AC_INIT(openconnect, 8.02) AC_CONFIG_HEADERS([config.h]) PKG_PROG_PKG_CONFIG AC_LANG_C AC_CANONICAL_HOST AM_MAINTAINER_MODE([enable]) AM_INIT_AUTOMAKE([foreign tar-ustar]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) AC_PREREQ([2.62], [], [AC_SUBST([localedir], ['$(datadir)/locale'])]) # Upstream's pkg.m4 (since 0.27) offers this now, but define our own # compatible version in case the local version of pkgconfig isn't new enough. # https://bugs.freedesktop.org/show_bug.cgi?id=48743 m4_ifdef([PKG_INSTALLDIR], [PKG_INSTALLDIR], [AC_ARG_WITH([pkgconfigdir], [AS_HELP_STRING([--with-pkgconfigdir], [install directory for openconnect.pc pkg-config file])], [],[with_pkgconfigdir='$(libdir)/pkgconfig']) AC_SUBST([pkgconfigdir], [${with_pkgconfigdir}])]) use_openbsd_libtool= symver_time= symver_getline= symver_asprintf= symver_vasprintf= symver_win32_strerror= case $host_os in *linux* | *gnu* | *nacl*) AC_MSG_NOTICE([Applying feature macros for GNU build]) AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE]) ;; *netbsd*) AC_MSG_NOTICE([Applying feature macros for NetBSD build]) AC_DEFINE(_POSIX_C_SOURCE, 200112L, [_POSIX_C_SOURCE]) AC_DEFINE(_NETBSD_SOURCE, 1, [_NETBSD_SOURCE]) ;; *openbsd*) AC_MSG_NOTICE([Applying feature macros for OpenBSD build]) use_openbsd_libtool=true ;; *solaris*|*sunos*) AC_MSG_NOTICE([Applying workaround for broken SunOS time() function]) AC_DEFINE(HAVE_SUNOS_BROKEN_TIME, 1, [On SunOS time() can go backwards]) symver_time="openconnect__time;" ;; *mingw32*|*mingw64*|*msys*) AC_MSG_NOTICE([Applying feature macros for MinGW/Windows build]) # For GetVolumeInformationByHandleW() which is Vista+ AC_DEFINE(_WIN32_WINNT, 0x600, [Windows API version]) have_win=yes # For asprintf() AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE]) symver_win32_strerror="openconnect__win32_strerror;" # Win32 does have the SCard API system_pcsc_libs="-lwinscard" system_pcsc_cflags= AC_CHECK_TOOL([WINDRES], [windres], []) ;; *darwin*) system_pcsc_libs="-Wl,-framework -Wl,PCSC" system_pcsc_cflags= ;; *) # On FreeBSD the only way to get vsyslog() visible is to define # *nothing*, which makes absolutely everything visible. # On Darwin enabling _POSIX_C_SOURCE breaks because # u_long and other types don't get defined. OpenBSD is similar. ;; esac AM_CONDITIONAL(OPENCONNECT_WIN32, [ test "$have_win" = "yes" ]) AC_ARG_WITH([vpnc-script], [AS_HELP_STRING([--with-vpnc-script], [default location of vpnc-script helper])]) if test "$with_vpnc_script" = "yes" || test "$with_vpnc_script" = ""; then AC_MSG_CHECKING([for vpnc-script in standard locations]) if test "$have_win" = "yes"; then with_vpnc_script=vpnc-script-win.js else for with_vpnc_script in /usr/local/share/vpnc-scripts/vpnc-script /usr/local/sbin/vpnc-script /usr/share/vpnc-scripts/vpnc-script /usr/sbin/vpnc-script /etc/vpnc/vpnc-script; do if test -x "$with_vpnc_script"; then break fi done if ! test -x "$with_vpnc_script"; then AC_MSG_ERROR([${with_vpnc_script} does not seem to be executable.] [OpenConnect will not function correctly without a vpnc-script.] [See http://www.infradead.org/openconnect/vpnc-script.html for more details.] [] [If