a signal handler without using any - * functions that are not async signal safe. - * - * This is the safe_logger function. - * Arguments: signal (signal number), method (0=logger, 1=stderr), thepid (pid) - */ -extern int OnlyStderr; - -int safe_logger (int thesignal, int method, char * details) -{ - unsigned int i = 0; - int status = -1; - struct stat buf; - pid_t newpid; - char str[128]; - char * p; - - char l0[64], l1[64], l2[64], l3[64]; - char a0[32]; - char e0[128]; - char msg[128]; - - char * locations[] = { NULL, NULL, NULL, NULL, NULL }; - char * envp[] = { NULL, NULL }; - char * argp[] = { NULL, NULL, NULL }; - - pid_t thepid = getpid(); - - if ((sh.flag.isdaemon == S_FALSE) || (OnlyStderr == S_TRUE)) - method = 1; - - /* seems that solaris cc needs this way of initializing ... - */ - locations[0] = l0; - locations[1] = l1; - locations[2] = l2; - locations[3] = l3; - - envp[0] = e0; - argp[0] = a0; - - sl_strlcpy(msg, _("samhain["), 128); - p = safe_itoa((int) thepid, str, 128); - if (p && *p) - sl_strlcat(msg, p, 128); - if (thesignal == 0) - { - if (details == NULL) { - sl_strlcat(msg, _("]: out of memory"), 128); - } else { - sl_strlcat(msg, _("]: "), 128); - sl_strlcat(msg, details, 128); - } - } - else - { - sl_strlcat(msg, _("]: exit on signal "), 128); - p = safe_itoa(thesignal, str, 128); - if (p && *p) - sl_strlcat(msg, p, 128); - } - - if (method == 1) { -#ifndef STDERR_FILENO -#define STDERR_FILENO 2 -#endif - int retval = 0; - do { - retval = write(STDERR_FILENO, msg, strlen(msg)); - } while (retval < 0 && errno == EINTR); - do { - retval = write(STDERR_FILENO, "\n", 1); - } while (retval < 0 && errno == EINTR); - return 0; - } - - sl_strlcpy (l0, _("/usr/bin/logger"), 64); - sl_strlcpy (l1, _("/usr/sbin/logger"), 64); - sl_strlcpy (l2, _("/usr/ucb/logger"), 64); - sl_strlcpy (l3, _("/bin/logger"), 64); - - sl_strlcpy (a0, _("logger"), 32); - sl_strlcpy (e0, - _("PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin"), - 128); - - while (locations[i] != NULL) { - status = stat(locations[i], &buf); - if (status == 0) - break; - ++i; - } - - if (locations[i] != NULL) { - argp[1] = msg; - newpid = fork(); - if (newpid == 0) { - execve(locations[i], argp, envp); - _exit(1); - } - else if (newpid > 0) { - waitpid(newpid, &status, WUNTRACED); - } - } - return 0; -} - -void safe_fatal (const char * details, - const char * file, int line) -{ - char msg[128]; - char str[128]; - char * p; - int thesignal = 0; - int method = 0; - - p = safe_itoa((int) line, str, 128); - sl_strlcpy(msg, _("FATAL: "), 128); - sl_strlcat(msg, file, 128); - sl_strlcat(msg, ": ", 128); - if (p && (*p)) { - sl_strlcat(msg, p , 128); - sl_strlcat(msg, ": ", 128); - } - sl_strlcat(msg, details, 128); - (void) safe_logger (thesignal, method, msg); - - close_ipc (); - raise(SIGKILL); -} - -extern char sh_sig_msg[64]; - -volatile int immediate_exit_normal = 0; - -#if defined(SA_SIGACTION_WORKS) -static -void sh_unix_sigexit (int mysignal, siginfo_t * signal_info, void * signal_add) -#else -static -void sh_unix_sigexit (int mysignal) -#endif -{ - -#if defined(SA_SIGACTION_WORKS) - if (signal_info != NULL && signal_info->si_code == SI_USER && - mysignal != SIGTERM && mysignal != SIGINT) - { - return; - } - - /* avoid compiler warning (unused var) - */ - (void) signal_add; -#endif - - /* - * Block re-entry - */ - if (immediate_exit_normal > 0) - { - ++immediate_exit_normal; - if ((skey != NULL) && (immediate_exit_normal == 2)) - memset (skey, '\0', sizeof(sh_key_t)); - if (immediate_exit_normal == 2) - { - int val_return; - - do { - val_return = chdir ("/"); - } while (val_return < 0 && errno == EINTR); - - close_ipc (); - safe_logger (mysignal, 0, NULL); - } - raise(SIGKILL); - } - else - { - immediate_exit_normal = 1; - } - -#ifdef SYS_SIGLIST_DECLARED - strncpy (sh_sig_msg, sys_siglist[mysignal], 40); -#else - strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); -#endif - sh_sig_msg[63] = '\0'; - - ++sig_raised; - ++sig_urgent; - sig_termfast = 1; - return; -} - -volatile int immediate_exit_fast = 0; - -#if defined(SA_SIGACTION_WORKS) -static -void sh_unix_sigexit_fast (int mysignal, siginfo_t * signal_info, - void * signal_add) -#else -static -void sh_unix_sigexit_fast (int mysignal) -#endif -{ -#if defined(SL_DEBUG) && (defined(USE_SYSTEM_MALLOC) || !defined(USE_MALLOC_LOCK)) - int retval; -#endif - -#if defined(SA_SIGACTION_WORKS) - if (signal_info != NULL && signal_info->si_code == SI_USER) - { - return; - } -#endif - - /* avoid compiler warning (unused var) - */ -#if defined(SA_SIGACTION_WORKS) - (void) signal_add; -#endif - - /* Check whether the heap is ok; otherwise _exit - */ -#if !defined(SL_DEBUG) || (!defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK)) - ++immediate_exit_fast; - if (skey != NULL && immediate_exit_fast < 2) - memset (skey, '\0', sizeof(sh_key_t)); - if (immediate_exit_fast < 2) - safe_logger (mysignal, 0, NULL); - raise(SIGKILL); -#else - - /* debug code - */ - if (immediate_exit_fast == 1) - { - ++immediate_exit_fast; - if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); - close_ipc (); - safe_logger (mysignal, 0, NULL); - do { - retval = chdir ("/"); - } while (retval < 0 && errno == EINTR); - raise(SIGFPE); - } - else if (immediate_exit_fast == 2) - { - do { - retval = chdir ("/"); - } while (retval < 0 && errno == EINTR); - raise(SIGFPE); - } - else if (immediate_exit_fast != 0) - { - raise(SIGKILL); - } - - ++immediate_exit_fast; - - /* The FPE|BUS|SEGV|ILL signals leave the system in an undefined - * state, thus it is best to exit immediately. - */ -#ifdef SYS_SIGLIST_DECLARED - strncpy (sh_sig_msg, sys_siglist[mysignal], 40); -#else - strncpy (sh_sig_msg, sh_unix_siglist(mysignal), 40); -#endif - sh_sig_msg[63] = '\0'; - - sl_stack_print(); - - /* Try to push out an error message. - */ - sh_error_handle ((-1), FIL__, __LINE__, mysignal, MSG_EXIT_NORMAL, - sh.prg_name, sh_sig_msg); - - if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); - close_ipc (); - - do { - retval = chdir ("/"); - } while (retval < 0 && errno == EINTR); - - raise(SIGFPE); -#endif -} - - -static -void sh_unix_sigaction (int mysignal) -{ - ++sig_raised; -#ifdef SIGUSR1 - if (mysignal == SIGUSR1) - sig_debug_switch = 1; -#endif -#ifdef SIGUSR2 - if (mysignal == SIGUSR2) - { - ++sig_suspend_switch; - ++sig_urgent; - } -#endif -#ifdef SIGHUP - if (mysignal == SIGHUP) - sig_config_read_again = 1; -#endif -#ifdef SIGTTOU - if (mysignal == SIGTTOU) { - sig_force_check = 1; sh_sem_trylock(); } -#endif -#ifdef SIGTSTP - if (mysignal == SIGTSTP) { - sig_force_check = 1; sig_force_silent = 1; sh_sem_trylock(); } -#endif -#ifdef SIGTTIN - if (mysignal == SIGTTIN) - sig_fresh_trail = 1; -#endif -#ifdef SIGABRT - if (mysignal == SIGABRT) - sig_fresh_trail = 1; -#endif -#ifdef SIGQUIT - if (mysignal == SIGQUIT) - sig_terminate = 1; -#endif -#ifdef SIGTERM - if (mysignal == SIGTERM) - { - strncpy (sh_sig_msg, _("Terminated"), 40); - sig_termfast = 1; - ++sig_urgent; - } -#endif - - return; -} - -void sh_unix_ign_sigpipe() -{ - struct sigaction ignact; - - ignact.sa_handler = SIG_IGN; /* signal action */ - sigemptyset( &ignact.sa_mask ); /* set an empty mask */ - ignact.sa_flags = 0; /* init sa_flags */ - -#ifdef SIGPIPE - retry_sigaction(FIL__, __LINE__, SIGPIPE, &ignact, NULL); -#endif - - return; -} -static -void sh_unix_siginstall (int goDaemon) -{ - struct sigaction act, act_fast, act2, oldact, ignact; -#if defined (SH_WITH_SERVER) - (void) goDaemon; -#endif - - SL_ENTER(_("sh_unix_siginstall")); - - ignact.sa_handler = SIG_IGN; /* signal action */ - sigemptyset( &ignact.sa_mask ); /* set an empty mask */ - ignact.sa_flags = 0; /* init sa_flags */ - -#if defined(SA_SIGACTION_WORKS) - act.sa_sigaction = &sh_unix_sigexit; /* signal action */ -#else - act.sa_handler = &sh_unix_sigexit; /* signal action */ -#endif - - sigfillset ( &act.sa_mask ); /* set a full mask */ - - - /* Block all but deadly signals. - */ -#ifdef SIGILL - sigdelset ( &act.sa_mask, SIGILL ); -#endif -#ifndef SL_DEBUG -#ifdef SIGFPE - sigdelset ( &act.sa_mask, SIGFPE ); -#endif -#endif -#ifdef SIGSEGV - sigdelset ( &act.sa_mask, SIGSEGV ); -#endif -#ifdef SIGBUS - sigdelset ( &act.sa_mask, SIGBUS ); -#endif - -#if defined(SA_SIGACTION_WORKS) - act_fast.sa_sigaction = &sh_unix_sigexit_fast; /* signal action */ -#else - act_fast.sa_handler = &sh_unix_sigexit_fast; /* signal action */ -#endif - - sigfillset ( &act_fast.sa_mask ); /* set a full mask */ - -#ifdef SIGILL - sigdelset ( &act_fast.sa_mask, SIGILL ); -#endif -#ifndef SL_DEBUG -#ifdef SIGFPE - sigdelset ( &act_fast.sa_mask, SIGFPE ); -#endif -#endif -#ifdef SIGSEGV - sigdelset ( &act_fast.sa_mask, SIGSEGV ); -#endif -#ifdef SIGBUS - sigdelset ( &act_fast.sa_mask, SIGBUS ); -#endif - - - /* Use siginfo to verify origin of signal, if possible. - */ -#if defined(SA_SIGACTION_WORKS) - act.sa_flags = SA_SIGINFO; - act_fast.sa_flags = SA_SIGINFO; -#else - act.sa_flags = 0; - act_fast.sa_flags = 0; -#endif - - /* Do not block the signal from being received in its handler ... - * (is this a good or a bad idea ??). - */ -#if defined(SA_NOMASK) - act_fast.sa_flags |= SA_NOMASK; -#elif defined(SA_NODEFER) - act_fast.sa_flags |= SA_NODEFER; -#endif - - - act2.sa_handler = &sh_unix_sigaction; /* signal action */ - sigemptyset( &act2.sa_mask ); /* set an empty mask */ - act2.sa_flags = 0; /* init sa_flags */ - - /* signals to control the daemon */ - -#ifdef SIGHUP - retry_sigaction(FIL__, __LINE__, SIGHUP, &act2, &oldact); -#endif -#ifdef SIGABRT - retry_sigaction(FIL__, __LINE__, SIGABRT, &act2, &oldact); -#endif -#ifdef SIGUSR1 - retry_sigaction(FIL__, __LINE__, SIGUSR1, &act2, &oldact); -#endif -#ifdef SIGUSR2 - retry_sigaction(FIL__, __LINE__, SIGUSR2, &act2, &oldact); -#endif -#ifdef SIGQUIT - retry_sigaction(FIL__, __LINE__, SIGQUIT, &act2, &oldact); -#endif -#ifdef SIGTERM - retry_sigaction(FIL__, __LINE__, SIGTERM, &act, &oldact); -#endif - - /* fatal signals that may cause termination */ - -#ifdef SIGILL - retry_sigaction(FIL__, __LINE__, SIGILL, &act_fast, &oldact); -#endif -#ifndef SL_DEBUG -#ifdef SIGFPE - retry_sigaction(FIL__, __LINE__, SIGFPE, &act_fast, &oldact); -#endif -#endif -#ifdef SIGSEGV - retry_sigaction(FIL__, __LINE__, SIGSEGV, &act_fast, &oldact); -#endif -#ifdef SIGBUS - retry_sigaction(FIL__, __LINE__, SIGBUS, &act_fast, &oldact); -#endif - - /* other signals */ - -#ifdef SIGINT - retry_sigaction(FIL__, __LINE__, SIGINT, &act, &oldact); -#endif -#ifdef SIGPIPE - retry_sigaction(FIL__, __LINE__, SIGPIPE, &ignact, &oldact); -#endif -#ifdef SIGALRM - retry_sigaction(FIL__, __LINE__, SIGALRM, &ignact, &oldact); -#endif - -#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) -#ifdef SIGTTOU - if (goDaemon == 1) - retry_sigaction(FIL__, __LINE__, SIGTTOU, &act2, &oldact); - else - retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); -#endif -#ifdef SIGTSTP - if (goDaemon == 1) - retry_sigaction(FIL__, __LINE__, SIGTSTP, &act2, &oldact); - else - retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact); -#endif -#ifdef SIGTTIN - if (goDaemon == 1) - retry_sigaction(FIL__, __LINE__, SIGTTIN, &act2, &oldact); - else - retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); -#endif -#else -#ifdef SIGTSTP - retry_sigaction(FIL__, __LINE__, SIGTSTP, &ignact, &oldact); -#endif -#ifdef SIGTTOU - retry_sigaction(FIL__, __LINE__, SIGTTOU, &ignact, &oldact); -#endif -#ifdef SIGTTIN - retry_sigaction(FIL__, __LINE__, SIGTTIN, &ignact, &oldact); -#endif -#endif - -#ifdef SIGTRAP -#if !defined(SCREW_IT_UP) - retry_sigaction(FIL__, __LINE__, SIGTRAP, &act, &oldact); -#endif -#endif - -#ifdef SIGPOLL - retry_sigaction(FIL__, __LINE__, SIGPOLL, &ignact, &oldact); -#endif -#if defined(SIGPROF) && !defined(SH_PROFILE) - retry_sigaction(FIL__, __LINE__, SIGPROF, &ignact, &oldact); -#endif -#ifdef SIGSYS - retry_sigaction(FIL__, __LINE__, SIGSYS, &act, &oldact); -#endif -#ifdef SIGURG - retry_sigaction(FIL__, __LINE__, SIGURG, &ignact, &oldact); -#endif -#if defined(SIGVTALRM) && !defined(SH_PROFILE) - retry_sigaction(FIL__, __LINE__, SIGVTALRM, &ignact, &oldact); -#endif -#ifdef SIGXCPU - retry_sigaction(FIL__, __LINE__, SIGXCPU, &act, &oldact); -#endif -#ifdef SIGXFSZ - retry_sigaction(FIL__, __LINE__, SIGXFSZ, &act, &oldact); -#endif - -#ifdef SIGEMT - retry_sigaction(FIL__, __LINE__, SIGEMT, &ignact, &oldact); -#endif -#ifdef SIGSTKFLT - retry_sigaction(FIL__, __LINE__, SIGSTKFLT, &act, &oldact); -#endif -#ifdef SIGIO - retry_sigaction(FIL__, __LINE__, SIGIO, &ignact, &oldact); -#endif -#ifdef SIGPWR - retry_sigaction(FIL__, __LINE__, SIGPWR, &act, &oldact); -#endif - -#ifdef SIGLOST - retry_sigaction(FIL__, __LINE__, SIGLOST, &ignact, &oldact); -#endif -#ifdef SIGUNUSED - retry_sigaction(FIL__, __LINE__, SIGUNUSED, &ignact, &oldact); -#endif - - SL_RET0(_("sh_unix_siginstall")); -} - -/* ---------------------------------------------------------------- */ - -/* checksum the own binary - */ -int sh_unix_self_hash (const char * c) -{ - char message[512]; - char hashbuf[KEYBUF_SIZE]; - - SL_ENTER(_("sh_unix_self_hash")); - - if (c == NULL) - { - sh.exec.path[0] = '\0'; - SL_RETURN((0), _("sh_unix_self_hash")); - } - sl_strlcpy(sh.exec.path, c, SH_PATHBUF); - - sl_strlcpy(sh.exec.hash, - sh_tiger_hash (c, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), - KEY_LEN+1); - sl_snprintf(message, 512, _("%s has checksum: %s"), - sh.exec.path, sh.exec.hash); - message[511] = '\0'; - sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, - message, _("sh_unix_self_hash")); - if (0 == sl_strcmp(sh.exec.hash, SH_KEY_NULL )) - { - dlog(1, FIL__, __LINE__, - _("Could not checksum my own executable because of the\nfollowing error: %s: %s\n\nPossible reasons include:\n Wrong path in configure file option SamhainPath=/path/to/executable\n No read permission for the effective UID: %d\n"), - sh.exec.path, sl_get_errmsg(), (int) sl_ret_euid()); - sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_NOACCESS, - (long) sh.real.uid, c); - aud_exit (FIL__, __LINE__, EXIT_FAILURE); - } - SL_RETURN((0), _("sh_unix_self_hash")); -} - -int sh_unix_self_check () -{ - char newhash[KEY_LEN+1]; - char message[512]; - char hashbuf[KEYBUF_SIZE]; - - SL_ENTER(_("sh_unix_self_check")); - if (sh.exec.path[0] == '\0') - SL_RETURN((0), _("sh_unix_self_check")); - - sl_strlcpy(newhash, - sh_tiger_hash (sh.exec.path, TIGER_FILE, TIGER_NOLIM, hashbuf, sizeof(hashbuf)), - KEY_LEN+1); - - if (0 == sl_strncmp(sh.exec.hash, newhash, KEY_LEN)) - { - sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Checksum ok"), _("sh_unix_self_check")); - SL_RETURN((0), _("sh_unix_self_check")); - } - - if (0 == sl_strncmp(SH_KEY_NULL, newhash, KEY_LEN)) - { - sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Could not read samhain executable"), _("sh_unix_self_check")); - SL_RETURN((0), _("sh_unix_self_check")); - } - - dlog(1, FIL__, __LINE__, - _("The checksum of the executable: %s has changed since startup (%s -> %s).\n"), - sh.exec.path, sh.exec.hash, newhash); - - sl_snprintf(message, 512, - _("The checksum of %s has changed since startup (%s -> %s)"), - sh.exec.path, sh.exec.hash, newhash); - message[511] = '\0'; - - sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, - message, _("sh_unix_self_check")); - sh_error_handle ((-1), FIL__, __LINE__, EACCES, MSG_E_AUTH, - sh.exec.path); - SL_RETURN((-1), _("sh_unix_self_check")); -} - - -/* ---------------------------------------------------------------- */ - -long sh_group_to_gid (const char * g, int * fail) -{ - struct group * w; - gid_t gid = 0; - int status = 0; - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - struct group grp; - char * buffer; - static size_t gbufsize = SH_GRBUF_SIZE; -#endif - - *fail = -1; - - if (g) - { - size_t i; - size_t len = strlen(g); - - *fail = 0; - - for (i = 0; i < len; ++i) - { - char c = g[i]; - - if (!isdigit((int) c)) - goto is_a_name; - } - return atol(g); - - is_a_name: - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - - buffer = SH_ALLOC(gbufsize); - status = sh_getgrnam_r(g, &grp, buffer, gbufsize, &w); - - if ((status == ERANGE) && (w == NULL)) - { - if (S_TRUE == sl_ok_adds( gbufsize, SH_GRBUF_SIZE )) - { - SH_FREE(buffer); - gbufsize += SH_GRBUF_SIZE; - goto is_a_name; - } - } - -#else - - errno = 0; - w = sh_getgrnam(g); - status = errno; - -#endif - - if ((status == ERANGE) && (w == NULL)) - { - static int seen = 0; - - if (seen == 0) - { - char errbuf[SH_ERRBUF_SIZE]; - - sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("sh_group_to_gid"), (long) -1, _("line too long in group entry")); - ++seen; - } - *fail = -1; - } - else if (w == NULL) - { - char * tmp = sh_util_strdup(g); - sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, - _("sh_group_to_gid"), tmp); - SH_FREE(tmp); - *fail = -1; - } - else - { - gid = w->gr_gid; - } -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - SH_FREE(buffer); -#endif - } - - return gid; -} - -/* ---------------------------------------------------------------- */ - - -/* added Tue Feb 22 10:36:44 NFT 2000 Rainer Wichmann */ -static int tf_add_trusted_user_int(const char * c) -{ - struct passwd * w; - int count; - uid_t pwid = (uid_t)-1; - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - struct passwd pwd; - char * buffer; -#endif - - SL_ENTER(_("tf_add_trusted_user_int")); - - /* First check for a user name. - */ -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - buffer = SH_ALLOC(SH_PWBUF_SIZE); - sh_getpwnam_r(c, &pwd, buffer, SH_PWBUF_SIZE, &w); -#else - w = sh_getpwnam(c); -#endif - - if ((w != NULL) && ((pwid = w->pw_uid) > 0)) - goto succe; - - /* Failed, so check for a numerical value. - */ - pwid = strtol(c, (char **)NULL, 10); - if (pwid > 0 && pwid < 65535) - goto succe; - - sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, - _("add trusted user"), c); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - SH_FREE(buffer); -#endif - SL_RETURN((-1), _("tf_add_trusted_user_int")); - - succe: - count = sl_trust_add_user(pwid); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - SH_FREE(buffer); -#endif - SL_RETURN((count), _("tf_add_trusted_user_int")); -} - -int tf_add_trusted_user(const char * c) -{ - int i; - char * q; - char * p = sh_util_strdup (c); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) - char * saveptr; -#endif - - SL_ENTER(_("tf_add_trusted_user")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) - q = strtok_r(p, ", \t", &saveptr); -#else - q = strtok(p, ", \t"); -#endif - if (!q) - { - SH_FREE(p); - SL_RETURN((-1), _("tf_add_trusted_user")); - } - while (q) - { - i = tf_add_trusted_user_int(q); - if (SL_ISERROR(i)) - { - SH_FREE(p); - SL_RETURN((i), _("tf_add_trusted_user")); - } -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_STRTOK_R) - q = strtok_r(NULL, ", \t", &saveptr); -#else - q = strtok(NULL, ", \t"); -#endif - } - SH_FREE(p); - SL_RETURN((0), _("tf_add_trusted_user")); -} - -extern uid_t sl_trust_baduid(void); -extern gid_t sl_trust_badgid(void); - -#if defined(HOST_IS_CYGWIN) || defined(__cygwin__) || defined(__CYGWIN32__) || defined(__CYGWIN__) -int tf_trust_check (const char * file, int mode) -{ - (void) file; - (void) mode; - return 0; -} -#else -int tf_trust_check (const char * file, int mode) -{ - char * tmp; - char * tmp2; - char * p; - int status; - int level; - uid_t ff_euid = (uid_t) -1; - - SL_ENTER(_("tf_trust_check")); - - if (mode == SL_YESPRIV) - sl_get_euid(&ff_euid); - else - sl_get_ruid(&ff_euid); - -#if defined(SH_WITH_SERVER) - if (0 == sl_ret_euid()) /* privileges not dropped yet */ - { -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - struct passwd pwd; - char * buffer = SH_ALLOC(SH_PWBUF_SIZE); - struct passwd * tempres; - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); -#else - struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); -#endif - - if (!tempres) - { - dlog(1, FIL__, __LINE__, - _("User %s does not exist. Please add the user to your system.\n"), - DEFAULT_IDENT); - aud_exit (FIL__, __LINE__, EXIT_FAILURE); - } - else - { - ff_euid = tempres->pw_uid; - } -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - SH_FREE(buffer); -#endif - } -#endif - - status = sl_trustfile_euid(file, ff_euid); - - if ( SL_ENONE != status) - { - if (status == SL_ESTAT) - level = SH_ERR_ALL; - else - level = SH_ERR_ERR; - - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); - if (p && *p != '\0') - { - tmp2 = sh_util_safe_name (sl_trust_errfile()); - sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2, - sl_error_string(status), tmp, tmp2); - SH_FREE(tmp2); - } - else - { - sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1, - sl_error_string(status), tmp); - } - SH_FREE(tmp); - - if (status == SL_EBADUID || status == SL_EBADGID || - status == SL_EBADOTH || status == SL_ETRUNC || - status == SL_EINTERNAL ) - { - switch (status) { - case SL_EINTERNAL: - dlog(1, FIL__, __LINE__, - _("An internal error occured in the trustfile function.\n")); - break; - case SL_ETRUNC: - tmp = sh_util_safe_name (file); - dlog(1, FIL__, __LINE__, - _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"), - tmp); - SH_FREE(tmp); - break; - case SL_EBADOTH: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); - dlog(1, FIL__, __LINE__, - _("The path element: %s\nin the filename: %s is world writeable.\n"), - p, tmp); - SH_FREE(tmp); - break; - case SL_EBADUID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); - dlog(1, FIL__, __LINE__, - _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - (UID_CAST)sl_trust_baduid(), p, tmp); - SH_FREE(tmp); - break; - case SL_EBADGID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); - dlog(1, FIL__, __LINE__, - _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - p, tmp, (UID_CAST)sl_trust_badgid(), - (UID_CAST)sl_trust_baduid()); - SH_FREE(tmp); - break; - default: - break; - } - - SL_RETURN((-1), _("tf_trust_check")); - } - } - - SL_RETURN((0), _("tf_trust_check")); -} -#endif - -#ifdef HAVE_INITGROUPS -#ifdef HOST_IS_OSF -int sh_unix_initgroups ( char * in_user, gid_t in_gid) -#else -int sh_unix_initgroups (const char * in_user, gid_t in_gid) -#endif -{ - int status = -1; - status = sh_initgroups (in_user, in_gid); - if (status < 0) - { - if (errno == EPERM) - return 0; - if (errno == EINVAL) - return 0; - return -1; - } - return 0; -} -#else -int sh_unix_initgroups (const char * in_user, gid_t in_gid) -{ - (void) in_user; - (void) in_gid; - return 0; -} -#endif - -#ifdef HAVE_INITGROUPS -char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len); -int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) -{ - int status = -1; - char user[SH_MINIBUF]; - - SL_ENTER(_("sh_unix_initgroups2")); - - if (NULL == sh_unix_getUIDname (SH_ERR_ERR, in_pid, user, sizeof(user))) - SL_RETURN((-1), _("sh_unix_initgroups2")); - status = sh_initgroups (user, in_gid); - if (status < 0) - { - if (errno == EPERM) - status = 0; - if (errno == EINVAL) - status = 0; - } - SL_RETURN((status), _("sh_unix_initgroups2")); -} -#else -int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid) -{ - (void) in_pid; - (void) in_gid; - return 0; -} -#endif - -void sh_unix_closeall (int fd, int except, int inchild) -{ - int fdx = fd; -#ifdef _SC_OPEN_MAX - int fdlimit = sysconf (_SC_OPEN_MAX); -#else -#ifdef OPEN_MAX - int fdlimit = OPEN_MAX; -#else - int fdlimit = _POSIX_OPEN_MAX; -#endif -#endif - - SL_ENTER(_("sh_unix_closeall")); - - /* can't happen - so fix it :-( - */ - if (fdlimit < 0) - fdlimit = 20; /* POSIX lower limit */ - - if (fdlimit > 65536) - fdlimit = 65536; - - if (!inchild) - sl_dropall (fdx, except); - else - sl_dropall_dirty (fdx, except); - - /* Close everything from fd (inclusive) up to fdlimit (exclusive). - */ - while (fd < fdlimit) - { - if (fd == except) - fd++; - else if (slib_do_trace != 0 && fd == slib_trace_fd) - fd++; - else - sl_close_fd(FIL__, __LINE__, fd++); - } - - SL_RET0(_("sh_unix_closeall")); -} - -static void sh_unix_setlimits(void) -{ - struct rlimit limits; - - SL_ENTER(_("sh_unix_setlimits")); - - limits.rlim_cur = RLIM_INFINITY; - limits.rlim_max = RLIM_INFINITY; - -#ifdef RLIMIT_CPU - setrlimit (RLIMIT_CPU, &limits); -#endif -#ifdef RLIMIT_FSIZE - setrlimit (RLIMIT_FSIZE, &limits); -#endif -#ifdef RLIMIT_DATA - setrlimit (RLIMIT_DATA, &limits); -#endif -#ifdef RLIMIT_STACK - setrlimit (RLIMIT_STACK, &limits); -#endif -#ifdef RLIMIT_RSS - setrlimit (RLIMIT_RSS, &limits); -#endif -#ifdef RLIMIT_NPROC - setrlimit (RLIMIT_NPROC, &limits); -#endif -#ifdef RLIMIT_MEMLOCK - setrlimit (RLIMIT_MEMLOCK, &limits); -#endif - -#if !defined(SL_DEBUG) - /* no core dumps - */ - limits.rlim_cur = 0; - limits.rlim_max = 0; -#ifdef RLIMIT_CORE - setrlimit (RLIMIT_CORE, &limits); -#endif -#else -#ifdef RLIMIT_CORE - setrlimit (RLIMIT_CORE, &limits); -#endif -#endif - - limits.rlim_cur = 1024; - limits.rlim_max = 1024; - -#if defined(RLIMIT_NOFILE) - setrlimit (RLIMIT_NOFILE, &limits); -#elif defined(RLIMIT_OFILE) - setrlimit (RLIMIT_OFILE, &limits); -#endif - - SL_RET0(_("sh_unix_setlimits")); -} - -static void sh_unix_copyenv(void) -{ - char ** env0 = environ; - char ** env1; - int envlen = 0; - size_t len; - - SL_ENTER(_("sh_unix_copyenv")); - - while (env0 != NULL && env0[envlen] != NULL) { - /* printf("%2d: %s\n", envlen, env0[envlen]); */ - ++envlen; - } - ++envlen; - - /* printf("-> %2d: slots allocated\n", envlen); */ - env1 = calloc(1,sizeof(char *) * envlen); /* only once */ - if (env1 == NULL) - { - fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); - SL_RET0(_("sh_unix_copyenv")); - } - env0 = environ; - envlen = 0; - - while (env0 != NULL && env0[envlen] != NULL) { - len = strlen(env0[envlen]) + 1; - env1[envlen] = calloc(1,len); /* only once */ - if (env1[envlen] == NULL) - { - int i; - fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); - for (i = 0; i < envlen; ++i) free(env1[len]); - free(env1); - SL_RET0(_("sh_unix_copyenv")); - } - sl_strlcpy(env1[envlen], env0[envlen], len); - ++envlen; - } - env1[envlen] = NULL; - - environ = env1; - SL_RET0(_("sh_unix_copyenv")); -} - -/* delete all environment variables - */ -static void sh_unix_zeroenv(void) -{ - char * c; - char ** env; - - SL_ENTER(_("sh_unix_zeroenv")); - - sh_unix_copyenv(); - env = environ; - - while (env != NULL && *env != NULL) { - c = strchr ((*env), '='); -#ifdef WITH_MYSQL - /* - * Skip the MYSQL_UNIX_PORT environment variable; MySQL may need it. - */ - if (0 == sl_strncmp((*env), _("MYSQL_UNIX_PORT="), 16)) - { - ++(env); - continue; - } - if (0 == sl_strncmp((*env), _("MYSQL_TCP_PORT="), 15)) - { - ++(env); - continue; - } - if (0 == sl_strncmp((*env), _("MYSQL_HOME="), 11)) - { - ++(env); - continue; - } -#endif -#ifdef WITH_ORACLE - /* - * Skip the ORACLE_HOME and TNS_ADMIN environment variables; - * Oracle may need them. - */ - if (0 == sl_strncmp((*env), _("ORACLE_HOME="), 12)) - { - ++(env); - continue; - } - if (0 == sl_strncmp((*env), _("TNS_ADMIN="), 10)) - { - ++(env); - continue; - } -#endif - /* - * Skip the TZ environment variable. - */ - if (0 == sl_strncmp((*env), _("TZ="), 3)) - { - ++(env); - continue; - } - ++(env); - if (c != NULL) - { - ++c; - while ((*c) != '\0') { - (*c) = '\0'; - ++c; - } - } - } - -#ifdef HAVE_TZSET - tzset(); -#endif - - SL_RET0(_("sh_unix_zeroenv")); -} - - -static void sh_unix_resettimer(void) -{ - struct itimerval this_timer; - - SL_ENTER(_("sh_unix_resettimer")); - - this_timer.it_value.tv_sec = 0; - this_timer.it_value.tv_usec = 0; - - this_timer.it_interval.tv_sec = 0; - this_timer.it_interval.tv_usec = 0; - - setitimer(ITIMER_REAL, &this_timer, NULL); -#if !defined(SH_PROFILE) - setitimer(ITIMER_VIRTUAL, &this_timer, NULL); - setitimer(ITIMER_PROF, &this_timer, NULL); -#endif - - SL_RET0(_("sh_unix_resettimer")); -} - -static void sh_unix_resetsignals(void) -{ - int sig_num; -#ifdef NSIG - int max_sig = NSIG; -#else - int max_sig = 255; -#endif - int test; - int status; - struct sigaction act; -#if !defined(SH_PROFILE) - struct sigaction oldact; -#endif - - sigset_t set_proc; - - SL_ENTER(_("sh_unix_resetsignals")); - /* - * Reset the current signal mask (inherited from parent process). - */ - - sigfillset(&set_proc); - - do { - errno = 0; - test = SH_SETSIGMASK(SIG_UNBLOCK, &set_proc, NULL); - } while (test < 0 && errno == EINTR); - - /* - * Reset signal handling. - */ - - act.sa_handler = SIG_DFL; /* signal action */ - sigemptyset( &act.sa_mask ); /* set an empty mask */ - act.sa_flags = 0; /* init sa_flags */ - - for (sig_num = 1; sig_num <= max_sig; ++sig_num) - { -#if !defined(SH_PROFILE) - test = retry_sigaction(FIL__, __LINE__, sig_num, &act, &oldact); -#else - test = 0; -#endif - if ((test == -1) && (errno != EINVAL)) - { - char errbuf[SH_ERRBUF_SIZE]; - status = errno; - sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_SIG, - sh_error_message (status, errbuf, sizeof(errbuf)), sig_num); - } - } - - SL_RET0(_("sh_unix_resetsignals")); -} - -/* Get the local hostname (FQDN) - */ -static char * sh_tolower (char * s) -{ - char * ret = s; - if (s) - { - for (; *s; ++s) - { - *s = tolower((unsigned char) *s); - } - } - return ret; -} - - -#include <sys/socket.h> - -/* Required for BSD - */ -#ifdef HAVE_NETINET_IN_H -#include <netinet/in.h> -#endif - -#include <arpa/inet.h> - -const char * sh_unix_h_name (struct hostent * host_entry) -{ - char ** p; - if (strchr(host_entry->h_name, '.')) { - return host_entry->h_name; - } else { - for (p = host_entry->h_aliases; *p; ++p) { - if (strchr(*p, '.')) - return *p; - } - } - return host_entry->h_name; -} - -/* uname() on FreeBSD is broken, because the 'nodename' buf is too small - * to hold a valid (leftmost) domain label. - */ -#if defined(HAVE_UNAME) && !defined(HOST_IS_FREEBSD) -#include <sys/utsname.h> -void sh_unix_localhost() -{ - struct utsname buf; - int i; - unsigned int ddot; - int len; - char * p; - char hostname[256]; - char numeric[SH_IP_BUF]; - char * canonical; - - - SL_ENTER(_("sh_unix_localhost")); - - (void) uname (&buf); - /* flawfinder: ignore */ /* ff bug, ff sees system() */ - sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); - sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); - sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF); - - /* Workaround for cases where nodename could be - * a truncated FQDN. - */ - if (strlen(buf.nodename) == (sizeof(buf.nodename)-1)) - { - p = strchr(buf.nodename, '.'); - if (NULL != p) { - *p = '\0'; - sl_strlcpy(hostname, buf.nodename, 256); - } else { -#ifdef HAVE_GETHOSTNAME - if (0 != gethostname(hostname, 256)) - { - sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("nodename returned by uname may be truncated"), - _("sh_unix_localhost")); - sl_strlcpy (hostname, buf.nodename, 256); - } - else - { - hostname[255] = '\0'; - } -#else - sh_error_handle(SH_ERR_WARN, FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("nodename returned by uname may be truncated"), - _("sh_unix_localhost")); - sl_strlcpy(hostname, buf.nodename, 256); -#endif - } - } - else - { - sl_strlcpy(hostname, buf.nodename, 256); - } - - canonical = sh_ipvx_canonical(hostname, numeric, sizeof(numeric)); - - if (canonical == NULL) - { - sl_strlcpy (sh.host.name, hostname, SH_PATHBUF); - sh_tolower (sh.host.name); - } - else - { - sl_strlcpy (sh.host.name, canonical, SH_PATHBUF); - SH_FREE(canonical); - } - - /* check whether it looks like a FQDN - */ - len = sl_strlen(sh.host.name); - ddot = 0; - for (i = 0; i < len; ++i) - if (sh.host.name[i] == '.') ++ddot; - - if (ddot == 0) - { - dlog(1, FIL__, __LINE__, - _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), - hostname, sh.host.name); - sl_strlcpy (sh.host.name, numeric, SH_PATHBUF); - SL_RET0(_("sh_unix_localhost")); - } - - if (sh_ipvx_is_numeric(sh.host.name)) - { - dlog(1, FIL__, __LINE__, - _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), - hostname, sh.host.name); - } - - SL_RET0(_("sh_unix_localhost")); -} - -#else - -/* - * --FreeBSD code - */ -#if defined(HAVE_UNAME) -#include <sys/utsname.h> -#endif -void sh_unix_localhost() -{ -#if defined(HAVE_UNAME) - struct utsname buf; -#endif - int i; - int ddot; - int len; - char hostname[1024]; - char numeric[SH_IP_BUF]; - char * canonical; - - SL_ENTER(_("sh_unix_localhost")); - -#if defined(HAVE_UNAME) - (void) uname (&buf); - /* flawfinder: ignore */ /* ff bug, ff sees system() */ - sl_strlcpy (sh.host.system, buf.sysname, SH_MINIBUF); - sl_strlcpy (sh.host.release, buf.release, SH_MINIBUF); - sl_strlcpy (sh.host.machine, buf.machine, SH_MINIBUF); -#endif - - (void) gethostname (hostname, 1024); - hostname[1023] = '\0'; - - canonical = sh_ipvx_canonical(hostname, numeric, sizeof(numeric)); - - if (canonical == NULL) - { - sl_strlcpy (sh.host.name, hostname, SH_PATHBUF); - sh_tolower (sh.host.name); - } - else - { - sl_strlcpy (sh.host.name, canonical, SH_PATHBUF); - SH_FREE(canonical); - } - - /* check whether it looks like a FQDN - */ - len = sl_strlen(sh.host.name); - ddot = 0; - for (i = 0; i < len; ++i) - if (sh.host.name[i] == '.') ++ddot; - if (ddot == 0) - { - dlog(1, FIL__, __LINE__, - _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), - hostname, sh.host.name); - sl_strlcpy (sh.host.name, numeric, SH_PATHBUF); - SL_RET0(_("sh_unix_localhost")); - } - - if (sh_ipvx_is_numeric(sh.host.name)) - { - dlog(1, FIL__, __LINE__, - _("According to uname, your nodename is %s, but your resolver\nlibrary cannot resolve this nodename to a FQDN.\nRather, it resolves this to %s.\nFor more information, see the entry about self-resolving under\n'Most frequently' in the FAQ that you will find in the docs/ subdirectory.\n"), - hostname, sh.host.name); - } - - SL_RET0(_("sh_unix_localhost")); -} -#endif - - -void sh_unix_memlock() -{ - SL_ENTER(_("sh_unix_memlock")); - - /* do this before dropping privileges - */ -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) - if (skey->mlock_failed == S_FALSE) - { - if ( (-1) == sh_unix_mlock( FIL__, __LINE__, - (char *) skey, sizeof (sh_key_t)) ) - { - SH_MUTEX_LOCK_UNSAFE(mutex_skey); - skey->mlock_failed = S_TRUE; - SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); - } - } -#else - if (skey->mlock_failed == S_FALSE) - { - SH_MUTEX_LOCK_UNSAFE(mutex_skey); - skey->mlock_failed = S_TRUE; - SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); - } -#endif - - SL_RET0(_("sh_unix_memlock")); -} - -#ifdef SH_WITH_SERVER -char * chroot_dir = NULL; - -int sh_unix_set_chroot(const char * str) -{ - size_t len; - static int block = 0; - - if (block == 1) - return 0; - - if (str && *str == '/') - { - len = strlen(str) + 1; - chroot_dir = calloc(1,strlen(str) + 1); /* only once */ - if (!chroot_dir) - { - fprintf(stderr, _("%s: %d: Out of memory\n"), FIL__, __LINE__); - return 1; - } - sl_strlcpy(chroot_dir, str, len); - block = 1; - return 0; - } - return 1; -} - -int sh_unix_chroot(void) -{ - int status; - - if (chroot_dir != NULL) - { - status = retry_aud_chdir(FIL__, __LINE__, chroot_dir); - if ( (-1) == status ) - { - char errbuf[SH_ERRBUF_SIZE]; - status = errno; - sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, - sh_error_message (status, errbuf, sizeof(errbuf)), chroot_dir); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } - /* flawfinder: ignore */ - return (chroot(chroot_dir)); - } - return 0; -} -/* #ifdef SH_WITH_SERVER */ -#else -int sh_unix_chroot(void) { return 0; } -#endif - -/* daemon mode - */ -static int block_setdeamon = 0; - -int sh_unix_setdeamon(const char * dummy) -{ - int res = 0; - - SL_ENTER(_("sh_unix_setdeamon")); - - if (block_setdeamon != 0) - SL_RETURN((0),_("sh_unix_setdeamon")); - - if (dummy == NULL) - sh.flag.isdaemon = S_TRUE; - else - res = sh_util_flagval (dummy, &sh.flag.isdaemon); - - if (sh.flag.opts == S_TRUE) - block_setdeamon = 1; - - SL_RETURN(res, _("sh_unix_setdeamon")); -} -#if defined(HAVE_LIBPRELUDE) -#include "sh_prelude.h" -#endif - -int sh_unix_setnodeamon(const char * dummy) -{ - int res = 0; - - SL_ENTER(_("sh_unix_setnodeamon")); - - if (block_setdeamon != 0) - SL_RETURN((0),_("sh_unix_setmodeamon")); - - if (dummy == NULL) - sh.flag.isdaemon = S_FALSE; - else - res = sh_util_flagval (dummy, &sh.flag.isdaemon); - - if (sh.flag.opts == S_TRUE) - block_setdeamon = 1; - - SL_RETURN(res, _("sh_unix_setnodeamon")); -} - -int sh_unix_init(int goDaemon) -{ - int status; - uid_t uid; - pid_t oldpid = getpid(); -#if defined(SH_WITH_SERVER) - extern int sh_socket_open_int (void); -#endif - char errbuf[SH_ERRBUF_SIZE]; - - extern void sh_kill_sub(); - - SL_ENTER(_("sh_unix_init")); - - /* fork twice, exit the parent process - */ - if (goDaemon == 1) { - - switch (aud_fork(FIL__, __LINE__)) { - case 0: break; /* child process continues */ - case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ - default: /* parent process exits */ - sh_kill_sub(); - aud__exit(FIL__, __LINE__, 0); - } - - /* Child processes do not inherit page locks across a fork. - * Error in next fork would return in this (?) thread of execution. - */ - sh_unix_memlock(); - - setsid(); /* should not fail */ - sh.pid = (UINT64) getpid(); - - switch (aud_fork(FIL__, __LINE__)) { - case 0: break; /* child process continues */ - case -1: SL_RETURN((-1),_("sh_unix_init")); /* error */ - default: /* parent process exits */ - sh_kill_sub(); - aud__exit(FIL__, __LINE__, 0); - } - - /* Child processes do not inherit page locks across a fork. - */ - sh_unix_memlock(); - sh.pid = (UINT64) getpid(); - - } else { - setsid(); /* should not fail */ - } - - /* set working directory - */ -#ifdef SH_PROFILE - status = 0; -#else - status = retry_aud_chdir(FIL__, __LINE__, "/"); -#endif - if ( (-1) == status ) - { - status = errno; - sh_error_handle ((-1), FIL__, __LINE__, status, MSG_W_CHDIR, - sh_error_message (status, errbuf, sizeof(errbuf)), "/"); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* reset timers - */ - sh_unix_resettimer(); - - /* signal handlers - */ - sh_unix_resetsignals(); -#if defined(SCREW_IT_UP) - sh_sigtrap_prepare(); -#endif - sh_unix_siginstall (goDaemon); - - /* set file creation mask - */ - (void) umask (0); /* should not fail */ - - /* set resource limits to maximum, and - * core dump size to zero - */ - sh_unix_setlimits(); - - /* zero out the environment (like PATH='\0') - */ - sh_unix_zeroenv(); - - if (goDaemon == 1) - { - /* Close first tree file descriptors - */ - sl_close_fd (FIL__, __LINE__, 0); /* if running as daemon */ - sl_close_fd (FIL__, __LINE__, 1); /* if running as daemon */ - sl_close_fd (FIL__, __LINE__, 2); /* if running as daemon */ - - /* Enable full error logging - */ - sh_error_only_stderr (S_FALSE); - - /* open first three streams to /dev/null - */ - status = aud_open(FIL__, __LINE__, SL_NOPRIV, _("/dev/null"), O_RDWR, 0); - if (status < 0) - { - status = errno; - sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, - sh_error_message(status, errbuf, sizeof(errbuf)), _("open")); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } - - status = retry_aud_dup(FIL__, __LINE__, 0); - if (status >= 0) - retry_aud_dup(FIL__, __LINE__, 0); - - if (status < 0) - { - status = errno; - sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, - sh_error_message(status, errbuf, sizeof(errbuf)), _("dup")); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } - - sh_error_enable_unsafe (S_TRUE); -#if defined(HAVE_LIBPRELUDE) - sh_prelude_reset (); -#endif - - /* --- wait until parent has exited --- - */ - while (1 == 1) - { - errno = 0; - if (0 > aud_kill (FIL__, __LINE__, oldpid, 0) && errno == ESRCH) - { - break; - } - retry_msleep(0, 1); - } - - /* write PID file - */ - status = sh_unix_write_pid_file(); - if (status < 0) - { - sl_get_euid(&uid); - sh_error_handle ((-1), FIL__, __LINE__, status, MSG_PIDFILE, - (long) uid, sh.srvlog.alt); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } -#if defined(SH_WITH_SERVER) - sh_socket_open_int (); -#endif - } - else - { - sh_error_enable_unsafe (S_TRUE); -#if defined(HAVE_LIBPRELUDE) - sh_prelude_reset (); -#endif -#if defined(SH_WITH_SERVER) - sh_socket_open_int (); -#endif - } - - /* chroot (this is a no-op if no chroot dir is specified - */ - status = sh_unix_chroot(); - if (status < 0) - { - status = errno; - sh_error_handle((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, - sh_error_message(status, errbuf, sizeof(errbuf)), _("chroot")); - aud_exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* drop capabilities - */ - sl_drop_cap(); - - SL_RETURN((0),_("sh_unix_init")); -} - -/* --- run a command, securely --- */ - -int sh_unix_run_command (const char * str) -{ - pid_t pid; - char * arg[4]; - char * env[5]; - char * path = sh_util_strdup(_("/bin/sh")); - - int status = -1; - - arg[0] = sh_util_strdup(_("/bin/sh")); - arg[1] = sh_util_strdup(_("-c")); - arg[2] = sh_util_strdup(str); - arg[3] = NULL; - - env[0] = sh_util_strdup(_("PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb")); - env[1] = sh_util_strdup(_("SHELL=/bin/sh")); - env[2] = sh_util_strdup(_("IFS= \t\n")); - if (getenv("TZ")) { /* flawfinder: ignore */ - char * tz = sh_util_strdup(getenv("TZ")); /* flawfinder: ignore */ - size_t tzlen = strlen(tz); - if (S_TRUE == sl_ok_adds (4, tzlen)) { - env[3] = SH_ALLOC(4+tzlen); - sl_strlcpy(env[3], "TZ=", 4); - sl_strlcat(env[3], tz , 4+tzlen); - } else { - env[3] = NULL; - } - } else { - env[3] = NULL; - } - env[4] = NULL; - - pid = fork(); - - if (pid == (pid_t)(-1)) - { - return -1; - } - - else if (pid == 0) /* child */ - { - memset(skey, 0, sizeof(sh_key_t)); - (void) umask(S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH); - sh_unix_closeall (3, -1, S_TRUE); /* in child process */ - execve(path, arg, env); - _exit(EXIT_FAILURE); - } - - else /* parent */ - { - int r; - - while((r = waitpid(pid, &status, WUNTRACED)) != pid && r != -1) ; - -#if !defined(USE_UNO) - if (r == -1 || !WIFEXITED(status)) - { - status = -1; - } - else - { - status = WEXITSTATUS(status); - } -#endif - } - - return status; -} - -/******************************************************** - * - * TIME - * - ********************************************************/ - -/* Figure out the time offset of the current timezone - * in a portable way. - */ -char * t_zone(const time_t * xx) -{ - struct tm aa; - struct tm bb; - - struct tm * aptr; - struct tm * bptr; - - int sign = 0; - int diff = 0; - int hh, mm; - static char tz[64]; - - SL_ENTER(_("t_zone")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) - aptr = gmtime_r (xx, &aa); -#else - aptr = gmtime(xx); - if (aptr) - memcpy (&aa, aptr, sizeof(struct tm)); -#endif - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) - bptr = localtime_r (xx, &bb); -#else - bptr = localtime(xx); - if (bptr) - memcpy (&bb, bptr, sizeof(struct tm)); -#endif - - if (bptr && aptr) - { - /* Check for datum wrap-around. - */ - if ((aa.tm_mday == 1) && (aa.tm_mday < bb.tm_mday) && (aa.tm_hour < bb.tm_hour)) - sign = ( 1); - else if (aa.tm_year < bb.tm_year) - sign = (-1); - else if (aa.tm_mon < bb.tm_mon) - sign = (-1); - else if (aa.tm_mday < bb.tm_mday) - sign = (-1); - else if (bb.tm_year < aa.tm_year) - sign = ( 1); - else if (bb.tm_mon < aa.tm_mon) - sign = ( 1); - else if (bb.tm_mday < aa.tm_mday) - sign = ( 1); - - diff = aa.tm_hour * 60 + aa.tm_min; - diff = (bb.tm_hour * 60 + bb.tm_min) - diff; - diff = diff - (sign * 24 * 60); /* datum wrap-around correction */ - hh = diff / 60; - mm = diff - (hh * 60); - sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */ - } - else - { - sprintf (tz, _("%+03d%02d"), 0, 0); - } - SL_RETURN(tz, _("t_zone")); -} - -unsigned long sh_unix_longtime () -{ - return ((unsigned long)time(NULL)); -} - -#ifdef HAVE_GETTIMEOFDAY -unsigned long sh_unix_notime () -{ - struct timeval tv; - - gettimeofday (&tv, NULL); - - return ((unsigned long)(tv.tv_sec + tv.tv_usec * 10835 + getpid() + getppid())); - -} -#endif - -static int count_dev_time = 0; - -void reset_count_dev_time(void) -{ - count_dev_time = 0; - return; -} - -int sh_unix_settimeserver (const char * address) -{ - - SL_ENTER(_("sh_unix_settimeserver")); - - if (address != NULL && count_dev_time < 2 - && sl_strlen(address) < SH_PATHBUF) - { - if (count_dev_time == 0) - sl_strlcpy (sh.srvtime.name, address, SH_PATHBUF); - else - sl_strlcpy (sh.srvtime.alt, address, SH_PATHBUF); - - ++count_dev_time; - SL_RETURN((0), _("sh_unix_settimeserver")); - } - SL_RETURN((-1), _("sh_unix_settimeserver")); -} - - -#ifdef HAVE_NTIME -#define UNIXEPOCH 2208988800UL /* difference between Unix time and net time - * The UNIX EPOCH starts in 1970. - */ -#include <sys/socket.h> -#include <netinet/in.h> -#include <arpa/inet.h> -#include <netdb.h> -#include <ctype.h> -#endif - -/* Timeserver service. */ -/* define is missing on HP-UX 10.20 */ -#ifndef IPPORT_TIMESERVER -#define IPPORT_TIMESERVER 37 -#endif - -char * sh_unix_time (time_t thetime, char * buffer, size_t len) -{ - - int status; - char AsciiTime[81]; /* local time */ - time_t time_now; - struct tm * time_ptr; -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) - struct tm time_tm; -#endif -#ifdef SH_USE_XML - static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ -#else - static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ -#endif - -#ifdef HAVE_NTIME - int fd; /* network file descriptor */ - u_char net_time[4]; /* remote time in network format */ - static int failerr = 0; /* no net time */ - int fail = 0; /* no net time */ - int errflag; - char errmsg[256]; - char error_call[SH_MINIBUF]; - int error_num; -#endif - - SL_ENTER(_("sh_unix_time")); - -#ifdef HAVE_NTIME - if (thetime == 0) - { - if (sh.srvtime.name[0] == '\0') - { - fail = 1; - (void) time (&time_now); - } - else /* have a timeserver address */ - { - /* don't call timeserver more than once per second */ - static time_t time_old = 0; - time_t time_new; - static time_t time_saved = 0; - (void) time (&time_new); - if ((time_new == time_old) && (time_saved != 0)) - { - time_now = time_saved; - goto end; - } - time_old = time_new; - - - fd = connect_port_2 (sh.srvtime.name, sh.srvtime.alt, - IPPORT_TIMESERVER, - error_call, &error_num, errmsg, sizeof(errmsg)); - if (fd >= 0) - { - if (4 != read_port (fd, (char *) net_time, 4, &errflag, 2)) - { - fail = 1; - sh_error_handle ((-1), FIL__, __LINE__, errflag, - MSG_E_NLOST, - _("time"), sh.srvtime.name); - } - sl_close_fd(FIL__, __LINE__, fd); - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, error_num, - MSG_E_NET, errmsg, error_call, - _("time"), sh.srvtime.name); - fail = 1; - } - - if (fail == 0) - { - unsigned long ltmp; - UINT32 ttmp; - memcpy(&ttmp, net_time, sizeof(UINT32)); ltmp = ttmp; - time_now = ntohl(ltmp) - UNIXEPOCH; - time_saved = time_now; - - if (failerr == 1) { - failerr = 0; - sh_error_handle ((-1), FIL__, __LINE__, 0, - MSG_E_NEST, - _("time"), sh.srvtime.name); - } - } - else - { - (void) time (&time_now); - time_saved = 0; - - if (failerr == 0) - { - failerr = 1; - sh_error_handle ((-1), FIL__, __LINE__, errflag, - MSG_SRV_FAIL, - _("time"), sh.srvtime.name); - } - } - end: - ; /* 'label at end of compound statement' */ - } - } - else - { - time_now = thetime; - } - - /* #ifdef HAVE_NTIME */ -#else - - if (thetime == 0) - { - (void) time (&time_now); - } - else - { - time_now = thetime; - } - - /* #ifdef HAVE_NTIME */ -#endif - - if (time_now == (-1) ) - { - sl_strlcpy(buffer, _(deftime), len); - SL_RETURN(buffer, _("sh_unix_time")); - } - else - { -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) - time_ptr = localtime_r (&time_now, &time_tm); -#else - time_ptr = localtime (&time_now); -#endif - } - if (time_ptr != NULL) - { - status = strftime (AsciiTime, sizeof(AsciiTime), -#ifdef SH_USE_XML - _("%Y-%m-%dT%H:%M:%S%%s"), -#else - _("[%Y-%m-%dT%H:%M:%S%%s]"), -#endif - time_ptr); - - sl_snprintf(buffer, len, AsciiTime, t_zone(&time_now)); - - if ( (status == 0) || (status == sizeof(AsciiTime)) ) - { - sl_strlcpy(buffer, _(deftime), len); - SL_RETURN( buffer, _("sh_unix_time")); - } - else - { - SL_RETURN(buffer, _("sh_unix_time")); - } - } - - /* last resort - */ - sl_strlcpy(buffer, _(deftime), len); - SL_RETURN( buffer, _("sh_unix_time")); -} - -static int sh_unix_use_localtime = S_FALSE; - -/* whether to use localtime for file timestamps in logs - */ -int sh_unix_uselocaltime (const char * c) -{ - int i; - SL_ENTER(_("sh_unix_uselocaltime")); - i = sh_util_flagval(c, &(sh_unix_use_localtime)); - - SL_RETURN(i, _("sh_unix_uselocaltime")); -} - -char * sh_unix_gmttime (time_t thetime, char * buffer, size_t len) -{ - - int status; - - struct tm * time_ptr; -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) - struct tm time_tm; -#endif - char AsciiTime[81]; /* GMT time */ -#ifdef SH_USE_XML - static char deftime[] = N_("0000-00-00T00:00:00"); /* default time */ -#else - static char deftime[] = N_("[0000-00-00T00:00:00]"); /* default time */ -#endif - - SL_ENTER(_("sh_unix_gmttime")); - - if (sh_unix_use_localtime == S_FALSE) - { -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GMTIME_R) - time_ptr = gmtime_r (&thetime, &time_tm); -#else - time_ptr = gmtime (&thetime); -#endif - } - else - { -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_LOCALTIME_R) - time_ptr = localtime_r (&thetime, &time_tm); -#else - time_ptr = localtime (&thetime); -#endif - } - if (time_ptr != NULL) - { - status = strftime (AsciiTime, 80, -#ifdef SH_USE_XML - _("%Y-%m-%dT%H:%M:%S"), -#else - _("[%Y-%m-%dT%H:%M:%S]"), -#endif - time_ptr); - - if ( (status == 0) || (status == 80) ) - sl_strlcpy(buffer, _(deftime), len); - else - sl_strlcpy(buffer, AsciiTime, len); - SL_RETURN( buffer, _("sh_unix_gmttime")); - } - - /* last resort - */ - sl_strlcpy(buffer, _(deftime), len); - SL_RETURN( buffer, _("sh_unix_gmttime")); -} - - -char * sh_unix_getUIDdir (int level, uid_t uid, char * out, size_t len) -{ - struct passwd * tempres; - int status = 0; - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - struct passwd pwd; - char * buffer; -#endif - char errbuf[SH_ERRBUF_SIZE]; - - SL_ENTER(_("sh_unix_getUIDdir")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - buffer = SH_ALLOC(SH_PWBUF_SIZE); - sh_getpwuid_r(uid, &pwd, buffer, SH_PWBUF_SIZE, &tempres); -#else - errno = 0; - tempres = sh_getpwuid(uid); - status = errno; -#endif - - if (tempres == NULL) { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("completely missing")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - SL_RETURN( NULL, _("sh_unix_getUIDdir")); - } - - if (tempres->pw_dir != NULL) { - sl_strlcpy(out, tempres->pw_dir, len); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - SL_RETURN( out, _("sh_unix_getUIDdir")); - } else { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("pw_dir")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - SL_RETURN( NULL, _("sh_unix_getUIDdir")); - } -} - -/* ------------------- Caching ----------------*/ -#include "zAVLTree.h" - -#define CACHE_GID 0 -#define CACHE_UID 1 - -struct user_id { - char * name; - uid_t id; - struct user_id * next; -}; - -static struct user_id * uid_list = NULL; -static struct user_id * gid_list = NULL; - -SH_MUTEX_STATIC(mutex_cache, PTHREAD_MUTEX_INITIALIZER); - -static void sh_userid_free(struct user_id * item) -{ - while (item) - { - struct user_id * user = item; - item = item->next; - - SH_FREE(user->name); - SH_FREE(user); - } - return; -} - -void sh_userid_destroy () -{ - struct user_id * tmp_uid; - struct user_id * tmp_gid; - - SH_MUTEX_LOCK_UNSAFE(mutex_cache); - tmp_gid = gid_list; - gid_list = NULL; - tmp_uid = uid_list; - uid_list = NULL; - SH_MUTEX_UNLOCK_UNSAFE(mutex_cache); - - sh_userid_free(tmp_uid); - sh_userid_free(tmp_gid); - return; -} - -static