AC_PREREQ([2.59])
export CFLAGS LIBS LDFLAGS CPPFLAGS
+
+m4_define(PACKAGE_MAIN, freeradius)
+
AC_INIT(src/main/radiusd.c)
AC_CONFIG_HEADER(src/include/autoconf.h)
-AC_REVISION($Revision$)dnl
dnl # The version of the software
-RADIUSD_MAJOR_VERSION=2
-RADIUSD_MINOR_VERSION=0.0-pre0
-RADIUSD_VERSION="${RADIUSD_MAJOR_VERSION}.${RADIUSD_MINOR_VERSION}"
-PACKAGE=freeradius
+
+RADIUSD_MAJOR_VERSION=`cat VERSION | sed 's/\..*//'`
+RADIUSD_MINOR_VERSION=`cat VERSION | sed 's/^[[^\.]]*\.//' | sed 's/\..*$//'`
+RADIUSD_INCRM_VERSION=`cat VERSION | sed 's/^.*\..*\.//' | sed 's/[[\.-]].*$//'`
+
+RADIUSD_VERSION=`echo | awk -v major="$RADIUSD_MAJOR_VERSION" \
+-v minor="$RADIUSD_MINOR_VERSION" \
+-v incrm="$RADIUSD_INCRM_VERSION" \
+'{ printf "%02i%02i%02i", major, minor, incrm }'`
+
+dnl # Still useful for custom builds
+RADIUSD_VERSION_STRING=`cat VERSION`
+PACKAGE=PACKAGE_MAIN
dnl #############################################################
dnl #
dnl #
dnl #############################################################
+dnl Get system information
+AC_CANONICAL_SYSTEM
+
dnl Check for GNU cc
AC_PROG_CC
AC_PROG_CXX
AC_PROG_CC_SUNPRO
AC_PROG_RANLIB
+dnl #
+dnl # Set Default CFLAGS
+dnl #
+if test "x$GCC" = "xyes"; then
+ CFLAGS="$CFLAGS -Wall -D_GNU_SOURCE"
+fi
+
dnl Compile in large (2G+) file support.
AC_SYS_LARGEFILE
from ftp://prep.ai.mit.edu/pub/gnu/make/ before continuing.)
fi
-dnl libltdl is installable
+dnl See if we have Git.
+AC_CHECK_PROG(GIT, git, yes, no)
+
+AC_ARG_WITH(system-libltdl,
+[ --with-system-libltdl Use the libltdl installed in your system (default=use our own)],
+[
+LIBLTDL="-lltdl"
+INCLTDL=-DWITH_SYSTEM_LTDL
+LTDL_SUBDIRS=
+],
+[
+dnl If libltdl isn't installable, set it to be installable.
+[test x"$enable_ltdl_install" = x && enable_ltdl_install=yes]
AC_LIBLTDL_INSTALLABLE
dnl tell Makefile to build ltdl if needed
if test x"$enable_ltdl_install" = x"yes"; then
LTDL_SUBDIRS=libltdl
fi
+])
AC_SUBST(LTDL_SUBDIRS)
+dnl set this shit so it doesn't force CFLAGS...
+LTCFLAGS=" "
+
dnl use system-wide libtool, if it exists
AC_ARG_WITH(system-libtool,
-[ --with-system-libtool try to use libtool installed in your system [default=use our own]],
-[ AC_PATH_PROG(LIBTOOL, libtool,,$PATH:/usr/local/bin) ],
+[ --with-system-libtool Use the libtool installed in your system (default=use our own)],
+[ AC_PATH_PROG(LIBTOOL, libtool,,$PATH:/usr/local/bin) AC_LIBTOOL_DLOPEN
+ AC_PROG_LIBTOOL],
[
LIBTOOL="`pwd`/libtool"
AC_SUBST(LIBTOOL)
[ --with-docdir=DIR Directory for documentation [DATADIR/doc/freeradius] ],
[ case "$withval" in
no)
- AC_MSG_ERROR(Need docdir)
+ docdir=no
;;
yes)
;;
)
AC_SUBST(docdir)
AC_MSG_RESULT($docdir)
+if test "x$docdir" = xno; then
+ AC_MSG_WARN(Documentation files will NOT be installed.)
