Annotation of embedaddon/ipsec-tools/configure.ac, revision 1.1

1.1     ! misho       1: dnl -*- mode: m4 -*-
        !             2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
        !             3: 
        !             4: AC_PREREQ(2.52)
        !             5: AC_INIT(ipsec-tools, 0.8.0)
        !             6: AC_CONFIG_SRCDIR([configure.ac])
        !             7: AM_CONFIG_HEADER(config.h)
        !             8: 
        !             9: AM_INIT_AUTOMAKE(dist-bzip2)
        !            10: 
        !            11: AC_ENABLE_SHARED(no)
        !            12: 
        !            13: AC_PROG_CC
        !            14: AM_PROG_CC_STDC
        !            15: AC_HEADER_STDC
        !            16: AC_PROG_LIBTOOL
        !            17: AC_PROG_YACC
        !            18: AM_PROG_LEX
        !            19: AC_SUBST(LEXLIB)
        !            20: AC_PROG_EGREP
        !            21: 
        !            22: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
        !            23: 
        !            24: case $host in
        !            25: *netbsd*)
        !            26:        LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
        !            27:        ;;
        !            28: *linux*)
        !            29:        LIBS="$LIBS -lresolv"
        !            30:        INSTALL_OPTS="-o bin -g bin"
        !            31:        INCLUDE_GLIBC="include-glibc"
        !            32:        RPM="rpm"
        !            33:        AC_SUBST(INSTALL_OPTS)
        !            34:        AC_SUBST(INCLUDE_GLIBC)
        !            35:        AC_SUBST(RPM)
        !            36:        ;;
        !            37: *darwin*)
        !            38:        LIBS="$LIBS -lresolv"
        !            39:        ;;
        !            40: esac
        !            41: 
        !            42: # Look up some IPsec-related headers
        !            43: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
        !            44: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
        !            45: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
        !            46: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
        !            47: 
        !            48: # FreeBSD >=7 has only <netipsec/ipsec.h>
        !            49: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
        !            50: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
        !            51: # we can't decide which one to use (actually <netinet6/ipsec.h>)
        !            52: 
        !            53: 
        !            54: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
        !            55:     have_netinet_ipsec=yes
        !            56:     AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
        !            57: else
        !            58:        if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
        !            59:        have_netinet_ipsec=yes
        !            60:            AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
        !            61:        else
        !            62:                # have_netinet_ipsec will be checked a few lines below
        !            63:            AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
        !            64:        fi
        !            65: fi
        !            66: 
        !            67: case "$host_os" in
        !            68:  *linux*)
        !            69:     AC_ARG_WITH(kernel-headers,
        !            70:        AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
        !            71:                       [where your Linux Kernel headers are installed]),
        !            72:            [ KERNEL_INCLUDE="$with_kernel_headers" 
        !            73:              CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
        !            74:              AC_SUBST(CONFIGURE_AMFLAGS) ],
        !            75:            [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
        !            76: 
        !            77:     AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
        !            78:        [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
        !            79:          KERNEL_INCLUDE=/usr/src/linux/include ,
        !            80:          [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
        !            81:     AC_SUBST(KERNEL_INCLUDE)
        !            82:     # We need the configure script to run with correct kernel headers.
        !            83:     # However we don't want to point to kernel source tree in compile time,
        !            84:     # i.e. this will be removed from CPPFLAGS at the end of configure.
        !            85:     CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
        !            86: 
        !            87:     AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
        !            88:        [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
        !            89:                        [Are PF_KEY policy priorities supported?])], [],
        !            90:        [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
        !            91: 
        !            92:     GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
        !            93:     GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
        !            94:     CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
        !            95:     CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
        !            96:     AC_SUBST(GLIBC_BUGS)
        !            97:     ;;
        !            98:  *)
        !            99:     if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
        !           100:       if test "$have_net_pfkey" = yes; then
        !           101:        AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
        !           102:       else
        !           103:        AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
        !           104:       fi
        !           105:     fi
        !           106:     ;;
        !           107: esac
        !           108: 
        !           109: ### Some basic toolchain checks
        !           110: 
        !           111: # Checks for header files.
        !           112: AC_HEADER_STDC
        !           113: AC_HEADER_SYS_WAIT
        !           114: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
        !           115: AC_CHECK_HEADERS(shadow.h)
        !           116: 
        !           117: # Checks for typedefs, structures, and compiler characteristics.