void sh_userid_additem(struct user_id * list, struct user_id * item) -{ - if (list) - { - while (list && list->next) - list = list->next; - list->next = item; - } - return; -} - -static void sh_userid_add(uid_t id, char * username, int which) -{ - size_t len; - struct user_id * user = SH_ALLOC(sizeof(struct user_id)); - - if (username) - len = strlen(username) + 1; - else - len = 1; - - user->name = SH_ALLOC(len); - user->id = id; - if (username) - sl_strlcpy(user->name, username, len); - else - user->name[0] = '\0'; - user->next = NULL; - - SH_MUTEX_LOCK(mutex_cache); - if (which == CACHE_UID) - { - if (!uid_list) - uid_list = user; - else - sh_userid_additem(uid_list, user); - } - else - { - if (!gid_list) - gid_list = user; - else - sh_userid_additem(gid_list, user); - } - SH_MUTEX_UNLOCK(mutex_cache); - - return; -} - -static char * sh_userid_search(struct user_id * list, uid_t id) -{ - while (list) - { - if (list->id == id) - return list->name; - list = list->next; - } - return NULL; -} - -static char * sh_userid_get (uid_t id, int which, char * out, size_t len) -{ - char * user = NULL; - - SH_MUTEX_LOCK_UNSAFE(mutex_cache); - if (which == CACHE_UID) - user = sh_userid_search(uid_list, id); - else - user = sh_userid_search(gid_list, id); - if (user) - { - sl_strlcpy(out, user, len); - user = out; - } - SH_MUTEX_UNLOCK_UNSAFE(mutex_cache); - - return user; -} - -/* --------- end caching code --------- */ - -char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) -{ - struct passwd * tempres; -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - struct passwd pwd; - char * buffer; -#endif - int status = 0; - char errbuf[SH_ERRBUF_SIZE]; - char * tmp; - - SL_ENTER(_("sh_unix_getUIDname")); - - tmp = sh_userid_get(uid, CACHE_UID, out, len); - - if (tmp) - { - if (tmp[0] != '\0') - { - SL_RETURN( out, _("sh_unix_getUIDname")); - } - else - { - SL_RETURN( NULL, _("sh_unix_getUIDname")); - } - } - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWUID_R) - buffer = SH_ALLOC(SH_PWBUF_SIZE); - sh_getpwuid_r(uid, &pwd, buffer, SH_PWBUF_SIZE, &tempres); -#else - errno = 0; - tempres = sh_getpwuid(uid); - status = errno; -#endif - - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("completely missing")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - sh_userid_add(uid, NULL, CACHE_UID); - SL_RETURN( NULL, _("sh_unix_getUIDname")); - } - - - if (tempres->pw_name != NULL) - { - - sl_strlcpy(out, tempres->pw_name, len); - sh_userid_add(uid, out, CACHE_UID); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - SL_RETURN( out, _("sh_unix_getUIDname")); - } - else - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("pw_user")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - SL_RETURN( NULL, _("sh_unix_getUIDname")); - } - /* notreached */ -} - -char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) -{ - struct group * tempres; - int status = 0; - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - struct group grp; - char * buffer; -#endif - char errbuf[SH_ERRBUF_SIZE]; - char * tmp; - - SL_ENTER(_("sh_unix_getGIDname")); - - tmp = sh_userid_get((uid_t)gid, CACHE_GID, out, len); - - if (tmp) - { - if (tmp[0] != '\0') - { - SL_RETURN( out, _("sh_unix_getGIDname")); - } - else - { - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - } - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - buffer = SH_ALLOC(SH_GRBUF_SIZE); - status = sh_getgrgid_r(gid, &grp, buffer, SH_GRBUF_SIZE, &tempres); -#else - errno = 0; - tempres = sh_getgrgid(gid); - status = errno; -#endif - - if (status == ERANGE) - { - static int seen = 0; - - if (seen == 0) - { - sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("line too long in group entry")); - ++seen; - } - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - sh_userid_add(gid, NULL, CACHE_GID); - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("completely missing")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - sh_userid_add(gid, NULL, CACHE_GID); - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - - if (tempres->gr_name != NULL) - { - - sl_strlcpy(out, tempres->gr_name, len); - sh_userid_add((uid_t)gid, out, CACHE_GID); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - SL_RETURN( out, _("sh_unix_getGIDname")); - } - else - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("gr_name")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - /* notreached */ -} - -int sh_unix_getUser () -{ - char * p; - uid_t seuid, sruid; - char user[USER_MAX]; - char dir[SH_PATHBUF]; - - SL_ENTER(_("sh_unix_getUser")); - - seuid = geteuid(); - - sh.effective.uid = seuid; - - p = sh_unix_getUIDdir (SH_ERR_ERR, seuid, dir, sizeof(dir)); - - if (p == NULL) - SL_RETURN((-1), _("sh_unix_getUser")); - else - { - if (sl_strlen(p) >= SH_PATHBUF) { - sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, - _("getpwuid"), (long) seuid, _("pw_home")); - SL_RETURN((-1), _("sh_unix_getUser")); - } else { - sl_strlcpy ( sh.effective.home, p, SH_PATHBUF); - } - } - - sruid = getuid(); - - sh.real.uid = sruid; - - p = sh_unix_getUIDname (SH_ERR_ERR, sruid, user, sizeof(user)); - if (p == NULL) - SL_RETURN((-1), _("sh_unix_getUser")); - else - { - if (sl_strlen(p) >= USER_MAX) { - sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, - _("getpwuid"), (long) sruid, _("pw_user")); - SL_RETURN((-1), _("sh_unix_getUser")); - } else { - sl_strlcpy ( sh.real.user, p, USER_MAX); - } - } - - p = sh_unix_getUIDdir (SH_ERR_ERR, sruid, dir, sizeof(dir)); - - if (p == NULL) - SL_RETURN((-1), _("sh_unix_getUser")); - else - { - if (sl_strlen(p) >= SH_PATHBUF) { - sh_error_handle (SH_ERR_ERR, FIL__, __LINE__, EINVAL, MSG_E_PWLONG, - _("getpwuid"), (long) sruid, _("pw_home")); - SL_RETURN((-1), _("sh_unix_getUser")); - } else { - sl_strlcpy ( sh.real.home, p, SH_PATHBUF); - } - } - - SL_RETURN((0), _("sh_unix_getUser")); - - /* notreached */ -} - - -int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline) -{ - register int count; - register int n = 0; - char c; - - SL_ENTER(_("sh_unix_getline")); - - if (sizeofline < 2) { - line[0] = '\0'; - SL_RETURN((0), _("sh_unix_getline")); - } - - --sizeofline; - - while (n < sizeofline) { - - count = sl_read (fd, &c, 1); - - /* end of file - */ - if (count < 1) { - line[n] = '\0'; - n = -1; - break; - } - - if (/* c != '\0' && */ c != '\n') { - line[n] = c; - ++n; - } else if (c == '\n') { - if (n > 0) { - line[n] = '\0'; - break; - } else { - line[n] = '\n'; /* get newline only if only char on line */ - ++n; - line[n] = '\0'; - break; - } - } else { - line[n] = '\0'; - break; - } - - } - - - line[sizeofline] = '\0'; /* make sure line is terminated */ - SL_RETURN((n), _("sh_unix_getline")); -} - - -#if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) - -/************************************************************** - * - * --- FILE INFO --- - * - **************************************************************/ - -#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS) - -#if defined(__linux__) - -/* --- Determine ext2fs file attributes. --- - */ -#include <sys/ioctl.h> -#if defined(HAVE_EXT2FS_EXT2_FS_H) -#include <ext2fs/ext2_fs.h> -#else -#include <linux/ext2_fs.h> -#endif - -/* __linux__ includes */ -#endif - -static -int sh_unix_getinfo_attr (char * name, - unsigned long * flags, - char * c_attr, - int fd, struct stat * buf) -{ - -/* TAKEN FROM: - * - * lsattr.c - List file attributes on an ext2 file system - * - * Copyright (C) 1993, 1994 Remy Card <card@masi.ibp.fr> - * Laboratoire MASI, Institut Blaise Pascal - * Universite Pierre et Marie Curie (Paris VI) - * - * This file can be redistributed under the terms of the GNU General - * Public License - */ - -#ifdef HAVE_STAT_FLAGS - - SL_ENTER(_("sh_unix_getinfo_attr")); - - *flags = 0; - - /* cast to void to avoid compiler warning about unused parameters */ - (void) fd; - (void) name; - -#ifdef UF_NODUMP - if (buf->st_flags & UF_NODUMP) { - *flags |= UF_NODUMP; - c_attr[0] = 'd'; - } -#endif -#ifdef UF_IMMUTABLE - if (buf->st_flags & UF_IMMUTABLE) { - *flags |= UF_IMMUTABLE; - c_attr[1] = 'i'; - } -#endif -#ifdef UF_APPEND - if (buf->st_flags & UF_APPEND) { - *flags |= UF_APPEND; - c_attr[2] = 'a'; - } -#endif -#ifdef UF_NOUNLINK - if (buf->st_flags & UF_NOUNLINK) { - *flags |= UF_NOUNLINK; - c_attr[3] = 'u'; - } -#endif -#ifdef UF_OPAQUE - if (buf->st_flags & UF_OPAQUE) { - *flags |= UF_OPAQUE; - c_attr[4] = 'o'; - } -#endif -#ifdef SF_ARCHIVED - if (buf->st_flags & SF_ARCHIVED) { - *flags |= SF_ARCHIVED; - c_attr[5] = 'R'; - } - -#endif -#ifdef SF_IMMUTABLE - if (buf->st_flags & SF_IMMUTABLE) { - *flags |= SF_IMMUTABLE; - c_attr[6] = 'I'; - } -#endif -#ifdef SF_APPEND - if (buf->st_flags & SF_APPEND) { - *flags |= SF_APPEND; - c_attr[7] = 'A'; - } -#endif -#ifdef SF_NOUNLINK - if (buf->st_flags & SF_NOUNLINK) { - *flags |= SF_NOUNLINK; - c_attr[8] = 'U'; - } -#endif - - /* ! HAVE_STAT_FLAGS */ -#else - -#ifdef HAVE_EXT2_IOCTLS - int /* fd, */ r, f; - - SL_ENTER(_("sh_unix_getinfo_attr")); - - *flags = 0; - (void) buf; - - /* open() -> aud_open() R.Wichmann - fd = aud_open (FIL__, __LINE__, SL_YESPRIV, name, O_RDONLY|O_NONBLOCK, 0); - */ - - if (fd == -1 || name == NULL) - SL_RETURN(-1, _("sh_unix_getinfo_attr")); - - - r = ioctl (fd, EXT2_IOC_GETFLAGS, &f); - /* sl_close_fd (FIL__, __LINE__, fd); */ - - if (r == -1) - SL_RETURN(-1, _("sh_unix_getinfo_attr")); - - if (f == 0) - SL_RETURN(0, _("sh_unix_getinfo_attr")); - - *flags = f; - -/* ! HAVE_EXT2_IOCTLS */ -#else - - SL_ENTER(_("sh_unix_getinfo_attr")); - - *flags = 0; /* modified by R.Wichmann */ - -/* ! HAVE_EXT2_IOCTLS */ -#endif -/* - * END - * - * lsattr.c - List file attributes on an ext2 file system - */ - - if (*flags == 0) - goto theend; - -#ifdef EXT2_SECRM_FL - if ( (*flags & EXT2_SECRM_FL) != 0 ) c_attr[0] = 's'; -#endif -#ifdef EXT2_UNRM_FL - if ( (*flags & EXT2_UNRM_FL) != 0 ) c_attr[1] = 'u'; -#endif -#ifdef EXT2_SYNC_FL - if ( (*flags & EXT2_SYNC_FL) != 0 ) c_attr[2] = 'S'; -#endif -#ifdef EXT2_IMMUTABLE_FL - if ( (*flags & EXT2_IMMUTABLE_FL) != 0) c_attr[3] = 'i'; -#endif -#ifdef EXT2_APPEND_FL - if ( (*flags & EXT2_APPEND_FL) != 0 ) c_attr[4] = 'a'; -#endif -#ifdef EXT2_NODUMP_FL - if ( (*flags & EXT2_NODUMP_FL) != 0 ) c_attr[5] = 'd'; -#endif -#ifdef EXT2_NOATIME_FL - if ( (*flags & EXT2_NOATIME_FL) != 0) c_attr[6] = 'A'; -#endif -#ifdef EXT2_COMPR_FL - if ( (*flags & EXT2_COMPR_FL) != 0 ) c_attr[7] = 'c'; -#endif - -#ifdef EXT2_TOPDIR_FL - if ( (*flags & EXT2_TOPDIR_FL) != 0 ) c_attr[8] = 'T'; -#endif -#ifdef EXT2_DIRSYNC_FL - if ( (*flags & EXT2_DIRSYNC_FL) != 0 ) c_attr[9] = 'D'; -#endif -#ifdef EXT2_NOTAIL_FL - if ( (*flags & EXT2_NOTAIL_FL) != 0 ) c_attr[10] = 't'; -#endif -#ifdef EXT2_JOURNAL_DATA_FL - if ( (*flags & EXT2_JOURNAL_DATA_FL) != 0) c_attr[11] = 'j'; -#endif - - theend: - /* ext2 */ -#endif - - c_attr[12] = '\0'; - - SL_RETURN(0, _("sh_unix_getinfo_attr")); -} - -/* defined(__linux__) || defined(HAVE_STAT_FLAGS) */ -#endif - -/* determine file type - */ -static -int sh_unix_getinfo_type (struct stat * buf, - ShFileType * type, - char * c_mode) -{ - SL_ENTER(_("sh_unix_getinfo_type")); - - if ( S_ISREG(buf->st_mode) ) { - (*type) = SH_FILE_REGULAR; - c_mode[0] = '-'; - } - else if ( S_ISLNK(buf->st_mode) ) { - (*type) = SH_FILE_SYMLINK; - c_mode[0] = 'l'; - } - else if ( S_ISDIR(buf->st_mode) ) { - (*type) = SH_FILE_DIRECTORY; - c_mode[0] = 'd'; - } - else if ( S_ISCHR(buf->st_mode) ) { - (*type) = SH_FILE_CDEV; - c_mode[0] = 'c'; - } - else if ( S_ISBLK(buf->st_mode) ) { - (*type) = SH_FILE_BDEV; - c_mode[0] = 'b'; - } - else if ( S_ISFIFO(buf->st_mode) ) { - (*type) = SH_FILE_FIFO; - c_mode[0] = '|'; - } - else if ( S_ISSOCK(buf->st_mode) ) { - (*type) = SH_FILE_SOCKET; - c_mode[0] = 's'; - } - else if ( S_ISDOOR(buf->st_mode) ) { - (*type) = SH_FILE_DOOR; - c_mode[0] = 'D'; - } - else if ( S_ISPORT(buf->st_mode) ) { - (*type) = SH_FILE_PORT; - c_mode[0] = 'P'; - } - else { - (*type) = SH_FILE_UNKNOWN; - c_mode[0] = '?'; - } - - SL_RETURN(0, _("sh_unix_getinfo_type")); -} - -int sh_unix_get_ftype(char * fullpath) -{ - char c_mode[CMODE_SIZE]; - struct stat buf; - ShFileType type; - int res; - - SL_ENTER(_("sh_unix_get_ftype")); - - res = retry_lstat(FIL__, __LINE__, fullpath, &buf); - - if (res < 0) - SL_RETURN(SH_FILE_UNKNOWN, _("sh_unix_getinfo_type")); - - sh_unix_getinfo_type (&buf, &type, c_mode); - - SL_RETURN(type, _("sh_unix_get_ftype")); -} - - -static -int sh_unix_getinfo_mode (struct stat *buf, - unsigned int * mode, - char * c_mode) -{ - - SL_ENTER(_("sh_unix_getinfo_mode")); - - (*mode) = buf->st_mode; - - /* make 'ls'-like string */ - - if ( (buf->st_mode & S_IRUSR) != 0 ) c_mode[1] = 'r'; - if ( (buf->st_mode & S_IWUSR) != 0 ) c_mode[2] = 'w'; - if ( (buf->st_mode & S_IXUSR) != 0 ) { - if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 's'; - else c_mode[3] = 'x'; - } else { - if ((buf->st_mode & S_ISUID) != 0 ) c_mode[3] = 'S'; - } - - if ( (buf->st_mode & S_IRGRP) != 0 ) c_mode[4] = 'r'; - if ( (buf->st_mode & S_IWGRP) != 0 ) c_mode[5] = 'w'; - if ( (buf->st_mode & S_IXGRP) != 0 ) { - if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 's'; - else c_mode[6] = 'x'; - } else { - if ((buf->st_mode & S_ISGID) != 0 ) c_mode[6] = 'S'; - } - - if ( (buf->st_mode & S_IROTH) != 0 ) c_mode[7] = 'r'; - if ( (buf->st_mode & S_IWOTH) != 0 ) c_mode[8] = 'w'; -#ifdef S_ISVTX /* not POSIX */ - if ( (buf->st_mode & S_IXOTH) != 0 ) { - if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 't'; - else c_mode[9] = 'x'; - } else { - if ((buf->st_mode & S_ISVTX) != 0 ) c_mode[9] = 'T'; - } -#else - if ( (buf->st_mode & S_IXOTH) != 0 ) c_mode[9] = 'x'; -#endif - - SL_RETURN(0, _("sh_unix_getinfo_mode")); -} - - -long IO_Limit = 0; - -void sh_unix_io_pause () -{ - long runtime; - float someval; - unsigned long sometime; - - if (IO_Limit == 0) - { - return; - } - else - { - runtime = (long) (time(NULL) - sh.statistics.time_start); - - if (runtime > 0 && (long)(sh.statistics.bytes_hashed/runtime) > IO_Limit) - { - someval = sh.statistics.bytes_hashed - (IO_Limit * runtime); - someval /= (float) IO_Limit; - if (someval < 1.0) - { - someval *= 1000; /* milliseconds in a second */ - sometime = (unsigned long) someval; - retry_msleep(0, sometime); - } - else - { - sometime = (unsigned long) someval; - retry_msleep (sometime, 0); - } - } - } - return; -} - -int sh_unix_set_io_limit (const char * c) -{ - long val; - - SL_ENTER(_("sh_unix_set_io_limit")); - - val = strtol (c, (char **)NULL, 10); - if (val < 0) - sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, - _("set I/O limit"), c); - - val = (val < 0 ? 0 : val); - - IO_Limit = val * 1024; - SL_RETURN( 0, _("sh_unix_set_io_limit")); -} - -/* obtain file info - */ -extern int flag_err_debug; - -#include "sh_ignore.h" - -int sh_unix_checksum_size (char * filename, off_t size, int is_max_size, - char * fileHash, int alert_timeout, SL_TICKET fd, unsigned long mask) -{ - file_type * tmpFile; - int status; - - SL_ENTER(_("sh_unix_checksum_size")); - - tmpFile = SH_ALLOC(sizeof(file_type)); - tmpFile->link_path = NULL; - - if (sh.flag.checkSum != SH_CHECK_INIT) - { - /* lookup file in database */ - if (is_max_size == S_TRUE) { - status = sh_hash_get_it (filename, tmpFile, NULL); - if ((status != 0) || (tmpFile->size > size)) { - goto out; - } - } else { - tmpFile->size = size; - } - } - else - { - tmpFile->size = size; - } - - /* if last <= current get checksum */ - if (tmpFile->size <= size) - { - char hashbuf[KEYBUF_SIZE]; - UINT64 local_length = (UINT64) (tmpFile->size < 0 ? 0 : tmpFile->size); - if (sh.flag.opts == S_TRUE) sh_tiger_set_hashtype_mask(mask); - sl_strlcpy(fileHash, - sh_tiger_generic_hash (filename, fd, &(local_length), - alert_timeout, hashbuf, sizeof(hashbuf)), - KEY_LEN+1); - - /* return */ - if (tmpFile->link_path) SH_FREE(tmpFile->link_path); - SH_FREE(tmpFile); - SL_RETURN( 0, _("sh_unix_checksum_size")); - } - - out: - if (tmpFile->link_path) SH_FREE(tmpFile->link_path); - SH_FREE(tmpFile); - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - SL_RETURN( -1, _("sh_unix_checksum_size")); -} - -/******************************************************** - * Search rotated logfile - */ -extern char * sh_rotated_log_search(const char * path, struct stat * buf); - -int sh_check_rotated_log (const char * path, - UINT64 old_size, UINT64 old_inode, const char * old_hash, unsigned long mask) -{ - struct stat obuf; - UINT64 length_nolim = TIGER_NOLIM; - int retval = S_FALSE; - - if (old_size != length_nolim) - { - char hashbuf[KEYBUF_SIZE]; - char * rotated_file; - - obuf.st_ino = old_inode; - rotated_file = sh_rotated_log_search(path, &obuf); - - if (rotated_file && (0 != strcmp(path, rotated_file))) - { - SL_TICKET fd = sl_open_fastread (FIL__, __LINE__, rotated_file, SL_YESPRIV); - if (!SL_ISERROR(fd)) - { - sh_unix_checksum_size (rotated_file, old_size, S_FALSE, - hashbuf, 120 /* alert_timeout */, fd, mask); - - sl_close(fd); - - if (strncmp (old_hash, hashbuf, KEY_LEN) == 0) { - retval = S_TRUE; - } - } - SH_FREE(rotated_file); - } - } - return retval; -} - - -int sh_unix_check_selinux = S_FALSE; -int sh_unix_check_acl = S_FALSE; - -#ifdef USE_ACL - -#include <sys/acl.h> -static char * sh_unix_getinfo_acl (char * path, int fd, struct stat * buf) -{ - /* system.posix_acl_access, system.posix_acl_default - */ - char * out = NULL; - char * collect = NULL; - char * tmp; - char * out_compact; - ssize_t len; - acl_t result; - - SL_ENTER(_("sh_unix_getinfo_acl")); - - result = (fd == -1) ? - acl_get_file (path, ACL_TYPE_ACCESS) : - acl_get_fd (fd); - - if (result) - { - out = acl_to_text (result, &len); - if (out && (len > 0)) { - out_compact = sh_util_acl_compact (out, len); - acl_free(out); - if (out_compact) - { - collect = sh_util_strconcat (_("acl_access:"), out_compact, NULL); - SH_FREE(out_compact); - } - } - acl_free(result); - } - - - if ( S_ISDIR(buf->st_mode) ) - { - result = acl_get_file (path, ACL_TYPE_DEFAULT); - - if (result) - { - out = acl_to_text (result, &len); - if (out && (len > 0)) { - out_compact = sh_util_acl_compact (out, len); - acl_free(out); - if (out_compact) { - if (collect) { - tmp = sh_util_strconcat (_("acl_default:"), - out_compact, ":", collect, NULL); - SH_FREE(collect); - } - else { - tmp = sh_util_strconcat (_("acl_default:"), out_compact, NULL); - } - SH_FREE(out_compact); - collect = tmp; - } - } - acl_free(result); - } - } - - SL_RETURN((collect),_("sh_unix_getinfo_acl")); -} -#endif - -#ifdef USE_XATTR - -#include <attr/xattr.h> -static char * sh_unix_getinfo_xattr_int (char * path, int fd, char * name) -{ - char * out = NULL; - char * tmp = NULL; - size_t size = 256; - ssize_t result; - - SL_ENTER(_("sh_unix_getinfo_xattr_int")); - - out = SH_ALLOC(size); - - result = (fd == -1) ? - lgetxattr (path, name, out, size-1) : - fgetxattr (fd, name, out, size-1); - - if (result == -1 && errno == ERANGE) - { - SH_FREE(out); - result = (fd == -1) ? - lgetxattr (path, name, NULL, 0) : - fgetxattr (fd, name, NULL, 0); - size = result + 1; - out = SH_ALLOC(size); - result = (fd == -1) ? - lgetxattr (path, name, out, size-1) : - fgetxattr (fd, name, out, size-1); - } - - if ((result > 0) && ((size_t)result < size)) - { - out[size-1] = '\0'; - tmp = out; - } - else - { - SH_FREE(out); - } - - SL_RETURN((tmp),_("sh_unix_getinfo_xattr_int")); -} - - -static char * sh_unix_getinfo_xattr (char * path, int fd, struct stat * buf) -{ - /* system.posix_acl_access, system.posix_acl_default, security.selinux - */ - char * tmp; - char * out = NULL; - char * collect = NULL; - - SL_ENTER(_("sh_unix_getinfo_xattr")); - -#ifdef USE_ACL - /* - * we need the acl_get_fd/acl_get_file functions, getxattr will only - * yield the raw bytes - */ - if (sh_unix_check_acl == S_TRUE) - { - out = sh_unix_getinfo_acl(path, fd, buf); - - if (out) - { - collect = out; - } - } -#else - (void) buf; -#endif - - if (sh_unix_check_selinux == S_TRUE) - { - out = sh_unix_getinfo_xattr_int(path, fd, _("security.selinux")); - - if (out) - { - if (collect) { - tmp = sh_util_strconcat(_("selinux:"), out, ":", collect, NULL); - SH_FREE(collect); - } - else { - tmp = sh_util_strconcat(_("selinux:"), out, NULL); - } - SH_FREE(out); - collect = tmp; - } - } - - SL_RETURN((collect),_("sh_unix_getinfo_xattr")); -} -#endif - -#ifdef USE_XATTR -int sh_unix_setcheckselinux (const char * c) -{ - int i; - SL_ENTER(_("sh_unix_setcheckselinux")); - i = sh_util_flagval(c, &(sh_unix_check_selinux)); - - SL_RETURN(i, _("sh_unix_setcheckselinux")); -} -#endif - -#ifdef USE_ACL -int sh_unix_setcheckacl (const char * c) -{ - int i; - SL_ENTER(_("sh_unix_setcheckacl")); - i = sh_util_flagval(c, &(sh_unix_check_acl)); - - SL_RETURN(i, _("sh_unix_setcheckacl")); -} -#endif - -#ifdef HAVE_LIBZ -#include <zlib.h> -#endif - - -static void * sh_dummy_filename; -static void * sh_dummy_tmp; -static void * sh_dummy_tmp2; - -int sh_unix_getinfo (int level, const char * filename, file_type * theFile, - char * fileHash, int policy) -{ - char timestr[81]; - long runtim; - struct stat buf; - struct stat lbuf; - struct stat fbuf; - volatile int stat_return; - volatile int stat_errno = 0; - - ShFileType type; - unsigned int mode; - char * tmp; - char * tmp2; - - char * linknamebuf; - volatile int linksize; - - extern int get_the_fd (SL_TICKET ticket); - - volatile SL_TICKET rval_open; - volatile int err_open = 0; - - volatile int fd; - volatile int fstat_return; - volatile int fstat_errno = 0; - volatile int try = 0; - - sh_string * content = NULL; - - time_t tend; - time_t tstart; - - - char * path = NULL; - - volatile int alert_timeout = 120; - - path = theFile->fullpath; - - SL_ENTER(_("sh_unix_getinfo")); - - if (!MODI_INITIALIZED(theFile->check_flags)) - { - tmp2 = sh_util_safe_name (theFile->fullpath); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGPATH, - _("Uninitialized check mask"), _("sh_unix_getinfo"), - tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - SL_RETURN((-1),_("sh_unix_getinfo")); - } - - /* Take the address to keep gcc from putting it into a register. - * Avoids the 'clobbered by longjmp' warning. - */ - sh_dummy_filename = (void *) &filename; - sh_dummy_tmp = (void *) &tmp; - sh_dummy_tmp2 = (void *) &tmp2; - - /* --- Stat the file, and get checksum. --- - */ - tstart = time(NULL); - - stat_return = retry_lstat (FIL__, __LINE__, - path /* theFile->fullpath */, &buf); - - if (stat_return) - stat_errno = errno; - - theFile->link_path = NULL; - - try_again: - - fd = -1; - fstat_return = -1; - rval_open = -1; - - if (stat_return == 0 && S_ISREG(buf.st_mode)) - { - rval_open = sl_open_fastread (FIL__, __LINE__, - path /* theFile->fullpath */, SL_YESPRIV); - if (SL_ISERROR(rval_open)) - { - char * stale = sl_check_stale(); - - if (stale) - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, err_open, MSG_E_SUBGEN, - stale, _("sh_unix_getinfo_open")); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - - if (errno == EBADF && try == 0) /* obsolete, but we keep this, just in case */ - { - ++try; - goto try_again; - } - err_open = errno; - } - - alert_timeout = 120; /* this is per 8K block now ! */ - - if (path[1] == 'p' && path[5] == '/' && path[2] == 'r' && - path[3] == 'o' && path[4] == 'c' && path[0] == '/') - { - /* seven is magic */ - alert_timeout = 7; - } - - fd = get_the_fd(rval_open); - } - - tend = time(NULL); - - /* An unprivileged user may slow lstat/open to a crawl - * with clever path/symlink setup - */ - if ((tend - tstart) > (time_t) /* 60 */ 6) - { - tmp2 = sh_util_safe_name (theFile->fullpath); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_TOOLATE, - (long)(tend - tstart), tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - } - - if (fd >= 0) - { - fstat_return = retry_fstat (FIL__, __LINE__, fd, &fbuf); - - if (fstat_return) - { - char * stale; - - fstat_errno = errno; - - stale = sl_check_stale(); - - if (stale) - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, fstat_errno, - MSG_E_SUBGEN, - stale, _("sh_unix_getinfo_fstat")); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - - if (try == 0) /* obsolete, but we keep this, just in case */ - { - ++try; - sl_close(rval_open); - goto try_again; - } - } - } - else - { - fd = -1; - } - - - /* --- case 1: lstat failed --- - */ - if (stat_return != 0) - { - stat_return = errno; - if (!SL_ISERROR(rval_open)) - sl_close(rval_open); - if (sh.flag.checkSum == SH_CHECK_INIT || - (sh_hash_have_it (theFile->fullpath) >= 0 && - (!SH_FFLAG_REPORTED_SET(theFile->file_reported)))) - { - if (S_FALSE == sh_ignore_chk_del(theFile->fullpath)) { - int flags = sh_hash_getflags (theFile->fullpath); - - if ((flags >= 0) && (flags & SH_FFLAG_ENOENT) == 0) { - char errbuf[SH_ERRBUF_SIZE]; - uid_t euid; - (void) sl_get_euid(&euid); - tmp2 = sh_util_safe_name (theFile->fullpath); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_STAT, - _("lstat"), - sh_error_message (stat_errno, errbuf, sizeof(errbuf)), - (long) euid, - tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - sh_hash_set_flag (theFile->fullpath, SH_FFLAG_ENOENT); - } - } - } - SL_RETURN((-1),_("sh_unix_getinfo")); - } - - /* --- case 2: not a regular file --- - */ - else if (! S_ISREG(buf.st_mode)) - { - if (fileHash != NULL) - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - } - - /* --- case 3a: a regular file, fstat ok --- - */ - else if (fstat_return == 0 && - buf.st_mode == fbuf.st_mode && - buf.st_ino == fbuf.st_ino && - buf.st_uid == fbuf.st_uid && - buf.st_gid == fbuf.st_gid && - buf.st_dev == fbuf.st_dev ) - { - if (fileHash != NULL) - { - if ((theFile->check_flags & MODI_CHK) == 0 || - sh_restrict_this(theFile->fullpath, (UINT64) fbuf.st_size, - (UINT64) fbuf.st_mode, rval_open)) - { - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - } - else if ((theFile->check_flags & MODI_PREL) != 0 && - S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, - alert_timeout, theFile->fullpath)) - { - if (0 != sh_prelink_run (theFile->fullpath, - fileHash, alert_timeout, theFile->check_flags)) - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - } - else - { - char hashbuf[KEYBUF_SIZE]; - UINT64 length_current = TIGER_NOLIM; - - if (MODI_TXT_ENABLED(theFile->check_flags) && fbuf.st_size < (10 * SH_TXT_MAX)) - { - sl_init_content (rval_open, fbuf.st_size); - } - - if (sh.flag.opts == S_TRUE) sh_tiger_set_hashtype_mask(theFile->check_flags); - sl_strlcpy(fileHash, - sh_tiger_generic_hash (theFile->fullpath, - rval_open, &length_current, - alert_timeout, - hashbuf, sizeof(hashbuf)), - KEY_LEN+1); - - content = sl_get_content(rval_open); - content = sh_string_copy(content); - - if ((theFile->check_flags & MODI_SGROW) != 0) - { - /* Update size so it matches the one for which the checksum - has been computed */ - fbuf.st_size = length_current; - buf.st_size = fbuf.st_size; - sl_rewind(rval_open); - sh_unix_checksum_size (theFile->fullpath, length_current, S_TRUE, - &fileHash[KEY_LEN + 1], - alert_timeout, rval_open, theFile->check_flags); - } - } - } - } - - /* --- case 3b: a regular file, fstat ok, but different --- - */ - else if (fstat_return == 0 && S_ISREG(fbuf.st_mode)) - { - memcpy (&buf, &fbuf, sizeof( struct stat )); - - if (fileHash != NULL) - { - if ((theFile->check_flags & MODI_CHK) == 0 || - sh_restrict_this(theFile->fullpath, (UINT64) fbuf.st_size, - (UINT64) fbuf.st_mode, rval_open)) - { - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - } - else if (policy == SH_LEVEL_PRELINK && - S_TRUE == sh_prelink_iself(rval_open, fbuf.st_size, - alert_timeout, theFile->fullpath)) - { - if (0 != sh_prelink_run (theFile->fullpath, - fileHash, alert_timeout, theFile->check_flags)) - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - } - else - { - char hashbuf[KEYBUF_SIZE]; - UINT64 length_current = TIGER_NOLIM; - - if (MODI_TXT_ENABLED(theFile->check_flags) && fbuf.st_size < (10 * SH_TXT_MAX)) - { - sl_init_content (rval_open, fbuf.st_size); - } - - if (sh.flag.opts == S_TRUE) sh_tiger_set_hashtype_mask(theFile->check_flags); - sl_strlcpy(fileHash, - sh_tiger_generic_hash (theFile->fullpath, rval_open, - &length_current, - alert_timeout, - hashbuf, sizeof(hashbuf)), - KEY_LEN + 1); - - content = sl_get_content(rval_open); - content = sh_string_copy(content); - - if ((theFile->check_flags & MODI_SGROW) != 0) - { - /* Update size so it matches the one for which the checksum - has been computed */ - fbuf.st_size = length_current; - buf.st_size = fbuf.st_size; - sl_rewind(rval_open); - sh_unix_checksum_size (theFile->fullpath, length_current, S_TRUE, - &fileHash[KEY_LEN + 1], - alert_timeout, rval_open, theFile->check_flags); - } - } - } - } - - /* --- case 4: a regular file, fstat failed --- - */ - - else /* fstat_return != 0 or !S_ISREG(fbuf.st_mode) or open() failed */ - { - uid_t euid; - - if (fileHash != NULL) - sl_strlcpy(fileHash, SH_KEY_NULL, KEY_LEN+1); - - if ((theFile->check_flags & MODI_CHK) != 0) - { - tmp2 = sh_util_safe_name (theFile->fullpath); - - - if (fd >= 0 && fstat_return != 0) - { - char errbuf[SH_ERRBUF_SIZE]; - (void) sl_get_euid(&euid); - - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, stat_return, MSG_FI_STAT, - _("fstat"), - sh_error_message (fstat_errno, errbuf, sizeof(errbuf)), - (long) euid, - tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - else if (fd >= 0 && !S_ISREG(fbuf.st_mode)) - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, fstat_errno, - MSG_E_NOTREG, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - else - { - char errbuf[SH_ERRBUF_SIZE]; - char errbuf2[SH_ERRBUF_SIZE]; - sl_strlcpy(errbuf, sl_error_string(rval_open), sizeof(errbuf)); - sh_error_message(err_open, errbuf2, sizeof(errbuf2)); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, err_open, - MSG_E_READ, errbuf, errbuf2, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - SH_FREE(tmp2); - } - } - - - /* --- Determine file type. --- - */ - memset (theFile->c_mode, '-', CMODE_SIZE-1); - theFile->c_mode[CMODE_SIZE-1] = '\0'; - - memset (theFile->link_c_mode, '-', CMODE_SIZE-1); - theFile->link_c_mode[CMODE_SIZE-1] = '\0'; - - sh_unix_getinfo_type (&buf, &type, theFile->c_mode); - theFile->type = type; - -#if defined(__linux__) || defined(HAVE_STAT_FLAGS) - - /* --- Determine file attributes. --- - */ - memset (theFile->c_attributes, '-', ATTRBUF_SIZE); - theFile->c_attributes[ATTRBUF_USED] = '\0'; - theFile->attributes = 0; - -#if (defined(__linux__) && (defined(HAVE_LINUX_EXT2_FS_H) || defined(HAVE_EXT2FS_EXT2_FS_H))) || defined(HAVE_STAT_FLAGS) - if (theFile->c_mode[0] != 'c' && theFile->c_mode[0] != 'b' && - theFile->c_mode[0] != 'l' ) - sh_unix_getinfo_attr(theFile->fullpath, - &theFile->attributes, theFile->c_attributes, - fd, &buf); -#endif -#endif - -#if defined(USE_XATTR) && defined(USE_ACL) - if (sh_unix_check_selinux == S_TRUE || sh_unix_check_acl == S_TRUE) - theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf); -#elif defined(USE_XATTR) - if (sh_unix_check_selinux == S_TRUE) - theFile->attr_string = sh_unix_getinfo_xattr (theFile->fullpath, fd, &buf); -#elif defined(USE_ACL) - if (sh_unix_check_acl == S_TRUE) - theFile->attr_string = sh_unix_getinfo_acl (theFile->fullpath, fd, &buf); -#else - theFile->attr_string = NULL; -#endif - - if (!SL_ISERROR(rval_open)) - sl_close(rval_open); - - - /* --- I/O limit. --- - */ - if (IO_Limit > 0) - { - runtim = (long) (time(NULL) - sh.statistics.time_start); - - if (runtim > 0 && (long)(sh.statistics.bytes_hashed/runtim) > IO_Limit) - retry_msleep(1, 0); - } - - /* --- Determine permissions. --- - */ - sh_unix_getinfo_mode (&buf, &mode, theFile->c_mode); - - /* --- Trivia. --- - */ - theFile->dev = buf.st_dev; - theFile->ino = buf.st_ino; - theFile->mode = buf.st_mode; - theFile->hardlinks = buf.st_nlink; - theFile->owner = buf.st_uid; - theFile->group = buf.st_gid; - theFile->rdev = buf.st_rdev; - theFile->size = buf.st_size; - theFile->blksize = (unsigned long) buf.st_blksize; - theFile->blocks = (unsigned long) buf.st_blocks; - theFile->atime = buf.st_atime; - theFile->mtime = buf.st_mtime; - theFile->ctime = buf.st_ctime; - - - /* --- Owner and group. --- - */ - - if (NULL == sh_unix_getGIDname(SH_ERR_ALL, buf.st_gid, theFile->c_group, GROUP_MAX+1)) { - - tmp2 = sh_util_safe_name (theFile->fullpath); - - if (policy == SH_LEVEL_ALLIGNORE) - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, - MSG_FI_NOGRP, - (long) buf.st_gid, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - else - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, - MSG_FI_NOGRP, - (long) buf.st_gid, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - SH_FREE(tmp2); - sl_snprintf(theFile->c_group, GROUP_MAX+1, "%d", (long) buf.st_gid); - } - - - if (NULL == sh_unix_getUIDname(SH_ERR_ALL, buf.st_uid, theFile->c_owner, USER_MAX+1)) { - - tmp2 = sh_util_safe_name (theFile->fullpath); - - if (policy == SH_LEVEL_ALLIGNORE) - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, ENOENT, - MSG_FI_NOUSR, - (long) buf.st_uid, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - else - { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (ShDFLevel[SH_ERR_T_NAME], FIL__, __LINE__, ENOENT, - MSG_FI_NOUSR, - (long) buf.st_uid, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - SH_FREE(tmp2); - sl_snprintf(theFile->c_owner, USER_MAX+1, "%d", (long) buf.st_uid); - } - - /* --- Output the file. --- - */ - if (flag_err_debug == S_TRUE) - { - tmp2 = sh_util_safe_name ((filename == NULL) ? - theFile->fullpath : filename); - (void) sh_unix_time(theFile->mtime, timestr, sizeof(timestr)); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LIST, - theFile->c_mode, - theFile->hardlinks, - theFile->c_owner, - theFile->c_group, - (unsigned long) theFile->size, - timestr, - tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - } - - /* --- Check for links. --- - */ - if (theFile->c_mode[0] == 'l') - { - linknamebuf = SH_ALLOC(PATH_MAX); - - /* flawfinder: ignore */ - linksize = readlink (theFile->fullpath, linknamebuf, PATH_MAX-1); - - if (linksize < (PATH_MAX-1) && linksize >= 0) - linknamebuf[linksize] = '\0'; - else - linknamebuf[PATH_MAX-1] = '\0'; - - if (linksize < 0) - { - char errbuf[SH_ERRBUF_SIZE]; - linksize = errno; - tmp2 = sh_util_safe_name (theFile->fullpath); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, linksize, MSG_FI_RDLNK, - sh_error_message (linksize, errbuf, sizeof(errbuf)), tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - SH_FREE(linknamebuf); - theFile->link_path = sh_util_strdup("-"); - SL_RETURN((-1),_("sh_unix_getinfo")); - } - - if (linknamebuf[0] == '/') - { - theFile->link_path = sh_util_strdup (linknamebuf); - } - else - { - tmp = sh_util_dirname(theFile->fullpath); - if (tmp) { - theFile->link_path = SH_ALLOC(PATH_MAX); - sl_strlcpy (theFile->link_path, tmp, PATH_MAX); - SH_FREE(tmp); - } else { - theFile->link_path = SH_ALLOC(PATH_MAX); - theFile->link_path[0] = '\0'; - } - /* - * Only attach '/' if not root directory. Handle "//", which - * according to POSIX is implementation-defined, and may be - * different from "/" (however, three or more '/' will collapse - * to one). - */ - tmp = theFile->link_path; while (*tmp == '/') ++tmp; - if (*tmp != '\0') - { - sl_strlcat (theFile->link_path, "/", PATH_MAX); - } - sl_strlcat (theFile->link_path, linknamebuf, PATH_MAX); - } - - /* stat the link - */ - stat_return = retry_lstat (FIL__, __LINE__, theFile->link_path, &lbuf); - - /* check for error - */ - if (stat_return != 0) - { - stat_return = errno; - tmp = sh_util_safe_name (theFile->fullpath); - tmp2 = sh_util_safe_name (theFile->link_path); - if (stat_return != ENOENT) - { - uid_t euid; - char errbuf[SH_ERRBUF_SIZE]; - - (void) sl_get_euid(&euid); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (level, FIL__, __LINE__, stat_return, - MSG_FI_STAT, - _("lstat (link target)"), - sh_error_message (stat_return,errbuf, sizeof(errbuf)), - (long) euid, - tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - else - { - /* a dangling link -- everybody seems to have plenty of them - */ - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_DLNK, - tmp, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - theFile->linkisok = BAD; - SH_FREE(tmp); - SH_FREE(tmp2); - SH_FREE(linknamebuf); - /* - * changed Tue Feb 10 16:16:13 CET 2004: - * add dangling symlinks into database - * SL_RETURN((-1),_("sh_unix_getinfo")); - */ - theFile->linkmode = 0; - SL_RETURN((0),_("sh_unix_getinfo")); - } - - theFile->linkisok = GOOD; - - - /* --- Determine file type. --- - */ - sh_unix_getinfo_type (&lbuf, &type, theFile->link_c_mode); - theFile->type = type; - - /* --- Determine permissions. --- - */ - sh_unix_getinfo_mode (&lbuf, &mode, theFile->link_c_mode); - theFile->linkmode = lbuf.st_mode; - - /* --- Output the link. --- - */ - if (theFile->linkisok == GOOD) - { - tmp2 = sh_util_safe_name (linknamebuf); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_FI_LLNK, - theFile->link_c_mode, tmp2); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tmp2); - } - SH_FREE(linknamebuf); - } - else /* not a link, theFile->c_mode[0] != 'l' */ - { - if (content) - { -#ifdef HAVE_LIBZ - unsigned long clen; - unsigned char * compressed; -#ifdef HAVE_COMPRESSBOUND - clen = compressBound(sh_string_len(content)); -#else - if (sh_string_len(content) > 10*SH_TXT_MAX) - clen = SH_TXT_MAX; - else - clen = 13 + (int)(1.0001*sh_string_len(content)); -#endif - compressed = SH_ALLOC(clen); - if (Z_OK == compress(compressed, &clen, - (unsigned char *) sh_string_str(content), - sh_string_len(content))) - { - if (clen < SH_TXT_MAX) - { - sh_util_base64_enc_alloc (&(theFile->link_path), - (char *) compressed, clen); - } - else - { - char tmsg[128]; - char * tpath = sh_util_safe_name (theFile->fullpath); - sl_snprintf(tmsg, sizeof(tmsg), - _("compressed file too large (%lu bytes)"), - clen); - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle (SH_ERR_WARN, FIL__, __LINE__, -1, - MSG_E_SUBGPATH, tmsg, - _("sh_unix_getinfo"), tpath); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - SH_FREE(tpath); - } - } - SH_FREE(compressed); -#endif - sh_string_destroy(&content); - } - } - SL_RETURN((0),_("sh_unix_getinfo")); -} - -/* #if defined (SH_WITH_CLIENT) || defined (SH_STANDALONE) */ -#endif - -int sh_unix_unlock(char * lockfile, char * flag) -{ - int error = 0; - - SL_ENTER(_("sh_unix_unlock")); - - if (sh.flag.isdaemon == S_FALSE && flag == NULL) - SL_RETURN((0),_("sh_unix_unlock")); - - /* --- Logfile is not locked to us. --- - */ - if (sh.flag.islocked == BAD && flag != NULL) - SL_RETURN((-1),_("sh_unix_unlock")); - - /* --- Check whether the directory is secure. --- - */ - if (0 != tf_trust_check (lockfile, SL_YESPRIV)) - SL_RETURN((-1),_("sh_unix_unlock")); - - /* --- Delete the lock file. --- - */ - error = retry_aud_unlink (FIL__, __LINE__, lockfile); - - if (error == 0) - { - if (flag != NULL) - sh.flag.islocked = BAD; /* not locked anymore */ - } - else if (flag != NULL) - { - char errbuf[SH_ERRBUF_SIZE]; - error = errno; - sh_error_handle ((-1), FIL__, __LINE__, error, MSG_E_UNLNK, - sh_error_message(error, errbuf, sizeof(errbuf)), - lockfile); - SL_RETURN((-1),_("sh_unix_unlock")); - } - SL_RETURN((0),_("sh_unix_unlock")); -} - -int sh_unix_check_piddir (char * pidpath) -{ - static struct stat buf; - int status = 0; - char * pid_dir; - - SL_ENTER(_("sh_unix_check_piddir")); - - pid_dir = sh_util_dirname (pidpath); - - status = retry_lstat (FIL__, __LINE__, pid_dir, &buf); - - if (status < 0 && errno == ENOENT) - { - status = mkdir (pid_dir, 0777); - if (status < 0) - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - _("Cannot create PID directory"), - _("sh_unix_check_piddir")); - SH_FREE(pid_dir); - SL_RETURN((-1),_("sh_unix_check_piddir")); - } - } - else if (!S_ISDIR(buf.st_mode)) - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - _("Path of PID directory refers to a non-directory object"), - _("sh_unix_check_piddir")); - SH_FREE(pid_dir); - SL_RETURN((-1),_("sh_unix_check_piddir")); - } - SH_FREE(pid_dir); - SL_RETURN((0),_("sh_unix_check_piddir")); -} - -int sh_unix_lock (char * lockfile, char * flag) -{ - int filed; - int errnum; - char myPid[64]; - SL_TICKET fd; - extern int get_the_fd (SL_TICKET ticket); - - SL_ENTER(_("sh_unix_lock")); - - sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ - - if (flag == NULL) /* PID file, check for directory */ - { - if (0 != sh_unix_check_piddir (lockfile)) - { - SL_RETURN((-1),_("sh_unix_lock")); - } - } - - fd = sl_open_safe_rdwr (FIL__, __LINE__, - lockfile, SL_YESPRIV); /* fails if file exists */ - - if (!SL_ISERROR(fd)) - { - errnum = sl_write (fd, myPid, sl_strlen(myPid)); - filed = get_the_fd(fd); - fchmod (filed, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH); - sl_close (fd); - - if (!SL_ISERROR(errnum)) - { - if (flag != NULL) - sh.flag.islocked = GOOD; - SL_RETURN((0),_("sh_unix_lock")); - } - } - - TPT((0, FIL__, __LINE__, _("msg=<open pid file failed>\n"))); - if (flag != NULL) - sh.flag.islocked = BAD; - SL_RETURN((-1),_("sh_unix_lock")); - - /* notreached */ -} - - -/* check whether file is locked - */ -int sh_unix_test_and_lock (char * filename, char * lockfile) -{ - static struct stat buf; - int status = 0; - - - SL_TICKET fd; - char line_in[128]; - - SL_ENTER(_("sh_unix_test_and_lock")); - - status = retry_lstat (FIL__, __LINE__, lockfile, &buf); - - /* --- No lock file found, try to lock. --- - */ - - if (status < 0 && errno == ENOENT) - { - if (0 == sh_unix_lock (lockfile, filename)) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - SL_RETURN((0),_("sh_unix_test_and_lock")); - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot create PID file (1)") : _("Cannot create lock file (1)"), - _("sh_unix_test_and_lock")); - SL_RETURN((-1),_("sh_unix_test_and_lock")); - } - } - else if (status == 0 && buf.st_size == 0) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - sh_unix_unlock (lockfile, filename); - if (filename != NULL) - sh.flag.islocked = BAD; - if (0 == sh_unix_lock (lockfile, filename)) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - SL_RETURN((0),_("sh_unix_test_and_lock")); - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot create PID file (2)") : _("Cannot create lock file (2)"), - _("sh_unix_test_and_lock")); - SL_RETURN((-1),_("sh_unix_test_and_lock")); - } - } - - /* --- Check on lock. --- - */ - - if (status >= 0) - { - fd = sl_open_read (FIL__, __LINE__, lockfile, SL_YESPRIV); - if (SL_ISERROR(fd)) - sh_error_handle ((-1), FIL__, __LINE__, fd, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot open PID file for read") : _("Cannot open lock file for read"), - _("sh_unix_test_and_lock")); - } - else - fd = -1; - - if (!SL_ISERROR(fd)) - { - /* read the PID in the lock file - */ - status = sl_read (fd, line_in, sizeof(line_in)); - line_in[sizeof(line_in)-1] = '\0'; - - /* convert to numeric - */ - if (status > 0) - { - errno = 0; - status = strtol(line_in, (char **)NULL, 10); - if (errno == ERANGE || status <= 0) - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Bad PID in PID file") : _("Bad PID in lock file"), - _("sh_unix_test_and_lock")); - - status = -1; - } - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot read PID file") : _("Cannot read lock file"), - _("sh_unix_test_and_lock")); - } - sl_close(fd); - - if (status > 0 && (unsigned int) status == sh.pid) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - SL_RETURN((0),_("sh_unix_test_and_lock")); - } - - - /* --- Check whether the process exists. --- - */ - if (status > 0) - { - errno = 0; - status = aud_kill (FIL__, __LINE__, status, 0); - - /* Does not exist, so remove the stale lock - * and create a new one. - */ - if (status < 0 && errno == ESRCH) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - if (0 != sh_unix_unlock(lockfile, filename) && (filename !=NULL)) - sh.flag.islocked = BAD; - else - { - if (0 == sh_unix_lock (lockfile, filename)) - { - if (filename != NULL) - sh.flag.islocked = GOOD; - SL_RETURN((0),_("sh_unix_test_and_lock")); - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot create PID file (3)") : _("Cannot create lock file (3)"), - _("sh_unix_test_and_lock")); - } - if (filename != NULL) - sh.flag.islocked = BAD; - } - } - else - { - sh_error_handle ((-1), FIL__, __LINE__, status, - MSG_E_SUBGEN, - (filename == NULL) ? _("Cannot remove stale PID file, PID may be a running process") : _("Cannot remove stale lock file, PID may be a running process"), - _("sh_unix_test_and_lock")); - if (filename != NULL) - sh.flag.islocked = BAD; - } - } - } - SL_RETURN((-1),_("sh_unix_testlock")); -} - -/* write the PID file - */ -int sh_unix_write_pid_file() -{ - return sh_unix_test_and_lock(NULL, sh.srvlog.alt); -} - -/* write lock for filename - */ -int sh_unix_write_lock_file(char * filename) -{ - size_t len; - int res; - char * lockfile; - - if (filename == NULL) - return (-1); - - len = sl_strlen(filename); - if (sl_ok_adds(len, 6)) - len += 6; - lockfile = SH_ALLOC(len); - sl_strlcpy(lockfile, filename, len); - sl_strlcat(lockfile, _(".lock"), len); - res = sh_unix_test_and_lock(filename, lockfile); - SH_FREE(lockfile); - return res; -} - -/* rm lock for filename - */ -int sh_unix_rm_lock_file(char * filename) -{ - size_t len; - int res; - char * lockfile; - - if (filename == NULL) - return (-1); - - len = sl_strlen(filename); - if (sl_ok_adds(len, 6)) - len += 6; - lockfile = SH_ALLOC(len); - sl_strlcpy(lockfile, filename, len); - sl_strlcat(lockfile, _(".lock"), len); - - res = sh_unix_unlock(lockfile, filename); - SH_FREE(lockfile); - return res; -} - -/* rm lock for filename - */ -int sh_unix_rm_pid_file() -{ - return sh_unix_unlock(sh.srvlog.alt, NULL); -} - -/* Test whether file exists - */ -int sh_unix_file_exists(char * path) -{ - struct stat buf; - - SL_ENTER(_("sh_unix_file_exists")); - - if (0 == retry_lstat(FIL__, __LINE__, path, &buf)) - SL_RETURN( S_TRUE, _("sh_unix_file_exists")); - else - SL_RETURN( S_FALSE, _("sh_unix_file_exists")); -} - - -/* Test whether file exists, is a character device, and allows read - * access. - */ -int sh_unix_device_readable(int fd) -{ - struct stat buf; - - SL_ENTER(_("sh_unix_device_readable")); - - if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1) - SL_RETURN( (-1), _("sh_unix_device_readable")); - else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) - SL_RETURN( (0), _("sh_unix_device_readable")); - else - SL_RETURN( (-1), _("sh_unix_device_readable")); -} - -static char preq[16]; - -/* return true if database is remote - */ -int file_is_remote () -{ - static int init = 0; - struct stat buf; - - SL_ENTER(_("file_is_remote")); - - if (init == 0) - { - sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); - ++init; - } - if (0 == sl_strncmp (sh.data.path, preq, 15)) - { - if (sh.data.path[15] != '\0') /* should be start of path */ - { - if (0 == stat(&(sh.data.path[15]), &buf)) - { - SL_RETURN( S_FALSE, _("file_is_remote")); - } - else - { - char * tmp = sh_util_safe_name (&(sh.data.path[15])); - sh_error_handle((-1), FIL__, __LINE__, S_FALSE, MSG_E_SUBGPATH, - _("No local baseline database at expected path"), - _("file_is_remote"), - tmp); - SH_FREE(tmp); - } - } - else - { - sh_error_handle((-1), FIL__, __LINE__, S_FALSE, MSG_E_SUBGEN, - _("No local baseline database path known"), - _("file_is_remote")); - } - SL_RETURN( S_TRUE, _("file_is_remote")); - } - SL_RETURN( S_FALSE, _("file_is_remote")); -} - -/* Return the path to the configuration/database file. - */ -char * file_path(char what, char flag) -{ - static int init = 0; - - SL_ENTER(_("file_path")); - - if (init == 0) - { - sl_strlcpy(preq, _("REQ_FROM_SERVER"), 16); - ++init; - } - - switch (what) - { - - case 'C': - if (0 == sl_strncmp (sh.conf.path, preq, 15)) - { -#if defined(SH_WITH_SERVER) - if (sh.flag.isserver == S_TRUE && sl_strlen(sh.conf.path) == 15) - SL_RETURN( NULL, _("file_path")); - if (sh.flag.isserver == S_TRUE) - SL_RETURN( &(sh.conf.path[15]), _("file_path")); -#endif - if (flag == 'R') - SL_RETURN( preq, _("file_path")); - if (flag == 'I') - { - if (sl_strlen(sh.conf.path) == 15) - SL_RETURN( NULL, _("file_path")); - else - SL_RETURN( &(sh.conf.path[15]), _("file_path")); - } - SL_RETURN ( preq, _("file_path")); - } - else - SL_RETURN( sh.conf.path, _("file_path")); - /* break; *//* unreachable */ - - case 'D': - if (0 == sl_strncmp (sh.data.path, preq, 15)) - { - if (flag == 'R') - SL_RETURN( preq, _("file_path")); - if (flag == 'W' && sl_strlen(sh.data.path) == 15) - SL_RETURN (NULL, _("file_path")); - if (flag == 'W') - SL_RETURN( &(sh.data.path[15]), _("file_path")); - } - else - SL_RETURN( sh.data.path, _("file_path")); - break; - - default: - SL_RETURN( NULL, _("file_path")); - } - - return NULL; /* notreached */ -} -/************************************************/ -/**** Mlock Utilities ****/ -/************************************************/ - -#include <limits.h> - -int sh_unix_pagesize() -{ - int pagesize = 4096; -#if defined(_SC_PAGESIZE) - pagesize = sysconf(_SC_PAGESIZE); -#elif defined(_SC_PAGE_SIZE) - pagesize = sysconf(_SC_PAGE_SIZE); -#elif defined(HAVE_GETPAGESIZE) - pagesize = getpagesize(); -#elif defined(PAGESIZE) - pagesize = PAGESIZE; -#endif - - return ((pagesize > 0) ? pagesize : 4096); -} - -typedef struct sh_page_lt { - unsigned long page_start; - int page_refcount; - char file[64]; - int line; - struct sh_page_lt * next; -} sh_page_l; - -sh_page_l * sh_page_locked = NULL; -volatile int page_locking = 0; - -unsigned long sh_unix_lookup_page (void * in_addr, size_t len, int * num_pages) -{ - int pagesize = sh_unix_pagesize(); - unsigned long addr = (unsigned long) in_addr; - - unsigned long pagebase; - unsigned long pagediff; - unsigned long pagenum = addr / pagesize; - - SL_ENTER(_("sh_unix_lookup_page")); -#if 0 - fprintf(stderr, "mlock: --> base %ld, pagenum: %ld\n", - addr, pagenum); -#endif - - /* address of first page - */ - pagebase = pagenum * pagesize; - - /* number of pages - */ - pagediff = (addr + len) - pagebase; - pagenum = pagediff / pagesize; - if (pagenum * pagesize < pagediff) - ++pagenum; - -#if 0 - fprintf(stderr, "mlock: --> pagebase %ld, pagediff %ld, (addr + len) %ld\n", - pagebase, pagediff, (addr + len)); -#endif - - *num_pages = pagenum; - SL_RETURN((pagebase), _("sh_unix_lookup_page")); -} - - -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) - -SH_MUTEX_STATIC(mutex_mlock,PTHREAD_MUTEX_INITIALIZER); - -int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len) -{ - int num_pages; - int status = 0; - int pagesize; - sh_page_l * page_list; - unsigned long addr; -#ifdef TEST_MLOCK - int i = 0; -#endif - - SL_ENTER(_("sh_unix_mlock")); - - /* There's no cancellation point here, except if tracing is on - */ - SH_MUTEX_LOCK_UNSAFE(mutex_mlock); - - page_list = sh_page_locked; - - if (0 != page_locking) - { - status = -1; - goto exit_mlock; - } - - page_locking = 1; - - pagesize = sh_unix_pagesize(); - addr = sh_unix_lookup_page (in_addr, len, &num_pages); - -#ifdef TEST_MLOCK - fprintf(stderr, "mlock: addr %ld, base %ld, pages: %d, length %d\n", - (unsigned long) in_addr, addr, num_pages, len); -#endif - - /* increase refcount of locked pages - * addr is first page; num_pages is #(consecutive pages) to lock - */ - - while ((page_list != NULL) && (num_pages > 0)) - { -#ifdef TEST_MLOCK - fprintf(stderr, "mlock: check page %d: %ld [%d]\n", - i, page_list->page_start, page_list->page_refcount); -#endif - if (page_list->page_start == addr) - { - page_list->page_refcount += 1; - num_pages -= 1; - addr += pagesize; -#ifdef TEST_MLOCK - fprintf(stderr, "mlock: found page %d: %ld [%d], next page %ld\n", - i, page_list->page_start, page_list->page_refcount, addr); -#endif - } -#ifdef TEST_MLOCK - ++i; -#endif - page_list = page_list->next; - } - - /* mlock some more pages, if needed - */ - while (num_pages > 0) - { -#ifdef TEST_MLOCK - fprintf(stderr, "mlock: lock page %d: mlock %ld [num_pages %d]\n", - i, addr, num_pages); - ++i; -#endif - page_list = SH_ALLOC(sizeof(sh_page_l)); - page_list->page_start = addr; - page_list->page_refcount = 1; - sl_strlcpy(page_list->file, file, 64); - page_list->line = line; - status = mlock( (void *) addr, pagesize); - if (status != 0) - { -#ifdef TEST_MLOCK - char errbuf[SH_ERRBUF_SIZE]; - fprintf(stderr, "mlock: error: %s\n", - sh_error_message(errno, errbuf, sizeof(errbuf))); -#endif - SH_FREE(page_list); - page_locking = 0; - goto exit_mlock; - } - page_list->next = sh_page_locked; - sh_page_locked = page_list; - num_pages -= 1; - addr += pagesize; - } - page_locking = 0; - - exit_mlock: - SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); - - SL_RETURN((status), _("sh_unix_mlock")); -} -#else -int sh_unix_mlock (const char * file, int line, void * in_addr, size_t len) -{ - (void) file; (void) line; - (void) in_addr; (void) len; - return -1; -} -#endif - -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) -int sh_unix_munlock (void * in_addr, size_t len) -{ - int num_pages; - int unlocked; - int status; - int pagesize; - sh_page_l * page_list; - sh_page_l * page_last; - unsigned long addr; - - int test_count; - int test_status; - int test_pages; - -#ifdef TEST_MLOCK - int i = 0; -#endif - - SL_ENTER(_("sh_unix_munlock")); - - /* There's no cancellation point here, except if tracing is on - */ - SH_MUTEX_LOCK_UNSAFE(mutex_mlock); - - unlocked = 0; - status = 0; - page_list = sh_page_locked; - - if (0 != page_locking) - { - status = -1; - goto exit_munlock; - } - page_locking = 1; - - pagesize = sh_unix_pagesize(); - addr = sh_unix_lookup_page (in_addr, len, &num_pages); - -#ifdef TEST_MLOCK - fprintf(stderr, "munlock: in_addr %ld, addr %ld, pages: %d, length %d\n", - (unsigned long) in_addr, addr, num_pages, len); -#endif - - test_pages = num_pages; - - /* reduce refcount of locked pages - * addr is first page; num_pages is #(consecutive pages) to lock - */ - while ((page_list != NULL) && (num_pages > 0)) - { -#ifdef TEST_MLOCK - fprintf(stderr, "munlock: page %d: %ld [%d]\n", - i, page_list->page_start, page_list->page_refcount); -#endif - - test_status = 0; - for (test_count = 0; test_count < test_pages; ++test_count) - { - if (page_list->page_start == (addr + (test_count * pagesize))) - { - test_status = 1; - break; - } - } - - if (test_status == 1) - { - page_list->page_refcount -= 1; - if (page_list->page_refcount == 0) - { - status = munlock ( (void *) addr, pagesize); - ++unlocked; - } - num_pages -= 1; -#ifdef TEST_MLOCK - fprintf(stderr, - "munlock: page %d: %ld [refcount %d], refcount reduced\n", - i, page_list->page_start, page_list->page_refcount); -#endif - } -#ifdef TEST_MLOCK - ++i; -#endif - page_list = page_list->next; - } - -#ifdef TEST_MLOCK - i = 0; -#endif - - if (unlocked > 0) - { - page_list = sh_page_locked; - page_last = sh_page_locked; - - while ((page_list != NULL) && (unlocked > 0)) - { - if (page_list->page_refcount == 0) - { -#ifdef TEST_MLOCK - fprintf(stderr, "munlock: remove page %d: %ld [refcount %d]\n", - i, page_list->page_start, page_list->page_refcount); -#endif - if (page_last != page_list) - { - page_last->next = page_list->next; - SH_FREE(page_list); - page_list = page_last->next; - } - else - { - page_last = page_list->next; - if (page_list == sh_page_locked) - sh_page_locked = page_list->next; - SH_FREE(page_list); - page_list = page_last; - } - --unlocked; - } - else - { -#ifdef TEST_MLOCK - fprintf(stderr, "munlock: skip page %d: %ld [refcount %d]\n", - i, page_list->page_start, page_list->page_refcount); -#endif - - page_last = page_list; - page_list = page_list->next; - } -#ifdef TEST_MLOCK - ++i; -#endif - } - } - - page_locking = 0; - - exit_munlock: - SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); - SL_RETURN((status), _("sh_unix_munlock")); -} -#else -int sh_unix_munlock (void * in_addr, size_t len) -{ - (void) in_addr; (void) len; - return -1; -} -#endif - -int sh_unix_count_mlock() -{ - unsigned int i = 0; - char str[32][64]; - sh_page_l * page_list; - - SL_ENTER(_("sh_unix_count_mlock")); - -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) - /* There's no cancellation point here, except if tracing is on - */ - SH_MUTEX_LOCK_UNSAFE(mutex_mlock); -#endif - - page_list = sh_page_locked; - - while (page_list != NULL) - { -#ifdef WITH_TPT - if (i < 32) - sl_snprintf(str[i], 64, _("file: %s line: %d page: %d"), - page_list->file, page_list->line, i+1); -#endif - page_list = page_list->next; - ++i; - } - -#if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) - SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); -#endif - -#ifdef WITH_TPT - { - unsigned int j = 0; - while (j < i && j < 32) - { - sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, j, MSG_E_SUBGEN, - str[j], _("sh_unix_count_mlock")); - ++j; - } - } -#endif - - sl_snprintf(str[0], 64, _("%d pages locked"), i); - sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, i, MSG_E_SUBGEN, - str[0], _("sh_unix_count_mlock")); - SL_RETURN((i), _("sh_unix_count_mlock")); -} - -/************************************************/ -/************************************************/ -/**** Stealth Utilities ****/ -/************************************************/ -/************************************************/ -#ifdef SH_STEALTH - -void sh_unix_xor_code (char * str, int len) -{ - register int i; - - for (i = 0; i < len; ++i) str[i] ^= (char) XOR_CODE; - return; -} - -#if !defined(SH_STEALTH_MICRO) - - -int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, - unsigned long * bytes_read); -unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); - -/* - * --- Get hidden data from a block of hex data. --- - */ -int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) -{ - int add_off = 0, llen; - static unsigned long off_data = 0; - static unsigned long max_data = 0; - static unsigned long bytes_read = 0; - static int stealth_init = BAD; - - SL_ENTER(_("sh_unix_getline_stealth")); - - if (str == NULL) - { - off_data = 0; - max_data = 0; - bytes_read = 0; - stealth_init = BAD; - SL_RETURN(0, _("sh_unix_getline_stealth")); - } - - /* --- Initialize. --- - */ - if (stealth_init == BAD) - { - off_data = first_hex_block(fd, &max_data); - if (off_data == 0) - { - dlog(1, FIL__, __LINE__, - _("The stealth config file does not contain any steganographically\nhidden data. This file must be an image file in _uncompressed_\npostscript format.