Fix issues flagged by Lintian. (#200)

* src: Add missing mptcpize LDFLAGS.

Hardening linker flags such as "-pie" were missing for the `mptcpize'
program.  Explicitly set mptcpize LDFLAGS accordingly.

* src: Do not add '-fPIE' to libmptcpwrap CFLAGS.

Prevent '-fPIE' from beging added to the libmptcpwrap CFLAGS.  '-fPIE'
is meant for executables, not shared libraries.

* src: Start mptcpd after systemd multi-user.target.

Lintian complains about the "WantedBy=socket.target" in the mptcpd
`mptcp.service' systemd unit file.  Use "multi-user.target" instead.

* configure: Avoid undefining _FORTIFY_SOURCE.

The configure script ended up causing _FORTIFY_SOURCE to be undefined
if the user explicitly adds _FORTIFY_SOURCE=2 to CPPFLAGS.  For
example, running the configure script like so:

    CPPFLAGS=-D_FORTIFY_SOURCE=2 ./configure

ultimately caused CPPFLAGS to contain "-D_FORTIFY_SOURCE=2
-U_FORTIFY_SOURCE" instead of "-D_FORTIFY_SOURCE=2
-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2" due to the AX_APPEND_FLAG()
Autoconf Archive macro behavior of not appending duplicate flags.

Only append -D_FORTIFY_SOURCE=2 to CPPFLAGS if the user hasn't defined
_FORTIFY_SOURCE rather than attempt to override the user provided
value.  This is more in line with Autoconf conventions as well.

* src: Install libmptcpwrap in ${libdir}/mptcpize.

Install the libmptcpwrap library in a ${libdir}/mptcpize instead of
${libdir}/mptcpd to differentiate it from mptcpd plugins.

Closes #202.

configure.ac

@@ -2,7 +2,7 @@
 #                                               -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 #
-# Copyright (c) 2017-2021, Intel Corporation
+# Copyright (c) 2017-2022, Intel Corporation
 
 AC_PREREQ([2.69])
 AC_INIT([mptcpd],
@@ -316,21 +316,29 @@ AC_ARG_ENABLE(stack-protection,
         [enable_stack_protection=yes])
 
 AS_IF([test "x$enable_stack_protection" = "xyes"],
-        [
-        # Fortify source
-        # Enabling optimization implies _FORTIFY_SOURCE on some platforms.
-        # Explicitly redefine to _FORTIFY_SOURCE=2 to make sure we have the
-        # desired fortification level.
-        AX_APPEND_FLAG([-U_FORTIFY_SOURCE], [CPPFLAGS])
-        AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])
-
-        # Stack-based buffer overrun detection
-        MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
-                                [# GCC < 4.9
-                                 MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
-                                ])
-        ],[]
-        )
+      [
+       # Harden/fortify source
+       #
+       # _FORTIFY_SOURCE=2 is the desired level of fortification for
+       # mptcpd, but we should still avoid overriding user defined
+       # values, including the case where _FORTIFY_SOURCE is
+       # implicitly defined under some levels optimization.
+       #
+       # Note that _FORTIFY_SOURCE is defined on the preprocessor
+       # command line instead of in <mptcpd/config.h> since the latter
+       # is not included in all mptcpd source files, and may also be
+       # included after C library headers.
+       AC_CHECK_DEFINE([_FORTIFY_SOURCE],
+                       [],
+                       [AX_APPEND_FLAG([-D_FORTIFY_SOURCE=2], [CPPFLAGS])])
+
+       # Stack-based buffer overrun detection
+       MPTCPD_ADD_COMPILE_FLAG([-fstack-protector-strong],
+                               [# GCC < 4.9
+                                MPTCPD_ADD_COMPILE_FLAG([-fstack-protector])
+                               ])
+      ],
+      [])
 
 # Format string vulnerabilities
 # -Wformat=2 implies:

src/Makefile.am

@@ -1,6 +1,6 @@
 ## SPDX-License-Identifier: BSD-3-Clause
 ##
-## Copyright (c) 2017-2019, 2021, Intel Corporation
+## Copyright (c) 2017-2019, 2021-2022, Intel Corporation
 
 include $(top_srcdir)/aminclude_static.am
 
@@ -62,24 +62,27 @@ else
 bin_PROGRAMS = mptcpd mptcpize
 endif
 
-pkglib_LTLIBRARIES = libmptcpwrap.la
+mptcpizelibdir = $(libdir)/mptcpize
+mptcpizelib_LTLIBRARIES = libmptcpwrap.la
 
-mptcpd_SOURCES  = mptcpd.c
-mptcpd_LDADD    =				\
+mptcpd_SOURCES = mptcpd.c
+mptcpd_LDADD   =				\
 	$(builddir)/libpath_manager.la		\
 	$(ELL_LIBS) $(CODE_COVERAGE_LIBS)
-mptcpd_LDFLAGS  = $(EXECUTABLE_LDFLAGS)
+mptcpd_LDFLAGS = $(EXECUTABLE_LDFLAGS)
 
 librevision=1
 
-mptcpize_SOURCES = mptcpize.c
+mptcpize_SOURCES  = mptcpize.c
 mptcpize_CPPFLAGS = \
 	$(AM_CPPFLAGS)			\
-	-DPKGLIBDIR=\"$(pkglibdir)\"	\
+	-DPKGLIBDIR=\"$(mptcpizelibdir)\" \
 	-DLIBREVISION=\"$(librevision)\"
-mptcpize_LDADD =  $(CODE_COVERAGE_LIBS)
+mptcpize_LDADD    = $(CODE_COVERAGE_LIBS)
+mptcpize_LDFLAGS  = $(EXECUTABLE_LDFLAGS)
 
 libmptcpwrap_la_SOURCES = mptcpwrap.c
+libmptcpwrap_la_CFLAGS  = $(CODE_COVERAGE_CFLAGS)
 libmptcpwrap_la_LDFLAGS = -version-info 0:$(librevision):0
 libmptcpwrap_la_LIBADD  = $(CODE_COVERAGE_LIBS)
 

src/mptcp.service.in

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: BSD-3-Clause
 #
-# Copyright (c) 2017-2019, Intel Corporation
+# Copyright (c) 2017-2019, 2022, Intel Corporation
 
 [Unit]
 Description=Multipath TCP service
@@ -16,4 +16,4 @@ AmbientCapabilities=CAP_NET_ADMIN
 LimitNPROC=1
 
 [Install]
-WantedBy=sockets.target
+WantedBy=multi-user.target