configure.ac revision 1.1.1.2 
1dnl -*- mode: m4 -*-
2dnl Id: configure.ac,v 1.47.2.2 2005/02/22 23:56:08 manubsd Exp
3
4AC_PREREQ(2.52)
5AC_INIT(ipsec-tools, 0.6-20050223)
6AC_CONFIG_SRCDIR([configure.ac])
7AM_CONFIG_HEADER(config.h)
8
9AM_INIT_AUTOMAKE(dist-bzip2)
10
11AC_ENABLE_SHARED(no)
12
13AC_PROG_CC
14AM_PROG_CC_STDC
15AC_HEADER_STDC
16AC_PROG_LIBTOOL
17AC_PROG_YACC
18AM_PROG_LEX
19AC_SUBST(LEXLIB)
20AC_PROG_EGREP
21
22CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
23
24case $host in
25*netbsd*)
26	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
27	;;
28*linux*)
29	LIBS="$LIBS -lresolv"
30	INSTALL_OPTS="-o bin -g bin"
31	INCLUDE_GLIBC="include-glibc"
32	RPM="rpm"
33	AC_SUBST(INSTALL_OPTS)
34	AC_SUBST(INCLUDE_GLIBC)
35	AC_SUBST(RPM)
36	;;
37esac
38
39# Look up some IPsec-related headers
40AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
41AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
42AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
43
44# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
45if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
46    have_netinet_ipsec=yes
47    AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
48fi
49
50case "$host_os" in
51 *linux*)
52    AC_ARG_WITH(kernel-headers,
53	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
54		       [where your Linux Kernel headers are installed]),
55	    [ KERNEL_INCLUDE="$with_kernel_headers" 
56	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
57	      AC_SUBST(CONFIGURE_AMFLAGS) ],
58	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
59
60    AC_CHECK_FILE($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
61	[ AC_CHECK_FILE(/usr/src/linux/include/linux/pfkeyv2.h,
62	  KERNEL_INCLUDE=/usr/src/linux/include ,
63	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
64    AC_SUBST(KERNEL_INCLUDE)
65    # We need the configure script to run with correct kernel headers.
66    # However we don't want to point to kernel source tree in compile time,
67    # i.e. this will be removed from CPPFLAGS at the end of configure.
68    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
69
70    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
71    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
72               	[Are PF_KEY policy priorities supported?])], [],
73    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
74
75    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
76    AC_SUBST(GLIBC_BUGS)
77    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
78    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
79    ;;
80 *)
81    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
82      if test "$have_net_pfkey" = yes; then
83	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
84      else
85	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
86      fi
87    fi
88    ;;
89esac
90
91### Some basic toolchain checks
92
93# Checks for header files.
94AC_HEADER_STDC
95AC_HEADER_SYS_WAIT
96AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
97
98# Checks for typedefs, structures, and compiler characteristics.
99AC_C_CONST
100AC_TYPE_PID_T
101AC_TYPE_SIZE_T
102AC_HEADER_TIME
103AC_STRUCT_TM
104
105# Checks for library functions.
106AC_FUNC_MEMCMP
107AC_TYPE_SIGNAL
108AC_FUNC_VPRINTF
109AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy)
110AC_REPLACE_FUNCS(strdup)
111RACOON_CHECK_VA_COPY
112
113# Check if printf accepts "%z" type modifier for size_t argument
114AC_MSG_CHECKING(if printf accepts %z)
115saved_CFLAGS=$CFLAGS
116CFLAGS="$CFLAGS -Wall -Werror"
117AC_TRY_COMPILE([
118#include <stdio.h>
119], [
120printf("%zu\n", (size_t)-1);
121],
122	[AC_MSG_RESULT(yes)],
123	[AC_MSG_RESULT(no); CFLAGS_ADD="$CFLAGS_ADD -Wno-format"])
124CFLAGS=$saved_CFLAGS
125
126# Can we use __func__ macro?