\nTo hide data in it, use:\n samhain_stealth -s postscript_file orig_config_file\n mv postscript_file /path/to/config/file\n")); - sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, - _("Stealth config file.")); - aud_exit (FIL__, __LINE__, EXIT_FAILURE); - } - stealth_init = GOOD; - max_data += off_data; - } - - /* --- Seek to proper position. --- - */ - if (bytes_read >= max_data || add_off < 0) - { - dlog(1, FIL__, __LINE__, - _("The capacity of the container image file for the stealth config file seems to be too small. Your config file is likely truncated.\n")); - sh_error_handle ((-1), FIL__, __LINE__, EIO, MSG_P_NODATA, - _("Stealth config file.")); - aud_exit (FIL__, __LINE__, EXIT_FAILURE); - } - sl_seek(fd, off_data); - - /* --- Read one line. --- - */ - add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read); - off_data += add_off; - - llen = sl_strlen(str); - SL_RETURN(llen, _("sh_unix_getline_stealth")); -} - -int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, - unsigned long * bytes_read) -{ - - register int i, j, k; - unsigned char c, e; - register int num; - unsigned char mask[9] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; - unsigned long here = 0; - unsigned long retval = 0; - unsigned long bread = 0; - - SL_ENTER(_("hideout_hex_block")); - - ASSERT_RET((len > 1), _("len > 1"), (0)); - - --len; - - i = 0; - while (i < len) - { - for (j = 0; j < 8; ++j) - { - - /* --- Get a low byte, modify, read back. --- - */ - for (k = 0; k < 2; ++k) - { - /* -- Skip whitespace. --- - */ - c = ' '; - do { - do { - num = sl_read (fd, &c, 1); - } while (num == 0 && errno == EINTR); - if (num > 0) - ++here; - else if (num == 0) - SL_RETURN((0), _("hideout_hex_block")); - else - SL_RETURN((-1), _("hideout_hex_block")); - } while (c == '\n' || c == '\t' || c == '\r' || - c == ' '); - } - - - /* --- e is the value of the low byte. --- - */ - e = (unsigned char) sh_util_hexchar( c ); - if ((e & mask[7]) != 0) /* bit is set */ - str[i] |= mask[j]; - else /* bit is not set */ - str[i] &= ~mask[j]; - - bread += 1; - } - if (str[i] == '\n') break; - ++i; - } - - if (i != 0) - str[i] = '\0'; - else - str[i+1] = '\0'; /* keep newline and terminate */ - retval += here; - *bytes_read += (bread/8); - - SL_RETURN(retval, _("hideout_hex_block")); -} - -/* --- Get offset of first data block. --- - */ -unsigned long first_hex_block(SL_TICKET fd, unsigned long * max) -{ - unsigned int i; - long num = 1; - unsigned long lnum; - char c; - int nothex = 0; - unsigned long retval = 0; - unsigned int this_line = 0; - char theline[SH_BUFSIZE]; - - SL_ENTER(_("first_hex_block")); - - *max = 0; - - while (1) - { - theline[0] = '\0'; - this_line = 0; - c = '\0'; - while (c != '\n' && this_line < (sizeof(theline)-1)) - { - do { - num = sl_read (fd, &c, 1); - } while (num == 0 && errno == EINTR); - if (num > 0) - theline[this_line] = c; - else - SL_RETURN((0), _("first_hex_block")); - ++this_line; - } - theline[this_line] = '\0'; - - /* not only 'newline' */ - if (this_line > 60) - { - nothex = 0; - i = 0; - while (nothex == 0 && i < (this_line-1)) - { - if (! isxdigit((int)theline[i])) nothex = 1; - ++i; - } - if (nothex == 1) retval += this_line; - } - else - { - nothex = 1; - retval += this_line; - } - - if (nothex == 0) - { - *max = 0; - do { - do { - num = sl_read (fd, theline, SH_BUFSIZE); - } while (num == 0 && errno == EINTR); - if (num > 0) - { - lnum = (unsigned long) num; - for (i = 0; i < lnum; ++i) - { - c = theline[i]; - if (c == '\n' || c == '\t' || c == '\r' || c == ' ') - ; - else if (!isxdigit((int)c)) - break; - else - *max += 1; - } - } - } while (num > 0); - - *max /= 16; - SL_RETURN((retval), _("first_hex_block")); - } - - } - /* SL_RETURN((0), _("first_hex_block")); *//* unreachable */ -} - - /* if !defined(SH_STEALTH_MICRO) */ -#endif - - /* ifdef SH_STEALTH */ -#endif - -/* - * anti-debugger code - */ -#if defined(SCREW_IT_UP) - -#if defined(HAVE_PTHREAD) - -static pthread_key_t gSigtrapVariables_key; -static pthread_once_t gSigtrapVariables_key_once = PTHREAD_ONCE_INIT; - -static inline void make_gSigtrapVariables_key() -{ - (void) pthread_key_create(&gSigtrapVariables_key, free); -} - -struct sh_sigtrap_variables * sh_sigtrap_variables_get() -{ - void * ptr; - - (void) pthread_once(&gSigtrapVariables_key_once, make_gSigtrapVariables_key); - - ptr = pthread_getspecific(gSigtrapVariables_key); - if (ptr == NULL) { - ptr = calloc(1,sizeof(struct sh_sigtrap_variables)); - if (ptr == NULL) { - return NULL; - } - (void) pthread_setspecific(gSigtrapVariables_key, ptr); - } - - return (struct sh_sigtrap_variables *) ptr; -} - -/* !defined(HAVE_PTHREAD) */ -#else - -static struct sh_sigtrap_variables global_sigtrap_variables; -struct sh_sigtrap_variables * sh_sigtrap_variables_get() -{ - return &global_sigtrap_variables; -} - -#endif - -int sh_sigtrap_max_duration_set (const char * str) -{ - /* For security (prevent reloading with larger value) - * this value can only be set once. - */ - static int once = 0; - int i; - - SL_ENTER(_("sh_sigtrap_max_duration_set")); - - i = atoi (str); - - if (i >= 0 && once == 0) - { - sh.sigtrap_max_duration = i; - once = 1; - } - else - { - SL_RETURN ((-1), _("sh_sigtrap_max_duration_set")); - } - SL_RETURN( (0), _("sh_sigtrap_max_duration_set")); -} - -void sh_sigtrap_handler (int signum) -{ - struct sh_sigtrap_variables * sigtrap_variables; - sigtrap_variables = sh_sigtrap_variables_get(); - if (sigtrap_variables == NULL) { - /* Perhaps, it's better to not die, and to continue using Samhain, - even if this part does not work. */ - return; - } - -#ifdef HAVE_GETTIMEOFDAY - { - struct timeval tv; - long difftv; - - gettimeofday(&tv, NULL); - difftv = (tv.tv_sec - sigtrap_variables->save_tv.tv_sec) * 1000000 + - (tv.tv_usec - sigtrap_variables->save_tv.tv_usec); - if (difftv > sh.sigtrap_max_duration) - raise(SIGKILL); - } -#endif - - sigtrap_variables->not_traced = signum; - /* cppcheck-suppress memleak */ - return; -} -#endif diff --git a/src/bignum.c b/src/bignum.c index bd1bd71..8a622c1 100644 --- a/src/bignum.c +++ b/src/bignum.c @@ -174,7 +174,7 @@ init_digit_blocks(void) for (base = 2; base <= 36; base++) { - tmp = ((1 << (DIGIT_BITS - 1)) / base); + tmp = ((1U << (DIGIT_BITS - 1)) / base); maxdigit = tmp * 2; curdigit = 1; digcnt = 0; @@ -424,6 +424,7 @@ static int ucompare_digits(bignum *a, bignum *b) { DIGIT *a_ptr, *b_ptr; + int retval = 0; if (a->dgs_used == b->dgs_used) { @@ -436,12 +437,14 @@ ucompare_digits(bignum *a, bignum *b) } if (a_ptr < a->dp) { - return 0; + return retval; } else { - return (*a_ptr > *b_ptr) ? 1 : -1; + if (retval == 0) + retval = (*a_ptr > *b_ptr) ? 1 : -1; } + return retval; } return (a->dgs_used > b->dgs_used) ? 1 : -1; } diff --git a/src/cutest_sh_unix.c b/src/cutest_sh_unix.c index 57fb7e6..b4428cf 100644 --- a/src/cutest_sh_unix.c +++ b/src/cutest_sh_unix.c @@ -20,6 +20,7 @@ void Test_dnmalloc (CuTest *tc) { char * buf; char * area[256]; +#if !defined(USE_SYSTEM_MALLOC) && !defined(__clang__) /* test reuse of last freed chunk */ buf = malloc(1024); CuAssertPtrNotNull(tc, buf); @@ -27,7 +28,8 @@ void Test_dnmalloc (CuTest *tc) { area[0] = malloc(1024); CuAssertTrue(tc, buf == area[0]); free(area[0]); - +#endif + /* test realloc */ buf = malloc(16); CuAssertPtrNotNull(tc, buf); diff --git a/src/cutest_slib.c b/src/cutest_slib.c index 1e0e6c4..4350815 100644 --- a/src/cutest_slib.c +++ b/src/cutest_slib.c @@ -57,6 +57,27 @@ void Test_sl_snprintf (CuTest *tc) { CuAssertTrue(tc, input[4] == 'X'); } +void Test_sl_ts_strncmp (CuTest *tc) { + char one[64], two[64]; + int res; + + strcpy(one, "foo"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 3); + CuAssertIntEquals(tc, 0, res); + + strcpy(one, "fox"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 2); + CuAssertIntEquals(tc, 0, res); + + strcpy(one, "f9o"); + strcpy(two, "foo"); + res = sl_ts_strncmp(one, two, 3); + CuAssertTrue(tc, 0 != res); + +} + void Test_sl_strcasecmp (CuTest *tc) { char one[64], two[64]; int res; diff --git a/src/cutest_zAVLTree.c b/src/cutest_zAVLTree.c index 1201ac9..b616925 100644 --- a/src/cutest_zAVLTree.c +++ b/src/cutest_zAVLTree.c @@ -512,6 +512,7 @@ void Test_zAVLTree(CuTest *tc) { CuAssertTrue(tc, str == NULL); zAVL_string_reset(ztest_tree); + ztest_tree = NULL; str = zAVL_string_get(ztest_tree, "foo"); CuAssertTrue(tc, str == NULL); str = zAVL_string_get(ztest_tree, "bar"); diff --git a/src/depend-gen.c b/src/depend-gen.c index 586feee..c38b941 100644 --- a/src/depend-gen.c +++ b/src/depend-gen.c @@ -244,7 +244,7 @@ int main (int argc, char * argv[]) * EXCEPTIONS * **************************************************/ - if (0 == strcmp(p, "sh_gpg_chksum.h") || + if (0 == strcmp(p, "sh_sig_chksum.h") || 0 == strcmp(p, "sh_gpg_fp.h")) { /* fprintf(stderr, "Excluding %s\n", p); */ diff --git a/src/dnmalloc.c b/src/dnmalloc.c index 4ab3b9a..9f7bacc 100644 --- a/src/dnmalloc.c +++ b/src/dnmalloc.c @@ -164,7 +164,7 @@ * * HAVE_SYS_PARAM_H Define to #include <sys/param.h> (for pagesize) * - * HAVE_MALLOC_H Define to #include <malloc.h> (for struct mallinfo) + * HAVE_MALLOC_H Define to #include <malloc.h> (for struct mallinfo2) * * HAVE_FCNTL_H Define to #include <fcntl.h> * @@ -530,7 +530,7 @@ assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new) #define rEALLOc public_rEALLOc #define vALLOc public_vALLOc #define pVALLOc public_pVALLOc -#define mALLINFo public_mALLINFo +#define mALLINFo2 public_mALLINFo2 #define mALLOPt public_mALLOPt #define mTRIm public_mTRIm #define mSTATs public_mSTATs @@ -546,7 +546,7 @@ assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new) #define public_rEALLOc dlrealloc #define public_vALLOc dlvalloc #define public_pVALLOc dlpvalloc -#define public_mALLINFo dlmallinfo +#define public_mALLINFo2 dlmallinfo2 #define public_mALLOPt dlmallopt #define public_mTRIm dlmalloc_trim #define public_mSTATs dlmalloc_stats @@ -560,7 +560,7 @@ assert_handler_tp *dnmalloc_set_handler(assert_handler_tp *new) #define public_rEALLOc realloc #define public_vALLOc valloc #define public_pVALLOc pvalloc -#define public_mALLINFo mallinfo +#define public_mALLINFo2 mallinfo2 #define public_mALLOPt mallopt #define public_mTRIm malloc_trim #define public_mSTATs malloc_stats @@ -790,27 +790,27 @@ extern Void_t* sbrk(); #endif /* - This version of malloc supports the standard SVID/XPG mallinfo + This version of malloc supports the standard SVID/XPG mallinfo2 routine that returns a struct containing usage properties and statistics. It should work on any SVID/XPG compliant system that has - a /usr/include/malloc.h defining struct mallinfo. (If you'd like to + a /usr/include/malloc.h defining struct mallinfo2. (If you'd like to install such a thing yourself, cut out the preliminary declarations as described above and below and save them in a malloc.h file. But there's no compelling reason to bother to do this.) - The main declaration needed is the mallinfo struct that is returned - (by-copy) by mallinfo(). The SVID/XPG malloinfo struct contains a + The main declaration needed is the mallinfo2 struct that is returned + (by-copy) by mallinfo2(). The SVID/XPG malloinfo2 struct contains a bunch of fields that are not even meaningful in this version of - malloc. These fields are are instead filled by mallinfo() with + malloc. These fields are are instead filled by mallinfo2() with other numbers that might be of interest. HAVE_MALLOC_H should be set if you have a /usr/include/malloc.h file that includes a declaration of struct - mallinfo. If so, it is included; else an SVID2/XPG2 compliant + mallinfo2. If so, it is included; else an SVID2/XPG2 compliant version is declared below. These must be precisely the same for - mallinfo() to work. The original SVID version of this struct, - defined on most systems with mallinfo, declares all fields as - ints. But some others define as unsigned long. If your system + mallinfo2() to work. The original SVID version of this struct, + defined on most systems with mallinfo2, declares all fields as + size_2. But some others define as unsigned long. If your system defines the fields using a type of different width than listed here, you must #include your system version and #define HAVE_MALLOC_H. @@ -821,23 +821,23 @@ extern Void_t* sbrk(); /* On *BSD, malloc.h is deprecated, and on some *BSD including * it may actually raise an error. */ -#if defined(HAVE_MALLOC_H) && !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__NetBSD__) +#if defined(HAVE_MALLOC_H) && !defined(__OpenBSD__) && !defined(__FreeBSD__) && !defined(__NetBSD__) && defined(__GLIBC_PREREQ) && __GLIBC_PREREQ(2, 33) #include <malloc.h> #else -/* SVID2/XPG mallinfo structure */ - -struct mallinfo { - int arena; /* non-mmapped space allocated from system */ - int ordblks; /* number of free chunks */ - int smblks; /* number of fastbin blocks */ - int hblks; /* number of mmapped regions */ - int hblkhd; /* space in mmapped regions */ - int usmblks; /* maximum total allocated space */ - int fsmblks; /* space available in freed fastbin blocks */ - int uordblks; /* total allocated space */ - int fordblks; /* total free space */ - int keepcost; /* top-most, releasable (via malloc_trim) space */ +/* SVID2/XPG mallinfo2 structure */ + +struct mallinfo2 { + size_t arena; /* non-mmapped space allocated from system */ + size_t ordblks; /* number of free chunks */ + size_t smblks; /* number of fastbin blocks */ + size_t hblks; /* number of mmapped regions */ + size_t hblkhd; /* space in mmapped regions */ + size_t usmblks; /* maximum total allocated space */ + size_t fsmblks; /* space available in freed fastbin blocks */ + size_t uordblks; /* total allocated space */ + size_t fordblks; /* total free space */ + size_t keepcost; /* top-most, releasable (via malloc_trim) space */ }; /* @@ -1007,7 +1007,7 @@ int public_mALLOPt(); /* - mallinfo() + mallinfo2() Returns (by copy) a struct containing various summary statistics: arena: current total non-mmapped bytes allocated from system @@ -1030,9 +1030,9 @@ int public_mALLOPt(); thus be inaccurate. */ #if __STD_C -struct mallinfo public_mALLINFo(void); +struct mallinfo2 public_mALLINFo2(void); #else -struct mallinfo public_mALLINFo(); +struct mallinfo2 public_mALLINFo2(); #endif /* @@ -1114,7 +1114,7 @@ size_t public_mUSABLe(); (normally sbrk) outside of malloc. malloc_stats prints only the most commonly interesting statistics. - More information can be obtained by calling mallinfo. + More information can be obtained by calling mallinfo2. */ #if __STD_C @@ -1365,7 +1365,7 @@ static int mTRIm(size_t); static size_t mUSABLe(Void_t*); static void mSTATs(); static int mALLOPt(int, int); -static struct mallinfo mALLINFo(void); +static struct mallinfo2 mALLINFo2(void); #else static Void_t* mALLOc(); static void fREe(); @@ -1379,7 +1379,7 @@ static int mTRIm(); static size_t mUSABLe(); static void mSTATs(); static int mALLOPt(); -static struct mallinfo mALLINFo(); +static struct mallinfo2 mALLINFo2(); #endif /* @@ -1686,14 +1686,14 @@ void public_mSTATs() { } } -struct mallinfo public_mALLINFo() { - struct mallinfo m; +struct mallinfo2 public_mALLINFo2() { + struct mallinfo2 m; if (MALLOC_PREACTION == 0) { - m = mALLINFo(); + m = mALLINFo2(); (void) MALLOC_POSTACTION; return m; } else { - struct mallinfo nm = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + struct mallinfo2 nm = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; return nm; } } @@ -5292,10 +5292,10 @@ DL_STATIC size_t mUSABLe(mem) Void_t* mem; ------------------------------ mallinfo ------------------------------ */ -DL_STATIC struct mallinfo mALLINFo() +DL_STATIC struct mallinfo2 mALLINFo2() { mstate av = get_malloc_state(); - struct mallinfo mi; + static struct mallinfo2 mi; unsigned int i; mbinptr b; chunkinfoptr p; @@ -5311,6 +5311,10 @@ DL_STATIC struct mallinfo mALLINFo() } check_malloc_state(); + if (!av || av->top == 0) { + return mi; + } + /* Account for top */ avail = chunksize(av->top); nblocks = 1; /* top always exists */ @@ -5356,19 +5360,18 @@ DL_STATIC struct mallinfo mALLINFo() DL_STATIC void mSTATs() { - struct mallinfo mi = mALLINFo(); + struct mallinfo2 mi = mALLINFo2(); fprintf(stderr, "hashtable = %10lu MB\n", (CHUNK_SIZE_T)(HASHTABLESIZE / (1024*1024))); fprintf(stderr, "max system bytes = %10lu\n", - (CHUNK_SIZE_T)(mi.usmblks)); + (CHUNK_SIZE_T)(mi.usmblks)); fprintf(stderr, "system bytes = %10lu (%10lu sbrked, %10lu mmaped)\n", - (CHUNK_SIZE_T)(mi.arena + mi.hblkhd), - (CHUNK_SIZE_T)(mi.arena), - (CHUNK_SIZE_T)(mi.hblkhd)); + (CHUNK_SIZE_T)(mi.arena + mi.hblkhd), + (CHUNK_SIZE_T)(mi.arena), + (CHUNK_SIZE_T)(mi.hblkhd)); fprintf(stderr, "in use bytes = %10lu\n", - (CHUNK_SIZE_T)(mi.uordblks + mi.hblkhd)); - + (CHUNK_SIZE_T)(mi.uordblks + mi.hblkhd)); } @@ -5521,7 +5524,7 @@ arc4_stir(void) struct { struct timeval tv1; struct timeval tv2; - u_int rnd[(128 - 2*sizeof(struct timeval)) / sizeof(u_int)]; + unsigned char rnd[(128 - 2*sizeof(struct timeval)) / sizeof(unsigned char)]; } rdat; #if !defined(__FreeBSD__) && !defined(__OpenBSD__) && !defined(__NetBSD__) ssize_t sz = 0; diff --git a/src/samhain.c b/src/samhain.c index 43503cd..f5883e9 100644 --- a/src/samhain.c +++ b/src/samhain.c @@ -76,7 +76,7 @@ #include "sh_nmail.h" #include "sh_tiger.h" -#include "sh_gpg.h" +#include "sh_sig.h" #include "sh_mem.h" #include "sh_xfer.h" #include "sh_tools.h" @@ -347,7 +347,11 @@ void sh_init (void) sig_force_silent = 0; /* SIGTSTP */ sh_global_check_silent = 0; sh_load_delta_flag = 0; - strcpy ( sh_sig_msg, _("None")); + sh_sig_msg[4] = '\0'; + sh_sig_msg[3] = 'e'; + sh_sig_msg[2] = 'n'; + sh_sig_msg[1] = 'o'; + sh_sig_msg[0] = 'N'; #ifdef MKB_01 ErrFlag[1] |= (1 << 0); @@ -772,6 +776,7 @@ static void exit_handler(void) sh_files_delglobstack (); sh_hash_hashdelete(); sh_files_hle_reg (NULL); + (void) sh_ignore_clean (); /* * Only flush on exit if running as deamon. * Otherwise we couldn't run another instance @@ -833,7 +838,7 @@ static void exit_handler(void) if (sh.flag.isdaemon == S_TRUE) (void) sh_unix_rm_pid_file (); if (skey != NULL) - memset (skey, (int) '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); /* --- Exit. --- */ @@ -876,6 +881,7 @@ static pid_t * procdirSamhain (void) if (NULL == (dp = opendir(_("/proc")))) { + /* cppcheck-suppress resourceLeak */ return NULL; } @@ -1374,7 +1380,7 @@ void do_reconf() } else { - sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_MOD_OK, + sh_error_handle ((-1), FIL__, __LINE__, status, MSG_MOD_OK, _(modList[modnum].name)); modList[modnum].initval = status; } @@ -1901,9 +1907,9 @@ int undef_main(int argc, char * argv[]) #if defined(SH_WITH_SERVER) && !defined(SH_WITH_CLIENT) -#if (defined(WITH_GPG) || defined(WITH_PGP)) +#if defined(WITH_GPG) /* log startup */ - sh_gpg_log_startup (); + sh_sig_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, sh.prg_name, (long) sh.real.uid, @@ -1924,9 +1930,9 @@ int undef_main(int argc, char * argv[]) if (sh.flag.checkSum == SH_CHECK_CHECK) { -#if (defined(WITH_GPG) || defined(WITH_PGP)) +#if defined(WITH_GPG) /* log startup */ - sh_gpg_log_startup (); + sh_sig_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_2H, sh.prg_name, (long) sh.real.uid, @@ -1936,9 +1942,9 @@ int undef_main(int argc, char * argv[]) } else { -#if (defined(WITH_GPG) || defined(WITH_PGP)) +#if defined(WITH_GPG) /* log startup */ - sh_gpg_log_startup (); + sh_sig_log_startup (); #else sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_START_1H, sh.prg_name, (long) sh.real.uid, diff --git a/src/samhain_setpwd.c b/src/samhain_setpwd.c index e8de644..a12b801 100644 --- a/src/samhain_setpwd.c +++ b/src/samhain_setpwd.c @@ -245,8 +245,8 @@ int main (int argc, char * argv[]) char * newpwd = (char *) malloc(5 * 8 + 2); char * oldpwd = (char *) malloc(5 * 8 + 2); - memset (newpwd, '\0', 5 * 8 + 2); - memset (oldpwd, '\0', 5 * 8 + 2); + memset (newpwd, 0, 5 * 8 + 2); + memset (oldpwd, 0, 5 * 8 + 2); if (argc < 4) diff --git a/src/sh_audit.c b/src/sh_audit.c index 52d0c70..d4d4dd2 100644 --- a/src/sh_audit.c +++ b/src/sh_audit.c @@ -74,7 +74,7 @@ static int listRecords (auparse_state_t * au, struct recordState * state) sl_strlcpy(state->syscall, auparse_interpret_field(au), REC_SIZE_SYSCALL); if (auparse_find_field(au, _("success"))) - strncpy(state->success, auparse_interpret_field(au), REC_SIZE_SUCCESS); + sl_strlcpy(state->success, auparse_interpret_field(au), REC_SIZE_SUCCESS); if (auparse_find_field(au, "uid")) state->uid = auparse_get_field_int(au); @@ -147,7 +147,7 @@ static char * doAuparse (const char * file, time_t time, int tol, char * result, goto err; } - memset(&state, '\0', sizeof(state)); + memset(&state, 0, sizeof(state)); while (ausearch_next_event(au) == 1) { @@ -179,10 +179,13 @@ static char * doAuparse (const char * file, time_t time, int tol, char * result, if (0 == strcmp(state.success, "yes")) { + char time_str[81]; char * tmp_exe = sh_util_safe_name(state.exe); + + (void) sh_unix_gmttime (state.time, time_str, sizeof(time_str)); sl_snprintf(result, rsize, - _("time=%lu.%u, syscall=%s, auid=%u, uid=%u, gid=%u, euid=%u, egid=%u, fsuid=%u, fsgid=%u, exe=%s"), - (unsigned long) state.time, state.milli, + _("time=%lu.%u, timestamp=%s, syscall=%s, auid=%u, uid=%u, gid=%u, euid=%u, egid=%u, fsuid=%u, fsgid=%u, exe=%s"), + (unsigned long) state.time, state.milli, time_str, state.syscall, state.auid, state.uid, state.gid, state.euid, state.egid, state.fsuid, state.fsgid, tmp_exe); @@ -196,6 +199,23 @@ static char * doAuparse (const char * file, time_t time, int tol, char * result, return NULL; } +#define SH_AUDIT_DEF "wa" +static char sh_audit_flags[32] = SH_AUDIT_DEF; + +int sh_audit_set_flags(const char * str) +{ + if (!str || strlen(str) >= sizeof(sh_audit_flags)) + return -1; + sl_strlcpy(sh_audit_flags, str, sizeof(sh_audit_flags)); + return 0; +} +static void reset_audit_flags() +{ + sl_strlcpy(sh_audit_flags, SH_AUDIT_DEF, sizeof(sh_audit_flags)); + return; +} + + static int sh_audit_checkdaemon(); static int actl_pnum = -1; static char * actl_paths[4] = @@ -206,20 +226,23 @@ static char * actl_paths[4] = N_("/usr/bin/auditctl") }; +static char * getflags (char * file); /* Public function to fetch an audit record for path 'file', time 'time' * The 'result' array should be sized ~256 char. */ -char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, char * result, size_t rsize) +char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, time_t atime, char * result, size_t rsize) { - char * res = NULL; + char * res = NULL; + char * flags = getflags(file); if (sh_audit_checkdaemon() >= 0) { time_t new; - - if (mtime >= ctime) { new = mtime; } - else { new = ctime; } + + if (flags && (strchr(flags, 'r') || strchr(flags, 'x')) && atime >= ctime && atime >= mtime) { new = atime; } + else if (mtime >= ctime) { new = mtime; } + else { new = ctime; } res = doAuparse (file, new, 1, result, rsize, S_FALSE); @@ -250,6 +273,7 @@ void sh_audit_delete_all () sl_strlcpy(ctl, _(actl_paths[p]), sizeof(ctl)); sh_ext_system(ctl, ctl, "-D", "-k", _("samhain"), NULL); } + reset_audit_flags(); return; } @@ -262,7 +286,7 @@ static int sh_audit_isdir(const char * file) return S_FALSE; } -static void sh_audit_mark_int (const char * file) +static void sh_audit_mark_int (const char * file, const char * flags) { static int flushRules = 0; @@ -285,10 +309,10 @@ static void sh_audit_mark_int (const char * file) char a1[32]; char a2[32]; char a3[32]; + char a4[32]; - sl_snprintf(command, len, _("%s -w %s -p wa -k samhain"), - _(actl_paths[p]), - file); + sl_snprintf(command, len, _("%s -w %s -p %s -k samhain"), + _(actl_paths[p]), file, flags); safe = sh_util_safe_name_keepspace(command); sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, @@ -302,7 +326,8 @@ static void sh_audit_mark_int (const char * file) sl_strlcpy(command, file, len); sl_strlcpy(a3, _("samhain"), sizeof(a3)); - sh_ext_system(ctl, ctl, "-w", command, "-p", "wa", "-k", a3, NULL); + sl_strlcpy(a4, flags, sizeof(a4)); + sh_ext_system(ctl, ctl, "-w", command, "-p", a4, "-k", a3, NULL); /* Placing a watch on a directory will not place a watch on the * directory inode, so we do this explicitely. @@ -318,7 +343,8 @@ static void sh_audit_mark_int (const char * file) sl_strlcpy(command, _("path="), len); sl_strlcat(command, file, len); sl_strlcpy(a1, _("always,exit"), sizeof(a1)); - sl_strlcpy(a2, _("perm=wa"), sizeof(a2)); + sl_strlcpy(a2, _("perm="), sizeof(a2)); + sl_strlcat(a2, flags, sizeof(a2)); sh_ext_system(ctl, ctl, "-a", a1, "-F", command, "-F", a2, "-k", a3, NULL); } SH_FREE(command); @@ -326,12 +352,47 @@ static void sh_audit_mark_int (const char * file) return; } +#define SH_AU_FLAGS_SIZ 32 struct aud_list { char * file; + char flags[SH_AU_FLAGS_SIZ]; struct aud_list * next; }; struct aud_list * mark_these = NULL; +static int marked_committed = 0; + +static void delete_listofmarked() +{ + struct aud_list * tmp; + struct aud_list * this = mark_these; + + mark_these = NULL; + + while (this) + { + tmp = this; + this = this->next; + + SH_FREE(tmp->file); + SH_FREE(tmp); + } + marked_committed = 0; +} + +static char * getflags (char * file) +{ + struct aud_list * this = mark_these; + + while (this) + { + if (0 == strcmp(file, this->file)) + return this->flags; + this = this->next; + } + /* no explicit rule for this file */ + return NULL; +} static void add_this (char * file) { @@ -339,8 +400,12 @@ static void add_this (char * file) size_t len = strlen(file); this->file = sh_util_strdup(file); + + /* strip trailing '/' */ if ((len > 1) && (file[len-1] == '/')) this->file[len-1] = '\0'; + + sl_strlcpy(this->flags, sh_audit_flags, SH_AU_FLAGS_SIZ); this->next = mark_these; mark_these = this; @@ -349,44 +414,50 @@ static void add_this (char * file) /* Check whether it is already covered by a higher directory */ -static int test_exchange (struct aud_list * this, char * file) +static int test_exchange (struct aud_list * this, const char * file) { size_t len0 = sl_strlen(this->file); size_t len1 = sl_strlen(file); int ret = -1; + if (!file || !this || !this->file) + return 0; + if (len0 == len1) { return strcmp(this->file, file); } else { - char * s0 = SH_ALLOC(len0 + 2); - char * s1 = SH_ALLOC(len1 + 2); - - sl_strlcpy(s0, this->file, len0 + 2); - sl_strlcpy(s1, file, len1 + 2); - - if (s0 < s1) - { - sl_strlcat(s0, "/", len0 + 2); - ret = strncmp(s0, s1, len0 + 1); - } - else - { - sl_strlcat(s1, "/", len1 + 2); - if (0 == strncmp(s0, s1, len1 + 1)) - { - size_t len = strlen(file); - SH_FREE(this->file); - this->file = sh_util_strdup(file); - if ((len > 1) && (file[len-1] == '/')) - this->file[len-1] = '\0'; - ret = 0; - } - } - SH_FREE(s0); - SH_FREE(s1); + if (0 == strcmp(this->flags, sh_audit_flags)) + { + char * s0 = SH_ALLOC(len0 + 2); + char * s1 = SH_ALLOC(len1 + 2); + + sl_strlcpy(s0, this->file, len0 + 2); + sl_strlcpy(s1, file, len1 + 2); + + if (s0 < s1) + { + sl_strlcat(s0, "/", len0 + 2); + ret = strncmp(s0, s1, len0 + 1); + } + else + { + sl_strlcat(s1, "/", len1 + 2); + if (0 == strncmp(s0, s1, len1 + 1)) + { + size_t len = strlen(file); + SH_FREE(this->file); + this->file = sh_util_strdup(file); + if ((len > 1) && (file[len-1] == '/')) + this->file[len-1] = '\0'; + ret = 0; + } + } + SH_FREE(s0); + SH_FREE(s1); + } } return ret; @@ -396,13 +467,18 @@ static int test_exchange (struct aud_list * this, char * file) */ void sh_audit_mark (char * file) { - struct aud_list * this = mark_these; + struct aud_list * this; + if (marked_committed != 0) + delete_listofmarked(); + if (!mark_these) { add_this (file); return; } + this = mark_these; + while (this) { /* Check whether it is already covered by a higher @@ -410,6 +486,7 @@ void sh_audit_mark (char * file) */ if (0 == test_exchange(this, file)) return; + this = this->next; } @@ -419,20 +496,14 @@ void sh_audit_mark (char * file) void sh_audit_commit () { - struct aud_list * next; struct aud_list * this = mark_these; - mark_these = NULL; - while (this) { - sh_audit_mark_int (this->file); - next = this->next; - SH_FREE(this->file); - SH_FREE(this); - this = next; + sh_audit_mark_int (this->file, this->flags); + this = this->next; } - + marked_committed = 1; } static int sh_audit_checkdaemon() @@ -537,11 +608,12 @@ static int sh_audit_checkdaemon() /* HAVE_AUPARSE_H */ #else -char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, char * result, size_t rsize) +char * sh_audit_fetch (char * file, time_t mtime, time_t ctime, time_t atime, char * result, size_t rsize) { (void) file; (void) mtime; (void) ctime; + (void) atime; (void) result; (void) rsize; @@ -563,6 +635,11 @@ void sh_audit_commit () { return; } +int sh_audit_set_flags(const char * str) +{ + (void) str; + return -1; +} #endif /* client || standalone */ diff --git a/src/sh_calls.c b/src/sh_calls.c index 2269836..cf4c4c5 100644 --- a/src/sh_calls.c +++ b/src/sh_calls.c @@ -50,7 +50,6 @@ #include "samhain.h" #include "sh_error.h" -#include "sh_calls.h" #include "sh_ipvx.h" #include "sh_sub.h" #include "sh_utils.h" @@ -533,8 +532,8 @@ long int retry_msleep (int sec, int millisec) ***************************************************/ long int retry_aud_execve (const char * file, int line, - const char *dateiname, char * argv[], - char * envp[]) + const char *dateiname, char *const argv[], + char *const envp[]) { uid_t a = geteuid(); gid_t b = getegid(); @@ -736,6 +735,7 @@ long int aud_open_noatime (const char * file, int line, int privs, if ((val_return < 0) && (*o_noatime != 0)) { + /* cppcheck-suppress resourceLeak */ val_return = open (pathname, flags, mode); if (val_return >= 0) *o_noatime = 0; @@ -932,7 +932,7 @@ int aud_setgid (const char * file, int line, gid_t gid) SL_RETURN(i, _("aud_setgid")); } -int aud_pipe (const char * file, int line, int * modus) +int aud_pipe (const char * file, int line, int modus[2]) { int error; int i = pipe (modus); diff --git a/src/sh_cat.c b/src/sh_cat.c index dfffae1..9328543 100644 --- a/src/sh_cat.c +++ b/src/sh_cat.c @@ -71,7 +71,8 @@ cat_entry msg_cat[] = { { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=\"File check completed.\" time=\"%ld\" kBps=\"%f\"")}, { MSG_CHECK_2, SH_ERR_STAMP, STAMP, N_("msg=\"File check starting.\"")}, { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=\"---- TIMESTAMP ----\"")}, - + { MSG_DCLOSE, SH_ERR_NOTICE, RUN, N_("msg=\"Finished writing baseline database.\"")}, + { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=\"Downloading configuration file\"")}, { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=\"Downloading database file\"")}, { MSG_D_FAIL, SH_ERR_INFO, RUN, N_("msg=\"No file from server, trying local file\"")}, @@ -223,6 +224,7 @@ cat_entry msg_cat[] = { { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=\"Error in big integer library\"")}, { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=\"Registered %s, salt %s, verifier %s\"")}, + { MSG_TCP_AREG, SH_ERR_ALL, TCP, N_("msg=\"Registered %s, hostname %s\"")}, { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=\"Force authentication\" host=\"%s\"")}, { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg=\"Cannot resolve client name\" host=\"%s\"")}, @@ -402,6 +404,7 @@ cat_entry msg_cat[] = { { MSG_CHECK_1, SH_ERR_STAMP, STAMP, N_("msg=<File check completed.>, time=<%ld>, kBps=<%f>")}, { MSG_CHECK_2, SH_ERR_STAMP, STAMP, N_("msg=<File check starting.>")}, { MSG_STAMP, SH_ERR_STAMP, STAMP, N_("msg=<---- TIMESTAMP ---->")}, + { MSG_DCLOSE, SH_ERR_NOTICE, RUN, N_("msg=<Finished writing baseline database.>")}, { MSG_D_START, SH_ERR_INFO, RUN, N_("msg=<Downloading configuration file>")}, { MSG_D_DSTART, SH_ERR_INFO, RUN, N_("msg=<Downloading database file>")}, @@ -566,6 +569,7 @@ cat_entry msg_cat[] = { { MSG_TCP_EBGN, SH_ERR_ERR, TCP, N_("msg=<Error in big integer library>")}, { MSG_TCP_CREG, SH_ERR_ALL, TCP, N_("msg=<Registered %s, salt %s, verifier %s>")}, + { MSG_TCP_AREG, SH_ERR_ALL, TCP, N_("msg=<Registered %s, hostname %s>")}, { MSG_TCP_FAUTH, SH_ERR_INFO, TCP, N_("msg=<Force authentication>, client=<%s>")}, { MSG_TCP_RESCLT, SH_ERR_SEVERE, TCP, N_("msg=<Cannot resolve client name> host=<%s>")}, diff --git a/src/sh_checksum.c b/src/sh_checksum.c index 0587edc..e434d5c 100644 --- a/src/sh_checksum.c +++ b/src/sh_checksum.c @@ -407,7 +407,7 @@ void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { usedspace = freespace = 0; } -void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) +void SHA256_Final(sha2_byte digest[SHA256_DIGEST_LENGTH], SHA256_CTX* context) { sha2_word32 *d = (sha2_word32*)digest; unsigned int usedspace; @@ -481,7 +481,7 @@ void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) #include "sh_utils.h" /* If buffer is of length KEYBUF_SIZE, the digest will fit */ -char *SHA256_End(SHA256_CTX* context, char buffer[]) +char *SHA256_End(SHA256_CTX* context, char buffer[KEYBUF_SIZE]) { sha2_byte digest[SHA256_DIGEST_LENGTH]; diff --git a/src/sh_database.c b/src/sh_database.c index fdeed45..31a5919 100644 --- a/src/sh_database.c +++ b/src/sh_database.c @@ -283,7 +283,7 @@ static int insert_value (char * ptr, const char * str) static void init_db_entry (dbins * ptr) { - memset (ptr, (int) '\0', sizeof(dbins)); + memset (ptr, 0, sizeof(dbins)); ptr->next = NULL; return; } @@ -1122,12 +1122,7 @@ int sh_database_query (char * query, /*@out@*/ long * id) * We don't check the return value because it's useless (failure due * to lack of access permission is not reported). */ -#if !defined(__x86_64__) - /* - * libmysql segfaults on x86-64 if this is used - */ mysql_options(db_conn, MYSQL_READ_DEFAULT_GROUP, _("samhain")); -#endif status = 0; @@ -1148,6 +1143,7 @@ int sh_database_query (char * query, /*@out@*/ long * id) SL_RETURN(0, _("sh_database_query")); } } + connection_status = S_TRUE; } else @@ -1410,7 +1406,7 @@ long sh_database_entry (dbins * db_entry, long id) } /*@-type@*//* byte* versus char[..] */ if (attr_tab[i].inHash == 1 && - ((char *)(db_entry)+attr_tab[i].off) != '\0') + *((char *)(db_entry)+attr_tab[i].off) != '\0') { (void)md5Update(&crc, (sh_byte*) ((char *)(db_entry)+attr_tab[i].off), diff --git a/src/sh_dbIO.c b/src/sh_dbIO.c index 0ac9194..1f9b152 100644 --- a/src/sh_dbIO.c +++ b/src/sh_dbIO.c @@ -30,7 +30,7 @@ #include "sh_dbIO_int.h" #include "sh_hash.h" #include "sh_dbIO.h" -#include "sh_gpg.h" +#include "sh_sig.h" #include "sh_tiger.h" #include "sh_xfer.h" #include "sh_pthread.h" @@ -151,6 +151,8 @@ static int sh_dbIO_setdataent (SL_TICKET fd, char * line, int size, SL_RETURN( retval, _("sh_dbIO_setdataent")); } +/* Seek to [SOF] and truncate remainder of file + */ static int sh_dbIO_setdataent_old (SL_TICKET fd, char * line, int size, const char * file) { @@ -224,12 +226,10 @@ static unsigned short * swap_short (unsigned short * iptr) else { /* alignment problem */ - unsigned char swap; - static unsigned short ooop; - unsigned char * ii; - ooop = *iptr; - ii = (unsigned char *) &ooop; - swap = ii[0]; ii[0] = ii[1]; ii[1] = swap; + static unsigned short ooop = *iptr; + unsigned short hi = (ooop & 0xff00); + unsigned short lo = (ooop & 0xff); + ooop = (lo << 8) | (hi >> 8); return &ooop; } return iptr; @@ -378,10 +378,87 @@ static char * unquote_path(char * line, long i) (void) sl_strlcpy (path, tmp, len); if (tmp) SH_FREE(tmp); + /* do not strip newline twice... if (len > 1) { if (path[len-2] == '\n') path[len-2] = '\0'; } + ****/ + return path; +} + +/****************************************************************** + * + * Use different init rootfs (patch by Kemal H.) + * + ******************************************************************/ + +static char * sh_dbIO_rootfs = NULL; +static size_t sh_dbIO_rootfs_len = 0; + +int sh_dbIO_init_rootfs (const char * rootfs) +{ + if (NULL == sh_dbIO_rootfs) + { + sh_dbIO_rootfs = sh_util_strdup (rootfs); + sh_dbIO_rootfs_len = sl_strlen(sh_dbIO_rootfs); + return 0; + } + return -1; +} + +size_t sh_dbIO_get_rootfs_len() +{ + return sh_dbIO_rootfs_len; +} + +/* Prepend rootfs when reading from config file ('path' must be allocated with sufficient space). + */ +char * sh_dbIO_rootfs_prepend(char * path) +{ + if (0 == sh_dbIO_rootfs_len) + return path; + + memmove (path + sh_dbIO_rootfs_len, path, sl_strlen(path) + 1); + memcpy (path, sh_dbIO_rootfs, sh_dbIO_rootfs_len); + + return path; +} + + +/* Strip rootfs when writing to database file. + */ +char * sh_dbIO_rootfs_strip(char * path) +{ + if (sh_dbIO_rootfs_len == 0) + { + return path; + } + else + { + size_t len = sl_strlen(path); + + memmove (path, path + sh_dbIO_rootfs_len, len + 1 - sh_dbIO_rootfs_len); + if(path[0] != '/') + { + path[0]='/'; + path[1]='\0'; + } + } + + return path; +} + +char * sh_dbIO_rootfs_strip_link(char * path) +{ + if (sh_dbIO_rootfs_len == 0) + return path; + if (strstr(path, sh_dbIO_rootfs) == path) + { + size_t len = sl_strlen(path); + + memmove (path, path + sh_dbIO_rootfs_len, len + 1 - sh_dbIO_rootfs_len); + } return path; } @@ -406,7 +483,7 @@ static void corrupt_record(char * file, int line, const char * filepath) static void wrong_version(char * file, int line, const char * filepath) { dlog(1, file, line, - _("There is a record with a bad version number in the file signature database: %s\n"), + _("There is a record with a bad version number in the file signature database: %s\nThis may be caused by using '-t init' repeatedly to initialise the database, without (re)moving the database file.\n"), (NULL == filepath) ? _("(null)") : filepath); sh_error_handle((-1), file, line, 0, MSG_E_SUBGPATH, _("Record with bad version number in file signature database"), @@ -457,7 +534,7 @@ static size_t dbIO_fread_struct (sh_filestore_t * ptr, FILE *stream, if (1 == 0) hexdump((unsigned char *)&old_struct, sizeof(old_struct)); - memset(&try_struct, '\0', sizeof(try_struct)); + memset(&try_struct, 0, sizeof(try_struct)); if (!memcmp(&old_struct, &try_struct, sizeof(try_struct))) return 0; /* NULL read */ if (1 != fread (try, sizeof(try), 1, stream)) @@ -580,7 +657,7 @@ static sh_file_t * sh_dbIO_getdataent (char * line, int size, } fullpath = unquote_path(line, i); - + /* Read next record -- Part Three -- Linkpath */ i = sh_dbIO_getline (sh_fin_fd, line, size); @@ -774,12 +851,12 @@ static SL_TICKET load_data_from_disk(const char * filepath) static SL_TICKET verify_data (SL_TICKET fd) { -#if defined(WITH_GPG) || defined(WITH_PGP) +#if defined(WITH_SIG) SL_TICKET fdTmp; /* extract the data and copy to temporary file */ - fdTmp = sh_gpg_extract_signed(fd); + fdTmp = sh_sig_extract_signed(fd); if (sig_termfast == 1) /* SIGTERM */ { @@ -793,12 +870,16 @@ static SL_TICKET verify_data (SL_TICKET fd) /* Validate signature of open file. */ - if (0 != sh_gpg_check_sign (fd, SIG_DATA)) + if (0 != sh_sig_check_signature (fd, SIG_DATA)) { sl_close(fd); return -1; } sl_rewind (fd); + + fdTmp = sh_sig_extract_signed_data(fd); + sl_close(fd); + fd = fdTmp; #endif return fd; @@ -1116,15 +1197,19 @@ static void seek_writeout_data(SL_TICKET fd, const char * path) return; } +/* Seek to [SOF] and truncate remainder + */ static int seek_writeout_data_old(SL_TICKET fd, const char * path) { char * line = SH_ALLOC(MAX_PATH_STORE+1); + /* This will do an ftruncate() after the sof marker + */ if (SL_ISERROR(sh_dbIO_setdataent_old (fd, line, MAX_PATH_STORE, path))) { SH_FREE(line); sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGPATH, - _("Failed to seek to end of baseline database"), + _("Failed to seek to start of baseline database"), _("seek_writeout_data_old"), path); aud_exit(FIL__, __LINE__, EXIT_FAILURE); @@ -1329,6 +1414,7 @@ static void write_record(SL_TICKET fd, sh_filestore_t * p, if (!linkpath || 0 == sl_strlen(linkpath)) lpath = ll; else + /* cppcheck-suppress uninitvar */ lpath = linkpath; if (pushdata_stdout == S_FALSE) @@ -1413,6 +1499,7 @@ static void sh_dbIO_data_write_int (file_type * buf, char * fileHash, else { pushdata_fd = open_writeout_data(outpath); + /* Seek to eof */ seek_writeout_data(pushdata_fd, outpath); } } @@ -1423,13 +1510,13 @@ static void sh_dbIO_data_write_int (file_type * buf, char * fileHash, { TPT((0, FIL__, __LINE__, _("msg=<Update.