From 7a181426c5f7968bbd0c60d628a2e546813aaecf Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 24 Jun 2019 09:22:57 -0400
Subject: disable firetunnel at config time (#2793)

---
 configure               | 17 +++++++++++++++++
 configure.ac            | 18 ++++++++++++++++++
 src/common.mk.in        |  3 ++-
 src/firejail/checkcfg.c |  8 ++++++++
 src/firejail/main.c     |  3 ++-
 test/compile/compile.sh | 20 +++++++++++++++++++-
 6 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 6102a470e..60ec90adf 100755
--- a/configure
+++ b/configure
@@ -642,6 +642,7 @@ HAVE_GLOBALCFG
 HAVE_CHROOT
 HAVE_SECCOMP
 HAVE_PRIVATE_HOME
+HAVE_FIRETUNNEL
 HAVE_OVERLAYFS
 EXTRA_LDFLAGS
 EXTRA_CFLAGS
@@ -706,6 +707,7 @@ ac_user_opts='
 enable_option_checking
 enable_apparmor
 enable_overlayfs
+enable_firetunnel
 enable_private_home
 enable_seccomp
 enable_chroot
@@ -1357,6 +1359,7 @@ Optional Features:
   --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
   --enable-apparmor       enable apparmor
   --disable-overlayfs     disable overlayfs
+  --disable-firetunnel    disable firetunnel
   --disable-private-home  disable private home feature
   --disable-seccomp       disable seccomp
   --disable-chroot        disable chroot
@@ -3431,6 +3434,19 @@ if test "x$enable_overlayfs" != "xno"; then :
 	HAVE_OVERLAYFS="-DHAVE_OVERLAYFS"
 
 
+fi
+
+HAVE_FIRETUNNEL=""
+# Check whether --enable-firetunnel was given.
+if test "${enable_firetunnel+set}" = set; then :
+  enableval=$enable_firetunnel;
+fi
+
+if test "x$enable_firetunnel" != "xno"; then :
+
+	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
+
+
 fi
 
 HAVE_PRIVATEHOME=""
@@ -5280,6 +5296,7 @@ echo "   whitelisting: $HAVE_WHITELIST"
 echo "   private home support: $HAVE_PRIVATE_HOME"
 echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
+echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
 echo "   Spectre compiler patch: $HAVE_SPECTRE"
 echo "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
diff --git a/configure.ac b/configure.ac
index c3ca7d912..675c8fd65 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,3 +1,12 @@
+#
+# Note:
+#
+# If for any reason autoconf fails, run "autoreconf -i --install " and try again.
+# We rely soley on autoconf, without automake. Apparently, in this case
+# the macros from m4 directory are not picked up by default by automake.
+# "autoreconf -i --install" seems to fix the problem.
+#
+
 AC_PREREQ([2.68])
 AC_INIT(firejail, 0.9.61, netblue30@yahoo.com, , https://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
@@ -39,6 +48,14 @@ AS_IF([test "x$enable_overlayfs" != "xno"], [
 	AC_SUBST(HAVE_OVERLAYFS)
 ])
 
+HAVE_FIRETUNNEL=""
+AC_ARG_ENABLE([firetunnel],
+    AS_HELP_STRING([--disable-firetunnel], [disable firetunnel]))
+AS_IF([test "x$enable_firetunnel" != "xno"], [
+	HAVE_FIRETUNNEL="-DHAVE_FIRETUNNEL"
+	AC_SUBST(HAVE_FIRETUNNEL)
+])
+
 HAVE_PRIVATEHOME=""
 AC_ARG_ENABLE([private-home],
     AS_HELP_STRING([--disable-private-home], [disable private home feature]))
@@ -186,6 +203,7 @@ echo "   whitelisting: $HAVE_WHITELIST"
 echo "   private home support: $HAVE_PRIVATE_HOME"
 echo "   file transfer support: $HAVE_FILE_TRANSFER"
 echo "   overlayfs support: $HAVE_OVERLAYFS"
+echo "   firetunnel support: $HAVE_FIRETUNNEL"
 echo "   busybox workaround: $BUSYBOX_WORKAROUND"
 echo "   Spectre compiler patch: $HAVE_SPECTRE"
 echo "   EXTRA_LDFLAGS: $EXTRA_LDFLAGS"
diff --git a/src/common.mk.in b/src/common.mk.in
index b9af977ae..1b6ad91a5 100644
--- a/src/common.mk.in
+++ b/src/common.mk.in
@@ -20,6 +20,7 @@ HAVE_WHITELIST=@HAVE_WHITELIST@
 HAVE_GLOBALCFG=@HAVE_GLOBALCFG@
 HAVE_APPARMOR=@HAVE_APPARMOR@
 HAVE_OVERLAYFS=@HAVE_OVERLAYFS@
+HAVE_FIRETUNNEL=@HAVE_FIRETUNNEL@
 HAVE_PRIVATE_HOME=@HAVE_PRIVATE_HOME@
 HAVE_GCOV=@HAVE_GCOV@
 
