build: don't just warn if libcap is missing

Problem: if libcap is not found by configure but multi-user is
enabled, diod runs without it, leading to test failures noted
in chaos#103.

Make that a hard error unless configured with --disable-multiuser.
Also, use pkg-config to find libcap.

Don't build the libnpfs/capability unit test if multi-user is disabled.

Author: garlick

configure.ac

@@ -80,7 +80,6 @@ AC_CHECK_FUNCS( \
 )
 AC_FUNC_STRERROR_R
 X_AC_CHECK_PTHREADS
-X_AC_CHECK_COND_LIB(cap, cap_get_proc)
 X_AC_TCMALLOC
 X_AC_RDMA
 
@@ -120,6 +119,9 @@ AS_IF([test "x$enable_auth" != "xno"], [
 ])
 
 AS_IF([test "x$enable_multiuser" != "xno"], [
+  PKG_CHECK_MODULES([CAP], [libcap], [], [
+    AC_MSG_ERROR([Install libcap or configure with --disable-multiuser])
+  ])
   AC_DEFINE([MULTIUSER], [1], [service files to multiple users])
 ])
 

src/cmd/Makefile.am

@@ -3,6 +3,7 @@ AM_CFLAGS = @WARNING_CFLAGS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	$(MUNGE_CFLAGS) \
+	$(CAP_CFLAGS) \
 	$(LUA_INCLUDE)
 AM_CPPFLAGS += $(ncurses_CPPFLAGS)
 
@@ -18,7 +19,7 @@ common_ldadd = \
 	$(top_builddir)/src/libnpfs/libnpfs.a \
 	$(top_builddir)/src/liblsd/liblsd.a \
 	$(top_builddir)/src/libdiod/libdiod.a \
-	$(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(LIBCAP) \
+	$(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(CAP_LIBS) \
 	$(LIBIBVERBS) $(LIBRDMACM) $(LIBTCMALLOC) $(ncurses_LIBS)
 
 common_sources = \

src/libdiod/Makefile.am

@@ -3,6 +3,7 @@ AM_CFLAGS = @WARNING_CFLAGS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	$(MUNGE_CFLAGS) \
+	$(CAP_CFLAGS) \
 	$(LUA_INCLUDE)
 
 noinst_LIBRARIES = libdiod.a
@@ -41,7 +42,7 @@ test_ldadd = \
 	$(builddir)/libdiod.a \
 	$(top_builddir)/src/libtap/libtap.a \
 	$(LUA_LIB) \
-	$(LIBCAP) \
+	$(CAP_LIBS) \
 	$(MUNGE_LIBS) \
 	$(LIBPTHREAD)
 

src/libnpclient/Makefile.am

@@ -1,6 +1,7 @@
 AM_CFLAGS = @WARNING_CFLAGS@
 
 AM_CPPFLAGS = \
+	$(CAP_CFLAGS) \
 	-I$(top_srcdir)
 
 noinst_LIBRARIES = libnpclient.a
@@ -31,7 +32,7 @@ test_ldadd = \
 	$(top_builddir)/src/liblsd/liblsd.a \
 	$(top_builddir)/src/libtap/libtap.a \
 	$(LUA_LIB) \
-	$(LIBCAP) \
+	$(CAP_LIBS) \
 	$(LIBPTHREAD)
 
 TESTS = \

src/libnpfs/Makefile.am

@@ -1,6 +1,7 @@
 AM_CFLAGS = @WARNING_CFLAGS@
 
 AM_CPPFLAGS = \
+	$(CAP_CFLAGS) \
 	-I$(top_srcdir)
 
 noinst_LIBRARIES = libnpfs.a
@@ -43,16 +44,20 @@ test_ldadd = \
 	$(top_builddir)/src/liblsd/liblsd.a \
 	$(top_builddir)/src/libtest/libtest.a \
 	$(top_builddir)/src/libtap/libtap.a \
-	$(LIBCAP) \
+	$(CAP_LIBS) \
 	$(LIBPTHREAD)
 
 TESTS = \
 	test_encoding.t \
 	test_fidpool.t \
-	test_capability.t \
 	test_setfsuid.t \
 	test_setreuid.t
 
+if MULTIUSER
+TESTS += \
+	test_capability.t
+endif
+
 check_PROGRAMS = $(TESTS)
 TEST_EXTENSIONS = .t
 T_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) \
@@ -64,8 +69,10 @@ test_encoding_t_LDADD = $(test_ldadd)
 test_fidpool_t_SOURCES = test/fidpool.c
 test_fidpool_t_LDADD = $(test_ldadd)
 
