dnl # Custom hackery to discover version at configure time
dnl #
dnl #############################################################
+RADIUSD_MAJOR_VERSION=`cat VERSION | cut -f1 -d.`
+RADIUSD_MINOR_VERSION=`cat VERSION | cut -f2 -d.`
+RADIUSD_INCRM_VERSION=`cat VERSION | cut -f3 -d. | sed 's/[[\.-]].*$//'`
-RADIUSD_MAJOR_VERSION=`cat VERSION | sed 's/\..*//'`
-RADIUSD_MINOR_VERSION=`cat VERSION | sed 's/^[[^\.]]*\.//' | sed 's/\..*$//'`
-RADIUSD_INCRM_VERSION=`cat VERSION | sed 's/^.*\..*\.//' | sed 's/[[\.-]].*$//'`
-
-RADIUSD_VERSION=`echo | awk -v major="$RADIUSD_MAJOR_VERSION" \
--v minor="$RADIUSD_MINOR_VERSION" \
--v incrm="$RADIUSD_INCRM_VERSION" \
-'{ printf "%02i%02i%02i", major, minor, incrm }'`
+RADIUSD_VERSION=`printf "%02i%02i%02i" $RADIUSD_MAJOR_VERSION $RADIUSD_MINOR_VERSION $RADIUSD_INCRM_VERSION`
dnl #
dnl # Still useful for custom builds
dnl # AC_DEFINES WORDS_BIGENDIAN
dnl #
AC_C_BIGENDIAN(
- [AC_DEFINE(BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])],
- [AC_DEFINE(LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])]
+ [AC_DEFINE(FR_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])],
+ [AC_DEFINE(FR_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])]
)
dnl #
esac ]
)
+dnl #
+dnl # extra argument: --disable-openssl-version-check
+dnl #
+AC_ARG_ENABLE(openssl-version-check,
+[AS_HELP_STRING([--disable-openssl-version-check],
+ [disable vulnerable OpenSSL version check])]
+)
+if test "x$enable_openssl_version_check" != "xno"; then
+ AC_DEFINE(ENABLE_OPENSSL_VERSION_CHECK, [1],
+ [Define to 1 to have OpenSSL version check enabled])
+ openssl_version_check_config="\
+ #
+ # allow_vulnerable_openssl: Allow the server to start with
+ # versions of OpenSSL known to have critical vulnerabilities.
+ #
+ # This check is based on the version number reported by libssl
+ # and may not reflect patches applied to libssl by
+ # distribution maintainers.
+ #
+ allow_vulnerable_openssl = no"
+else
+ openssl_version_check_config=
+fi
+AC_SUBST([openssl_version_check_config])
+
+
dnl #############################################################
dnl #
dnl # 1. Checks for programs
dnl # On Some systems, we need extra pre-processor flags, to get them to
dnl # to do the threading properly.
dnl #
- AC_CHECK_LIB(pthread, pthread_create,
- [
- CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS"
- LIBS="-lpthread $LIBS"
- ],
- [
- dnl #
- dnl # -pthread is not a typo, it's a GCC option which sets additional flags required
- dnl # for multithreading with the pthreads library.
- dnl #
+ if test "x$WITH_THREADS" != "xno"; then
+ AC_CHECK_LIB(pthread, pthread_create,
+ [
+ HAVE_LPTHREAD='yes'
+ CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS"
+ LIBS="-lpthread $LIBS"
+
+ dnl #
+ dnl # -pthread should add all required CPP definitions and linker
+ dnl # arguments. But not all compilers support it, or some compilers
+ dnl # only support it on certain platforms.
+ dnl #
+ AX_CC_PTHREAD_FLAG
+ if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then
+ CFLAGS="$CFLAGS -pthread"
+ fi
+ ]
+ )
+
+ dnl #
+ dnl # Check for libc_r which used to be the threading library used
+ dnl # for FreeBSD. Internet says it may be deprecated, but if we
+ dnl # can't find lpthread it's probably worth checking.