        !           118: AC_C_CONST
        !           119: AC_TYPE_PID_T
        !           120: AC_TYPE_SIZE_T
        !           121: AC_HEADER_TIME
        !           122: AC_STRUCT_TM
        !           123: 
        !           124: # Checks for library functions.
        !           125: AC_FUNC_MEMCMP
        !           126: AC_TYPE_SIGNAL
        !           127: AC_FUNC_VPRINTF
        !           128: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
        !           129: AC_REPLACE_FUNCS(strdup)
        !           130: RACOON_CHECK_VA_COPY
        !           131: 
        !           132: # Check if printf accepts "%z" type modifier for size_t argument
        !           133: AC_MSG_CHECKING(if printf accepts %z)
        !           134: saved_CFLAGS=$CFLAGS
        !           135: CFLAGS="$CFLAGS -Wall -Werror"
        !           136: AC_TRY_COMPILE([
        !           137: #include <stdio.h>
        !           138: ], [
        !           139: printf("%zu\n", (size_t)-1);
        !           140: ],
        !           141:        [AC_MSG_RESULT(yes)],
        !           142:        [AC_MSG_RESULT(no);
        !           143:         CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
        !           144:         AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
        !           145:        ])
        !           146: CFLAGS=$saved_CFLAGS
        !           147: 
        !           148: # Can we use __func__ macro?
        !           149: AC_MSG_CHECKING(if __func__ is available)
        !           150: AC_TRY_COMPILE(
        !           151: [#include <stdio.h>
        !           152: ], [char *x = __func__;],
        !           153:        [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
        !           154:        AC_MSG_RESULT(yes)],
        !           155:        [AC_MSG_RESULT(no)])
        !           156: 
        !           157: # Check if readline support is requested
        !           158: AC_MSG_CHECKING(if readline support is requested)
        !           159: AC_ARG_WITH(readline,
        !           160:        [  --with-readline         support readline input (yes by default)],
        !           161:        [with_readline="$withval"], [with_readline="yes"])
        !           162: AC_MSG_RESULT($with_readline)
        !           163: 
        !           164: # Is readline available?
        !           165: if test $with_readline != "no"; then
        !           166:        AC_CHECK_HEADER([readline/readline.h], 
        !           167:                [AC_CHECK_LIB(readline, readline, [
        !           168:                                AC_DEFINE(HAVE_READLINE, [],
        !           169:                                        [Is readline available?])
        !           170:                                LIBS="$LIBS -lreadline"
        !           171:                ], [])], [])
        !           172: fi
        !           173: 
        !           174: 
        !           175: AC_MSG_CHECKING(if --with-flex option is specified)
        !           176: AC_ARG_WITH(flexdir,
        !           177:        [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
        !           178:        [flexdir="$withval"])
        !           179: AC_MSG_RESULT(${flexdir-dirdefault})
        !           180: 
        !           181: if test "x$flexdir" != "x"; then
        !           182:        LIBS="$LIBS $flexdir/libfl.a"
        !           183: fi
        !           184: 
        !           185: AC_MSG_CHECKING(if --with-flexlib option is specified)
        !           186: AC_ARG_WITH(flexlib,
        !           187:        [  --with-flexlib=<LIB>    specify flex library.],
        !           188:        [flexlib="$withval"])
        !           189: AC_MSG_RESULT(${flexlib-default})
        !           190: 
        !           191: if test "x$flexlib" != "x"; then
        !           192:        LIBS="$LIBS $flexlib"
        !           193: fi
        !           194: 
        !           195: # Check if a different OpenSSL directory was specified
        !           196: AC_MSG_CHECKING(if --with-openssl option is specified)
        !           197: AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
        !           198:        [crypto_dir=$withval])
        !           199: AC_MSG_RESULT(${crypto_dir-default})
        !           200: 
        !           201: if test "x$crypto_dir" != "x"; then
        !           202:        LIBS="$LIBS -L${crypto_dir}/lib"
        !           203:        CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
        !           204: fi
        !           205: AC_MSG_CHECKING(openssl version)
        !           206: 
        !           207: AC_TRY_COMPILE(
        !           208: [#include <openssl/opensslv.h>
        !           209: ],
        !           210: [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
        !           211: #error OpenSSL version is too old ...