127AC_MSG_CHECKING(if __func__ is available)
128AC_TRY_COMPILE(
129[#include <stdio.h>
130], [char *x = __func__;],
131	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
132	AC_MSG_RESULT(yes)],
133	[AC_MSG_RESULT(no)])
134
135# Check if readline support is requested
136AC_MSG_CHECKING(if readline support is requested)
137AC_ARG_WITH(readline,
138	[  --with-readline         support readline input (yes by default)],
139	[with_readline="$withval"], [with_readline="yes"])
140AC_MSG_RESULT($with_readline)
141
142# Is readline available?
143if test $with_readline != "no"; then
144	AC_CHECK_HEADER([readline/readline.h], 
145		[AC_CHECK_LIB(readline, readline, [
146				AC_DEFINE(HAVE_READLINE, [],
147					[Is readline available?])
148				LIBS="$LIBS -lreadline"
149		], [])], [])
150fi
151
152# Check if a different OpenSSL directory was specified
153AC_MSG_CHECKING(if --with-openssl option is specified)
154AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
155	[crypto_dir=$withval])
156AC_MSG_RESULT(${crypto_dir-default})
157
158if test "x$crypto_dir" != "x"; then
159	LIBS="$LIBS -L${crypto_dir}/lib"
160	CPPFLAGS_ADD="-I${crypto_dir}/include $CPPFLAGS_ADD"
161fi
162AC_MSG_CHECKING(openssl version)
163AC_EGREP_CPP(yes, [#include <openssl/opensslv.h>
164#if OPENSSL_VERSION_NUMBER >= 0x0090602fL
165yes
166#endif], [AC_MSG_RESULT(ok)], [AC_MSG_RESULT(too old)
167	AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
168	])
169AC_CHECK_HEADERS(openssl/engine.h)
170
171# checking rijndael
172AC_CHECK_HEADERS([openssl/aes.h], [], 
173	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
174
175# checking sha2
176AC_MSG_CHECKING(sha2 support)
177AC_DEFINE([WITH_SHA2], [], [SHA2 support])
178AC_CHECK_HEADER(openssl/sha2.h, [], [
179	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
180	AC_LIBOBJ([sha2])
181	CRYPTOBJS="$CRYPTOBJS sha2.o"])
182AC_SUBST(CRYPTOBJS)
183
184# Option --enable-adminport 
185AC_MSG_CHECKING(if --enable-adminport option is specified)
186AC_ARG_ENABLE(adminport,
187	[  --enable-adminport      enable admin port],
188	[], [enable_adminport=no])
189if test $enable_adminport = "yes"; then
190	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
191fi
192AC_MSG_RESULT($enable_adminport)
193
194# Option RC5
195AC_MSG_CHECKING(if --enable-rc5 option is specified)
196AC_ARG_ENABLE(rc5,
197	[  --enable-rc5		enable RC5 encryption (patented)],
198	[], [enable_rc5=no])
199AC_MSG_RESULT($enable_rc5)
200
201if test $enable_rc5 = "yes"; then
202	AC_CHECK_HEADERS([openssl/rc5.h])
203	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
204	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
205fi
206
207# Option IDEA
208AC_MSG_CHECKING(if --enable-idea option is specified)
209AC_ARG_ENABLE(idea,
210	[  --enable-idea	enable IDEA encryption (patented)],
211	[], [enable_idea=no])
212AC_MSG_RESULT($enable_idea)
213
214if test $enable_idea = "yes"; then
215	AC_CHECK_HEADERS([openssl/idea.h])
216	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
217	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
218fi
219AC_SUBST(EXTRA_CRYPTO)
220
221# Check for Kerberos5 support
222AC_MSG_CHECKING(if --enable-gssapi option is specified)
223AC_ARG_ENABLE(gssapi,
224	[  --enable-gssapi         enable GSS-API authentication],
225	[], [enable_gssapi=no])
226AC_MSG_RESULT($enable_gssapi)
227AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
228if test "x$enable_gssapi" = "xyes"; then
229	if test "$KRB5_CONFIG" != "no"; then
230		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
231		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
232	else
233		# No krb5-config; let's make some assumptions based on
234		# the OS.
