Annotation of embedaddon/ipsec-tools/configure.ac, revision 1.1.1.1

1.1       misho       1: dnl -*- mode: m4 -*-
                      2: dnl Id: configure.ac,v 1.77 2006/07/20 19:19:27 manubsd Exp
                      3: 
                      4: AC_PREREQ(2.52)
                      5: AC_INIT(ipsec-tools, 0.8.0)
                      6: AC_CONFIG_SRCDIR([configure.ac])
                      7: AM_CONFIG_HEADER(config.h)
                      8: 
                      9: AM_INIT_AUTOMAKE(dist-bzip2)
                     10: 
                     11: AC_ENABLE_SHARED(no)
                     12: 
                     13: AC_PROG_CC
                     14: AM_PROG_CC_STDC
                     15: AC_HEADER_STDC
                     16: AC_PROG_LIBTOOL
                     17: AC_PROG_YACC
                     18: AM_PROG_LEX
                     19: AC_SUBST(LEXLIB)
                     20: AC_PROG_EGREP
                     21: 
                     22: CFLAGS_ADD="$CFLAGS_ADD -Wall -Werror -Wno-unused"
                     23: 
                     24: case $host in
                     25: *netbsd*)
                     26:        LDFLAGS="-Wl,-R/usr/pkg/lib $LDFLAGS"
                     27:        ;;
                     28: *linux*)
                     29:        LIBS="$LIBS -lresolv"
                     30:        INSTALL_OPTS="-o bin -g bin"
                     31:        INCLUDE_GLIBC="include-glibc"
                     32:        RPM="rpm"
                     33:        AC_SUBST(INSTALL_OPTS)
                     34:        AC_SUBST(INCLUDE_GLIBC)
                     35:        AC_SUBST(RPM)
                     36:        ;;
                     37: *darwin*)
                     38:        LIBS="$LIBS -lresolv"
                     39:        ;;
                     40: esac
                     41: 
                     42: # Look up some IPsec-related headers
                     43: AC_CHECK_HEADER(net/pfkeyv2.h, [have_net_pfkey=yes], [have_net_pfkey=no])
                     44: AC_CHECK_HEADER(netinet/ipsec.h, [have_netinet_ipsec=yes], [have_netinet_ipsec=no])
                     45: AC_CHECK_HEADER(netinet6/ipsec.h, [have_netinet6_ipsec=yes], [have_netinet6_ipsec=no])
                     46: AC_CHECK_HEADER(netipsec/ipsec.h, [have_netipsec_ipsec=yes], [have_netipsec_ipsec=no])
                     47: 
                     48: # FreeBSD >=7 has only <netipsec/ipsec.h>
                     49: # NetBSD has <netinet6/ipsec.h> but not <netinet/ipsec.h>
                     50: # XXX some *BSD still have both <netinet6/ipsec.h> and <netipsec/ipsec.h>,
                     51: # we can't decide which one to use (actually <netinet6/ipsec.h>)
                     52: 
                     53: 
                     54: if test "$have_netinet_ipsec$have_netinet6_ipsec$have_netipsec_ipsec" = nonoyes; then
                     55:     have_netinet_ipsec=yes
                     56:     AC_DEFINE(PATH_IPSEC_H, [<netipsec/ipsec.h>], [Path to ipsec.h])
                     57: else
                     58:        if test "$have_netinet_ipsec$have_netinet6_ipsec" = noyes; then
                     59:        have_netinet_ipsec=yes
                     60:            AC_DEFINE(PATH_IPSEC_H, [<netinet6/ipsec.h>], [Path to ipsec.h])
                     61:        else
                     62:                # have_netinet_ipsec will be checked a few lines below
                     63:            AC_DEFINE(PATH_IPSEC_H, [<netinet/ipsec.h>], [Path to ipsec.h])
                     64:        fi
                     65: fi
                     66: 
                     67: case "$host_os" in
                     68:  *linux*)
                     69:     AC_ARG_WITH(kernel-headers,
                     70:        AC_HELP_STRING([--with-kernel-headers=/lib/modules/<uname>/build/include],
                     71:                       [where your Linux Kernel headers are installed]),
                     72:            [ KERNEL_INCLUDE="$with_kernel_headers" 
                     73:              CONFIGURE_AMFLAGS="--with-kernel-headers=$with_kernel_headers"
                     74:              AC_SUBST(CONFIGURE_AMFLAGS) ],
                     75:            [ KERNEL_INCLUDE="/lib/modules/`uname -r`/build/include" ])
                     76: 
                     77:     AC_CHECK_HEADER($KERNEL_INCLUDE/linux/pfkeyv2.h, ,
                     78:        [ AC_CHECK_HEADER(/usr/src/linux/include/linux/pfkeyv2.h,
                     79:          KERNEL_INCLUDE=/usr/src/linux/include ,
                     80:          [ AC_MSG_ERROR([Unable to find linux-2.6 kernel headers. Aborting.]) ] ) ] )
                     81:     AC_SUBST(KERNEL_INCLUDE)
                     82:     # We need the configure script to run with correct kernel headers.
                     83:     # However we don't want to point to kernel source tree in compile time,
                     84:     # i.e. this will be removed from CPPFLAGS at the end of configure.