+ dnl #
+ if test "x$HAVE_LPTHREAD" != "xyes"; then
AC_CHECK_LIB(c_r, pthread_create,
- [ CFLAGS="$CFLAGS -pthread -D_THREAD_SAFE" ],
[
- WITH_THREADS="no"
- fail=[-lpthread]
- ]
+ CFLAGS="$CFLAGS -D_THREAD_SAFE"
+
+ dnl #
+ dnl # -pthread should add all required CPP definitions and linker
+ dnl # arguments. But not all compilers support it, or some compilers
+ dnl # only support it on certain platforms.
+ dnl #
+ AX_CC_PTHREAD_FLAG
+ if test "x$ax_cv_cc_pthread_flag" != 'xyes'; then
+ LIBS="-lc_r $LIBS"
+ else
+ CFLAGS="$CFLAGS -pthread"
+ fi
+ ],
+ [ fail=[-lc_r or -lpthread] ]
)
- ]
- )
+ fi
+ fi
if test "x$WITH_THREADS" != "xyes"; then
AC_MSG_WARN([silently not building with thread support.])
fi
dnl #
-dnl # Check if we need -lsocket
+dnl # Check if we have -ldl
dnl #
AC_CHECK_LIB(dl, dlopen)
dnl Set by FR_SMART_CHECKLIB
LIBS="${old_LIBS}"
+dnl Check for cap
+dnl extra argument: --with-cap-lib-dir=DIR
+cap_lib_dir=
+AC_ARG_WITH(cap-lib-dir,
+ [AS_HELP_STRING([--with-cap-lib-dir=DIR],
+ [directory in which to look for cap library files])],
+ [case "$withval" in
+ no)
+ AC_MSG_ERROR([Need cap-lib-dir])
+ ;;
+ yes)
+ ;;
+ *)
+ cap_lib_dir="$withval"
+ ;;
+ esac])
+
+dnl extra argument: --with-cap-include-dir=DIR
+cap_include_dir=
+AC_ARG_WITH(cap-include-dir,
+ [AS_HELP_STRING([--with-cap-include-dir=DIR],
+ [directory in which to look for cap include files])],
+ [case "$withval" in
+ no)
+ AC_MSG_ERROR([Need cap-include-dir])
+ ;;
+ yes)
+ ;;
+ *)
+ cap_include_dir="$withval"
+ ;;
+ esac])
+
+smart_try_dir="$cap_lib_dir"
+FR_SMART_CHECK_LIB(cap, cap_get_proc)
+if test "x$ac_cv_lib_cap_cap_get_proc" != "xyes"; then
+ AC_MSG_WARN([cap library not found, debugger checks will not be enabled. Use --with-cap-lib-dir=<path>.])
+else
+ AC_DEFINE(HAVE_LIBCAP, 1,
+ [Define to 1 if you have the `cap' library (-lcap).]
+ )
+ HAVE_LIBCAP=1
+fi
+
VL_LIB_READLINE
dnl #############################################################
AC_HEADER_SYS_WAIT
AC_CHECK_HEADERS( \
- dlfcn.h \
- unistd.h \
+ arpa/inet.h \
crypt.h \
+ dlfcn.h \
errno.h \
- resource.h \
- sys/resource.h \
+ fcntl.h \
+ features.h \
+ fnmatch.h \
getopt.h \
+ glob.h \
+ grp.h \
+ inttypes.h \
+ limits.h \
malloc.h \
- utmp.h \
- utmpx.h \
+ netdb.h \
+ netinet/in.h \
+ prot.h \
+ pwd.h \
+ resource.h \
+ semaphore.h \
+ sia.h \
+ siad.h \
signal.h \
- sys/select.h \
- syslog.h \
- inttypes.h \
+ stdbool.h \
+ stddef.h \
stdint.h \
stdio.h \
- netdb.h \
- semaphore.h \
- arpa/inet.h \
- netinet/in.h \
- sys/types.h \
- sys/socket.h \
- winsock.h \
- utime.h \
- sys/time.h \
- sys/wait.h \
- sys/security.h \
- fcntl.h \
+ sys/event.h \
sys/fcntl.h \
sys/prctl.h \
sys/ptrace.h \
+ sys/resource.h \
+ sys/security.h \
+ sys/select.h \
+ sys/socket.h \
+ sys/time.h \
+ sys/types.h \
sys/un.h \
- glob.h \
- prot.h \
- pwd.h \
- grp.h \
- stddef.h \
- fnmatch.h \
- sia.h \
- siad.h \
- features.h \
- limits.h
+ sys/wait.h \
+ syslog.h \
+ unistd.h \
+ utime.h \
+ utmp.h \
+ utmpx.h \
+ winsock.h
)
dnl #
openssl/md5.h \
openssl/md4.h \
openssl/sha.h \
+ openssl/ssl.h \
openssl/ocsp.h \
openssl/engine.h,
- [],
+ [ OPENSSL_CPPFLAGS="$smart_include" ],
[
AC_MSG_FAILURE([failed locating OpenSSL headers. Use --with-openssl-include-dir=<path>, or --with-openssl=no (builds without OpenSSL)])
]
dnl # library location we discovered previously.
