configure.ac revision 1.3.4.3 
11541Srgrimesdnl -*- mode: m4 -*-
222521Sdysondnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
31541Srgrimes
41541SrgrimesAC_PREREQ(2.52)
51541SrgrimesAC_INIT(ipsec-tools, 0.7-beta2)
61541SrgrimesAC_CONFIG_SRCDIR([configure.ac])
71541SrgrimesAM_CONFIG_HEADER(config.h)
81541Srgrimes
91541SrgrimesAM_INIT_AUTOMAKE(dist-bzip2)
101541Srgrimes
111541SrgrimesAC_ENABLE_SHARED(no)
121541Srgrimes
131541SrgrimesAC_PROG_CC
141541SrgrimesAM_PROG_CC_STDC
151541SrgrimesAC_HEADER_STDC
161541SrgrimesAC_PROG_LIBTOOL
171541SrgrimesAC_PROG_YACC
181541SrgrimesAM_PROG_LEX
191541SrgrimesAC_SUBST(LEXLIB)
201541SrgrimesAC_PROG_EGREP
211541Srgrimes
221541SrgrimesCFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
231541Srgrimes
241541Srgrimescase $host in
251541Srgrimes*netbsd*)
261541Srgrimes	LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
271541Srgrimes	;;
281541Srgrimes*linux*)
291541Srgrimes	LIBS="$LIBS -lresolv"
301541Srgrimes	INSTALL_OPTS="-o bin -g bin"
311541Srgrimes	INCLUDE_GLIBC="include-glibc"
321541Srgrimes	RPM="rpm"
331541Srgrimes	AC_SUBST(INSTALL_OPTS)
341541Srgrimes	AC_SUBST(INCLUDE_GLIBC)
351541Srgrimes	AC_SUBST(RPM)
3622521Sdyson	;;
3721673Sjkh*darwin*)
381541Srgrimes	LIBS="$LIBS -lresolv"
391541Srgrimes	;;
402175Spaulesac
412175Spaul
422175Spaul# Look up some IPsec-related headers
431541SrgrimesAC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
441541SrgrimesAC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
451541SrgrimesAC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
461541Srgrimes
4722521Sdyson# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
4822521Sdysonif test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
491541Srgrimes    have_netinet_ipsec=yes
509336Sdfr    AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>])
519336Sdfrfi
529336Sdfr
539336Sdfrcase "$host_os" in
549336Sdfr *linux*)
559336Sdfr    AC_ARG_WITH(kernel-headers,
561541Srgrimes	AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
571541Srgrimes		       [where your Linux Kernel headers are installed]),
581541Srgrimes	    [ KERNEL_INCLUDE="$with_kernel_headers" 
591541Srgrimes	      CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
601828Sdg	      AC_SUBST(CONFIGURE_AMFLAGS) ],
611541Srgrimes	    [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
621828Sdg
631828Sdg    AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
641541Srgrimes	[ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
651828Sdg	  KERNEL_INCLUDE=/usr/src/linux/include ,
661541Srgrimes	  [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
671541Srgrimes    AC_SUBST(KERNEL_INCLUDE)
689336Sdfr    # We need the configure script to run with correct kernel headers.
691541Srgrimes    # However we don't want to point to kernel source tree in compile time,
701541Srgrimes    # i.e. this will be removed from CPPFLAGS at the end of configure.
711541Srgrimes    CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
7222521Sdyson
739336Sdfr    AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
749336Sdfr    	[AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
759336Sdfr               	[Are PF_KEY policy priorities supported?])], [],
769336Sdfr    	[#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
779336Sdfr
789336Sdfr    GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
799336Sdfr    GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
809336Sdfr    CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
819336Sdfr    CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
821541Srgrimes    AC_SUBST(GLIBC_BUGS)
839336Sdfr    ;;
849336Sdfr *)
859336Sdfr    if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
869336Sdfr      if test "$have_net_pfkey" = yes; then
879336Sdfr	AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
889336Sdfr      else
891541Srgrimes	AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
901541Srgrimes      fi
919336Sdfr    fi
929336Sdfr    ;;
939336Sdfresac
949336Sdfr
959336Sdfr### Some basic toolchain checks
969336Sdfr
979336Sdfr# Checks for header files.
989336SdfrAC_HEADER_STDC
999336SdfrAC_HEADER_SYS_WAIT
1009336SdfrAC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
1019336SdfrAC_CHECK_HEADERS(shadow.h)
1029336Sdfr
1039336Sdfr# Checks for typedefs, structures, and compiler characteristics.
