configure.ac revision 1.3.4.3
11541Srgrimesdnl -*- mode: m4 -*- 222521Sdysondnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp 31541Srgrimes 41541SrgrimesAC_PREREQ(2.52) 51541SrgrimesAC_INIT(ipsec-tools, 0.7-beta2) 61541SrgrimesAC_CONFIG_SRCDIR([configure.ac]) 71541SrgrimesAM_CONFIG_HEADER(config.h) 81541Srgrimes 91541SrgrimesAM_INIT_AUTOMAKE(dist-bzip2) 101541Srgrimes 111541SrgrimesAC_ENABLE_SHARED(no) 121541Srgrimes 131541SrgrimesAC_PROG_CC 141541SrgrimesAM_PROG_CC_STDC 151541SrgrimesAC_HEADER_STDC 161541SrgrimesAC_PROG_LIBTOOL 171541SrgrimesAC_PROG_YACC 181541SrgrimesAM_PROG_LEX 191541SrgrimesAC_SUBST(LEXLIB) 201541SrgrimesAC_PROG_EGREP 211541Srgrimes 221541SrgrimesCFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused" 231541Srgrimes 241541Srgrimescase $host in 251541Srgrimes*netbsd*) 261541Srgrimes LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS" 271541Srgrimes ;; 281541Srgrimes*linux*) 291541Srgrimes LIBS="$LIBS -lresolv" 301541Srgrimes INSTALL_OPTS="-o bin -g bin" 311541Srgrimes INCLUDE_GLIBC="include-glibc" 321541Srgrimes RPM="rpm" 331541Srgrimes AC_SUBST(INSTALL_OPTS) 341541Srgrimes AC_SUBST(INCLUDE_GLIBC) 351541Srgrimes AC_SUBST(RPM) 3622521Sdyson ;; 3721673Sjkh*darwin*) 381541Srgrimes LIBS="$LIBS -lresolv" 391541Srgrimes ;; 402175Spaulesac 412175Spaul 422175Spaul# Look up some IPsec-related headers 431541SrgrimesAC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no]) 441541SrgrimesAC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no]) 451541SrgrimesAC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no]) 461541Srgrimes 4722521Sdyson# NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h> 4822521Sdysonif test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then 491541Srgrimes have_netinet_ipsec=yes 509336Sdfr AC_DEFINE(HAVE_NETINET6_IPSEC, [], [Use <netinet6/ipsec.h>]) 519336Sdfrfi 529336Sdfr 539336Sdfrcase "$host_os" in 549336Sdfr *linux*) 559336Sdfr AC_ARG_WITH(kernel-headers, 561541Srgrimes AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include], 571541Srgrimes [where your Linux Kernel headers are installed]), 581541Srgrimes [ KERNEL_INCLUDE="$with_kernel_headers" 591541Srgrimes CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers" 601828Sdg AC_SUBST(CONFIGURE_AMFLAGS) ], 611541Srgrimes [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ]) 621828Sdg 631828Sdg AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, , 641541Srgrimes [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h, 651828Sdg KERNEL_INCLUDE=/usr/src/linux/include , 661541Srgrimes [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] ) 671541Srgrimes AC_SUBST(KERNEL_INCLUDE) 689336Sdfr # We need the configure script to run with correct kernel headers. 691541Srgrimes # However we don't want to point to kernel source tree in compile time, 701541Srgrimes # i.e. this will be removed from CPPFLAGS at the end of configure. 711541Srgrimes CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS" 7222521Sdyson 739336Sdfr AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 749336Sdfr [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [], 759336Sdfr [Are PF_KEY policy priorities supported?])], [], 769336Sdfr [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"]) 779336Sdfr 789336Sdfr GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc' 799336Sdfr GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc" 809336Sdfr CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS" 819336Sdfr CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS" 821541Srgrimes AC_SUBST(GLIBC_BUGS) 839336Sdfr ;; 849336Sdfr *) 859336Sdfr if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then 869336Sdfr if test "$have_net_pfkey" = yes; then 879336Sdfr AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.]) 