                     85:     CPPFLAGS="-I$KERNEL_INCLUDE $CPPFLAGS"
                     86: 
                     87:     AC_CHECK_MEMBER(struct sadb_x_policy.sadb_x_policy_priority, 
                     88:        [AC_DEFINE(HAVE_PFKEY_POLICY_PRIORITY, [],
                     89:                        [Are PF_KEY policy priorities supported?])], [],
                     90:        [#include "$KERNEL_INCLUDE/linux/pfkeyv2.h"])
                     91: 
                     92:     GLIBC_BUGS='-include ${top_srcdir}/src/include-glibc/glibc-bugs.h -I${top_srcdir}/src/include-glibc -I${top_builddir}/src/include-glibc'
                     93:     GLIBC_BUGS_LOCAL="-include ${srcdir-.}/src/include-glibc/glibc-bugs.h -I${srcdir-.}/src/include-glibc -I./src/include-glibc"
                     94:     CPPFLAGS="$GLIBC_BUGS_LOCAL $CPPFLAGS"
                     95:     CPPFLAGS="-D_GNU_SOURCE $CPPFLAGS"
                     96:     AC_SUBST(GLIBC_BUGS)
                     97:     ;;
                     98:  *)
                     99:     if test "$have_net_pfkey$have_netinet_ipsec" != yesyes; then
                    100:       if test "$have_net_pfkey" = yes; then
                    101:        AC_MSG_ERROR([Found net/pfkeyv2.h but not netinet/ipsec.h. Aborting.])
                    102:       else
                    103:        AC_MSG_ERROR([Found netinet/ipsec.h but not net/pfkeyv2.h. Aborting.])
                    104:       fi
                    105:     fi
                    106:     ;;
                    107: esac
                    108: 
                    109: ### Some basic toolchain checks
                    110: 
                    111: # Checks for header files.
                    112: AC_HEADER_STDC
                    113: AC_HEADER_SYS_WAIT
                    114: AC_CHECK_HEADERS(limits.h sys/time.h unistd.h stdarg.h varargs.h)
                    115: AC_CHECK_HEADERS(shadow.h)
                    116: 
                    117: # Checks for typedefs, structures, and compiler characteristics.
                    118: AC_C_CONST
                    119: AC_TYPE_PID_T
                    120: AC_TYPE_SIZE_T
                    121: AC_HEADER_TIME
                    122: AC_STRUCT_TM
                    123: 
                    124: # Checks for library functions.
                    125: AC_FUNC_MEMCMP
                    126: AC_TYPE_SIGNAL
                    127: AC_FUNC_VPRINTF
                    128: AC_CHECK_FUNCS(gettimeofday select socket strerror strtol strtoul strlcpy strlcat)
                    129: AC_REPLACE_FUNCS(strdup)
                    130: RACOON_CHECK_VA_COPY
                    131: 
                    132: # Check if printf accepts "%z" type modifier for size_t argument
                    133: AC_MSG_CHECKING(if printf accepts %z)
                    134: saved_CFLAGS=$CFLAGS
                    135: CFLAGS="$CFLAGS -Wall -Werror"
                    136: AC_TRY_COMPILE([
                    137: #include <stdio.h>
                    138: ], [
                    139: printf("%zu\n", (size_t)-1);
                    140: ],
                    141:        [AC_MSG_RESULT(yes)],
                    142:        [AC_MSG_RESULT(no);
                    143:         CFLAGS_ADD="$CFLAGS_ADD -Wno-format";
                    144:         AC_DEFINE(BROKEN_PRINTF, [], [If printf doesn't support %zu.])
                    145:        ])
                    146: CFLAGS=$saved_CFLAGS
                    147: 
                    148: # Can we use __func__ macro?
                    149: AC_MSG_CHECKING(if __func__ is available)
                    150: AC_TRY_COMPILE(
                    151: [#include <stdio.h>
                    152: ], [char *x = __func__;],
                    153:        [AC_DEFINE([HAVE_FUNC_MACRO], [], [Have __func__ macro])
                    154:        AC_MSG_RESULT(yes)],
                    155:        [AC_MSG_RESULT(no)])
                    156: 
                    157: # Check if readline support is requested
                    158: AC_MSG_CHECKING(if readline support is requested)
                    159: AC_ARG_WITH(readline,
                    160:        [  --with-readline         support readline input (yes by default)],
                    161:        [with_readline="$withval"], [with_readline="yes"])
                    162: AC_MSG_RESULT($with_readline)
                    163: 
                    164: # Is readline available?
                    165: if test $with_readline != "no"; then
                    166:        AC_CHECK_HEADER([readline/readline.h], 
                    167:                [AC_CHECK_LIB(readline, readline, [
                    168:                                AC_DEFINE(HAVE_READLINE, [],
                    169:                                        [Is readline available?])