dnl #
old_CPPFLAGS="$CPPFLAGS"
- CPPFLAGS="$OPENSSL_LDFLAGS $CPPFLAGS"
+ CPPFLAGS="$OPENSSL_CPPFLAGS $CPPFLAGS"
dnl #
dnl # Now check that the header versions match the library
[
AC_MSG_RESULT(no)
AC_MSG_FAILURE([OpenSSL library version does not match header version])
+ ],
+ [
+ AC_MSG_RESULT([cross-compiling (assuming yes)])
]
)
CPPFLAGS="$old_CPPFLAGS"
LIBS="$OLD_LIBS"
AC_SUBST(OPENSSL_LIBS)
AC_SUBST(OPENSSL_LDFLAGS)
- export OPENSSL_LIBS OPENSSL_LDFLAGS
+ AC_SUBST(OPENSSL_CPPFLAGS)
+ export OPENSSL_LIBS OPENSSL_LDFLAGS OPENSSL_CPPFLAGS
+ AC_CHECK_FUNCS(SSL_get_client_random,SSL_get_server_random)
fi
dnl #
fi
fi
+dnl #
+dnl # Check the CAP includes for debugger checks
+dnl #
+if test "x$HAVE_LIBCAP" = x; then
+ AC_MSG_NOTICE([skipping test for cap.h.])
+else
+ dnl #
+ dnl # Check for CAP header files
+ dnl #
+ smart_try_dir="$cap_include_dir"
+ FR_SMART_CHECK_INCLUDE([sys/capability.h])
+ if test "x$ac_cv_header_sys_capability_h" == "xyes"; then
+ AC_DEFINE(HAVE_CAPABILITY_H, 1, [Define to 1 if you have the <sys/capability.h> header file.])
+ else
+ AC_MSG_WARN([cap headers not found, will not perform debugger checks. Use --with-cap-include-dir=<path>.])
+ fi
+fi
+
dnl #############################################################
dnl #
dnl # 4. Checks for typedefs
dnl #
dnl #############################################################
AC_CHECK_FUNCS( \
- getopt_long \
- fcntl \
- strsignal \
- sigaction \
- sigprocmask \
- pthread_sigmask \
- snprintf \
- vsnprintf \
- setsid \
- strncasecmp \
- strcasecmp \
- localtime_r \
+ bindat \
+ clock_gettime \
+ closefrom \
ctime_r \
+ dladdr \
+ fcntl \
+ fopencookie \
+ funopen \
+ getaddrinfo \
+ getnameinfo \
+ getopt_long \
+ getpeereid \
+ getresuid \
+ gettimeofday \
+ getusershell \
gmtime_r \
- strsep \
+ if_indextoname \
inet_aton \
- inet_pton \
inet_ntop \
+ inet_pton \
+ initgroups \
+ kqueue \
+ localtime_r \
mallopt \
+ mkdirat \
+ openat \
+ pthread_sigmask \
setlinebuf \
- setvbuf \
- getusershell \
- initgroups \
- getaddrinfo \
- getnameinfo \
- closefrom \
- gettimeofday \
- getpeereid \
- setuid \
setresuid \
- getresuid \
+ setsid \
+ setuid \
+ setvbuf \
+ sigaction \
+ sigprocmask \
+ snprintf \
+ strcasecmp \
strlcat \
- strlcpy
+ strlcpy \
+ strncasecmp \
+ strsep \
+ strsignal \
+ unlinkat \
+ vdprintf \
+ vsnprintf
)
AC_TYPE_SIGNAL
devflags="-Wdocumentation"
fi
- if test "x$GCC" = "xyes"; then
- devflags="$devflags -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1"
- INSTALLSTRIP=""
+ dnl #
+ dnl # If we have -Weverything, it really means *everything* unlike -Wall
+ dnl # It's so verbose we need to turn off warnings which aren't useful.