>\n"))); pushdata_fd = open_writeout_data(outpath); + /* Seek to sof and truncate */ seek_writeout_data_old(pushdata_fd, outpath); } } - - if (!buf) { - memset(&p, '\0', sizeof(sh_filestore_t)); - } + + /* unconditionally initialize the structure */ + memset(&p, 0, sizeof(sh_filestore_t)); if (buf != NULL) { @@ -1478,7 +1565,19 @@ static void sh_dbIO_data_write_int (file_type * buf, char * fileHash, { if (sh.flag.checkSum != SH_CHECK_INIT || (buf == NULL && fileHash == NULL)) { - sl_close (pushdata_fd); + if (SL_ISERROR(sl_close (pushdata_fd))) + { + char * tmp = sh_util_safe_name(outpath); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGPATH, + _("Failed to close baseline database"), + _("sh_dbIO_data_write_int"), + tmp); + SH_FREE(tmp); + } + else { + if (sh.flag.checkSum == SH_CHECK_INIT) + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_DCLOSE); + } pushdata_fd = -1; } } diff --git a/src/sh_entropy.c b/src/sh_entropy.c index bf2a3ee..c55dad6 100644 --- a/src/sh_entropy.c +++ b/src/sh_entropy.c @@ -333,7 +333,7 @@ int sh_entropy(int nbytes, char * nbuf) if (nbytes > KEY_BYT) nbytes = KEY_BYT; - memset(nbuf, '\0', nbytes); + memset(nbuf, 0, nbytes); #ifdef NAME_OF_DEV_URANDOM m_count = read_mbytes ( 10, NAME_OF_DEV_URANDOM, nbuf, nbytes); @@ -369,7 +369,7 @@ int sh_entropy(int nbytes, char * nbuf) { /* -- Add previous entropy into the new pool. -- */ - memset(addbuf, '\0', sizeof(addbuf)); + memset(addbuf, 0, sizeof(addbuf)); for (i = 0; i < m_count; ++i) addbuf[i] = nbuf[i]; for (i = 0; i < KEY_BYT; ++i) @@ -377,7 +377,7 @@ int sh_entropy(int nbytes, char * nbuf) keybuf = (char *) sh_tiger_hash_uint32 (addbuf, TIGER_DATA, 2 * KEY_BYT, kbuf, KEY_BYT/sizeof(UINT32)); - memset(addbuf, '\0', sizeof(addbuf)); + memset(addbuf, 0, sizeof(addbuf)); /* -- Give out nbytes bytes from the new pool. -- */ @@ -389,8 +389,8 @@ int sh_entropy(int nbytes, char * nbuf) nbuf[i] = keybuf[i]; } SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); - memset (keybuf, '\0', KEY_BYT); - memset (kbuf, '\0', sizeof(kbuf)); + memset (keybuf, 0, KEY_BYT); + memset (kbuf, 0, sizeof(kbuf)); SL_RETURN(0, _("sh_entropy")); } @@ -415,7 +415,7 @@ int sh_entropy(int nbytes, char * nbuf) #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif #include "sh_static.h" @@ -952,7 +952,7 @@ int sh_entropy(int nbytes, char * nbuf) keybuf = (char *) sh_tiger_hash_uint32 ((char *) tseed, TIGER_DATA, sizeof(tseed), kbuf, KEY_BYT/sizeof(UINT32)); - memset(addbuf, '\0', sizeof(addbuf)); + memset(addbuf, 0, sizeof(addbuf)); for (i = 0; i < KEY_BYT; ++i) { addbuf[i] = keybuf[i]; @@ -973,7 +973,7 @@ int sh_entropy(int nbytes, char * nbuf) /* add previous entropy into the new pool */ - memset(addbuf, '\0', sizeof(addbuf)); + memset(addbuf, 0, sizeof(addbuf)); for (i = 0; i < KEY_BYT; ++i) { addbuf[i] = keybuf[i]; @@ -982,7 +982,7 @@ int sh_entropy(int nbytes, char * nbuf) keybuf = (char *) sh_tiger_hash_uint32 (addbuf, TIGER_DATA, sizeof(addbuf), kbuf, KEY_BYT/sizeof(UINT32)); - memset(addbuf, '\0', sizeof(addbuf)); + memset(addbuf, 0, sizeof(addbuf)); /* store in system pool */ @@ -991,8 +991,8 @@ int sh_entropy(int nbytes, char * nbuf) skey->poolv[i] = keybuf[i]; skey->poolc = KEY_BYT; SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); - memset (buffer, '\0', BUF_ENT+2); - memset (keybuf, '\0', KEY_BYT); + memset (buffer, 0, BUF_ENT+2); + memset (keybuf, 0, KEY_BYT); SH_FREE(buffer); } else @@ -1029,13 +1029,13 @@ void Test_entropy (CuTest *tc) for (count = 0; count < 20; ++count) { - memset(skey->poolv, '\0', KEY_BYT); + memset(skey->poolv, 0, KEY_BYT); skey->poolc = 0; status = sh_entropy (24, bufx); CuAssertTrue(tc, 0 == status); - memset(skey->poolv, '\0', KEY_BYT); + memset(skey->poolv, 0, KEY_BYT); skey->poolc = 0; status = sh_entropy (24, bufy); diff --git a/src/sh_err_console.c b/src/sh_err_console.c index c3a8269..c813039 100644 --- a/src/sh_err_console.c +++ b/src/sh_err_console.c @@ -32,8 +32,11 @@ #include <stdio.h> #include <sys/types.h> #include <fcntl.h> +#include <sys/stat.h> #include <unistd.h> #include <signal.h> +#include <sys/socket.h> +#include <sys/un.h> extern int OnlyStderr; @@ -140,7 +143,7 @@ static void remove_message() MSG_NOERROR|IPC_NOWAIT); } while (rc < 0 && errno == EINTR); - memset(&recv_msg, '\0', sizeof(recv_msg)); + memset(&recv_msg, 0, sizeof(recv_msg)); return; } @@ -189,7 +192,7 @@ static int push_message_queue (const char * msg) if (count > 1) { - memset(recv_msg, '\0', MY_MAX_MSG+1); + memset(recv_msg, 0, MY_MAX_MSG+1); SH_FREE(recv_msg); SL_RETURN(-1, _("push_message_queue")); } @@ -213,13 +216,13 @@ static int push_message_queue (const char * msg) } else { TPT(( 0, FIL__, __LINE__, _("msg=<msgsnd: %s> errno=<%d>\n"), sh_error_message(errno, errbuf, sizeof(errbuf)), errno)); - memset(recv_msg, '\0', MY_MAX_MSG+1); + memset(recv_msg, 0, MY_MAX_MSG+1); SH_FREE(recv_msg); SL_RETURN(-1, _("push_message_queue")); } } - memset(recv_msg, '\0', MY_MAX_MSG+1); + memset(recv_msg, 0, MY_MAX_MSG+1); SH_FREE(recv_msg); SL_RETURN(0, _("push_message_queue")); @@ -244,9 +247,19 @@ void close_ipc() { sh_sem_close(); return; } static int count_dev_console = 0; +typedef enum { SH_LOG_UNIX, SH_LOG_OTHER, SH_LOG_INDEF } sh_log_devtype; + +static sh_log_devtype dt[2] = { SH_LOG_INDEF, SH_LOG_INDEF }; +static int st[2] = { SOCK_DGRAM, SOCK_DGRAM }; + void reset_count_dev_console(void) { count_dev_console = 0; + dt[0] = SH_LOG_INDEF; + dt[1] = SH_LOG_INDEF; + st[0] = SOCK_DGRAM; + st[1] = SOCK_DGRAM; + return; } @@ -283,6 +296,88 @@ char * sh_log_console_name (void) #define STDERR_FILENO 2 #endif +static int find_socktype(const char * name) +{ +#ifdef SOCK_SEQPACKET + int socktypes[3] = { SOCK_DGRAM, SOCK_SEQPACKET, SOCK_STREAM }; + int try = 3; +#else + int socktypes[2] = { SOCK_DGRAM, SOCK_STREAM }; + int try = 2; +#endif + int i; + for (i = 0; i < try; ++i) { + struct sockaddr_un addr; + int fd; + + if ( (fd = socket(AF_UNIX, socktypes[i], 0)) == -1) { + return -1; + } + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + sl_strlcpy(addr.sun_path, name, sizeof(addr.sun_path)); + if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) == 0) { + close(fd); + return socktypes[i]; + } + close(fd); + } + return -1; +} + +int sh_log_console_open (const char * name, int slot) +{ + int fd = -1; + + if (dt[slot] == SH_LOG_INDEF) + { + struct stat sb; + if (retry_stat(FIL__, __LINE__, name, &sb) == 0) + { + if ((sb.st_mode & S_IFMT) == S_IFSOCK) + { + dt[slot] = SH_LOG_UNIX; + st[slot] = find_socktype(name); + if (st[slot] == -1) { + sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Could not determine socket type."), + name); + } + } + else + dt[slot] = SH_LOG_OTHER; + } + } + + if (dt[slot] == SH_LOG_OTHER) { + fd = open ( name, O_WRONLY|O_APPEND|O_NOCTTY|O_NONBLOCK); + } + else if (dt[slot] == SH_LOG_UNIX && st[slot] != -1) { + struct sockaddr_un addr; + + if ( (fd = socket(AF_UNIX, st[slot], 0)) == -1) { + char ebuf[SH_ERRBUF_SIZE]; + int errnum = errno; + sh_error_handle ((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN, + sh_error_message(errnum, ebuf, sizeof(ebuf)), + name); + return -1; + } + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + sl_strlcpy(addr.sun_path, name, sizeof(addr.sun_path)); + if (connect(fd, (struct sockaddr*)&addr, sizeof(addr)) == -1) { + char ebuf[SH_ERRBUF_SIZE]; + int errnum = errno; + sh_error_handle ((-1), FIL__, __LINE__, errnum, MSG_E_SUBGEN, + sh_error_message(errnum, ebuf, sizeof(ebuf)), + name); + return -1; + } + } + return fd; +} + /* ---- Print out a message. ---- */ int sh_log_console (const /*@null@*/char *errmsg) @@ -335,11 +430,11 @@ int sh_log_console (const /*@null@*/char *errmsg) */ if ( OnlyStderr == S_FALSE ) { - fd[0] = open ( sh.srvcons.name, O_WRONLY|O_APPEND|O_NOCTTY|O_NONBLOCK); + fd[0] = sh_log_console_open ( sh.srvcons.name, 0); if (sh.srvcons.alt[0] != '\0') { - fd[1] = open (sh.srvcons.alt, O_WRONLY|O_APPEND|O_NOCTTY|O_NONBLOCK); + fd[1] = sh_log_console_open (sh.srvcons.alt, 1); ccMax = 2; } @@ -360,9 +455,11 @@ int sh_log_console (const /*@null@*/char *errmsg) do { val_return = write(fd[cc], errmsg, strlen(errmsg)); } while (val_return < 0 && errno == EINTR); - do { - val_return = write(fd[cc], "\r\n", 2); - } while (val_return < 0 && errno == EINTR); + if (dt[cc] != SH_LOG_UNIX || st[cc] == SOCK_STREAM) { + do { + val_return = write(fd[cc], "\r\n", 2); + } while (val_return < 0 && errno == EINTR); + } (void) sl_close_fd(FIL__, __LINE__, fd[cc]); service_failure[cc] = 0; } diff --git a/src/sh_err_log.c b/src/sh_err_log.c index da6ed06..8fc93b9 100644 --- a/src/sh_err_log.c +++ b/src/sh_err_log.c @@ -742,9 +742,9 @@ int sh_log_file (/*@null@*/char *errmsg, /*@null@*/char * inet_peer) (void) sl_strlcpy(current->logfile, logfile, strlen(logfile) + 1); current->service_failure = 0; current->log_start = S_TRUE; - memset(current->sigkey_old, (int)'\0', KEY_LEN+1); - memset(current->sigkey_new, (int)'\0', KEY_LEN+1); - memset(current->crypto, (int)'\0', KEY_LEN+1); + memset(current->sigkey_old, 0, KEY_LEN+1); + memset(current->sigkey_new, 0, KEY_LEN+1); + memset(current->crypto, 0, KEY_LEN+1); current->next = logfile_list; logfile_list = current; } @@ -943,7 +943,7 @@ int sh_log_file (/*@null@*/char *errmsg, /*@null@*/char * inet_peer) errFlags.databaselevel = store7; - memset (crypto, (int) '\0', KEY_LEN); + memset (crypto, 0, KEY_LEN); sh.flag.log_start = S_FALSE; current->log_start = S_FALSE; } @@ -1045,8 +1045,8 @@ int sh_log_file (/*@null@*/char *errmsg, /*@null@*/char * inet_peer) /* --- Clean up and free record. --- */ - memset (log_msg.msg, (int)'\0', (size_t)(status + 2*KEY_LEN + 32)); - memset (log_msg.signature, (int)'\0', KEY_LEN); + memset (log_msg.msg, 0, (size_t)(status + 2*KEY_LEN + 32)); + memset (log_msg.signature, 0, KEY_LEN); (void) sh_unix_munlock (log_msg.msg, (size_t)(status + 2*KEY_LEN + 32)); SH_FREE(log_msg.msg); @@ -1283,7 +1283,7 @@ void sh_efile_report() status = sl_forward(fd); if (!SL_ISERROR(status)) - status = sl_write (fd, report, strlen(report)); + sl_write (fd, report, strlen(report)); (void) sl_sync(fd); /* make group writeable, such that nagios can truncate */ diff --git a/src/sh_error.c b/src/sh_error.c index 5ec934b..82ee3c8 100644 --- a/src/sh_error.c +++ b/src/sh_error.c @@ -243,6 +243,7 @@ void sh_error_dbg_switch(void) static int sh_error_set_classmask (const char * str, int * facility_mask) { char * p; + char * q; int num = 0; unsigned int i; size_t len; @@ -289,6 +290,8 @@ static int sh_error_set_classmask (const char * str, int * facility_mask) if (p == NULL) break; + q = p; while (*q != '\0') { *q = toupper( (int) *q); ++q; } + for (i = 0; i < SH_CLA_MAX; ++i) { if (i < SH_CLA_RAW_MAX) { @@ -494,15 +497,20 @@ int sh_error_convert_level (const char * str_s) { int i; int level = (-1); + char * tmp; + char * q; SL_ENTER(_("sh_error_convert_level")); if (str_s == NULL) SL_RETURN( -1, _("sh_error_convert_level")); + q = sh_util_strdup(str_s); + tmp = q; while (*tmp != '\0') { *tmp = tolower( (int) *tmp); ++tmp; } + for (i = 0; i < SH_EEF_MAX; ++i) { - if (0 == sl_strncmp(str_s, _(eef_tab[i].str), + if (0 == sl_strncmp(q, _(eef_tab[i].str), sl_strlen(eef_tab[i].str))) { level = eef_tab[i].val; @@ -510,6 +518,7 @@ int sh_error_convert_level (const char * str_s) } } + SH_FREE(q); SL_RETURN( level, _("sh_error_convert_level")); } @@ -553,10 +562,17 @@ int sh_error_set_level(const char * str_in, int * facility) register int i, j, f = BAD; int old_facility; - const char * str_s = str_in; + char * str_s; + char * str_orig; + char * tmp; SL_ENTER(_("sh_error_set_level")); + str_s = sh_util_strdup(str_in); + str_orig = str_s; + + tmp = str_s; while (*tmp != '\0') { *tmp = tolower( (int) *tmp); ++tmp; } + if (IsInitialized == BAD) (void) sh_error_init(); @@ -649,6 +665,7 @@ int sh_error_set_level(const char * str_in, int * facility) if (!str_s) { + if (str_orig) SH_FREE(str_orig); SL_RETURN ((-1), _("sh_error_set_level")); } /* skip to end of string @@ -674,10 +691,12 @@ int sh_error_set_level(const char * str_in, int * facility) *facility = old_facility; sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, _("priority"), str_in); + SH_FREE(str_orig); SL_RETURN (-1, _("sh_error_set_level")); } compute_flag_err_debug(); compute_flag_err_info(); + SH_FREE(str_orig); SL_RETURN (0, _("sh_error_set_level")); } @@ -1422,7 +1441,7 @@ void sh_error_handle (int sev1, const char * file, long line, SH_FREE( lmsg->msg ); sh_replace_free(hexmsg); - memset ( lmsg, (int) '\0', sizeof(struct _log_t) ); + memset ( lmsg, 0, sizeof(struct _log_t) ); MUNLOCK( (char *) lmsg, sizeof(struct _log_t) ); SH_FREE( lmsg ); own_block = 0; diff --git a/src/sh_extern.c b/src/sh_extern.c index c048873..bc6fc47 100644 --- a/src/sh_extern.c +++ b/src/sh_extern.c @@ -992,6 +992,7 @@ char * sh_ext_popen_str (const char * command) sh_string_read(s, task.pipe, 0); if (sh_string_len(s) == 0) { + /* cppcheck-suppress syntaxError */ --try; retry_msleep(0, 100); } } while (sh_string_len(s) == 0 && try != 0); diff --git a/src/sh_fInotify.c b/src/sh_fInotify.c index 67162e7..8cdadf8 100644 --- a/src/sh_fInotify.c +++ b/src/sh_fInotify.c @@ -196,13 +196,13 @@ int sh_fInotify_run() /* Blocking read from inotify file descriptor. */ - len = sh_inotify_read_timeout(buffer, 16384, 1); + len = sh_inotify_read_timeout (buffer, 16384, 1); if (len > 0) { struct inotify_event *event; - int i = 0; - + long i = 0; + while (i < len) { event = (struct inotify_event *) &(buffer[i]); diff --git a/src/sh_files.c b/src/sh_files.c index c32c4bc..09fc559 100644 --- a/src/sh_files.c +++ b/src/sh_files.c @@ -19,7 +19,37 @@ #include "config_xor.h" -#if defined(HAVE_PTHREAD_MUTEX_RECURSIVE) +#if defined(HAVE_PTHREAD_MUTEX_RECURSIVE) && defined(HAVE_DIRENT_H) && defined(HAVE_SCANDIR) + +/* Linux */ +#if defined(__linux__) +#define _XOPEN_SOURCE 700 +#define SH_USE_SCANDIR 1 + +/* FreeBSD */ +#elif defined(__FreeBSD__) + +#if __FreeBSD__ >= 8 +#define __XSI_VISIBLE 700 +#define SH_USE_SCANDIR 1 +#endif + +/* OpenBSD */ +#elif defined(__OpenBSD__) +#define __POSIX_VISIBLE 200809 +#define SH_USE_SCANDIR 1 + +#elif defined(__NetBSD__) +#define _NETBSD_SOURCE +#define SH_USE_SCANDIR 1 + +/* other os */ +#else +#define _XOPEN_SOURCE 500 + +#endif + +#elif defined(HAVE_PTHREAD_MUTEX_RECURSIVE) #define _XOPEN_SOURCE 500 #endif @@ -35,7 +65,6 @@ */ #include <sys/types.h> #include <unistd.h> -#include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> @@ -214,12 +243,18 @@ static char * sh_files_C_dequote (char * s, size_t * length) char * sh_files_parse_input(const char * str_s, size_t * len) { char * p; - + if (!str_s || *str_s == '\0') return NULL; *len = sl_strlen(str_s); - + if (sh.flag.checkSum == SH_CHECK_INIT) + { + size_t addspace = sh_dbIO_get_rootfs_len(); + if (addspace != 0 && S_TRUE == sl_ok_adds (*len, addspace)) + *len += addspace; + } + if ( (str_s[0] == '"' && str_s[*len-1] == '"' ) || (str_s[0] == '\'' && str_s[*len-1] == '\'') ) { @@ -621,7 +656,7 @@ static char * intern_find_morespecific_dir(zAVLTree * tree, size_t l_path = strlen(path); size_t l_name; char * candidate = NULL; - size_t l_candidate = 0; + volatile size_t l_candidate = 0; if (NULL == tree) return NULL; @@ -1420,6 +1455,9 @@ static int sh_files_pushfile (int class, const char * str_s) if (!p || len == 0) SL_RETURN((-1), _("sh_files_pushfile")); + if (sh.flag.checkSum == SH_CHECK_INIT) + p = sh_dbIO_rootfs_prepend(p); + if (len >= PATH_MAX) { /* Name too long @@ -1854,6 +1892,9 @@ static int sh_files_pushdir (int class, const char * str_s) SL_RETURN((-1), _("sh_files_pushdir")); } + if (sh.flag.checkSum == SH_CHECK_INIT) + tail = sh_dbIO_rootfs_prepend(tail); + len = sl_strlen(tail); if (len >= PATH_MAX) @@ -2045,8 +2086,16 @@ static int sh_files_hle_test (int offset, char * path) } #endif -static void * sh_dummy_dirlist; -static void * sh_dummy_tmpcat; +/* This is the LCG from Numerical Recipies. Deterministic. + */ +static unsigned int simple_rand(unsigned int * state) +{ + *state = 1664525 * (*state) + 1013904223; + return *state; +} + +void * sh_dummy_dirlist; +void * sh_dummy_tmpcat; /* -- Check a single directory and its content. Does not * check the directory inode itself. @@ -2060,6 +2109,10 @@ int sh_files_checkdir (int iclass, unsigned long check_flags, DIR * thisDir = NULL; struct dirent * thisEntry; +#if defined(SH_USE_SCANDIR) + struct dirent **entryList; + int entry; +#endif int status; int dummy = S_FALSE; dir_type * theDir; @@ -2246,25 +2299,46 @@ int sh_files_checkdir (int iclass, unsigned long check_flags, dirlist = NULL; dirlist_orig = NULL; +#if defined(SH_USE_SCANDIR) + entry = scandir(iname, &entryList, 0, alphasort); + while(entry > 0) { /* scandir() may return -1 on error! */ + entry--; + thisEntry = entryList[entry]; +#else do { thisEntry = readdir (thisDir); +#endif if (thisEntry != NULL) { ++theDir->NumAll; if (sl_strcmp (thisEntry->d_name, ".") == 0) { ++theDir->NumDirs; +#if defined(SH_USE_SCANDIR) + free(entryList[entry]); /* scandir() mallocs entries */ +#endif continue; } if (sl_strcmp (thisEntry->d_name, "..") == 0) { ++theDir->NumDirs; +#if defined(SH_USE_SCANDIR) + free(entryList[entry]); /* scandir() mallocs entries */ +#endif continue; } dirlist = addto_sh_dirlist (thisEntry, dirlist); +#if defined(SH_USE_SCANDIR) + free(entryList[entry]); /* scandir() mallocs entries */ +#endif } - } while (thisEntry != NULL); - + } +#if defined(SH_USE_SCANDIR) + free(entryList); +#else + while (thisEntry != NULL); +#endif + SH_MUTEX_UNLOCK(mutex_readdir); closedir (thisDir); @@ -2289,11 +2363,7 @@ int sh_files_checkdir (int iclass, unsigned long check_flags, BREAKEXIT(sh_derr); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_RAND_R) - if (0 == (rand_r(&state) % 5)) (void) sh_derr(); -#else - if (0 == state * (rand() % 5)) (void) sh_derr(); -#endif + if (0 == (simple_rand(&state) % 5)) (void) sh_derr(); /* ---- Check the file. ---- */ @@ -2636,11 +2706,7 @@ ShFileType sh_files_filecheck (int class, unsigned long check_flags, BREAKEXIT(sh_derr); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_RAND_R) - if (0 == (rand_r(&state) % 2)) (void) sh_derr(); -#else - if (0 == state * (rand() % 2)) (void) sh_derr(); -#endif + if (0 == (simple_rand(&state) % 2)) (void) sh_derr(); if (dirName && infileName && (dirName[0] == '/') && (dirName[1] == '\0') && (infileName[0] == '/') && (infileName[1] == '\0')) @@ -2762,6 +2828,10 @@ ShFileType sh_files_filecheck (int class, unsigned long check_flags, if (S_TRUE == sh_ignore_chk_mod(theFile->fullpath)) MODI_SET(theFile->check_flags, MODI_NOCHECK); sh_tiger_get_mask_hashtype(&(theFile->check_flags)); + + sh_dbIO_rootfs_strip(theFile->fullpath); + if (theFile->link_path) + sh_dbIO_rootfs_strip_link(theFile->link_path); sh_dbIO_data_write (theFile, fileHash); } else if (sh.flag.checkSum == SH_CHECK_CHECK diff --git a/src/sh_filetype.c b/src/sh_filetype.c index 9abac46..3993d0b 100644 --- a/src/sh_filetype.c +++ b/src/sh_filetype.c @@ -596,6 +596,8 @@ int main (int argc, char * argv[]) fprintf(stdout, "%s: %s\n", argv[1], filetype); + fclose(fh); + return 0; } return 1; diff --git a/src/sh_filter.c b/src/sh_filter.c index 4cd9578..aa9c471 100644 --- a/src/sh_filter.c +++ b/src/sh_filter.c @@ -114,6 +114,7 @@ int sh_filter_add (const char * str, sh_filter_type * filter, int type) SL_RETURN((-1), _("sh_filter_filteradd")); } + /* cppcheck-suppress uninitvar */ i = *ntok; if (i == SH_FILT_NUM) { SL_RETURN((-1), _("sh_filter_filteradd")); @@ -292,7 +293,7 @@ sh_filter_type * sh_filter_alloc(void) { sh_filter_type * filter = SH_ALLOC(sizeof(sh_filter_type)); - memset(filter, '\0', sizeof(sh_filter_type)); + memset(filter, 0, sizeof(sh_filter_type)); filter->for_c = 0; filter->fand_c = 0; filter->fnot_c = 0; diff --git a/src/sh_getopt.c b/src/sh_getopt.c index 7969d4e..8480614 100644 --- a/src/sh_getopt.c +++ b/src/sh_getopt.c @@ -290,6 +290,11 @@ static opttable_t op_table[] = { N_("Create database from file list"), HAS_ARG_YES, sh_dbCreate}, + { N_("init-rootfs"), + '-', + N_("Build database based on another rootfs"), + HAS_ARG_YES, + sh_dbIO_init_rootfs}, { N_("wait-on-check"), 'w', N_("Timed wait for end of filecheck (0 for no timeout)"), @@ -417,8 +422,8 @@ static void sh_getopt_print_log_facilities (void) #endif #ifdef HAVE_LIBPRELUDE - if (num > 0) fputc ('\n', stdout); ++num; - fputs (_(" prelude (0.9.6+)"), stdout); + if (num > 0) fputc ('\n', stdout); + fputs (_(" prelude (0.9.6+)"), stdout); ++num; #endif if (num == 0) @@ -475,10 +480,10 @@ static void sh_getopt_print_options (void) #ifdef WITH_GPG if (num > 0) fputc ('\n', stdout); - printf (_(" GnuPG signatures (%s)"), DEFAULT_GPG_PATH); ++num; -#ifdef HAVE_GPG_CHECKSUM + printf (_(" GnuPG signatures (%s)"), DEFAULT_SIG_PATH); ++num; +#ifdef HAVE_SIG_CHECKSUM if (num > 0) fputc ('\n', stdout); - printf (_(" -- GnuPG checksum: %s"), GPG_HASH); ++num; + printf (_(" -- GnuPG checksum: %s"), SIG_HASH); ++num; #endif #ifdef USE_FINGERPRINT if (num > 0) fputc ('\n', stdout); @@ -634,7 +639,7 @@ static int sh_getopt_version (const char * dummy) static int sh_getopt_copyright (const char * dummy) { fprintf (stdout, "%s", - _("Copyright (C) 1999-2008 Rainer Wichmann"\ + _("Copyright (C) 1999-2019 Rainer Wichmann"\ " (http://la-samhna.de).\n\n")); fprintf (stdout, "%s", diff --git a/src/sh_gpg.c b/src/sh_gpg.c deleted file mode 100644 index e06d42c..0000000 --- a/src/sh_gpg.c +++ /dev/null @@ -1,1035 +0,0 @@ -/* SAMHAIN file system integrity testing */ -/* Copyright (C) 1999, 2000 Rainer Wichmann */ -/* */ -/* This program is free software; you can redistribute it */ -/* and/or modify */ -/* it under the terms of the GNU General Public License as */ -/* published by */ -/* the Free Software Foundation; either version 2 of the License, or */ -/* (at your option) any later version. */ -/* */ -/* This program is distributed in the hope that it will be useful, */ -/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ -/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ -/* GNU General Public License for more details. */ -/* */ -/* You should have received a copy of the GNU General Public License */ -/* along with this program; if not, write to the Free Software */ -/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ - -#include "config_xor.h" - -#include <stdio.h> -#include <stdlib.h> - - -#if defined(WITH_GPG) || defined(WITH_PGP) - -#include <unistd.h> -#include <fcntl.h> -#include <signal.h> -#if defined(SH_WITH_SERVER) -#include <pwd.h> -#endif -#include <sys/stat.h> -#include <sys/types.h> -#include <errno.h> -#include <sys/wait.h> - -#include <string.h> -#ifdef HAVE_MEMORY_H -#include <memory.h> -#endif - - -#if !defined(O_NONBLOCK) -#if defined(O_NDELAY) -#define O_NONBLOCK O_NDELAY -#else -#define O_NONBLOCK 0 -#endif -#endif - - -#include "samhain.h" -#include "sh_utils.h" -#include "sh_error.h" -#include "sh_tiger.h" -#if defined(SH_WITH_SERVER) -#define SH_NEED_PWD_GRP 1 -#include "sh_static.h" -#endif -#include "sh_gpg.h" - -static struct { - char conf_id[SH_MINIBUF+1]; - char conf_fp[SH_MINIBUF+1]; - char data_id[SH_MINIBUF+1]; - char data_fp[SH_MINIBUF+1]; -} gp; - -typedef struct { - pid_t pid; - FILE * pipe; -} sh_gpg_popen_t; - -#define SH_GPG_OK 0 -#define SH_GPG_BAD 1 -#define SH_GPG_BADSIGN 2 - -/* replace #if 0 by #if 1 and set an appropriate path in front of '/pdbg.' - * for debugging - */ -#if 0 -#define PDGBFILE "/pdbg." -#endif - -#if defined(PDGBFILE) -FILE * pdbg; -FILE * pdbgc; -#define PDBG_OPEN pdbg = fopen(PDGBFILE"main", "a") -#define PDBG_CLOSE sl_fclose (FIL__, __LINE__, pdbg) -#define PDBG(arg) fprintf(pdbg, "PDBG: step %d\n", arg); fflush(pdbg) -#define PDBG_D(arg) fprintf(pdbg, "PDBG: %d\n", arg); fflush(pdbg) -#define PDBG_S(arg) fprintf(pdbg, "PDBG: %s\n", arg); fflush(pdbg) - -#define PDBGC_OPEN pdbgc = fopen(PDGBFILE"child", "a") -#define PDBGC_CLOSE sl_fclose (FIL__, __LINE__, pdbgc) -#define PDBGC(arg) fprintf(pdbgc, "PDBG: step %d\n", arg); fflush(pdbgc) -#define PDBGC_D(arg) fprintf(pdbgc, "PDBG: %d\n", arg); fflush(pdbgc) -#define PDBGC_S(arg) fprintf(pdbgc, "PDBG: %s\n", arg); fflush(pdbgc) -#else -#define PDBG_OPEN -#define PDBG_CLOSE -#define PDBG(arg) -#define PDBG_D(arg) -#define PDBG_S(arg) -#define PDBGC_OPEN -#define PDBGC_CLOSE -#define PDBGC(arg) -#define PDBGC_D(arg) -#define PDBGC_S(arg) -#endif - -#undef FIL__ -#define FIL__ _("sh_gpg.c") - -#ifdef GPG_HASH - -static int sh_gpg_checksum (SL_TICKET checkfd, int flag) -{ - char * test_gpg; - char * test_ptr1 = NULL; - char * test_ptr2 = NULL; - char wstrip1[128]; - char wstrip2[128]; - int i, k; -#include "sh_gpg_chksum.h" - - SL_ENTER(_("sh_gpg_checksum")); - - test_gpg = sh_tiger_hash_gpg (DEFAULT_GPG_PATH, checkfd, TIGER_NOLIM); - - test_ptr1 = strchr(GPG_HASH, ':'); - if (test_gpg != NULL) - test_ptr2 = strchr(test_gpg, ':'); - - if (test_ptr2 != NULL) - test_ptr2 += 2; - else - test_ptr2 = test_gpg; - if (test_ptr1 != NULL) - test_ptr1 += 2; - else - test_ptr1 = GPG_HASH; - - /* Tue Jun 24 23:11:54 CEST 2003 (1.7.9) -- strip whitespace - */ - k = 0; - for (i = 0; i < 127; ++i) - { - if (test_ptr1[i] == '\0') - break; - if (test_ptr1[i] != ' ') - { - wstrip1[k] = test_ptr1[i]; - ++k; - } - } - wstrip1[k] = '\0'; - - for(i = 0; i < KEY_LEN; ++i) - { - if (gpgchk[i] != wstrip1[i]) - { - sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0, MSG_E_GPG_CHK, - gpgchk, wstrip1); - break; - } - } - - k = 0; - if (test_ptr2) - { - for (i = 0; i < 127; ++i) - { - if (test_ptr2[i] == '\0') - break; - if (test_ptr2[i] != ' ') - { - wstrip2[k] = test_ptr2[i]; - ++k; - } - } - } - wstrip2[k] = '\0'; - - if (0 != sl_strncmp(wstrip1, wstrip2, 127)) - { - TPT(((0), FIL__, __LINE__, _("msg=<pgp checksum: %s>\n"), test_gpg)); - TPT(((0), FIL__, __LINE__, _("msg=<Compiled-in : %s>\n"), GPG_HASH)); - TPT(((0), FIL__, __LINE__, _("msg=<wstrip1 : %s>\n"), wstrip1)); - TPT(((0), FIL__, __LINE__, _("msg=<wstrip2 : %s>\n"), wstrip2)); - if (flag == 1) - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_GPG, - GPG_HASH, test_gpg); - dlog(1, FIL__, __LINE__, _("The compiled-in checksum of the gpg binary\n(%s)\ndoes not match the actual checksum\n(%s).\nYou need to recompile with the correct checksum."), wstrip1, wstrip2); - SH_FREE(test_gpg); - SL_RETURN((-1), _("sh_gpg_checksum")); - } - SH_FREE(test_gpg); - SL_RETURN( (0), _("sh_gpg_checksum")); -} -#endif - -struct startup_info { - long line; - char * program; - long uid; - char * path; - char * key_uid; - char * key_id; -}; - -static struct startup_info startInfo = { 0, NULL, 0, NULL, NULL, NULL }; - -void sh_gpg_log_startup (void) -{ - if (startInfo.program != NULL) - { - sh_error_handle ((-1), FIL__, startInfo.line, 0, MSG_START_GH, - startInfo.program, startInfo.uid, - startInfo.path, - startInfo.key_uid, startInfo.key_id); - } - return; -} - -static void sh_gpg_fill_startup (long line, char * program, long uid, char * path, - char * key_uid, char * key_id) -{ - startInfo.line = line; - startInfo.program = sh_util_strdup(program); - startInfo.uid = uid; - startInfo.path = sh_util_strdup(path); - startInfo.key_uid = sh_util_strdup(key_uid); - startInfo.key_id = sh_util_strdup(key_id); - return; -} - -static FILE * sh_gpg_popen (sh_gpg_popen_t *source, int fd, - int mode, char * id, char * homedir) -{ - extern int flag_err_debug; - int pipedes[2]; - FILE * outf = NULL; - char * envp[2]; - size_t len; - char path[256]; - char cc1[32]; - char cc2[32]; - - char cc0[2] = "-"; - char cc3[32]; - char cc4[SH_PATHBUF+32]; - char cc5[32]; - - - char * arg[9]; - -#if defined(HAVE_GPG_CHECKSUM) - SL_TICKET checkfd = -1; - int myrand; - int i; -#if defined(__linux__) - int get_the_fd(SL_TICKET); - char pname[128]; - int pfd; - int val_return; -#endif -#endif - - SL_ENTER(_("sh_gpg_popen")); - - /* -- GnuPG -- */ - sl_strlcpy (path, DEFAULT_GPG_PATH, 256); - sl_strlcpy (cc1, _("--status-fd"), 32); - sl_strlcpy (cc2, _("--verify"), 32); - sl_strlcpy (cc3, _("--homedir"), 32); - /* sl_strlcpy (cc4, sh.effective.home, SH_PATHBUF+32); */ - sl_strlcpy (cc4, homedir, SH_PATHBUF+32); - sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); - sl_strlcpy (cc5, _("--no-tty"), 32); - - /* fprintf(stderr, "YULE: homedir=%s\n", homedir); */ - -#if defined(SH_WITH_SERVER) - if (0 == sl_ret_euid()) /* privileges not dropped yet */ - { - struct stat lbuf; - int status_stat = 0; -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - struct passwd pwd; - char * buffer = SH_ALLOC(SH_PWBUF_SIZE); - struct passwd * tempres; - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); -#else - struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); -#endif - - if (!tempres) - { - dlog(1, FIL__, __LINE__, - _("User %s does not exist. Please add the user to your system.\n"), - DEFAULT_IDENT); - status_stat = -1; - } - if (!tempres->pw_dir || tempres->pw_dir[0] == '\0') - { - dlog(1, FIL__, __LINE__, - _("User %s does not have a home directory.\nPlease add the home directory for this user to your system.\n"), - DEFAULT_IDENT); - status_stat = -2; - } - if (status_stat == 0) - { - sl_strlcpy (cc4, tempres->pw_dir, SH_PATHBUF+32); - sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); - status_stat = retry_lstat(FIL__, __LINE__, cc4, &lbuf); - if (status_stat == -1) - { - dlog(1, FIL__, __LINE__, - _("Gnupg directory %s for user %s\ndoes not exist or is not accessible.\nPlease add the directory and put the keyring (pubring.gpg) there\nto verify the configuration file.\n"), - cc4, DEFAULT_IDENT); - status_stat = -3; - } - } - if (status_stat == 0 && lbuf.st_uid != tempres->pw_uid) - { - dlog(1, FIL__, __LINE__, - _("Gnupg directory %s\nis not owned by user %s.\n"), - cc4, DEFAULT_IDENT); - status_stat = -4; - } - if (status_stat == 0) - { - sl_strlcat (cc4, _("/pubring.gpg"), SH_PATHBUF+32); - status_stat = retry_lstat(FIL__, __LINE__, cc4, &lbuf); - if (status_stat == -1) - { - dlog(1, FIL__, __LINE__, - _("Gnupg public keyring %s for user %s\ndoes not exist or is not accessible.\nPlease add the directory and put the keyring (pubring.gpg) there\nto verify the configuration file.\n"), - cc4, DEFAULT_IDENT); - status_stat = -5; - } - } - if (status_stat == 0 && lbuf.st_uid != tempres->pw_uid) - { - dlog(1, FIL__, __LINE__, - _("Gnupg public keyring %s\nis not owned by user %s.\n"), - cc4, DEFAULT_IDENT); - status_stat = -6; - } - if (status_stat != 0) - { - sh_error_handle((-1), FIL__, __LINE__, status_stat, MSG_EXIT_ABORT1, - sh.prg_name); - aud_exit (FIL__, __LINE__, EXIT_FAILURE); - } - sl_strlcpy (cc4, tempres->pw_dir, SH_PATHBUF+32); - sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) - SH_FREE(buffer); -#endif - } -#endif - - arg[0] = path; - arg[1] = cc1; - arg[2] = "1"; - arg[3] = cc2; - arg[4] = cc3; - arg[5] = cc4; - arg[6] = cc5; - arg[7] = cc0; - arg[8] = NULL; - - /* catch 'unused parameter' compiler warning - */ - (void) mode; - (void) id; - - /* use homedir of effective user - */ - len = sl_strlen(sh.effective.home) + 6; - envp[0] = calloc(1, len); /* free() ok */ - if (envp[0] != NULL) - sl_snprintf (envp[0], len, _("HOME=%s"), sh.effective.home); - envp[1] = NULL; - - /* Create the pipe - */ - if (aud_pipe(FIL__, __LINE__, pipedes) < 0) - { - if (envp[0] != NULL) - free(envp[0]); - SL_RETURN( (NULL), _("sh_gpg_popen")); - } - - fflush (NULL); - - source->pid = aud_fork(FIL__, __LINE__); - - /* Failure - */ - if (source->pid == (pid_t) - 1) - { - sl_close_fd(FIL__, __LINE__, pipedes[0]); - sl_close_fd(FIL__, __LINE__, pipedes[1]); - if (envp[0] != NULL) - free(envp[0]); - SL_RETURN( (NULL), _("sh_gpg_popen")); - } - - if (source->pid == (pid_t) 0) - { - - /* child - make read side of the pipe stdout - */ - if (retry_aud_dup2(FIL__, __LINE__, - pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0) - { - TPT(((0), FIL__, __LINE__, _("msg=<dup2 on pipe failed>\n"))); - dlog(1, FIL__, __LINE__, _("Internal error: dup2 failed\n")); - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* close the pipe descriptors - */ - sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]); - sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); - - if (retry_aud_dup2(FIL__, __LINE__, fd, STDIN_FILENO) < 0) - { - TPT(((0), FIL__, __LINE__, _("msg=<dup2 on fd failed>\n"))); - dlog(1, FIL__, __LINE__, _("Internal error: dup2 failed\n")); - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* don't leak file descriptors - */ - sh_unix_closeall (3, -1, S_TRUE); /* in child process */ - - if (flag_err_debug != S_TRUE) - { - if (NULL == freopen(_("/dev/null"), "r+", stderr)) - { - dlog(1, FIL__, __LINE__, _("Internal error: freopen failed\n")); - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - } - - - /* We should become privileged if SUID, - * to be able to read the keyring. - * We have checked that gpg is OK, - * AND that only a trusted user could overwrite - * gpg. - */ - memset (skey, '\0', sizeof(sh_key_t)); - aud_setuid(FIL__, __LINE__, geteuid()); - - PDBGC_OPEN; - PDBGC_D((int)getuid()); - PDBGC_D((int)geteuid()); - - { - int i = 0; - while (arg[i] != NULL) - { - PDBGC_S(arg[i]); - ++i; - } - } - PDBGC_CLOSE; - - /* exec the program */ - -#if defined(__linux__) && defined(HAVE_GPG_CHECKSUM) - /* - * -- emulate an fexecve with checksum testing - */ - checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_GPG_PATH, SL_NOPRIV); - - if (0 != sh_gpg_checksum(checkfd, 0)) - { - sl_close(checkfd); - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - - pfd = get_the_fd(checkfd); - do { - val_return = dup (pfd); - } while (val_return < 0 && errno == EINTR); - pfd = val_return; - sl_close(checkfd); - /* checkfd = -1; *//* never read */ - - sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); - if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ - - { - fcntl (pfd, F_SETFD, FD_CLOEXEC); - retry_aud_execve (FIL__, __LINE__, pname, arg, envp); - - dlog(1, FIL__, __LINE__, _("Unexpected error: execve %s failed\n"), - pname); - /* failed - */ - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* procfs not working, go ahead - */ -#endif - -#if defined(HAVE_GPG_CHECKSUM) - /* This is an incredibly ugly kludge to prevent an attacker - * from knowing when it is safe to slip in a fake executable - * between the integrity check and the execve - */ - myrand = (int) taus_get (); - - myrand = (myrand < 0) ? (-myrand) : myrand; - myrand = (myrand % 32) + 2; - - for (i = 0; i < myrand; ++i) - { - checkfd = sl_open_fastread(FIL__, __LINE__, - DEFAULT_GPG_PATH, SL_NOPRIV); - - if (0 != sh_gpg_checksum(checkfd, 0)) { - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - sl_close(checkfd); - } -#endif - - retry_aud_execve (FIL__, __LINE__, DEFAULT_GPG_PATH, arg, envp); - dlog(1, FIL__, __LINE__, _("Unexpected error: execve %s failed\n"), - DEFAULT_GPG_PATH); - - /* failed - */ - TPT(((0), FIL__, __LINE__, _("msg=<execve failed>\n"))); - dlog(1, FIL__, __LINE__, _("Unexpected error: execve failed\n")); - aud__exit(FIL__, __LINE__, EXIT_FAILURE); - } - - /* parent - */ - - if (envp[0] != NULL) - free(envp[0]); - - sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); - retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC); - retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO], F_SETFL, O_NONBLOCK); - - outf = fdopen (pipedes[STDIN_FILENO], "r"); - - if (outf == NULL) - { - aud_kill (FIL__, __LINE__, source->pid, SIGKILL); - sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); - waitpid (source->pid, NULL, 0); - source->pid = 0; - SL_RETURN( (NULL), _("sh_gpg_popen")); - } - - SL_RETURN( (outf), _("sh_gpg_popen")); -} - - -static int sh_gpg_pclose (sh_gpg_popen_t *source) -{ - int status = 0; - - SL_ENTER(_("sh_gpg_pclose")); - - status = sl_fclose(FIL__, __LINE__, source->pipe); - if (status) - SL_RETURN( (-1), _("sh_gpg_pclose")); - - if (waitpid(source->pid, NULL, 0) != source->pid) - status = -1; - - source->pipe = NULL; - source->pid = 0; - SL_RETURN( (status), _("sh_gpg_pclose")); -} - -static -int sh_gpg_check_file_sign(int fd, char * sign_id, char * sign_fp, - char * homedir, int whichfile) -{ - struct stat buf; - char line[256]; - sh_gpg_popen_t source; - int have_id = BAD, have_fp = BAD, status = 0; - -#ifdef HAVE_GPG_CHECKSUM - SL_TICKET checkfd; -#endif - - SL_ENTER(_("sh_gpg_check_file_sign")); - - /* check whether GnuPG exists and has the correct checksum - */ - TPT(((0), FIL__, __LINE__, _("msg=<Check signature>\n"))); - TPT(((0), FIL__, __LINE__, _("msg=<gpg is %s>\n"), DEFAULT_GPG_PATH)); - - if (0 != retry_lstat(FIL__, __LINE__, DEFAULT_GPG_PATH, &buf)) - { - char errbuf[SH_ERRBUF_SIZE]; - - status = errno; - sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, - sh_error_message(status, errbuf, sizeof(errbuf)), DEFAULT_GPG_PATH); - SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign")); - } - - if (0 != tf_trust_check (DEFAULT_GPG_PATH, SL_YESPRIV)) - SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign")); - -#ifdef HAVE_GPG_CHECKSUM - checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_GPG_PATH, SL_YESPRIV); - - if (0 != sh_gpg_checksum(checkfd, 1)) - { - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Checksum mismatch"), - _("gpg_check_file_sign")); - sl_close(checkfd); - SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign")); - } - sl_close(checkfd); -#endif - - TPT(((0), FIL__, __LINE__, _("msg=<Open pipe to check signature>\n"))); - - fflush(NULL); - - source.pipe = sh_gpg_popen ( &source, fd, 0, NULL, homedir ); - - if (NULL == source.pipe) - { - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Could not open pipe"), - _("gpg_check_file_sign")); - SL_RETURN( SH_GPG_BAD, _("sh_gpg_check_file_sign")); - } - - TPT(((0), FIL__, __LINE__, _("msg=<Open pipe success>\n"))); - - xagain: - - errno = 0; - - while (NULL != fgets(line, sizeof(line), source.pipe)) - { - - TPT(((0), FIL__, __LINE__, _("msg=<gpg out: %s>\n"), line)); - if (line[strlen(line)-1] == '\n') - line[strlen(line)-1] = ' '; - sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, - line, - _("gpg_check_file_sign")); - - if (sl_strlen(line) < 18) - continue; - - /* Sun May 27 18:40:05 CEST 2001 - */ - if (0 == sl_strncmp(_("BADSIG"), &line[9], 6) || - 0 == sl_strncmp(_("ERRSIG"), &line[9], 6) || - 0 == sl_strncmp(_("NO_PUBKEY"), &line[9], 6) || - 0 == sl_strncmp(_("NODATA"), &line[9], 6) || - 0 == sl_strncmp(_("SIGEXPIRED"), &line[9], 6)) - { - if (0 == sl_strncmp(_("BADSIG"), &line[9], 6)) { - dlog(1, FIL__, __LINE__, - _("%s file is signed, but the signature is invalid."), - ((whichfile == 1) ? _("Configuration") : _("Database"))); - } - else if (0 == sl_strncmp(_("NO_PUBKEY"), &line[9], 6)) { - dlog(1, FIL__, __LINE__, - _("%s file is signed, but the public key to verify the signature is not in my keyring %s/.gnupg/pubring.asc."), - ((whichfile == 1) ? _("Configuration") : _("Database")), - homedir); - } - else if (0 == sl_strncmp(_("ERRSIG"), &line[9], 6)) { - dlog(1, FIL__, __LINE__, - _("%s file is signed, but the public key to verify the signature is not in my keyring %s/.gnupg/pubring.asc."), - ((whichfile == 1) ? _("Configuration") : _("Database")), - homedir); - } - else if (0 == sl_strncmp(_("SIGEXPIRED"), &line[9], 6)) { - dlog(1, FIL__, __LINE__, - _("%s file is signed, but the public key to verify the signature has expired."), - ((whichfile == 1) ? _("Configuration") : _("Database"))); - } - else if (0 == sl_strncmp(_("NODATA"), &line[9], 6)) { - dlog(1, FIL__, __LINE__, - _("%s file is not signed."), - ((whichfile == 1) ? _("Configuration") : _("Database"))); - } - - have_fp = BAD; have_id = BAD; - break; - } - if (0 == sl_strncmp(_("GOODSIG"), &line[9], 7)) - { - sl_strlcpy (sign_id, &line[25], SH_MINIBUF+1); - if (sign_id) - sign_id[sl_strlen(sign_id)-1] = '\0'; /* remove trailing '"' */ - have_id = GOOD; - } - if (0 == sl_strncmp(_("VALIDSIG"), &line[9], 8)) - { - strncpy (sign_fp, &line[18], 40); - sign_fp[40] = '\0'; - have_fp = GOOD; - } - } - - if (ferror(source.pipe) && errno == EAGAIN) - { - /* sleep 10 ms to avoid starving the gpg child writing to the pipe */ - retry_msleep(0,10); - clearerr(source.pipe); - goto xagain; - } - - sh_gpg_pclose (&source); - - TPT(((0), FIL__, __LINE__, _("msg=<Close pipe>\n"))); - - if (have_id == GOOD) - { - TPT(((0), FIL__, __LINE__, _("msg=<Got signator ID>\n"))); - } - if (have_fp == GOOD) - { - TPT(((0), FIL__, __LINE__, _("msg=<Got fingerprint>\n"))); - } - - if (have_id == GOOD && have_fp == GOOD) - SL_RETURN( SH_GPG_OK, _("sh_gpg_check_file_sign")); - else - { - if (have_id == BAD) - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("No good signature"), - _("gpg_check_file_sign")); - else - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("No fingerprint for key"), - _("gpg_check_file_sign")); - SL_RETURN( SH_GPG_BADSIGN, _("sh_gpg_check_file_sign")); - } -} - -int get_the_fd(SL_TICKET file_1); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && \ - defined(HAVE_GETPWNAM_R) -#define USE_GETPWNAM_R 1 -#endif - -int sh_gpg_check_sign (long file, int what) -{ - int status = SH_GPG_BAD; - int fd = 0; - - static int smsg = S_FALSE; - char * tmp; - - char * sig_id; - char * sig_fp; - - char * homedir = sh.effective.home; -#if defined(SH_WITH_SERVER) - struct passwd * tempres; -#if defined(USE_GETPWNAM_R) - struct passwd pwd; - char * buffer = SH_ALLOC(SH_PWBUF_SIZE); -#endif -#endif - -#ifdef USE_FINGERPRINT -#include "sh_gpg_fp.h" -#endif - - SL_ENTER(_("sh_gpg_check_sign")); - - - if (what == SIG_CONF) - fd = get_the_fd(file); - if (what == SIG_DATA) - fd = get_the_fd(file); - - - if (fd < 0) - { - TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); - dlog(1, FIL__, __LINE__, - _("This looks like an unexpected internal error.\n")); -#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) - SH_FREE(buffer); -#endif - SL_RETURN( (-1), _("sh_gpg_check_sign")); - } - -#if defined(SH_WITH_SERVER) -#if defined(USE_GETPWNAM_R) - sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); -#else - tempres = sh_getpwnam(DEFAULT_IDENT); -#endif - if ((tempres != NULL) && (0 == sl_ret_euid())) - { - /* privileges not dropped yet*/ - homedir = tempres->pw_dir; - } -#endif - - if (what == SIG_CONF) - { - TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); - status = sh_gpg_check_file_sign(fd, gp.conf_id, gp.conf_fp, homedir, 1); - TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGUSR: |%s|>\n"), gp.conf_id)); - TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGFP: |%s|>\n"), gp.conf_fp)); - sig_id = gp.conf_id; sig_fp = gp.conf_fp; - } - - if (what == SIG_DATA) - { - TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); - status = sh_gpg_check_file_sign(fd, gp.data_id, gp.data_fp, homedir, 2); - TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGUSR: |%s|>\n"), gp.data_id)); - TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGFP: |%s|>\n"), gp.data_fp)); - sig_id = gp.data_id; sig_fp = gp.data_fp; - } - - if (SH_GPG_OK == status) - { -#ifdef USE_FINGERPRINT - if ((sl_strcmp(SH_GPG_FP, sig_fp) == 0)) - { - int i; - - for(i = 0; i < (int) sl_strlen(sig_fp); ++i) { - if (gpgfp[i] != sig_fp[i]) { - sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0, - MSG_E_GPG_FP, gpgfp, sig_fp); - break; } - } - - if (smsg == S_FALSE) { - tmp = sh_util_safe_name(sig_id); - sh_gpg_fill_startup (__LINE__, sh.prg_name, sh.real.uid, - (sh.flag.hidefile == S_TRUE) ? - _("(hidden)") : file_path('C', 'R'), - tmp, - sig_fp); - SH_FREE(tmp); } - smsg = S_TRUE; - -#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) - SH_FREE(buffer); -#endif - SL_RETURN(0, _("sh_gpg_check_sign")); - } - else - { - /* fp mismatch */ - dlog(1, FIL__, __LINE__, - _("The fingerprint of the signing key: %s\ndoes not match the compiled-in fingerprint: %s.\nTherefore the signature could not be verified.\n"), - sig_fp, SH_GPG_FP); - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Fingerprint mismatch"), _("gpg_check_sign")); - status = SH_GPG_BADSIGN; - } -#else /* ifdef USE_FINGERPRINT */ - if (smsg == S_FALSE) - { - tmp = sh_util_safe_name(sig_id); - sh_gpg_fill_startup (__LINE__, - sh.prg_name, sh.real.uid, - (sh.flag.hidefile == S_TRUE) ? - _("(hidden)") : file_path('C', 'R'), - tmp, sig_fp); - SH_FREE(tmp); - } - smsg = S_TRUE; - -#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) - SH_FREE(buffer); -#endif - - SL_RETURN(0, _("sh_gpg_check_sign")); -#endif /* !ifdef USE_FINGERPRINT */ - } - - if (status != SH_GPG_OK) - { - uid_t e_uid = sl_ret_euid(); - char * e_home = sh.effective.home; - -#if defined(SH_WITH_SERVER) -#if defined(USE_GETPWNAM_R) - struct passwd e_pwd; - char * e_buffer = SH_ALLOC(SH_PWBUF_SIZE); - struct passwd * e_tempres; - sh_getpwnam_r(DEFAULT_IDENT, &e_pwd, e_buffer, SH_PWBUF_SIZE, &e_tempres); -#else - struct passwd * e_tempres = sh_getpwnam(DEFAULT_IDENT); -#endif - - if ((e_tempres != NULL) && (0 == sl_ret_euid())) - { - /* privileges not dropped yet */ - e_uid = e_tempres->pw_uid; - e_home = e_tempres->pw_dir; - } -#endif - dlog(1, FIL__, __LINE__, - _("The signature of the configuration file or the file signature database\ncould not be verified. Possible reasons are:\n - gpg binary (%s) not found\n - invalid signature\n - the signature key is not in the private keyring of UID %d,\n - there is no keyring in %s/.gnupg, or\n - the file is not signed - did you move /filename.asc to /filename ?\nTo create a signed file, use (remove old signatures before):\n gpg -a --clearsign --not-dash-escaped FILE\n mv FILE.asc FILE\n"), - DEFAULT_GPG_PATH, - (int) e_uid, e_home); - -#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) - SH_FREE(e_buffer); -#endif - } - - TPT(((0), FIL__, __LINE__, _("msg=<Status = %d>\n"), status)); - - return (-1); /* make compiler happy */ -} - -#define FGETS_BUF 16384 - -SL_TICKET sh_gpg_extract_signed(SL_TICKET fd) -{ - FILE * fin_cp = NULL; - char * buf = NULL; - int bufc; - int flag_pgp = S_FALSE; - int flag_nohead = S_FALSE; - SL_TICKET fdTmp = (-1); - SL_TICKET open_tmp (void); - - /* extract the data and copy to temporary file - */ - fdTmp = open_tmp(); - if (SL_ISERROR(fdTmp)) - { - dlog(1, FIL__, __LINE__, _("Error opening temporary file.\n")); - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, - _("Error opening temporary file."), - _("sh_gpg_extract_signed")); - return -1; - } - - fin_cp = fdopen(dup(get_the_fd(fd)), "rb"); - buf = SH_ALLOC(FGETS_BUF); - - while (NULL != fgets(buf, FGETS_BUF, fin_cp)) - { - bufc = 0; - while (bufc < FGETS_BUF) { - if (buf[bufc] == '\n') { ++bufc; break; } - ++bufc; - } - - if (flag_pgp == S_FALSE && - (0 == sl_strcmp(buf, _("-----BEGIN PGP SIGNED MESSAGE-----\n"))|| - 0 == sl_strcmp(buf, _("-----BEGIN PGP MESSAGE-----\n"))) - ) - { - flag_pgp = S_TRUE; - sl_write(fdTmp, buf, bufc); - continue; - } - - if (flag_pgp == S_TRUE && flag_nohead == S_FALSE) - { - if (buf[0] == '\n') - { - flag_nohead = S_TRUE; - sl_write(fdTmp, buf, 1); - continue; - } - else if (0 == sl_strncmp(buf, _("Hash:"), 5) || - 0 == sl_strncmp(buf, _("NotDashEscaped:"), 15)) - { - sl_write(fdTmp, buf, bufc); - continue; - } - else - continue; - } - - if (flag_pgp == S_TRUE && buf[0] == '\n') - { - sl_write(fdTmp, buf, 1); - } - else if (flag_pgp == S_TRUE) - { - /* sl_write_line(fdTmp, buf, bufc); */ - sl_write(fdTmp, buf, bufc); - } - - if (flag_pgp == S_TRUE && - 0 == sl_strcmp(buf, _("-----END PGP SIGNATURE-----\n"))) - break; - } - SH_FREE(buf); - sl_fclose(FIL__, __LINE__, fin_cp); /* fin_cp = fdopen(dup(), "rb"); */ - sl_rewind (fdTmp); - - return fdTmp; -} - -/* #ifdef WITH_GPG */ -#endif - - - - - - - - diff --git a/src/sh_hash.c b/src/sh_hash.c index 345475d..f1adec4 100644 --- a/src/sh_hash.c +++ b/src/sh_hash.c @@ -23,6 +23,9 @@ #include <string.h> #include <stdio.h> #include <sys/types.h> +#ifdef HAVE_SYS_SYSMACROS_H +#include <sys/sysmacros.h> +#endif #include <sys/stat.h> #include <unistd.h> #include <ctype.h> @@ -50,7 +53,7 @@ #include "sh_hash.h" #include "sh_error.h" #include "sh_tiger.h" -#include "sh_gpg.h" +#include "sh_sig.h" #include "sh_unix.h" #include "sh_files.h" #include "sh_ignore.h" @@ -1254,7 +1257,7 @@ char * sh_hash_db2pop (const char * key, struct store2db * save) ******************************************************************/ sh_file_t * sh_hash_push_int (file_type * buf, char * fileHash) { - sh_file_t * fp; + sh_file_t * fp = NULL; sh_filestore_t p; size_t len; @@ -1265,6 +1268,9 @@ sh_file_t * sh_hash_push_int (file_type * buf, char * fileHash) SL_ENTER(_("sh_hash_push_int")); + if (!buf) + SL_RETURN(NULL, _("sh_hash_push_int")); + fp = SH_ALLOC(sizeof(sh_file_t)); p.mark = REC_MAGIC; @@ -1806,6 +1812,9 @@ static int handle_notfound(int log_severity, int class, sh_file_t * p; int retval = 0; + if (!theFile) + return retval; + if (S_FALSE == sh_ignore_chk_new(theFile->fullpath)) { char * tmp = sh_util_safe_name(theFile->fullpath); @@ -1898,7 +1907,10 @@ int sh_hash_compdata (int class, file_type * theFile, char * fileHash, SL_ENTER(_("sh_hash_compdata")); - if (IsInit != 1) sh_hash_init(); + if (!theFile) + SL_RETURN(0, _("sh_hash_compdata")); + + if (IsInit != 1) sh_hash_init(); if (severity_override < 0) log_severity = ShDFLevel[class]; @@ -2018,7 +2030,7 @@ int sh_hash_compdata (int class, file_type * theFile, char * fileHash, TIGER_DATA, sl_strlen(theFile->link_path), hashbuf, sizeof(hashbuf)), - MAX_PATH_STORE+1); + sizeof(linkHash)); linkComp = linkHash; maxcomp = KEY_LEN; } @@ -2584,7 +2596,8 @@ int sh_hash_compdata (int class, file_type * theFile, char * fileHash, _("Fetching audit record"), _("sh_hash"), theFile->fullpath ); - if (NULL != sh_audit_fetch (theFile->fullpath, theFile->mtime, theFile->ctime, result, sizeof(result))) + if (NULL != sh_audit_fetch (theFile->fullpath, theFile->mtime, theFile->ctime, theFile->atime, + result, sizeof(result))) { #ifdef SH_USE_XML sl_strlcat(msg, _("obj=\""), SH_MSG_BUF); diff --git a/src/sh_inotify.c b/src/sh_inotify.c index 5fc8dab..6aa6582 100644 --- a/src/sh_inotify.c +++ b/src/sh_inotify.c @@ -235,7 +235,7 @@ ssize_t sh_inotify_read_timeout(char * buffer, size_t count, int timeout) ssize_t len; int ifd = sh_inotify_getfd(); - len = sl_read_timeout_fd (ifd, buffer, count, timeout, S_FALSE); + len = sl_read_timeout_fd_once (ifd, buffer, count, timeout, S_FALSE); return len; } diff --git a/src/sh_ipvx.c b/src/sh_ipvx.c index 84ceec9..41f23ef 100644 --- a/src/sh_ipvx.c +++ b/src/sh_ipvx.c @@ -200,6 +200,7 @@ char * sh_ipvx_print_sockaddr (struct sockaddr * sa, int sa_family) struct sh_sockaddr ss; static char ipbuf[SH_IP_BUF]; + memset(&ss, 0, sizeof(struct sh_sockaddr)); sh_ipvx_save(&ss, sa_family, sa); sh_ipvx_ntoa (ipbuf, sizeof(ipbuf), &ss); return ipbuf; @@ -207,8 +208,6 @@ char * sh_ipvx_print_sockaddr (struct sockaddr * sa, int sa_family) void sh_ipvx_save(struct sh_sockaddr * ss, int sa_family, struct sockaddr * sa) { - /* memset(ss, '\0', sizeof(struct sh_sockaddr)); */ - switch (sa_family) { case AF_INET: @@ -250,23 +249,22 @@ int sh_ipvx_set_port(struct sh_sockaddr * ss, int port) #endif } -int sh_ipvx_get_port(struct sockaddr * sa, int sa_family) +int sh_ipvx_get_port(struct sh_sockaddr * sa) { int port = 0; #if defined(USE_IPVX) - switch (sa_family) + switch (sa->ss_family) { case AF_INET: - port = ntohs(((struct sockaddr_in *)sa)->sin_port); + port = ntohs((sa->sin).sin_port); break; case AF_INET6: - port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port); + port = ntohs((sa->sin6).sin6_port); break; } #else - (void) sa_family; - port = ntohs(((struct sockaddr_in *)sa)->sin_port); + port = ntohs((sa->sin).sin_port); #endif return port; } @@ -278,7 +276,7 @@ int sh_ipvx_aton (const char * name, struct sh_sockaddr * ss) struct addrinfo hints; struct addrinfo *res; - memset(&hints, '\0', sizeof(hints)); + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_flags = AI_NUMERICHOST; ret = getaddrinfo(name, NULL, &hints, &res); @@ -286,7 +284,7 @@ int sh_ipvx_aton (const char * name, struct sh_sockaddr * ss) if (ret) return 0; - memset(ss, '\0', sizeof(struct sh_sockaddr)); + memset(ss, 0, sizeof(struct sh_sockaddr)); switch(res->ai_family) { case AF_INET: @@ -301,6 +299,7 @@ int sh_ipvx_aton (const char * name, struct sh_sockaddr * ss) return 0; break; } + freeaddrinfo(res); return 1; #else int ret = inet_aton(name, &((ss->sin).sin_addr)); @@ -354,6 +353,8 @@ char * sh_ipvx_canonical(const char * hostname, char * numeric, size_t nlen) const char * host; char hostbuf[SH_BUFSIZE]; + SL_ENTER(_("sh_ipvx_canonical")); + numeric[0] = '\0'; sh_dummy_341_out = (void *) &out; @@ -381,6 +382,8 @@ char * sh_ipvx_canonical(const char * hostname, char * numeric, size_t nlen) err = getaddrinfo(host, NULL, &hints, &res); if (err == 0) { + struct addrinfo * res_orig = res; + #if defined(AI_CANONNAME) if (res->ai_canonname && strlen(res->ai_canonname) > 0) { @@ -412,6 +415,8 @@ char * sh_ipvx_canonical(const char * hostname, char * numeric, size_t nlen) res = res->ai_next; } + + freeaddrinfo(res_orig); } #else struct hostent *he; @@ -419,6 +424,8 @@ char * sh_ipvx_canonical(const char * hostname, char * numeric, size_t nlen) volatile int isNum = 0; struct sockaddr_in *sin; + SL_ENTER(_("sh_ipvx_canonical")); + numeric[0] = '\0'; sh_dummy_341_out = (void *) &out; @@ -454,14 +461,15 @@ char * sh_ipvx_canonical(const char * hostname, char * numeric, size_t nlen) SH_MUTEX_UNLOCK(mutex_resolv); #endif - if (flag) - return out; + if (flag) { + SL_RETURN(out, _("sh_ipvx_canonical")); + } if (out) SH_FREE(out); if (numeric[0] == '\0') sl_strlcpy (numeric, _("0.0.0.0"), nlen); - return NULL; + SL_RETURN(NULL, _("sh_ipvx_canonical")); } char * sh_ipvx_addrtoname(struct sh_sockaddr * ss) @@ -500,15 +508,17 @@ int sh_ipvx_reverse_check_ok (char * peer, int port, struct sh_sockaddr * ss) char sport[32]; struct addrinfo *p; + SL_ENTER(_("sh_ipvx_reverse_check_ok")); + sl_snprintf(sport, sizeof(sport), "%d", port); - memset(&hints, '\0', sizeof(hints)); + memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_ADDRCONFIG; if (getaddrinfo(peer, sport, &hints, &res) != 0) { - return 0; + SL_RETURN((0), _("sh_ipvx_reverse_check_ok")); } p = res; @@ -528,7 +538,7 @@ int sh_ipvx_reverse_check_ok (char * peer, int port, struct sh_sockaddr * ss) if (0 == sl_strcmp(dst1, dst2)) { - return 1; + SL_RETURN((1), _("sh_ipvx_reverse_check_ok")); } } p = p->ai_next; @@ -541,17 +551,19 @@ int sh_ipvx_reverse_check_ok (char * peer, int port, struct sh_sockaddr * ss) (void) port; + SL_ENTER(_("sh_ipvx_reverse_check_ok")); + he = sh_gethostbyname(peer); if (he != NULL) { for (p = he->h_addr_list; *p; ++p) { - if (0 == memcmp (*p, &(sin->sin_addr), sizeof(in_addr_t)) ) - return 1; + if (0 == memcmp (*p, &(sin->sin_addr), sizeof(in_addr_t)) ) { + SL_RETURN((1), _("sh_ipvx_reverse_check_ok")); } } } #endif - return 0; + SL_RETURN((0), _("sh_ipvx_reverse_check_ok")); } #ifdef SH_CUTEST diff --git a/src/sh_log_check.c b/src/sh_log_check.c index cc6fc4f..3114060 100644 --- a/src/sh_log_check.c +++ b/src/sh_log_check.c @@ -600,7 +600,7 @@ int sh_open_for_reader (struct sh_logfile * logfile) SH_FREE(tmp); SH_MUTEX_UNLOCK(mutex_thread_nolog); - memset (&(logfile->offset), '\0', sizeof(fpos_t)); + memset (&(logfile->offset), 0, sizeof(fpos_t)); logfile->flags |= SH_LOGFILE_REWIND; return 0; } @@ -622,7 +622,7 @@ int sh_open_for_reader (struct sh_logfile * logfile) { /* done with rotated file, start with current file */ - memset (&(logfile->offset), '\0', sizeof(fpos_t)); + memset (&(logfile->offset), 0, sizeof(fpos_t)); logfile->flags |= SH_LOGFILE_REWIND; logfile->flags &= ~SH_LOGFILE_MOVED; logfile->inode = buf.st_ino; @@ -645,7 +645,7 @@ int sh_open_for_reader (struct sh_logfile * logfile) } else { - memset (&(logfile->offset), '\0', sizeof(fpos_t)); + memset (&(logfile->offset), 0, sizeof(fpos_t)); logfile->flags |= SH_LOGFILE_REWIND; logfile->inode = buf.st_ino; logfile->device_id = buf.st_dev; @@ -964,7 +964,7 @@ sh_string * sh_binary_reader (void * s, size_t size, if (status != 1) { - memset(s, '\0', size); + memset(s, 0, size); if (ferror(logfile->fp) && (logfile->flags & SH_LOGFILE_PIPE) == 0) { char * tmp; diff --git a/src/sh_log_evalrule.c b/src/sh_log_evalrule.c index 98a36d0..b053975 100644 --- a/src/sh_log_evalrule.c +++ b/src/sh_log_evalrule.c @@ -185,7 +185,7 @@ int sh_eval_gadd (const char * str) group_extra = NULL; /* pcre_study(group, 0, &error); */ ng = SH_ALLOC(sizeof(struct sh_geval)); - memset(ng, '\0', sizeof(struct sh_geval)); + memset(ng, 0, sizeof(struct sh_geval)); ng->label = sh_string_new_from_lchar(splits[0], lengths[0]); ng->flags = RFL_ISGROUP; @@ -293,7 +293,7 @@ int sh_eval_hadd (const char * str) host_extra = NULL; /* pcre_study(host, 0, &error); */ nh = SH_ALLOC(sizeof(struct sh_heval)); - memset(nh, '\0', sizeof(struct sh_heval)); + memset(nh, 0, sizeof(struct sh_heval)); nh->hostname = host; nh->hostname_extra = host_extra; @@ -361,7 +361,7 @@ int sh_eval_qadd (const char * str) } nq = SH_ALLOC(sizeof(struct sh_qeval)); - memset(nq, '\0', sizeof(struct sh_qeval)); + memset(nq, 0, sizeof(struct sh_qeval)); nq->label = sh_string_new_from_lchar(splits[0], lengths[0]); nq->alias = NULL; @@ -457,7 +457,7 @@ static char * get_label_and_time(const char * inprefix, char * str, if (splits && nfields == 2 && lengths[0] > 0 && lengths[1] > 0) { *seconds = strtoul(splits[0], &endptr, 10); - if ((endptr == '\0' || endptr != splits[0]) && (*seconds != ULONG_MAX)) + if ((*endptr == '\0') && (endptr != splits[0]) && (*seconds != ULONG_MAX)) { res = sh_util_strdup(splits[1]); } @@ -494,6 +494,9 @@ int sh_eval_radd (const char * str) char * s = new; volatile char pflag = '-'; + if (s == NULL) + return -1; + /* cppcheck-suppress uninitdata */ while ( *s && isspace((int)*s) ) ++s; if (0 == strncmp(s, _("KEEP"), 4) || 0 == strncmp(s, _("CORRELATE"), 9) || @@ -616,7 +619,7 @@ int sh_eval_radd (const char * str) SH_FREE(new); nr = SH_ALLOC(sizeof(struct sh_geval)); - memset(nr, '\0', sizeof(struct sh_geval)); + memset(nr, 0, sizeof(struct sh_geval)); nr->label = NULL; nr->flags = RFL_ISRULE; @@ -1138,7 +1141,7 @@ static struct sh_ceval * find_counter(struct sh_geval * rule, DEBUG("debug: no counter found\n"); counter = SH_ALLOC(sizeof(struct sh_ceval)); - memset(counter, '\0', sizeof(struct sh_ceval)); + memset(counter, 0, sizeof(struct sh_ceval)); counter->hostname = sh_string_new_from_lchar(sh_string_str(host), sh_string_len(host)); diff --git a/src/sh_log_parse_apache.c b/src/sh_log_parse_apache.c index 06cdf4e..5e40aab 100644 --- a/src/sh_log_parse_apache.c +++ b/src/sh_log_parse_apache.c @@ -353,7 +353,7 @@ struct sh_logrecord * sh_parse_apache (sh_string * logline, void * fileinfo) struct tm btime; char * ptr = NULL; - memset(&btime, '\0', sizeof(struct tm)); + memset(&btime, 0, sizeof(struct tm)); btime.tm_isdst = -1; /* example: 01/Jun/2008:07:55:28 +0200 */ diff --git a/src/sh_log_parse_samba.c b/src/sh_log_parse_samba.c index 820bbe3..e84302a 100644 --- a/src/sh_log_parse_samba.c +++ b/src/sh_log_parse_samba.c @@ -74,7 +74,7 @@ struct sh_logrecord * sh_parse_samba (sh_string * logline, void * fileinfo) struct tm btime; char * ptr; - memset(&btime, '\0', sizeof(struct tm)); + memset(&btime, 0, sizeof(struct tm)); btime.tm_isdst = -1; ptr = strptime(sh_string_str(logline), format_1, &btime); diff --git a/src/sh_log_parse_syslog.c b/src/sh_log_parse_syslog.c index ae9f801..167abd2 100644 --- a/src/sh_log_parse_syslog.c +++ b/src/sh_log_parse_syslog.c @@ -93,7 +93,7 @@ struct sh_logrecord * sh_parse_syslog (sh_string * logline, void * fileinfo) int flag; size_t lengths[3]; - memset(&btime, '\0', sizeof(struct tm)); + memset(&btime, 0, sizeof(struct tm)); btime.tm_isdst = -1; /* This is RFC 3164. diff --git a/src/sh_log_repeat.c b/src/sh_log_repeat.c index 9285c82..1125662 100644 --- a/src/sh_log_repeat.c +++ b/src/sh_log_repeat.c @@ -58,11 +58,15 @@ static int free_slots = 0; /* free slots available */ #define SH_CLEANUP 256 +void * sh_dummy_g_array = NULL; + static struct gestalt * add_entry (unsigned char * flags, UINT16 * sum, time_t ltime) { struct gestalt * array = NULL; + sh_dummy_g_array = (void*) &array; + start: if (urec < nrec) { @@ -164,6 +168,8 @@ static struct gestalt * update_or_add (unsigned char * flags, UINT16 * sum, unsigned int i; struct gestalt * array = arec; + sh_dummy_g_array = (void*) &array; + memcpy(flint, flags, SH_NFIELDS); for (i = 0; i < urec; ++i) diff --git a/src/sh_login_track.c b/src/sh_login_track.c index 854df9e..7df22fe 100644 --- a/src/sh_login_track.c +++ b/src/sh_login_track.c @@ -231,7 +231,7 @@ static struct sh_track * load_data_int (char * path) struct sh_track * urecord; urecord = SH_ALLOC(sizeof(struct sh_track)); - memset(urecord, '\0', sizeof(struct sh_track)); + memset(urecord, 0, sizeof(struct sh_track)); uhead = &(urecord->head); uhead->version = SH_LTRACK_VERSION; @@ -401,7 +401,7 @@ static struct sh_track_dates * find_user(const char * user) while(u) { - if (0 == strcmp(user, u->user)) + if (0 == sl_strcmp(user, u->user)) { return u; } @@ -444,7 +444,7 @@ int sh_login_set_user_allow(const char * c) if (!u) { u = SH_ALLOC(sizeof(struct sh_track_dates)); - memset(u, '\0', sizeof(struct sh_track_dates)); + memset(u, 0, sizeof(struct sh_track_dates)); sl_strlcpy(u->user, user, SH_LTRACK_USIZE); flag = 1; } @@ -838,15 +838,17 @@ static char * stripped_hostname (const char * host) } else { - q = strchr(host, '.'); + char * tmp = sh_util_strdup(host); + q = strchr(tmp, '.'); if (q && *q) { ++q; p = sh_util_strdup(q); + SH_FREE(tmp); } else { - p = sh_util_strdup(host); + p = tmp; } } return p; @@ -912,7 +914,7 @@ static struct sh_track_entry * check_host(struct sh_track_entry * list, else { entry = SH_ALLOC(sizeof(struct sh_track_entry)); - memset(entry, '\0', sizeof(struct sh_track_entry)); + memset(entry, 0, sizeof(struct sh_track_entry)); (entry->data).last_login = time; (entry->data).array[index] = 1; sl_strlcpy((entry->data).hostname, q, SH_LTRACK_HSIZE); diff --git a/src/sh_mem.c b/src/sh_mem.c index 453640f..6d402fa 100644 --- a/src/sh_mem.c +++ b/src/sh_mem.c @@ -76,20 +76,25 @@ unsigned long Mem_Current = 0, Mem_Max = 0; SH_MUTEX_RECURSIVE(mutex_mem); #endif -/* define MEM_LOG to an absolute filename to enable this */ +/* define MEM_LOG to enable this */ +/* #define MEM_LOG 1 */ #ifdef MEM_LOG void sh_mem_dump () { memlist_t * this = memlist; FILE * fd; + static unsigned int nr = 0; + char filename[256]; + snprintf(filename, sizeof(filename), "sh_mem_dump.