        !           212: #endif],
        !           213: [AC_MSG_RESULT([ok])],
        !           214: [AC_MSG_RESULT(too old)
        !           215: AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
        !           216: ])
        !           217: 
        !           218: AC_CHECK_HEADERS(openssl/engine.h)
        !           219: 
        !           220: # checking rijndael
        !           221: AC_CHECK_HEADERS([openssl/aes.h], [], 
        !           222:        [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
        !           223: 
        !           224: # checking sha2
        !           225: AC_MSG_CHECKING(sha2 support)
        !           226: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
        !           227: AC_MSG_RESULT(yes)
        !           228: AC_CHECK_HEADER(openssl/sha2.h, [], [
        !           229:        AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
        !           230:        AC_TRY_COMPILE([
        !           231:                #ifdef HAVE_SYS_TYPES_H
        !           232:                #include <sys/types.h>
        !           233:                #endif
        !           234:                #include <openssl/sha.h>
        !           235:        ], [
        !           236:                SHA256_CTX ctx;
        !           237:        ], [
        !           238:            AC_MSG_RESULT(yes)
        !           239:            AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
        !           240:        ], [AC_MSG_RESULT(no)
        !           241:            AC_LIBOBJ([sha2])
        !           242:            CRYPTOBJS="$CRYPTOBJS sha2.o"
        !           243:        ])
        !           244: 
        !           245:        CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
        !           246: ])
        !           247: AC_SUBST(CRYPTOBJS)
        !           248: 
        !           249: # checking camellia
        !           250: AC_CHECK_HEADERS([openssl/camellia.h])
        !           251: 
        !           252: 
        !           253: # Option --enable-adminport 
        !           254: AC_MSG_CHECKING(if --enable-adminport option is specified)
        !           255: AC_ARG_ENABLE(adminport,
        !           256:        [  --enable-adminport      enable admin port],
        !           257:        [], [enable_adminport=no])
        !           258: if test $enable_adminport = "yes"; then
        !           259:        AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
        !           260: fi
        !           261: AC_MSG_RESULT($enable_adminport)
        !           262: 
        !           263: # Option RC5
        !           264: AC_MSG_CHECKING(if --enable-rc5 option is specified)
        !           265: AC_ARG_ENABLE(rc5,
        !           266:        [  --enable-rc5         enable RC5 encryption (patented)],
        !           267:        [], [enable_rc5=no])
        !           268: AC_MSG_RESULT($enable_rc5)
        !           269: 
        !           270: if test $enable_rc5 = "yes"; then
        !           271:        AC_CHECK_HEADERS([openssl/rc5.h])
        !           272:        AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
        !           273:            [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
        !           274: fi
        !           275: 
        !           276: # Option IDEA
        !           277: AC_MSG_CHECKING(if --enable-idea option is specified)
        !           278: AC_ARG_ENABLE(idea,
        !           279:        [  --enable-idea        enable IDEA encryption (patented)],
        !           280:        [], [enable_idea=no])
        !           281: AC_MSG_RESULT($enable_idea)
        !           282: 
        !           283: if test $enable_idea = "yes"; then
        !           284:        AC_CHECK_HEADERS([openssl/idea.h])
        !           285:        AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
        !           286:            [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
        !           287: fi
        !           288: AC_SUBST(EXTRA_CRYPTO)
        !           289: 
        !           290: # For dynamic libradius
        !           291: RACOON_PATH_LIBS([MD5_Init], [crypto])
        !           292: 
        !           293: # Check if we need -lutil for login(3)
        !           294: RACOON_PATH_LIBS([login], [util])
        !           295: 
        !           296: # Specify libiconv prefix
        !           297: AC_MSG_CHECKING(if --with-libiconv option is specified)
        !           298: AC_ARG_WITH(libiconv, 
        !           299:     [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
        !           300:     [libiconv_dir=$withval], 
        !           301:     [libiconv_dir=no])
        !           302: AC_MSG_RESULT($libiconv_dir)
        !           303: if test "$libiconv_dir" != "no"; then
        !           304:        if test "$libiconv_dir" = "yes" ; then
        !           305:                  libiconv_dir="";
        !           306:        fi;
        !           307:        if test "x$libiconv_dir" = "x"; then
        !           308:                RACOON_PATH_LIBS([iconv_open], [iconv])
        !           309:        else
        !           310:                if test -d "$libiconv_dir/lib" -a \
        !           311:                    -d "$libiconv_dir/include" ; then
        !           312:                        RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
        !           313:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
        !           314:                else
        !           315:                        AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
        !           316:                fi
        !           317:        fi
        !           318:        LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
        !           319:        AC_CHECK_FUNCS(iconv_open)
        !           320: fi
        !           321: 
        !           322: AC_MSG_CHECKING([if --enable-hybrid option is specified])
        !           323: AC_ARG_ENABLE(hybrid, 
        !           324:     [  --enable-hybrid   enable hybrid, both mode-cfg and xauth support],
        !           325:     [], [enable_hybrid=no])
        !           326: AC_MSG_RESULT($enable_hybrid)
        !           327: 
        !           328: if test "x$enable_hybrid" = "xyes"; then
        !           329:        case $host in
        !           330:                *darwin*)
        !           331:                ;;
        !           332:        *)
        !           333:                LIBS="$LIBS -lcrypt";