235		case $host_os in
236		netbsd*)
237			krb5_incdir="-I/usr/include/krb5"
238			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
239			;;
240		*)
241			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
242			;;
243		esac
244	fi
245	LIBS="$LIBS $krb5_libs"
246	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
247	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
248fi
249
250AC_MSG_CHECKING([if --enable-hybrid option is specified])
251AC_ARG_ENABLE(hybrid, 
252    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
253    [
254	LIBS="$LIBS -lcrypt"; 
255	enable_hybrid=yes;
256	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
257	AC_SUBST(HYBRID_OBJS)
258	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
259    ],
260    [enable_hybrid=no])
261AC_MSG_RESULT($enable_hybrid)
262
263AC_MSG_CHECKING([if --enable-frag option is specified])
264AC_ARG_ENABLE(frag, 
265    [  --enable-frag           enable IKE fragmentation payload support],
266    [
267	LIBS="$LIBS -lcrypt"; 
268	enable_frag=yes;
269	FRAG_OBJS="isakmp_frag.o"
270	AC_SUBST(FRAG_OBJS)
271	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
272    ],
273    [enable_frag=no])
274AC_MSG_RESULT($enable_frag)
275
276AC_MSG_CHECKING(if --with-libradius option is specified)
277AC_ARG_WITH(libradius, 
278    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
279    [libradius_dir=$withval], 
280    [libradius_dir=no])
281AC_MSG_RESULT($libradius_dir)
282if test "$libradius_dir" != "no"; then
283	if test "$libradius_dir" = "yes" ; then
284		  libradius_dir="";
285	fi;
286	if test "x$libradius_dir" = "x"; then
287		RACOON_PATH_LIBS(rad_create_request, lradius)
288	else
289		if test -d "$libradius_dir/lib" -a \
290		    -d "$libradius_dir/include" ; then
291			RACOON_PATH_LIBS(rad_create_request, lradius, "$libradius_dir/lib")
292			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
293		else
294			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
295	  	fi
296	fi
297	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
298	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
299	AC_CHECK_FUNCS(rad_create_request)
300fi
301
302AC_MSG_CHECKING(if --with-libpam option is specified)
303AC_ARG_WITH(libpam, 
304    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
305    [libpam_dir=$withval], 
306    [libpam_dir=no])
307AC_MSG_RESULT($libpam_dir)
308if test "$libpam_dir" != "no"; then
309	if test "$libpam_dir" = "yes" ; then
310		  libpam_dir="";
311	fi;
312	if test "x$libpam_dir" = "x"; then
313		RACOON_PATH_LIBS(rad_create_request, lpam)
314	else
315		if test -d "$libpam_dir/lib" -a \
316		    -d "$libpam_dir/include" ; then
317			RACOON_PATH_LIBS(rad_create_request, lpam, "$libpam_dir/lib")
318			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
319		else
320			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
321	  	fi
322	fi
323	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
324	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
325	AC_CHECK_FUNCS(rad_create_request)
326fi
327
328AC_MSG_CHECKING(if --enable-stats option is specified)
329AC_ARG_ENABLE(stats,
330        [  --enable-stats          enable statistics logging function],
331        [], [enable_stats=no])
332if test "x$enable_stats" = "xyes"; then
333	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
334fi
335AC_MSG_RESULT($enable_stats)
336
337AC_MSG_CHECKING(if --enable-dpd option is specified)
338AC_ARG_ENABLE(dpd,
339        [  --enable-dpd            enable dead peer detection],
340        [], [enable_dpd=no])
341if test "x$enable_dpd" = "xyes"; then
342	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
343fi
344AC_MSG_RESULT($enable_dpd)
345
346
347AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
348AC_ARG_ENABLE(samode-unspec,
349        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
350        [], [enable_samode_unspec=no])
351if test "x$enable_samode_unspec" = "xyes"; then
352	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
353fi
354AC_MSG_RESULT($enable_samode_unspec)
355
356# Checks if IPv6 is requested
357AC_MSG_CHECKING([whether to enable ipv6])
358AC_ARG_ENABLE(ipv6,
359[  --disable-ipv6          disable ipv6 support],
360[ case "$enableval" in
361  no)
362       AC_MSG_RESULT(no)
363       ipv6=no
364       ;;
365  *)   AC_MSG_RESULT(yes)
366       ipv6=yes
367       ;;
368  esac ],
369
370  AC_TRY_RUN([ /* AF_INET6 avalable check */
371#include <sys/types.h>
372#include <sys/socket.h>
373main()
374{
375  exit(0);
376 if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
377   exit(1);
378 else
379   exit(0);
380}
381],
382  AC_MSG_RESULT(yes)
383  AC_DEFINE([INET6], [], [Support IPv6])
384  ipv6=yes,
385  AC_MSG_RESULT(no)
386  ipv6=no,
387  AC_MSG_RESULT(no)
388  ipv6=no
389))
390
391if test "$ipv6" = "yes"; then
392	AC_MSG_CHECKING(for advanced API support)
393	AC_TRY_COMPILE([#ifndef INET6
394#define INET6
395#endif
396#include <sys/types.h>
397#include <netinet/in.h>],
398		[struct in6_pktinfo a;],
399		[AC_MSG_RESULT(yes)
400		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
401		[AC_MSG_RESULT(no)])
402fi
403
404RACOON_CHECK_BUGGY_GETADDRINFO
405if test "$buggygetaddrinfo" = "yes"; then
406	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
407fi
408
409# Check if kernel support is available for NAT-T, defaults to no. 