1049336SdfrAC_C_CONST
1059336SdfrAC_TYPE_PID_T
1069336SdfrAC_TYPE_SIZE_T
1079336SdfrAC_HEADER_TIME
1089336SdfrAC_STRUCT_TM
1099336Sdfr
1101541Srgrimes# Checks for library functions.
1111541SrgrimesAC_FUNC_MEMCMP
1121541SrgrimesAC_TYPE_SIGNAL
1131541SrgrimesAC_FUNC_VPRINTF
1141541SrgrimesAC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
1151541SrgrimesAC_REPLACE_FUNCS(strdup)
1161541SrgrimesRACOON_CHECK_VA_COPY
1171541Srgrimes
1181541Srgrimes# Check if printf accepts "%z" type modifier for size_t argument
1199336SdfrAC_MSG_CHECKING(if printf accepts %z)
1209336Sdfrsaved_CFLAGS=$CFLAGS
1219336SdfrCFLAGS="$CFLAGS -Wall -Werror"
1229336SdfrAC_TRY_COMPILE([
1239336Sdfr#include <stdio.h>
1249336Sdfr], [
1259336Sdfrprintf("%zu\n", (size_t)-1);
1269336Sdfr],
1279336Sdfr	[AC_MSG_RESULT(yes)],
1289336Sdfr	[AC_MSG_RESULT(no);
1299336Sdfr	 CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
1309336Sdfr	 AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
1319336Sdfr	])
13222521SdysonCFLAGS=$saved_CFLAGS
13322521Sdyson
1349336Sdfr# Can we use __func__ macro?
13522521SdysonAC_MSG_CHECKING(if __func__ is available)
13622521SdysonAC_TRY_COMPILE(
13722521Sdyson[#include <stdio.h>
13822521Sdyson], [char *x = __func__;],
13922521Sdyson	[AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
14022521Sdyson	AC_MSG_RESULT(yes)],
14122521Sdyson	[AC_MSG_RESULT(no)])
14222521Sdyson
14322521Sdyson# Check if readline support is requested
14422521SdysonAC_MSG_CHECKING(if readline support is requested)
14522521SdysonAC_ARG_WITH(readline,
14622521Sdyson	[  --with-readline         support readline input (yes by default)],
14722521Sdyson	[with_readline="$withval"], [with_readline="yes"])
14822521SdysonAC_MSG_RESULT($with_readline)
14922521Sdyson
15022521Sdyson# Is readline available?
15122521Sdysonif test $with_readline != "no"; then
15222521Sdyson	AC_CHECK_HEADER([readline/readline.h], 
15322521Sdyson		[AC_CHECK_LIB(readline, readline, [
15422521Sdyson				AC_DEFINE(HAVE_READLINE, [],
15522521Sdyson					[Is readline available?])
15622521Sdyson				LIBS="$LIBS -lreadline"
15722521Sdyson		], [])], [])
15822521Sdysonfi
15922521Sdyson
16022521Sdyson
16122521SdysonAC_MSG_CHECKING(if --with-flex option is specified)
16222521SdysonAC_ARG_WITH(flexdir,
16322521Sdyson	[AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
16422521Sdyson	[flexdir="$withval"])
16522521SdysonAC_MSG_RESULT(${flexdir-dirdefault})
16622521Sdyson
16722521Sdysonif test "x$flexdir" != "x"; then
16822521Sdyson	LIBS="$LIBS $flexdir/libfl.a"
16922521Sdysonfi
17022521Sdyson
17122521SdysonAC_MSG_CHECKING(if --with-flexlib option is specified)
17222521SdysonAC_ARG_WITH(flexlib,
17322521Sdyson	[  --with-flexlib=<LIB>    specify flex library.],
17422521Sdyson	[flexlib="$withval"])
17522521SdysonAC_MSG_RESULT(${flexlib-default})
17622521Sdyson
17722521Sdysonif test "x$flexlib" != "x"; then
17822521Sdyson	LIBS="$LIBS $flexlib"
17922521Sdysonfi
18022521Sdyson
18122521Sdyson# Check if a different OpenSSL directory was specified
18222521SdysonAC_MSG_CHECKING(if --with-openssl option is specified)
18322521SdysonAC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
18422521Sdyson	[crypto_dir=$withval])
18522521SdysonAC_MSG_RESULT(${crypto_dir-default})
18622521Sdyson
18722521Sdysonif test "x$crypto_dir" != "x"; then
18822521Sdyson	LIBS="$LIBS -L${crypto_dir}/lib"
18922521Sdyson	CPPFLAGS="-I${crypto_dir}/include $CPPLAGS"
19022521Sdysonfi
19122521SdysonAC_MSG_CHECKING(openssl version)
19222521Sdyson
19322521SdysonAC_TRY_COMPILE(
19422521Sdyson[#include <openssl/opensslv.h>
19522521Sdyson],
19622521Sdyson[#if OPENSSL_VERSION_NUMBER < 0x0090602fL
19722521Sdyson#error OpenSSL version is too old ...
