freebsd-src/contrib/openbsm/configure.ac
Robert Watson 5e386598a6 Merge OpenBSM 1.2-alpha5 from vendor branch to FreeBSD -CURRENT:
- Add a new "qsize" parameter in audit_control and the getacqsize(3) API to
  query it, allowing to set the kernel's maximum audit queue length.
- Add support to push a mapping between audit event names and event numbers
  into the kernel (where supported) using new A_GETEVENT and A_SETEVENT
  auditon(2) operations.
- Add audit event identifiers for a number of new (and not-so-new) FreeBSD
  system calls including those for asynchronous I/O, thread management, SCTP,
  jails, multi-FIB support, and misc. POSIX interfaces such as
  posix_fallocate(2) and posix_fadvise(2).
- On operating systems supporting Capsicum, auditreduce(1) and praudit(1) now
  run sandboxed.
- Empty "flags" and "naflags" fields are now permitted in audit_control(5).

Many thanks to Christian Brueffer for producing the OpenBSM release and
importing/tagging it in the vendor branch.  This release will allow improved
auditing of a range of new FreeBSD functionality, as well as non-traditional
events (e.g., fine-grained I/O auditing) not required by the Orange Book or
Common Criteria.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, AFRL
MFC after:	3 weeks
2017-03-26 21:14:49 +00:00