        !           334:                ;;
        !           335:        esac
        !           336:        HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
        !           337:        AC_SUBST(HYBRID_OBJS)
        !           338:        AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
        !           339: fi
        !           340: 
        !           341: AC_MSG_CHECKING([if --enable-frag option is specified])
        !           342: AC_ARG_ENABLE(frag, 
        !           343:     [  --enable-frag           enable IKE fragmentation payload support],
        !           344:     [], [enable_frag=no])
        !           345: AC_MSG_RESULT($enable_frag)
        !           346: 
        !           347: if test "x$enable_frag" = "xyes"; then
        !           348:        case $host in
        !           349:        *darwin*)
        !           350:                ;;
        !           351:        *)
        !           352:                LIBS="$LIBS -lcrypt"; 
        !           353:                ;;
        !           354:        esac
        !           355:        FRAG_OBJS="isakmp_frag.o"
        !           356:        AC_SUBST(FRAG_OBJS)
        !           357:        AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
        !           358: fi
        !           359: 
        !           360: AC_MSG_CHECKING(if --with-libradius option is specified)
        !           361: AC_ARG_WITH(libradius, 
        !           362:     [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
        !           363:     [libradius_dir=$withval], 
        !           364:     [libradius_dir=no])
        !           365: AC_MSG_RESULT($libradius_dir)
        !           366: if test "$libradius_dir" != "no"; then
        !           367:        if test "$libradius_dir" = "yes" ; then
        !           368:                  libradius_dir="";
        !           369:        fi;
        !           370:        if test "x$libradius_dir" = "x"; then
        !           371:                RACOON_PATH_LIBS([rad_create_request], [radius])
        !           372:        else
        !           373:                if test -d "$libradius_dir/lib" -a \
        !           374:                    -d "$libradius_dir/include" ; then
        !           375:                        RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
        !           376:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
        !           377:                else
        !           378:                        AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
        !           379:                fi
        !           380:        fi
        !           381:        AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
        !           382:        LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
        !           383:        AC_CHECK_FUNCS(rad_create_request)
        !           384: fi
        !           385: 
        !           386: AC_MSG_CHECKING(if --with-libpam option is specified)
        !           387: AC_ARG_WITH(libpam, 
        !           388:     [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
        !           389:     [libpam_dir=$withval], 
        !           390:     [libpam_dir=no])
        !           391: AC_MSG_RESULT($libpam_dir)
        !           392: if test "$libpam_dir" != "no"; then
        !           393:        if test "$libpam_dir" = "yes" ; then
        !           394:                  libpam_dir="";
        !           395:        fi;
        !           396:        if test "x$libpam_dir" = "x"; then
        !           397:                RACOON_PATH_LIBS([pam_start], [pam])
        !           398:        else
        !           399:                if test -d "$libpam_dir/lib" -a \
        !           400:                    -d "$libpam_dir/include" ; then
        !           401:                        RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
        !           402:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
        !           403:                else
        !           404:                        AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
        !           405:                fi
        !           406:        fi
        !           407:        AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
        !           408:        LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
        !           409:        AC_CHECK_FUNCS(pam_start)
        !           410: fi
        !           411: 
        !           412: AC_MSG_CHECKING(if --with-libldap option is specified)
        !           413: AC_ARG_WITH(libldap, 
        !           414:     [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
        !           415:     [libldap_dir=$withval], 
        !           416:     [libldap_dir=no])
        !           417: AC_MSG_RESULT($libldap_dir)
        !           418: if test "$libldap_dir" != "no"; then
        !           419:        if test "$libldap_dir" = "yes" ; then
        !           420:                  libldap_dir="";
        !           421:        fi;
        !           422:        if test "x$libldap_dir" = "x"; then
        !           423:                RACOON_PATH_LIBS([ldap_init], [ldap])
        !           424:        else
        !           425:                if test -d "$libldap_dir/lib" -a \
        !           426:                    -d "$libldap_dir/include" ; then
        !           427:                        RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
        !           428:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
        !           429:                else
        !           430:                        AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
        !           431:                fi
        !           432:        fi
        !           433:        AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
        !           434:        LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
        !           435: 
        !           436:        saved_CFLAGS=$CFLAGS
        !           437:        CFLAGS="$CFLAGS -Wall -Werror"
        !           438:        saved_CPPFLAGS=$CPPFLAGS
        !           439:         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
        !           440:        AC_TRY_COMPILE(
        !           441:                [#include <ldap.h>],
        !           442:                [
        !           443:                        #if LDAP_API_VERSION < 2004
        !           444:                        #error OpenLDAP version is too old ...