19822521Sdyson#endif],
19922521Sdyson[AC_MSG_RESULT([ok])],
20022521Sdyson[AC_MSG_RESULT(too old)
20122521SdysonAC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
20222521Sdyson])
20322521Sdyson
20422521SdysonAC_CHECK_HEADERS(openssl/engine.h)
20522521Sdyson
20622521Sdyson# checking rijndael
20722521SdysonAC_CHECK_HEADERS([openssl/aes.h], [], 
20822521Sdyson	[CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
20922521Sdyson
21022521Sdyson# checking sha2
21122521SdysonAC_MSG_CHECKING(sha2 support)
21222521SdysonAC_DEFINE([WITH_SHA2], [], [SHA2 support])
21322521SdysonAC_MSG_RESULT(yes)
21422521SdysonAC_CHECK_HEADER(openssl/sha2.h, [], [
21522521Sdyson	AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
21622521Sdyson	AC_TRY_COMPILE([
21722521Sdyson		#ifdef HAVE_SYS_TYPES_H
21822521Sdyson		#include <sys/types.h>
21922521Sdyson		#endif
22022521Sdyson		#include <openssl/sha.h>
22122521Sdyson	], [
22222521Sdyson		SHA256_CTX ctx;
22322521Sdyson	], [
22422521Sdyson	    AC_MSG_RESULT(yes)
22522521Sdyson	    AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
22622521Sdyson	], [AC_MSG_RESULT(no)
22722521Sdyson	    AC_LIBOBJ([sha2])
22822521Sdyson	    CRYPTOBJS="$CRYPTOBJS sha2.o"
22922521Sdyson	])
23022521Sdyson
23122521Sdyson	CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing"
23222521Sdyson])
23322521SdysonAC_SUBST(CRYPTOBJS)
2341541Srgrimes
2351541Srgrimes# checking camellia
2361541SrgrimesAC_CHECK_HEADERS([openssl/camellia.h])
2371541Srgrimes
2381541Srgrimes
23922521Sdyson# Option --enable-adminport 
2401541SrgrimesAC_MSG_CHECKING(if --enable-adminport option is specified)
2411541SrgrimesAC_ARG_ENABLE(adminport,
2421541Srgrimes	[  --enable-adminport      enable admin port],
2431541Srgrimes	[], [enable_adminport=no])
2441541Srgrimesif test $enable_adminport = "yes"; then
2451541Srgrimes	AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
2461541Srgrimesfi
2471541SrgrimesAC_MSG_RESULT($enable_adminport)
2481541Srgrimes
2499336Sdfr# Option RC5
2509336SdfrAC_MSG_CHECKING(if --enable-rc5 option is specified)
2519336SdfrAC_ARG_ENABLE(rc5,
2529336Sdfr	[  --enable-rc5		enable RC5 encryption (patented)],
2539336Sdfr	[], [enable_rc5=no])
2549336SdfrAC_MSG_RESULT($enable_rc5)
2551541Srgrimes
2561541Srgrimesif test $enable_rc5 = "yes"; then
2571541Srgrimes	AC_CHECK_HEADERS([openssl/rc5.h])
2581541Srgrimes	AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
2591541Srgrimes	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
2601541Srgrimesfi
2611541Srgrimes
2629336Sdfr# Option IDEA
2639336SdfrAC_MSG_CHECKING(if --enable-idea option is specified)
2649336SdfrAC_ARG_ENABLE(idea,
2659336Sdfr	[  --enable-idea	enable IDEA encryption (patented)],
2661541Srgrimes	[], [enable_idea=no])
2671541SrgrimesAC_MSG_RESULT($enable_idea)
2681541Srgrimes
26922521Sdysonif test $enable_idea = "yes"; then
27022521Sdyson	AC_CHECK_HEADERS([openssl/idea.h])
27122521Sdyson	AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
27222521Sdyson	    [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
2731541Srgrimesfi
2741541SrgrimesAC_SUBST(EXTRA_CRYPTO)
2751541Srgrimes
2761541Srgrimes# For dynamic libradius
2771541SrgrimesRACOON_PATH_LIBS([MD5_Init], [crypto])
2781541Srgrimes
2791541Srgrimes# Check if we need -lutil for login(3)
2801541SrgrimesRACOON_PATH_LIBS([login], [util])
2811541Srgrimes
2821541Srgrimes# Specify libiconv prefix
2831541SrgrimesAC_MSG_CHECKING(if --with-libiconv option is specified)
2841541SrgrimesAC_ARG_WITH(libiconv, 
2851541Srgrimes    [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
2861541Srgrimes    [libiconv_dir=$withval], 
2871541Srgrimes    [libiconv_dir=no])