                    170:                                LIBS="$LIBS -lreadline"
                    171:                ], [])], [])
                    172: fi
                    173: 
                    174: 
                    175: AC_MSG_CHECKING(if --with-flex option is specified)
                    176: AC_ARG_WITH(flexdir,
                    177:        [AC_HELP_STRING([--with-flex], [use directiory (default: no)])],
                    178:        [flexdir="$withval"])
                    179: AC_MSG_RESULT(${flexdir-dirdefault})
                    180: 
                    181: if test "x$flexdir" != "x"; then
                    182:        LIBS="$LIBS $flexdir/libfl.a"
                    183: fi
                    184: 
                    185: AC_MSG_CHECKING(if --with-flexlib option is specified)
                    186: AC_ARG_WITH(flexlib,
                    187:        [  --with-flexlib=<LIB>    specify flex library.],
                    188:        [flexlib="$withval"])
                    189: AC_MSG_RESULT(${flexlib-default})
                    190: 
                    191: if test "x$flexlib" != "x"; then
                    192:        LIBS="$LIBS $flexlib"
                    193: fi
                    194: 
                    195: # Check if a different OpenSSL directory was specified
                    196: AC_MSG_CHECKING(if --with-openssl option is specified)
                    197: AC_ARG_WITH(openssl, [  --with-openssl=DIR      specify OpenSSL directory],
                    198:        [crypto_dir=$withval])
                    199: AC_MSG_RESULT(${crypto_dir-default})
                    200: 
                    201: if test "x$crypto_dir" != "x"; then
                    202:        LIBS="$LIBS -L${crypto_dir}/lib"
                    203:        CPPFLAGS="-I${crypto_dir}/include $CPPFLAGS"
                    204: fi
                    205: AC_MSG_CHECKING(openssl version)
                    206: 
                    207: AC_TRY_COMPILE(
                    208: [#include <openssl/opensslv.h>
                    209: ],
                    210: [#if OPENSSL_VERSION_NUMBER < 0x0090602fL
                    211: #error OpenSSL version is too old ...
                    212: #endif],
                    213: [AC_MSG_RESULT([ok])],
                    214: [AC_MSG_RESULT(too old)
                    215: AC_MSG_ERROR([OpenSSL version must be 0.9.6 or higher. Aborting.])
                    216: ])
                    217: 
                    218: AC_CHECK_HEADERS(openssl/engine.h)
                    219: 
                    220: # checking rijndael
                    221: AC_CHECK_HEADERS([openssl/aes.h], [], 
                    222:        [CRYPTOBJS="$CRYPTOBJS rijndael-api-fst.o rijndael-alg-fst.o"])
                    223: 
                    224: # checking sha2
                    225: AC_MSG_CHECKING(sha2 support)
                    226: AC_DEFINE([WITH_SHA2], [], [SHA2 support])
                    227: AC_MSG_RESULT(yes)
                    228: AC_CHECK_HEADER(openssl/sha2.h, [], [
                    229:        AC_MSG_CHECKING(if sha2 is defined in openssl/sha.h)
                    230:        AC_TRY_COMPILE([
                    231:                #ifdef HAVE_SYS_TYPES_H
                    232:                #include <sys/types.h>
                    233:                #endif
                    234:                #include <openssl/sha.h>
                    235:        ], [
                    236:                SHA256_CTX ctx;
                    237:        ], [
                    238:            AC_MSG_RESULT(yes)
                    239:            AC_DEFINE([HAVE_SHA2_IN_SHA_H], [], [sha2 is defined in sha.h])
                    240:        ], [AC_MSG_RESULT(no)
                    241:            AC_LIBOBJ([sha2])
                    242:            CRYPTOBJS="$CRYPTOBJS sha2.o"
                    243:        ])
                    244: 
                    245:        CPPFLAGS_ADD="$CPPFLAGS_ADD -I\${top_srcdir}/src/racoon/missing"
                    246: ])
                    247: AC_SUBST(CRYPTOBJS)
                    248: 
                    249: # checking camellia
                    250: AC_CHECK_HEADERS([openssl/camellia.h])
                    251: 
                    252: 
                    253: # Option --enable-adminport 
                    254: AC_MSG_CHECKING(if --enable-adminport option is specified)
                    255: AC_ARG_ENABLE(adminport,
                    256:        [  --enable-adminport      enable admin port],
                    257:        [], [enable_adminport=no])
                    258: if test $enable_adminport = "yes"; then
                    259:        AC_DEFINE([ENABLE_ADMINPORT], [], [Enable admin port])
                    260: fi
                    261: AC_MSG_RESULT($enable_adminport)
                    262: 
                    263: # Option RC5
                    264: AC_MSG_CHECKING(if --enable-rc5 option is specified)
                    265: AC_ARG_ENABLE(rc5,
                    266:        [  --enable-rc5         enable RC5 encryption (patented)],
                    267:        [], [enable_rc5=no])
                    268: AC_MSG_RESULT($enable_rc5)
                    269: 
                    270: if test $enable_rc5 = "yes"; then
                    271:        AC_CHECK_HEADERS([openssl/rc5.h])
                    272:        AC_CHECK_LIB([crypto_rc5], [RC5_32_encrypt],
                    273:            [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_rc5"])
                    274: fi
                    275: 
                    276: # Option IDEA
                    277: AC_MSG_CHECKING(if --enable-idea option is specified)
                    278: AC_ARG_ENABLE(idea,
                    279:        [  --enable-idea        enable IDEA encryption (patented)],
                    280:        [], [enable_idea=no])
                    281: AC_MSG_RESULT($enable_idea)
                    282: 
                    283: if test $enable_idea = "yes"; then
                    284:        AC_CHECK_HEADERS([openssl/idea.h])
                    285:        AC_CHECK_LIB([crypto_idea], [idea_encrypt], 
                    286:            [EXTRA_CRYPTO="$EXTRA_CRYPTO -lcrypto_idea"])
                    287: fi
                    288: AC_SUBST(EXTRA_CRYPTO)
                    289: 
                    290: # For dynamic libradius
                    291: RACOON_PATH_LIBS([MD5_Init], [crypto])
                    292: 
                    293: # Check if we need -lutil for login(3)
                    294: RACOON_PATH_LIBS([login], [util])
                    295: 
                    296: # Specify libiconv prefix
                    297: AC_MSG_CHECKING(if --with-libiconv option is specified)
                    298: AC_ARG_WITH(libiconv, 
                    299:     [  --with-libiconv=DIR    specify libiconv path (like/usr/pkg)],
                    300:     [libiconv_dir=$withval], 
                    301:     [libiconv_dir=no])
                    302: AC_MSG_RESULT($libiconv_dir)
                    303: if test "$libiconv_dir" != "no"; then
                    304:        if test "$libiconv_dir" = "yes" ; then
                    305:                  libiconv_dir="";
                    306:        fi;
                    307:        if test "x$libiconv_dir" = "x"; then
                    308:                RACOON_PATH_LIBS([iconv_open], [iconv])
                    309:        else
                    310:                if test -d "$libiconv_dir/lib" -a \
                    311:                    -d "$libiconv_dir/include" ; then
                    312:                        RACOON_PATH_LIBS([iconv_open], [iconv], ["$libiconv_dir/lib"])
                    313:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libiconv_dir/include"
                    314:                else
                    315:                        AC_MSG_ERROR([ICONV libs or includes not found. Aborting.])