%04u.%lu", nr, (unsigned long) sh.pid); + SH_MUTEX_RECURSIVE_INIT(mutex_mem); SH_MUTEX_RECURSIVE_LOCK(mutex_mem); - fd = fopen(MEM_LOG, "w"); + fd = fopen(filename, "w"); if (!fd) { - perror(MEM_LOG); + perror(filename); _exit(EXIT_FAILURE); } @@ -102,7 +107,9 @@ void sh_mem_dump () sl_fclose(FIL__, __LINE__, fd); SH_MUTEX_RECURSIVE_UNLOCK(mutex_mem); - _exit(EXIT_SUCCESS); + ++nr; + /* _exit(EXIT_SUCCESS); */ + return; } #else void sh_mem_dump () @@ -317,8 +324,8 @@ void * sh_mem_malloc (size_t size, char * file, int line) SL_RETURN( theAddress, _("sh_mem_malloc")); } -static void ** sh_mem_dummy_a; -static memlist_t ** sh_mem_merr_3; +void ** sh_mem_dummy_a; +memlist_t ** sh_mem_merr_3; void sh_mem_free (void * aa, char * file, int line) { diff --git a/src/sh_mounts.c b/src/sh_mounts.c index 736fa7b..51429eb 100644 --- a/src/sh_mounts.c +++ b/src/sh_mounts.c @@ -397,7 +397,7 @@ int sh_mounts_config_sevopt (const char * opt) */ /* FreeBSD includes */ -#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) || defined(HOST_IS_DARWIN) #include <sys/param.h> #include <sys/ucred.h> #include <sys/mount.h> @@ -571,10 +571,10 @@ static int aix_fs_get (FILE *fd, AixMountTableEntry *prop) } /* end AIX helper routines */ -#endif +#endif #endif -#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) || defined(HOST_IS_DARWIN) /* FreeBSD returns flags instead of strings as mount options, so we'll convert * them here. */ @@ -682,7 +682,7 @@ static struct sh_mounts_mnt * readmounts(void) { list = m; /* The Open/FreeBSD way */ -#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) +#if defined(HOST_IS_FREEBSD) || defined(HOST_IS_OPENBSD) || defined(HOST_IS_DARWIN) { struct statfs *fsp; int entries; diff --git a/src/sh_port2proc.c b/src/sh_port2proc.c index 61357f1..7289ef8 100644 --- a/src/sh_port2proc.c +++ b/src/sh_port2proc.c @@ -634,7 +634,7 @@ static void * xrealloc(void * buf, size_t len0, size_t len) if (len0 <= len) memcpy(xbuf, buf, len0); else - memset(xbuf, '\0', len); + memset(xbuf, 0, len); SH_FREE(buf); } return xbuf; @@ -822,7 +822,7 @@ gather_inet(int proto) } sock = SH_ALLOC(sizeof *sock); - memset(sock, '\0', sizeof (*sock)); + memset(sock, 0, sizeof (*sock)); #ifndef in6p_lport #define in6p_lport inp_lport diff --git a/src/sh_portcheck.c b/src/sh_portcheck.c index 507f028..106d9cb 100644 --- a/src/sh_portcheck.c +++ b/src/sh_portcheck.c @@ -32,15 +32,20 @@ #include <stdio.h> #include <string.h> +#include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> +#ifdef HAVE_IFADDRS_H +#include <ifaddrs.h> +#include <netdb.h> +#endif #include <errno.h> #include <unistd.h> #include <fcntl.h> -#define PORTCHK_VERSION "1.0" +#define PORTCHK_VERSION "1.1" #if defined(TEST_ONLY) || (defined(SH_USE_PORTCHECK) && (defined (SH_WITH_CLIENT) || defined (SH_STANDALONE))) @@ -134,9 +139,11 @@ static struct sh_portentry * portlist_udp = NULL; #define SH_PORTCHK_INTERVAL 300 -static int sh_portchk_check_udp = 1; -static int sh_portchk_active = 1; -static int sh_portchk_interval = SH_PORTCHK_INTERVAL; +static int sh_portchk_check_udp = 1; +static int sh_portchk_active = 1; +static int sh_portchk_same_ports = 1; +static int sh_portchk_transients = 1; +static int sh_portchk_interval = SH_PORTCHK_INTERVAL; static int sh_portchk_minport = -1; static int sh_portchk_maxport = -1; @@ -150,6 +157,9 @@ struct sh_port { static struct sh_port * blacklist_tcp = NULL; static struct sh_port * blacklist_udp = NULL; +static struct sh_port * transient_tcp = NULL; +static struct sh_port * transient_udp = NULL; + SH_MUTEX_STATIC(mutex_port_check, PTHREAD_MUTEX_INITIALIZER); static int sh_portchk_severity = SH_ERR_SEVERE; @@ -181,10 +191,21 @@ static int sh_portchk_add_blacklist (const char * str); */ static int sh_portchk_add_interface (const char * str); +#if defined(HAVE_IFADDRS_H) +/* Exported interface to add an ethernet device + */ +static int sh_portchk_add_device (const char * str); +#endif + /* verify whether port/interface is blacklisted (do not check) */ static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * haddr, int proto); +/* verify whether port/interface is transient (used as source port hence no check required) + */ +static int sh_portchk_is_transient(int port, struct sh_sockaddr * haddr, int proto); +static int sh_portchk_transient(int port, struct sh_sockaddr * haddr, int proto); + #ifndef TEST_ONLY static int sh_portchk_set_interval (const char * c) @@ -232,27 +253,37 @@ static int sh_portchk_set_port_minmax (const char * c, int * setthis) } -static int sh_portchk_set_minport (const char * str) +static int sh_portchk_set_minport (const char * str) { return sh_portchk_set_port_minmax (str, &sh_portchk_minport); } -static int sh_portchk_set_maxport (const char * str) +static int sh_portchk_set_maxport (const char * str) { return sh_portchk_set_port_minmax (str, &sh_portchk_maxport); } -static int sh_portchk_set_active (const char * str) +static int sh_portchk_set_active (const char * str) { return sh_util_flagval(str, &sh_portchk_active); } -static int sh_portchk_set_udp (const char * str) +static int sh_portchk_set_udp (const char * str) { return sh_util_flagval(str, &sh_portchk_check_udp); } +#if defined(SH_ALLOW_RESTORE) +static int sh_portchk_set_transients (const char * str) +{ + return sh_util_flagval(str, &sh_portchk_transients); +} -static int sh_portchk_set_severity (const char * str) +static int sh_portchk_set_same_ports (const char * str) +{ + return sh_util_flagval(str, &sh_portchk_same_ports); +} +#endif +static int sh_portchk_set_severity (const char * str) { char tmp[32]; tmp[0] = '='; tmp[1] = '\0'; @@ -285,6 +316,12 @@ sh_rconf sh_portchk_table[] = { N_("portcheckactive"), sh_portchk_set_active, }, +#if defined(HAVE_IFADDRS_H) + { + N_("portcheckdevice"), + sh_portchk_add_device, + }, +#endif { N_("portcheckinterface"), sh_portchk_add_interface, @@ -305,6 +342,16 @@ sh_rconf sh_portchk_table[] = { N_("portcheckudp"), sh_portchk_set_udp, }, +#if defined(SH_ALLOW_RESTORE) + { + N_("portchecktransients"), + sh_portchk_set_transients, + }, + { + N_("portchecksameports"), + sh_portchk_set_same_ports, + }, +#endif { NULL, NULL @@ -382,6 +429,7 @@ static char * sh_getrpcbynumber (int number, char * buf, size_t len) sh_string_destroy(&s); sl_fclose(FIL__, __LINE__, fp); } + /* cppcheck-suppress resourceLeak */ return NULL; } #endif @@ -432,6 +480,7 @@ static char * sh_getservbyport (int port, const char * proto_in, char * buf, siz sh_string_destroy(&s); sl_fclose(FIL__, __LINE__, fp); } + /* cppcheck-suppress resourceLeak */ return NULL; } @@ -523,6 +572,19 @@ static struct sh_port * sh_portchk_kill_blacklist (struct sh_port * head) return NULL; } +static struct sh_port * sh_portchk_kill_transient (struct sh_port * head) +{ + if (head) + { + if (head->next) + sh_portchk_kill_transient (head->next); + + SH_FREE(head->paddr); + SH_FREE(head); + } + return NULL; +} + /* These variables are not used anywhere. They only exist * to assign &pre, &ptr to them, which keeps gcc from * putting it into a register, and avoids the 'clobbered @@ -538,7 +600,7 @@ static void sh_portchk_check_list (struct sh_portentry ** head, { struct sh_portentry * ptr = *head; struct sh_portentry * pre = *head; - char errbuf[256]; + char errbuf[512]; /* Take the address to keep gcc from putting them into registers. * Avoids the 'clobbered by longjmp' warning. @@ -629,6 +691,7 @@ static struct sh_portentry * sh_portchk_get_from_list (int proto, int port, struct sh_portentry * portlist; char str_addr[SH_IP_BUF]; + if (proto == IPPROTO_TCP) portlist = portlist_tcp; else @@ -667,7 +730,7 @@ static void sh_portchk_cmp_to_list (int proto, int port, struct sh_sockaddr * paddr, char * service) { struct sh_portentry * portent; - char errbuf[256]; + char errbuf[512]; portent = sh_portchk_get_from_list (proto, port, paddr, service); @@ -886,6 +949,9 @@ static char * check_rpc_list (int port, struct sockaddr_in * address, return NULL; } +void * sh_dummy_950_p = NULL; +void * sh_dummy_951_p = NULL; + static int check_port_udp_internal (int fd, int port, struct sh_sockaddr * paddr) { int retval; @@ -893,11 +959,17 @@ static int check_port_udp_internal (int fd, int port, struct sh_sockaddr * paddr char buf[8]; #ifndef TEST_ONLY char errmsg[256]; - int nerr; + volatile int nerr; #endif char errbuf[SH_ERRBUF_SIZE]; char ipbuf[SH_IP_BUF]; + struct sh_sockaddr saddr; + socklen_t slen = 0; + volatile int sport = 0; + + sh_dummy_950_p = (void*) &p; + sh_ipvx_set_port(paddr, port); do { @@ -923,85 +995,155 @@ static int check_port_udp_internal (int fd, int port, struct sh_sockaddr * paddr } else { - do { - retval = send (fd, buf, 0, 0); - } while (retval < 0 && errno == EINTR); + /* Register the used source port as transient. This will avoid + * the issue of lingering source ports being reported as a spurious + * service. The lingering source port is effectvely a race condition. + * + * Also use this code to obtain the source port. Sometimes Samhain + * reports on a port where it connects back to itself. In that case + * source and destination port are the same. + * + * AGH, 23 Apr 2017 (www.2024sight.com). + */ - if (retval == -1 && errno == ECONNREFUSED) - { - sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); - if (portchk_debug) - fprintf(stderr, _("check port_udp: %5d/udp on %15s established/time_wait\n"), - port, ipbuf); - } - else - { - /* Only the second send() may catch the error - */ - do { +#if defined(USE_IPVX) + if (paddr->ss_family == AF_INET) + { + saddr.ss_family = AF_INET; + slen = sizeof( struct sockaddr_in ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin), &slen); + } + else + { + saddr.ss_family = AF_INET6; + slen = sizeof( struct sockaddr_in6 ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin6), &slen); + } +#else + saddr.ss_family = AF_INET; + slen = sizeof( struct sockaddr_in ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin), &slen); +#endif + + if ( retval == 0 ) + { + sport = sh_ipvx_get_port(&saddr); + sh_portchk_transient(sport, &saddr, IPPROTO_UDP); + } + else + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("getsockname")); +#else + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + nerr = errno; + sl_snprintf(errmsg, sizeof(errmsg), _("source port transient for %15s:%d/udp: %s"), + ipbuf, port, sh_error_message(errno, errbuf, sizeof(errbuf))); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, errmsg, _("getsockname")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } + + if (( sport != port ) || ( sh_portchk_same_ports == S_FALSE )) + { + do { retval = send (fd, buf, 0, 0); - } while (retval < 0 && errno == EINTR); + } while (retval < 0 && errno == EINTR); - if (retval == -1 && errno == ECONNREFUSED) + if (retval == -1 && errno == ECONNREFUSED) { sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); if (portchk_debug) - fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"), - port, ipbuf); + fprintf(stderr, _("check port_udp: %5d/udp on %15s established/time_wait\n"), + port, ipbuf); } - else if (retval != -1) + else { - /* Try to get service name from portmap + /* Only the second send() may catch the error */ - if (paddr->ss_family == AF_INET) - { - p = check_rpc_list (port, - (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), - IPPROTO_UDP); - } + do { + retval = send (fd, buf, 0, 0); + } while (retval < 0 && errno == EINTR); + + if (retval == -1 && errno == ECONNREFUSED) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + if (portchk_debug) + fprintf(stderr, _("check port: %5d/udp on %15s established/time_wait\n"), + port, ipbuf); + } + else if (retval != -1) + { + /* Try to get service name from portmap + */ + if (paddr->ss_family == AF_INET) + { + p = check_rpc_list (port, + (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), + IPPROTO_UDP); + } - sh_portchk_cmp_to_list (IPPROTO_UDP, port, paddr, p ? p : NULL); + sh_portchk_cmp_to_list (IPPROTO_UDP, port, paddr, p ? p : NULL); - /* If not an RPC service, try to get name from /etc/services - */ - if (!p) - p = check_services(port, IPPROTO_UDP); + /* If not an RPC service, try to get name from /etc/services + */ + if (!p) + p = check_services(port, IPPROTO_UDP); - if (portchk_debug) - { - sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); - fprintf(stderr, _("check port_udp: %5d/udp on %15s open %s\n"), - port, ipbuf, p); - } + if (portchk_debug) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + fprintf(stderr, _("check port_udp: %5d/udp on %15s open %s\n"), + port, ipbuf, p); + } + } + else + { + if (portchk_debug) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + fprintf(stderr, _("check port_udp: %5d/udp on %15s ERRNO %d\n"), + port, ipbuf, errno); + } + } } - else - { - if (portchk_debug) - { - sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); - fprintf(stderr, _("check port_udp: %5d/udp on %15s ERRNO %d\n"), - port, ipbuf, errno); - } - } - } + } + else + { + if (portchk_debug) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + fprintf(stderr, _("check port_udp: %5d/udp on %15s same source and destination port\n"), + port, ipbuf); + } + } } sl_close_fd (FIL__, __LINE__, fd); + sh_dummy_950_p = NULL; return 0; } static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr) { - int retval; + volatile int retval; int flags; char * p = NULL; #ifndef TEST_ONLY char errmsg[256]; - int nerr; + volatile int nerr; #endif char errbuf[SH_ERRBUF_SIZE]; char ipbuf[SH_IP_BUF]; + struct sh_sockaddr saddr; + socklen_t slen = 0; + volatile int sport = 0; + + sh_dummy_951_p = (void*) &p; + sh_ipvx_set_port(paddr, port); do { @@ -1035,28 +1177,92 @@ static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr } else { - /* Try to get service name from portmap + /* Register the used source port as transient. This will avoid + * the issue of lingering source ports being reported as a spurious + * service. The lingering source port is effectively a race condition. + * + * Also use this code to obtain the source port. Sometimes Samhain + * reports on a port where it connects back to itself. In that case + * source and destination port are the same. + * + * AGH, 23 Apr 2017 (www.2024sight.com). */ + +#if defined(USE_IPVX) if (paddr->ss_family == AF_INET) - { - p = check_rpc_list (port, - (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), - IPPROTO_TCP); - } + { + saddr.ss_family = AF_INET; + slen = sizeof( struct sockaddr_in ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin), &slen); + } + else + { + saddr.ss_family = AF_INET6; + slen = sizeof( struct sockaddr_in6 ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin6), &slen); + } +#else + saddr.ss_family = AF_INET; + slen = sizeof( struct sockaddr_in ); + retval = getsockname(fd, (struct sockaddr *)&(saddr.sin), &slen); +#endif + + if ( retval == 0 ) + { + sport = sh_ipvx_get_port(&saddr); + sh_portchk_transient(sport, &saddr, IPPROTO_TCP); + } + else + { +#ifdef TEST_ONLY + if (portchk_debug) + perror(_("getsockname")); +#else + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + nerr = errno; + sl_snprintf(errmsg, sizeof(errmsg), _("source port transient for %15s:%d/tcp: %s"), + ipbuf, port, sh_error_message(errno, errbuf, sizeof(errbuf))); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, + errmsg, _("getsockname")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +#endif + } - sh_portchk_cmp_to_list (IPPROTO_TCP, port, paddr, p ? p : NULL); + if (( sport != port ) || ( sh_portchk_same_ports == S_FALSE )) + { + /* Try to get service name from portmap + */ + if (paddr->ss_family == AF_INET) + { + p = check_rpc_list (port, + (struct sockaddr_in *) sh_ipvx_sockaddr_cast(paddr), + IPPROTO_TCP); + } - /* If not an RPC service, try to get name from /etc/services - */ - if (!p) - p = check_services(port, IPPROTO_TCP); + sh_portchk_cmp_to_list (IPPROTO_TCP, port, paddr, p ? p : NULL); - if (portchk_debug) - { - sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); - fprintf(stderr, _("check port_tcp: %5d on %15s open %s\n"), - port, ipbuf, p); - } + /* If not an RPC service, try to get name from /etc/services + */ + if (!p) + p = check_services(port, IPPROTO_TCP); + + if (portchk_debug) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + fprintf(stderr, _("check port_tcp: %5d on %15s open %s\n"), + port, ipbuf, p); + } + } + else + { + if (portchk_debug) + { + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), paddr); + fprintf(stderr, _("check port_udp: %5d/tcp on %15s same source and destination port\n"), + port, ipbuf); + } + } #if !defined(O_NONBLOCK) #if defined(O_NDELAY) @@ -1108,6 +1314,7 @@ static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr port); } sl_close_fd (FIL__, __LINE__, fd); + sh_dummy_951_p = NULL; return 0; } @@ -1118,14 +1325,17 @@ static int check_port_tcp_internal (int fd, int port, struct sh_sockaddr * paddr * }; */ -#define SH_IFACE_MAX 16 +#define SH_IFACE_MAX 64 +#define SH_IFACE_ADDR 0 +#define SH_IFACE_DEV 1 struct portchk_interfaces { - struct sh_sockaddr iface[SH_IFACE_MAX]; - int used; + struct sh_sockaddr iface; + int type; }; -static struct portchk_interfaces iface_list; +static struct portchk_interfaces iface_list[SH_IFACE_MAX]; +static int iface_list_used = 0; static int iface_initialized = 0; #ifdef TEST_ONLY @@ -1158,7 +1368,7 @@ static int sh_portchk_init_internal (void) SH_MUTEX_LOCK(mutex_port_check); if (iface_initialized == 0) { - iface_list.used = 0; + iface_list_used = 0; iface_initialized = 1; } @@ -1166,7 +1376,7 @@ static int sh_portchk_init_internal (void) SH_MUTEX_LOCK(mutex_resolv); hent = sh_gethostbyname(portchk_hostname); i = 0; - while (hent && hent->h_addr_list[i] && (iface_list.used < SH_IFACE_MAX)) + while (hent && hent->h_addr_list[i] && (iface_list_used < SH_IFACE_MAX)) { struct sockaddr_in sin; struct sh_sockaddr iface_tmp; @@ -1174,31 +1384,32 @@ static int sh_portchk_init_internal (void) memcpy(&(sin.sin_addr.s_addr), hent->h_addr_list[i], sizeof(in_addr_t)); sh_ipvx_save(&iface_tmp, AF_INET, (struct sockaddr *)&sin); - for (j = 0; j < iface_list.used; ++j) + for (j = 0; j < iface_list_used; ++j) { - if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) + if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list[j].iface))) { goto next_iface; } } - sh_ipvx_save(&(iface_list.iface[iface_list.used]), + sh_ipvx_save(&(iface_list[iface_list_used].iface), AF_INET, (struct sockaddr *)&sin); + iface_list[iface_list_used].type = SH_IFACE_ADDR; if (portchk_debug) { char buf[256]; - sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); + sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list[iface_list_used].iface)); fprintf(stderr, _("added interface[%d]: %s\n"), i, buf); } - ++iface_list.used; + ++iface_list_used; next_iface: ++i; } SH_MUTEX_UNLOCK(mutex_resolv); #else - memset(&hints, '\0', sizeof(hints)); + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_flags = AI_ADDRCONFIG; @@ -1207,37 +1418,37 @@ static int sh_portchk_init_internal (void) struct addrinfo *p = res; struct sh_sockaddr iface_tmp; - while ((p != NULL) && (iface_list.used < SH_IFACE_MAX)) + while ((p != NULL) && (iface_list_used < SH_IFACE_MAX)) { sh_ipvx_save(&iface_tmp, p->ai_family, p->ai_addr); - for (j = 0; j < iface_list.used; ++j) + for (j = 0; j < iface_list_used; ++j) { if (portchk_debug) { char buf1[256], buf2[256]; - sh_ipvx_ntoa(buf1, sizeof(buf1), &(iface_list.iface[j])); + sh_ipvx_ntoa(buf1, sizeof(buf1), &(iface_list[j].iface)); sh_ipvx_ntoa(buf2, sizeof(buf2), &iface_tmp); fprintf(stderr, _("check interface[%d]: %s vs %s\n"), j, buf1, buf2); } - if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list.iface[j]))) + if (0 == sh_ipvx_cmp(&iface_tmp, &(iface_list[j].iface))) { if (portchk_debug) fprintf(stderr, _("skipping interface[%d]\n"), j); goto next_iface; } } - sh_ipvx_save(&(iface_list.iface[iface_list.used]), + sh_ipvx_save(&(iface_list[iface_list_used].iface), p->ai_family, p->ai_addr); - + iface_list[iface_list_used].type = SH_IFACE_ADDR; if (portchk_debug) { char buf[256]; - sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list.iface[iface_list.used])); - fprintf(stderr, _("added interface[%d]: %s\n"), iface_list.used, buf); + sh_ipvx_ntoa(buf, sizeof(buf), &(iface_list[iface_list_used].iface)); + fprintf(stderr, _("added interface[%d]: %s\n"), iface_list_used, buf); } - ++iface_list.used; + ++iface_list_used; next_iface: p = p->ai_next; @@ -1246,9 +1457,9 @@ static int sh_portchk_init_internal (void) } #endif - for (i = 0; i < iface_list.used; ++i) + for (i = 0; i < iface_list_used; ++i) { - sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list.iface[i])); + sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &(iface_list[i].iface)); sl_snprintf(errbuf, sizeof(errbuf), _("added interface: %s"), ipbuf); SH_MUTEX_LOCK(mutex_thread_nolog); @@ -1284,13 +1495,14 @@ int sh_portchk_init (struct mod_type * arg) else if (arg != NULL && arg->initval == SH_MOD_THREAD && (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) { + (void) sh_portchk_init_internal(); return SH_MOD_THREAD; } #endif return sh_portchk_init_internal(); } - +static void dev_list_kill(); #if !defined(TEST_ONLY) int sh_portchk_reconf (void) @@ -1304,6 +1516,8 @@ int sh_portchk_reconf (void) sh_portchk_minport = -1; sh_portchk_maxport = -1; + dev_list_kill(); + portlist_udp = sh_portchk_kill_list (portlist_udp); portlist_tcp = sh_portchk_kill_list (portlist_tcp); @@ -1344,9 +1558,9 @@ static int check_port_generic (int port, int domain, int type, int protocol) /* Check all interfaces for this host */ - while (i < iface_list.used) + while (i < iface_list_used) { - memcpy(&paddr, &(iface_list.iface[i]), sizeof(paddr)); + memcpy(&paddr, &(iface_list[i].iface), sizeof(paddr)); if (paddr.ss_family != domain) { @@ -1360,6 +1574,12 @@ static int check_port_generic (int port, int domain, int type, int protocol) continue; } + if (0 != sh_portchk_is_transient(port, &paddr, protocol)) + { + ++i; + continue; + } + if ((sock = socket(paddr.ss_family, type, protocol)) < 0 ) { ++i; @@ -1549,6 +1769,12 @@ static int sh_portchk_scan_ports_generic (int min_port, int max_port_arg, sl_close_fd (FIL__, __LINE__, sock); } } + + if (protocol == IPPROTO_TCP) + transient_tcp=sh_portchk_kill_transient(transient_tcp); + else + transient_udp=sh_portchk_kill_transient(transient_udp); + return 0; } @@ -1576,7 +1802,7 @@ static int sh_portchk_scan_ports_udp (int min_port, int max_port) */ void * sh_dummy_1564_str = NULL; /* fix clobbered by.. warning */ -static int sh_portchk_add_interface (const char * str) +static int sh_portchk_add_interface_int (const char * str, int type) { struct sh_sockaddr saddr; char errbuf[256]; @@ -1586,7 +1812,7 @@ static int sh_portchk_add_interface (const char * str) if (iface_initialized == 0) { - iface_list.used = 0; + iface_list_used = 0; iface_initialized = 1; } @@ -1608,7 +1834,7 @@ static int sh_portchk_add_interface (const char * str) if (0 == sh_ipvx_aton(buf, &saddr)) return -1; - if (iface_list.used == SH_IFACE_MAX) + if (iface_list_used == SH_IFACE_MAX) return -1; sh_ipvx_ntoa(ipbuf, sizeof(ipbuf), &saddr); @@ -1618,8 +1844,9 @@ static int sh_portchk_add_interface (const char * str) errbuf, _("sh_portchk_add_interface")); SH_MUTEX_UNLOCK(mutex_thread_nolog); - memcpy (&(iface_list.iface[iface_list.used]), &(saddr), sizeof(saddr)); - ++iface_list.used; + memcpy (&(iface_list[iface_list_used].iface), &(saddr), sizeof(saddr)); + iface_list[iface_list_used].type = type; + ++iface_list_used; } } while (*str); @@ -1627,6 +1854,230 @@ static int sh_portchk_add_interface (const char * str) return 0; } +static int sh_portchk_add_interface (const char * str) +{ + return sh_portchk_add_interface_int (str, SH_IFACE_ADDR); +} + +#if defined(HAVE_IFADDRS_H) +/* + * subroutines to add a device + */ +void * sh_dummy_1651_ifa = NULL; /* fix clobbered by.. warning */ + +static int portchk_add_device_int (const char * buf) +{ + struct ifaddrs *ifaddr, *ifa; + int family; +#ifndef NI_MAXHOST +#define NI_MAXHOST 1025 +#endif + char host[NI_MAXHOST]; + + sh_dummy_1651_ifa = (void*) &ifa; + + if (getifaddrs(&ifaddr) == -1) + { + volatile int nerr = errno; + char errbuf[SH_ERRBUF_SIZE]; + sh_error_message(errno, errbuf, sizeof(errbuf)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, nerr, MSG_E_SUBGEN, + errbuf, _("getifaddrs")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + return -1; + } + + for ( ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) + { + if (ifa->ifa_addr == NULL) + continue; + + if (strcmp(ifa->ifa_name, buf) == 0) + { + volatile int s = 0; + family = ifa->ifa_addr->sa_family; + + if (family == AF_INET) + { + s = getnameinfo( ifa->ifa_addr, sizeof(struct sockaddr_in), + host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST ); + + if (s == 0) + { + if (sh_portchk_add_interface_int(host, SH_IFACE_DEV) < 0) + { + freeifaddrs(ifaddr); + return -1; + } + } + } + +#if defined(USE_IPVX) + if (family == AF_INET6) + { + s = getnameinfo( ifa->ifa_addr, sizeof(struct sockaddr_in6), + host, NI_MAXHOST, NULL, 0, NI_NUMERICHOST ); + + if (s == 0) + { + if (sh_portchk_add_interface_int(host, SH_IFACE_DEV) < 0) + { + freeifaddrs(ifaddr); + return -1; + } + } + } +#endif + + if (s != 0) + { + char errbuf[SH_ERRBUF_SIZE]; + sl_strlcpy(errbuf, buf, sizeof(errbuf)); + sl_strlcat(errbuf, ": ", sizeof(errbuf)); + sl_strlcat(errbuf, gai_strerror(s), sizeof(errbuf)); + SH_MUTEX_LOCK(mutex_thread_nolog); + sh_error_handle((-1), FIL__, __LINE__, s, MSG_E_SUBGEN, + errbuf, _("getnameinfo")); + SH_MUTEX_UNLOCK(mutex_thread_nolog); + } + + } + } + + freeifaddrs(ifaddr); + return 0; +} + +struct added_dev { + char dev[64]; + struct added_dev * next; +}; + +static struct added_dev * dev_list = NULL; + +static void dev_list_add (char * buf) +{ + struct added_dev * new = SH_ALLOC(sizeof(struct added_dev)); + sl_strlcpy(new->dev, buf, 64); + new->next = dev_list; + dev_list = new; + return; +} + +static void dev_list_kill () +{ + struct added_dev * old; + struct added_dev * new = dev_list; + dev_list = NULL; + + while (new) + { + old = new; + new = new->next; + SH_FREE(old); + } + return; +} + +static int sh_portchk_add_device (const char * str) +{ + char buf[64]; + + do { + + while (*str == ',' || *str == ' ' || *str == '\t') ++str; + + if (*str) + { + unsigned int i = 0; + while (*str && i < (sizeof(buf)-1) && + *str != ',' && *str != ' ' && *str != '\t') { + buf[i] = *str; ++str; ++i; + } + buf[i] = '\0'; + + if (portchk_add_device_int (buf) < 0) + return -1; + + dev_list_add(buf); + } + } while (*str); + + return 0; +} + +static int iface_comp (const void *a, const void *b) +{ + const struct portchk_interfaces * aa = (const struct portchk_interfaces *) a; + const struct portchk_interfaces * bb = (const struct portchk_interfaces *) b; + return (aa->type - bb->type); +} + +static void iface_qsort() +{ + qsort(&iface_list[0], iface_list_used, sizeof(struct portchk_interfaces), + iface_comp); + return; +} + +static void recheck_devices() +{ + if (dev_list) + { + struct added_dev * dev = dev_list; + int i, j; + + if (portchk_debug) + { + for (j = 0; j < iface_list_used; ++j) + { + char buf[SH_IP_BUF]; + struct portchk_interfaces * aa = &(iface_list[j]); + sh_ipvx_ntoa(buf, sizeof(buf), &(aa->iface)); + fprintf(stderr, _("presort: iface[%d] type(%d) %s\n"), j, iface_list[j].type, buf); + } + } + + iface_qsort(); + + if (portchk_debug) + { + for (j = 0; j < iface_list_used; ++j) + { + char buf[SH_IP_BUF]; + struct portchk_interfaces * aa = &(iface_list[j]); + sh_ipvx_ntoa(buf, sizeof(buf), &(aa->iface)); + fprintf(stderr, _("postsor: iface[%d] type(%d) %s\n"), j, iface_list[j].type, buf); + } + } + + i = 0; + for (j = 0; j < iface_list_used; ++j) + if (iface_list[j].type == SH_IFACE_DEV) ++i; + iface_list_used -= i; + + if (portchk_debug) + { + for (j = 0; j < iface_list_used; ++j) + { + char buf[SH_IP_BUF]; + struct portchk_interfaces * aa = &(iface_list[j]); + sh_ipvx_ntoa(buf, sizeof(buf), &(aa->iface)); + fprintf(stderr, _("postdel: iface[%d] type(%d) %s\n"), j, iface_list[j].type, buf); + } + } + + while (dev) + { + portchk_add_device_int (dev->dev); + dev = dev->next; + } + } + return; +} +#endif + /* verify whether port/interface is blacklisted (do not check) */ static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * saddr, @@ -1641,14 +2092,8 @@ static int sh_portchk_is_blacklisted(int port, struct sh_sockaddr * saddr, while (head) { - if (head->port == port) - { - if (sh_ipvx_isany(head->paddr) || - 0 == sh_ipvx_cmp(head->paddr, saddr)) - return 1; - else - return 0; - } + if (head->port == port && ( sh_ipvx_isany(head->paddr) || 0 == sh_ipvx_cmp(head->paddr, saddr) )) + return 1; head = head->next; } return 0; @@ -1694,8 +2139,75 @@ static int sh_portchk_blacklist(int port, struct sh_sockaddr * saddr, int proto) } return 0; } + + +/* verify whether port/interface is transient (used as source port + *hence no check required) + */ +static int sh_portchk_is_transient(int port, struct sh_sockaddr * saddr, + int proto) +{ + struct sh_port * head; - + if (proto == IPPROTO_TCP) + head = transient_tcp; + else + head = transient_udp; + + while (head) + { + if (head->port == port && ( sh_ipvx_isany(head->paddr) || 0 == sh_ipvx_cmp(head->paddr, saddr) )) + return 1; + head = head->next; + } + return 0; +} + + +static int sh_portchk_transient(int port, struct sh_sockaddr * saddr, int proto) +{ + struct sh_port * transient; + struct sh_port * head; + + if (sh_portchk_transients == S_FALSE) + return 0; + + if (proto == IPPROTO_TCP) + head = transient_tcp; + else + head = transient_udp; + + transient = head; + + while (transient) + { + if (transient->port == port && + 0 == sh_ipvx_cmp(head->paddr, saddr)) + return -1; + transient = transient->next; + } + + transient = SH_ALLOC (sizeof(struct sh_port)); + transient->paddr = SH_ALLOC (sizeof(struct sh_sockaddr)); + transient->port = port; + memcpy(transient->paddr, saddr, sizeof(struct sh_sockaddr)); + transient->next = head; + + if (proto == IPPROTO_TCP) + transient_tcp = transient; + else + transient_udp = transient; + + if (portchk_debug) + { + int checkit = sh_portchk_is_transient(port, saddr, proto); + fprintf(stderr, _("port transient: %d %s\n"), port, + (checkit == 1) ? _("ok") : _("fail")); + } + return 0; +} + + /* Subroutine to add a required or optional port/service */ static int sh_portchk_add_required_port_generic (char * service, @@ -1717,9 +2229,9 @@ static int sh_portchk_add_required_port_generic (char * service, p = strchr(buf, '/'); if (!p) return -1; - if (0 == strcmp(p, _("/tcp"))) + if (0 == strcasecmp(p, _("/tcp"))) proto = IPPROTO_TCP; - else if (0 == strcmp(p, _("/udp"))) + else if (0 == strcasecmp(p, _("/udp"))) proto = IPPROTO_UDP; else return -1; @@ -1927,6 +2439,11 @@ int sh_portchk_check () SH_MUTEX_UNLOCK(mutex_thread_nolog); sh_portchk_reset_lists(); + +#if defined(HAVE_IFADDRS_H) + recheck_devices(); +#endif + if ((0 != geteuid()) && (min_port < 1024)) { min_port = 1024; diff --git a/src/sh_prelude.c b/src/sh_prelude.c index 74fda3a..d00e9b4 100644 --- a/src/sh_prelude.c +++ b/src/sh_prelude.c @@ -37,6 +37,7 @@ #include <stdio.h> #include <string.h> +#include <ctype.h> #include <sys/types.h> #if TIME_WITH_SYS_TIME @@ -809,8 +810,6 @@ static int get_service_info(char *msg, idmef_alert_t *alert) port = strtol(ptr, &end, 0); if ( *ptr && *end == '\0' && port >= 0 && port < 65536) { - char * tmpw; - if ( ! source ) { ret = idmef_alert_new_source(alert, &source, IDMEF_LIST_APPEND); if ( ret < 0 ) { diff --git a/src/sh_processcheck.c b/src/sh_processcheck.c index f5601c9..a5786f0 100644 --- a/src/sh_processcheck.c +++ b/src/sh_processcheck.c @@ -751,7 +751,7 @@ static short sh_processes_check (pid_t pid, short res) #endif #endif -#if !defined(sun) && !defined(__sun) && !defined(__sun__) +#if !defined(sun) && !defined(__sun) && !defined(__sun__) && !defined(__OpenBSD__) && !defined(__APPLE__) #ifdef _POSIX_PRIORITY_SCHEDULING struct sched_param p; #endif @@ -785,8 +785,9 @@ static short sh_processes_check (pid_t pid, short res) #endif /* sched_getparam() is broken on solaris 10, may segfault in librt + * also not on MacOS */ -#if !defined(sun) && !defined(__sun) && !defined(__sun__) +#if !defined(sun) && !defined(__sun) && !defined(__sun__) && !defined(__OpenBSD__) && !defined(__APPLE__) #ifdef _POSIX_PRIORITY_SCHEDULING if (0 == sched_getparam (pid, &p)) { diff --git a/src/sh_readconf.c b/src/sh_readconf.c index 892be10..a37bc4e 100644 --- a/src/sh_readconf.c +++ b/src/sh_readconf.c @@ -33,7 +33,7 @@ #include "sh_unix.h" #include "sh_files.h" #include "sh_xfer.h" -#include "sh_gpg.h" +#include "sh_sig.h" #include "sh_hash.h" #include "sh_dbIO.h" #include "sh_ignore.h" @@ -351,8 +351,8 @@ int sh_readconf_read (void) #if defined(SH_STEALTH) && !defined(SH_STEALTH_MICRO) SL_TICKET fdTmp = -1; #endif -#if defined(WITH_GPG) || defined(WITH_PGP) - SL_TICKET fdGpg = -1; +#if defined(WITH_SIG) + SL_TICKET fdSIG = -1; #endif char * tmp; @@ -368,7 +368,7 @@ int sh_readconf_read (void) int local_file = 1; char local_flag = 'R'; -#if defined(WITH_GPG) || defined(WITH_PGP) +#if defined(WITH_SIG) int signed_content = S_FALSE; int true_content = S_FALSE; #endif @@ -469,8 +469,8 @@ int sh_readconf_read (void) { sl_write_line(fdTmp, line_in, sl_strlen(line_in)); } -#if defined(WITH_GPG) || defined(WITH_PGP) - if (0 == sl_strncmp(line_in, _("-----END PGP SIGNATURE-----"), 25)) +#if defined(WITH_SIG) + if (S_TRUE == sh_sig_data_end(line_in)) break; #else if (0 == sl_strncmp(line_in, _("[EOF]"), 5)) @@ -484,18 +484,18 @@ int sh_readconf_read (void) sl_rewind (fd); #endif -#if defined(WITH_GPG) || defined(WITH_PGP) +#if defined(WITH_SIG) /* extract the data and copy to temporary file */ - fdGpg = sh_gpg_extract_signed(fd); + fdSIG = sh_sig_extract_signed(fd); sl_close(fd); - fd = fdGpg; + fd = fdSIG; /* Validate signature of open file. */ - if (0 != sh_gpg_check_sign (fd, SIG_CONF)) + if (0 != sh_sig_check_signature (fd, SIG_CONF)) { SH_FREE(line_in); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_EXIT_ABORT1, sh.prg_name); @@ -519,26 +519,19 @@ int sh_readconf_read (void) /* Sun May 27 18:40:05 CEST 2001 */ -#if defined(WITH_GPG) || defined(WITH_PGP) +#if defined(WITH_SIG) if (signed_content == S_FALSE) { - if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + if (S_TRUE == sh_sig_msg_start(line)) signed_content = S_TRUE; else continue; } - else if (true_content == S_FALSE) - { - if (line[0] == '\n') - true_content = S_TRUE; - else - continue; - } - else if (signed_content == S_TRUE) + else /* if (signed_content == S_TRUE) */ { - if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNATURE-----"))) + if (S_TRUE == sh_sig_msg_end(line)) break; - else if (0 == sl_strcmp(line, _("-----BEGIN PGP SIGNED MESSAGE-----"))) + else if (S_TRUE == sh_sig_msg_start(line)) { sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, _("second signed message in file"), @@ -551,6 +544,14 @@ int sh_readconf_read (void) aud_exit (FIL__, __LINE__,EXIT_FAILURE); } } + + if (true_content == S_FALSE) /* continue if in header */ + { + if (S_TRUE == sh_sig_msg_startdata(line)) + true_content = S_TRUE; + else + continue; + } #endif /* Skip leading white space. @@ -1017,6 +1018,10 @@ cfg_options ext_table[] = { { N_("useaclcheck"), SH_SECTION_MISC, SH_SECTION_NONE, sh_unix_setcheckacl }, #endif +#if !defined(SH_COMPILE_STATIC) && defined(__linux__) && defined(HAVE_AUPARSE_H) && defined(HAVE_AUPARSE_LIB) + { N_("setauditdflags"), SH_SECTION_MISC, SH_SECTION_NONE, + sh_audit_set_flags }, +#endif { N_("loosedircheck"), SH_SECTION_MISC, SH_SECTION_NONE, sh_hash_loosedircheck }, { N_("addokchars"), SH_SECTION_MISC, SH_SECTION_NONE, @@ -1142,6 +1147,8 @@ cfg_options ext_table[] = { sh_xfer_set_port }, { N_("setserverinterface"), SH_SECTION_SRV, SH_SECTION_MISC, sh_xfer_set_interface }, + { N_("alias"), SH_SECTION_CLIENTS, SH_SECTION_NONE, + sh_xfer_register_alias }, { N_("client"), SH_SECTION_CLIENTS, SH_SECTION_NONE, sh_xfer_register_client }, #endif diff --git a/src/sh_registry.c b/src/sh_registry.c index 16502a6..f940cd2 100644 --- a/src/sh_registry.c +++ b/src/sh_registry.c @@ -349,7 +349,7 @@ static void report_missing_entry(const char * path) char timestr[32]; struct store2db save; - memset(&save, '\0', sizeof(struct store2db)); + memset(&save, 0, sizeof(struct store2db)); sh_hash_db2pop (path, &save); (void) sh_unix_gmttime (save.val1, timestr, sizeof(timestr)); @@ -681,7 +681,7 @@ int QueryKey(HKEY hKey, char * path, size_t pathlen, int isSingle) { struct store2db save; - memset(&save, '\0', sizeof(struct store2db)); + memset(&save, 0, sizeof(struct store2db)); if (tPath) { @@ -773,7 +773,7 @@ int QueryKey(HKEY hKey, char * path, size_t pathlen, int isSingle) { struct store2db save; - memset(&save, '\0', sizeof(struct store2db)); + memset(&save, 0, sizeof(struct store2db)); save.val0 = totalSize; save.val1 = fTime; @@ -840,6 +840,9 @@ int CheckThisSubkey (HKEY key, char * subkey, char * path, int isSingle, char * newpath; size_t len; int retval = -1; + + if (!subkey) + return 0; len = strlen(path) + 1 + strlen(subkey) + 1; newpath = SH_ALLOC(len); @@ -933,7 +936,7 @@ int CheckThisSubkey (HKEY key, char * subkey, char * path, int isSingle, int check_key (char * key, int isSingle) { HKEY topKey; - char * subkey; + char * subkey = NULL; char path[20] = ""; int pos = 0; @@ -973,7 +976,7 @@ int check_key (char * key, int isSingle) } else { - + /* We bail out here if the topKey is undefined */ char * tmp = sh_util_safe_name_keepspace(key); size_t tlen = sl_strlen(tmp); @@ -1002,6 +1005,8 @@ int check_key (char * key, int isSingle) } *************************/ + /* Returns 0 if !subkey */ + /* cppcheck-suppress uninitvar */ return CheckThisSubkey (topKey, subkey, path, isSingle, 0); } diff --git a/src/sh_restrict.c b/src/sh_restrict.c index 4e255e3..7409751 100644 --- a/src/sh_restrict.c +++ b/src/sh_restrict.c @@ -603,7 +603,7 @@ void Test_restrict (CuTest *tc) { CuAssertIntEquals(tc,0,res); CuAssertPtrNotNull(tc, sh_restrict_list); -#if !defined(HOST_IS_CYGWIN) +#if !defined(HOST_IS_CYGWIN) && !defined(HOST_IS_DARWIN) res = sh_restrict_this("/bin/sh", 1000, 0755, fd); CuAssertIntEquals(tc,1,res); #endif diff --git a/src/sh_sem.c b/src/sh_sem.c index 3de83b4..66c21db 100644 --- a/src/sh_sem.c +++ b/src/sh_sem.c @@ -43,11 +43,12 @@ typedef enum { exit_err = 3 } sh_estat; -#if 0 + /* FreeBSD 6.1 defines this in <sys/sem.h> too... */ #if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED) /* union semun is defined by including <sys/sem.h> */ #else +#if !defined(HAVE_UNION_SEMUN) /* according to X/OPEN we have to define it ourselves */ union semun { int val; @@ -57,6 +58,7 @@ union semun { #endif #endif + #define SH_SEMVMX 32767 static int get_semaphore (void) @@ -74,8 +76,12 @@ static int get_semaphore (void) static void sem_purge(int sem_id) { + union semun tmp; + + tmp.val = 0; + if (sem_id != -1) - semctl(sem_id, 0, IPC_RMID, (int)0); + semctl(sem_id, 0, IPC_RMID, tmp); return; } @@ -102,6 +108,7 @@ static int init_semaphore (int nsems) mode_t mask; int semid; int errnum; + union semun tmp; key_t key = ftok(DEFAULT_DATAROOT, '#'); if (key < 0) @@ -111,11 +118,13 @@ static int init_semaphore (int nsems) semid = semget (key, nsems, IPC_CREAT | IPC_EXCL | 0660); errnum = errno; umask(mask); + + tmp.val = 1; if (semid < 0) return report_err(errnum, FIL__, __LINE__, _("semget")); for (i=0; i<nsems; ++i) - if (semctl (semid, i, SETVAL, (int) 1) == -1) + if (semctl (semid, i, SETVAL, tmp) == -1) return report_err(errnum, FIL__, __LINE__, _("semclt")); return semid; } @@ -123,18 +132,24 @@ static int init_semaphore (int nsems) static int sem_set(int semid, int sem_no, int val) { + union semun tmp; + + tmp.val = val; + if (semid < 0) return -1; - if (semctl (semid, sem_no, SETVAL, val) == -1) + if (semctl (semid, sem_no, SETVAL, tmp) == -1) return -1; return 0; } static int sem_get(int semid, int sem_no) { + union semun tmp; if (semid < 0) return -1; - return semctl (semid, sem_no, GETVAL, (int) 0); + tmp.val = 0; + return semctl (semid, sem_no, GETVAL, tmp); } diff --git a/src/sh_sig.c b/src/sh_sig.c new file mode 100644 index 0000000..ea8c3cb --- /dev/null +++ b/src/sh_sig.c @@ -0,0 +1,1789 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 1999, 2000 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#include <stdio.h> +#include <stdlib.h> + + +#if defined(WITH_SIG) + +#include <unistd.h> +#include <fcntl.h> +#include <signal.h> +#if defined(SH_WITH_SERVER) +#include <pwd.h> +#endif +#include <sys/stat.h> +#include <sys/types.h> +#include <errno.h> +#include <sys/wait.h> + +#include <string.h> +#ifdef HAVE_MEMORY_H +#include <memory.h> +#endif + + +#if !defined(O_NONBLOCK) +#if defined(O_NDELAY) +#define O_NONBLOCK O_NDELAY +#else +#define O_NONBLOCK 0 +#endif +#endif + + +#include "samhain.h" +#include "sh_utils.h" +#include "sh_error.h" +#include "sh_tiger.h" +#if defined(SH_WITH_SERVER) +#define SH_NEED_PWD_GRP 1 +#include "sh_static.h" +#endif +#include "sh_sig.h" + +int get_the_fd(SL_TICKET file_1); + +#if defined(WITH_GPG) +static struct { + char conf_id[SH_MINIBUF+1]; + char conf_fp[SH_MINIBUF+1]; + char data_id[SH_MINIBUF+1]; + char data_fp[SH_MINIBUF+1]; +} gp; +#endif + +typedef struct { + pid_t pid; + FILE * pipe; +} sh_gpg_popen_t; + +#define SH_SIG_OK 0 +#define SH_SIG_BAD 1 +#define SH_SIG_BADSIGN 2 + +/* replace #if 0 by #if 1 and set an appropriate path in front of '/pdbg.' + * for debugging + */ +#if 0 +#define PDGBFILE "/pdbg." +#endif + +#if defined(PDGBFILE) +FILE * pdbg; +FILE * pdbgc; +#define PDBG_OPEN pdbg = fopen(PDGBFILE"main", "a") +#define PDBG_CLOSE sl_fclose (FIL__, __LINE__, pdbg) +#define PDBG(arg) fprintf(pdbg, "PDBG: step %d\n", arg); fflush(pdbg) +#define PDBG_D(arg) fprintf(pdbg, "PDBG: %d\n", arg); fflush(pdbg) +#define PDBG_S(arg) fprintf(pdbg, "PDBG: %s\n", arg); fflush(pdbg) + +#define PDBGC_OPEN pdbgc = fopen(PDGBFILE"child", "a") +#define PDBGC_CLOSE sl_fclose (FIL__, __LINE__, pdbgc) +#define PDBGC(arg) fprintf(pdbgc, "PDBG: step %d\n", arg); fflush(pdbgc) +#define PDBGC_D(arg) fprintf(pdbgc, "PDBG: %d\n", arg); fflush(pdbgc) +#define PDBGC_S(arg) fprintf(pdbgc, "PDBG: %s\n", arg); fflush(pdbgc) +#else +#define PDBG_OPEN +#define PDBG_CLOSE +#define PDBG(arg) +#define PDBG_D(arg) +#define PDBG_S(arg) +#define PDBGC_OPEN +#define PDBGC_CLOSE +#define PDBGC(arg) +#define PDBGC_D(arg) +#define PDBGC_S(arg) +#endif + +#undef FIL__ +#define FIL__ _("sh_sig.c") + +#if defined(SIG_HASH) || defined(SIG_KEY_HASH) + +typedef enum { SIG_HASH_REPORT, SIG_HASH_REPORTFULL, SIG_HASH_OTHER } checksum_flag; + +static int sh_sig_checksum (SL_TICKET checkfd, checksum_flag flag, const char * expected_in, const char * path) +{ + char * test_sig; + char * expected = NULL; + char * test_ptr1 = NULL; + char * test_ptr2 = NULL; + char wstrip1[128]; + char wstrip2[128]; + int i, k; +#include "sh_sig_chksum.h" + + SL_ENTER(_("sh_sig_checksum")); + + + if (flag == SIG_HASH_OTHER) + expected = sh_util_strdup(expected_in); + + if (flag == SIG_HASH_OTHER) + test_sig = sh_tiger_hash_gpg (path, checkfd, TIGER_NOLIM); + else + test_sig = sh_tiger_hash_gpg (DEFAULT_SIG_PATH, checkfd, TIGER_NOLIM); + + test_ptr1 = (flag == SIG_HASH_OTHER) ? strchr(expected, ':') : strchr(SIG_HASH, ':'); + if (test_ptr1 != NULL) + test_ptr1 += 2; + else + test_ptr1 = (flag == SIG_HASH_OTHER) ? expected : SIG_HASH; + + if (test_sig != NULL) + test_ptr2 = strchr(test_sig, ':'); + if (test_ptr2 != NULL) + test_ptr2 += 2; + else + test_ptr2 = test_sig; + + /* Tue Jun 24 23:11:54 CEST 2003 (1.7.9) -- strip whitespace + */ + k = 0; + for (i = 0; i < 127; ++i) + { + if (test_ptr1[i] == '\0') + break; + if (test_ptr1[i] != ' ') + { + wstrip1[k] = test_ptr1[i]; + ++k; + } + } + wstrip1[k] = '\0'; + + if (flag != SIG_HASH_OTHER) + { + for(i = 0; i < KEY_LEN; ++i) + { + if (sigchk[i] != wstrip1[i]) + { + sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0, MSG_E_GPG_CHK, + sigchk, wstrip1); + break; + } + } + } + + k = 0; + if (test_ptr2) + { + for (i = 0; i < 127; ++i) + { + if (test_ptr2[i] == '\0') + break; + if (test_ptr2[i] != ' ') + { + wstrip2[k] = test_ptr2[i]; + ++k; + } + } + } + wstrip2[k] = '\0'; + + if (0 != sl_strncmp(wstrip1, wstrip2, 127)) + { + TPT(((0), FIL__, __LINE__, _("msg=<sig checksum: %s>\n"), test_sig)); + TPT(((0), FIL__, __LINE__, _("msg=<compiled in : %s>\n"), (flag == SIG_HASH_OTHER) ? expected : SIG_HASH)); + TPT(((0), FIL__, __LINE__, _("msg=<wstrip1 : %s>\n"), wstrip1)); + TPT(((0), FIL__, __LINE__, _("msg=<wstrip2 : %s>\n"), wstrip2)); + if (flag == SIG_HASH_REPORTFULL) + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_GPG, + SIG_HASH, test_sig); + if (flag == SIG_HASH_OTHER) + dlog(1, FIL__, __LINE__, _("The compiled-in checksum of the public key %s\n(%s)\ndoes not match the actual checksum\n(%s).\nYou need to recompile with the correct checksum."), path, wstrip1, wstrip2); + else + dlog(1, FIL__, __LINE__, _("The compiled-in checksum of the signature checking binary %s\n(%s)\ndoes not match the actual checksum\n(%s).