264 lines
7.0 KiB
Plaintext

# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
AC_INIT([OpenBSM], [1.2-alpha5], [trustedbsd-audit@TrustedBSD.org],[openbsm])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_SRCDIR([bin/auditreduce/auditreduce.c])
AC_CONFIG_AUX_DIR(config)
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADER([config/config.h])
AM_MAINTAINER_MODE
# --with-native-includes forces the use of the system bsm headers.
AC_ARG_WITH([native-includes],
[AS_HELP_STRING([--with-native-includes],
[Use the system native include files instead of those included with openbsm.])],
[
AC_DEFINE(USE_NATIVE_INCLUDES,, Define to use native include files)
use_native_includes=true
],
[use_native_includes=false])
AM_CONDITIONAL(USE_NATIVE_INCLUDES, $use_native_includes)
AC_PATH_PROGS(MIG, mig)
# Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_LEX
AC_PROG_LIBTOOL
AC_PROG_LN_S
AC_PROG_YACC
AM_INIT_AUTOMAKE(AC_PACKAGE_NAME, AC_PACKAGE_VERSION)
AC_SEARCH_LIBS(dlsym, dl)
AC_SEARCH_LIBS(pthread_create, pthread)
AC_SEARCH_LIBS(clock_gettime, rt)
AC_SEARCH_LIBS(SSL_connect, ssl)
AC_SEARCH_LIBS(humanize_number, util)
AC_SEARCH_LIBS(pidfile_open, util)
# Checks for header files.
AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS([mach/mach.h stdint.h pthread_np.h printf.h])
AC_DEFINE([_GNU_SOURCE],,[Use extended API on platforms that require it])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_CHECK_MEMBERS([struct stat.st_rdev])
AC_CHECK_MEMBER([struct ipc_perm.__key],
[AC_DEFINE(HAVE_IPC_PERM___KEY,, Define if ipc_perm.__key instead of key)],
[],[
#include <sys/types.h>
#include <sys/ipc.h>
])
AC_CHECK_MEMBER([struct ipc_perm._key],
[AC_DEFINE(HAVE_IPC_PERM__KEY,, Define if ipc_perm._key instead of key)],
[],[
#include <sys/types.h>
#include <sys/ipc.h>
])
AC_CHECK_MEMBER([struct ipc_perm.__seq],
[AC_DEFINE(HAVE_IPC_PERM___SEQ,, Define if ipc_perm.__seq instead of seq)],
[],[
#include <sys/types.h>
#include <sys/ipc.h>
])
AC_CHECK_MEMBER([struct ipc_perm._seq],
[AC_DEFINE(HAVE_IPC_PERM__SEQ,, Define if ipc_perm._seq instead of seq)],
[],[
#include <sys/types.h>
#include <sys/ipc.h>
])
AC_CHECK_MEMBER([struct sockaddr_storage.ss_len],
[AC_DEFINE(HAVE_SOCKADDR_STORAGE_SS_LEN,, Define if sockaddr_storage.ss_len field exists)],
[],[
#include <sys/types.h>
#include <sys/socket.h>
])
AC_HEADER_TIME
AC_STRUCT_TM
# Checks for library functions.
AC_FUNC_CHOWN
AC_FUNC_FORK
AC_FUNC_MALLOC
AC_FUNC_MKTIME
AC_TYPE_SIGNAL
AC_FUNC_STAT
AC_FUNC_STRFTIME
AC_CHECK_FUNCS([arc4random arc4random_buf bzero cap_enter clock_gettime closefrom faccessat fdopendir fstatat ftruncate getresgid getresuid gettimeofday inet_ntoa jail kqueue memset openat pthread_cond_timedwait_relative_np pthread_condattr_setclock pthread_mutex_lock renameat setproctitle sigtimedwait strchr strerror strlcat strlcpy strndup strrchr strstr strtol strtoul unlinkat vis])
# sys/queue.h exists on most systems, but its capabilities vary a great deal.
# test for LIST_FIRST and TAILQ_FOREACH_SAFE, which appears to not exist in
# all of them, and are necessary for OpenBSM.
AC_TRY_LINK([
#include <sys/queue.h>
], [
#ifndef LIST_FIRST
#error LIST_FIRST missing
#endif
#ifndef TAILQ_FOREACH_SAFE
#error TAILQ_FOREACH_SAFE
#endif
], [
AC_DEFINE(HAVE_FULL_QUEUE_H,, Define if queue.h includes LIST_FIRST)
])
# Systems may not define key audit system calls, in which case libbsm cannot
# depend on them or it will generate link-time or run-time errors. Test for
# just one.
AC_TRY_LINK([
#include <stddef.h>
extern int auditon(int, void *, int);
], [
int err;
err = auditon(0, NULL, 0);
], [
AC_DEFINE(HAVE_AUDIT_SYSCALLS,, Define if audit system calls present)
have_audit_syscalls=true
], [
have_audit_syscalls=false
])
AM_CONDITIONAL(HAVE_AUDIT_SYSCALLS, $have_audit_syscalls)
#
# We rely on the BSD be32toh() and be32enc()-style endian macros to perform
# byte order conversions. Availability of these varies considerably -- in
# general, a system might have neither, be32toh(), or be32toh() and be32enc().
# There is also variation in which headers are even present, and whether they
# are macros or functions. Try to organise the world into some simpler cases.
# The following macros may be set at the end:
#
# USE_ENDIAN_H
# USE_SYS_ENDIAN_H
# USE_MACHINE_ENDIAN_H
# USE_COMPAT_ENDIAN_H
# USE_COMPAT_ENDIAN_ENC_H
#
# First, decide which system endian.h to use.
#
AC_CHECK_HEADERS([endian.h], [
have_endian_h=yes
], [
have_endian_h=no
])
AC_CHECK_HEADERS([sys/endian.h], [
have_sys_endian_h=yes
], [
have_sys_endian_h=no
])
AC_CHECK_HEADERS([machine/endian.h], [
have_machine_endian_h=yes
], [
have_machine_endian_h=no
])
if test $have_endian_h = yes; then
AC_DEFINE(USE_ENDIAN_H,, Define if endian.h should be included)
elif test $have_sys_endian_h = yes; then
AC_DEFINE(USE_SYS_ENDIAN_H,, Define if sys/endian.h should be included)
elif test $have_machine_endian_h = yes; then
AC_DEFINE(USE_MACHINE_ENDIAN_H,, Define if machine/endian.h should be included)
else
AC_MSG_ERROR([no endian.h])
fi
#
# Next, decide if we need to supplement with compat headers.
#
AC_TRY_LINK([
#ifdef USE_ENDIAN_H
#include <endian.h>
#endif
#ifdef USE_SYS_ENDIAN_H
#include <sys/endian.h>
#endif
#ifdef USE_MACHINE_ENDIAN_H
#include <machine/endian.h>
#endif
], [
(void)be32toh(0);
], [], [
AC_DEFINE(USE_COMPAT_ENDIAN_H,, Define if compat/endian.h is required)
AC_MSG_RESULT([using compat/endian.h])
])
AC_TRY_LINK([
#ifdef USE_ENDIAN_H
#include <endian.h>
#endif
#ifdef USE_SYS_ENDIAN_H
#include <sys/endian.h>
#endif
#ifdef USE_MACHINE_ENDIAN_H
#include <machine/endian.h>
#endif
#ifdef USE_COMPAT_ENDIAN_H
#include "compat/endian.h"
#endif
#include <stdlib.h>
], [
int i;
i = bswap16(0);
i = bswap32(0);
i = bswap64(0);
be32enc(NULL, 0);
i = htole64(0);
i = le64toh(0);
], [], [
AC_DEFINE(USE_COMPAT_ENDIAN_ENC_H,, Define if compat/endian_enc.h is required)
AC_MSG_RESULT([using compat/endian_enc.h])
])
# Check to see if Mach IPC is used for trigger messages. If so, use Mach IPC
# instead of the default for sending trigger messages to the audit components.
AC_CHECK_FILE([/usr/include/mach/audit_triggers.defs], [
AC_DEFINE(USE_MACH_IPC,, Define if uses Mach IPC for Triggers messages)
use_mach_ipc=true
], [
use_mach_ipc=false
])
AM_CONDITIONAL(USE_MACH_IPC, $use_mach_ipc)
AC_CONFIG_FILES([Makefile
bin/Makefile
bin/audit/Makefile
bin/auditd/Makefile
bin/auditdistd/Makefile
bin/auditfilterd/Makefile
bin/auditreduce/Makefile
bin/praudit/Makefile
bsm/Makefile
libauditd/Makefile
libbsm/Makefile
modules/Makefile
modules/auditfilter_noop/Makefile
man/Makefile
sys/Makefile
sys/bsm/Makefile
test/Makefile
test/bsm/Makefile
tools/Makefile])
AC_OUTPUT