2881541SrgrimesAC_MSG_RESULT($libiconv_dir)
2891541Srgrimesif test "$libiconv_dir" != "no"; then
2901541Srgrimes	if test "$libiconv_dir" = "yes" ; then
2911541Srgrimes		  libiconv_dir="";
2921541Srgrimes	fi;
2931541Srgrimes	if test "x$libiconv_dir" = "x"; then
2941541Srgrimes		RACOON_PATH_LIBS([iconv_open], [iconv])
2951541Srgrimes	else
2961541Srgrimes		if test -d "$libiconv_dir/lib" -a \
2971541Srgrimes		    -d "$libiconv_dir/include" ; then
2981541Srgrimes			RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
2991541Srgrimes			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
3001541Srgrimes		else
3011541Srgrimes			AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
3021541Srgrimes	  	fi
3031541Srgrimes	fi
3041541Srgrimes	LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
3051541Srgrimes	AC_CHECK_FUNCS(iconv_open)
3061541Srgrimesfi
3071541Srgrimes
3089336SdfrAC_MSG_CHECKING([if --enable-hybrid option is specified])
3091541SrgrimesAC_ARG_ENABLE(hybrid, 
31022521Sdyson    [  --enable-hybrid	  enable hybrid, both mode-cfg and xauth support],
3111541Srgrimes    [], [enable_hybrid=no])
3121541SrgrimesAC_MSG_RESULT($enable_hybrid)
3131541Srgrimes
3141541Srgrimesif test "x$enable_hybrid" = "xyes"; then
3151541Srgrimes	case $host in
3161541Srgrimes		*darwin*)
3171541Srgrimes		;;
3181541Srgrimes	*)
3191541Srgrimes		LIBS="$LIBS -lcrypt";
3201541Srgrimes		;;
3211541Srgrimes	esac
3221541Srgrimes	HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
3231541Srgrimes	AC_SUBST(HYBRID_OBJS)
3243820Swollman	AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
3253820Swollmanfi
3263820Swollman
3273820SwollmanAC_MSG_CHECKING([if --enable-frag option is specified])
3283820SwollmanAC_ARG_ENABLE(frag, 
3293820Swollman    [  --enable-frag           enable IKE fragmentation payload support],
3303820Swollman    [], [enable_frag=no])
3313820SwollmanAC_MSG_RESULT($enable_frag)
3323820Swollman
3333820Swollmanif test "x$enable_frag" = "xyes"; then
3341541Srgrimes	case $host in
3351541Srgrimes	*darwin*)
3361541Srgrimes		;;
3371541Srgrimes	*)
3381541Srgrimes		LIBS="$LIBS -lcrypt"; 
3391541Srgrimes		;;
3401541Srgrimes	esac
34122521Sdyson	FRAG_OBJS="isakmp_frag.o"
3424067Swollman	AC_SUBST(FRAG_OBJS)
3434067Swollman	AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
3444067Swollmanfi
3451541Srgrimes
3461541SrgrimesAC_MSG_CHECKING(if --with-libradius option is specified)
3471541SrgrimesAC_ARG_WITH(libradius, 
3481541Srgrimes    [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
3491541Srgrimes    [libradius_dir=$withval], 
3501541Srgrimes    [libradius_dir=no])
3511541SrgrimesAC_MSG_RESULT($libradius_dir)
3521541Srgrimesif test "$libradius_dir" != "no"; then
3531541Srgrimes	if test "$libradius_dir" = "yes" ; then
3541541Srgrimes		  libradius_dir="";
3551541Srgrimes	fi;
3561541Srgrimes	if test "x$libradius_dir" = "x"; then
3571541Srgrimes		RACOON_PATH_LIBS([rad_create_request], [radius])
3581541Srgrimes	else
3591541Srgrimes		if test -d "$libradius_dir/lib" -a \
3603664Sphk		    -d "$libradius_dir/include" ; then
3611541Srgrimes			RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
3621541Srgrimes			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
3631541Srgrimes		else
3641541Srgrimes			AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
3651541Srgrimes	  	fi
3661541Srgrimes	fi
3671541Srgrimes	AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
3681541Srgrimes	LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
3691541Srgrimes	AC_CHECK_FUNCS(rad_create_request)
3701541Srgrimesfi
3711541Srgrimes
3721541SrgrimesAC_MSG_CHECKING(if --with-libpam option is specified)
3731541SrgrimesAC_ARG_WITH(libpam, 