        !           445:                        #endif
        !           446:                ],
        !           447:                [AC_MSG_RESULT([ok])],
        !           448:                [
        !           449:                        AC_MSG_RESULT(too old)
        !           450:                        AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
        !           451:                ])
        !           452:        CFLAGS=$saved_CFLAGS
        !           453:        CPPFLAGS=$saved_CPPFLAGS
        !           454: fi
        !           455: 
        !           456: # Check for Kerberos5 support
        !           457: # XXX This must come after all --with-* tests, else the
        !           458: # -liconv checks will not work
        !           459: AC_MSG_CHECKING(if --enable-gssapi option is specified)
        !           460: AC_ARG_ENABLE(gssapi,
        !           461:        [  --enable-gssapi         enable GSS-API authentication],
        !           462:        [], [enable_gssapi=no])
        !           463: AC_MSG_RESULT($enable_gssapi)
        !           464: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
        !           465: if test "x$enable_gssapi" = "xyes"; then
        !           466:        if test "$KRB5_CONFIG" != "no"; then
        !           467:                krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
        !           468:                krb5_libs="`$KRB5_CONFIG --libs gssapi`"
        !           469:        else
        !           470:                # No krb5-config; let's make some assumptions based on
        !           471:                # the OS.
        !           472:                case $host_os in
        !           473:                netbsd*)
        !           474:                        krb5_incdir="-I/usr/include/krb5"
        !           475:                        krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
        !           476:                        ;;
        !           477:                *)
        !           478:                        AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
        !           479:                        ;;
        !           480:                esac
        !           481:        fi
        !           482:        LIBS="$LIBS $krb5_libs"
        !           483:        CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
        !           484:        AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
        !           485: 
        !           486:        # Check if iconv 2nd argument needs const 
        !           487:        saved_CFLAGS=$CFLAGS
        !           488:        CFLAGS="$CFLAGS -Wall -Werror"
        !           489:        saved_CPPFLAGS=$CPPFLAGS
        !           490:         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
        !           491:        AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
        !           492:        AC_MSG_CHECKING([if iconv second argument needs const])
        !           493:        AC_TRY_COMPILE([
        !           494:                #include <iconv.h>
        !           495:                #include <stdio.h>
        !           496:        ], [
        !           497:                iconv_t cd = NULL;
        !           498:                const char **src = NULL;
        !           499:                size_t *srcleft = NULL;
        !           500:                char **dst = NULL;
        !           501:                size_t *dstleft = NULL;
        !           502: 
        !           503:                (void)iconv(cd, src, srcleft, dst, dstleft);
        !           504:        ], [AC_MSG_RESULT(yes)
        !           505:            AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
        !           506:        ], [AC_MSG_RESULT(no)])
        !           507:        CFLAGS=$saved_CFLAGS
        !           508:        CPPFLAGS=$saved_CPPFLAGS
        !           509: 
        !           510:        # libiconv is often integrated into libc. If a with-* option
        !           511:        # caused a non libc-based iconv.h to be catched instead of
        !           512:        # the libc-based iconv.h, then we need to link with -liconv
        !           513:        AC_MSG_CHECKING(if -liconv is required)
        !           514:        saved_CPPFLAGS=$CPPFLAGS
        !           515:        saved_LIBS=$LIBS
        !           516:        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
        !           517:        AC_TRY_LINK([
        !           518:                #include <iconv.h>
        !           519:        ], [
        !           520:                (void)iconv_open("ascii", "ascii");
        !           521:        ],
        !           522:                [AC_MSG_RESULT(no)],
        !           523:                [
        !           524:                        LIBS="$LIBS -liconv"
        !           525:                        AC_TRY_LINK([
        !           526:                                #include <iconv.h>
        !           527:                ], [
        !           528:                                (void)iconv_open("ascii", "ascii");
        !           529:                        ],
        !           530:                        [
        !           531:                                AC_MSG_RESULT(yes)