\nYou need to recompile with the correct checksum."), DEFAULT_SIG_PATH, wstrip1, wstrip2); + SH_FREE(test_sig); + if (expected) + SH_FREE(expected); + SL_RETURN((-1), _("sh_sig_checksum")); + } + SH_FREE(test_sig); + if (expected) + SH_FREE(expected); + SL_RETURN( (0), _("sh_sig_checksum")); +} +#endif + +struct startup_info { + long line; + char * program; + long uid; + char * path; + char * key_uid; + char * key_id; +}; + +static struct startup_info startInfo = { 0, NULL, 0, NULL, NULL, NULL }; + +static void sh_sig_fill_startup (long line, char * program, long uid, char * path, + char * key_uid, char * key_id) +{ + startInfo.line = line; + startInfo.program = sh_util_strdup(program); + startInfo.uid = uid; + startInfo.path = sh_util_strdup(path); + if (key_uid) + startInfo.key_uid = sh_util_strdup(key_uid); + else + startInfo.key_uid = sh_util_strdup(_("(not given)")); + if (key_id) + startInfo.key_id = sh_util_strdup(key_id); + else + startInfo.key_id = sh_util_strdup(_("(not given)")); + return; +} + +typedef enum { SIG_DATASIG, SIG_DATAONLY } extractlevel; + + +static FILE * sh_sig_popen (char *const argv[], sh_gpg_popen_t *source, int fd); + + +static FILE * sh_sig_popen (char *const arg[], sh_gpg_popen_t *source, int fd) +{ + size_t len; + extern int flag_err_debug; + int pipedes[2]; + FILE * outf = NULL; + char * envp[2]; + +#if defined(HAVE_SIG_CHECKSUM) + SL_TICKET checkfd = -1; + int myrand; + int i; +#if defined(__linux__) + int get_the_fd(SL_TICKET); + char pname[128]; + int pfd; + int val_return; +#endif +#endif + + SL_ENTER(_("sh_sig_popen")); + + /* use homedir of effective user + */ + len = sl_strlen(sh.effective.home) + 6; + envp[0] = calloc(1, len); /* free() ok */ + if (envp[0] != NULL) + sl_snprintf (envp[0], len, _("HOME=%s"), sh.effective.home); + envp[1] = NULL; + + /* Create the pipe + */ + if (aud_pipe(FIL__, __LINE__, pipedes) < 0) + { + if (envp[0] != NULL) + free(envp[0]); + SL_RETURN( (NULL), _("sh_gpg_popen")); + } + + fflush (NULL); + + source->pid = aud_fork(FIL__, __LINE__); + + /* Failure + */ + if (source->pid == (pid_t) - 1) + { + sl_close_fd(FIL__, __LINE__, pipedes[0]); + sl_close_fd(FIL__, __LINE__, pipedes[1]); + if (envp[0] != NULL) + free(envp[0]); + SL_RETURN( (NULL), _("sh_sig_popen")); + } + + if (source->pid == (pid_t) 0) + { + + /* child - make read side of the pipe stdout + */ + if (retry_aud_dup2(FIL__, __LINE__, + pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0) + { + TPT(((0), FIL__, __LINE__, _("msg=<dup2 on pipe failed>\n"))); + dlog(1, FIL__, __LINE__, _("Internal error: dup2 failed\n")); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* close the pipe descriptors + */ + sl_close_fd (FIL__, __LINE__, pipedes[STDIN_FILENO]); + sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); + + if (retry_aud_dup2(FIL__, __LINE__, fd, STDIN_FILENO) < 0) + { + TPT(((0), FIL__, __LINE__, _("msg=<dup2 on fd failed>\n"))); + dlog(1, FIL__, __LINE__, _("Internal error: dup2 failed\n")); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* don't leak file descriptors + */ + sh_unix_closeall (3, -1, S_TRUE); /* in child process */ + + if (flag_err_debug != S_TRUE) + { + if (NULL == freopen(_("/dev/null"), "r+", stderr)) + { + dlog(1, FIL__, __LINE__, _("Internal error: freopen failed\n")); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + } + + + /* We should become privileged if SUID, + * to be able to read the keyring. + * We have checked that gpg is OK, + * AND that only a trusted user could overwrite + * gpg. + */ + memset (skey, 0, sizeof(sh_key_t)); + aud_setuid(FIL__, __LINE__, geteuid()); + + PDBGC_OPEN; + PDBGC_D((int)getuid()); + PDBGC_D((int)geteuid()); + + { + int i = 0; + while (arg[i] != NULL) + { + PDBGC_S(arg[i]); + ++i; + } + } + PDBGC_CLOSE; + + /* exec the program */ + +#if defined(__linux__) && defined(HAVE_SIG_CHECKSUM) + /* + * -- emulate an fexecve with checksum testing + */ + checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_SIG_PATH, SL_NOPRIV); + + if (0 != sh_sig_checksum(checkfd, SIG_HASH_REPORT, NULL, NULL)) + { + sl_close(checkfd); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + + pfd = get_the_fd(checkfd); + do { + val_return = dup (pfd); + } while (val_return < 0 && errno == EINTR); + pfd = val_return; + sl_close(checkfd); + /* checkfd = -1; *//* never read */ + + sl_snprintf(pname, sizeof(pname), _("/proc/self/fd/%d"), pfd); + if (0 == access(pname, R_OK|X_OK)) /* flawfinder: ignore */ + + { + fcntl (pfd, F_SETFD, FD_CLOEXEC); + retry_aud_execve (FIL__, __LINE__, pname, arg, envp); + + dlog(1, FIL__, __LINE__, _("Unexpected error: execve %s failed\n"), + pname); + /* failed + */ + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* procfs not working, go ahead + */ +#endif + +#if defined(HAVE_SIG_CHECKSUM) + /* This is an incredibly ugly kludge to prevent an attacker + * from knowing when it is safe to slip in a fake executable + * between the integrity check and the execve + */ + myrand = (int) taus_get (); + + myrand = (myrand < 0) ? (-myrand) : myrand; + myrand = (myrand % 32) + 2; + + for (i = 0; i < myrand; ++i) + { + checkfd = sl_open_fastread(FIL__, __LINE__, + DEFAULT_SIG_PATH, SL_NOPRIV); + + if (0 != sh_sig_checksum(checkfd, SIG_HASH_REPORT, NULL, NULL)) { + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + sl_close(checkfd); + } +#endif + + retry_aud_execve (FIL__, __LINE__, DEFAULT_SIG_PATH, arg, envp); + dlog(1, FIL__, __LINE__, _("Unexpected error: execve %s failed\n"), + DEFAULT_SIG_PATH); + + /* failed + */ + TPT(((0), FIL__, __LINE__, _("msg=<execve failed>\n"))); + dlog(1, FIL__, __LINE__, _("Unexpected error: execve failed\n")); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + + /* parent + */ + + if (envp[0] != NULL) + free(envp[0]); + + sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); + retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO], F_SETFD, FD_CLOEXEC); + retry_fcntl (FIL__, __LINE__, pipedes[STDIN_FILENO], F_SETFL, O_NONBLOCK); + + outf = fdopen (pipedes[STDIN_FILENO], "r"); + + if (outf == NULL) + { + aud_kill (FIL__, __LINE__, source->pid, SIGKILL); + sl_close_fd (FIL__, __LINE__, pipedes[STDOUT_FILENO]); + waitpid (source->pid, NULL, 0); + source->pid = 0; + SL_RETURN( (NULL), _("sh_sig_popen")); + } + + SL_RETURN( (outf), _("sh_sig_popen")); +} + + +static int sh_sig_pclose (sh_gpg_popen_t *source) +{ + int status = 0; + + SL_ENTER(_("sh_sig_pclose")); + + status = sl_fclose(FIL__, __LINE__, source->pipe); + if (status) + SL_RETURN( (-1), _("sh_sig_pclose")); + + if (waitpid(source->pid, NULL, 0) != source->pid) + status = -1; + + source->pipe = NULL; + source->pid = 0; + SL_RETURN( (status), _("sh_sig_pclose")); +} + +/* This is signify specific stuff + */ +#if defined(WITH_SIGNIFY) + +#include <ctype.h> + +static +int sh_signify_comp_comm(const char * line, size_t * commlen) +{ + /* check for a valid comment line: not exceeding 1023 chars and + * starting with 'untrusted comment: ' */ + static char cmp[SH_MINIBUF]; + static size_t cmp_len = 0; + + size_t len = sl_strlen(line); + + if (cmp_len == 0) { + sl_strlcpy(cmp, _("untrusted comment: "), sizeof(cmp)); + cmp_len = strlen(cmp); + } + + if (line[len-1] == '\n') { + /* signify will replace the '\n' with '\0', so 1024 -> 1023, which fits */ + if (len > 1024) return S_FALSE; + else *commlen = len; + } else { + if (len > 1023) return S_FALSE; + else *commlen = (len+1); + } + + if (len >= cmp_len && 0 == strncmp(cmp, line, cmp_len)) + return S_TRUE; + return S_FALSE; +} + +static const char bto64_0[] = N_("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"); +static char bto64[65] = { '\0' }; + +static +int sh_signify_comp_sig(const char * line, size_t commlen) +{ + char cmp[128]; + char out[128]; + size_t len = sl_strlen(line); + size_t i, j = 0; + int padf = 0; + + if (bto64[0] == '\0') + memcpy(bto64, _(bto64_0), 65); + + if (line[len-1] == '\n') { + if ((len+commlen) > 2047) return S_FALSE; + } else { + if ((len+commlen) > 2046) return S_FALSE; + } + + for (i = 0; i < len; ++i) + { + if (isspace(line[i])) { + /* signify will skip arbitrary space, using isspace() */ + continue; + } + if (line[i] == '=') { + if (padf > 1) /* more than two padding '=' */ + return S_FALSE; + else + ++padf; + } else if (!strchr(bto64, line[i]) || (line[i] == '=' && padf > 0)) { + return S_FALSE; + } + if (j < sizeof(cmp)) { + cmp[j] = line[i]; ++j; + } + } + + /* signature is 'Ed' + 8 byte random + 64 bytes = 74 bytes + * => 1 pad byte => 75 bytes => 100 b64 bytes */ + if (j != 100 || padf != 1) + return S_FALSE; + + cmp[j] = '\0'; /* j == 100 */ + sh_util_base64_dec((unsigned char *) out, (unsigned char *) cmp, j); + if(out[0] == 'E' && out[1] == 'd') + return S_TRUE; + + return S_FALSE; +} +static +int sh_signify_msg_start(const char * line) +{ + static int step = 0; + static size_t commlen = 0; + + if (step == 0) { + if (S_TRUE == sh_signify_comp_comm(line, &commlen)) + ++step; + } + else if (step == 1) { + if (S_TRUE == sh_signify_comp_sig(line, commlen)) { + ++step; + } + else { + step = 0; commlen = 0; + } + } + else if (step == 2) { + step = 0; commlen = 0; + return S_TRUE; + } + return S_FALSE; +} + +static +int sh_signify_msg_startdata(const char * line) +{ + (void) line; + return S_TRUE; +} + +static +int sh_signify_msg_end(const char * line) +{ + if (line[0] != '\0') + return S_FALSE; + return S_TRUE; +} + +static +int sh_signify_data_end(const char * line) +{ + if (line[0] == '[' && line[1] == 'E' && line[2] == 'O' && + line[3] == 'F' && line[4] == ']') + return S_TRUE; + else if (line[0] != '\0') + return S_FALSE; + return S_TRUE; +} + +static +SL_TICKET sh_signify_extract_signed(SL_TICKET fd, extractlevel extract_level) +{ + const int fgets_buf_size = 16384; + FILE * fin_cp = NULL; + char * buf = NULL; + int bufc; + char * comment = NULL; + size_t commlen = 0; + + int flag_comm = S_FALSE; + int flag_sig = S_FALSE; + SL_TICKET fdTmp = (-1); + SL_TICKET open_tmp (void); + + /* extract the data and copy to temporary file + */ + fdTmp = open_tmp(); + if (SL_ISERROR(fdTmp)) + { + dlog(1, FIL__, __LINE__, _("Error opening temporary file.\n")); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Error opening temporary file."), + _("sh_signify_extract_signed")); + return -1; + } + + fin_cp = fdopen(dup(get_the_fd(fd)), "rb"); + buf = SH_ALLOC(fgets_buf_size); + + while (NULL != fgets(buf, fgets_buf_size, fin_cp)) + { + + bufc = 0; + while (bufc < fgets_buf_size) { + if (buf[bufc] == '\n') { ++bufc; break; } + ++bufc; + } + + if (flag_comm == S_FALSE) + { + if (sh_signify_comp_comm(buf, &commlen) == S_TRUE) + { + flag_comm = S_TRUE; + if (extract_level == SIG_DATASIG) + { + comment = sh_util_strdup(buf); + commlen = bufc; + } + } + continue; + } + else if (flag_comm == S_TRUE && flag_sig == S_FALSE) + { + if (sh_signify_comp_sig(buf, commlen) == S_TRUE) + { + flag_sig = S_TRUE; + if (extract_level == SIG_DATASIG) + { + sl_write(fdTmp, comment, commlen); + sl_write(fdTmp, buf, bufc); + } + if (comment != NULL) + SH_FREE(comment); + comment = NULL; + } + else + { + if (comment != NULL) + SH_FREE(comment); + comment = NULL; commlen = 0; flag_comm = 0; + } + continue; + } + + if (flag_sig == S_TRUE) + { + sl_write(fdTmp, buf, bufc); + } + } + if (comment != NULL) + SH_FREE(comment); + sl_fclose(FIL__, __LINE__, fin_cp); + sl_rewind (fdTmp); + +#if defined(SH_DEBUG_SIGNIFY) + fin_cp = fdopen(dup(get_the_fd(fdTmp)), "rb"); + FILE * fout = fopen("xxx.out", "w+"); + while (NULL != fgets(buf, fgets_buf_size, fin_cp)) + { + fputs(buf, fout); + } + fclose(fout); + sl_rewind(fdTmp); +#endif + + SH_FREE(buf); + return fdTmp; +} + + +static FILE * sh_signify_popen (sh_gpg_popen_t *source, int fd, char * homedir) +{ + char path[256]; + char cc1[32]; + char cc2[32]; + char cc3[32]; + char cc4[SH_PATHBUF+32]; + char cc5[32]; + char cc6[32]; + char * argv[9]; + FILE * retval = NULL; + + struct stat lbuf; + int status_stat = 0; + +#ifdef HAVE_SIG_KEY_HASH + SL_TICKET checkfd; +#endif + + + SL_ENTER(_("sh_signify_popen")); + + sl_strlcpy (path, DEFAULT_SIG_PATH, 256); + + sl_strlcpy (cc1, _("-Vem"), 32); + sl_strlcpy (cc2, _("/dev/null"), 32); + + sl_strlcpy (cc3, _("-p"), 32); + sl_strlcpy (cc4, homedir, SH_PATHBUF+32); + sl_strlcat (cc4, _("/.signify/"), SH_PATHBUF+32); + sl_strlcat (cc4, SH_INSTALL_NAME, SH_PATHBUF+32); + sl_strlcat (cc4, _(".pub"), SH_PATHBUF+32); + + /* read signed message from stdin */ + sl_strlcpy (cc5, _("-x"), 32); + sl_strlcpy (cc6, _("-"), 32); + + status_stat = retry_lstat(FIL__, __LINE__, cc4, &lbuf); + if (status_stat == -1) + { + dlog(1, FIL__, __LINE__, + _("Signify public key %s\ndoes not exist or is not accessible.\nPlease add the directory and put the key there\nto allow signature verification.\n"), + cc4); + sh_error_handle((-1), FIL__, __LINE__, status_stat, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } +#ifdef HAVE_SIG_KEY_HASH + checkfd = sl_open_read(FIL__, __LINE__, cc4, SL_YESPRIV); + + if (0 != sh_sig_checksum(checkfd, SIG_HASH_OTHER, SIG_KEY_HASH, cc4)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Checksum mismatch for signify public key"), + _("signify_popen")); + sl_close(checkfd); + sh_error_handle((-1), FIL__, __LINE__, status_stat, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + sl_close(checkfd); +#endif + + argv[0] = path; + argv[1] = cc1; + argv[2] = cc2; + argv[3] = cc3; + argv[4] = cc4; + argv[5] = cc5; + argv[6] = cc6; + argv[7] = NULL; + + retval = sh_sig_popen(argv, source, fd); + SL_RETURN((retval), _("sh_signify_popen")); +} + +static +int sh_signify_check_file_sign(int fd, char * homedir) +{ + struct stat buf; + char line[256]; + sh_gpg_popen_t source; + int status = 0; + unsigned int n_goodsig = 0; + unsigned int n_lines = 0; + +#ifdef HAVE_SIG_CHECKSUM + SL_TICKET checkfd; +#endif + + SL_ENTER(_("sh_signify_check_file_sign")); + + /* check whether signify exists and has the correct checksum + */ + TPT(((0), FIL__, __LINE__, _("msg=<Check signature>\n"))); + TPT(((0), FIL__, __LINE__, _("msg=<signify is %s>\n"), DEFAULT_SIG_PATH)); + + if (0 != retry_lstat(FIL__, __LINE__, DEFAULT_SIG_PATH, &buf)) + { + char errbuf[SH_ERRBUF_SIZE]; + + status = errno; + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, + sh_error_message(status, errbuf, sizeof(errbuf)), DEFAULT_SIG_PATH); + SL_RETURN( SH_SIG_BAD, _("sh_signify_check_file_sign")); + } + + if (0 != tf_trust_check (DEFAULT_SIG_PATH, SL_YESPRIV)) + SL_RETURN( SH_SIG_BAD, _("sh_signify_check_file_sign")); + +#ifdef HAVE_SIG_CHECKSUM + checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_SIG_PATH, SL_YESPRIV); + + if (0 != sh_sig_checksum(checkfd, SIG_HASH_REPORTFULL, NULL, NULL)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Checksum mismatch"), + _("signify_check_file_sign")); + sl_close(checkfd); + SL_RETURN( SH_SIG_BAD, _("sh_signify_check_file_sign")); + } + sl_close(checkfd); +#endif + + TPT(((0), FIL__, __LINE__, _("msg=<Open pipe to check signature>\n"))); + + fflush(NULL); + + source.pipe = sh_signify_popen ( &source, fd, homedir ); + + if (NULL == source.pipe) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Could not open pipe"), + _("signify_check_file_sign")); + SL_RETURN( SH_SIG_BAD, _("sh_signify_check_file_sign")); + } + + TPT(((0), FIL__, __LINE__, _("msg=<Open pipe success>\n"))); + + xagain: + + errno = 0; + + while (NULL != fgets(line, sizeof(line), source.pipe)) + { + TPT(((0), FIL__, __LINE__, _("msg=<signify out: %s>\n"), line)); + if (line[strlen(line)-1] == '\n') + line[strlen(line)-1] = ' '; + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + line, + _("signify_check_file_sign")); + + ++n_lines; + + /* the '\n' has been replaced with ' ' for logging */ + if (0 == sl_strcmp(_("Signature Verified "), line)) + { + ++n_goodsig; + } + } + + if (ferror(source.pipe) && errno == EAGAIN) + { + /* sleep 10 ms to avoid starving the gpg child writing to the pipe */ + retry_msleep(0,10); + clearerr(source.pipe); + goto xagain; + } + + if (0 != sh_sig_pclose (&source)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Error on closing process pipe"), + _("signify_check_file_sign")); + n_goodsig = 0; + } + + TPT(((0), FIL__, __LINE__, _("msg=<Close pipe>\n"))); + + if (n_goodsig == 1 && n_lines == 1) + { + TPT(((0), FIL__, __LINE__, _("msg=<Signature Verified>\n"))); + SL_RETURN( SH_SIG_OK, _("sh_signature_check_file_sign")); + } + else + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Error verifying file signature"), + _("signify_check_file_sign")); + } + SL_RETURN( SH_SIG_BADSIGN, _("sh_signature_check_file_sign")); +} + + +int sh_signify_check_signature (SL_TICKET file, ShSigFile what) +{ + int status = SH_SIG_BAD; + int fd = 0; + + static int smsg = S_FALSE; + + char * homedir = sh.effective.home; + char * home_alloc = NULL; +#if defined(SH_WITH_SERVER) + struct passwd * tempres; +#if defined(USE_GETPWNAM_R) + struct passwd pwd; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); +#endif +#endif + + SL_ENTER(_("sh_signify_check_sign")); + + (void) what; + + fd = get_the_fd(file); + + if (fd < 0) + { + TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); + dlog(1, FIL__, __LINE__, + _("This looks like an unexpected internal error.\n")); +#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) + SH_FREE(buffer); +#endif + SL_RETURN( (-1), _("sh_signify_check_sign")); + } + +#if defined(SH_WITH_SERVER) +#if defined(USE_GETPWNAM_R) + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); +#else + tempres = sh_getpwnam(DEFAULT_IDENT); +#endif + if ((tempres != NULL) && (0 == sl_ret_euid())) + { + /* privileges not dropped yet*/ + homedir = tempres->pw_dir; + } +#endif + + home_alloc = sh_util_strdup(homedir); + + TPT(((0), FIL__, __LINE__, _("msg=<SIGNIFY_CHECK: FD = %d>\n"), fd)); + status = sh_signify_check_file_sign(fd, homedir); + + if (status != SH_SIG_OK) + { + TPT(((0), FIL__, __LINE__, _("msg=<Status = %d>\n"), status)); + dlog(1, FIL__, __LINE__, + _("The signature of the configuration file or the file signature database\ncould not be verified. Possible reasons are:\n - signify binary (%s) not found\n - invalid signature\n - there is no keyfile in %s/.signify/%s.pub, or\n - the file is not signed - did you move /filename.sig to /filename ?\nTo create a signed file, use (remove old signatures before):\n signify|signify-openbsd -Se -s KEYNAME.sec -m FILE\n mv FILE.sig FILE\n"), + DEFAULT_SIG_PATH, home_alloc, SH_INSTALL_NAME); + SH_FREE(home_alloc); + SL_RETURN( (-1), _("sh_signify_check_sign")); + } + + if (smsg == S_FALSE) + { + sh_sig_fill_startup (__LINE__, + sh.prg_name, sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? + _("(hidden)") : file_path('C', 'R'), + NULL, NULL); + } + smsg = S_TRUE; + + SH_FREE(home_alloc); + SL_RETURN(0, _("sh_signify_check_sign")); +} + +/* This is GPG specific stuff + */ +#elif defined(WITH_GPG) +static FILE * sh_gpg_popen (sh_gpg_popen_t *source, int fd, char * homedir) +{ + char path[256]; + char cc1[32]; + char cc2[32]; + + char cc0[2] = "-"; + char cc3[32]; + char cc4[SH_PATHBUF+32]; + char cc5[32]; + char * argv[9]; + FILE * retval = NULL; + + + SL_ENTER(_("sh_gpg_popen")); + + /* -- GnuPG -- */ + sl_strlcpy (path, DEFAULT_SIG_PATH, 256); + sl_strlcpy (cc1, _("--status-fd"), 32); + sl_strlcpy (cc2, _("--verify"), 32); + sl_strlcpy (cc3, _("--homedir"), 32); + /* sl_strlcpy (cc4, sh.effective.home, SH_PATHBUF+32); */ + sl_strlcpy (cc4, homedir, SH_PATHBUF+32); + sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); + sl_strlcpy (cc5, _("--no-tty"), 32); + +#if defined(SH_WITH_SERVER) + if (0 == sl_ret_euid()) /* privileges not dropped yet */ + { + struct stat lbuf; + int status_stat = 0; +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + struct passwd pwd; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); + struct passwd * tempres; + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); +#else + struct passwd * tempres = sh_getpwnam(DEFAULT_IDENT); +#endif + + if (!tempres) + { + dlog(1, FIL__, __LINE__, + _("User %s does not exist. Please add the user to your system.\n"), + DEFAULT_IDENT); + status_stat = -1; + } + if (!tempres->pw_dir || tempres->pw_dir[0] == '\0') + { + dlog(1, FIL__, __LINE__, + _("User %s does not have a home directory.\nPlease add the home directory for this user to your system.\n"), + DEFAULT_IDENT); + status_stat = -2; + } + if (status_stat == 0) + { + sl_strlcpy (cc4, tempres->pw_dir, SH_PATHBUF+32); + sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); + status_stat = retry_lstat(FIL__, __LINE__, cc4, &lbuf); + if (status_stat == -1) + { + dlog(1, FIL__, __LINE__, + _("Gnupg directory %s for user %s\ndoes not exist or is not accessible.\nPlease add the directory and put the keyring (pubring.gpg or pubring.kbx) there\nto verify the configuration file.\n"), + cc4, DEFAULT_IDENT); + status_stat = -3; + } + } + if (status_stat == 0 && lbuf.st_uid != tempres->pw_uid) + { + dlog(1, FIL__, __LINE__, + _("Gnupg directory %s\nis not owned by user %s.\n"), + cc4, DEFAULT_IDENT); + status_stat = -4; + } + if (status_stat == 0) + { + char cc4_test[SH_PATHBUF+32]; + + sl_strlcpy(cc4_test, cc4, SH_PATHBUF+32); + sl_strlcat (cc4_test, _("/pubring.gpg"), SH_PATHBUF+32); + + status_stat = retry_lstat(FIL__, __LINE__, cc4_test, &lbuf); + if (status_stat == -1) + { + sl_strlcpy(cc4_test, cc4, SH_PATHBUF+32); + sl_strlcat (cc4_test, _("/pubring.kbx"), SH_PATHBUF+32); + + status_stat = retry_lstat(FIL__, __LINE__, cc4_test, &lbuf); + if (status_stat == -1) + { + sl_strlcpy(cc4_test, cc4, SH_PATHBUF+32); + sl_strlcat (cc4_test, _("/pubring.(gpg|kbx)"), SH_PATHBUF+32); + + dlog(1, FIL__, __LINE__, + _("Gnupg public keyring %s for user %s\ndoes not exist or is not accessible.\nPlease add the directory and put the keyring (pubring.gpg or pubring.kbx) there\nto verify the configuration file.\n"), + cc4_test, DEFAULT_IDENT); + status_stat = -5; + } + } + } + if (status_stat == 0 && lbuf.st_uid != tempres->pw_uid) + { + dlog(1, FIL__, __LINE__, + _("Gnupg public keyring %s\nis not owned by user %s.\n"), + cc4, DEFAULT_IDENT); + status_stat = -6; + } + if (status_stat != 0) + { + sh_error_handle((-1), FIL__, __LINE__, status_stat, MSG_EXIT_ABORT1, + sh.prg_name); + aud_exit (FIL__, __LINE__, EXIT_FAILURE); + } + sl_strlcpy (cc4, tempres->pw_dir, SH_PATHBUF+32); + sl_strlcat (cc4, _("/.gnupg"), SH_PATHBUF+32); +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R) + SH_FREE(buffer); +#endif + } +#endif + + argv[0] = path; + argv[1] = cc1; + argv[2] = "1"; + argv[3] = cc2; + argv[4] = cc3; + argv[5] = cc4; + argv[6] = cc5; + argv[7] = cc0; + argv[8] = NULL; + + retval = sh_sig_popen(argv, source, fd); + SL_RETURN((retval), _("sh_gpg_popen")); +} + +static +int sh_gpg_check_file_sign(int fd, char * sign_id, char * sign_fp, + char * homedir, ShSigFile whichfile) +{ + struct stat buf; + char line[256]; + sh_gpg_popen_t source; + int have_id = BAD, have_fp = BAD, status = 0; + unsigned int n_newsig = 0; + unsigned int n_goodsig = 0; + unsigned int n_validsig = 0; + +#ifdef HAVE_SIG_CHECKSUM + SL_TICKET checkfd; +#endif + + SL_ENTER(_("sh_gpg_check_file_sign")); + + /* check whether GnuPG exists and has the correct checksum + */ + TPT(((0), FIL__, __LINE__, _("msg=<Check signature>\n"))); + TPT(((0), FIL__, __LINE__, _("msg=<gpg is %s>\n"), DEFAULT_SIG_PATH)); + + if (0 != retry_lstat(FIL__, __LINE__, DEFAULT_SIG_PATH, &buf)) + { + char errbuf[SH_ERRBUF_SIZE]; + + status = errno; + sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, status, MSG_ERR_LSTAT, + sh_error_message(status, errbuf, sizeof(errbuf)), DEFAULT_SIG_PATH); + SL_RETURN( SH_SIG_BAD, _("sh_gpg_check_file_sign")); + } + + if (0 != tf_trust_check (DEFAULT_SIG_PATH, SL_YESPRIV)) + SL_RETURN( SH_SIG_BAD, _("sh_gpg_check_file_sign")); + +#ifdef HAVE_SIG_CHECKSUM + checkfd = sl_open_read(FIL__, __LINE__, DEFAULT_SIG_PATH, SL_YESPRIV); + + if (0 != sh_sig_checksum(checkfd, SIG_HASH_REPORTFULL, NULL, NULL)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Checksum mismatch"), + _("gpg_check_file_sign")); + sl_close(checkfd); + SL_RETURN( SH_SIG_BAD, _("sh_gpg_check_file_sign")); + } + sl_close(checkfd); +#endif + + TPT(((0), FIL__, __LINE__, _("msg=<Open pipe to check signature>\n"))); + + fflush(NULL); + + source.pipe = sh_gpg_popen ( &source, fd, homedir ); + + if (NULL == source.pipe) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Could not open pipe"), + _("gpg_check_file_sign")); + SL_RETURN( SH_SIG_BAD, _("sh_gpg_check_file_sign")); + } + + TPT(((0), FIL__, __LINE__, _("msg=<Open pipe success>\n"))); + + xagain: + + errno = 0; + + while (NULL != fgets(line, sizeof(line), source.pipe)) + { + + TPT(((0), FIL__, __LINE__, _("msg=<gpg out: %s>\n"), line)); + if (line[strlen(line)-1] == '\n') + line[strlen(line)-1] = ' '; + sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, 0, MSG_E_SUBGEN, + line, + _("gpg_check_file_sign")); + + if (sl_strlen(line) < 12) + continue; + + /* Sun May 27 18:40:05 CEST 2001 + */ + if (0 == sl_strncmp(_("BADSIG"), &line[9], 6) || + 0 == sl_strncmp(_("ERRSIG"), &line[9], 6) || + 0 == sl_strncmp(_("NO_PUBKEY"), &line[9], 6) || + 0 == sl_strncmp(_("NODATA"), &line[9], 6) || + 0 == sl_strncmp(_("ERROR"), &line[9], 5) || + 0 == sl_strncmp(_("SIGEXPIRED"), &line[9], 6)) + { + if (0 == sl_strncmp(_("BADSIG"), &line[9], 6)) { + dlog(1, FIL__, __LINE__, + _("%s file is signed, but the signature is invalid."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database"))); + } + else if (0 == sl_strncmp(_("NO_PUBKEY"), &line[9], 6)) { + dlog(1, FIL__, __LINE__, + _("%s file is signed, but the public key to verify the signature is not in my keyring %s/.gnupg/pubring.asc."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database")), + homedir); + } + else if (0 == sl_strncmp(_("ERRSIG"), &line[9], 6)) { + dlog(1, FIL__, __LINE__, + _("%s file is signed, but the public key to verify the signature is not in my keyring %s/.gnupg/pubring.asc."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database")), + homedir); + } + else if (0 == sl_strncmp(_("SIGEXPIRED"), &line[9], 6)) { + dlog(1, FIL__, __LINE__, + _("%s file is signed, but the public key to verify the signature has expired."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database"))); + } + else if (0 == sl_strncmp(_("NODATA"), &line[9], 6)) { + dlog(1, FIL__, __LINE__, + _("%s file is not signed."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database"))); + } + else if (0 == sl_strncmp(_("ERROR"), &line[9], 5)) { + dlog(1, FIL__, __LINE__, + _("%s file is not correctly signed. An error occured while verifying the signature."), + ((whichfile == SIG_CONF) ? _("Configuration") : _("Database"))); + } + + have_fp = BAD; have_id = BAD; + break; + } + if (0 == sl_strncmp(_("GOODSIG"), &line[9], 7)) + { + ++n_goodsig; + sl_strlcpy (sign_id, &line[25], SH_MINIBUF+1); + if (sign_id) + sign_id[sl_strlen(sign_id)-1] = '\0'; /* remove trailing '"' */ + have_id = GOOD; + } + else if (0 == sl_strncmp(_("VALIDSIG"), &line[9], 8)) + { + ++n_validsig; + strncpy (sign_fp, &line[18], 40); + sign_fp[40] = '\0'; + have_fp = GOOD; + } + else if (0 == sl_strncmp(_("NEWSIG"), &line[9], 6)) + { + ++n_newsig; + } + + } + + if (ferror(source.pipe) && errno == EAGAIN) + { + /* sleep 10 ms to avoid starving the gpg child writing to the pipe */ + retry_msleep(0,10); + clearerr(source.pipe); + goto xagain; + } + + if (0 != sh_sig_pclose (&source)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Error on closing process pipe"), + _("gpg_check_file_sign")); + have_id = BAD; + } + + TPT(((0), FIL__, __LINE__, _("msg=<Close pipe>\n"))); + + if (n_goodsig != n_validsig || n_newsig > 1 || n_goodsig > 1) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Too many or invalid signatures"), + _("gpg_check_file_sign")); + have_id = BAD; + } + + if (have_id == GOOD) + { + TPT(((0), FIL__, __LINE__, _("msg=<Got signator ID>\n"))); + } + if (have_fp == GOOD) + { + TPT(((0), FIL__, __LINE__, _("msg=<Got fingerprint>\n"))); + } + + if (have_id == GOOD && have_fp == GOOD) + SL_RETURN( SH_SIG_OK, _("sh_gpg_check_file_sign")); + else + { + if (have_id == BAD) + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("No good signature"), + _("gpg_check_file_sign")); + else + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("No fingerprint for key"), + _("gpg_check_file_sign")); + SL_RETURN( SH_SIG_BADSIGN, _("sh_gpg_check_file_sign")); + } +} + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && \ + defined(HAVE_GETPWNAM_R) +#define USE_GETPWNAM_R 1 +#endif + +static +int sh_gpg_check_signature (SL_TICKET file, ShSigFile what) +{ + int status = SH_SIG_BAD; + int fd = 0; + + static int smsg = S_FALSE; + char * tmp; + + char * sig_id; + char * sig_fp; + + char * homedir = sh.effective.home; +#if defined(SH_WITH_SERVER) + struct passwd * tempres; +#if defined(USE_GETPWNAM_R) + struct passwd pwd; + char * buffer = SH_ALLOC(SH_PWBUF_SIZE); +#endif +#endif + +#ifdef USE_FINGERPRINT +#include "sh_gpg_fp.h" +#endif + + SL_ENTER(_("sh_gpg_check_sign")); + + + if (what == SIG_CONF) + fd = get_the_fd(file); + if (what == SIG_DATA) + fd = get_the_fd(file); + + + if (fd < 0) + { + TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); + dlog(1, FIL__, __LINE__, + _("This looks like an unexpected internal error.\n")); +#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) + SH_FREE(buffer); +#endif + SL_RETURN( (-1), _("sh_gpg_check_sign")); + } + +#if defined(SH_WITH_SERVER) +#if defined(USE_GETPWNAM_R) + sh_getpwnam_r(DEFAULT_IDENT, &pwd, buffer, SH_PWBUF_SIZE, &tempres); +#else + tempres = sh_getpwnam(DEFAULT_IDENT); +#endif + if ((tempres != NULL) && (0 == sl_ret_euid())) + { + /* privileges not dropped yet*/ + homedir = tempres->pw_dir; + } +#endif + + if (what == SIG_CONF) + { + TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); + status = sh_gpg_check_file_sign(fd, gp.conf_id, gp.conf_fp, homedir, SIG_CONF); + TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGUSR: |%s|>\n"), gp.conf_id)); + TPT(((0), FIL__, __LINE__, _("msg=<CONF SIGFP: |%s|>\n"), gp.conf_fp)); + sig_id = gp.conf_id; sig_fp = gp.conf_fp; + } + + if (what == SIG_DATA) + { + TPT(((0), FIL__, __LINE__, _("msg=<GPG_CHECK: FD = %d>\n"), fd)); + status = sh_gpg_check_file_sign(fd, gp.data_id, gp.data_fp, homedir, SIG_DATA); + TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGUSR: |%s|>\n"), gp.data_id)); + TPT(((0), FIL__, __LINE__, _("msg=<DATA SIGFP: |%s|>\n"), gp.data_fp)); + sig_id = gp.data_id; sig_fp = gp.data_fp; + } + + if (SH_SIG_OK == status) + { +#ifdef USE_FINGERPRINT + if ((sl_strcmp(SH_GPG_FP, sig_fp) == 0)) + { + int i; + + for(i = 0; i < (int) sl_strlen(sig_fp); ++i) { + if (gpgfp[i] != sig_fp[i]) { + sh_error_handle(SH_ERR_SEVERE, FIL__, __LINE__, 0, + MSG_E_GPG_FP, gpgfp, sig_fp); + break; } + } + + if (smsg == S_FALSE) { + tmp = sh_util_safe_name(sig_id); + sh_sig_fill_startup (__LINE__, sh.prg_name, sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? + _("(hidden)") : file_path('C', 'R'), + tmp, + sig_fp); + SH_FREE(tmp); } + smsg = S_TRUE; + +#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) + SH_FREE(buffer); +#endif + SL_RETURN(0, _("sh_gpg_check_sign")); + } + else + { + /* fp mismatch */ + dlog(1, FIL__, __LINE__, + _("The fingerprint of the signing key: %s\ndoes not match the compiled-in fingerprint: %s.\nTherefore the signature could not be verified.\n"), + sig_fp, SH_GPG_FP); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Fingerprint mismatch"), _("gpg_check_sign")); + status = SH_SIG_BADSIGN; + } +#else /* ifdef USE_FINGERPRINT */ + if (smsg == S_FALSE) + { + tmp = sh_util_safe_name(sig_id); + sh_sig_fill_startup (__LINE__, + sh.prg_name, sh.real.uid, + (sh.flag.hidefile == S_TRUE) ? + _("(hidden)") : file_path('C', 'R'), + tmp, sig_fp); + SH_FREE(tmp); + } + smsg = S_TRUE; + +#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) + SH_FREE(buffer); +#endif + + /* status == OK and no fp checking */ + SL_RETURN(0, _("sh_gpg_check_sign")); +#endif /* !ifdef USE_FINGERPRINT */ + } + + if (status != SH_SIG_OK) + { + uid_t e_uid = sl_ret_euid(); + char * e_home = sh.effective.home; + +#if defined(SH_WITH_SERVER) +#if defined(USE_GETPWNAM_R) + struct passwd e_pwd; + char * e_buffer = SH_ALLOC(SH_PWBUF_SIZE); + struct passwd * e_tempres; + sh_getpwnam_r(DEFAULT_IDENT, &e_pwd, e_buffer, SH_PWBUF_SIZE, &e_tempres); +#else + struct passwd * e_tempres = sh_getpwnam(DEFAULT_IDENT); +#endif + + if ((e_tempres != NULL) && (0 == sl_ret_euid())) + { + /* privileges not dropped yet */ + e_uid = e_tempres->pw_uid; + e_home = e_tempres->pw_dir; + } +#endif + dlog(1, FIL__, __LINE__, + _("The signature of the configuration file or the file signature database\ncould not be verified. Possible reasons are:\n - gpg binary (%s) not found\n - invalid signature\n - the signature key is not in the private keyring of UID %d,\n - there is no keyring in %s/.gnupg, or\n - the file is not signed - did you move /filename.asc to /filename ?\nTo create a signed file, use (remove old signatures before):\n gpg -a --clearsign --not-dash-escaped FILE\n mv FILE.asc FILE\n"), + DEFAULT_SIG_PATH, + (int) e_uid, e_home); + +#if defined(SH_WITH_SERVER) && defined(USE_GETPWNAM_R) + SH_FREE(e_buffer); +#endif + } + + TPT(((0), FIL__, __LINE__, _("msg=<Status = %d>\n"), status)); + + SL_RETURN(-1, _("sh_gpg_check_sign")); /* make compiler happy */ +} + +static int sh_gpg_comp(const char * line, const char * cmp) +{ + int retval = S_FALSE; + + if (line && line[0] == '-' && line[1] == '-') + { + char * dup = sh_util_strdup(line); + char * tmp = dup + sl_strlen( dup ); + --tmp; + if (*tmp == '\n') { *tmp = '\0'; --tmp; } + while( (*tmp == '\t' || *tmp == ' ' || *tmp == '\r' ) && tmp >= dup ) *tmp-- = '\0'; + + if (0 == sl_strcmp(dup, cmp)) + retval = S_TRUE; + SH_FREE(dup); + } + return retval; +} + +static +int sh_gpg_msg_start(const char * line) +{ + static char cmp[SH_MINIBUF]; + static int initialized = 0; + + if (initialized == 0) { + sl_strlcpy(cmp, _("-----BEGIN PGP SIGNED MESSAGE-----"), sizeof(cmp)); + initialized = 1; + } + return sh_gpg_comp(line, cmp); +} + +static +int sh_gpg_msg_startdata(const char * line) +{ + if (line[0] == '\n') + return S_TRUE; + return S_FALSE; +} + +static +int sh_gpg_msg_end(const char * line) +{ + static char cmp[SH_MINIBUF]; + static int initialized = 0; + + if (initialized == 0) { + sl_strlcpy(cmp, _("-----BEGIN PGP SIGNATURE-----"), sizeof(cmp)); + initialized = 1; + } + return sh_gpg_comp(line, cmp); +} + +static +int sh_gpg_sig_end(const char * line) +{ + static char cmp[SH_MINIBUF]; + static int initialized = 0; + + if (initialized == 0) { + sl_strlcpy(cmp, _("-----END PGP SIGNATURE-----"), sizeof(cmp)); + initialized = 1; + } + return sh_gpg_comp(line, cmp); +} + +static +SL_TICKET sh_gpg_extract_signed(SL_TICKET fd, extractlevel extract_level) +{ + const int fgets_buf_size = 16384; + FILE * fin_cp = NULL; + char * buf = NULL; + int bufc; + int flag_pgp = S_FALSE; + int flag_nohead = S_FALSE; + SL_TICKET fdTmp = (-1); + SL_TICKET open_tmp (void); + + /* extract the data and copy to temporary file + */ + fdTmp = open_tmp(); + if (SL_ISERROR(fdTmp)) + { + dlog(1, FIL__, __LINE__, _("Error opening temporary file.\n")); + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, + _("Error opening temporary file."), + _("sh_gpg_extract_signed")); + return -1; + } + + fin_cp = fdopen(dup(get_the_fd(fd)), "rb"); + buf = SH_ALLOC(fgets_buf_size); + + while (NULL != fgets(buf, fgets_buf_size, fin_cp)) + { + bufc = 0; + while (bufc < fgets_buf_size) { + if (buf[bufc] == '\n') { ++bufc; break; } + ++bufc; + } + + if (flag_pgp == S_FALSE && sh_gpg_msg_start(buf) == S_TRUE) + { + flag_pgp = S_TRUE; + if (extract_level == SIG_DATASIG) + sl_write(fdTmp, buf, bufc); + continue; + } + + if (flag_pgp == S_TRUE && flag_nohead == S_FALSE) + { + /* Header finished */ + if (buf[0] == '\n') + { + flag_nohead = S_TRUE; + if (extract_level == SIG_DATASIG) + sl_write(fdTmp, buf, 1); + continue; + } + /* copy these headers */ + else if (0 == sl_strncmp(buf, _("Hash:"), 5) || + 0 == sl_strncmp(buf, _("NotDashEscaped:"), 15)) + { + if (extract_level == SIG_DATASIG) + sl_write(fdTmp, buf, bufc); + continue; + } + /* ignore other headers */ + else + continue; + } + + if (flag_pgp == S_TRUE && buf[0] == '\n') + { + sl_write(fdTmp, buf, 1); + } + else if (flag_pgp == S_TRUE) + { + if (extract_level == SIG_DATASIG) { + sl_write(fdTmp, buf, bufc); + } + else { + if (sh_gpg_msg_end(buf) == S_TRUE) + break; + else + sl_write(fdTmp, buf, bufc); + } + } + + /* This is after the copy has been done. */ + if (flag_pgp == S_TRUE && sh_gpg_sig_end(buf) == S_TRUE) + break; + } + SH_FREE(buf); + sl_fclose(FIL__, __LINE__, fin_cp); + sl_rewind (fdTmp); + + return fdTmp; +} +#endif + +/********************************************************************* + * + * Exported functions + * + *********************************************************************/ + +int sh_sig_check_signature (SL_TICKET file, ShSigFile what) +{ +#if defined(WITH_GPG) + return sh_gpg_check_signature (file, what); +#elif defined(WITH_SIGNIFY) + return sh_signify_check_signature (file, what); +#else + return -1; +#endif +} + +SL_TICKET sh_sig_extract_signed(SL_TICKET fd) +{ +#if defined(WITH_GPG) + return sh_gpg_extract_signed(fd, SIG_DATASIG); +#elif defined(WITH_SIGNIFY) + return sh_signify_extract_signed(fd, SIG_DATASIG); +#else + return -1; +#endif +} + +SL_TICKET sh_sig_extract_signed_data(SL_TICKET fd) +{ +#if defined(WITH_GPG) + return sh_gpg_extract_signed(fd, SIG_DATAONLY); +#elif defined(WITH_SIGNIFY) + return sh_signify_extract_signed(fd, SIG_DATAONLY); +#else + return -1; +#endif +} + +int sh_sig_msg_start(const char * line) +{ +#if defined(WITH_GPG) + return sh_gpg_msg_start(line); +#elif defined(WITH_SIGNIFY) + return sh_signify_msg_start(line); +#else + return -1; +#endif +} + +int sh_sig_msg_startdata(const char * line) +{ +#if defined(WITH_GPG) + return sh_gpg_msg_startdata(line); +#elif defined(WITH_SIGNIFY) + return sh_signify_msg_startdata(line); +#else + return -1; +#endif +} + +int sh_sig_msg_end(const char * line) +{ +#if defined(WITH_GPG) + return sh_gpg_msg_end(line); +#elif defined(WITH_SIGNIFY) + return sh_signify_msg_end(line); +#else + return -1; +#endif +} + +int sh_sig_data_end(const char * line) +{ +#if defined(WITH_GPG) + return sh_gpg_sig_end(line); +#elif defined(WITH_SIGNIFY) + return sh_signify_data_end(line); +#else + return -1; +#endif +} + +void sh_sig_log_startup (void) +{ + if (startInfo.program != NULL) + { + sh_error_handle ((-1), FIL__, startInfo.line, 0, MSG_START_GH, + startInfo.program, startInfo.uid, + startInfo.path, + startInfo.key_uid, startInfo.key_id); + } + return; +} + +/* #ifdef WITH_SIG */ +#endif + + + + + + + + diff --git a/src/sh_socket.c b/src/sh_socket.c index f4e9f56..e75433b 100644 --- a/src/sh_socket.c +++ b/src/sh_socket.c @@ -808,7 +808,7 @@ static int get_peer_uid(int talkfd) #endif #if defined(NEED_PASSWORD_AUTH) -char * check_password(char * message, int * client_uid, int talkfd) +char * check_password(char * message, size_t msglen, int * client_uid, int talkfd) { char * cmd = NULL; char * eopw = NULL; @@ -822,7 +822,7 @@ char * check_password(char * message, int * client_uid, int talkfd) * message is null-terminated and >> goodpassword */ if (0 == strcmp(goodpassword, message) && - strlen(goodpassword) < (sizeof(message)/2)) + strlen(goodpassword) < (msglen/2)) { *client_uid = sh_socket_flaguid; cmd = &message[strlen(goodpassword)+1]; @@ -901,7 +901,7 @@ int sh_socket_read (struct socket_cmd * srvcmd) cmd = message; #elif defined(NEED_PASSWORD_AUTH) - cmd = check_password(message, &client_uid, talkfd); + cmd = check_password(message, sizeof(message), &client_uid, talkfd); #else sh_error_handle((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, diff --git a/src/sh_srp.c b/src/sh_srp.c index ecc757c..ab6cbcf 100644 --- a/src/sh_srp.c +++ b/src/sh_srp.c @@ -47,14 +47,14 @@ int big_errno = BIG_OK; #define bignum MP_INT -inline +static int big_create (bignum * a) { mpz_init(a); return 0; } -inline +static int big_zerop (bignum * a) { mpz_t b; @@ -68,14 +68,14 @@ int big_zerop (bignum * a) return 1; } -inline +static int big_trunc (bignum * a, bignum * b, bignum * q, bignum *r) { mpz_tdiv_qr(q, r, a, b); return 0; } -inline +static int big_exptmod (bignum * a, bignum * b, bignum * c, bignum *d) { mpz_powm(d, a, b, c); @@ -118,7 +118,13 @@ char * big_string (bignum * a, int base) if (ptr) get_str_internal = ptr; else - { free(get_str_internal); get_str_internal = NULL; } + { + /* "If realloc() fails, the original block is left untouched; + * it is not freed or moved." */ + /* cppcheck-suppress doubleFree */ + free(get_str_internal); + get_str_internal = NULL; + } } if (get_str_internal == NULL) { @@ -135,34 +141,34 @@ char * big_string (bignum * a, int base) return get_str_internal; } -inline +static int big_add(bignum * a, bignum * b, bignum * c) { mpz_add(c, a, b); return 0; } -inline +static int big_sub(bignum * a, bignum * b, bignum * c) { mpz_sub(c, a, b); return 0; } -inline +static int big_mul(bignum * a, bignum * b, bignum * c) { mpz_mul(c, a, b); return 0; } -inline +static int big_greaterp(bignum * a, bignum * b) { return mpz_cmp(a, b) > 0; } -inline +static int big_set_big(bignum * a, bignum * b) { mpz_set(b, a); @@ -170,7 +176,7 @@ int big_set_big(bignum * a, bignum * b) } -inline +static int big_set_string(const char * str, int base, bignum * a) { mpz_set_str (a, str, base); diff --git a/src/sh_static.c b/src/sh_static.c index 99ce783..f517b93 100644 --- a/src/sh_static.c +++ b/src/sh_static.c @@ -463,8 +463,9 @@ struct group * sh_getgrent(void) int sh_initgroups(const char *user, gid_t gid) { FILE *grf; - gid_t *group_list; - int num_groups, rv; + gid_t *group_list = NULL; + size_t num_groups; + int rv; char **m; struct group group; @@ -473,7 +474,7 @@ int sh_initgroups(const char *user, gid_t gid) rv = -1; /* We alloc space for 8 gids at a time. */ - if (((group_list = calloc(8,sizeof(gid_t *))) != NULL) + if (buff && ((group_list = calloc(8,sizeof(gid_t *))) != NULL) && ((grf = fopen(_PATH_GROUP, "r")) != NULL) ) { @@ -488,14 +489,21 @@ int sh_initgroups(const char *user, gid_t gid) for (m=group.gr_mem ; *m ; m++) { if (!strcmp(*m, user)) { if (!(num_groups & 7)) { - gid_t *tmp = (gid_t *) - realloc(group_list, - (num_groups+8) * sizeof(gid_t *)); - if (!tmp) { - rv = -1; - goto DO_CLOSE; - } - group_list = tmp; + gid_t *tmp = NULL; + if (num_groups > (SIZE_MAX - 8)) { + rv = -1; + goto DO_CLOSE; + } + if ((num_groups+8) <= (SIZE_MAX / sizeof(gid_t *))) { + tmp = (gid_t *) + realloc(group_list, + (num_groups+8) * sizeof(gid_t *)); + } + if (!tmp) { + rv = -1; + goto DO_CLOSE; + } + group_list = tmp; } group_list[num_groups++] = group.gr_gid; break; @@ -511,8 +519,9 @@ int sh_initgroups(const char *user, gid_t gid) /* group_list will be NULL if initial malloc failed, which may trigger * warnings from various malloc debuggers. */ - free(group_list); - free(buff); + if (group_list) free(group_list); + if (buff) free(buff); + /* cppcheck-suppress resourceLeak */ return rv; } @@ -907,7 +916,7 @@ static int __searchdomains; static char * __searchdomain[MAX_SEARCH]; #undef DEBUG -/*#define DEBUG*/ +/* #define DEBUG */ #ifdef DEBUG /* flawfinder: ignore *//* definition of debug macro */ @@ -999,13 +1008,15 @@ static int __length_dotted(const unsigned char *data, int offset) return -1; do { - - if (offset < INT_MAX) + l = data[offset]; + if (offset < INT_MAX) offset++; else return -1; - - l = data[offset]; + if (!l) + break; + + DPRINTF("l[%d] = %d\n", offset, l); if ((l & 0xc0) == (0xc0)) { if (offset < INT_MAX) @@ -1022,6 +1033,7 @@ static int __length_dotted(const unsigned char *data, int offset) } while (l); + DPRINTF("orig: %d now %d\n", orig_offset, offset); return offset - orig_offset; } @@ -1264,7 +1276,7 @@ static int __dns_lookup(const char *name, int type, int nscount, char **nsip, h.qdcount = 1; h.rd = 1; - DPRINTF("encoding header\n", h.rd); + DPRINTF("encoding header %d\n", h.rd); i = __encode_header(&h, packet, PACKETSZ); if (i < 0) @@ -1470,6 +1482,7 @@ static void __open_etc_hosts(FILE **fp) if ((*fp = fopen("/etc/hosts", "r")) == NULL) { *fp = fopen("/etc/config/hosts", "r"); } + /* cppcheck-suppress resourceLeak */ return; } @@ -1545,6 +1558,9 @@ static int __read_etc_hosts_r(FILE * fp, const char * name, int type, } *h_errnop=HOST_NOT_FOUND; + if (fp == NULL) { + return ret; + } while (fgets(buf, buflen, fp)) { if ((cp = strchr(buf, '#'))) *cp = '\0'; @@ -1713,6 +1729,7 @@ static int sh_gethostbyname_r(const char * name, int __nameserversXX; char ** __nameserverXX; + DPRINTF("sh_gethostbyname_r: /%s/\n", name); __open_nameservers(); *result=NULL; @@ -1756,7 +1773,7 @@ static int sh_gethostbyname_r(const char * name, if (buflen<256) return ERANGE; - strncpy(buf, name, buflen); + strncpy(buf, name, buflen-1); /* First check if this is already an address */ if (inet_aton(name, in)) { @@ -1783,7 +1800,7 @@ static int sh_gethostbyname_r(const char * name, return TRY_AGAIN; } - strncpy(buf, a.dotted, buflen); + strncpy(buf, a.dotted, buflen-1); free(a.dotted); if (a.atype == T_CNAME) { /* CNAME */ @@ -1813,6 +1830,7 @@ static int sh_gethostbyname_r(const char * name, } else { free(packet); *h_errnop=HOST_NOT_FOUND; + DPRINTF("host_not_found\n"); return TRY_AGAIN; } } @@ -1829,9 +1847,9 @@ struct hostent * sh_gethostbyname(const char *name) sizeof(struct in_addr *)*2 + sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; struct hostent *hp; - + + DPRINTF("sh_gethostbyname: /%s/\n", name); sh_gethostbyname_r(name, &h, buf, sizeof(buf), &hp, &h_errno); - return hp; } @@ -1890,6 +1908,7 @@ static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type, int __nameserversXX; char ** __nameserverXX; + DPRINTF("sh_gethostbyaddr_r called\n"); *result=NULL; if (!addr) return EINVAL; @@ -2002,7 +2021,7 @@ static int sh_gethostbyaddr_r (const void *addr, socklen_t len, int type, return TRY_AGAIN; } - strncpy(buf, a.dotted, buflen); + strncpy(buf, a.dotted, buflen-1); free(a.dotted); if (a.atype == T_CNAME) { /* CNAME */ @@ -2060,6 +2079,7 @@ struct hostent * sh_gethostbyaddr (const void *addr, socklen_t len, int type) sizeof(char *)*(ALIAS_DIM) + 256/*namebuffer*/ + 32/* margin */]; struct hostent *hp; + DPRINTF("sh_gethostbyaddr called\n"); sh_gethostbyaddr_r(addr, len, type, &h, buf, sizeof(buf), &hp, &h_errno); return hp; diff --git a/src/sh_string.c b/src/sh_string.c index a898dd9..58e8c06 100644 --- a/src/sh_string.c +++ b/src/sh_string.c @@ -643,7 +643,8 @@ sh_string * sh_string_replace(const sh_string * s, { len = (size_t) tlen; - if (tlen > 0 && r->siz > (r->len + len)) + if (tlen > 0 && r->siz > (r->len + len) && + &(s->str[ovector[last]]) ) { memcpy(p, &(s->str[ovector[last]]), (size_t)len); p += len; @@ -674,7 +675,8 @@ sh_string * sh_string_replace(const sh_string * s, if (tlen > 0) { len = (size_t)tlen; - if (r->siz >= (r->len + len)) { + if (r->siz >= (r->len + len) && + &(s->str[ovector[2*i -1]]) ) { memcpy(p, &(s->str[ovector[2*i -1]]), (size_t)len); p += (len - 1); r->len += (len - 1); diff --git a/src/sh_subuid.c b/src/sh_subuid.c new file mode 100644 index 0000000..33bf407 --- /dev/null +++ b/src/sh_subuid.c @@ -0,0 +1,245 @@ +/* SAMHAIN file system integrity testing */ +/* Copyright (C) 2018 Rainer Wichmann */ +/* */ +/* This program is free software; you can redistribute it */ +/* and/or modify */ +/* it under the terms of the GNU General Public License as */ +/* published by */ +/* the Free Software Foundation; either version 2 of the License, or */ +/* (at your option) any later version. */ +/* */ +/* This program is distributed in the hope that it will be useful, */ +/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ +/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ +/* GNU General Public License for more details. */ +/* */ +/* You should have received a copy of the GNU General Public License */ +/* along with this program; if not, write to the Free Software */ +/* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#include "config_xor.h" + +#undef FIL__ +#define FIL__ _("sh_subuid.c") + + +#include <sys/types.h> +#include <time.h> +#include <sys/stat.h> +#include <unistd.h> + +#include <stdlib.h> +#include <errno.h> +#include <limits.h> + +#if defined(__linux__) + +#include "samhain.h" +#include "sh_unix.h" + +#define SH_SUBUID_FILE _("/etc/subuid") +#define SH_SUBGID_FILE _("/etc/subgid") + +struct subuid_t { + char name[32]; + unsigned long first; + unsigned long last; + struct subuid_t * next; +}; + +static time_t last_subuid = 0; +static time_t last_subgid = 0; + +struct subuid_t * list_subuid = NULL; +struct subuid_t * list_subgid = NULL; + +/* Check whether we need to re-read the subuid/subgid file + */ +static int needs_reread (char * file, time_t * last) +{ + int retval = S_FALSE; + struct stat buf; + int status = retry_lstat (FIL__, __LINE__, file, &buf); + + if (status == 0) + { + if ((buf.st_mtime - *last) > 1) + { + *last = buf.st_mtime; + retval = S_TRUE; + } + } + else if (status && errno == ENOENT) + { + /* If there was a file make sure we attempt to re-read + * to zero out the list. + */ + if (*last > 0) retval = S_TRUE; + *last = 0; + } + return retval; +} + +/* free the whole list + */ +static void free_subordinate(struct subuid_t * head) +{ + struct subuid_t * prev; + struct subuid_t * curr = head; + + while (curr) + { + prev = curr; + curr = curr->next; + SH_FREE(prev); + } + return; +} + +#define NFIELDS_SUBUID 3 + +static int get_ulong(char * str, unsigned long * result) +{ + char * endptr; + + errno = 0; + *result = strtoul(str, &endptr, 0); + if (*str != '\0' && *endptr == '\0' && errno != ERANGE) + return S_TRUE; + return S_FALSE; +} + +/* Parse a single line into name / startuid / lastuid + */ +static struct subuid_t * parse_subordinate(char * line) +{ + unsigned int nfields = NFIELDS_SUBUID; + size_t lengths[NFIELDS_SUBUID]; + unsigned long start, count; + struct subuid_t * new; + + char ** array = split_array(line, &nfields, ':', lengths); + + if (nfields != NFIELDS_SUBUID) + { SH_FREE(array); return NULL; } + + if (S_TRUE != get_ulong(array[1], &start)) + { SH_FREE(array); return NULL; } + if ((S_TRUE != get_ulong(array[2], &count)) || (count == 0)) + { SH_FREE(array); return NULL; } + if (lengths[0] == 0) + { SH_FREE(array); return NULL; } + + /* we have checked that count != 0 */ + --count; + + if (start > (ULONG_MAX - count)) + { SH_FREE(array); return NULL; } + + new = SH_ALLOC(sizeof(struct subuid_t)); + sl_strlcpy(new->name, array[0], 32); + new->first = start; + new->last = start + count; /* start+count-1, but we already did --count */ + new->next = NULL; + + SH_FREE(array); + return new; +} + +/* (re-)read the subuid/subgid file + */ +static void reread_subordinate (char * file, struct subuid_t ** head_ref) +{ + SL_TICKET fd = (-1); + char line[1024]; + + if (*head_ref) { free_subordinate(*head_ref); *head_ref = NULL; } + + fd = sl_open_read (FIL__, __LINE__, file, SL_YESPRIV); + if (!SL_ISERROR(fd)) + { + while ( sh_unix_getline(fd, line, sizeof(line)) > 0 ) + { + /* for invalid lines, NULL will be returned + */ + struct subuid_t * new = parse_subordinate(line); + + if (new) + { + new->next = *head_ref; + *head_ref = new; + } + } + sl_close(fd); + } + return; +} + +/* Return the username for a given subuid/subgid + */ +static char * get_name4id (unsigned long id, struct subuid_t * head) +{ + struct subuid_t * cur = head; + + while (cur) + { + if (id >= cur->first && id <= cur->last) + return cur->name; + cur = cur->next; + } + return NULL; +} + +/*********************************************** + * + * Public functions + * + ***********************************************/ + +/* Returns username or NULL for a subuid + */ +char * sh_get_subuid (unsigned long subuid) +{ + static int init = 0; + static char file[256]; + + if (!init) { sl_strlcpy(file, SH_SUBUID_FILE, sizeof(file)); init = 1; } + + if (S_TRUE == needs_reread(file, &last_subuid)) + reread_subordinate(file, &list_subuid); + + return get_name4id (subuid, list_subuid); +} + +/* Returns group name or NULL for subgid + */ +char * sh_get_subgid (unsigned long subgid) +{ + static int init = 0; + static char file[256]; + + if (!init) { sl_strlcpy(file, SH_SUBGID_FILE, sizeof(file)); init = 1; } + + if (S_TRUE == needs_reread(file, &last_subgid)) + reread_subordinate(file, &list_subgid); + + return get_name4id (subgid, list_subgid); +} + +/* Not Linux, hence no sub(u|g)id + */ +#else + +char * sh_get_subuid (unsigned long subuid) +{ + (void) subuid; + return NULL; +} + +char * sh_get_subgid (unsigned long subgid) +{ + (void) subgid; + return NULL; +} + +#endif diff --git a/src/sh_suidchk.c b/src/sh_suidchk.c index d9cc1f9..30c397c 100644 --- a/src/sh_suidchk.c +++ b/src/sh_suidchk.c @@ -996,8 +996,8 @@ static void report_file (const char * tmpcat, file_type * theFile, * putting it into a register, and avoids the 'clobbered * by longjmp' warning. And no, 'volatile' proved insufficient. */ -static void * sh_dummy_dirlist = NULL; -static void * sh_dummy_itmp = NULL; +void * sh_dummy_idirlist = NULL; +void * sh_dummy_itmp = NULL; static @@ -1027,8 +1027,8 @@ int sh_suidchk_check_internal (char * iname) /* Take the address to keep gcc from putting it into a register. * Avoids the 'clobbered by longjmp' warning. */ - sh_dummy_dirlist = (void*) &dirlist; - sh_dummy_itmp = (void*) &tmp; + sh_dummy_idirlist = (void*) &dirlist; + sh_dummy_itmp = (void*) &tmp; if (iname == NULL) { @@ -1145,7 +1145,7 @@ int sh_suidchk_check_internal (char * iname) (void) retry_msleep((int)((FileLimTotal/(FileLimNow-FileLimStart))/ ShSuidchkFps) , 0); } - + status = (int) retry_lstat(FIL__, __LINE__, tmpcat, &buf); if (status != 0) @@ -1185,6 +1185,7 @@ int sh_suidchk_check_internal (char * iname) /* fs is a STATIC string or NULL */ fs = filesystem_type (tmpcat, tmpcat, &buf); + if (fs != NULL #ifndef SH_SUIDTESTDIR && @@ -1301,6 +1302,7 @@ int sh_suidchk_check_internal (char * iname) { /* Running init. Report on files detected. */ + sh_dbIO_rootfs_strip(theFile->fullpath); sh_dbIO_data_write (theFile, fileHash); /* no call to sh_error_handle */ SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, @@ -2210,6 +2212,7 @@ filesystem_type (char * path, char * relpath, struct stat * statp) } current_dev = statp->st_dev; current_fstype = filesystem_type_uncached (path, relpath, statp); + return current_fstype; } @@ -2231,7 +2234,7 @@ filesystem_type_uncached (path, relpath, statp) static char my_tmp_type[64]; #endif -#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix. */ +#ifdef FSTYPE_MNTENT /* 4.3BSD, SunOS, HP-UX, Dynix, Irix,Linux */ char *table = MOUNTED; FILE *mfp; struct mntent *mnt; @@ -2293,12 +2296,14 @@ filesystem_type_uncached (path, relpath, statp) char errmsg[256]; volatile int elevel = SH_ERR_ERR; size_t tlen = strlen(mnt->mnt_dir); - + if (tlen >= 6 && 0 == strcmp(&((mnt->mnt_dir)[tlen-6]), _("/.gvfs"))) elevel = SH_ERR_NOTICE; else if (tlen >= 5 && 0 == strcmp(&((mnt->mnt_dir)[tlen-5]), _("/gvfs"))) elevel = SH_ERR_NOTICE; - + else if (0 == strcmp (mnt->mnt_type, _("tracefs"))) + elevel = SH_ERR_NOTICE; + sl_snprintf(errmsg, sizeof(errmsg), _("stat(%s) failed"), mnt->mnt_dir); SH_MUTEX_LOCK(mutex_thread_nolog); @@ -2306,7 +2311,7 @@ filesystem_type_uncached (path, relpath, statp) errmsg, _("filesystem_type_uncached") ); SH_MUTEX_UNLOCK(mutex_thread_nolog); - return NULL; + continue; } dev = disk_stats.st_dev; } diff --git a/src/sh_tiger0.c b/src/sh_tiger0.c index aea8158..8a7ec17 100644 --- a/src/sh_tiger0.c +++ b/src/sh_tiger0.c @@ -378,7 +378,7 @@ sh_word32 * sh_tiger_hash_val (const char * filename, TigerType what, #ifdef TIGER_DBG ncount = 0; #endif - sl_memset(bbuf, 0, 56 ); + memset(bbuf, 0, 56 ); } #ifdef TIGER_DBG @@ -401,8 +401,8 @@ sh_word32 * sh_tiger_hash_val (const char * filename, TigerType what, tiger_dbg (res, 7, nblocks, ncount); #endif - sl_memset (bbuf, '\0', sizeof(bbuf)); - sl_memset (buffer, '\0', sizeof(buffer)); + memset (bbuf, 0, sizeof(bbuf)); + memset (buffer, 0, sizeof(buffer)); if (what == TIGER_FILE) (void) sl_close (fd); @@ -1020,8 +1020,8 @@ char * sh_tiger_md5_hash (char * filename, TigerType what, /*@-bufferoverflowhigh -usedef@*/ for (cnt = 0; cnt < 16; ++cnt) - sprintf (&outbuf[cnt*2], _("%02X"), /* known to fit */ - (unsigned int) md5buffer[cnt]); + sl_snprintf (&outbuf[cnt*2], 3, _("%02X"), /* known to fit */ + (unsigned int) md5buffer[cnt]); /*@+bufferoverflowhigh +usedef@*/ for (cnt = 32; cnt < KEY_LEN; ++cnt) outbuf[cnt] = '0'; @@ -1584,7 +1584,7 @@ static char * sh_tiger_sha1_hash (char * filename, TigerType what, /*@-bufferoverflowhigh -usedef@*/ for (cnt = 0; cnt < 20; ++cnt) - sprintf (&outbuf[cnt*2], _("%02X"), /* known to fit */ + sl_snprintf (&outbuf[cnt*2], 3, _("%02X"), /* known to fit */ (unsigned int) sha1buffer[cnt]); /*@+bufferoverflowhigh +usedef@*/ for (cnt = 40; cnt < KEY_LEN; ++cnt) diff --git a/src/sh_tiger1_64.c b/src/sh_tiger1_64.c index 9218d8a..d85a115 100644 --- a/src/sh_tiger1_64.c +++ b/src/sh_tiger1_64.c @@ -139,7 +139,7 @@ static /*volatile*/ const word64 XOR_CONST2=0x0123456789ABCDEFLL; #define roundend(a,b,c,x) \ : "+r" (a), "+r" (b), "+r" (c) \ - : "r" (a), "r" (b), "r" (c), "m" (x), "r" (&tiger_table),\ + : "g" (a), "g" (b), "g" (c), "m" (x), "r" (&tiger_table),\ "i" (MASK0), "i" (MASK8), "i" (MASK16), "r" (MASK32), "r" (MASK40), "r" (MASK48) \ : "3", "%rax","%rbx","%rcx","%rdx","%rsi", "%edi", "%r8" ); diff --git a/src/sh_tools.c b/src/sh_tools.c index 6485a58..09677b6 100644 --- a/src/sh_tools.c +++ b/src/sh_tools.c @@ -69,7 +69,7 @@ #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif @@ -134,7 +134,7 @@ int sh_tools_iface_is_present(char *str) struct addrinfo hints; int res; - memset (&hints, '\0', sizeof (hints)); + memset (&hints, 0, sizeof (hints)); hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; hints.ai_socktype = SOCK_STREAM; res = getaddrinfo (str, _("2543"), &hints, &ai); @@ -179,7 +179,7 @@ int sh_tools_iface_is_present(char *str) struct sockaddr_in sin; int sd; - memset(&sin, '\0', sizeof(sin)); + memset(&sin, 0, sizeof(sin)); sin.sin_family = AF_INET; if (inet_aton(str, &(sin.sin_addr))) { @@ -187,6 +187,7 @@ int sh_tools_iface_is_present(char *str) if (-1 == (sd = socket(AF_INET, SOCK_STREAM, 0))) { + /* cppcheck-suppress resourceLeak */ return 0; } @@ -863,6 +864,7 @@ int connect_port (char * address, int port, { if (tools_debug) fputs(_("-03- cached\n"), stderr); + /* cppcheck-suppress uninitStructMember */ fd = socket(ss.ss_family, SOCK_STREAM, 0); if (fd < 0) { @@ -878,8 +880,9 @@ int connect_port (char * address, int port, if (fail != (-1)) { + /* cppcheck-suppress uninitStructMember */ int addrlen = SH_SS_LEN(ss); - + if ( retry_connect(FIL__, __LINE__, fd, sh_ipvx_sockaddr_cast(&ss), addrlen) < 0) { @@ -911,7 +914,7 @@ int connect_port (char * address, int port, if (tools_debug) fputs(_("-03- not cached\n"), stderr); - memset (&hints, '\0', sizeof (hints)); + memset (&hints, 0, sizeof (hints)); hints.ai_flags = AI_ADDRCONFIG; #if defined(AI_CANONNAME) hints.ai_flags |= AI_CANONNAME; @@ -1382,6 +1385,7 @@ void sh_tools_probe_reset() return; } +#ifdef SH_ENCRYPT static int probe_ok(int flag) { (void) flag; @@ -1389,6 +1393,7 @@ static int probe_ok(int flag) return S_TRUE; return S_FALSE; } +#endif static unsigned char probe_header_set(unsigned char protocol) { @@ -1440,6 +1445,7 @@ unsigned char sh_tools_probe_store(unsigned char protocol, int * probe_flag) return protocol; } +#ifdef SH_ENCRYPT static int probe_ok(int flag) { if ((flag & SH_PROTO_IVA) != 0) @@ -1448,6 +1454,8 @@ static int probe_ok(int flag) } #endif +#endif + void get_header (unsigned char * head, unsigned long * bytes, char * u) { @@ -1664,10 +1672,10 @@ char * sh_tools_makePack (unsigned char * header, int flag, if ((i_blk*16) > payload_size && !oflow) { - memset(&full_ret[16+payload_size], '\0', (i_blk*16) - payload_size); + memset(&full_ret[16+payload_size], 0, (i_blk*16) - payload_size); payload_size = i_blk * 16; } - memset(&full_ret[16+payload_size], '\0', i_epad*16); + memset(&full_ret[16+payload_size], 0, i_epad*16); /* rewrite header */ @@ -2071,7 +2079,7 @@ char * get_client_uuid_file (const char * peer, unsigned long * length, const ch #endif -#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_GPG) || defined(WITH_PGP) +#if defined(SH_WITH_CLIENT) || defined(SH_WITH_SERVER) || defined(SH_STEALTH) || defined(WITH_SIG) /* --------- secure temporary file ------------ */ diff --git a/src/sh_unix.c b/src/sh_unix.c index c383bef..bb08dc2 100644 --- a/src/sh_unix.c +++ b/src/sh_unix.c @@ -82,7 +82,7 @@ #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif @@ -513,7 +513,7 @@ void sh_unix_sigexit (int mysignal) { ++immediate_exit_normal; if ((skey != NULL) && (immediate_exit_normal == 2)) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); if (immediate_exit_normal == 2) { int val_return; @@ -578,7 +578,7 @@ void sh_unix_sigexit_fast (int mysignal) #if !defined(SL_DEBUG) || (!defined(USE_SYSTEM_MALLOC) && defined(USE_MALLOC_LOCK)) ++immediate_exit_fast; if (skey != NULL && immediate_exit_fast < 2) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); if (immediate_exit_fast < 2) safe_logger (mysignal, 0, NULL); raise(SIGKILL); @@ -590,7 +590,7 @@ void sh_unix_sigexit_fast (int mysignal) { ++immediate_exit_fast; if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); close_ipc (); safe_logger (mysignal, 0, NULL); do { @@ -630,7 +630,7 @@ void sh_unix_sigexit_fast (int mysignal) sh.prg_name, sh_sig_msg); if (skey != NULL) - memset (skey, '\0', sizeof(sh_key_t)); + memset (skey, 0, sizeof(sh_key_t)); close_ipc (); do { @@ -1209,6 +1209,8 @@ int tf_trust_check (const char * file, int mode) int status; int level; uid_t ff_euid = (uid_t) -1; + uid_t baduid; + gid_t badgid; SL_ENTER(_("tf_trust_check")); @@ -1255,11 +1257,14 @@ int tf_trust_check (const char * file, int mode) else level = SH_ERR_ERR; - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); + tmp = sh_util_safe_name (file); + p = sh_util_strdup(sl_trust_errfile()); + baduid = sl_trust_baduid(); + badgid = sl_trust_badgid(); + if (p && *p != '\0') { - tmp2 = sh_util_safe_name (sl_trust_errfile()); + tmp2 = sh_util_safe_name (p); sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST2, sl_error_string(status), tmp, tmp2); SH_FREE(tmp2); @@ -1269,7 +1274,6 @@ int tf_trust_check (const char * file, int mode) sh_error_handle(level, FIL__, __LINE__, status, MSG_E_TRUST1, sl_error_string(status), tmp); } - SH_FREE(tmp); if (status == SL_EBADUID || status == SL_EBADGID || status == SL_EBADOTH || status == SL_ETRUNC || @@ -1281,43 +1285,37 @@ int tf_trust_check (const char * file, int mode) _("An internal error occured in the trustfile function.\n")); break; case SL_ETRUNC: - tmp = sh_util_safe_name (file); dlog(1, FIL__, __LINE__, _("A filename truncation occured in the trustfile function.\nProbably the normalized filename for %s\nis too long. This may be due e.g. to deep or circular softlinks.\n"), tmp); - SH_FREE(tmp); break; case SL_EBADOTH: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The path element: %s\nin the filename: %s is world writeable.\n"), - p, tmp); - SH_FREE(tmp); + (p) ? p : _("(null)"), tmp); break; case SL_EBADUID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The owner (UID = %ld) of the path element: %s\nin the filename: %s\nis not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - (UID_CAST)sl_trust_baduid(), p, tmp); - SH_FREE(tmp); + (UID_CAST)baduid, (p) ? p : _("(null)"), tmp); break; case SL_EBADGID: - tmp = sh_util_safe_name (file); - p = sl_trust_errfile(); dlog(1, FIL__, __LINE__, _("The path element: %s\nin the filename: %s\nis group writeable (GID = %ld), and at least one of the group\nmembers (UID = %ld) is not in the list of trusted users.\nTo fix the problem, you can:\n - run ./configure again with the option --with-trusted=0,...,UID\n where UID is the UID of the untrusted user, or\n - use the option TrustedUser=UID in the configuration file.\n"), - p, tmp, (UID_CAST)sl_trust_badgid(), - (UID_CAST)sl_trust_baduid()); - SH_FREE(tmp); + (p) ? p : _("(null)"), tmp, (UID_CAST)badgid, + (UID_CAST)baduid); break; default: break; } - + SH_FREE(tmp); + if (p) SH_FREE(p); SL_RETURN((-1), _("tf_trust_check")); } + else { + SH_FREE(tmp); + if (p) SH_FREE(p); + } } SL_RETURN((0), _("tf_trust_check")); @@ -2342,11 +2340,11 @@ char * t_zone(const time_t * xx) diff = diff - (sign * 24 * 60); /* datum wrap-around correction */ hh = diff / 60; mm = diff - (hh * 60); - sprintf (tz, _("%+03d%02d"), hh, mm); /* known to fit */ + sl_snprintf (tz, sizeof(tz), _("%+03d%02d"), hh, mm); /* known to fit */ } else { - sprintf (tz, _("%+03d%02d"), 0, 0); + sl_snprintf (tz, sizeof(tz), _("%+03d%02d"), 0, 0); } SL_RETURN(tz, _("t_zone")); } @@ -2484,6 +2482,7 @@ char * sh_unix_time (time_t thetime, char * buffer, size_t len) sh_error_handle ((-1), FIL__, __LINE__, error_num, MSG_E_NET, errmsg, error_call, _("time"), sh.srvtime.name); + errflag = error_num; fail = 1; } @@ -2828,7 +2827,9 @@ static char * sh_userid_get (uid_t id, int which, char * out, size_t len) } /* --------- end caching code --------- */ - + +#include "sh_subuid.h" + char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) { struct passwd * tempres; @@ -2864,21 +2865,10 @@ char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) tempres = sh_getpwuid(uid); status = errno; #endif - - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("completely missing")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - sh_userid_add(uid, NULL, CACHE_UID); - SL_RETURN( NULL, _("sh_unix_getUIDname")); - } - - if (tempres->pw_name != NULL) + /* case 1: we have it + */ + if (tempres && tempres->pw_name != NULL) { sl_strlcpy(out, tempres->pw_name, len); @@ -2889,18 +2879,37 @@ char * sh_unix_getUIDname (int level, uid_t uid, char * out, size_t len) #endif SL_RETURN( out, _("sh_unix_getUIDname")); - } - else + } + +#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) + SH_FREE(buffer); +#endif + + if (tempres == NULL) { + char * pwname = sh_get_subuid ((unsigned long) uid); + + if (pwname) + { + sl_strlcpy(out, pwname, len); + sh_userid_add(uid, out, CACHE_UID); + SL_RETURN( out, _("sh_unix_getUIDname")); + } + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, sh_error_message(status, errbuf, sizeof(errbuf)), - _("getpwuid"), (long) uid, _("pw_user")); -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif + _("getpwuid"), (long) uid, _("completely missing")); + sh_userid_add(uid, NULL, CACHE_UID); SL_RETURN( NULL, _("sh_unix_getUIDname")); } - /* notreached */ + + + /* getwpuid returns struct, but no pw_name + */ + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_PWNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getpwuid"), (long) uid, _("pw_user")); + SL_RETURN( NULL, _("sh_unix_getUIDname")); } char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) @@ -2960,21 +2969,7 @@ char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) SL_RETURN( NULL, _("sh_unix_getGIDname")); } - if (tempres == NULL) - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("completely missing")); - -#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); -#endif - - sh_userid_add(gid, NULL, CACHE_GID); - SL_RETURN( NULL, _("sh_unix_getGIDname")); - } - - if (tempres->gr_name != NULL) + if (tempres && tempres->gr_name != NULL) { sl_strlcpy(out, tempres->gr_name, len); @@ -2986,19 +2981,33 @@ char * sh_unix_getGIDname (int level, gid_t gid, char * out, size_t len) SL_RETURN( out, _("sh_unix_getGIDname")); } - else - { - sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, - sh_error_message(status, errbuf, sizeof(errbuf)), - _("getgrgid"), (long) gid, _("gr_name")); #if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETGRGID_R) - SH_FREE(buffer); + SH_FREE(buffer); #endif + if (tempres == NULL) + { + char * grname = sh_get_subgid ((unsigned long) gid); + + if (grname) + { + sl_strlcpy(out, grname, len); + sh_userid_add((uid_t)gid, out, CACHE_GID); + SL_RETURN( out, _("sh_unix_getGIDname")); + } + + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("completely missing")); + sh_userid_add(gid, NULL, CACHE_GID); SL_RETURN( NULL, _("sh_unix_getGIDname")); } - /* notreached */ + + sh_error_handle (level, FIL__, __LINE__, EINVAL, MSG_E_GRNULL, + sh_error_message(status, errbuf, sizeof(errbuf)), + _("getgrgid"), (long) gid, _("gr_name")); + SL_RETURN( NULL, _("sh_unix_getGIDname")); } int sh_unix_getUser () @@ -3067,7 +3076,7 @@ int sh_unix_getUser () /* notreached */ } - +/* return >0 on success, -1 on EOF */ int sh_unix_getline (SL_TICKET fd, char * line, int sizeofline) { register int count; @@ -3593,8 +3602,10 @@ int sh_check_rotated_log (const char * path, retval = S_TRUE; } } - SH_FREE(rotated_file); } + if (rotated_file) { + SH_FREE(rotated_file); + } } return retval; } @@ -3793,8 +3804,8 @@ int sh_unix_setcheckacl (const char * c) static void * sh_dummy_filename; -static void * sh_dummy_tmp; -static void * sh_dummy_tmp2; +void * sh_dummy_tmp; +void * sh_dummy_tmp2; int sh_unix_getinfo (int level, const char * filename, file_type * theFile, char * fileHash, int policy) @@ -3894,6 +3905,7 @@ int sh_unix_getinfo (int level, const char * filename, file_type * theFile, if (errno == EBADF && try == 0) /* obsolete, but we keep this, just in case */ { + /* cppcheck-suppress syntaxError */ ++try; goto try_again; } @@ -4593,7 +4605,7 @@ int sh_unix_lock (char * lockfile, char * flag) SL_ENTER(_("sh_unix_lock")); - sprintf (myPid, "%ld\n", (long) sh.pid); /* known to fit */ + sl_snprintf (myPid, sizeof(myPid), "%ld\n", (long) sh.pid); /* known to fit */ if (flag == NULL) /* PID file, check for directory */ { @@ -4861,8 +4873,8 @@ int sh_unix_file_exists(char * path) if (0 == retry_lstat(FIL__, __LINE__, path, &buf)) SL_RETURN( S_TRUE, _("sh_unix_file_exists")); - else - SL_RETURN( S_FALSE, _("sh_unix_file_exists")); + + SL_RETURN( S_FALSE, _("sh_unix_file_exists")); } @@ -4877,10 +4889,10 @@ int sh_unix_device_readable(int fd) if (retry_fstat(FIL__, __LINE__, fd, &buf) == -1) SL_RETURN( (-1), _("sh_unix_device_readable")); - else if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) + if ( S_ISCHR(buf.st_mode) && 0 != (S_IROTH & buf.st_mode) ) SL_RETURN( (0), _("sh_unix_device_readable")); - else - SL_RETURN( (-1), _("sh_unix_device_readable")); + + SL_RETURN( (-1), _("sh_unix_device_readable")); } static char preq[16]; @@ -5397,6 +5409,7 @@ unsigned long first_hex_block(SL_TICKET fd, unsigned long * max); int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) { int add_off = 0, llen; + unsigned long bread; static unsigned long off_data = 0; static unsigned long max_data = 0; static unsigned long bytes_read = 0; @@ -5444,8 +5457,13 @@ int sh_unix_getline_stealth (SL_TICKET fd, char * str, int len) /* --- Read one line. --- */ - add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bytes_read); - off_data += add_off; + add_off = hideout_hex_block(fd, (unsigned char *) str, len, &bread); + if (add_off > 0) + off_data += add_off; + bytes_read += bread; + + if (bread == 0 || add_off <= 0) /* EOF */ + str[0] = '\0'; llen = sl_strlen(str); SL_RETURN(llen, _("sh_unix_getline_stealth")); @@ -5467,6 +5485,8 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, ASSERT_RET((len > 1), _("len > 1"), (0)); + str[0] = '\0'; + *bytes_read = 0; --len; i = 0; @@ -5484,14 +5504,17 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, c = ' '; do { do { + errno = 0; num = sl_read (fd, &c, 1); } while (num == 0 && errno == EINTR); if (num > 0) ++here; - else if (num == 0) - SL_RETURN((0), _("hideout_hex_block")); - else + else if (num == 0) { SL_RETURN((-1), _("hideout_hex_block")); + } + else { + SL_RETURN((-1), _("hideout_hex_block")); + } } while (c == '\n' || c == '\t' || c == '\r' || c == ' '); } @@ -5513,8 +5536,10 @@ int hideout_hex_block(SL_TICKET fd, unsigned char * str, int len, if (i != 0) str[i] = '\0'; - else + else if (str[0] == '\n') str[i+1] = '\0'; /* keep newline and terminate */ + else + str[0] = '\0'; retval += here; *bytes_read += (bread/8); diff --git a/src/sh_utils.c b/src/sh_utils.c index 4a162c2..204b131 100644 --- a/src/sh_utils.c +++ b/src/sh_utils.c @@ -826,12 +826,14 @@ static char * sh_util_hmac_tiger (char * hexkey, for (i = 0; i < (KEY_LEN/8); ++i) copy_four ( (unsigned char *) &(cc[i]), h1[i]); + /* cppcheck-suppress uninitvar */ h2 = sh_tiger_hash_uint32 ( inner, TIGER_DATA, (unsigned long) KEY_BLOCK+textlen, kbuf, KEY_BYT/sizeof(UINT32)); for (i = KEY_LEN/8; i < (KEY_LEN/4); ++i) copy_four ( (unsigned char *) &(cc[i]), h2[i - (KEY_LEN/8)]); + /* cppcheck-suppress uninitvar */ SH_FREE(inner); (void) sh_tiger_hash ((char *) &cc[0], @@ -1087,7 +1089,7 @@ UINT32 taus_get () res_num = 1; SH_MUTEX_UNLOCK_UNSAFE(mutex_skey); - memset(taus_svec, '\0', TAUS_SAMPLE * sizeof(UINT32)); + memset(taus_svec, 0, TAUS_SAMPLE * sizeof(UINT32)); return retval; } @@ -1243,9 +1245,10 @@ int sh_util_set_newkey (const char * new_in) return -1; } - if (NULL == (new = calloc(1,strlen(new_in) + 1))) + len = strlen(new_in) + 1; + if (NULL == (new = calloc(1, len))) goto bail_mem; - sl_strncpy(new, new_in, strlen(new_in) + 1); + memcpy(new, new_in, len); key = new; len = strlen(new); @@ -2200,6 +2203,7 @@ char * sh_util_strconcat (const char * arg1, ...) else SL_RETURN(NULL, _("sh_util_strconcat")); + /* cppcheck-suppress uninitvar */ strnew[0] = '\0'; (void) sl_strlcpy (strnew, arg1, length + 2); diff --git a/src/sh_utmp.c b/src/sh_utmp.c index 5c72209..444779b 100644 --- a/src/sh_utmp.c +++ b/src/sh_utmp.c @@ -140,41 +140,30 @@ SH_MUTEX_EXTERN(mutex_thread_nolog); #ifdef HAVE_UTMPX_H -#ifndef _PATH_UTMP -#ifdef UTMPX_FILE -#define _PATH_UTMP UTMPX_FILE -#else -#error You must define UTMPX_FILE in the file config.h -#endif -#endif -#ifndef _PATH_WTMP -#ifdef WTMPX_FILE -#define _PATH_WTMP WTMPX_FILE +#if defined(_PATH_UTMPX) +#define SH_PATH_UTMP _PATH_UTMPX +#elif defined(UTMPX_FILE) +#define SH_PATH_UTMP UTMPX_FILE +#elif defined(_PATH_UTMP) +#define SH_PATH_UTMP _PATH_UTMP #else -#error You must define WTMPX_FILE in the file config.h -#endif +#error You must define UTMPX_FILE in the file config.h #endif #else -#ifndef _PATH_UTMP -#ifdef UTMP_FILE -#define _PATH_UTMP UTMP_FILE +#if defined(_PATH_UTMP) +#define SH_PATH_UTMP _PATH_UTMP +#elif defined(UTMP_FILE) +#define SH_PATH_UTMP UTMP_FILE #else #error You must define UTMP_FILE in the file config.h #endif -#endif -#ifndef _PATH_WTMP -#ifdef WTMP_FILE -#define _PATH_WTMP WTMP_FILE -#else -#error You must define WTMP_FILE in the file config.h -#endif -#endif #endif typedef struct log_user { + time_t last_checked; char ut_tty[UT_LINESIZE+1]; char name[UT_NAMESIZE+1]; char ut_host[UT_HOSTSIZE+1]; @@ -183,18 +172,12 @@ typedef struct log_user { struct log_user * next; } blah_utmp; -#ifdef HAVE_UTTYPE -static char terminated_line[UT_HOSTSIZE]; -#endif - -static char * mode_path[] = { _PATH_WTMP, _PATH_WTMP, _PATH_UTMP }; - -static struct SH_UTMP_S save_utmp; +static char * utmp_path = SH_PATH_UTMP; static void sh_utmp_logout_morechecks(struct log_user * user); static void sh_utmp_login_morechecks(struct SH_UTMP_S * ut); -static void sh_utmp_addlogin (struct SH_UTMP_S * ut); -static void sh_utmp_check_internal(int mode); +static void sh_utmp_checklogin (struct SH_UTMP_S * ut, time_t start_read); +static void sh_utmp_check_internal(); static int ShUtmpLoginSolo = SH_ERR_INFO; static int ShUtmpLoginMulti = SH_ERR_WARN; @@ -257,12 +240,18 @@ static void set_defaults(void) return; } +#if defined(HAVE_UTMPX_H) && defined(HAVE_GETUTXENT) +#define USE_SETUTENT 1 +#elif defined(HAVE_GETUTENT) +#define USE_SETUTENT 1 +#endif -#if defined (HAVE_SETUTENT) && defined (USE_SETUTENT) -#ifdef HAVE_UTMPX_H +#if defined (USE_SETUTENT) -#define sh_utmp_utmpname utmpxname +#ifdef HAVE_UTMPX_H + +#define sh_utmp_utmpname(a) (void)(a) #define sh_utmp_setutent setutxent #define sh_utmp_endutent endutxent #define sh_utmp_getutent getutxent @@ -291,12 +280,8 @@ static void set_defaults(void) */ static FILE * sh_utmpfile = NULL; -static char sh_utmppath[80] = _PATH_UTMP; +static char sh_utmppath[80] = SH_PATH_UTMP; -/* sh_utmp_feed_forward is for optimizing - * (fseek instead of getutent loop) - */ -static long sh_utmp_feed_forward = 0; static void sh_utmp_utmpname(const char * str) { @@ -307,7 +292,7 @@ static void sh_utmp_utmpname(const char * str) sh_utmpfile = NULL; } - (void) sl_strlcpy (sh_utmppath, str, 80); + (void) sl_strlcpy (sh_utmppath, str, sizeof(sh_utmppath)); SL_RET0(_("sh_utmp_utmpname")); } @@ -343,11 +328,6 @@ static void sh_utmp_setutent(void) } } (void) fseek (sh_utmpfile, 0L, SEEK_SET); - if (-1 == fseek (sh_utmpfile, sh_utmp_feed_forward, SEEK_CUR)) - { - sh_utmp_feed_forward = 0; /* modified Apr 4, 2004 */ - (void) fseek (sh_utmpfile, 0L, SEEK_SET); - } clearerr (sh_utmpfile); SL_RET0(_("sh_utmp_setutent")); } @@ -387,63 +367,6 @@ static struct SH_UTMP_S * sh_utmp_getutent(void) SL_RETURN(&out, _("sh_utmp_getutent")); } -#ifdef USE_UNUSED - -static struct SH_UTMP_S * sh_utmp_getutline(struct SH_UTMP_S * ut) -{ - struct SH_UTMP_S * out; - - while (1) { - if ((out = sh_utmp_getutent()) == NULL) { - return NULL; - } -#ifdef HAVE_UTTYPE - if (out->ut_type == USER_PROCESS || out->ut_type == LOGIN_PROCESS) - if (sl_strcmp(ut->ut_line, out->ut_line) == 0) - return out; -#else - if ( 0 != sl_strncmp (out->ut_name, "reboot", 6) && - 0 != sl_strncmp (out->ut_name, "shutdown", 8) && - 0 != sl_strncmp (out->ut_name, "date", 4) ) - return out; -#endif - } - return NULL; -} - -static struct SH_UTMP_S * sh_utmp_getutid(struct SH_UTMP_S * ut) -{ -#ifdef HAVE_UTTYPE - struct SH_UTMP_S * out; - - if (ut->ut_type == RUN_LVL || ut->ut_type == BOOT_TIME || - ut->ut_type == NEW_TIME || ut->ut_type == OLD_TIME) - { - while (1) { - if ((out = sh_utmp_getutent()) == NULL) { - return NULL; - } - if (out->ut_type == ut->ut_type) - return out; - } - } - else if (ut->ut_type == INIT_PROCESS || ut->ut_type == LOGIN_PROCESS || - ut->ut_type == USER_PROCESS || ut->ut_type == DEAD_PROCESS ) - { - while (1) { - if ((out = sh_utmp_getutent()) == NULL) { - return NULL; - } - if (sl_strcmp(ut->ut_id, out->ut_id) == 0) - return out; - } - } -#endif - return NULL; -} -/* #ifdef USE_UNUSED */ -#endif - /* #ifdef HAVE_SETUTENT */ #endif @@ -510,9 +433,7 @@ static int sh_utmp_init_internal (void) } lastcheck = time (NULL); userlist = NULL; - memset (&save_utmp, 0, sizeof(struct SH_UTMP_S)); - sh_utmp_check_internal (2); /* current logins */ - sh_utmp_check_internal (0); + sh_utmp_check_internal (); /* current logins */ init_done = 1; SL_RETURN( (0), _("sh_utmp_init")); } @@ -617,7 +538,7 @@ int sh_utmp_timer (time_t tcurrent) if ( (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE) && sh.flag.checkSum != SH_CHECK_INIT ) { - sh_inotify_wait_for_change(mode_path[1], &inotify_watch, + sh_inotify_wait_for_change(utmp_path, &inotify_watch, &errnum, ShUtmpInterval); } @@ -656,7 +577,7 @@ int sh_utmp_check () SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_UT_CHECK); SH_MUTEX_UNLOCK(mutex_thread_nolog); - sh_utmp_check_internal (1); + sh_utmp_check_internal (); SL_RETURN(0, _("sh_utmp_check")); } @@ -736,7 +657,7 @@ int sh_utmp_set_login_activate (const char * c) SL_RETURN(i, _("sh_utmp_set_login_activate")); } -#ifdef HAVE_UTTYPE + struct login_ct { char name[UT_NAMESIZE+1]; int nlogin; @@ -816,7 +737,6 @@ static int sh_utmp_login_r(char * str) return 0; } -#endif /* for each login: @@ -825,14 +745,14 @@ static int sh_utmp_login_r(char * str) * - link user.ut_record -> log_record */ -#ifdef HAVE_UTTYPE +#include <ctype.h> static int sh_utmp_is_virtual (char * in_utline, char * in_uthost) { if (in_uthost != NULL && in_utline != NULL && in_uthost[0] == ':' && - in_uthost[1] == '0' && + isdigit((int) in_uthost[1]) && 0 == sl_strncmp(in_utline, _("pts/"), 4)) { return 1; @@ -840,7 +760,139 @@ static int sh_utmp_is_virtual (char * in_utline, char * in_uthost) return 0; } + + +static void sh_utmp_log_out(int sev, struct log_user * user, int n) +{ + char ttt[TIM_MAX]; + + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( sev, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG3X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG3A, +#else + MSG_UT_LG3B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + n + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +} + +static void sh_utmp_log_multi(int sev, struct log_user * user, int n) +{ + char ttt[TIM_MAX]; + + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( sev, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG2X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG2A, +#else + MSG_UT_LG2B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, +#endif + ttt, + n + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +} + +static void sh_utmp_log_one(int sev, struct log_user * user, int n) +{ + char ttt[TIM_MAX]; + + SH_MUTEX_LOCK(mutex_thread_nolog); + (void) sh_unix_time (user->time, ttt, TIM_MAX); + sh_error_handle( sev, FIL__, __LINE__, 0, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + MSG_UT_LG1X, +#elif defined(HAVE_UTHOST) + MSG_UT_LG1A, +#else + MSG_UT_LG1B, +#endif + user->name, + user->ut_tty, +#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) + user->ut_host, + user->ut_ship, +#elif defined(HAVE_UTHOST) + user->ut_host, #endif + ttt, + n + ); + SH_MUTEX_UNLOCK(mutex_thread_nolog); +} + +static void sh_utmp_purge_old (time_t start_read) +{ + struct log_user * user = userlist; + struct log_user * userold = userlist; + volatile int status; + + /* ------- find old entries -------- + */ + while (user != NULL) + { + if (user->last_checked < start_read) + { + /* report logout */ + if (0 == sh_utmp_is_virtual(user->ut_tty, user->ut_host)) + { + /* reference count down on list of logged in users */ + status = sh_utmp_login_r(user->name); + + sh_utmp_log_out(ShUtmpLogout, user, status); + sh_utmp_logout_morechecks((struct log_user *)user); + } + + /* remove entry */ + if (userold == user && userold == userlist) + { + /* first element in userlist, advance userlist & userold */ + userold = user->next; + userlist = user->next; + SH_FREE((struct log_user *)user); + user = userlist; + } + else + { + /* other element in userlist, cut it out */ + userold->next = user->next; + SH_FREE((struct log_user *)user); + user = userold->next; + } + } + else + { + userold = user; + user = user->next; + } + } + return; +} /* These variables are not used anywhere. They only exist * to assign &userold, &user to them, which keeps gcc from @@ -851,33 +903,19 @@ void * sh_dummy_850_userold = NULL; void * sh_dummy_851_user = NULL; -static void sh_utmp_addlogin (struct SH_UTMP_S * ut) +static void sh_utmp_checklogin (struct SH_UTMP_S * ut, time_t start_read) { struct log_user * user = userlist; struct log_user * userold = userlist; -#ifdef HAVE_UTTYPE - struct log_user * username = userlist; -#endif - char ttt[TIM_MAX]; -#ifdef HAVE_UTTYPE + struct log_user * username = userlist; volatile int status; -#endif - SL_ENTER(_("sh_utmp_addlogin")); - if (ut->ut_line[0] == '\0') - SL_RET0(_("sh_utmp_addlogin")); + SL_ENTER(_("sh_utmp_checklogin")); - /* for some stupid reason, AIX repeats the wtmp entry for logouts - * with ssh - */ - if (memcmp (&save_utmp, ut, sizeof(struct SH_UTMP_S)) == 0) - { - memset(&save_utmp, (int) '\0', sizeof(struct SH_UTMP_S)); - SL_RET0(_("sh_utmp_addlogin")); - } - memcpy (&save_utmp, ut, sizeof(struct SH_UTMP_S)); + if (ut->ut_line[0] == '\0') + SL_RET0(_("sh_utmp_checklogin")); /* Take the address to keep gcc from putting them into registers. * Avoids the 'clobbered by longjmp' warning. @@ -889,273 +927,108 @@ static void sh_utmp_addlogin (struct SH_UTMP_S * ut) */ while (user != NULL) { - if (0 == sl_strncmp((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE) ) + if (0 == sl_strncmp(user->ut_tty, ut->ut_line, UT_LINESIZE) && + 0 == sl_strncmp(user->name, ut->ut_name, UT_NAMESIZE)) break; userold = user; user = user->next; } -#ifdef HAVE_UTTYPE + while (username != NULL) { if (0 == sl_strncmp(username->name, ut->ut_name, UT_NAMESIZE) ) break; username = username->next; } -#endif + -#ifdef HAVE_UTTYPE - /* ---------- LOGIN -------------- */ - if (ut->ut_type == USER_PROCESS) + if (user == NULL) { - if (user == NULL) - { - user = SH_ALLOC(sizeof(struct log_user)); - user->next = userlist; - userlist = (struct log_user *) user; - } - (void) sl_strlcpy((char*)(user->ut_tty), ut->ut_line, UT_LINESIZE+1); - (void) sl_strlcpy((char*)(user->name), ut->ut_name, UT_NAMESIZE+1); -#ifdef HAVE_UTHOST - (void) sl_strlcpy((char*)(user->ut_host), ut->ut_host, UT_HOSTSIZE+1); -#else - user->ut_host[0] = '\0'; -#endif -#ifdef HAVE_UTADDR -#ifdef HAVE_UTADDR_V6 - my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); -#else - my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); -#endif -#endif - user->time = ut->ut_time; - - if (username == NULL /* not yet logged in */ - || 0 == sl_strncmp(ut->ut_line, _("ttyp"), 4) /* in virt. console */ - || 0 == sl_strncmp(ut->ut_line, _("ttyq"), 4) /* in virt. console */ - ) { - status = sh_utmp_login_a((char*)user->name); - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (user->time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - MSG_UT_LG1X, -#elif defined(HAVE_UTHOST) - MSG_UT_LG1A, -#else - MSG_UT_LG1B, -#endif - user->name, - user->ut_tty, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - user->ut_host, - user->ut_ship, -#elif defined(HAVE_UTHOST) - user->ut_host, -#endif - ttt, - status - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } else - if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) - { - status = sh_utmp_login_a((char*)user->name); - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (user->time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLoginMulti, FIL__, __LINE__, 0, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - MSG_UT_LG2X, -#elif defined(HAVE_UTHOST) - MSG_UT_LG2A, -#else - MSG_UT_LG2B, -#endif - user->name, - user->ut_tty, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - user->ut_host, - user->ut_ship, -#elif defined(HAVE_UTHOST) - user->ut_host, -#endif - ttt, - status - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - } - - sh_utmp_login_morechecks(ut); + user = SH_ALLOC(sizeof(struct log_user)); + user->next = userlist; + userlist = (struct log_user *) user; + } + else if ( (user->time == ut->ut_time) && + 0 == sl_strcmp (user->name, ut->ut_name)) + { + /* we have it on record and nothing has changed */ + user->last_checked = start_read; goto out; } - - - /* --------- LOGOUT ---------------- */ - else if (ut->ut_name[0] == '\0' - || ut->ut_type == DEAD_PROCESS /* solaris does not clear ut_name */ - ) + else { - if (user != NULL) - { -#if defined(__linux__) - if (0 == sh_utmp_is_virtual(ut->ut_line, (char*)user->ut_host)) { -#endif - status = sh_utmp_login_r((char*)user->name); - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - MSG_UT_LG3X, -#elif defined(HAVE_UTHOST) - MSG_UT_LG3A, -#else - MSG_UT_LG3B, -#endif - user->name, - user->ut_tty, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - user->ut_host, - user->ut_ship, -#elif defined(HAVE_UTHOST) - user->ut_host, -#endif - ttt, - status - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - userold->next = user->next; - if (user == userlist) - userlist = user->next; - sh_utmp_logout_morechecks((struct log_user *)user); - SH_FREE((struct log_user *)user); - user = NULL; -#if defined(__linux__) - } -#endif - } - else + /* we have it on record and something has changed */ + if (0 == sh_utmp_is_virtual(user->ut_tty, user->ut_host)) { - (void) sl_strlcpy(terminated_line, ut->ut_line, UT_HOSTSIZE); - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, - MSG_UT_LG3C, - terminated_line, - ttt, 0 - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); + /* reference count down on list of logged in users */ + status = sh_utmp_login_r(user->name); + + sh_utmp_log_out(ShUtmpLogout, user, status); + sh_utmp_logout_morechecks((struct log_user *)user); } - goto out; } - /* default */ - goto out; - - /* #ifdef HAVE_UTTYPE */ -#else - - if (user == NULL) /* probably a login */ - { - user = SH_ALLOC(sizeof(struct log_user)); - sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); - sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); + user->last_checked = start_read; + + (void) sl_strlcpy(user->ut_tty, ut->ut_line, UT_LINESIZE+1); + (void) sl_strlcpy(user->name, ut->ut_name, UT_NAMESIZE+1); #ifdef HAVE_UTHOST - sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); + (void) sl_strlcpy(user->ut_host, ut->ut_host, UT_HOSTSIZE+1); +#else + user->ut_host[0] = '\0'; #endif #ifdef HAVE_UTADDR #ifdef HAVE_UTADDR_V6 - my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); -#else - my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); -#endif -#endif - user->time = ut->ut_time; - user->next = userlist; - userlist = user; - - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (user->time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLoginSolo, FIL__, __LINE__, 0, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - MSG_UT_LG1X, -#elif defined(HAVE_UTHOST) - MSG_UT_LG1A, + my_inet_ntoa(ut->ut_addr_v6, user->ut_ship, SH_IP_BUF); #else - MSG_UT_LG1B, + my_inet_ntoa(ut->ut_addr, user->ut_ship, SH_IP_BUF); #endif - user->name, - user->ut_tty, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - user->ut_host, - user->ut_ship, -#elif defined(HAVE_UTHOST) - user->ut_host, #endif - ttt, - 1 - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - sh_utmp_login_morechecks(ut); + user->time = ut->ut_time; + + if (username == NULL) /* not yet logged in */ + { + /* add this username to the list of logged in users */ + status = sh_utmp_login_a(user->name); + + sh_utmp_log_one(ShUtmpLoginSolo, user, status); + } - else /* probably a logout */ + else if (0 == sh_utmp_is_virtual(user->ut_tty, (char*)user->ut_host)) { - SH_MUTEX_LOCK(mutex_thread_nolog); - (void) sh_unix_time (ut->ut_time, ttt, TIM_MAX); - sh_error_handle( ShUtmpLogout, FIL__, __LINE__, 0, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - MSG_UT_LG2X, -#elif defined(HAVE_UTHOST) - MSG_UT_LG2A, -#else - MSG_UT_LG2B, -#endif - user->name, - user->ut_tty, -#if defined(HAVE_UTHOST) && defined(HAVE_UTADDR) - user->ut_host, - user->ut_ship, -#elif defined(HAVE_UTHOST) - user->ut_host, -#endif - ttt, - 1 - ); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - sh_utmp_logout_morechecks(user); - userold->next = user->next; - if (user == userlist) /* inserted Apr 4, 2004 */ - userlist = user->next; - SH_FREE(user); - user = NULL; + /* add this username to the list of logged in users */ + status = sh_utmp_login_a((char*)user->name); + + sh_utmp_log_multi(ShUtmpLoginMulti, user, status); } + sh_utmp_login_morechecks(ut); + goto out; -#endif out: sh_dummy_851_user = NULL; sh_dummy_850_userold = NULL; - SL_RET0(_("sh_utmp_addlogin")); + SL_RET0(_("sh_utmp_checklogin")); } static time_t lastmod = 0; -static off_t lastsize = 0; -static unsigned long lastread = 0; -static void sh_utmp_check_internal (int mode) +static void sh_utmp_check_internal () { struct stat buf; int error; struct SH_UTMP_S * ut; - unsigned long this_read; int val_retry; + time_t start_read; SL_ENTER(_("sh_utmp_check_internal")); /* error if no access */ do { - val_retry = /*@-unrecog@*/lstat ( mode_path[mode], &buf)/*@+unrecog@*/; + val_retry = /*@-unrecog@*/lstat ( utmp_path, &buf)/*@+unrecog@*/; } while (val_retry < 0 && errno == EINTR); if (0 != val_retry) @@ -1163,87 +1036,43 @@ static void sh_utmp_check_internal (int mode) error = errno; SH_MUTEX_LOCK(mutex_thread_nolog); sh_error_handle((-1), FIL__, __LINE__, error, MSG_E_ACCESS, - (long) sh.real.uid, mode_path[mode]); + (long) sh.real.uid, utmp_path); SH_MUTEX_UNLOCK(mutex_thread_nolog); SL_RET0(_("sh_utmp_check_internal")); } - /* modification time - */ - if (mode < 2) - { - if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) - { - SL_RET0(_("sh_utmp_check_internal")); - } - else - lastmod = buf.st_mtime; - } - - /* file size + /* check modification time */ - if (/*@-usedef@*/buf.st_size < lastsize/*@+usedef@*/ && mode < 2) + if (/*@-usedef@*/buf.st_mtime <= lastmod/*@+usedef@*/) { - SH_MUTEX_LOCK(mutex_thread_nolog); - sh_error_handle((-1), FIL__, __LINE__, 0, MSG_UT_ROT, - mode_path[mode]); - SH_MUTEX_UNLOCK(mutex_thread_nolog); - lastread = 0; -#ifndef USE_SETUTENT - sh_utmp_feed_forward = 0L; -#endif + SL_RET0(_("sh_utmp_check_internal")); } + else + lastmod = buf.st_mtime; - if (mode < 2) - lastsize = buf.st_size; - - if (buf.st_size == 0) - SL_RET0(_("sh_utmp_check_internal")); - - sh_utmp_utmpname(mode_path[mode]); + sh_utmp_utmpname(utmp_path); sh_utmp_setutent(); - /* - * feed forward if initializing - * we need to do this here - */ - this_read = 0; - - if (mode < 2) - { - while (this_read < lastread) { - (void) sh_utmp_getutent(); - ++this_read; - } - } - /* start reading */ - this_read = 0; + start_read = time(NULL); + while (1 == 1) { ut = sh_utmp_getutent(); if (ut == NULL) break; /* modified: ut_user --> ut_name */ - if (mode == 1 || (mode == 2 && ut->ut_name[0] != '\0' + if (ut->ut_name[0] != '\0' #ifdef HAVE_UTTYPE - && ut->ut_type != DEAD_PROCESS + && ut->ut_type == USER_PROCESS #endif - )) - sh_utmp_addlogin (ut); - ++this_read; + ) + sh_utmp_checklogin (ut, start_read); } sh_utmp_endutent(); - if (mode < 2) - { - lastread += this_read; -#ifndef USE_SETUTENT - sh_utmp_feed_forward += (long) (this_read * sizeof(struct SH_UTMP_S)); - lastread = 0; -#endif - } + sh_utmp_purge_old (start_read); SL_RET0(_("sh_utmp_check_internal")); } diff --git a/src/sh_xfer_client.c b/src/sh_xfer_client.c index abc6504..aa4941c 100644 --- a/src/sh_xfer_client.c +++ b/src/sh_xfer_client.c @@ -96,7 +96,7 @@ #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) @@ -768,7 +768,7 @@ static int xfer_auth(int is_reinit, int * initialized, /* verify random nonce v from server H(v, P)v */ sh_passwd (nounce, NULL, NULL, temp); - if ( 0 != sl_strncmp(temp, answer, KEY_LEN)) + if ( 0 != sl_ts_strncmp(temp, answer, KEY_LEN)) flag_err = (-1); TPT(( 0, FIL__, __LINE__, _("msg=<c/r: vrfy nonce, flag_err = %d>\n"), @@ -1002,7 +1002,7 @@ static int xfer_auth(int is_reinit, int * initialized, M_buf, sizeof(M_buf) ); if (M != NULL && - 0 == sl_strncmp (answer, M, KEY_LEN+1)) + 0 == sl_ts_strncmp (answer, M, KEY_LEN+1)) { sl_strlcpy (skey->session, sh_tiger_hash(foo_Sc, @@ -1050,7 +1050,7 @@ static int xfer_auth(int is_reinit, int * initialized, { xfer_timeout_val *= 2; sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_NOAUTH); - memset(answer, '\0', 512); + memset(answer, 0, 512); MUNLOCK(answer, 512); SH_FREE(answer); return -1; @@ -1082,7 +1082,7 @@ int xfer_check_server_cmd(char * answer, char * buffer) (void) sl_strlcpy(buffer, &answer[KEY_LEN], pos+1); flag_err = - sl_strncmp(&answer[KEY_LEN+pos], + sl_ts_strncmp(&answer[KEY_LEN+pos], sh_util_siggen(skey->session, buffer, pos, @@ -1201,12 +1201,12 @@ int xfer_send_message(char * errmsg, int sockfd, char * answer) */ (void) sl_strlcpy(buffer, errmsg, len); (void) sl_strlcat(buffer, nsrv, len); - flag_err = sl_strncmp(answer, - sh_util_siggen(skey->session, - buffer, - sl_strlen(buffer), - sigbuf, sizeof(sigbuf)), - KEY_LEN); + flag_err = sl_ts_strncmp(answer, + sh_util_siggen(skey->session, + buffer, + sl_strlen(buffer), + sigbuf, sizeof(sigbuf)), + KEY_LEN); TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"), sh_util_siggen(skey->session, buffer, sl_strlen(buffer), sigbuf, sizeof(sigbuf)))); diff --git a/src/sh_xfer_server.c b/src/sh_xfer_server.c index 0f7f1ab..fcc80fc 100644 --- a/src/sh_xfer_server.c +++ b/src/sh_xfer_server.c @@ -104,7 +104,7 @@ #define FD_SETSIZE 32 #endif #ifndef FD_ZERO -#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p))) +#define FD_ZERO(p) memset((char *)(p), 0, sizeof(*(p))) #endif #if defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK) @@ -418,6 +418,11 @@ char * clt_stat[] = { * } client_t; */ +typedef struct client_alias { + char * alias; + char * hostname; +} alias_t; + #include "zAVLTree.h" static char * sh_tolower (char * s) @@ -434,7 +439,7 @@ static char * sh_tolower (char * s) } /* Function to return the key for indexing - * the argument + * the argument (for the client list) */ zAVLKey sh_avl_key (void const * arg) { @@ -444,6 +449,17 @@ zAVLKey sh_avl_key (void const * arg) zAVLTree * all_clients = NULL; +/* Function to return the key for indexing + * the argument (for the aliases list) + */ +zAVLKey sh_avl_alias (void const * arg) +{ + const alias_t * sa = (const alias_t *) arg; + return (zAVLKey) sa->alias; +} + +zAVLTree * all_aliases = NULL; + void sh_xfer_html_write() { SL_ENTER(_("sh_xfer_html_write")); @@ -469,7 +485,7 @@ int sh_xfer_use_clt_sev (const char * c) } -/* the destructor +/* the destructor (client list item) */ void free_client(void * inptr) { @@ -491,6 +507,100 @@ void free_client(void * inptr) SL_RET0(_("free_client")); } +/* the destructor (alias list item) + */ +void free_alias(void * inptr) +{ + alias_t * here; + + SL_ENTER(_("free_alias")); + if (inptr == NULL) + SL_RET0(_("free_alias")); + else + here = (alias_t *) inptr; + + if (here->alias != NULL) + SH_FREE(here->alias); + if (here->hostname != NULL) + SH_FREE(here->hostname); + SH_FREE(here); + SL_RET0(_("free_alias")); +} + +int sh_xfer_register_alias (const char * str) +{ + alias_t * newalias; + alias_t * testalias; + + const char * ptr; + int sepnum = 0; + int sep = 0; + register int i = 0; + int siz_str = 0; + + SL_ENTER(_("sh_xfer_register_alias")); + + ptr = str; + while (*ptr) { + if (*ptr == '@' && sepnum < 1) + { + sep = i; + ++sepnum; + } + ++ptr; ++i; + } + + if (all_aliases == NULL) + { + all_aliases = zAVLAllocTree (sh_avl_alias, zAVL_KEY_STRING); + if (all_aliases == NULL) + { + (void) safe_logger (0, 0, NULL); + aud__exit(FIL__, __LINE__, EXIT_FAILURE); + } + } + + if ((sepnum == 1) && (sep > 0) && (i > (sep + 1))) + { + newalias = SH_ALLOC (sizeof(alias_t)); + newalias->alias = SH_ALLOC (sep+1); + newalias->hostname = SH_ALLOC (sl_strlen(str)-sep); + + /* truncate */ + sl_strlcpy(newalias->alias, &str[0], sep+1); + sh_tolower(newalias->alias); + + /* truncate */ + sl_strlcpy(newalias->hostname, &str[sep+1], sl_strlen(str)-sep); + sh_tolower(newalias->hostname); + + testalias = (alias_t *) zAVLSearch (all_aliases, newalias->alias); + + if (testalias != NULL) + { + /* keep the alias but replace the hostname with the new one */ + SH_FREE(testalias->hostname); + siz_str = strlen (newalias->hostname) + 1; + testalias->hostname = SH_ALLOC (siz_str); + sl_strlcpy(testalias->hostname, newalias->hostname, siz_str); + + free_alias(newalias); + SL_RETURN( 0, _("sh_xfer_register_alias")); + } + else + { + if (0 == zAVLInsert (all_aliases, newalias)) + { + sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_AREG, + newalias->alias, + newalias->hostname); + SL_RETURN( 0, _("sh_xfer_register_alias")); + } + } + } + SL_RETURN (-1, _("sh_xfer_register_alias")); +} + int sh_xfer_register_client (const char * str) { @@ -1052,6 +1162,7 @@ int set_socket_peer (const char * c) */ client_t * search_register(sh_conn_t * conn, int pos) { + alias_t * this_alias; client_t * this_client; char peer_ip[SH_IP_BUF]; char numerical[SH_IP_BUF]; @@ -1067,6 +1178,7 @@ client_t * search_register(sh_conn_t * conn, int pos) { memcpy(&peer_addr, &(conn->addr_peer), sizeof(struct sh_sockaddr)); sh_ipvx_ntoa (peer_ip, sizeof(peer_ip), &peer_addr); + peer_name[0] = '\0'; /* get canonical name of socket peer */ @@ -1085,6 +1197,14 @@ client_t * search_register(sh_conn_t * conn, int pos) { sl_strlcpy(peer_name, peer_ip, MAXHOSTNAMELEN + 1); } + else + { + this_alias = zAVLSearch(all_aliases, peer_name); + if (this_alias) + { + sl_strlcpy(peer_name, this_alias->hostname, MAXHOSTNAMELEN + 1); + } + } search_string = peer_name; } @@ -1196,7 +1316,7 @@ client_t * do_check_client(sh_conn_t * conn, int * retval) sigbuf, sizeof(sigbuf)), KEY_LEN+1); - if (0 != sl_strncmp(conn->K, conn->buf, KEY_LEN)) + if (0 != sl_ts_strncmp(conn->K, conn->buf, KEY_LEN)) { TPT((0, FIL__, __LINE__, _("msg=<clt %s>\n"), conn->buf)); TPT((0, FIL__, __LINE__, _("msg=<srv %s>\n"), conn->K)); @@ -1228,11 +1348,6 @@ static void do_file_send_data(sh_conn_t * conn) char * send_buf; int bytes; SL_TICKET sfd = -1; -#ifdef SH_ENCRYPT - int blkfac; - int rem; - int send_bytes; -#endif if (conn == NULL || conn->FileName == NULL) { @@ -1279,26 +1394,11 @@ static void do_file_send_data(sh_conn_t * conn) if (bytes >= 0) { + send_buf = hash_me(conn->K, read_buf, bytes); #ifdef SH_ENCRYPT - /* need to send N * B_SIZ bytes - */ - blkfac = bytes / B_SIZ; - rem = bytes - (blkfac * B_SIZ); - if (rem != 0) - { - memset(&read_buf[bytes], '\n', (B_SIZ-rem)); - ++blkfac; - send_bytes = blkfac * B_SIZ; - } - else - send_bytes = bytes; - - send_buf = hash_me(conn->K, read_buf, send_bytes); - - sh_xfer_send_crypt (conn, send_buf, send_bytes+KEY_LEN, _("FILE"), + sh_xfer_send_crypt (conn, send_buf, bytes+KEY_LEN, _("FILE"), SH_PROTO_BIG|conn->client_entry->encf_flag); #else - send_buf = hash_me(conn->K, read_buf, bytes); sh_xfer_send_crypt (conn, send_buf, bytes+KEY_LEN, _("FILE"), SH_PROTO_BIG); #endif @@ -1662,12 +1762,12 @@ static int do_message_transfer(sh_conn_t * conn, int state) /* verify hash */ buffer = sh_util_strconcat(conn->buf, conn->challenge, NULL); - i = sl_strncmp(hash, - sh_util_siggen(conn->client_entry->session_key, - buffer, - sl_strlen(buffer), - sigbuf, sizeof(sigbuf)), - KEY_LEN); + i = sl_ts_strncmp(hash, + sh_util_siggen(conn->client_entry->session_key, + buffer, + sl_strlen(buffer), + sigbuf, sizeof(sigbuf)), + KEY_LEN); TPT((0, FIL__, __LINE__, _("msg=<sign %s.