+ dnl #
+ AX_CC_WEVERYTHING_FLAG
+ if test "x$ax_cv_cc_weverything_flag" = "xyes"; then
+ devflags="$devflags -W -Weverything -Wformat=2 -Wno-missing-field-initializers -Wno-date-time -Wno-padded -Wno-gnu-zero-variadic-macro-arguments -Wno-shorten-64-to-32 -Wno-sign-conversion -Wno-conversion -Wno-switch-enum -Wno-gnu-statement-expression -Wno-extended-offsetof -Wno-cast-align -Wno-documentation-unknown-command -Wno-covered-switch-default -Wno-packed -DWITH_VERIFY_PTR=1"
+ else
+ if test "x$GCC" = "xyes"; then
+ devflags="$devflags -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_VERIFY_PTR=1"
+ INSTALLSTRIP=""
+ fi
fi
AC_MSG_NOTICE([Developer CFLAGS are "$devflags"])
FR_TLS
FR_HAVE_BUILTIN_CHOOSE_EXPR
FR_HAVE_BUILTIN_TYPES_COMPATIBLE_P
-FR_HAVE_BUILTIN_BSWAP_64
+FR_HAVE_BUILTIN_BSWAP64
+FR_HAVE_BOUNDED_ATTRIBUTE
dnl #############################################################
dnl #
fi
dnl #
-dnl # Check for regular expression support, if were using PCRE it MUST be included
-dnl # before all others, else we seem to still pickup the posix symbols for regcomp
-dnl # and regexec, which results in crashes as soon as we call any posix regex
-dnl # functions.
+dnl # Check for regular expression support.
dnl #
+dnl extra argument: --with-pcre
+PCRE=yes
+AC_ARG_WITH(pcre,
+[AS_HELP_STRING([--with-pcre],
+[use libpcre (if available). (default=yes)])],
+[ case "$withval" in
+ no)
+ PCRE=no
+ ;;
+ yes)
+ PCRE=yes
+ ;;
+ esac ]
+)
+
dnl extra argument: --with-pcre-lib-dir
pcre_lib_dir=
AC_ARG_WITH(pcre-lib-dir,
esac ]
)
-dnl extra argument: --with-pcre-include--dir
+dnl extra argument: --with-pcre-include-dir
pcre_include_dir=
AC_ARG_WITH(pcre-include-dir,
[AS_HELP_STRING([--with-pcre-include-dir=DIR],
esac ]
)
-REGEX=no
-REGEX_EXTENDED=no
-REGEX_PCRE=no
+dnl extra argument: --with-regex
+REGEX=
+AC_ARG_WITH(regex,
+[AS_HELP_STRING([--with-regex],
+[Whether to build with regular expressions (default=yes)])],
+[ case "$withval" in
+ no)
+ REGEX=no
+ ;;
+ *)
+ ;;
+ esac ]
+)
dnl #
dnl # First look for PCRE
dnl #
-smart_try_dir=$pcre_include_dir
-FR_SMART_CHECK_INCLUDE(pcreposix.h)
-if test "x$ac_cv_header_pcreposix_h" = "xyes"; then
- AC_DEFINE(HAVE_REGEX_H, [1], [define if we have any regex])
- AC_DEFINE(HAVE_PCREPOSIX_H, [1], [define this if we have the <pcreposix.h> header file])
- REGEX=yes
- REGEX_EXTENDED=yes
- REGEX_PCRE=yes
- LIBS="-lpcre -lpcreposix $LIBS"
+if test "x$REGEX" != "xno" && test "x$PCRE" != "xno"; then
+ smart_try_dir=$pcre_include_dir
+ FR_SMART_CHECK_INCLUDE(pcre.h)
+ if test "x$ac_cv_header_pcre_h" = "xyes"; then
+ smart_try_dir=$pcre_lib_dir
+ FR_SMART_CHECK_LIB(pcre, pcre_compile)
+ if test "x$ac_cv_lib_pcre_pcre_compile" = "xyes"; then
+ REGEX=yes
+ AC_DEFINE(HAVE_PCRE, [1], [define this if we have libpcre])