3741541Srgrimes    [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
3751541Srgrimes    [libpam_dir=$withval], 
3761541Srgrimes    [libpam_dir=no])
3773664SphkAC_MSG_RESULT($libpam_dir)
3783664Sphkif test "$libpam_dir" != "no"; then
3793664Sphk	if test "$libpam_dir" = "yes" ; then
3809759Sbde		  libpam_dir="";
3813664Sphk	fi;
3821541Srgrimes	if test "x$libpam_dir" = "x"; then
3831541Srgrimes		RACOON_PATH_LIBS([pam_start], [pam])
3841541Srgrimes	else
3851541Srgrimes		if test -d "$libpam_dir/lib" -a \
3861541Srgrimes		    -d "$libpam_dir/include" ; then
3871541Srgrimes			RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
3881541Srgrimes			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
3891541Srgrimes		else
3901541Srgrimes			AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
3911541Srgrimes	  	fi
3921541Srgrimes	fi
3931541Srgrimes	AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
3941541Srgrimes	LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
3951541Srgrimes	AC_CHECK_FUNCS(pam_start)
3961541Srgrimesfi
3971541Srgrimes
3989336SdfrAC_MSG_CHECKING(if --with-libldap option is specified)
3999336SdfrAC_ARG_WITH(libldap, 
4009336Sdfr    [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
4013664Sphk    [libldap_dir=$withval], 
4029336Sdfr    [libldap_dir=no])
4039336SdfrAC_MSG_RESULT($libldap_dir)
4049336Sdfrif test "$libldap_dir" != "no"; then
4059336Sdfr	if test "$libldap_dir" = "yes" ; then
4069336Sdfr		  libldap_dir="";
4079336Sdfr	fi;
4089336Sdfr	if test "x$libldap_dir" = "x"; then
40919449Sdfr		RACOON_PATH_LIBS([ldap_init], [ldap])
4109336Sdfr	else
4119336Sdfr		if test -d "$libldap_dir/lib" -a \
4129336Sdfr		    -d "$libldap_dir/include" ; then
4139336Sdfr			RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
4149336Sdfr			CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
4151541Srgrimes		else
4161541Srgrimes			AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
4171541Srgrimes	  	fi
4181541Srgrimes	fi
4191541Srgrimes	AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
4201541Srgrimes	LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
4211541Srgrimes
4221541Srgrimes	saved_CFLAGS=$CFLAGS
4231541Srgrimes	CFLAGS="$CFLAGS -Wall -Werror"
4241541Srgrimes	saved_CPPFLAGS=$CPPFLAGS
4253664Sphk        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
4263664Sphk	AC_TRY_COMPILE(
4271541Srgrimes		[#include <ldap.h>],
4281541Srgrimes		[
4291541Srgrimes			#if LDAP_API_VERSION < 2004
4309336Sdfr			#error OpenLDAP version is too old ...
4319336Sdfr			#endif
4329336Sdfr		],
4339336Sdfr		[AC_MSG_RESULT([ok])],
4341541Srgrimes		[
4351541Srgrimes			AC_MSG_RESULT(too old)
4361541Srgrimes			AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
4371541Srgrimes		])
4381541Srgrimes	CFLAGS=$saved_CFLAGS
4391541Srgrimes	CPPFLAGS=$saved_CPPFLAGS
4409336Sdfrfi
4419336Sdfr
4421541Srgrimes# Check for Kerberos5 support
4431541Srgrimes# XXX This must come after all --with-* tests, else the
4443664Sphk# -liconv checks will not work
4453664SphkAC_MSG_CHECKING(if --enable-gssapi option is specified)
4461541SrgrimesAC_ARG_ENABLE(gssapi,
4471541Srgrimes	[  --enable-gssapi         enable GSS-API authentication],
4481541Srgrimes	[], [enable_gssapi=no])
4491541SrgrimesAC_MSG_RESULT($enable_gssapi)
4501541SrgrimesAC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
4511541Srgrimesif test "x$enable_gssapi" = "xyes"; then
4521541Srgrimes	if test "$KRB5_CONFIG" != "no"; then
4539336Sdfr		krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
4549336Sdfr		krb5_libs="`$KRB5_CONFIG --libs gssapi`"
4559336Sdfr	else
4569336Sdfr		# No krb5-config; let's make some assumptions based on
4579336Sdfr		# the OS.