you are building a distribution package, please ensure that your] [packaging is correct, and that a vpnc-script will be installed when the] [user installs your package. You should provide a --with-vpnc-script=] [argument to this configure script, giving the full path where the script] [will be installed.] [] [The standard location is ${with_vpnc_script}. To bypass this error and] [build OpenConnect to use the script from this location, even though it is] [not present at the time you are building OpenConnect, pass the argument] ["--with-vpnc-script=${with_vpnc_script}"]) else AC_MSG_RESULT([${with_vpnc_script}]) fi fi elif test "$with_vpnc_script" = "no"; then AC_ERROR([You cannot disable vpnc-script.] [OpenConnect will not function correctly without it.] [See http://www.infradead.org/openconnect/vpnc-script.html]) elif test "$have_win" = "yes"; then # Oh Windows how we hate thee. If user specifies a vpnc-script and it contains # backslashes, double them all up to survive escaping. with_vpnc_script="$(echo "${with_vpnc_script}" | sed s/\\\\/\\\\\\\\/g)" fi AC_DEFINE_UNQUOTED(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}", [Default vpnc-script locatin]) AC_SUBST(DEFAULT_VPNCSCRIPT, "${with_vpnc_script}") AC_CHECK_FUNC(memset_s, [AC_DEFINE(HAVE_MEMSET_S, 1, [Have memset_s() function])], [AC_CHECK_FUNC(explicit_memset, [AC_DEFINE(HAVE_EXPLICIT_MEMSET, 1, [Have explicit_memset() function])], [AC_CHECK_FUNC(explicit_bzero, [AC_DEFINE(HAVE_EXPLICIT_BZERO, 1, [Have explicit_bzero() function])], []) ]) ]) AC_CHECK_FUNC(fdevname_r, [AC_DEFINE(HAVE_FDEVNAME_R, 1, [Have fdevname_r() function])], []) AC_CHECK_FUNC(statfs, [AC_DEFINE(HAVE_STATFS, 1, [Have statfs() function])], []) AC_CHECK_FUNC(getline, [AC_DEFINE(HAVE_GETLINE, 1, [Have getline() function])], [symver_getline="openconnect__getline;"]) AC_CHECK_FUNC(strcasestr, [AC_DEFINE(HAVE_STRCASESTR, 1, [Have strcasestr() function])], []) AC_CHECK_FUNC(strndup, [AC_DEFINE(HAVE_STRNDUP, 1, [Have strndup() function])], []) AC_CHECK_FUNC(asprintf, [AC_DEFINE(HAVE_ASPRINTF, 1, [Have asprintf() function])], [symver_asprintf="openconnect__asprintf;"]) AC_CHECK_FUNC(vasprintf, [AC_DEFINE(HAVE_VASPRINTF, 1, [Have vasprintf() function])], [symver_vasprintf="openconnect__vasprintf;"]) if test -n "$symver_vasprintf"; then AC_MSG_CHECKING([for va_copy]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include va_list a;],[ va_list b; va_copy(b,a); va_end(b);])], [AC_DEFINE(HAVE_VA_COPY, 1, [Have va_copy()]) AC_MSG_RESULT(va_copy)], [AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include va_list a;],[ va_list b; __va_copy(b,a); va_end(b);])], [AC_DEFINE(HAVE___VA_COPY, 1, [Have __va_copy()]) AC_MSG_RESULT(__va_copy)], [AC_MSG_RESULT(no) AC_MSG_ERROR([Your system lacks vasprintf() and va_copy()])]) ]) fi AC_SUBST(SYMVER_TIME, $symver_time) AC_SUBST(SYMVER_GETLINE, $symver_getline) AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf) AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf) AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror) AS_COMPILER_FLAGS(WFLAGS, "-Wall -Wextra -Wno-missing-field-initializers -Wno-sign-compare -Wno-unused-parameter -Werror=pointer-to-int-cast -Wdeclaration-after-statement -Werror-implicit-function-declaration -Wformat-nonliteral -Wformat-security -Winit-self -Wmissing-declarations -Wmissing-include-dirs -Wnested-externs -Wpointer-arith -Wwrite-strings") AC_SUBST(WFLAGS, [$WFLAGS]) if test "$have_win" = yes; then # Checking "properly" for __attribute__((dllimport,stdcall)) functions is non-trivial LIBS="$LIBS -lws2_32 -lshlwapi -lsecur32 -liphlpapi" else AC_CHECK_FUNC(socket, [], AC_CHECK_LIB(socket, socket, [], AC_ERROR(Cannot find socket() function))) fi have_inet_aton=yes AC_CHECK_FUNC(inet_aton, [], AC_CHECK_LIB(nsl, inet_aton, [], have_inet_aton=no)) if test "$have_inet_aton" = "yes"; then AC_DEFINE(HAVE_INET_ATON, 1, [Have inet_aton()]) fi AC_MSG_CHECKING([for IPV6_PATHMTU socket option]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ #include #include #include ],[ int foo = IPV6_PATHMTU; (void)foo;])], [AC_DEFINE(HAVE_IPV6_PATHMTU, 1, [Have IPV6_PATHMTU socket option]) AC_MSG_RESULT([yes])], [AC_MSG_RESULT([no])]) AC_CHECK_FUNC(__android_log_vprint, [], AC_CHECK_LIB(log, __android_log_vprint, [], [])) AC_ENABLE_SHARED AC_DISABLE_STATIC AC_CHECK_FUNC(nl_langinfo, [AC_DEFINE(HAVE_NL_LANGINFO, 1, [Have nl_langinfo() function])], []) if test "$ac_cv_func_nl_langinfo" = "yes"; then AM_ICONV if test "$am_cv_func_iconv" = "yes"; then AC_SUBST(ICONV_LIBS, [$LTLIBICONV]) AC_SUBST(ICONV_CFLAGS, [$INCICONV]) AC_DEFINE(HAVE_ICONV, 1, [Have iconv() function]) fi fi AM_CONDITIONAL(OPENCONNECT_ICONV, [test "$am_cv_func_iconv" = "yes"]) AC_ARG_ENABLE([nls], AS_HELP_STRING([--disable-nls], [Do not use Native Language Support]), [USE_NLS=$enableval], [USE_NLS=yes]) LIBINTL= if test "$USE_NLS" = "yes"; then AC_PATH_PROG(MSGFMT, msgfmt) if test "$MSGFMT" = ""; then AC_ERROR([msgfmt could not be found. Try configuring with --disable-nls]) fi fi LIBINTL= if test "$USE_NLS" = "yes"; then AC_MSG_CHECKING([for functional NLS support]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ setlocale(LC_ALL, ""); bindtextdomain("openconnect", "/tmp"); (void)dgettext("openconnect", "foo");])], [AC_MSG_RESULT(yes)], [AC_LIB_LINKFLAGS_BODY([intl]) oldLIBS="$LIBS" LIBS="$LIBS $LIBINTL" oldCFLAGS="$LIBS" CFLAGS="$CFLAGS $INCINTL" AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ setlocale(LC_ALL, ""); bindtextdomain("openconnect", "/tmp"); (void)dgettext("openconnect", "foo");])], [AC_MSG_RESULT(yes (with $INCINTL $LIBINTL))], [AC_MSG_RESULT(no) USE_NLS=no]) LIBS="$oldLIBS"]) fi if test "$USE_NLS" = "yes"; then AC_SUBST(INTL_LIBS, [$LTLIBINTL]) AC_SUBST(INTL_CFLAGS, [$INCINTL]) AC_DEFINE(ENABLE_NLS, 1, [Enable NLS support]) fi AM_CONDITIONAL(USE_NLS, [test "$USE_NLS" = "yes"]) AC_ARG_WITH([system-cafile], AS_HELP_STRING([--with-system-cafile], [Location of the default system CA certificate file for old (<3.0.20) GnuTLS versions])) # We will use GnuTLS by default if it's present. We used to suppport # using GnuTLS for the TLS connections and OpenSSL for DTLS, but none # of the reasons for that make sense any more. AC_ARG_WITH([gnutls], AS_HELP_STRING([--without-gnutls], [Do not attempt to use