+fi
dnl extra argument: --with-logdir
logdir='${localstatedir}/log/radius'
esac ]
)
-dnl extra argument: --with-snmp
-WITH_SNMP=yes
-AC_ARG_WITH(snmp,
-[ --with-snmp Compile in SNMP support. (default=yes)],
+dnl extra argument: --with-vmps
+WITH_VMPS=yes
+AC_ARG_WITH(vmps,
+[ --with-vmps Compile in VMPS support. (default=yes)],
+[ case "$withval" in
+ yes)
+ ;;
+ *)
+ WITH_VMPS=no
+ esac ]
+)
+if test "x$WITH_VMPS" = "xyes"; then
+ AC_DEFINE(WITH_VMPS, [1], [define if you want VMPS support])
+fi
+
+dnl extra argument: --with-dhcp
+WITH_DHCP=yes
+AC_ARG_WITH(dhcp,
+[ --with-dhcp Compile in DHCP support. (default=yes)],
+[ case "$withval" in
+ yes)
+ ;;
+ *)
+ WITH_DHCP=no
+ esac ]
+)
+if test "x$WITH_DHCP" = "xyes"; then
+ AC_DEFINE(WITH_DHCP, [1], [define if you want DHCP support])
+fi
+
+
+dnl extra argument: --with-post-proxy-authorize
+WITH_POST_PROXY_AUTHORIZE=
+AC_ARG_WITH(post-proxy-authorize,
+[ --with-post-proxy-authorize 1.x compatibility (default=no) ],
[ case "$withval" in
yes)
+ WITH_POST_PROXY_AUTHORIZE=""
;;
*)
- WITH_SNMP=no
+ ;;
esac ]
)
esac ]
)
-if test "x$developer" != "xno" -a -d $srcdir/CVS; then
- dnl turn on the developer flag when taken from a CVS checkout (not a release)
- developer="yes"
+if test -d $srcdir/.git; then
+ if test "x$developer" != "xno"; then
+ dnl turn on the developer flag when taken from a git checkout (not a release)
+ developer="yes"
+ fi
+
+ dnl append the current git hash onto the version string
+ if test "x$GIT" = "xyes"; then
+ RADIUSD_VERSION_COMMIT=`git log --pretty=format:'%h' -n 1`
+ fi
fi
dnl extra argument: --with-experimental-modules
esac ]
)
+dnl extra argument: --with-openssl
+WITH_OPENSSL=yes
+AC_ARG_WITH(openssl,
+[ --with-openssl Use OpenSSL. (default=yes)],
+[ case "$withval" in
+ no)
+ WITH_OPENSSL=no
+ ;;
+ *)
+ WITH_OPENSSL=yes
+ ;;
+ esac ]
+)
+
dnl #
dnl # extra argument: --with-openssl-includes=dir
dnl #
)
dnl #
+dnl # extra argument: --disable-openssl-version-check
+dnl #
+AC_ARG_ENABLE(openssl-version-check,
+[ --disable-openssl-version-check Disable vulnerable OpenSSL version check.]
+)
+if test "x$enable_openssl_version_check" != "xno"; then
+ AC_DEFINE(ENABLE_OPENSSL_VERSION_CHECK, [1],
+ [Define to 1 to have OpenSSL version check enabled])
+ openssl_version_check_config="\
+ #
+ # allow_vulnerable_openssl: Allow the server to start with
+ # versions of OpenSSL known to have critical vulnerabilities.
+ #
+ # This check is based on the version number reported by libssl
+ # and may not reflect patches applied to libssl by
+ # distribution maintainers.