                    316:                fi
                    317:        fi
                    318:        LIBS="$LIBS -L$libiconv_dir/lib -R$libiconv_dir/lib -liconv"
                    319:        AC_CHECK_FUNCS(iconv_open)
                    320: fi
                    321: 
                    322: AC_MSG_CHECKING([if --enable-hybrid option is specified])
                    323: AC_ARG_ENABLE(hybrid, 
                    324:     [  --enable-hybrid   enable hybrid, both mode-cfg and xauth support],
                    325:     [], [enable_hybrid=no])
                    326: AC_MSG_RESULT($enable_hybrid)
                    327: 
                    328: if test "x$enable_hybrid" = "xyes"; then
                    329:        case $host in
                    330:                *darwin*)
                    331:                ;;
                    332:        *)
                    333:                LIBS="$LIBS -lcrypt";
                    334:                ;;
                    335:        esac
                    336:        HYBRID_OBJS="isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o"
                    337:        AC_SUBST(HYBRID_OBJS)
                    338:        AC_DEFINE([ENABLE_HYBRID], [], [Hybrid authentication support])
                    339: fi
                    340: 
                    341: AC_MSG_CHECKING([if --enable-frag option is specified])
                    342: AC_ARG_ENABLE(frag, 
                    343:     [  --enable-frag           enable IKE fragmentation payload support],
                    344:     [], [enable_frag=no])
                    345: AC_MSG_RESULT($enable_frag)
                    346: 
                    347: if test "x$enable_frag" = "xyes"; then
                    348:        case $host in
                    349:        *darwin*)
                    350:                ;;
                    351:        *)
                    352:                LIBS="$LIBS -lcrypt"; 
                    353:                ;;
                    354:        esac
                    355:        FRAG_OBJS="isakmp_frag.o"
                    356:        AC_SUBST(FRAG_OBJS)
                    357:        AC_DEFINE([ENABLE_FRAG], [], [IKE fragmentation support])
                    358: fi
                    359: 
                    360: AC_MSG_CHECKING(if --with-libradius option is specified)
                    361: AC_ARG_WITH(libradius, 
                    362:     [  --with-libradius=DIR    specify libradius path (like/usr/pkg)],
                    363:     [libradius_dir=$withval], 
                    364:     [libradius_dir=no])
                    365: AC_MSG_RESULT($libradius_dir)
                    366: if test "$libradius_dir" != "no"; then
                    367:        if test "$libradius_dir" = "yes" ; then
                    368:                  libradius_dir="";
                    369:        fi;
                    370:        if test "x$libradius_dir" = "x"; then
                    371:                RACOON_PATH_LIBS([rad_create_request], [radius])
                    372:        else
                    373:                if test -d "$libradius_dir/lib" -a \
                    374:                    -d "$libradius_dir/include" ; then
                    375:                        RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"])
                    376:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include"
                    377:                else
                    378:                        AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.])
                    379:                fi
                    380:        fi
                    381:        AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS])
                    382:        LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius"
                    383:        AC_CHECK_FUNCS(rad_create_request)
                    384: fi
                    385: 
                    386: AC_MSG_CHECKING(if --with-libpam option is specified)
                    387: AC_ARG_WITH(libpam, 
                    388:     [  --with-libpam=DIR    specify libpam path (like/usr/pkg)],
                    389:     [libpam_dir=$withval], 
                    390:     [libpam_dir=no])
                    391: AC_MSG_RESULT($libpam_dir)
                    392: if test "$libpam_dir" != "no"; then
                    393:        if test "$libpam_dir" = "yes" ; then
                    394:                  libpam_dir="";
                    395:        fi;
                    396:        if test "x$libpam_dir" = "x"; then
                    397:                RACOON_PATH_LIBS([pam_start], [pam])
                    398:        else
                    399:                if test -d "$libpam_dir/lib" -a \
                    400:                    -d "$libpam_dir/include" ; then
                    401:                        RACOON_PATH_LIBS([pam_start], [pam], ["$libpam_dir/lib"])
                    402:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libpam_dir/include"
                    403:                else
                    404:                        AC_MSG_ERROR([PAM libs or includes not found. Aborting.])
