small tcp_wrappers issue (argus-3.0.0.rc.10)

Carter Bullard carter at qosient.com
Thu Jun 22 12:51:58 EDT 2006 

Hey Andreas,
I've included a patch for argus's ./aclocal.m4.  If you could
apply the patch and then:
    % make clobber
    % autoconf
    % ./configure
    % make

and see if that works.  autoconf may fail if the permissions
on ./configure are not u+w, but 'chmod u+w configure' and
the autoconf should work.

If this works, I'll add it to the clients as well.   Since I'm doing
anything with the results of the 'main in -lwrap' anyway, I'm
bypassing it for now.

Thanks!!!!

Carter

==== //depot/argus/argus/aclocal.m4#3 - /home/carter/argus/argus/ 
aclocal.m4 ====
698,705c698,716
<        AC_CHECK_LIB(wrap, main, libwrap="-lwrap")
<        if test $libwrap = FAIL ; then
<           AC_MSG_WARN(tcp_wrapper not found)
<        else
<           $1=$libwrap
<           LIBS="$libwrap $LIBS"
<           if test -r /usr/local/include/tcpd.h; then
<           $2="-I/usr/local/include $$2"
---
 > dnl    AC_CHECK_LIB(wrap, main, libwrap="-lwrap")
 > dnl    if test $libwrap = FAIL ; then
 >           AC_CACHE_VAL(ac_cv_qosient_wrapper,
 >              [ac_save_LIBS="$LIBS"
 >              LIBS="-lwrap $LIBS"
 >              AC_TRY_COMPILE(
 >                 [int deny_severity = 0, allow_severity = 0;],
 >                 ,
 >                 ac_cv_qosient_wrapper=yes,
 >                 ac_cv_qosient_wrapper=no)
 >              LIBS="$ac_save_LIBS"])
 >           AC_MSG_RESULT($ac_cv_qosient_wrapper)
 >           if test $ac_cv_qosient_wrapper = no ; then
 >              AC_MSG_WARN(tcp_wrapper not found)
 >           else
 >              LIBS="-lwrap $LIBS"
 >              if test -r /usr/local/include/tcpd.h; then
 >              $2="-I/usr/local/include $$2"
 >              fi
707c718,726
<        fi
---
 >
 > dnl    else
 > dnl       $1=$libwrap
 > dnl       LIBS="$libwrap $LIBS"
 > dnl       if test -r /usr/local/include/tcpd.h; then
 > dnl       $2="-I/usr/local/include $$2"
 > dnl       fi
 > dnl    fi
 >


On Jun 22, 2006, at 6:53 AM, Andreas Östling wrote:

>
> I don't think this issue is new but I just noticed it when trying
> argus-3.0.0.rc.10. The check for tcp_wrappers fails on some systems as
> some versions of tcp_wrappers requires allow_severity/deny_severity to
> be defined when linking. Example with argus-3.0.0.rc.10 on OpenBSD 3.9
> even though it has libwrap by default:
>
> checking for system tcp_wrappers library... checking for main in
> -lwrap... no
> configure: WARNING: tcp_wrapper not found
>
> From config.log:
> configure:6999: checking for system tcp_wrappers library
> configure:7001: checking for main in -lwrap
> configure:7025: gcc -o conftest -g -O2   conftest.c -lwrap    - 
> lpcap >&5
> /usr/lib/libwrap.so.4.0: undefined reference to `allow_severity'
> /usr/lib/libwrap.so.4.0: undefined reference to `deny_severity'
> collect2: ld returned 1 exit status
>
> By adding this to the conftest program:
> int deny_severity = 0;
> int allow_severity = 0;
>
> tcp_wrappers will be detected correctly:
> checking for system tcp_wrappers library... checking for main in
> -lwrap... yes
>
> and seems to work:
> argus[10605]: 22 Jun 06 12:38:09.360765 refused connect from localhost
> argus[10605]: 22 Jun 06 12:38:09.361116 ArgusCheckClientStatus:
> ArgusTcpWrapper rejects
>
> Same thing goes for argus-clients I guess.
>
> /Andreas
>

More information about the argus mailing list