        !           532:                                saved_LIBS=$LIBS
        !           533:                        ], [
        !           534:                                AC_MSG_ERROR([cannot use iconv])
        !           535:                        ])
        !           536:                ])
        !           537:        CPPFLAGS=$saved_CPPFLAGS
        !           538:        LIBS=$saved_LIBS
        !           539: fi
        !           540: 
        !           541: AC_MSG_CHECKING(if --enable-stats option is specified)
        !           542: AC_ARG_ENABLE(stats,
        !           543:         [  --enable-stats          enable statistics logging function],
        !           544:         [], [enable_stats=no])
        !           545: if test "x$enable_stats" = "xyes"; then
        !           546:        AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
        !           547: fi
        !           548: AC_MSG_RESULT($enable_stats)
        !           549: 
        !           550: AC_MSG_CHECKING(if --enable-dpd option is specified)
        !           551: AC_ARG_ENABLE(dpd,
        !           552:         [  --enable-dpd            enable dead peer detection],
        !           553:         [], [enable_dpd=no])
        !           554: if test "x$enable_dpd" = "xyes"; then
        !           555:        AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
        !           556: fi
        !           557: AC_MSG_RESULT($enable_dpd)
        !           558: 
        !           559: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
        !           560: AC_ARG_ENABLE(samode-unspec,
        !           561:         [  --enable-samode-unspec  enable to use unspecified a mode of SA],
        !           562:         [], [enable_samode_unspec=no])
        !           563: if test "x$enable_samode_unspec" = "xyes"; then
        !           564:        case $host_os in
        !           565:        *linux*)
        !           566:                cat << EOC
        !           567:                
        !           568: ERROR: --enable-samode-unspec is not supported under linux 
        !           569: because linux kernel do not support it. This option is disabled 
        !           570: to prevent mysterious problems.
        !           571: 
        !           572: If you REALLY know what your are doing, remove this check.
        !           573: EOC
        !           574:                exit 1;
        !           575:                ;;
        !           576:        esac
        !           577:        AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
        !           578: fi
        !           579: AC_MSG_RESULT($enable_samode_unspec)
        !           580: 
        !           581: # Checks if IPv6 is requested
        !           582: AC_MSG_CHECKING([whether to enable ipv6])
        !           583: AC_ARG_ENABLE(ipv6,
        !           584: [  --disable-ipv6          disable ipv6 support],
        !           585: [ case "$enableval" in
        !           586:   no)
        !           587:        AC_MSG_RESULT(no)
        !           588:        ipv6=no
        !           589:        ;;
        !           590:   *)   AC_MSG_RESULT(yes)
        !           591:        ipv6=yes
        !           592:        ;;
        !           593:   esac ],
        !           594: 
        !           595:   AC_TRY_RUN([ /* AF_INET6 avalable check */
        !           596: #include <sys/types.h>
        !           597: #include <sys/socket.h>
        !           598: main()
        !           599: {
        !           600:   exit(0);
        !           601:  if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
        !           602:    exit(1);
        !           603:  else
        !           604:    exit(0);
        !           605: }
        !           606: ],
        !           607:   AC_MSG_RESULT(yes)
        !           608:   AC_DEFINE([INET6], [], [Support IPv6])
        !           609:   ipv6=yes,
        !           610:   AC_MSG_RESULT(no)
        !           611:   ipv6=no,
        !           612:   AC_MSG_RESULT(no)
        !           613:   ipv6=no
        !           614: ))
        !           615: 
        !           616: if test "$ipv6" = "yes"; then
        !           617:        AC_DEFINE([INET6], [], [Support IPv6])
        !           618:        AC_MSG_CHECKING(for advanced API support)
        !           619:        AC_TRY_COMPILE([#ifndef INET6
        !           620: #define INET6
        !           621: #endif
        !           622: #include <sys/types.h>
        !           623: #include <netinet/in.h>],
        !           624:                [struct in6_pktinfo a;],
        !           625:                [AC_MSG_RESULT(yes)
        !           626:                 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
        !           627:                [AC_MSG_RESULT(no)])
        !           628: fi
        !           629: 
        !           630: RACOON_CHECK_BUGGY_GETADDRINFO
        !           631: if test "$buggygetaddrinfo" = "yes"; then
        !           632:        AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
        !           633: fi
        !           634: 
        !           635: # Check if kernel support is available for NAT-T, defaults to no. 