+ #
+ allow_vulnerable_openssl = no"
+else
+ openssl_version_check_config=
+fi
+AC_SUBST([openssl_version_check_config])
+
+dnl #
dnl # These next two arguments don't actually do anything. They're
dnl # place holders so that the top-level configure script can tell
dnl # the user how to configure lower-level modules
dnl #
AC_CHECK_LIB(pthread, pthread_create,
[ CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS"
- LIBS="$LIBS -lpthread" ],
+ LIBS="-lpthread $LIBS" ],
AC_CHECK_LIB(c_r, pthread_create,
[ CFLAGS="$CFLAGS -pthread -D_THREAD_SAFE" ],
[ WITH_THREADS="no" ]
dnl Check for OpenSSL libraries.
OPENSSL_LIBS=
-old_LIBS=$LIBS
-if test "x$OPENSSL_LIB_DIR" != "x"; then
- LIBS="-L$OPENSSL_LIB_DIR $LIBS"
-fi
-AC_CHECK_LIB(crypto, DH_new,
+if test "x$WITH_OPENSSL" = xyes; then
+ old_LIBS=$LIBS
+ old_LDFLAGS="$LDFLAGS"
+ if test "x$OPENSSL_LIB_DIR" != "x"; then
+ LDFLAGS="-L$OPENSSL_LIB_DIR $LDFLAGS"
+ fi
+ AC_CHECK_LIB(crypto, DH_new,
[
+ LIBS="-lcrypto $LIBS"
AC_DEFINE(HAVE_LIBCRYPTO, 1,
[Define to 1 if you have the `crypto' library (-lcrypto).])
AC_CHECK_LIB(ssl, SSL_new,
OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto"
], [])
], [])
-LIBS=$old_LIBS
+ LIBS=$old_LIBS
+ LDFLAGS="$old_LDFLAGS"
+fi
+
+AC_CHECK_LIB(ws2_32, htonl)
dnl Check the pcap library for the RADIUS sniffer.
PCAP_LIBS=
],
[ AC_MSG_WARN([pcap library not found, silently disabling the RADIUS sniffer.]) ])
+AC_LIB_READLINE
+
dnl #############################################################
dnl #
dnl # 3. Checks for header files
;;
*-darwin*)
CFLAGS="$CFLAGS -DDARWIN"
+ LIBS="-framework DirectoryService $LIBS"
+ AC_DEFINE([__APPLE_USE_RFC_3542], 1, [Force OSX >= 10.7 Lion to use RFC2292 IPv6 socket options])
;;
esac
unistd.h \
crypt.h \
errno.h \
+ execinfo.h \
resource.h \
+ sys/resource.h \
getopt.h \
malloc.h \
utmp.h \
netinet/in.h \
sys/types.h \
sys/socket.h \
+ winsock.h \
sys/time.h \
sys/wait.h \
sys/security.h \
fcntl.h \
sys/fcntl.h \
- net/if.h \
+ sys/prctl.h \
+ sys/un.h \
+ glob.h \
prot.h \
+ pwd.h \
+ grp.h \
+ stddef.h \
+ fnmatch.h \
sia.h \
siad.h
)
+dnl FreeBSD requires sys/socket.h before net/if.h
+AC_CHECK_HEADERS(net/if.h, [], [],
+[#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+# endif
+])
+
REGEX=no
AC_CHECK_HEADER(regex.h, AC_DEFINE(HAVE_REGEX_H, [], [define this if we have the <regex.h> header file]))
if test "x$ac_cv_header_regex_h" = "xyes"; then
AC_DEFINE(OSFSIA, [], [define if you have OSFSIA authentication])
fi
-dnl Check for OpenSSL includes.