889336Sdfr else 891541Srgrimes AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.]) 901541Srgrimes fi 919336Sdfr fi 929336Sdfr ;; 939336Sdfresac 949336Sdfr 959336Sdfr### Some basic toolchain checks 969336Sdfr 979336Sdfr# Checks for header files. 989336SdfrAC_HEADER_STDC 999336SdfrAC_HEADER_SYS_WAIT 1009336SdfrAC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h) 1019336SdfrAC_CHECK_HEADERS(shadow.h) 1029336Sdfr 1039336Sdfr# Checks for typedefs, structures, and compiler characteristics. 1049336SdfrAC_C_CONST 1059336SdfrAC_TYPE_PID_T 1069336SdfrAC_TYPE_SIZE_T 1079336SdfrAC_HEADER_TIME 1089336SdfrAC_STRUCT_TM 1099336Sdfr 1101541Srgrimes# Checks for library functions. 1111541SrgrimesAC_FUNC_MEMCMP 1121541SrgrimesAC_TYPE_SIGNAL 1131541SrgrimesAC_FUNC_VPRINTF 1141541SrgrimesAC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat) 1151541SrgrimesAC_REPLACE_FUNCS(strdup) 1161541SrgrimesRACOON_CHECK_VA_COPY 1171541Srgrimes 1181541Srgrimes# Check if printf accepts "%z" type modifier for size_t argument 1199336SdfrAC_MSG_CHECKING(if printf accepts %z) 1209336Sdfrsaved_CFLAGS=$CFLAGS 1219336SdfrCFLAGS="$CFLAGS -Wall -Werror" 1229336SdfrAC_TRY_COMPILE([ 1239336Sdfr#include <stdio.h> 1249336Sdfr], [ 1259336Sdfrprintf("%zu\n", (size_t)-1); 1269336Sdfr], 1279336Sdfr [AC_MSG_RESULT(yes)], 1289336Sdfr [AC_MSG_RESULT(no); 1299336Sdfr CFLAGS_ADD="$CFLAGS_ADD -Wno-format"; 1309336Sdfr AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.]) 1319336Sdfr ]) 13222521SdysonCFLAGS=$saved_CFLAGS 13322521Sdyson 1349336Sdfr# Can we use __func__ macro? 13522521SdysonAC_MSG_CHECKING(if __func__ is available) 13622521SdysonAC_TRY_COMPILE( 13722521Sdyson[#include <stdio.h> 13822521Sdyson], [char *x = __func__;], 13922521Sdyson [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro]) 14022521Sdyson AC_MSG_RESULT(yes)], 14122521Sdyson [AC_MSG_RESULT(no)]) 14222521Sdyson 14322521Sdyson# Check if readline support is requested 14422521SdysonAC_MSG_CHECKING(if readline support is requested) 14522521SdysonAC_ARG_WITH(readline, 14622521Sdyson [ --with-readline support readline input (yes by default)], 14722521Sdyson [with_readline="$withval"], [with_readline="yes"]) 14822521SdysonAC_MSG_RESULT($with_readline) 14922521Sdyson 15022521Sdyson# Is readline available? 15122521Sdysonif test $with_readline != "no"; then 15222521Sdyson AC_CHECK_HEADER([readline/readline.h], 15322521Sdyson [AC_CHECK_LIB(readline, readline, [ 15422521Sdyson AC_DEFINE(HAVE_READLINE, [], 15522521Sdyson [Is readline available?]) 15622521Sdyson LIBS="$LIBS -lreadline" 15722521Sdyson ], [])], []) 15822521Sdysonfi 15922521Sdyson 16022521Sdyson 16122521SdysonAC_MSG_CHECKING(if --with-flex option is specified) 16222521SdysonAC_ARG_WITH(flexdir, 16322521Sdyson [AC_HELP_STRING([--with-flex], [use directiory (default: no)])], 16422521Sdyson [flexdir="$withval"]) 16522521SdysonAC_MSG_RESULT(${flexdir-dirdefault}) 16622521Sdyson 16722521Sdysonif test "x$flexdir" != "x"; then 16822521Sdyson LIBS="$LIBS $flexdir/libfl.a" 16922521Sdysonfi 17022521Sdyson 17122521SdysonAC_MSG_CHECKING(if --with-flexlib option is specified) 17222521SdysonAC_ARG_WITH(flexlib, 17322521Sdyson [ --with-flexlib=<LIB> specify flex library.], 17422521Sdyson [flexlib="$withval"]) 17522521SdysonAC_MSG_RESULT(${flexlib-default}) 17622521Sdyson 17722521Sdysonif test "x$flexlib" != "x"; then 17822521Sdyson LIBS="$LIBS $flexlib" 17922521Sdysonfi 18022521Sdyson 18122521Sdyson# Check if a different OpenSSL directory was specified 18222521SdysonAC_MSG_CHECKING(if --with-openssl option is specified) 18322521SdysonAC_ARG_WITH(openssl, [ --with-openssl=DIR specify OpenSSL directory], 18422521Sdyson [crypto_dir=$withval]) 18522521SdysonAC_MSG_RESULT(${crypto_dir-default}) 18622521Sdyson 18722521Sdysonif test "x$crypto_dir" != "x"; then 18822521Sdyson LIBS="$LIBS -L${crypto_dir}/lib" 18922521Sdyson CPPFLAGS="-I${crypto_dir}/include $CPPLAGS" 19022521Sdysonfi 19122521SdysonAC_MSG_CHECKING(openssl version) 19222521Sdyson 19322521SdysonAC_TRY_COMPILE( 19422521Sdyson[#include <openssl/opensslv.h> 19522521Sdyson], 19622521Sdyson[#if OPENSSL_VERSION_NUMBER < 0x0090602fL 19722521Sdyson#error OpenSSL version is too old ... 