        !           636: kernel_natt="no"
        !           637: 
        !           638: AC_MSG_CHECKING(kernel NAT-Traversal support)
        !           639: case $host_os in
        !           640: linux*)
        !           641: # Linux kernel NAT-T check
        !           642: AC_EGREP_CPP(yes, 
        !           643: [#include <linux/pfkeyv2.h>
        !           644: #ifdef SADB_X_EXT_NAT_T_TYPE
        !           645: yes
        !           646: #endif
        !           647: ], [kernel_natt="yes"])
        !           648:        ;;
        !           649: freebsd*|netbsd*)
        !           650: # NetBSD case
        !           651: # Same check for FreeBSD
        !           652: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
        !           653:        [kernel_natt="yes"],, [
        !           654: #define _KERNEL
        !           655: #include <sys/types.h>
        !           656: #include <net/pfkeyv2.h>
        !           657: ])
        !           658:        ;;
        !           659: esac
        !           660: AC_MSG_RESULT($kernel_natt)
        !           661: 
        !           662: AC_MSG_CHECKING(whether to support NAT-T)
        !           663: AC_ARG_ENABLE(natt,
        !           664:        [  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
        !           665:         [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
        !           666:        [ enable_natt=no ])
        !           667: AC_MSG_RESULT($enable_natt)
        !           668: 
        !           669: if test "$enable_natt" = "yes"; then
        !           670:        if test "$kernel_natt" = "no" ; then 
        !           671:                AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
        !           672:        else
        !           673:                AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
        !           674:                NATT_OBJS="nattraversal.o"
        !           675:                AC_SUBST(NATT_OBJS)
        !           676:        fi
        !           677: fi
        !           678: 
        !           679: # Set up defines for supported NAT-T versions.
        !           680: natt_versions_default="00,02,rfc"
        !           681: AC_MSG_CHECKING(which NAT-T versions to support)
        !           682: AC_ARG_ENABLE(natt_versions,
        !           683:        [  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
        !           684:        [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
        !           685:        [ enable_natt_versions=$natt_versions_default ])
        !           686: if test "$enable_natt" = "yes"; then
        !           687:        AC_MSG_RESULT($enable_natt_versions)
        !           688:        for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
        !           689:                case $i in 
        !           690:                        0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
        !           691:                        1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
        !           692:                        2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
        !           693:                        3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
        !           694:                        4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
        !           695:                        5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
        !           696:                        6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
        !           697:                        7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
        !           698:                        8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
        !           699:                        RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
        !           700:                        *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
        !           701:                esac
        !           702:        done
        !           703:        unset i
        !           704: else
        !           705:        AC_MSG_RESULT([none])
        !           706: fi
        !           707: 
        !           708: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
        !           709: AC_ARG_ENABLE(broken-natt,
        !           710:        [  --enable-broken-natt    broken in-kernel NAT-T],
        !           711:         [], [enable_broken_natt=no])
        !           712: if test "x$enable_broken_natt" = "xyes"; then
        !           713:        AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
        !           714: fi
        !           715: AC_MSG_RESULT($enable_broken_natt)
        !           716: 
        !           717: AC_MSG_CHECKING(whether we support FWD policy)
        !           718: case $host in
        !           719:        *linux*)
        !           720:                AC_TRY_COMPILE([
        !           721:                #include <inttypes.h>
        !           722:                #include <linux/ipsec.h>
        !           723:                        ], [
        !           724:                        int fwd = IPSEC_DIR_FWD;
        !           725:                        ],
        !           726:                        [AC_MSG_RESULT(yes)
        !           727:                         AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
        !           728:                        [AC_MSG_RESULT(no)])
        !           729:                ;;
        !           730:        *)
        !           731:                AC_MSG_RESULT(no)
        !           732:                ;;
        !           733: esac
        !           734: 
        !           735: AC_CHECK_TYPE([ipsec_policy_t], 
        !           736:              [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
        !           737:              [],
        !           738:              [
        !           739:                #include <sys/types.h>
        !           740:                #include <netinet6/ipsec.h>
        !           741:              ])
        !           742: 
        !           743: # Check if kernel support is available for Security Context, defaults to no.