4581541Srgrimes		case $host_os in
4599336Sdfr		netbsd*)
4609336Sdfr			krb5_incdir="-I/usr/include/krb5"
4619336Sdfr			krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
4629336Sdfr			;;
4631541Srgrimes		*)
4641541Srgrimes			AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
4651541Srgrimes			;;
4661541Srgrimes		esac
4671541Srgrimes	fi
4681541Srgrimes	LIBS="$LIBS $krb5_libs"
4691541Srgrimes	CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
4701541Srgrimes	AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
4719336Sdfr
4721541Srgrimes	# Check if iconv 2nd argument needs const 
4731541Srgrimes	saved_CFLAGS=$CFLAGS
4749759Sbde	CFLAGS="$CFLAGS -Wall -Werror"
4759759Sbde	saved_CPPFLAGS=$CPPFLAGS
4763664Sphk        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
4773664Sphk	AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
4783664Sphk	AC_MSG_CHECKING([if iconv second argument needs const])
4791541Srgrimes	AC_TRY_COMPILE([
4801541Srgrimes		#include <iconv.h>
4811541Srgrimes		#include <stdio.h>
4821541Srgrimes	], [
4839336Sdfr		iconv_t cd = NULL;
4849336Sdfr		const char **src = NULL;
4859336Sdfr		size_t *srcleft = NULL;
4869336Sdfr		char **dst = NULL;
4879336Sdfr		size_t *dstleft = NULL;
4889336Sdfr
4899336Sdfr		(void)iconv(cd, src, srcleft, dst, dstleft);
4909336Sdfr	], [AC_MSG_RESULT(yes)
4919336Sdfr	    AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
4921541Srgrimes	], [AC_MSG_RESULT(no)])
4931541Srgrimes	CFLAGS=$saved_CFLAGS
4949336Sdfr	CPPFLAGS=$saved_CPPFLAGS
4951541Srgrimes
4963664Sphk	# libiconv is often integrated into libc. If a with-* option
4973664Sphk	# caused a non libc-based iconv.h to be catched instead of
4983664Sphk	# the libc-based iconv.h, then we need to link with -liconv
4993305Sphk	AC_MSG_CHECKING(if -liconv is required)
5009336Sdfr	saved_CPPFLAGS=$CPPFLAGS
5019336Sdfr	saved_LIBS=$LIBS
5029336Sdfr	CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
5039336Sdfr	AC_TRY_LINK([
5049336Sdfr		#include <iconv.h>
5059336Sdfr	], [
5069336Sdfr		(void)iconv_open("ascii", "ascii");
5079336Sdfr	],
5089336Sdfr		[AC_MSG_RESULT(no)],
5099336Sdfr		[
5109336Sdfr			LIBS="$LIBS -liconv"
5119336Sdfr			AC_TRY_LINK([
5129336Sdfr				#include <iconv.h>
5139336Sdfr		], [
5149336Sdfr				(void)iconv_open("ascii", "ascii");
5159336Sdfr			],
5169336Sdfr			[
5179336Sdfr				AC_MSG_RESULT(yes)
5189336Sdfr				saved_LIBS=$LIBS
5199336Sdfr			], [
5209336Sdfr				AC_MSG_ERROR([cannot use iconv])
5219336Sdfr			])
5229336Sdfr		])
5239336Sdfr	CPPFLAGS=$saved_CPPFLAGS
5249336Sdfr	LIBS=$saved_LIBS
5259336Sdfrfi
5269336Sdfr
5279336SdfrAC_MSG_CHECKING(if --enable-stats option is specified)
5289336SdfrAC_ARG_ENABLE(stats,
5299336Sdfr        [  --enable-stats          enable statistics logging function],
5309336Sdfr        [], [enable_stats=no])
5319336Sdfrif test "x$enable_stats" = "xyes"; then
5329336Sdfr	AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
5339336Sdfrfi
5349336SdfrAC_MSG_RESULT($enable_stats)
5359336Sdfr
5369336SdfrAC_MSG_CHECKING(if --enable-dpd option is specified)
5379336SdfrAC_ARG_ENABLE(dpd,
5389336Sdfr        [  --enable-dpd            enable dead peer detection],
5399336Sdfr        [], [enable_dpd=no])
5409759Sbdeif test "x$enable_dpd" = "xyes"; then
5419759Sbde	AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
5423664Sphkfi
5433664SphkAC_MSG_RESULT($enable_dpd)
5449336Sdfr
5459336SdfrAC_MSG_CHECKING(if --enable-fastquit option is specified)
5469336SdfrAC_ARG_ENABLE(fastquit,
5479336Sdfr        [  --enable-fastquit            enable new faster code to flush SAs when stopping racoon],
5489336Sdfr        [], [enable_fastquit=no])
5499336Sdfrif test "x$enable_fastquit" = "xyes"; then
5509336Sdfr	AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code])
5519336Sdfrfi
5529336SdfrAC_MSG_RESULT($enable_fastquit)
5539336Sdfr
5549336Sdfr
5559336SdfrAC_MSG_CHECKING(if --enable-samode-unspec option is specified)
55622521SdysonAC_ARG_ENABLE(samode-unspec,
55722521Sdyson        [  --enable-samode-unspec  enable to use unspecified a mode of SA],
5583305Sphk        [], [enable_samode_unspec=no])
5599336Sdfrif test "x$enable_samode_unspec" = "xyes"; then
5603305Sphk	case $host_os in
5619336Sdfr	*linux*)
5623305Sphk		cat << EOC
56312453Sbde		
5643305SphkERROR: --enable-samode-unspec is not supported under linux 
5653305Sphkbecause linux kernel do not support it. This option is disabled 
5663305Sphkto prevent mysterious problems.