                    405:                fi
                    406:        fi
                    407:        AC_DEFINE([HAVE_LIBPAM], [], [Hybrid authentication uses PAM])
                    408:        LIBS="$LIBS -L$libpam_dir/lib -R$libpam_dir/lib -lpam"
                    409:        AC_CHECK_FUNCS(pam_start)
                    410: fi
                    411: 
                    412: AC_MSG_CHECKING(if --with-libldap option is specified)
                    413: AC_ARG_WITH(libldap, 
                    414:     [  --with-libldap=DIR    specify libldap path (like/usr/pkg)],
                    415:     [libldap_dir=$withval], 
                    416:     [libldap_dir=no])
                    417: AC_MSG_RESULT($libldap_dir)
                    418: if test "$libldap_dir" != "no"; then
                    419:        if test "$libldap_dir" = "yes" ; then
                    420:                  libldap_dir="";
                    421:        fi;
                    422:        if test "x$libldap_dir" = "x"; then
                    423:                RACOON_PATH_LIBS([ldap_init], [ldap])
                    424:        else
                    425:                if test -d "$libldap_dir/lib" -a \
                    426:                    -d "$libldap_dir/include" ; then
                    427:                        RACOON_PATH_LIBS([ldap_init], [ldap], ["$libldap_dir/lib"])
                    428:                        CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libldap_dir/include"
                    429:                else
                    430:                        AC_MSG_ERROR([LDAP libs or includes not found. Aborting.])
                    431:                fi
                    432:        fi
                    433:        AC_DEFINE([HAVE_LIBLDAP], [], [Hybrid authentication uses LDAP])
                    434:        LIBS="$LIBS -L$libldap_dir/lib -R$libldap_dir/lib -lldap"
                    435: 
                    436:        saved_CFLAGS=$CFLAGS
                    437:        CFLAGS="$CFLAGS -Wall -Werror"
                    438:        saved_CPPFLAGS=$CPPFLAGS
                    439:         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
                    440:        AC_TRY_COMPILE(
                    441:                [#include <ldap.h>],
                    442:                [
                    443:                        #if LDAP_API_VERSION < 2004
                    444:                        #error OpenLDAP version is too old ...
                    445:                        #endif
                    446:                ],
                    447:                [AC_MSG_RESULT([ok])],
                    448:                [
                    449:                        AC_MSG_RESULT(too old)
                    450:                        AC_MSG_ERROR([OpenLDAP version must be 2.0 or higher. Aborting.])
                    451:                ])
                    452:        CFLAGS=$saved_CFLAGS
                    453:        CPPFLAGS=$saved_CPPFLAGS
                    454: fi
                    455: 
                    456: # Check for Kerberos5 support
                    457: # XXX This must come after all --with-* tests, else the
                    458: # -liconv checks will not work
                    459: AC_MSG_CHECKING(if --enable-gssapi option is specified)
                    460: AC_ARG_ENABLE(gssapi,
                    461:        [  --enable-gssapi         enable GSS-API authentication],
                    462:        [], [enable_gssapi=no])
                    463: AC_MSG_RESULT($enable_gssapi)
                    464: AC_PATH_PROG(KRB5_CONFIG,krb5-config,no)
                    465: if test "x$enable_gssapi" = "xyes"; then
                    466:        if test "$KRB5_CONFIG" != "no"; then
                    467:                krb5_incdir="`$KRB5_CONFIG --cflags gssapi`"
                    468:                krb5_libs="`$KRB5_CONFIG --libs gssapi`"
                    469:        else
                    470:                # No krb5-config; let's make some assumptions based on
                    471:                # the OS.
                    472:                case $host_os in
                    473:                netbsd*)
                    474:                        krb5_incdir="-I/usr/include/krb5"
                    475:                        krb5_libs="-lgssapi -lkrb5 -lcom_err -lroken -lasn1"
                    476:                        ;;
                    477:                *)
                    478:                        AC_MSG_ERROR([krb5-config not found, but needed for GSSAPI support. Aborting.])
                    479:                        ;;
                    480:                esac
                    481:        fi
                    482:        LIBS="$LIBS $krb5_libs"
                    483:        CPPFLAGS_ADD="$krb5_incdir $CPPFLAGS_ADD"
                    484:        AC_DEFINE([HAVE_GSSAPI], [], [Enable GSS API])
                    485: 
                    486:        # Check if iconv 2nd argument needs const 
                    487:        saved_CFLAGS=$CFLAGS
                    488:        CFLAGS="$CFLAGS -Wall -Werror"
                    489:        saved_CPPFLAGS=$CPPFLAGS
                    490:         CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
                    491:        AC_CHECK_HEADER([iconv.h], [], [AC_MSG_ERROR([iconv.h not found, but needed for GSSAPI support. Aborting.])])