19822521Sdyson#endif], 19922521Sdyson[AC_MSG_RESULT([ok])], 20022521Sdyson[AC_MSG_RESULT(too old) 20122521SdysonAC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.]) 20222521Sdyson]) 20322521Sdyson 20422521SdysonAC_CHECK_HEADERS(openssl/engine.h) 20522521Sdyson 20622521Sdyson# checking rijndael 20722521SdysonAC_CHECK_HEADERS([openssl/aes.h], [], 20822521Sdyson [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"]) 20922521Sdyson 21022521Sdyson# checking sha2 21122521SdysonAC_MSG_CHECKING(sha2 support) 21222521SdysonAC_DEFINE([WITH_SHA2], [], [SHA2 support]) 21322521SdysonAC_MSG_RESULT(yes) 21422521SdysonAC_CHECK_HEADER(openssl/sha2.h, [], [ 21522521Sdyson AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h) 21622521Sdyson AC_TRY_COMPILE([ 21722521Sdyson #ifdef HAVE_SYS_TYPES_H 21822521Sdyson #include <sys/types.h> 21922521Sdyson #endif 22022521Sdyson #include <openssl/sha.h> 22122521Sdyson ], [ 22222521Sdyson SHA256_CTX ctx; 22322521Sdyson ], [ 22422521Sdyson AC_MSG_RESULT(yes) 22522521Sdyson AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h]) 22622521Sdyson ], [AC_MSG_RESULT(no) 22722521Sdyson AC_LIBOBJ([sha2]) 22822521Sdyson CRYPTOBJS="$CRYPTOBJS sha2.o" 22922521Sdyson ]) 23022521Sdyson 23122521Sdyson CPPFLAGS_ADD="$CPPFLAGS_ADD -I./\${top_srcdir}/src/racoon/missing" 23222521Sdyson]) 23322521SdysonAC_SUBST(CRYPTOBJS) 2341541Srgrimes 2351541Srgrimes# checking camellia 2361541SrgrimesAC_CHECK_HEADERS([openssl/camellia.h]) 2371541Srgrimes 2381541Srgrimes 23922521Sdyson# Option --enable-adminport 2401541SrgrimesAC_MSG_CHECKING(if --enable-adminport option is specified) 2411541SrgrimesAC_ARG_ENABLE(adminport, 2421541Srgrimes [ --enable-adminport enable admin port], 2431541Srgrimes [], [enable_adminport=no]) 2441541Srgrimesif test $enable_adminport = "yes"; then 2451541Srgrimes AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port]) 2461541Srgrimesfi 2471541SrgrimesAC_MSG_RESULT($enable_adminport) 2481541Srgrimes 2499336Sdfr# Option RC5 2509336SdfrAC_MSG_CHECKING(if --enable-rc5 option is specified) 2519336SdfrAC_ARG_ENABLE(rc5, 2529336Sdfr [ --enable-rc5 enable RC5 encryption (patented)], 2539336Sdfr [], [enable_rc5=no]) 2549336SdfrAC_MSG_RESULT($enable_rc5) 2551541Srgrimes 2561541Srgrimesif test $enable_rc5 = "yes"; then 2571541Srgrimes AC_CHECK_HEADERS([openssl/rc5.h]) 2581541Srgrimes AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt], 2591541Srgrimes [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"]) 2601541Srgrimesfi 2611541Srgrimes 2629336Sdfr# Option IDEA 2639336SdfrAC_MSG_CHECKING(if --enable-idea option is specified) 2649336SdfrAC_ARG_ENABLE(idea, 2659336Sdfr [ --enable-idea enable IDEA encryption (patented)], 2661541Srgrimes [], [enable_idea=no]) 2671541SrgrimesAC_MSG_RESULT($enable_idea) 2681541Srgrimes 26922521Sdysonif test $enable_idea = "yes"; then 27022521Sdyson AC_CHECK_HEADERS([openssl/idea.h]) 27122521Sdyson AC_CHECK_LIB([crypto_idea], [idea_encrypt], 27222521Sdyson [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"]) 2731541Srgrimesfi 2741541SrgrimesAC_SUBST(EXTRA_CRYPTO) 2751541Srgrimes 2761541Srgrimes# For dynamic libradius 2771541SrgrimesRACOON_PATH_LIBS([MD5_Init], [crypto]) 2781541Srgrimes 2791541Srgrimes# Check if we need -lutil for login(3) 2801541SrgrimesRACOON_PATH_LIBS([login], [util]) 2811541Srgrimes 2821541Srgrimes# Specify libiconv prefix 2831541SrgrimesAC_MSG_CHECKING(if --with-libiconv option is specified) 2841541SrgrimesAC_ARG_WITH(libiconv, 2851541Srgrimes [ --with-libiconv=DIR specify