5679336Sdfr
5683305SphkIf you REALLY know what your are doing, remove this check.
5693305SphkEOC
5703305Sphk		exit 1;
5713305Sphk		;;
5723305Sphk	esac
5739336Sdfr	AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
5743305Sphkfi
5759336SdfrAC_MSG_RESULT($enable_samode_unspec)
5769336Sdfr
5779336Sdfr# Checks if IPv6 is requested
5783305SphkAC_MSG_CHECKING([whether to enable ipv6])
5793305SphkAC_ARG_ENABLE(ipv6,
5803305Sphk[  --disable-ipv6          disable ipv6 support],
5819336Sdfr[ case "$enableval" in
5823305Sphk  no)
5833305Sphk       AC_MSG_RESULT(no)
5843305Sphk       ipv6=no
5859336Sdfr       ;;
5869336Sdfr  *)   AC_MSG_RESULT(yes)
5879336Sdfr       ipv6=yes
5883305Sphk       ;;
5893305Sphk  esac ],
5903305Sphk
5919336Sdfr  AC_TRY_RUN([ /* AF_INET6 avalable check */
5929336Sdfr#include <sys/types.h>
5939336Sdfr#include <sys/socket.h>
5949336Sdfrmain()
59522521Sdyson{
5963305Sphk  exit(0);
59722521Sdyson if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
5983305Sphk   exit(1);
5993305Sphk else
6003305Sphk   exit(0);
6013305Sphk}
6023305Sphk],
6039336Sdfr  AC_MSG_RESULT(yes)
6049336Sdfr  AC_DEFINE([INET6], [], [Support IPv6])
6059336Sdfr  ipv6=yes,
6069336Sdfr  AC_MSG_RESULT(no)
6079336Sdfr  ipv6=no,
60817761Sdyson  AC_MSG_RESULT(no)
60912588Sbde  ipv6=no
6109336Sdfr))
6119336Sdfr
6129336Sdfrif test "$ipv6" = "yes"; then
6139336Sdfr	AC_DEFINE([INET6], [], [Support IPv6])
6146361Sphk	AC_MSG_CHECKING(for advanced API support)
61512588Sbde	AC_TRY_COMPILE([#ifndef INET6
61612588Sbde#define INET6
61712588Sbde#endif
61812588Sbde#include <sys/types.h>
61912588Sbde#include <netinet/in.h>],
62012588Sbde		[struct in6_pktinfo a;],
62112911Sphk		[AC_MSG_RESULT(yes)
62212911Sphk		 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
62312911Sphk		[AC_MSG_RESULT(no)])
62412588Sbdefi
62512588Sbde
62612588SbdeRACOON_CHECK_BUGGY_GETADDRINFO
62712588Sbdeif test "$buggygetaddrinfo" = "yes"; then
62812588Sbde	AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
62912588Sbdefi
63012588Sbde
63112588Sbde# Check if kernel support is available for NAT-T, defaults to no. 
63212588Sbdekernel_natt="no"
63312588Sbde
63412588SbdeAC_MSG_CHECKING(kernel NAT-Traversal support)
63512588Sbdecase $host_os in
63612588Sbdelinux*)
63712588Sbde# Linux kernel NAT-T check
63812588SbdeAC_EGREP_CPP(yes, 
63912588Sbde[#include <linux/pfkeyv2.h>
64012588Sbde#ifdef SADB_X_EXT_NAT_T_TYPE
64112588Sbdeyes
64212588Sbde#endif
64312588Sbde], [kernel_natt="yes"])
64412588Sbde	;;
64512588Sbdefreebsd*|netbsd*)
64612588Sbde# NetBSD case
64712588Sbde# Same check for FreeBSD
64812588SbdeAC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
64912588Sbde       [kernel_natt="yes"],, [
65012588Sbde#define _KERNEL
65112588Sbde#include <sys/types.h>
65212588Sbde#include <net/pfkeyv2.h>
65312588Sbde])
65412588Sbde	;;
65512588Sbdeesac
65612588SbdeAC_MSG_RESULT($kernel_natt)
65712588Sbde
65812588SbdeAC_MSG_CHECKING(whether to support NAT-T)
65912588SbdeAC_ARG_ENABLE(natt,
66012588Sbde	[  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
66112588Sbde        [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
66212588Sbde	[ enable_natt=no ])
66312588SbdeAC_MSG_RESULT($enable_natt)
66412588Sbde
66512588Sbdeif test "$enable_natt" = "yes"; then
66612588Sbde	if test "$kernel_natt" = "no" ; then 
66722521Sdyson		AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
66822521Sdyson	else
6691541Srgrimes		AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
6702175Spaul		NATT_OBJS="nattraversal.o"
6712175Spaul		AC_SUBST(NATT_OBJS)
672	fi
673fi
674
675# Set up defines for supported NAT-T versions.
