From: Denis Ovsienko Date: Sat, 22 Jul 2023 12:50:16 +0000 (+0100) Subject: Autoconf: Get --with-user and --with-chroot right. [skip appveyor] X-Git-Tag: tcpdump-4.99.5~181 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/e6e2db1ca398a11fabd27bac2a81f110c7b2de06 Autoconf: Get --with-user and --with-chroot right. [skip appveyor] As Francois-Xavier points it out, my commit 3aa6574 fixed one bug, but introduced another: running "./configure --with-gcc" also erroneously takes the --with-user code path because withval is set to "yes" after the --with-gcc block: ./configure --with-gcc [...] checking whether to drop root privileges by default... configure: error: --with-user requires a username The matter is, in Autoconf AC_ARG_WITH() without ation-if-not-given assigns withval only if with_xxxx is set to any value (including an empty string), so make sure withval is always set in AC_ARG_WITH() and spell all possible withval values in AS_CASE(), this way regardless of any other options the behaviour is correct. Rejected: --with-user --with-user= --with-user=yes --with-chroot --with-chroot= --with-chroot=yes Accepted: --without-user --with-user=no --with-user=someuser --without-chroot --with-chroot=no --with-chroot=/somedir (cherry picked from commit df376cdfb5aca21ffb516e9b4ae9cccf0da4d166) Moreover: Run autoreconf2.69 -f. --- diff --git a/configure b/configure index b12f9366..4b06488b 100755 --- a/configure +++ b/configure @@ -4367,47 +4367,64 @@ $as_echo "no" >&6; } ;; esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to drop root privileges by default" >&5 +$as_echo_n "checking whether to drop root privileges by default... " >&6; } # Check whether --with-user was given. if test "${with_user+set}" = set; then : withval=$with_user; +else + withval=no fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to drop root privileges by default" >&5 -$as_echo_n "checking whether to drop root privileges by default... " >&6; } -if test ! -z "$with_user" ; then +case "$withval" in #( + no) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; #( + ''|yes) : + as_fn_error $? "--with-user requires a username" "$LINENO" 5 ;; #( + *) : + cat >>confdefs.h <<_ACEOF #define WITH_USER "$withval" _ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: result: to \"$withval\"" >&5 -$as_echo "to \"$withval\"" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, to user \"$withval\"" >&5 +$as_echo "yes, to user \"$withval\"" >&6; } + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to chroot" >&5 +$as_echo_n "checking whether to chroot... " >&6; } # Check whether --with-chroot was given. if test "${with_chroot+set}" = set; then : withval=$with_chroot; +else + withval=no + fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to chroot" >&5 -$as_echo_n "checking whether to chroot... " >&6; } -if test ! -z "$with_chroot" && test "$with_chroot" != "no" ; then +case "$withval" in #( + no) : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } ;; #( + ''|yes) : + as_fn_error $? "--with-chroot requires a directory" "$LINENO" 5 ;; #( + *) : + cat >>confdefs.h <<_ACEOF #define WITH_CHROOT "$withval" _ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: result: to \"$withval\"" >&5 -$as_echo "to \"$withval\"" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes, to directory \"$withval\"" >&5 +$as_echo "yes, to directory \"$withval\"" >&6; } + + ;; +esac # Check whether --with-sandbox-capsicum was given. diff --git a/configure.ac b/configure.ac index 21a0f701..1eed05a1 100644 --- a/configure.ac +++ b/configure.ac @@ -153,31 +153,42 @@ yes) AC_MSG_RESULT(yes) ;; esac -AC_ARG_WITH(user, [ --with-user=USERNAME drop privileges by default to USERNAME]) AC_MSG_CHECKING([whether to drop root privileges by default]) -if test ! -z "$withval" && test "$withval" != "no" ; then - if test "$withval" = "yes" ; then - AC_MSG_ERROR([--with-user requires a username]) - fi - AC_DEFINE_UNQUOTED(WITH_USER, "$withval", - [define if should drop privileges by default]) - AC_MSG_RESULT([yes, to user "$withval"]) -else - AC_MSG_RESULT(no) -fi +AC_ARG_WITH( + [user], + [AS_HELP_STRING([--with-user=USERNAME], + [drop privileges by default to USERNAME] + )], + [], + [withval=no]) +AS_CASE(["$withval"], + [no], [AC_MSG_RESULT(no)], + [''|yes], [AC_MSG_ERROR([--with-user requires a username])], + [ + AC_DEFINE_UNQUOTED(WITH_USER, "$withval", + [define if should drop privileges by default]) + AC_MSG_RESULT([yes, to user "$withval"]) + ] +) -AC_ARG_WITH(chroot, [ --with-chroot=DIRECTORY when dropping privileges, chroot to DIRECTORY]) AC_MSG_CHECKING([whether to chroot]) -if test ! -z "$withval" && test "$withval" != "no" ; then - if test "$withval" = "yes" ; then - AC_MSG_ERROR([--with-chroot requires a directory]) - fi - AC_DEFINE_UNQUOTED(WITH_CHROOT, "$withval", - [define if should chroot when dropping privileges]) - AC_MSG_RESULT([yes, to directory "$withval"]) -else - AC_MSG_RESULT(no) -fi +AC_ARG_WITH( + [chroot], + [AS_HELP_STRING([--with-chroot=DIRECTORY], + [when dropping privileges, chroot to DIRECTORY] + )], + [], + [withval=no] +) +AS_CASE(["$withval"], + [no], [AC_MSG_RESULT(no)], + [''|yes], [AC_MSG_ERROR([--with-chroot requires a directory])], + [ + AC_DEFINE_UNQUOTED(WITH_CHROOT, "$withval", + [define if should chroot when dropping privileges]) + AC_MSG_RESULT([yes, to directory "$withval"]) + ] +) AC_ARG_WITH(sandbox-capsicum, AS_HELP_STRING([--with-sandbox-capsicum],