                    492:        AC_MSG_CHECKING([if iconv second argument needs const])
                    493:        AC_TRY_COMPILE([
                    494:                #include <iconv.h>
                    495:                #include <stdio.h>
                    496:        ], [
                    497:                iconv_t cd = NULL;
                    498:                const char **src = NULL;
                    499:                size_t *srcleft = NULL;
                    500:                char **dst = NULL;
                    501:                size_t *dstleft = NULL;
                    502: 
                    503:                (void)iconv(cd, src, srcleft, dst, dstleft);
                    504:        ], [AC_MSG_RESULT(yes)
                    505:            AC_DEFINE([HAVE_ICONV_2ND_CONST], [], [Have iconv using const])
                    506:        ], [AC_MSG_RESULT(no)])
                    507:        CFLAGS=$saved_CFLAGS
                    508:        CPPFLAGS=$saved_CPPFLAGS
                    509: 
                    510:        # libiconv is often integrated into libc. If a with-* option
                    511:        # caused a non libc-based iconv.h to be catched instead of
                    512:        # the libc-based iconv.h, then we need to link with -liconv
                    513:        AC_MSG_CHECKING(if -liconv is required)
                    514:        saved_CPPFLAGS=$CPPFLAGS
                    515:        saved_LIBS=$LIBS
                    516:        CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
                    517:        AC_TRY_LINK([
                    518:                #include <iconv.h>
                    519:        ], [
                    520:                (void)iconv_open("ascii", "ascii");
                    521:        ],
                    522:                [AC_MSG_RESULT(no)],
                    523:                [
                    524:                        LIBS="$LIBS -liconv"
                    525:                        AC_TRY_LINK([
                    526:                                #include <iconv.h>
                    527:                ], [
                    528:                                (void)iconv_open("ascii", "ascii");
                    529:                        ],
                    530:                        [
                    531:                                AC_MSG_RESULT(yes)
                    532:                                saved_LIBS=$LIBS
                    533:                        ], [
                    534:                                AC_MSG_ERROR([cannot use iconv])
                    535:                        ])
                    536:                ])
                    537:        CPPFLAGS=$saved_CPPFLAGS
                    538:        LIBS=$saved_LIBS
                    539: fi
                    540: 
                    541: AC_MSG_CHECKING(if --enable-stats option is specified)
                    542: AC_ARG_ENABLE(stats,
                    543:         [  --enable-stats          enable statistics logging function],
                    544:         [], [enable_stats=no])
                    545: if test "x$enable_stats" = "xyes"; then
                    546:        AC_DEFINE([ENABLE_STATS], [], [Enable statictics])
                    547: fi
                    548: AC_MSG_RESULT($enable_stats)
                    549: 
                    550: AC_MSG_CHECKING(if --enable-dpd option is specified)
                    551: AC_ARG_ENABLE(dpd,
                    552:         [  --enable-dpd            enable dead peer detection],
                    553:         [], [enable_dpd=no])
                    554: if test "x$enable_dpd" = "xyes"; then
                    555:        AC_DEFINE([ENABLE_DPD], [], [Enable dead peer detection])
                    556: fi
                    557: AC_MSG_RESULT($enable_dpd)
                    558: 
                    559: AC_MSG_CHECKING(if --enable-samode-unspec option is specified)
                    560: AC_ARG_ENABLE(samode-unspec,
                    561:         [  --enable-samode-unspec  enable to use unspecified a mode of SA],
                    562:         [], [enable_samode_unspec=no])
                    563: if test "x$enable_samode_unspec" = "xyes"; then
                    564:        case $host_os in
                    565:        *linux*)
                    566:                cat << EOC
                    567:                
                    568: ERROR: --enable-samode-unspec is not supported under linux 
                    569: because linux kernel do not support it. This option is disabled 
                    570: to prevent mysterious problems.
                    571: 
                    572: If you REALLY know what your are doing, remove this check.
                    573: EOC
                    574:                exit 1;
                    575:                ;;
                    576:        esac
                    577:        AC_DEFINE([ENABLE_SAMODE_UNSPECIFIED], [], [Enable samode-unspec])
                    578: fi
                    579: AC_MSG_RESULT($enable_samode_unspec)
                    580: 
                    581: # Checks if IPv6 is requested
                    582: AC_MSG_CHECKING([whether to enable ipv6])
                    583: AC_ARG_ENABLE(ipv6,
                    584: [  --disable-ipv6          disable ipv6 support],
                    585: [ case "$enableval" in
                    586:   no)
                    587:        AC_MSG_RESULT(no)
                    588:        ipv6=no
                    589:        ;;
                    590:   *)   AC_MSG_RESULT(yes)
                    591:        ipv6=yes
                    592:        ;;
                    593:   esac ],
                    594: 
                    595:   AC_TRY_RUN([ /* AF_INET6 avalable check */
                    596: #include <sys/types.h>
                    597: #include <sys/socket.h>
                    598: main()
                    599: {
                    600:   exit(0);
                    601:  if (socket(AF_INET6, SOCK_STREAM, 0) < 0)
                    602:    exit(1);
                    603:  else
                    604:    exit(0);
                    605: }
                    606: ],
                    607:   AC_MSG_RESULT(yes)
                    608:   AC_DEFINE([INET6], [], [Support IPv6])
                    609:   ipv6=yes,
                    610:   AC_MSG_RESULT(no)
                    611:   ipv6=no,
                    612:   AC_MSG_RESULT(no)
                    613:   ipv6=no
                    614: ))
                    615: 
                    616: if test "$ipv6" = "yes"; then
                    617:        AC_DEFINE([INET6], [], [Support IPv6])
                    618:        AC_MSG_CHECKING(for advanced API support)
                    619:        AC_TRY_COMPILE([#ifndef INET6
                    620: #define INET6
                    621: #endif
                    622: #include <sys/types.h>
                    623: #include <netinet/in.h>],
                    624:                [struct in6_pktinfo a;],
                    625:                [AC_MSG_RESULT(yes)
                    626:                 AC_DEFINE([INET6_ADVAPI], [], [Use advanced IPv6 API])],
                    627:                [AC_MSG_RESULT(no)])
                    628: fi
                    629: 
                    630: RACOON_CHECK_BUGGY_GETADDRINFO
                    631: if test "$buggygetaddrinfo" = "yes"; then
                    632:        AC_MSG_ERROR([Broken getaddrinfo() is no longer supported. Aborting.])