libiconv path (like/usr/pkg)], 2861541Srgrimes [libiconv_dir=$withval], 2871541Srgrimes [libiconv_dir=no]) 2881541SrgrimesAC_MSG_RESULT($libiconv_dir) 2891541Srgrimesif test "$libiconv_dir" != "no"; then 2901541Srgrimes if test "$libiconv_dir" = "yes" ; then 2911541Srgrimes libiconv_dir=""; 2921541Srgrimes fi; 2931541Srgrimes if test "x$libiconv_dir" = "x"; then 2941541Srgrimes RACOON_PATH_LIBS([iconv_open], [iconv]) 2951541Srgrimes else 2961541Srgrimes if test -d "$libiconv_dir/lib" -a \ 2971541Srgrimes -d "$libiconv_dir/include" ; then 2981541Srgrimes RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"]) 2991541Srgrimes CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include" 3001541Srgrimes else 3011541Srgrimes AC_MSG_ERROR([ICONV libs or includes not found. Aborting.]) 3021541Srgrimes fi 3031541Srgrimes fi 3041541Srgrimes LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv" 3051541Srgrimes AC_CHECK_FUNCS(iconv_open) 3061541Srgrimesfi 3071541Srgrimes 3089336SdfrAC_MSG_CHECKING([if --enable-hybrid option is specified]) 3091541SrgrimesAC_ARG_ENABLE(hybrid, 31022521Sdyson [ --enable-hybrid enable hybrid, both mode-cfg and xauth support], 3111541Srgrimes [], [enable_hybrid=no]) 3121541SrgrimesAC_MSG_RESULT($enable_hybrid) 3131541Srgrimes 3141541Srgrimesif test "x$enable_hybrid" = "xyes"; then 3151541Srgrimes case $host in 3161541Srgrimes *darwin*) 3171541Srgrimes ;; 3181541Srgrimes *) 3191541Srgrimes LIBS="$LIBS -lcrypt"; 3201541Srgrimes ;; 3211541Srgrimes esac 3221541Srgrimes HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o" 3231541Srgrimes AC_SUBST(HYBRID_OBJS) 3243820Swollman AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support]) 3253820Swollmanfi 3263820Swollman 3273820SwollmanAC_MSG_CHECKING([if --enable-frag option is specified]) 3283820SwollmanAC_ARG_ENABLE(frag, 3293820Swollman [ --enable-frag enable IKE fragmentation payload support], 3303820Swollman [], [enable_frag=no]) 3313820SwollmanAC_MSG_RESULT($enable_frag) 3323820Swollman 3333820Swollmanif test "x$enable_frag" = "xyes"; then 3341541Srgrimes case $host in 3351541Srgrimes *darwin*) 3361541Srgrimes ;; 3371541Srgrimes *) 3381541Srgrimes LIBS="$LIBS -lcrypt"; 3391541Srgrimes ;; 3401541Srgrimes esac 34122521Sdyson FRAG_OBJS="isakmp_frag.o" 3424067Swollman AC_SUBST(FRAG_OBJS) 3434067Swollman AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support]) 3444067Swollmanfi 3451541Srgrimes 3461541SrgrimesAC_MSG_CHECKING(if --with-libradius option is specified) 3471541SrgrimesAC_ARG_WITH(libradius, 3481541Srgrimes [ --with-libradius=DIR specify libradius path (like/usr/pkg)], 3491541Srgrimes [libradius_dir=$withval], 3501541Srgrimes [libradius_dir=no]) 3511541SrgrimesAC_MSG_RESULT($libradius_dir) 3521541Srgrimesif test "$libradius_dir" != "no"; then 3531541Srgrimes if test "$libradius_dir" = "yes" ; then 3541541Srgrimes libradius_dir=""; 3551541Srgrimes fi; 3561541Srgrimes if test "x$libradius_dir" = "x"; then 3571541Srgrimes RACOON_PATH_LIBS([rad_create_request], [radius]) 3581541Srgrimes else 3591541Srgrimes if test -d "$libradius_dir/lib" -a \ 3603664Sphk -d "$libradius_dir/include" ; then 3611541Srgrimes RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) 3621541Srgrimes CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" 3631541Srgrimes else 3641541Srgrimes AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) 3651541Srgrimes fi 3661541Srgrimes fi 3671541Srgrimes AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) 3681541Srgrimes LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" 3691541Srgrimes AC_CHECK_FUNCS(rad_create_request) 3701541Srgrimesfi 3711541Srgrimes 3721541SrgrimesAC_MSG_CHECKING(if --with-libpam option is specified) 3731541SrgrimesAC_ARG_WITH(libpam, 3741541Srgrimes [ --with-libpam=DIR specify libpam path (like/usr/pkg)], 3751541Srgrimes [libpam_dir=$withval], 3761541Srgrimes [libpam_dir=no]) 3773664SphkAC_MSG_RESULT($libpam_dir) 3783664Sphkif test "$libpam_dir" != "no"; then 3793664Sphk if test "$libpam_dir" = "yes" ; then 3809759Sbde libpam_dir=""; 3813664Sphk fi; 3821541Srgrimes if test "x$libpam_dir" = "x"; then 3831541Srgrimes RACOON_PATH_LIBS([pam_start], [pam]) 3841541Srgrimes else 3851541Srgrimes if test -d "$libpam_dir/lib" -a \ 3861541Srgrimes -d "$libpam_dir/include" ; then 3871541Srgrimes RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"]) 3881541Srgrimes CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include" 3891541Srgrimes else 3901541Srgrimes AC_MSG_ERROR([PAM libs or includes not found. Aborting.]) 3911541Srgrimes fi 3921541Srgrimes fi 3931541Srgrimes AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM]) 3941541Srgrimes LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam" 3951541Srgrimes AC_CHECK_FUNCS(pam_start) 3961541Srgrimesfi 3971541Srgrimes 3989336SdfrAC_MSG_CHECKING(if --with-libldap option is specified) 3999336SdfrAC_ARG_WITH(libldap, 4009336Sdfr [ --with-libldap=DIR specify libldap path (like/usr/pkg)], 4013664Sphk [libldap_dir=$withval], 4029336Sdfr [libldap_dir=no]) 4039336SdfrAC_MSG_RESULT($libldap_dir) 4049336Sdfrif test "$libldap_dir" != "no"; then 4059336Sdfr if test "$libldap_dir" = "yes" ; then 4069336Sdfr libldap_dir=""; 4079336Sdfr fi; 4089336Sdfr if test "x$libldap_dir" = "x"; then 40919449Sdfr RACOON_PATH_LIBS([ldap_init], [ldap]) 4109336Sdfr else 4119336Sdfr if test -d "$libldap_dir/lib" -a \ 4129336Sdfr -d "$libldap_dir/include" ; then 4139336Sdfr RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"]) 4149336Sdfr CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include" 4151541Srgrimes else 4161541Srgrimes AC_MSG_ERROR([LDAP libs or includes not found. Aborting.]) 4171541Srgrimes fi 4181541Srgrimes fi 4191541Srgrimes AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP]) 4201541Srgrimes LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap" 4211541Srgrimes 4221541Srgrimes saved_CFLAGS=$CFLAGS 4231541Srgrimes CFLAGS="$CFLAGS -Wall -Werror" 4241541Srgrimes saved_CPPFLAGS=$CPPFLAGS 4253664Sphk CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 4263664Sphk AC_TRY_COMPILE( 4271541Srgrimes [#include <ldap.h>], 4281541Srgrimes [ 4291541Srgrimes #if LDAP_API_VERSION < 2004 4309336Sdfr #error OpenLDAP version is too old ... 4319336Sdfr #endif 4329336Sdfr ], 4339336Sdfr [AC_MSG_RESULT([ok])], 4341541Srgrimes [ 4351541Srgrimes AC_MSG_RESULT(too old) 4361541Srgrimes AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.]) 4371541Srgrimes ]) 4381541Srgrimes CFLAGS=$saved_CFLAGS 4391541Srgrimes CPPFLAGS=$saved_CPPFLAGS 4409336Sdfrfi 4419336Sdfr 4421541Srgrimes# Check for Kerberos5 support 4431541Srgrimes# XXX This must come after all --with-* tests, else the 4443664Sphk# -liconv checks will not work 4453664SphkAC_MSG_CHECKING(if --enable-gssapi option is specified) 4461541SrgrimesAC_ARG_ENABLE(gssapi, 4471541Srgrimes [ --enable-gssapi enable GSS-API authentication], 4481541Srgrimes [], [enable_gssapi=no]) 4491541SrgrimesAC_MSG_RESULT($enable_gssapi) 4501541SrgrimesAC_PATH_PROG(KRB5_CONFIG,krb5-config,no) 4511541Srgrimesif test "x$enable_gssapi" = "xyes"; then 4521541Srgrimes if test "$KRB5_CONFIG" != "no"; then 4539336Sdfr krb5_incdir="`$KRB5_CONFIG --cflags gssapi`" 4549336Sdfr krb5_libs="`$KRB5_CONFIG --libs gssapi`" 4559336Sdfr else 4569336Sdfr # No krb5-config; let's make some assumptions based on 4579336Sdfr # the OS. 4581541Srgrimes case $host_os in 4599336Sdfr netbsd*) 4609336Sdfr krb5_incdir="-I/usr/include/krb5" 4619336Sdfr krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1" 4629336Sdfr ;; 4631541Srgrimes *) 4641541Srgrimes AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.]) 