+ AC_DEFINE(HAVE_BINSAFE_REGEX, 1, [Define if we have a binary safe regular expression library])
+ fi
+ fi
+fi
dnl #
-dnl # Then fallback to POSIX regular expressions
+dnl # If no PCRE, fallback to POSIX regular expressions
dnl #
-else
+if test "x$REGEX" = "x"; then
smart_try_dir=
FR_SMART_CHECK_INCLUDE(regex.h)
if test "x$ac_cv_header_regex_h" = "xyes"; then
- AC_DEFINE(HAVE_REGEX_H, [1], [define if we have any regex])
REGEX=yes
+ AC_MSG_CHECKING([for extended regular expressions])
AC_EGREP_CPP(yes,
[
#include <regex.h>
#ifdef REG_EXTENDED
yes
#endif
- ],
- [AC_DEFINE(HAVE_REG_EXTENDED, [1], [define this if we have REG_EXTENDED (from <regex.h>)]) REGEX_EXTENDED=yes]
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ AC_DEFINE(HAVE_REG_EXTENDED, [1], [define this if we have REG_EXTENDED (from <regex.h>)])
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ]
)
-dnl #
-dnl # Fixme, this is needed for mingw builds, but not available on some Linux systems
-dnl # despite the presence of regex.h
-dnl #
-dnl # LIBS="$LIBS -lregex"
+
+ dnl #
+ dnl # Some platforms require the regex library to be linked explicitly
+ dnl #
+ AC_CHECK_LIB(regex, regcomp,
+ [
+ LIBS="-lregex $LIBS"
+ ]
+ )
+
+ dnl #
+ dnl # Check for some BSD extensions which allow normal regexes to be
+ dnl # binary safe.
+ dnl #
+ AC_CHECK_FUNCS(\
+ regncomp \
+ regnexec
+ )
+ if test x"$ac_cv_func_regncomp" = x"yes" && test x"$ac_cv_func_regnexec" = x"yes"; then
+ AC_DEFINE(HAVE_BINSAFE_REGEX, 1, [Define if we have a binary safe regular expression library])
+ fi
fi
fi
-AC_SUBST(REGEX)
-AC_SUBST(REGEX_PCRE)
-AC_SUBST(REGEX_EXTENDED)
+if test "x$REGEX" = "xyes"; then
+ AC_DEFINE(HAVE_REGEX, 1, [Define if we have any regular expression library])
+fi
dnl #
dnl # Check the style of gethostbyaddr, in order of preference
fi
dnl #
+dnl # Check for thread-safe getpwnam_r and getgrnam_r
+dnl #
+if test "x$ac_cv_header_pwd_h" = "xyes"; then
+ AC_MSG_CHECKING([getpwnam_r])
+ AC_TRY_LINK(
+ [
+ #include <stdlib.h>
+ #include <sys/types.h>
+ #include <pwd.h>
+ ],
+ [ getpwnam_r(NULL, NULL, NULL, 0, NULL) ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_GETPWNAM_R, 1,
+ [Define to 1 if you have the getpwnam_r.]
+ )
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ]
+ )
+fi
+
+if test "x$ac_cv_header_grp_h" = "xyes"; then
+ AC_MSG_CHECKING([getgrnam_r])
+ AC_TRY_LINK(
+ [
+ #include <stdlib.h>
+ #include <sys/types.h>
+ #include <grp.h>
+ ],
+ [ getgrnam_r(NULL, NULL, NULL, 0, NULL) ],
+ [
+ AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_GETGRNAM_R, 1,
+ [Define to 1 if you have the getgrnam_r.]
+ )
+ ],
+ [
+ AC_MSG_RESULT(no)
+ ]
+ )
+fi
+
+
+dnl #
dnl # Check for non-posix solaris ctime_r (extra buflen int arg)
dnl #
AC_DEFINE(POSIXSTYLE, [1], [Posix-Style ctime_r])