GnuTLS; use OpenSSL instead])) AC_ARG_WITH([openssl], AS_HELP_STRING([--with-openssl], [Location of OpenSSL build dir])) ssl_library= esp= dtls= if test "$with_openssl" != "" -a "$with_openssl" != "no"; then if test "$with_gnutls" = ""; then with_gnutls=no elif test "$with_gnutls" = "yes"; then AC_MSG_ERROR([You cannot choose both GnuTLS and OpenSSL.]) fi fi # First, check if GnuTLS exists and is usable if test "$with_gnutls" = "yes" || test "$with_gnutls" = ""; then PKG_CHECK_MODULES(GNUTLS, gnutls, [if ! $PKG_CONFIG --atleast-version=3.2.10 gnutls; then AC_MSG_WARN([Your GnuTLS is too old. At least v3.2.10 is required]) else ssl_library=GnuTLS fi], [:]) elif test "$with_gnutls" != "no"; then AC_ERROR([Values other than 'yes' or 'no' for --with-gnutls are not supported]) fi # Do we need to look for OpenSSL? if test "$ssl_library" = ""; then if test "$with_gnutls" = "yes" -o "$with_openssl" = "no"; then AC_MSG_ERROR([Suitable GnuTLS required but not found]) elif test "$with_openssl" = "yes" -o "$with_openssl" = ""; then PKG_CHECK_MODULES(OPENSSL, openssl, [AC_SUBST(SSL_PC, [openssl])], [oldLIBS="$LIBS" LIBS="$LIBS -lssl -lcrypto" AC_MSG_CHECKING([for OpenSSL without pkg-config]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ SSL_library_init(); ERR_clear_error(); SSL_load_error_strings(); OpenSSL_add_all_algorithms();])], [AC_MSG_RESULT(yes) AC_SUBST([OPENSSL_LIBS], ["-lssl -lcrypto"]) AC_SUBST([OPENSSL_CFLAGS], [])] AC_SUBST([openssl_pc_libs], [$OPENSSL_LIBS]), [AC_MSG_RESULT(no) AC_ERROR([Could not build against OpenSSL])]) LIBS="$oldLIBS"]) ssl_library=OpenSSL PKG_CHECK_MODULES(P11KIT, p11-kit-1, [PKG_CHECK_MODULES(LIBP11, libp11, [AC_DEFINE(HAVE_LIBP11, 1, [Have libp11 and p11-kit for OpenSSL]) AC_SUBST(P11KIT_PC, ["libp11 p11-kit-1"]) proxy_module="`$PKG_CONFIG --variable=proxy_module p11-kit-1`" pkcs11_support="libp11" AC_DEFINE_UNQUOTED([DEFAULT_PKCS11_MODULE], "${proxy_module}", [p11-kit proxy])], [:])], [:]) else OPENSSL_CFLAGS="-I${with_openssl}/include ${OPENSSL_CFLAGS}" if test -r "${with_openssl}/libssl.a" -a -r "${with_openssl}/libcrypto.a"; then OPENSSL_LIBS="${with_openssl}/libssl.a ${with_openssl}/libcrypto.a -ldl -lz -pthread" elif test -r "${with_openssl}/crypto/.libs/libcrypto.a" -a \ -r "${with_openssl}/ssl/.libs/libssl.a"; then OPENSSL_LIBS="${with_openssl}/ssl/.libs/libssl.a ${with_openssl}/crypto/.libs/libcrypto.a -ldl -lz -pthread" else AC_ERROR([Could not find OpenSSL libraries in ${with_openssl}]); fi AC_SUBST(OPENSSL_CFLAGS) AC_SUBST(OPENSSL_LIBS) enable_static=yes enable_shared=no ssl_library=OpenSSL fi fi AC_ARG_WITH([openssl-version-check], AS_HELP_STRING([--without-openssl-version-check], [Do not check for known-broken OpenSSL versions])) AC_ARG_WITH([default-gnutls-priority], AS_HELP_STRING([--with-default-gnutls-priority=STRING], [Provide a default string as GnuTLS priority string]), default_gnutls_priority=$withval) if test -n "$default_gnutls_priority"; then AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string]) fi tss2lib= case "$ssl_library" in OpenSSL) oldLIBS="${LIBS}" oldCFLAGS="${CFLAGS}" LIBS="${LIBS} ${OPENSSL_LIBS}" CFLAGS="${CFLAGS} ${OPENSSL_CFLAGS}" # Check for the various known-broken versions of OpenSSL, which includes LibreSSL. if test "$with_openssl_version_check" != "no"; then AC_MSG_CHECKING([for known-broken versions of OpenSSL]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ], [#if defined(LIBRESSL_VERSION_NUMBER) #error Bad OpenSSL #endif ])], [], [AC_MSG_RESULT(yes) AC_MSG_ERROR([LibreSSL does not support Cisco DTLS.] [Build with OpenSSL or GnuTLS instead.])]