4651541Srgrimes ;; 4661541Srgrimes esac 4671541Srgrimes fi 4681541Srgrimes LIBS="$LIBS $krb5_libs" 4691541Srgrimes CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD" 4701541Srgrimes AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API]) 4719336Sdfr 4721541Srgrimes # Check if iconv 2nd argument needs const 4731541Srgrimes saved_CFLAGS=$CFLAGS 4749759Sbde CFLAGS="$CFLAGS -Wall -Werror" 4759759Sbde saved_CPPFLAGS=$CPPFLAGS 4763664Sphk CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 4773664Sphk AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])]) 4783664Sphk AC_MSG_CHECKING([if iconv second argument needs const]) 4791541Srgrimes AC_TRY_COMPILE([ 4801541Srgrimes #include <iconv.h> 4811541Srgrimes #include <stdio.h> 4821541Srgrimes ], [ 4839336Sdfr iconv_t cd = NULL; 4849336Sdfr const char **src = NULL; 4859336Sdfr size_t *srcleft = NULL; 4869336Sdfr char **dst = NULL; 4879336Sdfr size_t *dstleft = NULL; 4889336Sdfr 4899336Sdfr (void)iconv(cd, src, srcleft, dst, dstleft); 4909336Sdfr ], [AC_MSG_RESULT(yes) 4919336Sdfr AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const]) 4921541Srgrimes ], [AC_MSG_RESULT(no)]) 4931541Srgrimes CFLAGS=$saved_CFLAGS 4949336Sdfr CPPFLAGS=$saved_CPPFLAGS 4951541Srgrimes 4963664Sphk # libiconv is often integrated into libc. If a with-* option 4973664Sphk # caused a non libc-based iconv.h to be catched instead of 4983664Sphk # the libc-based iconv.h, then we need to link with -liconv 4993305Sphk AC_MSG_CHECKING(if -liconv is required) 5009336Sdfr saved_CPPFLAGS=$CPPFLAGS 5019336Sdfr saved_LIBS=$LIBS 5029336Sdfr CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 5039336Sdfr AC_TRY_LINK([ 5049336Sdfr #include <iconv.h> 5059336Sdfr ], [ 5069336Sdfr (void)iconv_open("ascii", "ascii"); 5079336Sdfr ], 5089336Sdfr [AC_MSG_RESULT(no)], 5099336Sdfr [ 5109336Sdfr LIBS="$LIBS -liconv" 5119336Sdfr AC_TRY_LINK([ 5129336Sdfr #include <iconv.h> 5139336Sdfr ], [ 5149336Sdfr (void)iconv_open("ascii", "ascii"); 5159336Sdfr ], 5169336Sdfr [ 5179336Sdfr AC_MSG_RESULT(yes) 5189336Sdfr saved_LIBS=$LIBS 5199336Sdfr ], [ 5209336Sdfr AC_MSG_ERROR([cannot use iconv]) 5219336Sdfr ]) 5229336Sdfr ]) 5239336Sdfr CPPFLAGS=$saved_CPPFLAGS 5249336Sdfr LIBS=$saved_LIBS 5259336Sdfrfi 5269336Sdfr 5279336SdfrAC_MSG_CHECKING(if --enable-stats option is specified) 5289336SdfrAC_ARG_ENABLE(stats, 5299336Sdfr [ --enable-stats enable statistics logging function], 5309336Sdfr [], [enable_stats=no]) 5319336Sdfrif test "x$enable_stats" = "xyes"; then 5329336Sdfr AC_DEFINE([ENABLE_STATS], [], [Enable statictics]) 5339336Sdfrfi 5349336SdfrAC_MSG_RESULT($enable_stats) 5359336Sdfr 5369336SdfrAC_MSG_CHECKING(if --enable-dpd option is specified) 5379336SdfrAC_ARG_ENABLE(dpd, 5389336Sdfr [ --enable-dpd enable dead peer detection], 5399336Sdfr [], [enable_dpd=no]) 5409759Sbdeif test "x$enable_dpd" = "xyes"; then 5419759Sbde AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection]) 5423664Sphkfi 5433664SphkAC_MSG_RESULT($enable_dpd) 5449336Sdfr 5459336SdfrAC_MSG_CHECKING(if --enable-fastquit option is specified) 5469336SdfrAC_ARG_ENABLE(fastquit, 5479336Sdfr [ --enable-fastquit enable new faster code to flush SAs when stopping racoon], 5489336Sdfr [], [enable_fastquit=no]) 5499336Sdfrif test "x$enable_fastquit" = "xyes"; then 5509336Sdfr AC_DEFINE([ENABLE_FASTQUIT], [], [Enable fast SA flush code]) 5519336Sdfrfi 5529336SdfrAC_MSG_RESULT($enable_fastquit) 5539336Sdfr 5549336Sdfr 5559336SdfrAC_MSG_CHECKING(if --enable-samode-unspec option is specified) 55622521SdysonAC_ARG_ENABLE(samode-unspec, 55722521Sdyson [ --enable-samode-unspec enable to use unspecified a mode of SA], 5583305Sphk [], [enable_samode_unspec=no]) 5599336Sdfrif test "x$enable_samode_unspec" = "xyes"; then 5603305Sphk case $host_os in 5619336Sdfr *linux*) 5623305Sphk cat << EOC 56312453Sbde 5643305SphkERROR: --enable-samode-unspec is not supported under linux 5653305Sphkbecause linux kernel do not support it. This option is disabled 5663305Sphkto prevent mysterious problems. 