        !           744: kernel_secctx="no"
        !           745: 
        !           746: AC_MSG_CHECKING(kernel Security Context support)
        !           747: case $host_os in
        !           748: linux*)
        !           749: # Linux kernel Security Context check
        !           750: AC_EGREP_CPP(yes,
        !           751: [#include <linux/pfkeyv2.h>
        !           752: #ifdef SADB_X_EXT_SEC_CTX
        !           753: yes
        !           754: #endif
        !           755: ], [kernel_secctx="yes"])
        !           756:        ;;
        !           757: esac
        !           758: AC_MSG_RESULT($kernel_secctx)
        !           759: 
        !           760: AC_CHECK_HEADER(selinux/selinux.h,
        !           761:        [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 
        !           762:        [selinux_support=no])], [selinux_support=no])
        !           763: 
        !           764: AC_MSG_CHECKING(whether to support Security Context)
        !           765: AC_ARG_ENABLE(security-context,
        !           766:        [  --enable-security-context    enable Security Context(yes/no/kernel)],
        !           767:        [if test "$enable_security_context" = "kernel"; then
        !           768:                enable_security_context=$kernel_secctx; fi],
        !           769:        [enable_security_context=$kernel_secctx])
        !           770: AC_MSG_RESULT($enable_security_context)
        !           771: 
        !           772: if test "$enable_security_context" = "yes"; then
        !           773:        if test "$kernel_secctx" = "no" ; then
        !           774:                AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
        !           775:        else
        !           776:                if test "$selinux_support" = "no"; then
        !           777:                        AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
        !           778:                else
        !           779:                        AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
        !           780:                        SECCTX_OBJS="security.o"
        !           781:                        AC_SUBST(SECCTX_OBJS)
        !           782:                        LIBS="$LIBS -lselinux"
        !           783:                fi
        !           784:        fi
        !           785: fi
        !           786: 
        !           787: RACOON_PATH_LIBS([clock_gettime], [rt])
        !           788: 
        !           789: AC_MSG_CHECKING(for monotonic system clock)
        !           790: AC_TRY_COMPILE(
        !           791:        [#include <time.h>],
        !           792:        [clock_gettime(CLOCK_MONOTONIC, NULL);],
        !           793:        [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
        !           794:         AC_MSG_RESULT(yes)],
        !           795:        [AC_MSG_RESULT(no)])
        !           796: 
        !           797: CFLAGS="$CFLAGS $CFLAGS_ADD"
        !           798: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
        !           799: 
        !           800: case $host in
        !           801:        *linux*)
        !           802:                # Remove KERNEL_INCLUDE from CPPFLAGS. It will
        !           803:                # be symlinked to src/include-glibc/linux in
        !           804:                # compile time.
        !           805:                CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
        !           806:                ;;
        !           807: esac
        !           808: 
        !           809: include_racoondir=${includedir}/racoon
        !           810: AC_SUBST(include_racoondir)
        !           811: 
        !           812: AC_CONFIG_FILES([
        !           813:   Makefile
        !           814:   package_version.h
        !           815:   src/Makefile
        !           816:   src/include-glibc/Makefile
        !           817:   src/libipsec/Makefile
        !           818:   src/setkey/Makefile
        !           819:   src/racoon/Makefile
        !           820:   src/racoon/samples/psk.txt
        !           821:   src/racoon/samples/racoon.conf
        !           822:   rpm/Makefile
        !           823:   rpm/suse/Makefile
        !           824:   rpm/suse/ipsec-tools.spec
        !           825:   ])
        !           826: AC_OUTPUT

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>