-OPENSSL_INCLUDE="-DNO_OPENSSL"
-if test "x$OPENSSL_LIBS" = "x"; then
- AC_MSG_NOTICE([skipping test for openssl/ssl.h])
-else
- old_CPPFLAGS=$CPPFLAGS
- if test "x$OPENSSL_INCLUDE_DIR" != "x"; then
- CPPFLAGS="$CPPFLAGS -I$OPENSSL_INCLUDE_DIR"
- fi
- dnl # stupid RedHat shit
- CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_KRB5"
- AC_CHECK_HEADERS( \
- openssl/ssl.h \
- openssl/crypto.h \
- openssl/err.h \
- openssl/engine.h,
- [],
- OPENSSL_LIBS=
- )
- if test "x$OPENSSL_LIBS" != "x"; then
- AC_MSG_CHECKING([for OpenSSL version >= 0.9.7])
- AC_EGREP_CPP(yes,
- [#include <openssl/crypto.h>
- #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
- yes
- #endif
- ], goodssl="yes")
- if test "x$goodssl" != "xyes"; then
- AC_MSG_RESULT(no)
- OPENSSL_LIBS=
- else
- AC_MSG_RESULT(yes)
- if test "x$OPENSSL_INCLUDE_DIR" != "x"; then
- OPENSSL_INCLUDE="-I$OPENSSL_INCLUDE_DIR -DOPENSSL_NO_KRB5"
- else
- OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5"
- fi
- fi
- fi
+dnl #
+dnl # Were we told to use OpenSSL, if we were and we find an error, call AC_MSG_FAILURE and exit
+dnl #
+if test "x$WITH_OPENSSL" = xyes; then
+ old_LIBS=$LIBS
+ old_LDFLAGS="$LDFLAGS"
+
+ OPENSSL_INCLUDE="-DNO_OPENSSL"
+ OPENSSL_LIBS=
+ if test "x$OPENSSL_LIB_DIR" != "x"; then
+ LDFLAGS="-L$OPENSSL_LIB_DIR $LDFLAGS"
+ fi
+
+ dnl #
+ dnl # Check we can link to libssl
+ dnl #
+ AC_CHECK_LIB(crypto, DH_new,
+ [
+ LIBS="-lcrypto $LIBS"
+ AC_DEFINE(HAVE_LIBCRYPTO, 1, [Define to 1 if you have the `crypto' library (-lcrypto).])
+ AC_CHECK_LIB(ssl, SSL_new,
+ [
+ AC_DEFINE(HAVE_LIBSSL, 1, [Define to 1 if you have the `ssl' library (-lssl).])
+ if test "x$OPENSSL_LIB_DIR" != "x"; then
+ OPENSSL_LIBS="-L$OPENSSL_LIB_DIR"
+ fi
+ OPENSSL_LIBS="$OPENSSL_LIBS -lcrypto -lssl -lcrypto"
+ LIBS="$OPENSSL_LIBS $LIBS"
+ ],
+ [
+ AC_MSG_FAILURE([failed linking to libssl])
+ ]
+ )
+ ],
+ []
+ )
+
+ dnl #
+ dnl # Check we can find required headers
+ dnl #
+ old_CPPFLAGS=$CPPFLAGS
+ old_CFLAGS=$CFLAGS
+ if test "x$OPENSSL_INCLUDE_DIR" != "x"; then
+ CPPFLAGS="-I$OPENSSL_INCLUDE_DIR $CPPFLAGS"
+ CFLAGS="-I$OPENSSL_INCLUDE_DIR $CFLAGS"
+ fi
+
+ dnl #
+ dnl # Stupid RedHat shit
+ dnl #
+ CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_KRB5"
+ AC_CHECK_HEADERS( \
+ openssl/ssl.h \
+ openssl/crypto.h \
+ openssl/err.h \
+ openssl/evp.h \
+ openssl/md5.h \
+ openssl/md4.h \
+ openssl/sha.h \
+ openssl/ocsp.h \
+ openssl/engine.h,
+ [],
+ [
+ AC_MSG_FAILURE([failed locating OpenSSL headers])
+ ]
+ )
+
+ AC_MSG_CHECKING([for OpenSSL version >= 0.9.7])
+ AC_EGREP_CPP(yes,
+ [#include <openssl/crypto.h>
+ #if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+ yes
+ #endif