5679336Sdfr 5683305SphkIf you REALLY know what your are doing, remove this check. 5693305SphkEOC 5703305Sphk exit 1; 5713305Sphk ;; 5723305Sphk esac 5739336Sdfr AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec]) 5743305Sphkfi 5759336SdfrAC_MSG_RESULT($enable_samode_unspec) 5769336Sdfr 5779336Sdfr# Checks if IPv6 is requested 5783305SphkAC_MSG_CHECKING([whether to enable ipv6]) 5793305SphkAC_ARG_ENABLE(ipv6, 5803305Sphk[ --disable-ipv6 disable ipv6 support], 5819336Sdfr[ case "$enableval" in 5823305Sphk no) 5833305Sphk AC_MSG_RESULT(no) 5843305Sphk ipv6=no 5859336Sdfr ;; 5869336Sdfr *) AC_MSG_RESULT(yes) 5879336Sdfr ipv6=yes 5883305Sphk ;; 5893305Sphk esac ], 5903305Sphk 5919336Sdfr AC_TRY_RUN([ /* AF_INET6 avalable check */ 5929336Sdfr#include <sys/types.h> 5939336Sdfr#include <sys/socket.h> 5949336Sdfrmain() 59522521Sdyson{ 5963305Sphk exit(0); 59722521Sdyson if (socket(AF_INET6, SOCK_STREAM, 0) < 0) 5983305Sphk exit(1); 5993305Sphk else 6003305Sphk exit(0); 6013305Sphk} 6023305Sphk], 6039336Sdfr AC_MSG_RESULT(yes) 6049336Sdfr AC_DEFINE([INET6], [], [Support IPv6]) 6059336Sdfr ipv6=yes, 6069336Sdfr AC_MSG_RESULT(no) 6079336Sdfr ipv6=no, 60817761Sdyson AC_MSG_RESULT(no) 60912588Sbde ipv6=no 6109336Sdfr)) 6119336Sdfr 6129336Sdfrif test "$ipv6" = "yes"; then 6139336Sdfr AC_DEFINE([INET6], [], [Support IPv6]) 6146361Sphk AC_MSG_CHECKING(for advanced API support) 61512588Sbde AC_TRY_COMPILE([#ifndef INET6 61612588Sbde#define INET6 61712588Sbde#endif 61812588Sbde#include <sys/types.h> 61912588Sbde#include <netinet/in.h>], 62012588Sbde [struct in6_pktinfo a;], 62112911Sphk [AC_MSG_RESULT(yes) 62212911Sphk AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])], 62312911Sphk [AC_MSG_RESULT(no)]) 62412588Sbdefi 62512588Sbde 62612588SbdeRACOON_CHECK_BUGGY_GETADDRINFO 62712588Sbdeif test "$buggygetaddrinfo" = "yes"; then 62812588Sbde AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.]) 62912588Sbdefi 63012588Sbde 63112588Sbde# Check if kernel support is available for NAT-T, defaults to no. 63212588Sbdekernel_natt="no" 63312588Sbde 63412588SbdeAC_MSG_CHECKING(kernel NAT-Traversal support) 63512588Sbdecase $host_os in 63612588Sbdelinux*) 63712588Sbde# Linux kernel NAT-T check 63812588SbdeAC_EGREP_CPP(yes, 63912588Sbde[#include <linux/pfkeyv2.h> 64012588Sbde#ifdef SADB_X_EXT_NAT_T_TYPE 64112588Sbdeyes 64212588Sbde#endif 64312588Sbde], [kernel_natt="yes"]) 64412588Sbde ;; 64512588Sbdefreebsd*|netbsd*) 64612588Sbde# NetBSD case 64712588Sbde# Same check for FreeBSD 64812588SbdeAC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len, 64912588Sbde [kernel_natt="yes"],, [ 65012588Sbde#define _KERNEL 65112588Sbde#include <sys/types.h> 65212588Sbde#include <net/pfkeyv2.h> 65312588Sbde]) 65412588Sbde ;; 65512588Sbdeesac 65612588SbdeAC_MSG_RESULT($kernel_natt) 65712588Sbde 65812588SbdeAC_MSG_CHECKING(whether to support NAT-T) 65912588SbdeAC_ARG_ENABLE(natt, 66012588Sbde [ --enable-natt enable NAT-Traversal (yes/no/kernel)], 66112588Sbde [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ], 66212588Sbde [ enable_natt=no ]) 66312588SbdeAC_MSG_RESULT($enable_natt) 66412588Sbde 66512588Sbdeif test "$enable_natt" = "yes"; then 66612588Sbde if test "$kernel_natt" = "no" ; then 66722521Sdyson AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.]) 66822521Sdyson else 6691541Srgrimes AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal]) 6702175Spaul NATT_OBJS="nattraversal.o" 6712175Spaul AC_SUBST(NATT_OBJS) 672 fi 673fi 674 675# Set up defines for supported NAT-T versions. 