                    633: fi
                    634: 
                    635: # Check if kernel support is available for NAT-T, defaults to no. 
                    636: kernel_natt="no"
                    637: 
                    638: AC_MSG_CHECKING(kernel NAT-Traversal support)
                    639: case $host_os in
                    640: linux*)
                    641: # Linux kernel NAT-T check
                    642: AC_EGREP_CPP(yes, 
                    643: [#include <linux/pfkeyv2.h>
                    644: #ifdef SADB_X_EXT_NAT_T_TYPE
                    645: yes
                    646: #endif
                    647: ], [kernel_natt="yes"])
                    648:        ;;
                    649: freebsd*|netbsd*)
                    650: # NetBSD case
                    651: # Same check for FreeBSD
                    652: AC_CHECK_MEMBER(struct sadb_x_nat_t_type.sadb_x_nat_t_type_len,
                    653:        [kernel_natt="yes"],, [
                    654: #define _KERNEL
                    655: #include <sys/types.h>
                    656: #include <net/pfkeyv2.h>
                    657: ])
                    658:        ;;
                    659: esac
                    660: AC_MSG_RESULT($kernel_natt)
                    661: 
                    662: AC_MSG_CHECKING(whether to support NAT-T)
                    663: AC_ARG_ENABLE(natt,
                    664:        [  --enable-natt           enable NAT-Traversal (yes/no/kernel)],
                    665:         [ if test "$enable_natt" = "kernel"; then enable_natt=$kernel_natt; fi ],
                    666:        [ enable_natt=no ])
                    667: AC_MSG_RESULT($enable_natt)
                    668: 
                    669: if test "$enable_natt" = "yes"; then
                    670:        if test "$kernel_natt" = "no" ; then 
                    671:                AC_MSG_ERROR([NAT-T requested, but no kernel support! Aborting.])
                    672:        else
                    673:                AC_DEFINE([ENABLE_NATT], [], [Enable NAT-Traversal])
                    674:                NATT_OBJS="nattraversal.o"
                    675:                AC_SUBST(NATT_OBJS)
                    676:        fi
                    677: fi
                    678: 
                    679: # Set up defines for supported NAT-T versions.
                    680: natt_versions_default="00,02,rfc"
                    681: AC_MSG_CHECKING(which NAT-T versions to support)
                    682: AC_ARG_ENABLE(natt_versions,
                    683:        [  --enable-natt-versions=list    list of supported NAT-T versions delimited by coma.],
                    684:        [ test "$enable_natt_versions" = "yes" && enable_natt_versions=$natt_versions_default ],
                    685:        [ enable_natt_versions=$natt_versions_default ])
                    686: if test "$enable_natt" = "yes"; then
                    687:        AC_MSG_RESULT($enable_natt_versions)
                    688:        for i in `echo $enable_natt_versions | tr ',cfr' ' CFR'`; do
                    689:                case $i in 
                    690:                        0|00) AC_DEFINE([ENABLE_NATT_00], [], [Enable NAT-Traversal draft 00]) ;;
                    691:                        1|01) AC_DEFINE([ENABLE_NATT_01], [], [Enable NAT-Traversal draft 01]) ;;
                    692:                        2|02) AC_DEFINE([ENABLE_NATT_02], [], [Enable NAT-Traversal draft 02]) ;;
                    693:                        3|03) AC_DEFINE([ENABLE_NATT_03], [], [Enable NAT-Traversal draft 03]) ;;
                    694:                        4|04) AC_DEFINE([ENABLE_NATT_04], [], [Enable NAT-Traversal draft 04]) ;;
                    695:                        5|05) AC_DEFINE([ENABLE_NATT_05], [], [Enable NAT-Traversal draft 05]) ;;
                    696:                        6|06) AC_DEFINE([ENABLE_NATT_06], [], [Enable NAT-Traversal draft 06]) ;;
                    697:                        7|07) AC_DEFINE([ENABLE_NATT_07], [], [Enable NAT-Traversal draft 07]) ;;
                    698:                        8|08) AC_DEFINE([ENABLE_NATT_08], [], [Enable NAT-Traversal draft 08]) ;;
                    699:                        RFC)  AC_DEFINE([ENABLE_NATT_RFC], [], [Enable NAT-Traversal RFC version]) ;;
                    700:                        *) AC_MSG_ERROR([Unknown NAT-T version. Aborting.]) ;;
                    701:                esac
                    702:        done
                    703:        unset i
                    704: else
                    705:        AC_MSG_RESULT([none])
                    706: fi
                    707: 
                    708: AC_MSG_CHECKING(if --enable-broken-natt option is specified)
                    709: AC_ARG_ENABLE(broken-natt,
                    710:        [  --enable-broken-natt    broken in-kernel NAT-T],
                    711:         [], [enable_broken_natt=no])
                    712: if test "x$enable_broken_natt" = "xyes"; then
                    713:        AC_DEFINE([BROKEN_NATT], [], [in-kernel NAT-T is broken])
                    714: fi
                    715: AC_MSG_RESULT($enable_broken_natt)
                    716: 
                    717: AC_MSG_CHECKING(whether we support FWD policy)
                    718: case $host in
                    719:        *linux*)
                    720:                AC_TRY_COMPILE([
                    721:                #include <inttypes.h>
                    722:                #include <linux/ipsec.h>
                    723:                        ], [
                    724:                        int fwd = IPSEC_DIR_FWD;
                    725:                        ],
                    726:                        [AC_MSG_RESULT(yes)
                    727:                         AC_DEFINE([HAVE_POLICY_FWD], [], [Have forward policy])],
                    728:                        [AC_MSG_RESULT(no)])
                    729:                ;;
                    730:        *)
                    731:                AC_MSG_RESULT(no)
                    732:                ;;
                    733: esac
                    734: 
                    735: AC_CHECK_TYPE([ipsec_policy_t], 
                    736:              [AC_DEFINE([HAVE_IPSEC_POLICY_T], [], [Have ipsec_policy_t])],
                    737:              [],
                    738:              [
                    739:                #include <sys/types.h>
                    740:                #include <netinet6/ipsec.h>
                    741:              ])
                    742: 
                    743: # Check if kernel support is available for Security Context, defaults to no.