+ ],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_FAILURE([OpenSSL version too old])
+ ]
+ )
+
+ if test "x$OPENSSL_INCLUDE_DIR" != "x"; then
+ OPENSSL_INCLUDE="-I$OPENSSL_INCLUDE_DIR -DOPENSSL_NO_KRB5"
+ else
+ OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5"
+ fi
+
+ dnl #
+ dnl # Now check that the header versions match the library
+ dnl #
+ AC_MSG_CHECKING([OpenSSL library and header version consistency])
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+ #include <stdio.h>
+ #include <openssl/opensslv.h>
+ #include <openssl/crypto.h>
+ ]],
+ [[
+ if (SSLeay() == OPENSSL_VERSION_NUMBER) {
+ return 0;
+ } else {
+ printf("library: %lx header: %lx... ", (unsigned long) SSLeay(), (unsigned long) OPENSSL_VERSION_NUMBER);
+ return 1;
+ }
+ ]]
+ )],
+ [
+ AC_MSG_RESULT(yes)
+ ],
+ [
+ AC_MSG_RESULT(no)
+ AC_MSG_FAILURE([OpenSSL library version does not match header version])
+ ]
+ )
+
+ if test "x$OPENSSL_LIBS" = x; then
+ LIBS=$old_LIBS
+ LDFLAGS="$old_LDFLAGS"
+ fi
+ if test "x$OPENSSL_INCLUDE" = x; then
CPPFLAGS=$old_CPPFLAGS
+ CFLAGS=$old_CFLAGS
+ fi
fi
+
AC_SUBST(OPENSSL_INCLUDE)
AC_SUBST(OPENSSL_LIBS)
export OPENSSL_LIBS
[ PCAP_LIBS=
AC_MSG_WARN([pcap.h not found, silently disabling the RADIUS sniffer.])
])
+
+ AC_CHECK_LIB(pcap, pcap_fopen_offline,
+ [ AC_DEFINE(HAVE_PCAP_FOPEN_OFFLINE, 1,
+ [Define to 1 if you have the function pcap_fopen_offline.])
+ ])
+ AC_CHECK_LIB(pcap, pcap_dump_fopen,
+ [ AC_DEFINE(HAVE_PCAP_DUMP_FOPEN, 1,
+ [Define to 1 if you have the function pcap_dump_fopen.])
+ ])
fi
AC_SUBST(PCAP_LIBS)
#endif
],uint32_t, unsigned int, [uint32_t should be the canonical 'network integer])
+AC_CHECK_TYPE(sig_t, AC_DEFINE(HAVE_SIG_T, 1, [signal action callback function]), [], [
+ #ifdef HAVE_SIGNAL_H
+ # include <signal.h>
+ #endif
+])
+
AC_CHECK_TYPE(struct in6_addr, AC_DEFINE(HAVE_STRUCT_IN6_ADDR, 1, [IPv6 address structure]), [], [
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
inet_aton \
inet_pton \
inet_ntop \
- gethostname \
setlinebuf \
setvbuf \
getusershell \
getaddrinfo \
getnameinfo \
closefrom \
+ gettimeofday \
+ getpeereid \
+ setuid \
+ setresuid \
+ getresuid \
strlcat \
strlcpy
)
strncasecmp \
strcasecmp \
inet_aton \
- gethostname \
setlinebuf \
getusershell \
endusershell
fi
AC_SUBST(LIBPREFIX)
-dnl #
-dnl # Set Default CFLAGS
-dnl #
-if test "x$GCC" = "xyes"; then
- CFLAGS="$CFLAGS -Wall -D_GNU_SOURCE"
-fi
-
AC_MSG_CHECKING(for developer gcc flags)
if test "x$developer" = "xyes" -a "x$GCC" = "xyes"; then
devflags="-g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef"
else
devflags=""
CFLAGS="$CFLAGS -DNDEBUG"
- INSTALLSTRIP="-s"
+ INSTALLSTRIP=""
AC_MSG_RESULT(no.)