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ],[#if \ (OPENSSL_VERSION_NUMBER == 0x10002000L || \ (OPENSSL_VERSION_NUMBER >= 0x100000b0L && OPENSSL_VERSION_NUMBER <= 0x100000c0L) || \ (OPENSSL_VERSION_NUMBER >= 0x10001040L && OPENSSL_VERSION_NUMBER <= 0x10001060L)) #error Bad OpenSSL #endif ])], [], [AC_MSG_RESULT(yes) AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] [See http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest] [Add --without-openssl-version-check to configure args to avoid this check, or] [perhaps consider building with GnuTLS instead.])]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ],[#if \ (OPENSSL_VERSION_NUMBER == 0x1000200fL) #error Bad OpenSSL #endif ])], [], [AC_MSG_RESULT(yes) AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] [See http://rt.openssl.org/Ticket/Display.html?id=3703&user=guest&pass=guest] [and http://rt.openssl.org/Ticket/Display.html?id=3711&user=guest&pass=guest] [Add --without-openssl-version-check to configure args to avoid this check, or] [perhaps consider building with GnuTLS instead.])]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ],[#if \ ((OPENSSL_VERSION_NUMBER >= 0x10001110L && OPENSSL_VERSION_NUMBER <= 0x10001150L) || \ (OPENSSL_VERSION_NUMBER >= 0x10002050L && OPENSSL_VERSION_NUMBER <= 0x10002090L)) #error Bad OpenSSL #endif ])], [], [AC_MSG_RESULT(yes) AC_ERROR([This version of OpenSSL is known to be broken with Cisco DTLS.] [See http://rt.openssl.org/Ticket/Display.html?id=4631&user=guest&pass=guest] [Add --without-openssl-version-check to configure args to avoid this check, or] [perhaps consider building with GnuTLS instead.])]) AC_MSG_RESULT(no) fi AC_MSG_CHECKING([for ENGINE_by_id() in OpenSSL]) AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [ENGINE_by_id("foo");])], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_ENGINE, [1], [OpenSSL has ENGINE support])], [AC_MSG_RESULT(no) AC_MSG_NOTICE([Building without OpenSSL TPM ENGINE support])]) AC_MSG_CHECKING([for dtls1_stop_timer() in OpenSSL]) AC_LINK_IFELSE([AC_LANG_PROGRAM([#include #include extern void dtls1_stop_timer(SSL *);], [dtls1_stop_timer(NULL);])], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_DTLS1_STOP_TIMER, [1], [OpenSSL has dtls1_stop_timer() function])], [AC_MSG_RESULT(no)]) AC_MSG_CHECKING([for DTLSv1_2_client_method() in OpenSSL]) AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [DTLSv1_2_client_method();])], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_DTLS12, [1], [OpenSSL has DTLSv1_2_client_method() function])], [AC_MSG_RESULT(no)]) AC_CHECK_FUNC(HMAC_CTX_copy, [esp=yes], [AC_MSG_WARN([ESP support will be disabled])]) LIBS="${oldLIBS}" CFLAGS="${oldCFLAGS}" dtls=yes