                    744: kernel_secctx="no"
                    745: 
                    746: AC_MSG_CHECKING(kernel Security Context support)
                    747: case $host_os in
                    748: linux*)
                    749: # Linux kernel Security Context check
                    750: AC_EGREP_CPP(yes,
                    751: [#include <linux/pfkeyv2.h>
                    752: #ifdef SADB_X_EXT_SEC_CTX
                    753: yes
                    754: #endif
                    755: ], [kernel_secctx="yes"])
                    756:        ;;
                    757: esac
                    758: AC_MSG_RESULT($kernel_secctx)
                    759: 
                    760: AC_CHECK_HEADER(selinux/selinux.h,
                    761:        [AC_CHECK_LIB(selinux, avc_init, [selinux_support=yes], 
                    762:        [selinux_support=no])], [selinux_support=no])
                    763: 
                    764: AC_MSG_CHECKING(whether to support Security Context)
                    765: AC_ARG_ENABLE(security-context,
                    766:        [  --enable-security-context    enable Security Context(yes/no/kernel)],
                    767:        [if test "$enable_security_context" = "kernel"; then
                    768:                enable_security_context=$kernel_secctx; fi],
                    769:        [enable_security_context=$kernel_secctx])
                    770: AC_MSG_RESULT($enable_security_context)
                    771: 
                    772: if test "$enable_security_context" = "yes"; then
                    773:        if test "$kernel_secctx" = "no" ; then
                    774:                AC_MSG_ERROR([Security Context requested, but no kernel support! Aborting.])
                    775:        else
                    776:                if test "$selinux_support" = "no"; then
                    777:                        AC_MSG_ERROR([Security Context requested, but no selinux support! Aborting.])
                    778:                else
                    779:                        AC_DEFINE([HAVE_SECCTX], [], [Enable Security Context])
                    780:                        SECCTX_OBJS="security.o"
                    781:                        AC_SUBST(SECCTX_OBJS)
                    782:                        LIBS="$LIBS -lselinux"
                    783:                fi
                    784:        fi
                    785: fi
                    786: 
                    787: RACOON_PATH_LIBS([clock_gettime], [rt])
                    788: 
                    789: AC_MSG_CHECKING(for monotonic system clock)
                    790: AC_TRY_COMPILE(
                    791:        [#include <time.h>],
                    792:        [clock_gettime(CLOCK_MONOTONIC, NULL);],
                    793:        [AC_DEFINE([HAVE_CLOCK_MONOTONIC], [], [Have a monotonic clock])
                    794:         AC_MSG_RESULT(yes)],
                    795:        [AC_MSG_RESULT(no)])
                    796: 
                    797: CFLAGS="$CFLAGS $CFLAGS_ADD"
                    798: CPPFLAGS="$CPPFLAGS $CPPFLAGS_ADD"
                    799: 
                    800: case $host in
                    801:        *linux*)
                    802:                # Remove KERNEL_INCLUDE from CPPFLAGS. It will
                    803:                # be symlinked to src/include-glibc/linux in
                    804:                # compile time.
                    805:                CPPFLAGS=`echo $CPPFLAGS | sed "s,-I$KERNEL_INCLUDE,,"`
                    806:                ;;
                    807: esac
                    808: 
                    809: include_racoondir=${includedir}/racoon
                    810: AC_SUBST(include_racoondir)
                    811: 
                    812: AC_CONFIG_FILES([
                    813:   Makefile
                    814:   package_version.h
                    815:   src/Makefile
                    816:   src/include-glibc/Makefile
                    817:   src/libipsec/Makefile
                    818:   src/setkey/Makefile
                    819:   src/racoon/Makefile
                    820:   src/racoon/samples/psk.txt
                    821:   src/racoon/samples/racoon.conf
                    822:   rpm/Makefile
                    823:   rpm/suse/Makefile
                    824:   rpm/suse/ipsec-tools.spec
                    825:   ])
                    826: AC_OUTPUT

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>