@@ -28,7 +29,7 @@ C_FILE_LIST       = $(sort $(wildcard *.c))
 OBJS = $(C_FILE_LIST:.c=.o)
 BINOBJS =  $(foreach file, $(OBJS), $file)
 
-CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
+CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"'  $(HAVE_GCOV) -DPREFIX='"$(prefix)"'  -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_FIRETUNNEL) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security
 LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread
 EXTRA_LDFLAGS +=@EXTRA_LDFLAGS@
 EXTRA_CFLAGS +=@EXTRA_CFLAGS@
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 7ca72bf30..b11d795a9 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -278,6 +278,14 @@ void print_compiletime_support(void) {
 #endif
 		);
 
+	printf("\t- firetunnel support is %s\n",
+#ifdef HAVE_FIRETUNNEL
+		"enabled"
+#else
+		"disabled"
+#endif
+		);
+
 	printf("\t- networking support is %s\n",
 #ifdef HAVE_NETWORK
 		"enabled"
diff --git a/src/firejail/main.c b/src/firejail/main.c
index c50ed4dc4..2403cafa1 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -1498,6 +1498,7 @@ int main(int argc, char **argv) {
 				exit_err_feature("overlayfs");
 		}
 #endif
+#ifdef HAVE_FIRETUNNEL
 		else if (strcmp(argv[i], "--tunnel") == 0) {
 			// try to connect to the default client side of the tunnel
 			// if this fails, try the default server side of the tunnel
@@ -1523,7 +1524,7 @@ int main(int argc, char **argv) {
 				exit(1);
 			}
 		}
-
+#endif
 		else if (strncmp(argv[i], "--profile=", 10) == 0) {
 			// multiple profile files are allowed!
 
diff --git a/test/compile/compile.sh b/test/compile/compile.sh
index adacab616..e662b4d30 100755
--- a/test/compile/compile.sh
+++ b/test/compile/compile.sh
@@ -3,7 +3,7 @@
 arr[1]="TEST 1: standard compilation"
 arr[2]="TEST 2: compile seccomp disabled"
 arr[3]="TEST 3: compile chroot disabled"
-arr[4]="deprecated: TEST 4: compile bind disabled"
+arr[4]="TEST 4: compile firetunnel disabled"
 arr[5]="TEST 5: compile user namespace disabled"
 arr[6]="TEST 6: compile network disabled"
 arr[7]="TEST 7: compile X11 disabled"
@@ -107,6 +107,24 @@ cp output-configure oc3
 cp output-make om3
 rm output-configure output-make
 
+#*****************************************************************
+# TEST 4
+#*****************************************************************
+# - disable firetunnel configuration
+#*****************************************************************
+print_title "${arr[4]}"
+# seccomp
+cd firejail
+make distclean
+./configure --prefix=/usr --disable-firetunnel  --enable-fatal-warnings 2>&1 | tee ../output-configure
+make -j4 2>&1 | tee ../output-make
+cd ..
+grep Warning output-configure output-make > ./report-test4
+grep Error output-configure output-make >> ./report-test4
+cp output-configure oc4
+cp output-make om4
+rm output-configure output-make
+
 #*****************************************************************
 # TEST 5
 #*****************************************************************
-- 
cgit v1.2.3-54-g00ecf