676natt_versions_default="00,02,rfc" 677AC_MSG_CHECKING(which NAT-T versions to support) 678AC_ARG_ENABLE(natt_versions, 679 [ --enable-natt-versions=list list of supported NAT-T versions delimited by coma.], 680 [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ], 681 [ enable_natt_versions=$natt_versions_default ]) 682if test "$enable_natt" = "yes"; then 683 AC_MSG_RESULT($enable_natt_versions) 684 for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do 685 case $i in 686 0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;; 687 1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;; 688 2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;; 689 3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;; 690 4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;; 691 5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;; 692 6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;; 693 7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;; 694 8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;; 695 RFC) AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;; 696 *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;; 697 esac 698 done 699 unset i 700else 701 AC_MSG_RESULT([none]) 702fi 703 704AC_MSG_CHECKING(if --enable-broken-natt option is specified) 705AC_ARG_ENABLE(broken-natt, 706 [ --enable-broken-natt broken in-kernel NAT-T], 707 [], [enable_broken_natt=no]) 708if test "x$enable_broken_natt" = "xyes"; then 709 AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken]) 710fi 711AC_MSG_RESULT($enable_broken_natt) 712 713AC_MSG_CHECKING(whether we support FWD policy) 714case $host in 715 *linux*) 716 AC_TRY_COMPILE([ 717 #include <inttypes.h> 718 #include <linux/ipsec.h> 719 ], [ 720 int fwd = IPSEC_DIR_FWD; 721 ], 722 [AC_MSG_RESULT(yes) 723 AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])], 724 [AC_MSG_RESULT(no)]) 725 ;; 726 *) 727 AC_MSG_RESULT(no) 728 ;; 729esac 730 731AC_CHECK_TYPE([ipsec_policy_t], 732 [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])], 733 [], 734 [ 735 #include <sys/types.h> 736 #include <netinet6/ipsec.h> 737 ]) 738 739# Check if kernel support is available for Security Context, defaults to no. 740kernel_secctx="no" 741 742AC_MSG_CHECKING(kernel Security Context support) 743case $host_os in 744linux*) 745# Linux kernel Security Context check 746AC_EGREP_CPP(yes, 747[#include <linux/pfkeyv2.h> 748#ifdef SADB_X_EXT_SEC_CTX 749yes 750#endif 751], [kernel_secctx="yes"]) 752 ;; 753esac 754AC_MSG_RESULT($kernel_secctx) 755 756AC_MSG_CHECKING(whether to support Security Context) 757AC_ARG_ENABLE(security-context, 758 [ --enable-security-context enable Security Context(yes/no/kernel)], 759 [if test "$enable_security_context" = "kernel"; then 760 enable_security_context=$kernel_secctx; fi], 761 [enable_security_context=$kernel_secctx]) 762AC_MSG_RESULT($enable_security_context) 763 764if test "$enable_security_context" = "yes"; then 765 if test "$kernel_secctx" = "no" ; then 766 AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.]) 767 else 768 AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context]) 769 SECCTX_OBJS="security.o" 770 AC_SUBST(SECCTX_OBJS) 771 LIBS="$LIBS -lselinux" 772 fi 773fi 774 775CFLAGS="$CFLAGS $CFLAGS_ADD" 776CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD" 777 778case $host in 779 *linux*) 780 # Remove KERNEL_INCLUDE from CPPFLAGS. It will 781 # be symlinked to src/include-glibc/linux in 782 # compile time. 783 CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"` 784 ;; 785esac 786 787include_racoondir=${includedir}/racoon 788AC_SUBST(include_racoondir) 789 790AC_CONFIG_FILES([ 791 Makefile 792 package_version.h 793 src/Makefile 794 src/include-glibc/Makefile 795 src/libipsec/Makefile 796 src/setkey/Makefile 797 src/racoon/Makefile 798 src/racoon/samples/psk.txt 799 src/racoon/samples/racoon.conf 800 rpm/Makefile 801 rpm/suse/Makefile 802 rpm/suse/ipsec-tools.spec 803 ]) 804AC_OUTPUT 805