+if MULTIUSER
 test_capability_t_SOURCES = test/capability.c
 test_capability_t_LDADD = $(test_ldadd)
+endif
 
 test_setfsuid_t_SOURCES = test/setfsuid.c
 test_setfsuid_t_LDADD = $(test_ldadd)

src/libnpfs/test/capability.c

@@ -12,17 +12,14 @@
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif
-#if HAVE_LIBCAP
 #include <sys/capability.h>
-#endif
 #include <sys/fsuid.h>
 #include <string.h>
 
 #include "src/libtest/thread.h"
 #include "src/libtest/state.h"
 #include "src/libtap/tap.h"
 
-#if HAVE_LIBCAP
 typedef enum { S0, S1, S2, S3, S4, S5 } state_t;
 
 static void check_capability (const char *who,
@@ -156,19 +153,15 @@ static void proc0 (void)
     check_capability ("task0", "CHOWN", CAP_CHOWN, CAP_CLEAR);
 }
 
-#endif
-
 int main(int argc, char *argv[])
 {
-#if HAVE_LIBCAP
     if (geteuid () != 0 || getenv ("FAKEROOTKEY") != NULL)
         plan (SKIP_ALL, "this test must run as root");
     plan (NO_PLAN);
+
     test_state_init (S0);
     proc0 (); // spawns proc1 and proc2
-#else
-    plan (SKIP_ALL, "libcap2-dev is not installed");
-#endif
+
     done_testing ();
 
     exit (0);

src/libnpfs/user-linux.c

@@ -23,16 +23,13 @@
 #include <sys/fsuid.h>
 #include <pwd.h>
 #include <grp.h>
-#if HAVE_LIBCAP
 #include <sys/capability.h>
-#endif
 #include <sys/prctl.h>
 
 #include "npfs.h"
 #include "xpthread.h"
 #include "npfsimpl.h"
 
-#if HAVE_LIBCAP
 /* When handling requests on connections authenticated as root, we consider
  * it safe to disable DAC checks on the server and presume the client is
  * doing it.  This is only done if the server sets SRV_FLAGS_DAC_BYPASS.
@@ -79,7 +76,6 @@ _chg_privcap (Npsrv *srv, cap_flag_value_t val)
 	}
 	return ret;
 }
-#endif
 
 /* Note: it is possible for setfsuid/setfsgid to fail silently,
  * e.g. if user doesn't have CAP_SETUID/CAP_SETGID.
@@ -190,7 +186,6 @@ np_setfsid (Npreq *req, Npuser *u, u32 gid_override)
 			wt->fsuid = u->uid;
 		}
 	}
-#if HAVE_LIBCAP
 	if ((srv->flags & SRV_FLAGS_DAC_BYPASS) && wt->fsuid != 0) {
 		if (!wt->privcap && authuid == 0) {
 			if (_chg_privcap (srv, CAP_SET) < 0)
@@ -204,7 +199,6 @@ np_setfsid (Npreq *req, Npuser *u, u32 gid_override)
 			dumpclrd = 1;
 		}
 	}
-#endif
 	ret = 0;
 done:
 	if (dumpclrd && prctl (PR_SET_DUMPABLE, 1, 0, 0, 0) < 0)

tests/kern/Makefile.am

@@ -36,13 +36,14 @@ AM_CFLAGS = @WARNING_CFLAGS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	$(MUNGE_CFLAGS) \
+	$(CAP_CFLAGS) \
 	$(LUA_INCLUDE)
 
 
 LDADD = $(top_builddir)/src/libdiod/libdiod.a \
         $(top_builddir)/src/libnpfs/libnpfs.a \
         $(top_builddir)/src/liblsd/liblsd.a \
-        $(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(LIBCAP) $(LIBTCMALLOC)
+        $(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(CAP_LIBS) $(LIBTCMALLOC)
 
 common_sources = test.h
 

tests/user/Makefile.am

@@ -38,14 +38,15 @@ AM_CFLAGS = @WARNING_CFLAGS@
 AM_CPPFLAGS = \
 	-I$(top_srcdir) \
 	$(MUNGE_CFLAGS) \
+	$(CAP_CFLAGS) \
 	$(LUA_INCLUDE)
 
 
 LDADD = $(top_builddir)/src/libdiod/libdiod.a \
         $(top_builddir)/src/libnpclient/libnpclient.a \
         $(top_builddir)/src/libnpfs/libnpfs.a \
         $(top_builddir)/src/liblsd/liblsd.a \
-        $(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(LIBCAP) $(LIBTCMALLOC)
+        $(LIBPTHREAD) $(LUA_LIB) $(MUNGE_LIBS) $(CAP_LIBS) $(LIBTCMALLOC)
 
 common_sources =