676natt_versions_default="00,02,rfc"
677AC_MSG_CHECKING(which NAT-T versions to support)
678AC_ARG_ENABLE(natt_versions,
679	[  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
680	[ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
681	[ enable_natt_versions=$natt_versions_default ])
682if test "$enable_natt" = "yes"; then
683	AC_MSG_RESULT($enable_natt_versions)
684	for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
685		case $i in 
686			0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
687			1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
688			2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
689			3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
690			4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
691			5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
692			6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
693			7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
694			8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
695			RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
696			*) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
697		esac
698	done
699	unset i
700else
701	AC_MSG_RESULT([none])
702fi
703
704AC_MSG_CHECKING(if --enable-broken-natt option is specified)
705AC_ARG_ENABLE(broken-natt,
706	[  --enable-broken-natt    broken in-kernel NAT-T],
707        [], [enable_broken_natt=no])
708if test "x$enable_broken_natt" = "xyes"; then
709	AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
710fi
711AC_MSG_RESULT($enable_broken_natt)
712
713AC_MSG_CHECKING(whether we support FWD policy)
714case $host in
715	*linux*)
716		AC_TRY_COMPILE([
717		#include <inttypes.h>
718		#include <linux/ipsec.h>
719			], [
720			int fwd = IPSEC_DIR_FWD;
721			],
722			[AC_MSG_RESULT(yes)
723			 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
724			[AC_MSG_RESULT(no)])
725		;;
726	*)
727		AC_MSG_RESULT(no)
728		;;
729esac
730
731AC_CHECK_TYPE([ipsec_policy_t], 
732	      [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
733	      [],
734	      [
735		#include <sys/types.h>
736	      	#include <netinet6/ipsec.h>
737	      ])
738
739# Check if kernel support is available for Security Context, defaults to no.
740kernel_secctx="no"
741
742AC_MSG_CHECKING(kernel Security Context support)
743case $host_os in
744linux*)
745# Linux kernel Security Context check
746AC_EGREP_CPP(yes,
747[#include <linux/pfkeyv2.h>
748#ifdef SADB_X_EXT_SEC_CTX
749yes
750#endif
751], [kernel_secctx="yes"])
752	;;
753esac
754AC_MSG_RESULT($kernel_secctx)
755
756AC_MSG_CHECKING(whether to support Security Context)
757AC_ARG_ENABLE(security-context,
758	[  --enable-security-context    enable Security Context(yes/no/kernel)],
759	[if test "$enable_security_context" = "kernel"; then
760		enable_security_context=$kernel_secctx; fi],
761	[enable_security_context=$kernel_secctx])
762AC_MSG_RESULT($enable_security_context)
763
764if test "$enable_security_context" = "yes"; then
765	if test "$kernel_secctx" = "no" ; then
766		AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
767	else
768		AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
769		SECCTX_OBJS="security.o"
770		AC_SUBST(SECCTX_OBJS)
771		LIBS="$LIBS -lselinux"
772	fi
773fi
774
775CFLAGS="$CFLAGS $CFLAGS_ADD"
776CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
777
778case $host in
779	*linux*)
780		# Remove KERNEL_INCLUDE from CPPFLAGS. It will
781		# be symlinked to src/include-glibc/linux in
782		# compile time.
783		CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
784		;;
785esac
786
787include_racoondir=${includedir}/racoon
788AC_SUBST(include_racoondir)
789
790AC_CONFIG_FILES([
791  Makefile
792  package_version.h
793  src/Makefile
794  src/include-glibc/Makefile
795  src/libipsec/Makefile
796  src/setkey/Makefile
797  src/racoon/Makefile
798  src/racoon/samples/psk.txt
799  src/racoon/samples/racoon.conf
800  rpm/Makefile
801  rpm/suse/Makefile
802  rpm/suse/ipsec-tools.spec
803  ])
804AC_OUTPUT
805