>\n"), sh_util_siggen(conn->client_entry->session_key, buffer, @@ -1787,7 +1887,7 @@ static int do_message_transfer(sh_conn_t * conn, int state) SH_FREE(ptok); clt_class = (-1); } - memset(buffer, '\0', sl_strlen(buffer)); + memset(buffer, 0, sl_strlen(buffer)); SH_FREE(buffer); /* SERVER CONF SEND @@ -1845,7 +1945,7 @@ static int do_message_transfer(sh_conn_t * conn, int state) SH_PROTO_MSG|SH_PROTO_END); #endif - memset(buffer, '\0', sl_strlen(buffer)); + memset(buffer, 0, sl_strlen(buffer)); SH_FREE(buffer); /* sh_xfer_do_free (conn); */ @@ -2086,7 +2186,7 @@ int do_auth(sh_conn_t * conn) TPT((0, FIL__, __LINE__, _("msg=<c/r: H = %s>\n"), hash)); TPT((0, FIL__, __LINE__, _("msg=<c/r: P = %s>\n"), conn->M1)); - if ( 0 != sl_strncmp(conn->M1, conn->buf, KEY_LEN)) + if ( 0 != sl_ts_strncmp(conn->M1, conn->buf, KEY_LEN)) { sh_error_handle((-1), FIL__, __LINE__, 0, MSG_TCP_BADCONN, _("Session key mismatch"), conn->peer); @@ -2412,7 +2512,7 @@ int do_auth(sh_conn_t * conn) * ----- send M2 = H(A, M1, K) ------- */ if (conn->buf != NULL && - sl_strncmp(conn->buf, conn->M1, KEY_LEN) == 0) + sl_ts_strncmp(conn->buf, conn->M1, KEY_LEN) == 0) { /* * send M2 @@ -2425,8 +2525,12 @@ int do_auth(sh_conn_t * conn) _("PARP"), (conn->head[0]|SH_PROTO_SRP)); - if (conn->A != NULL) SH_FREE(conn->A); conn->A = NULL; - if (conn->M1 != NULL) SH_FREE(conn->M1); conn->M1 = NULL; + if (conn->A != NULL) + SH_FREE(conn->A); + conn->A = NULL; + if (conn->M1 != NULL) + SH_FREE(conn->M1); + conn->M1 = NULL; sl_strlcpy(conn->client_entry->session_key, conn->K, KEY_LEN+1); TPT((0, FIL__, __LINE__, _("msg=<key %s>\n"), @@ -2449,7 +2553,9 @@ int do_auth(sh_conn_t * conn) _("sh_xfer_prep_send_int: makeKey")); #endif - if (conn->K != NULL) SH_FREE(conn->K); conn->K = NULL; + if (conn->K != NULL) + SH_FREE(conn->K); + conn->K = NULL; conn->client_entry->last_connect = time (NULL); @@ -3102,7 +3208,7 @@ int sh_create_tcp_socket (void) #if defined(USE_IPVX) if (use_server_interface == 0) /* INADDR_ANY, listen on all interfaces */ { - memset (&hints, '\0', sizeof (hints)); + memset (&hints, 0, sizeof (hints)); hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; hints.ai_socktype = SOCK_STREAM; hints.ai_family = AF_UNSPEC; @@ -3387,6 +3493,10 @@ void sh_xfer_start_server() */ sh_xfer_mark_dead (); + /* free the aliases list */ + zAVLFreeTree (all_aliases, free_alias); + all_aliases = NULL; + reset_count_dev_console(); reset_count_dev_time(); sl_trust_purge_user(); diff --git a/src/sh_xfer_syslog.c b/src/sh_xfer_syslog.c index ab516f5..8013e96 100644 --- a/src/sh_xfer_syslog.c +++ b/src/sh_xfer_syslog.c @@ -434,7 +434,7 @@ int sh_xfer_create_syslog_socket (int callerFlag) } #else - memset (&hints, '\0', sizeof (hints)); + memset (&hints, 0, sizeof (hints)); hints.ai_flags = AI_PASSIVE | AI_ADDRCONFIG; hints.ai_socktype = SOCK_DGRAM; if (getaddrinfo (NULL, "syslog", &hints, &ai) != 0) @@ -1,7 +1,16 @@ #include "config_xor.h" #if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) + +#if defined(__sun) || defined(__sun__) || defined(sun) +#define _XOPEN_SOURCE 500 +#else #define _XOPEN_SOURCE 600 +#endif + +#if defined(__GNUC__) +#define _DEFAULT_SOURCE +#endif #define _BSD_SOURCE #endif @@ -247,9 +256,9 @@ int dlog (int flag, const char * file, int line, const char *fmt, ...) if (flag == 1) { sl_snprintf (val, 81, _("\n--------- %10s "), file); - sl_strlcpy (msg, val, 80); + sl_strlcpy (msg, val, sizeof(msg)); sl_snprintf (val, 81, _(" --- %6d ---------\n"), line); - sl_strlcat (msg, val, 80); + sl_strlcat (msg, val, sizeof(msg)); sh_log_console (msg); } @@ -578,11 +587,37 @@ int sl_get_cap_qdel() { return 0; } /* * Have memset in a different translation unit (i.e. this) to prevent - * it to get optimized away + * it to get optimized away ...not safe with link-time optimisation... */ -void *sl_memset(void *s, int c, size_t n) +void * sl_memset(void *s, int c, size_t n) { - return memset(s, c,n); + /* See: + * https://www.usenix.org/sites/default/files/conference/protected-files/usenixsecurity17_slides_zhaomo_yang.pdf + */ +#if defined(HAVE_EXPLICIT_MEMSET) + return explicit_memset(s, c, n); +#elif defined(HAVE_EXPLICIT_BZERO) + if (c == 0) { + explicit_bzero(s, n); + return s; + } else { + return memset(s, c, n); + } +#elif defined(__GNUC__) + memset(s, c, n); + __asm__ __volatile__ ("" ::"r"(s): "memory"); /* compiler barrier */ + return s; +#else + if (c == 0) { + size_t i; + volatile unsigned char * t_s = (volatile unsigned char *)s; + for (i=0; i<n; ++i) + t_s[i] = 0; + return s; + } else { + return memset(s, c, n); + } +#endif } @@ -1069,6 +1104,40 @@ int sl_strcmp(const char * a, const char * b) return (-7); /* default to not equal */ } +/* Does not report sign. */ +int sl_ts_strncmp(const char * a, const char * b, size_t n) +{ +#ifdef SL_FAIL_ON_ERROR + SL_REQUIRE (a != NULL, _("a != NULL")); + SL_REQUIRE (b != NULL, _("b != NULL")); + SL_REQUIRE (n > 0, _("n > 0")); +#endif + + if (a != NULL && b != NULL) + { + const unsigned char *a1 = (const unsigned char *)a; + const unsigned char *b1 = (const unsigned char *)b; + size_t i; + int retval=0; + /* The simple index based access is optimized best by the + * compiler (tested with gcc 7.3.0). */ + for (i = 0; i < n; ++i) + { + if (a1[i] == '\0' || b1[i] == '\0') + break; + retval |= (a1[i] ^ b1[i]); + } + /* if (retval == 0) --> false (0) */ + return (retval != 0); + } + else if (a == NULL && b != NULL) + return (-1); + else if (a != NULL && b == NULL) + return (1); + else + return (-7); /* default to not equal */ +} + int sl_strncmp(const char * a, const char * b, size_t n) { #ifdef SL_FAIL_ON_ERROR @@ -1767,6 +1836,7 @@ SL_TICKET sl_make_ticket (const char * ofile, int oline, { free (ofiles[fd]); ofiles[fd] = NULL; + /* cppcheck-suppress memleak */ SL_IRETURN(SL_EMEM, _("sl_make_ticket")); } @@ -1779,6 +1849,7 @@ SL_TICKET sl_make_ticket (const char * ofile, int oline, (void) free (ofiles[fd]->path); (void) free (ofiles[fd]); ofiles[fd] = NULL; + /* cppcheck-suppress memleak */ SL_IRETURN(ticket, _("sl_make_ticket")); } @@ -1792,6 +1863,7 @@ SL_TICKET sl_make_ticket (const char * ofile, int oline, sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE); ofiles[fd]->oline = oline; + /* cppcheck-suppress memleak */ SL_IRETURN(ticket, _("sl_make_ticket")); } @@ -2376,6 +2448,7 @@ int sl_close (SL_TICKET ticket) TPT((0, FIL__, __LINE__, _("msg=<Error fclosing file.>, fd=<%d>, err=<%s>\n"), fd, strerror(errno))); + SL_IRETURN(SL_ECLOSE, _("sl_close")); } } else @@ -2385,6 +2458,7 @@ int sl_close (SL_TICKET ticket) TPT((0, FIL__, __LINE__, _("msg=<Error closing file.>, fd=<%d>, err=<%s>\n"), fd, strerror(errno))); + SL_IRETURN(SL_ECLOSE, _("sl_close")); } } @@ -2559,8 +2633,8 @@ int sl_read_timeout_prep (SL_TICKET ticket) } -int sl_read_timeout_fd (int fd, void * buf_in, size_t count, - int timeout, int is_nonblocking) +static int sl_read_timeout_fd_int (int fd, void * buf_in, size_t count, + int timeout, int is_nonblocking, int once) { int sflags = 0; fd_set readfds; @@ -2609,7 +2683,7 @@ int sl_read_timeout_fd (int fd, void * buf_in, size_t count, { bytes += byteread; count -= byteread; buf += byteread; - if (count == 0) + if (count == 0 || once == S_TRUE) break; } else if (byteread == 0) @@ -2693,6 +2767,18 @@ int sl_read_timeout_fd (int fd, void * buf_in, size_t count, return ((int) bytes); } +int sl_read_timeout_fd (int fd, void * buf_in, size_t count, + int timeout, int is_nonblocking) +{ + return sl_read_timeout_fd_int (fd, buf_in, count, timeout, is_nonblocking, S_FALSE); +} + +int sl_read_timeout_fd_once (int fd, void * buf_in, size_t count, + int timeout, int is_nonblocking) +{ + return sl_read_timeout_fd_int (fd, buf_in, count, timeout, is_nonblocking, S_TRUE); +} + int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count, int timeout, int is_nonblocking) { diff --git a/src/sstrip.c b/src/sstrip.c deleted file mode 100644 index a296561..0000000 --- a/src/sstrip.c +++ /dev/null @@ -1,538 +0,0 @@ -/* sstrip, version 2.0: Copyright (C) 1999-2001 by Brian Raiter, under the - * GNU General Public License. No warranty. See LICENSE for details. - */ - -/* Modified for portability and 64bit/32bit elf executables, Rainer Wichmann */ - -#include "config.h" - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <errno.h> -#include <unistd.h> -#include <fcntl.h> - -#if !defined(__ia64) && !defined(__ia64__) && !defined(__itanium__) && \ - !defined(__alpha) && !defined(__alpha__) && \ - (defined(HAVE_ELF_H) || defined(HAVE_LINUX_ELF_H)) && \ - (defined(__linux__) || defined(__FreeBSD__)) && \ - (defined(__i386__) || defined(__i386) || defined(i386)) - -/* || defined(__sun) || defined(__sun__) || defined(sun) */ - - -#if defined(HAVE_ELF_H) -#include <elf.h> -#else -#include <linux/elf.h> -#endif - -#ifndef TRUE -#define TRUE 1 -#define FALSE 0 -#endif - -#ifndef ELFCLASS32 -#define ELFCLASS32 1 /* 32-bit objects */ -#endif -#ifndef ELFCLASS64 -#define ELFCLASS64 2 /* 64-bit objects */ -#endif - - - -/* The name of the program. - */ -static char const *progname; - -/* The name of the current file. - */ -static char const *filename; - - -/* A simple error-handling function. FALSE is always returned for the - * convenience of the caller. - */ -static int err(char const *errmsg) -{ - fprintf(stderr, "%s: %s: %s\n", progname, filename, errmsg); - return FALSE; -} - -/* A macro for I/O errors: The given error message is used only when - * errno is not set. - */ -#define ferr(msg) (err(errno ? strerror(errno) : (msg))) - -/* readelfheader() reads the ELF header into our global variable, and - * checks to make sure that this is in fact a file that we should be - * munging. - */ -static int readelfheader_32(int fd, Elf32_Ehdr *ehdr) -{ - errno = 0; - if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) - return ferr("missing or incomplete ELF header."); - - /* Check the ELF signature. - */ - if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && - ehdr->e_ident[EI_MAG1] == ELFMAG1 && - ehdr->e_ident[EI_MAG2] == ELFMAG2 && - ehdr->e_ident[EI_MAG3] == ELFMAG3)) - return err("missing ELF signature."); - - /* Compare the file's class and endianness with the program's. - */ -#ifdef ELF_DATA - if (ehdr->e_ident[EI_DATA] != ELF_DATA) - return err("ELF file has different endianness."); -#endif - - if (ehdr->e_ident[EI_CLASS] != ELFCLASS32) - return FALSE; - - /* Check the target architecture. - */ -#ifdef ELF_ARCH - if (ehdr->e_machine != ELF_ARCH) - return err("ELF file created for different architecture."); -#endif - - /* Verify the sizes of the ELF header and the program segment - * header table entries. - */ - if (ehdr->e_ehsize != sizeof(Elf32_Ehdr)) - return err("unrecognized ELF header size."); - if (ehdr->e_phentsize != sizeof(Elf32_Phdr)) - return err("unrecognized program segment header size."); - - /* Finally, check the file type. - */ - if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) - return err("not an executable or shared-object library."); - - return TRUE; -} - -static int readelfheader_64(int fd, Elf64_Ehdr *ehdr) -{ - errno = 0; - - if (lseek(fd, 0, SEEK_SET)) - return ferr("could not rewind file"); - - if (read(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) - return ferr("missing or incomplete ELF header."); - - /* Check the ELF signature. - */ - if (!(ehdr->e_ident[EI_MAG0] == ELFMAG0 && - ehdr->e_ident[EI_MAG1] == ELFMAG1 && - ehdr->e_ident[EI_MAG2] == ELFMAG2 && - ehdr->e_ident[EI_MAG3] == ELFMAG3)) - return err("missing ELF signature."); - - /* Compare the file's class and endianness with the program's. - */ -#ifdef ELF_DATA - if (ehdr->e_ident[EI_DATA] != ELF_DATA) - return err("ELF file has different endianness."); -#endif - - if (ehdr->e_ident[EI_CLASS] != ELFCLASS64) - return err("ELF file has different word size."); - - /* Check the target architecture. - */ -#ifdef ELF_ARCH - if (ehdr->e_machine != ELF_ARCH) - return err("ELF file created for different architecture."); -#endif - - /* Verify the sizes of the ELF header and the program segment - * header table entries. - */ - if (ehdr->e_ehsize != sizeof(Elf64_Ehdr)) - return err("unrecognized ELF header size."); - if (ehdr->e_phentsize != sizeof(Elf64_Phdr)) - return err("unrecognized program segment header size."); - - /* Finally, check the file type. - */ - if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) - return err("not an executable or shared-object library."); - - return TRUE; -} - -/* readphdrtable() loads the program segment header table into memory. - */ -static int readphdrtable_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr **phdrs) -{ - size_t size; - - if (!ehdr->e_phoff || !ehdr->e_phnum) - return err("ELF file has no program header table."); - - size = ehdr->e_phnum * sizeof **phdrs; - if (!(*phdrs = calloc(1,size))) - return err("Out of memory!"); - - errno = 0; - if (read(fd, *phdrs, size) != (ssize_t)size) - return ferr("missing or incomplete program segment header table."); - - return TRUE; -} - -static int readphdrtable_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr **phdrs) -{ - size_t size; - - if (!ehdr->e_phoff || !ehdr->e_phnum) - return err("ELF file has no program header table."); - - size = ehdr->e_phnum * sizeof **phdrs; - if (!(*phdrs = calloc(1,size))) - return err("Out of memory!"); - - errno = 0; - if (read(fd, *phdrs, size) != (ssize_t)size) - return ferr("missing or incomplete program segment header table."); - - return TRUE; -} - -/* getmemorysize() determines the offset of the last byte of the file - * that is referenced by an entry in the program segment header table. - * (Anything in the file after that point is not used when the program - * is executing, and thus can be safely discarded.) - */ -static int getmemorysize_32(Elf32_Ehdr const *ehdr, Elf32_Phdr const *phdrs, - unsigned long *newsize) -{ - Elf32_Phdr const *phdr; - unsigned long size, n; - unsigned int i; - - /* Start by setting the size to include the ELF header and the - * complete program segment header table. - */ - size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; - if (size < sizeof *ehdr) - size = sizeof *ehdr; - - /* Then keep extending the size to include whatever data the - * program segment header table references. - */ - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { - if (phdr->p_type != PT_NULL) { - n = phdr->p_offset + phdr->p_filesz; - if (n > size) - size = n; - } - } - - *newsize = size; - return TRUE; -} - -static int getmemorysize_64(Elf64_Ehdr const *ehdr, Elf64_Phdr const *phdrs, - unsigned long *newsize) -{ - Elf64_Phdr const *phdr; - unsigned long size, n; - unsigned int i; - - /* Start by setting the size to include the ELF header and the - * complete program segment header table. - */ - size = ehdr->e_phoff + ehdr->e_phnum * sizeof *phdrs; - if (size < sizeof *ehdr) - size = sizeof *ehdr; - - /* Then keep extending the size to include whatever data the - * program segment header table references. - */ - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { - if (phdr->p_type != PT_NULL) { - n = phdr->p_offset + phdr->p_filesz; - if (n > size) - size = n; - } - } - - *newsize = size; - return TRUE; -} - -/* truncatezeros() examines the bytes at the end of the file's - * size-to-be, and reduces the size to exclude any trailing zero - * bytes. - */ -static int truncatezeros(int fd, unsigned long *newsize) -{ - unsigned char contents[1024]; - unsigned long size, n; - - size = *newsize; - do { - n = sizeof contents; - if (n > size) - n = size; - if (lseek(fd, size - n, SEEK_SET) == (off_t)-1) - return ferr("cannot seek in file."); - if (read(fd, contents, n) != (ssize_t)n) - return ferr("cannot read file contents"); - while (n && !contents[--n]) - --size; - } while (size && !n); - - /* Sanity check. - */ - if (!size) - return err("ELF file is completely blank!"); - - *newsize = size; - return TRUE; -} - -/* modifyheaders() removes references to the section header table if - * it was stripped, and reduces program header table entries that - * included truncated bytes at the end of the file. - */ -static int modifyheaders_32(Elf32_Ehdr *ehdr, Elf32_Phdr *phdrs, - unsigned long newsize) -{ - Elf32_Phdr *phdr; - unsigned int i; - - /* If the section header table is gone, then remove all references - * to it in the ELF header. - */ - if (ehdr->e_shoff >= newsize) { - ehdr->e_shoff = 0; - ehdr->e_shnum = 0; - ehdr->e_shentsize = 0; - ehdr->e_shstrndx = 0; - } - - /* The program adjusts the file size of any segment that was - * truncated. The case of a segment being completely stripped out - * is handled separately. - */ - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { - if (phdr->p_offset >= newsize) { - phdr->p_offset = newsize; - phdr->p_filesz = 0; - } else if (phdr->p_offset + phdr->p_filesz > newsize) { - phdr->p_filesz = newsize - phdr->p_offset; - } - } - - return TRUE; -} - -static int modifyheaders_64(Elf64_Ehdr *ehdr, Elf64_Phdr *phdrs, - unsigned long newsize) -{ - Elf64_Phdr *phdr; - unsigned int i; - - /* If the section header table is gone, then remove all references - * to it in the ELF header. - */ - if (ehdr->e_shoff >= newsize) { - ehdr->e_shoff = 0; - ehdr->e_shnum = 0; - ehdr->e_shentsize = 0; - ehdr->e_shstrndx = 0; - } - - /* The program adjusts the file size of any segment that was - * truncated. The case of a segment being completely stripped out - * is handled separately. - */ - for (i = 0, phdr = phdrs ; i < ehdr->e_phnum ; ++i, ++phdr) { - if (phdr->p_offset >= newsize) { - phdr->p_offset = newsize; - phdr->p_filesz = 0; - } else if (phdr->p_offset + phdr->p_filesz > newsize) { - phdr->p_filesz = newsize - phdr->p_offset; - } - } - - return TRUE; -} - -/* commitchanges() writes the new headers back to the original file - * and sets the file to its new size. - */ -static int commitchanges_32(int fd, Elf32_Ehdr const *ehdr, Elf32_Phdr *phdrs, - unsigned long newsize) -{ - size_t n; - - /* Save the changes to the ELF header, if any. - */ - if (lseek(fd, 0, SEEK_SET)) - return ferr("could not rewind file"); - errno = 0; - if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) - return err("could not modify file"); - - /* Save the changes to the program segment header table, if any. - */ - if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { - err("could not seek in file."); - goto warning; - } - n = ehdr->e_phnum * sizeof *phdrs; - if (write(fd, phdrs, n) != (ssize_t)n) { - err("could not write to file"); - goto warning; - } - - /* Eleventh-hour sanity check: don't truncate before the end of - * the program segment header table. - */ - if (newsize < ehdr->e_phoff + n) - newsize = ehdr->e_phoff + n; - - /* Chop off the end of the file. - */ - if (ftruncate(fd, newsize)) { - err("could not resize file"); - goto warning; - } - - return TRUE; - - warning: - return err("ELF file may have been corrupted!"); -} - -static int commitchanges_64(int fd, Elf64_Ehdr const *ehdr, Elf64_Phdr *phdrs, - unsigned long newsize) -{ - size_t n; - - /* Save the changes to the ELF header, if any. - */ - if (lseek(fd, 0, SEEK_SET)) - return ferr("could not rewind file"); - errno = 0; - if (write(fd, ehdr, sizeof *ehdr) != sizeof *ehdr) - return err("could not modify file"); - - /* Save the changes to the program segment header table, if any. - */ - if (lseek(fd, ehdr->e_phoff, SEEK_SET) == (off_t)-1) { - err("could not seek in file."); - goto warning; - } - n = ehdr->e_phnum * sizeof *phdrs; - if (write(fd, phdrs, n) != (ssize_t)n) { - err("could not write to file"); - goto warning; - } - - /* Eleventh-hour sanity check: don't truncate before the end of - * the program segment header table. - */ - if (newsize < ehdr->e_phoff + n) - newsize = ehdr->e_phoff + n; - - /* Chop off the end of the file. - */ - if (ftruncate(fd, newsize)) { - err("could not resize file"); - goto warning; - } - - return TRUE; - - warning: - return err("ELF file may have been corrupted!"); -} - -/* main() loops over the cmdline arguments, leaving all the real work - * to the other functions. - */ -int main(int argc, char *argv[]) -{ - int fd; - int is_32bit_elf; - Elf32_Ehdr ehdr32; - Elf32_Phdr *phdrs32 = NULL; - Elf64_Ehdr ehdr64; - Elf64_Phdr *phdrs64 = NULL; - unsigned long newsize; - char **arg; - int failures = 0; - - if (argc < 2 || argv[1][0] == '-') { - printf("Usage: sstrip FILE...\n" - "sstrip discards all nonessential bytes from an executable.\n\n" - "Version 2.0 Copyright (C) 2000,2001 Brian Raiter.\n" - "This program is free software, licensed under the GNU\n" - "General Public License. There is absolutely no warranty.\n"); - return EXIT_SUCCESS; - } - - progname = argv[0]; - - for (arg = argv + 1 ; *arg != NULL ; ++arg) { - filename = *arg; - - fd = open(*arg, O_RDWR); - if (fd < 0) { - ferr("can't open"); - ++failures; - continue; - } - - if (readelfheader_32(fd, &ehdr32)) { - is_32bit_elf = TRUE; - } - else if (readelfheader_64(fd, &ehdr64)) { - is_32bit_elf = FALSE; - } - else { - close(fd); - return EXIT_FAILURE; - } - - if (is_32bit_elf) { - if (!(readphdrtable_32(fd, &ehdr32, &phdrs32) && - getmemorysize_32(&ehdr32, phdrs32, &newsize) && - truncatezeros(fd, &newsize) && - modifyheaders_32(&ehdr32, phdrs32, newsize) && - commitchanges_32(fd, &ehdr32, phdrs32, newsize))) - ++failures; - } - else { - if (!(readphdrtable_64(fd, &ehdr64, &phdrs64) && - getmemorysize_64(&ehdr64, phdrs64, &newsize) && - truncatezeros(fd, &newsize) && - modifyheaders_64(&ehdr64, phdrs64, newsize) && - commitchanges_64(fd, &ehdr64, phdrs64, newsize))) - ++failures; - } - - close(fd); - } - - return failures ? EXIT_FAILURE : EXIT_SUCCESS; -} - -#else - -int main() -{ - return (EXIT_SUCCESS); -} - -#endif diff --git a/src/t-test0.c b/src/t-test0.c index ed03554..034ca6e 100644 --- a/src/t-test0.c +++ b/src/t-test0.c @@ -165,7 +165,7 @@ mem_init(unsigned char *ptr, unsigned long size) if(size == 0) return; #if TEST > 3 - memset(ptr, '\0', size); + memset(ptr, 0, size); #endif for(i=0; i<size; i+=2047) { j = (unsigned long)ptr ^ i; @@ -389,7 +389,7 @@ malloc_test(unsigned long size, int bins, int max) #endif actions = RANDOM(&ld, ACTIONS_MAX); #if USE_MALLOC && MALLOC_DEBUG - if(actions < 2) { mallinfo(); } + if(actions < 2) { mallinfo2(); } #endif for(j=0; j<actions; j++) { b = RANDOM(&ld, p.bins); diff --git a/src/t-test1.c b/src/t-test1.c index 942f81d..9b3ebec 100644 --- a/src/t-test1.c +++ b/src/t-test1.c @@ -498,7 +498,7 @@ malloc_test(struct thread_st *st) #endif actions = RANDOM(&ld, ACTIONS_MAX); #if USE_MALLOC && MALLOC_DEBUG - if(actions < 2) { mallinfo(); } + if(actions < 2) { mallinfo2(); } #endif for(j=0; j<actions; j++) { b = RANDOM(&ld, p.bins); diff --git a/src/yulectl.c b/src/yulectl.c index 50a837b..8948695 100644 --- a/src/yulectl.c +++ b/src/yulectl.c @@ -47,8 +47,10 @@ #define SH_REQ_PASSWORD 1 #endif +#define SH_PW_SIZE 15 + static int sock = -1; -static char password[15] = ""; +static char password[SH_PW_SIZE] = ""; static int verbose = 0; #ifdef SH_STEALTH @@ -122,13 +124,10 @@ termination_handler (int signum) static char * safe_copy(char * to, const char * from, size_t size) { - if (to && from) + if (to && from && (size > 0)) { - strncpy (to, from, size); - if (size > 0) - to[size-1] = '\0'; - else - *to = '\0'; + strncpy (to, from, size-1); + to[size-1] = '\0'; } return to; } @@ -143,7 +142,13 @@ static int send_to_server (char * serversock, char * message) /* Initialize the server socket address. */ name.sun_family = AF_UNIX; - strncpy (name.sun_path, serversock, sizeof(name.sun_path) - 1); + memcpy(name.sun_path, serversock, sizeof(name.sun_path)); + name.sun_path[sizeof(name.sun_path)-1] = '\0'; + if (strlen(serversock) > strlen(name.sun_path)) + { + perror (_("ERROR: socket path too long")); + return -1; + } size = (offsetof (struct sockaddr_un, sun_path) + strlen (name.sun_path) + 1); @@ -400,7 +405,7 @@ static int get_passwd(char * message2, size_t size) /* 1) Password from environment */ pw = getenv(_("YULECTL_PASSWORD")); - if (pw && strlen(pw) < 15) + if (pw && strlen(pw) < SH_PW_SIZE) { strcpy(password, pw); strcpy(message2, password); @@ -412,7 +417,7 @@ static int get_passwd(char * message2, size_t size) if (get_home(home, sizeof(home)) < 0) return -1; - if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > 4096) + if ( (strlen(home) + strlen(_("/.yulectl_cred")) + 1) > sizeof(home)) { fprintf (stderr, "%s", _("ERROR: path for $HOME is too long.\n")); return -1; @@ -450,7 +455,7 @@ static int get_passwd(char * message2, size_t size) (void) rtrim(message2); - if (strlen(message2) > 14) + if (strlen(message2) > (SH_PW_SIZE -1)) { fprintf (stderr, "%s", _("ERROR: Password too long (max. 14 characters).\n")); diff --git a/test/test.sh b/test/test.sh index 701a114..2a37a35 100755 --- a/test/test.sh +++ b/test/test.sh @@ -153,6 +153,7 @@ usage() { echo " ${S}test.sh 11${E} -- CL verify option" echo " ${S}test.sh 12${E} -- CL create DeltaDB" echo " ${S}test.sh 13${E} -- CL create/verify partial DB" + echo " ${S}test.sh 14${E} -- Signify signed files" echo " ${S}test.sh 20${E} -- Test c/s init/check (testrc_2.in)" echo " ${S}test.sh 21${E} -- Test full c/s init/check (testrc_2.in)" @@ -162,6 +163,7 @@ usage() { echo " ${S}test.sh 25${E} -- Test server w/yulectl (testrc_2.in)" echo " ${S}test.sh 26${E} -- Test c/s case one (testrc_2.in)" echo " ${S}test.sh 27${E} -- Test c/s case two (testrc_2.in)" + echo " ${S}test.sh 28${E} -- Test full c/s w/signify (testrc_2.in)" echo " ${S}test.sh all${E} -- All tests" } scripts () { @@ -170,10 +172,11 @@ scripts () { echo " (1) testcompile.sh (2) testhash.sh (3) testrun_1.sh (4) testrun_1a.sh" echo " (5) testext.sh (6) testtimesrv.sh (7) testrun_1b.sh (8) testrun_1c.sh" echo " (9) testrun_1d.sh (10) testrun_1e.sh (11) testrun_1f.sh (12) testrun_1g.sh" - echo " (13) testrun_1h.sh" + echo " (13) testrun_1h.sh (14) testrun_1i.sh" echo " (20) testrun_2.sh (21) testrun_2a.sh (22) testrun_2b.sh (23) testrun_2c.sh" echo " (24) testrun_2d.sh (25) testrun_2e.sh (26) testrun_2f.sh (27) testrun_2g.sh" -} + echo " (28) testrun_2h.sh" + } # # Option parsing @@ -656,6 +659,12 @@ if test x$1 = x13; then print_summary exit $? fi +if test x$1 = x14; then + . ${SCRIPTDIR}/testrun_1i.sh + testrun1i + print_summary + exit $? +fi if test x$1 = x20; then . ${SCRIPTDIR}/testrun_2.sh testrun2 $hostname @@ -707,6 +716,13 @@ if test x$1 = x27; then print_summary exit $? fi +if test x$1 = x28; then + . ${SCRIPTDIR}/testrun_2a.sh + . ${SCRIPTDIR}/testrun_2h.sh + testrun2h $hostname + print_summary + exit $? +fi if test x$1 = xall; then TEST_MAX=0 . ${SCRIPTDIR}/testcompile.sh @@ -735,6 +751,8 @@ if test x$1 = xall; then let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_1h.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_1i.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2a.sh @@ -751,6 +769,8 @@ if test x$1 = xall; then let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null . ${SCRIPTDIR}/testrun_2g.sh let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null + . ${SCRIPTDIR}/testrun_2h.sh + let "TEST_MAX = TEST_MAX + MAXTEST" >/dev/null # # ${SCRIPTDIR}/testtimesrv.sh # ${SCRIPTDIR}/testrun_1b.sh @@ -809,6 +829,10 @@ if test x$1 = xall; then MAXTEST=${TEST_MAX}; export MAXTEST testrun1h # + . ${SCRIPTDIR}/testrun_1i.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun1i + # . ${SCRIPTDIR}/testrun_2.sh MAXTEST=${TEST_MAX}; export MAXTEST testrun2 $hostname @@ -841,6 +865,10 @@ if test x$1 = xall; then MAXTEST=${TEST_MAX}; export MAXTEST testrun2g $hostname # + . ${SCRIPTDIR}/testrun_2h.sh + MAXTEST=${TEST_MAX}; export MAXTEST + testrun2h $hostname + # print_summary exit 0 fi diff --git a/test/test1i_file.sig b/test/test1i_file.sig Binary files differnew file mode 100644 index 0000000..d21c6f1 --- /dev/null +++ b/test/test1i_file.sig diff --git a/test/test1i_samhain.pub b/test/test1i_samhain.pub new file mode 100644 index 0000000..bd8ca3e --- /dev/null +++ b/test/test1i_samhain.pub @@ -0,0 +1,2 @@ +untrusted comment: signify public key +RWRGHbBcvfnUvBA0DUrvkt5OIZzdOgD0X8mTn6wKd4UNOHp8mVL2pCKP diff --git a/test/testcompile.sh b/test/testcompile.sh index d7b2ed2..98ff269 100755 --- a/test/testcompile.sh +++ b/test/testcompile.sh @@ -24,6 +24,17 @@ MAXTEST=79; export MAXTEST run_dnmalloc () { + uname -a | grep -i openbsd >/dev/null + if test x$? = x0; then + log_skip $num ${MAXTEST} 'test dnmalloc' + return 0 + fi + uname -a | grep -i darwin >/dev/null + if test x$? = x0; then + log_skip $num ${MAXTEST} 'test dnmalloc' + return 0 + fi + fail=0 if test x$1 = x0; then [ -z "$verbose" ] || log_msg_ok "configure..."; @@ -93,9 +104,9 @@ run_cppcheck () fi # cd src/ - stat=`cppcheck --quiet --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` + stat=`cppcheck --quiet --library=posix.cfg --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c 2>&1 | wc -l` if [ $stat -ne 0 ]; then - cppcheck --quiet --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 + cppcheck --quiet --library=posix.cfg --inline-suppr --force -j 4 --template="{file},{line},{severity},{id},{message}" -I. -I.. -I../include sh_*.c samhain.c slib.c dnmalloc.c zAVLTree.c trustfile.c rijndael-*.c bignum.c >>../test_log 2>&1 retval=1 [ -z "$quiet" ] && log_fail $2 ${MAXTEST} "check w/cppcheck"; else @@ -167,6 +178,7 @@ testmake () else sed --in-place 's/-Wno-empty-body/-Wno-empty-body -Wno-invalid-source-encoding/g' Makefile sed --in-place 's/-fno-strength-reduce//g' Makefile + sed --in-place 's/-fstack-clash-protection//g' Makefile $MAKE -e CC=$CLANG_CC -e BUILD_CC=$CLANG_CC cutest > /dev/null 2>> test_log fi if test x$? = x0; then diff --git a/test/testit.sh b/test/testit.sh deleted file mode 100755 index 3f8ab76..0000000 --- a/test/testit.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# -if test x$UID != x -a x$UID != x0; then - TRUST="--with-trusted=0,2,$UID" -else - TRUST="--with-trusted=0,2,1000" -fi -export TRUST -# -PW_DIR=`pwd`; export PW_DIR -RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE -LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE -# -OPTIONS="\ ---enable-db-reload \ ---enable-suidcheck \ ---enable-login-watch \ ---enable-mounts-check \ ---enable-logfile-monitor \ ---enable-process-check \ ---enable-port-check \ ---enable-xml-log \ ---enable-userfiles \ ---disable-shellexpand \ ---disable-ipv6 \ -" - -./configure --quiet $TRUST \ - --prefix=$PW_DIR \ - --localstatedir=$PW_DIR \ - --with-config-file=$RCFILE \ - --with-log-file=$LOGFILE \ - --with-pid-file=$PW_DIR/.samhain_lock \ - --with-data-file=$PW_DIR/.samhain_file $OPTIONS - -if [ $? -ne 0 ]; -then - echo "Configure failed" - exit 1 -fi - -make samhain - -if [ $? -ne 0 ]; -then - echo "Make failed" - exit 1 -fi diff --git a/test/testrc_1i.dyn b/test/testrc_1i.dyn new file mode 100644 index 0000000..408f79b --- /dev/null +++ b/test/testrc_1i.dyn @@ -0,0 +1,40 @@ +untrusted comment: verify with samhain.pub +RWRGHbBcvfnUvI+f5wRdzGBIpcVr3e3YJoB9f7ltII+sWwTpKBjfh60VkC0e/svAHFR03LIwALRz8CB70EokYYa3FVnmPgWv5Qg= + +[Attributes] +file=/etc + +# not really logfiles, but almost guaranteed to exist +[GrowingLogFiles] +file=/etc/services +file=/etc/hosts +file=/etc/motd + +[EventSeverity] +SeverityUser0=crit +SeverityUser1=crit +SeverityReadOnly=crit +SeverityLogFiles=crit +SeverityGrowingLogs=crit +SeverityIgnoreNone=crit +SeverityAttributes=crit +SeverityIgnoreAll=warn +SeverityFiles=notice +SeverityDirs=info +SeverityNames=warn + +[Log] +MailSeverity=none +LogSeverity=warn +SyslogSeverity=none +PrintSeverity=info + +[Misc] +Daemon=no +SetFilecheckTime=120 +SetRecursionLevel=10 +SetLoopTime=60 +ReportFullDetail = no +ChecksumTest=check + +[EOF] diff --git a/test/testrun_1b.sh b/test/testrun_1b.sh index eda3ebf..c194821 100755 --- a/test/testrun_1b.sh +++ b/test/testrun_1b.sh @@ -67,8 +67,7 @@ testrun1b_internal () fi # # - ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null | \ - egrep 'use existing [./[:alnum:]]+ for gpg checksum' >/dev/null + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null # # if test x$? = x0; then @@ -239,13 +238,15 @@ do_test_1b () { do_test_1b_2 () { - rm -f $PW_DIR/test_log_prelude - - [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } - "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & - PID=$! + #rm -f $PW_DIR/test_log_prelude + test_log_prelude="/var/log/prelude/prelude-text.log" + echo -n >"${test_log_prelude}" + + #[ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } + #"$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + #PID=$! - five_sec_sleep + #five_sec_sleep ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null @@ -259,39 +260,39 @@ do_test_1b_2 () { [ -z "$verbose" ] || log_msg_ok "check..."; else [ -z "$quiet" ] && log_msg_fail "check..."; - kill $PID + #kill $PID return 1 fi # - tmp=`egrep 'File original:.*name=etc.*path=/etc' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'File original:.*name=etc.*path=/etc' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "/etc"; - kill $PID + #kill $PID return 1 fi - tmp=`egrep 'Classification text: Checking' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Classification text: Checking' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "checking"; - kill $PID + #kill $PID return 1 fi # if test "x$2" = "xmodrc"; then - tmp=`egrep 'Classification text: Service opened' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Classification text: Service opened' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "service"; - kill $PID + #kill $PID return 1 fi - tmp=`egrep 'Service: port=5500' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Service: port=5500' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; - kill $PID + #kill $PID return 1 fi fi # - kill $PID + #kill $PID return 0 } diff --git a/test/testrun_1e.sh b/test/testrun_1e.sh index 3cdd4cd..c2d874b 100755 --- a/test/testrun_1e.sh +++ b/test/testrun_1e.sh @@ -24,6 +24,8 @@ export BUILDOPTS MAXTEST=5; export MAXTEST +test_log_prelude="/var/log/prelude/prelude-text.log"; export test_log_prelude + PORTPOLICY_5=" [ReadOnly] file=${BASE} @@ -41,7 +43,7 @@ chk_portdata_5 () { elif [ -z "$doall" ]; then log_skip 5 $MAXTEST 'logging to prelude (or use --really-all)' else - tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' test_log_prelude 2>/dev/null | wc -l` + tmp=`egrep 'Service: port=5500 .unknown. protocol=tcp' ${test_log_prelude} 2>/dev/null | wc -l` if [ $tmp -lt 1 ]; then [ -z "$verbose" ] || log_msg_fail "port 5500"; [ -z "$quiet" ] && log_fail 5 ${MAXTEST}; @@ -186,6 +188,8 @@ prep_portpolicy () run_check_prelude() { + echo -n >"${test_log_prelude}" + ./samhain -t check -p none -l info --set-prelude-severity=info --prelude --server-addr 127.0.0.1:5500 >/dev/null if test x$? = x0; then @@ -321,9 +325,9 @@ testrun_internal_1e () # # - [ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } - "$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & - PRELUDEPID=$! + #[ -z "$verbose" ] || { echo " starting prelude-manager.."; echo " ($PM --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 &)"; } + #"$PM" --textmod -l $PW_DIR/test_log_prelude --listen 127.0.0.1:5500 >/dev/null 2>&1 & + #PRELUDEPID=$! # # five_sec_sleep diff --git a/test/testrun_1i.sh b/test/testrun_1i.sh new file mode 100755 index 0000000..2eb3bd5 --- /dev/null +++ b/test/testrun_1i.sh @@ -0,0 +1,322 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +MAXTEST=4; export MAXTEST +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_1.dyn"; export RCFILE + +testrun1b_modrc () +{ + ORIGINAL="\[EOF\]" + REPLACEMENT="\[PortCheck\]" + ex -s $RCFILE <<EOF +%s/$ORIGINAL/$REPLACEMENT/g +wq +EOF + + echo "PortCheckActive = yes" >>"$RCFILE" + echo "PortCheckInterface = 127.0.0.1" >>"$RCFILE" +} + +testrun1b_internal () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + # + # Bootstrapping + # + ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; + else + [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; + return 1 + fi + # + # + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + cp ${SCRIPTDIR}/testrc_1i.dyn "$RCFILE" + + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed config file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed config file..."; + return 1 + fi + + if test "x$2" = "x"; then + : + else + CONVERT="$2" + if test -f "${TOP_SRCDIR}/stealth_template.jpg"; then + [ -z "$verbose" ] || log_msg_ok "convert..." + "${CONVERT}" +compress "${TOP_SRCDIR}/stealth_template.jpg" stealth_template.ps >/dev/null + else + [ -z "$quiet" ] && log_msg_fail "cannot find file stealth_template.jpg" + return 1 + fi + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + [ -z "$verbose" ] || log_msg_ok "hide..." + ./samhain_stealth -s stealth_template.ps "$RCFILE" >/dev/null + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "${CONVERT} +compress ${TOP_SRCDIR}/stealth_template.jpg stealth_template.ps"; + return 1 + fi + + mv -f stealth_template.ps "$RCFILE" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv -f stealth_template.ps $RCFILE"; + return 1 + fi + + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + cp ${SCRIPTDIR}/test1i_file.sig $PW_DIR/.samhain_file + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed database file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed database file..."; + return 1 + fi +} + +testrun1b_nogpg () +{ + BUILDOPTS="$1" + # + # test standalone compilation + # + [ -z "$verbose" ] || { echo; echo "${S}Building standalone agent${E}"; echo; } + # + if test -r "Makefile"; then + $MAKE distclean >/dev/null >&1 + fi + + ${TOP_SRCDIR}/configure ${BUILDOPTS} 2>/dev/null + # + # + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + + cp "${SCRIPTDIR}/testrc_1" "${RCFILE}" + + if test "x$2" = "xmodrc"; then + [ -z "$verbose" ] || log_msg_ok "mod rc..."; + testrun1b_modrc + fi + + ./samhain -t init -p none -l info + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + +} + +do_test_1b () { + + ./samhain -t check -p none -l info + + if test x$? = x0; then + ./samhain -j -L $LOGFILE >"${LOGFILE}.tmp" && mv "${LOGFILE}.tmp" "${LOGFILE}" + if [ $? -ne 0 ]; then + [ -z "$quiet" ] && log_msg_fail "mv logfile..."; + return 1 + fi + [ -z "$verbose" ] || log_msg_ok "check..."; + else + [ -z "$quiet" ] && log_msg_fail "check..."; + return 1 + fi + # + tmp=`egrep "Checking.*/etc(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 2 ]; then + [ -z "$verbose" ] || log_msg_fail "/etc"; + return 1 + fi + tmp=`egrep "Checking.*(>|\")" $LOGFILE 2>/dev/null | wc -l` + if [ $tmp -ne 10 ]; then + [ -z "$verbose" ] || log_msg_fail "checking"; + return 1 + fi + egrep "ADDED" $LOGFILE >/dev/null 2>&1 + if [ $? -eq 0 ]; then + [ -z "$verbose" ] || log_msg_fail "init was incomplete"; + return 1 + fi + # + return 0 +} + +testrun1i () +{ + log_start "RUN STANDALONE W/STEALTH W/SIGNIFY" + SIGNIFY=`find_path signify-openbsd` + if [ -z "$SIGNIFY" ]; then + SIGNIFY=`find_path signify` + fi + if [ -z "$SIGNIFY" ]; then + log_skip 1 $MAXTEST 'signify not found in $PATH' + log_skip 2 $MAXTEST 'signify not found in $PATH' + log_skip 3 $MAXTEST 'signify not found in $PATH' + log_skip 4 $MAXTEST 'signify not found in $PATH' + else + eval "ls ~/.signify/samhain.pub >/dev/null 2>/dev/null" + if [ $? -ne 0 ]; then + log_skip 1 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 2 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 3 $MAXTEST 'public key ~/.signify/samhain.pub not present' + log_skip 4 $MAXTEST 'public key ~/.signify/samhain.pub not present' + else + # + # ------------- first test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 1 $MAXTEST 'signify signed config/database files' + else + log_fail 1 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- second test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 2 $MAXTEST 'signify signed config/database files' + else + log_fail 2 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- third test ------------- + # + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --with-pubkey-checksum=62F3EAE3CD9BA8849015060750908790B6326015A20AC0DA --enable-micro-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 3 $MAXTEST 'signify signed config/database files' + else + log_fail 3 $MAXTEST 'signify signed config/database files' + fi + + + # + # ------------- fourth test ------------- + # + PRECONV=`find_path convert` + "${PRECONV}" --help | grep ImageMagick >/dev/null 2>&1 && \ + CONVERT="${PRECONV}" + + if [ -z "$CONVERT" ]; then + log_skip 2 $MAXTEST 'ImageMagick convert not found in $PATH' + else + BUILDOPTS="--quiet $TRUST --enable-debug --with-signify=${SIGNIFY} --with-checksum --enable-stealth=137 --enable-login-watch --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=$RCFILE --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock --with-data-file=$PW_DIR/.samhain_file" + testrun1b_internal "${BUILDOPTS}" "$CONVERT" + do_test_1b + if [ $? -eq 0 ]; then + log_ok 4 $MAXTEST 'signify signed config/database files' + else + log_fail 4 $MAXTEST 'signify signed config/database files' + fi + fi + + fi + fi + log_end "RUN STANDALONE W/STEALTH W/SIGNIFY" + return 0 +} + diff --git a/test/testrun_2d.sh b/test/testrun_2d.sh index bfdcb1a..b457753 100755 --- a/test/testrun_2d.sh +++ b/test/testrun_2d.sh @@ -37,11 +37,11 @@ check_psql_log () { rm -f test_log_db # PGPASSWORD=samhain; export PGPASSWORD create_pgpass - psql -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" + psql -h localhost -o test_log_db -U samhain -d samhain -c "SELECT * FROM log WHERE entry_status = 'NEW' and log_time > '${DATE}';" # egrep "START.*Yule" test_log_db >/dev/null 2>&1 if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "Server start (psql)"; + [ -z "$verbose" ] || log_msg_fail "Server start (psql) DATE ${DATE}"; return 1 fi egrep "NEW CLIENT" test_log_db >/dev/null 2>&1 @@ -87,7 +87,7 @@ testrun2d () else # PGPASSWORD="samhain"; export PGPASSWORD create_pgpass - TEST=`psql -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` + TEST=`psql -h localhost -U samhain -d samhain -c "SELECT * FROM log LIMIT 1;" 2>/dev/null` if [ $? -ne 0 -o -z "$TEST" ]; then log_skip 1 $MAXTEST "psql not default setup" return 1 @@ -116,6 +116,13 @@ EOF wq EOF # + ORIGINAL="# setdbname=samhain" + REPLACEMENT="setdbhost=127.0.0.1" + ex -s $RCFILE <<EOF +%s/$ORIGINAL/$REPLACEMENT/g +wq +EOF + # do_test_1_a # if [ $? -ne 0 ]; then diff --git a/test/testrun_2g.sh b/test/testrun_2g.sh index dadbba6..2440f52 100755 --- a/test/testrun_2g.sh +++ b/test/testrun_2g.sh @@ -93,7 +93,7 @@ do_test_2_g_yule_start () { return 1 fi five_sec_sleep - PROC_S=$( ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' ) + PROC_S=$( ps aux | grep samhain.new | grep -v grep | awk '{ print $2; }' | sort | head -n 1 ) for ff in 1 2; do five_sec_sleep @@ -203,7 +203,10 @@ do_test_2_g_one () { # UUID=$(uuidgen) mv ./file.delta file.${SH_LOCALHOST}.${UUID} - cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + fi # # >>> (3) Tell client to load delta database. @@ -222,20 +225,28 @@ do_test_2_g_one () { return 1 fi + NHOSTS=1 + ./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST} if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (1)"; kill $PROC_S; kill $PROC_Y; return 1 fi - ./yulectl -c "DELTA:${UUID}" ${ALTHOST} - if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; - kill $PROC_S; kill $PROC_Y; - return 1 + + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + ./yulectl -c "DELTA:${UUID}" ${ALTHOST} + NHOSTS=2 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; + kill $PROC_S; kill $PROC_Y; + return 1 + fi fi + NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) - if [ $NR -ne 2 ]; then + if [ $NR -ne $NHOSTS ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (3)"; [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; @@ -248,7 +259,8 @@ do_test_2_g_one () { five_sec_sleep done # - NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) + NR=$( ./yulectl -c LISTALL | grep ${UUID} | grep SENT | grep -v grep | wc -l ) + # NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) if [ $NR -ne 1 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (4)"; [ -z "$verbose" ] || ./yulectl -c LISTALL @@ -316,7 +328,8 @@ do_test_2_g_three () { kill $PROC_S; kill $PROC_Y; return 1 fi - + [ -z "$verbose" ] || log_msg_ok "... DeltaDB created ..."; + # # >>> (2) Copy to server and tag with a UUID # @@ -328,8 +341,12 @@ do_test_2_g_three () { rm -f ./file.* else mv ./file.delta file.${SH_LOCALHOST}.${UUID} - cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp file.${SH_LOCALHOST}.${UUID} "./file.${ALTHOST}.${UUID}" + fi fi + [ -z "$verbose" ] || log_msg_ok "... DeltaDB copied as file.${SH_LOCALHOST}.${UUID} ..."; # # >>> (3) Tell client to load delta database. @@ -348,25 +365,34 @@ do_test_2_g_three () { return 1 fi + NHOSTS=1 + ./yulectl -c "DELTA:${UUID}" ${SH_LOCALHOST} if [ $? -ne 0 ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (1)"; kill $PROC_S; kill $PROC_Y; return 1 fi - ./yulectl -c "DELTA:${UUID}" ${ALTHOST} - if [ $? -ne 0 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; - kill $PROC_S; kill $PROC_Y; - return 1 + + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + ./yulectl -c "DELTA:${UUID}" ${ALTHOST} + NHOSTS=2 + if [ $? -ne 0 ]; then + [ -z "$verbose" ] || log_msg_fail "yulectl (2)"; + kill $PROC_S; kill $PROC_Y; + return 1 + fi fi + NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) - if [ $NR -ne 2 ]; then + if [ $NR -ne $NHOSTS ]; then [ -z "$verbose" ] || log_msg_fail "yulectl (3)"; [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; return 1 fi + [ -z "$verbose" ] || log_msg_ok "... command sent to client ..."; # Wait and verify that command has been sent # @@ -374,13 +400,17 @@ do_test_2_g_three () { five_sec_sleep done # - NR=$( ./yulectl -c LIST | grep ${UUID} | grep -v grep | wc -l ) + NR=$( ./yulectl -c LISTALL | grep ${UUID} | grep SENT | grep -v grep | wc -l ) if [ $NR -ne 1 ]; then - [ -z "$verbose" ] || log_msg_fail "yulectl (4)"; + [ -z "$verbose" ] || log_msg_fail "yulectl (4): ${UUID}"; [ -z "$verbose" ] || ./yulectl -c LISTALL + [ -z "$verbose" ] || echo "(now just LIST)" + [ -z "$verbose" ] || ./yulectl -c LIST kill $PROC_S; kill $PROC_Y; return 1 fi + [ -z "$verbose" ] || OLINE=$( ./yulectl -c LISTALL | grep ${UUID} ) + [ -z "$verbose" ] || echo "${OLINE}" # # >>> (4) Trigger a scan @@ -391,7 +421,8 @@ do_test_2_g_three () { kill $PROC_S; kill $PROC_Y; return 1 fi - + [ -z "$verbose" ] || echo " ... TTOU sent to /${PROC_S}/ ..."; + for ff in 1 2; do five_sec_sleep done @@ -502,6 +533,10 @@ testrun2g_build () # save binary and build server # cp samhain samhain.build || return 1 + if test -f scripts/samhainadmin.pl + then + cp scripts/samhainadmin.pl scripts/xxx_samhainadmin.pl + fi $MAKE clean >/dev/null || return 1 ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} @@ -541,6 +576,10 @@ testrun2g_build () fi mv samhain.build.new samhain.new || return 1 + if test -f scripts/xxx_samhainadmin.pl + then + cp scripts/xxx_samhainadmin.pl scripts/samhainadmin.pl + fi rm -f ./.samhain_log* rm -f ./.samhain_lock @@ -592,10 +631,13 @@ copy_rc_db_files () chmod 644 ./rc.${SH_LOCALHOST} chmod 644 ./file.${SH_LOCALHOST} - cp ./testrc_2 "./rc.${ALTHOST}" - cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null - chmod 644 ./rc.${ALTHOST} - chmod 644 ./file.${ALTHOST} + if [ "x${SH_LOCALHOST}" != "x${ALTHOST}" ] + then + cp ./testrc_2 "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null + chmod 644 ./rc.${ALTHOST} + chmod 644 ./file.${ALTHOST} + fi } MAXTEST=6; export MAXTEST @@ -815,6 +857,11 @@ testrun2g () [ -z "$quiet" ] && log_fail 3 ${MAXTEST} "Case Two w/o delta"; fi + if test -f scripts/xxx_samhainadmin.pl + then + rm -f scripts/xxx_samhainadmin.pl + fi + log_end "RUN CLIENT/SERVER CASE TWO" } diff --git a/test/testrun_2h.sh b/test/testrun_2h.sh new file mode 100644 index 0000000..4d84f61 --- /dev/null +++ b/test/testrun_2h.sh @@ -0,0 +1,233 @@ +#! /bin/sh + +# +# Copyright Rainer Wichmann (2006) +# +# License Information: +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +LOGFILE="$PW_DIR/.samhain_log"; export LOGFILE +RCFILE="$PW_DIR/testrc_2"; export RCFILE +RCFILE_C="$PW_DIR/testrc_1.dyn"; export RCFILE_C + +SERVER_BUILDOPTS="--quiet $TRUST --enable-network=server --prefix=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER$PW_DIR/testrc_2 --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=${SH_LOCALHOST} --with-log-file=$PW_DIR/.samhain_log --with-pid-file=$PW_DIR/.samhain_lock"; export SERVER_BUILDOPTS + +CLIENT_BUILDOPTS="--quiet $TRUST --enable-micro-stealth=137 --enable-debug --enable-network=client --enable-srp --prefix=$PW_DIR --with-tmp-dir=$PW_DIR --localstatedir=$PW_DIR --with-config-file=REQ_FROM_SERVER${RCFILE_C} --with-data-file=REQ_FROM_SERVER$PW_DIR/.samhain_file --with-logserver=localhost --with-log-file=$LOGFILE --with-pid-file=$PW_DIR/.samhain_lock"; export CLIENT_BUILDOPTS + +testrun2h_internal () +{ + SIGNIFY="$1" + + [ -z "$verbose" ] || { + echo; + echo Working directory: $PW_DIR; echo MAKE is $MAKE; echo SIGNIFY is $SIGNIFY; + echo; + } + + [ -z "$verbose" ] || { echo; echo "${S}Building client and server${E}"; echo; } + + if test -r "Makefile"; then + $MAKE distclean + fi + + # + # Bootstrapping + # + ${TOP_SRCDIR}/configure >/dev/null 2>/dev/null + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure (bootstrap)..."; + $MAKE > /dev/null 2>&1 + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make (bootstrap)..."; + else + [ -z "$quiet" ] && log_msg_fail "make (bootstrap)..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure (bootstrap)..."; + return 1 + fi + + ${TOP_SRCDIR}/configure --with-signify=${SIGNIFY} --with-checksum=yes ${CLIENT_BUILDOPTS} >/dev/null 2>&1 + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + cp ${SCRIPTDIR}/testrc_1i.dyn "$RCFILE_C" + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signify signed config file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signify signed config file..."; + return 1 + fi + + # save binary and build server + + cp samhain samhain.build || return 1 + $MAKE clean >/dev/null || return 1 + + ${TOP_SRCDIR}/configure ${SERVER_BUILDOPTS} + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "configure..."; + $MAKE > /dev/null 2>>test_log + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "make..."; + else + [ -z "$quiet" ] && log_msg_fail "make..."; + return 1 + fi + + else + [ -z "$quiet" ] && log_msg_fail "configure..."; + return 1 + fi + + + ##################################################################### + # + # + rm -f ./.samhain_file + rm -f ./.samhain_log + rm -f ./.samhain_lock + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + + cp ${SCRIPTDIR}/testrc_2.in testrc_2 + + ./samhain.build -t init -p none + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "init..."; + else + [ -z "$quiet" ] && log_msg_fail "init..."; + return 1 + fi + + cp ${SCRIPTDIR}/test1i_file.sig $PW_DIR/.samhain_file + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "copy signed database file..."; + else + [ -z "$quiet" ] && log_msg_fail "copy signed database file..."; + return 1 + fi + + # Create a password + + SHPW=`./yule -G` + if test x"$SHPW" = x; then + [ -z "$quiet" ] && log_msg_fail "password not generated -- aborting" + return 1 + fi + + # Set in client + + ./samhain_setpwd samhain.build new $SHPW >/dev/null + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "./samhain_setpwd samhain.build new $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "./samhain_setpwd samhain.build new $SHPW"; + return 1 + fi + + mv samhain.build.new samhain.new || return 1 + + rm -f ./.samhain_log* + rm -f ./.samhain_lock + + SHCLT=`./yule -P $SHPW` + + if test x$? = x0; then + [ -z "$verbose" ] || log_msg_ok "yule -P $SHPW"; + else + [ -z "$quiet" ] && log_msg_fail "yule -P $SHPW"; + return 1 + fi + + SHCLT1=`echo "${SHCLT}" | sed s%HOSTNAME%${SH_LOCALHOST}%` + AHOST=`find_hostname` + SHCLT2=`echo "${SHCLT}" | sed s%HOSTNAME%${AHOST}%` + + + echo $SHCLT1 >> testrc_2 + echo $SHCLT2 >> testrc_2 + + + cp "${RCFILE_C}" ./rc.${SH_LOCALHOST} + mv $PW_DIR/.samhain_file ./file.${SH_LOCALHOST} + + ALTHOST=`find_hostname` + cp "${RCFILE_C}" "./rc.${ALTHOST}" + cp ./file.${SH_LOCALHOST} "./file.${ALTHOST}" 2>/dev/null +} + +MAXTEST=1; export MAXTEST + +testrun2h () +{ + log_start "RUN FULL CLIENT/SERVER W/SIGNIFY"; + # + if [ x"$1" = x ]; then + [ -z "$quiet" ] && log_msg_fail "Missing hostname" + fi + # + SIGNIFY=`find_path signify-openbsd` + if [ -z "$SIGNIFY" ]; then + SIGNIFY=`find_path signify` + fi + if [ -z "$SIGNIFY" ]; then + log_skip 1 $MAXTEST 'signify not found in $PATH' + fi + + SH_LOCALHOST=$1; export SH_LOCALHOST + + testrun2h_internal "${SIGNIFY}" + + SAVE_VALGRIND="${VALGRIND}"; VALGRIND=''; export VALGRIND + do_test_1_a + out=$? + VALGRIND="${SAVE_VALGRIND}"; export VALGRIND + + if [ $out -eq 0 ]; then + [ -z "$quiet" ] && log_ok 1 ${MAXTEST} "Client download+logging w/signify"; + else + [ -z "$quiet" ] && log_fail 1 ${MAXTEST} "Client download+logging w/signify"; + fi + + if [ -n "$cleanup" ]; then + rm -f ./rc.${SH_LOCALHOST} + rm -f ./file.${SH_LOCALHOST} + ALTHOST=`find_hostname` + rm -f "./file.${ALTHOST}" + rm -f "./rc.${ALTHOST}" + fi + + log_end "RUN FULL CLIENT/SERVER W/SIGNIFY" +} + |