410kernel_natt="no"
411
412AC_MSG_CHECKING(kernel NAT-Traversal support)
413case $host_os in
414linux*)
415# Linux kernel NAT-T check
416AC_EGREP_CPP(yes, 
417[#include <linux/pfkeyv2.h>
418#ifdef SADB_X_EXT_NAT_T_TYPE
419yes
420#endif
421], [kernel_natt="yes"])
422	;;
423freebsd*|netbsd*)
424# NetBSD case
425# Same check for FreeBSD
426AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
427       [kernel_natt="yes"],, [
428#define _KERNEL
429#include <sys/types.h>
430#include <net/pfkeyv2.h>
431])
432	;;
433esac
434AC_MSG_RESULT($kernel_natt)
435
436AC_MSG_CHECKING(whether to support NAT-T)
437AC_ARG_ENABLE(natt,
438	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
439        [if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi],
440	[enable_natt=$kernel_natt])
441AC_MSG_RESULT($enable_natt)
442
443if test "$enable_natt" = "yes"; then
444	if test "$kernel_natt" = "no" ; then 
445		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
446	else
447		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
448		NATT_OBJS="nattraversal.o"
449		AC_SUBST(NATT_OBJS)
450	fi
451fi
452
453# Set up defines for supported NAT-T versions.
454natt_versions_default="00,02,rfc"
455AC_MSG_CHECKING(which NAT-T versions to support)
456AC_ARG_ENABLE(natt_versions,
457	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
458	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
459	[ enable_natt_versions=$natt_versions_default ])
460if test "$enable_natt" = "yes"; then
461	AC_MSG_RESULT($enable_natt_versions)
462	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
463		case $i in 
464			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
465			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
466			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
467			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
468			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
469			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
470			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
471			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
472			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
473			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
474			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
475		esac
476	done
477	unset i
478else
479	AC_MSG_RESULT([none])
480fi
481
482AC_MSG_CHECKING(whether we support FWD policy)
483case $host in
484	*linux*)
485		AC_TRY_COMPILE([
486		#include <inttypes.h>
487		#include <linux/ipsec.h>
488			], [
489			int fwd = IPSEC_DIR_FWD;
490			],
491			[AC_MSG_RESULT(yes)
492			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
493			[AC_MSG_RESULT(no)])
494		;;
495	*)
496		AC_MSG_RESULT(no)
497		;;
498esac
499
500CFLAGS="$CFLAGS $CFLAGS_ADD"
501CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
502
503case $host in
504	*linux*)
505		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
506		# be symlinked to src/include-glibc/linux in
507		# compile time.
508		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
509		;;
510esac
511
512include_racoondir=${includedir}/racoon
513AC_SUBST(include_racoondir)
514
515AC_CONFIG_FILES([
516  Makefile
517  package_version.h
518  src/Makefile
519  src/include-glibc/Makefile
520  src/libipsec/Makefile
521  src/setkey/Makefile
522  src/racoon/Makefile
523  src/racoon/samples/psk.txt
524  src/racoon/samples/racoon.conf
525  rpm/Makefile
526  rpm/suse/Makefile
527  ])
528AC_OUTPUT
529