fi
+FR_TLS
+
dnl #############################################################
dnl #
dnl # 7. Checks for library functions
dnl #
dnl #############################################################
+old_LIBS="$LIBS"
+LIBS="$LIBS $LIBLTDL"
+AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function]))
+LIBS="$old_LIBS"
+
dnl Check for libcrypt
dnl We use crypt(3) which may be in libc, or in libcrypt (eg FreeBSD)
AC_CHECK_LIB(crypt, crypt,
)
AC_SUBST(CRYPTLIB)
-if test "x$WITH_SNMP" = "xyes"; then
- SNMP_CHECKS
-fi
-
dnl Check the style of gethostbyaddr, in order of preference
dnl GNU (_r eight args)
AC_DEFINE(GNUSTYLE, [1], [GNU-Style get*byaddr_r])
AC_MSG_CHECKING([gethostbyaddr_r() syntax])
case "$host" in
*-freebsd*)
- AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE, [style of gethostbyaddr_r functions ])
- gethostbyaddrrstyle=BSD
- AC_MSG_WARN([FreeBSD overridden to BSD-style])
+dnl With FreeBSD, check if there's a prototype for gethostbyaddr_r.
+dnl Some versions (FreeBSD 5.1?) have a symbol but no prototype - so we
+dnl override this test to BSDSTYLE. FreeBSD 6.2 and up have proper GNU
+dnl style support.
+ AC_CHECK_DECLS([gethostbyaddr_r], [], [
+ AC_DEFINE(GETHOSTBYADDRRSTYLE, BSDSTYLE,
+ [style of gethostbyaddr_r functions ])
+ gethostbyaddrrstyle=BSD
+ AC_MSG_WARN([FreeBSD overridden to BSD-style])
+ ], [
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+])
;;
esac
if test "x$gethostbyaddrrstyle" = "x"; then
AC_SUBST(HOSTINFO, $host)
+if test "x$WITH_POST_PROXY_AUTHORIZE" != "x"; then
+ AC_DEFINE(WITH_POST_PROXY_AUTHORIZE, 1, [1.x compatibility])
+fi
+
dnl #############################################################
dnl #
dnl # 8. Checks for system services
AC_CONFIG_COMMANDS([stamp-h], [echo timestamp > src/include/stamp-h])
AC_CONFIG_COMMANDS([build-radpaths-h], [(cd ./src/include && /bin/sh ./build-radpaths-h)])
AC_CONFIG_COMMANDS([main-chmod], [(cd ./src/main && chmod +x checkrad.pl radlast radtest)])
-AC_CONFIG_COMMANDS([scripts-chmod], [(cd ./scripts && chmod +x rc.radiusd radwatch check-radiusd-config radiusd.cron.daily radiusd.cron.monthly cryptpasswd)])
+AC_CONFIG_COMMANDS([scripts-chmod], [(cd ./scripts && chmod +x rc.radiusd radwatch radiusd.cron.daily radiusd.cron.monthly cryptpasswd)])
dnl #
dnl # Substitute whatever libraries we found to be necessary
AC_SUBST(STATIC_MODULES)
AC_SUBST(RADIUSD_MAJOR_VERSION)
AC_SUBST(RADIUSD_MINOR_VERSION)
+AC_SUBST(RADIUSD_INCRM_VERSION)
AC_SUBST(RADIUSD_VERSION)
+AC_SUBST(RADIUSD_VERSION_STRING)
+AC_SUBST(RADIUSD_VERSION_COMMIT)
AC_OUTPUT(\
./Make.inc \
./src/main/radtest \
./scripts/rc.radiusd \
./scripts/radwatch \
- ./scripts/check-radiusd-config \
./scripts/radiusd.cron.daily \
./scripts/radiusd.cron.monthly \
./scripts/cryptpasswd \
./raddb/dictionary \
- ./raddb/radiusd.conf \
- ./raddb/radrelay.conf
+ ./raddb/radrelay.conf \
+ ./raddb/radiusd.conf
)