AC_DEFINE(OPENCONNECT_OPENSSL, 1, [Using OpenSSL]) AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)']) AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) ;; GnuTLS) oldlibs="$LIBS" oldcflags="$CFLAGS" LIBS="$LIBS $GNUTLS_LIBS" CFLAGS="$CFLAGS $GNUTLS_CFLAGS" esp=yes dtls=yes AC_CHECK_FUNC(gnutls_system_key_add_x509, [AC_DEFINE(HAVE_GNUTLS_SYSTEM_KEYS, 1, [From GnuTLS 3.4.0])], []) AC_CHECK_FUNC(gnutls_pkcs11_add_provider, [PKG_CHECK_MODULES(P11KIT, p11-kit-1, [AC_DEFINE(HAVE_P11KIT, 1, [Have. P11. Kit.]) pkcs11_support=GnuTLS AC_SUBST(P11KIT_PC, p11-kit-1)], [:])], []) LIBS="$oldlibs -ltspi" AC_MSG_CHECKING([for tss library]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include ],[ int err = Tspi_Context_Create((void *)0); Trspi_Error_String(err);])], [AC_MSG_RESULT(yes) AC_SUBST([TSS_LIBS], [-ltspi]) AC_SUBST([TSS_CFLAGS], []) AC_DEFINE(HAVE_TROUSERS, 1, [Have Trousers TSS library])], [AC_MSG_RESULT(no)]) LIBS="$oldlibs" CFLAGS="$oldcflags" PKG_CHECK_MODULES(TASN1, [libtasn1], [have_tasn1=yes], [have_tasn1=no]) if test "$have_tasn1" = "yes"; then PKG_CHECK_MODULES(TSS2_ESYS, [tss2-esys], [AC_DEFINE(HAVE_TSS2, 1, [Have TSS2]) AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS) $(TSS2_ESYS_CFLAGS)']) AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_ESYS_LIBS)']) tss2lib=tss2-esys], [:]) if test "$tss2lib" = ""; then AC_CHECK_LIB([tss], [TSS_Create], [tss2inc=tss2 tss2lib=tss], AC_CHECK_LIB([ibmtss], [TSS_Create], [tss2inc=ibmtss tss2lib=ibmtss], [])) if test "$tss2lib" != ""; then AC_CHECK_HEADER($tss2inc/tss.h, [AC_DEFINE_UNQUOTED(HAVE_TSS2, $tss2inc, [TSS2 library]) AC_SUBST(TSS2_LIBS, [-l$tss2lib]) AC_SUBST(TPM2_CFLAGS, ['$(TASN1_CFLAGS)']) AC_SUBST(TPM2_LIBS, ['$(TASN1_LIBS) $(TSS2_LIBS)'])], [tss2lib=]) fi fi fi AC_DEFINE(OPENCONNECT_GNUTLS, 1, [Using GnuTLS]) AC_SUBST(SSL_PC, [gnutls]) AC_SUBST(SSL_LIBS, ['$(GNUTLS_LIBS) $(TPM2_LIBS)']) AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS) $(TPM2_CFLAGS)']) ;; *) # This should never happen AC_MSG_ERROR([No SSL library selected]) ;; esac AM_CONDITIONAL(OPENCONNECT_TSS2_ESYS, [ test "$tss2lib" = "tss2-esys" ]) AM_CONDITIONAL(OPENCONNECT_TSS2_IBM, [ test "$tss2lib" = "ibmtss" -o "$tss2lib" = "tss" ]) test_pkcs11= if test "$pkcs11_support" != ""; then AC_CHECK_PROG(test_pkcs11, softhsm2-util, yes) fi AM_CONDITIONAL(TEST_PKCS11, [ test "$test_pkcs11" = "yes" ]) # The test is OpenSSL-only for now. AM_CONDITIONAL(CHECK_DTLS, [ test "$ssl_library" = "OpenSSL" ]) AC_ARG_ENABLE([dtls-xfail], AS_HELP_STRING([--enable-dtls-xfail], [Only for gitlab CI. Do not use])) AM_CONDITIONAL(DTLS_XFAIL, [test "$enable_dtls_xfail" = "yes" ]) AC_ARG_ENABLE([dsa-tests], AS_HELP_STRING([--disable-dsa-tests], [Disable DSA keys in self-test]), [], [enable_dsa_tests=yes]) AM_CONDITIONAL(TEST_DSA, [test "$enable_dsa_tests" = "yes"]) AM_CONDITIONAL(OPENCONNECT_GNUTLS, [ test "$ssl_library" = "GnuTLS" ]) AM_CONDITIONAL(OPENCONNECT_OPENSSL, [ test "$ssl_library" = "OpenSSL" ]) AM_CONDITIONAL(OPENCONNECT_ESP, [ test "$esp" != "" ]) AM_CONDITIONAL(OPENCONNECT_DTLS, [ test "$dtls" != "" ]) if test "$esp" != ""; then AC_DEFINE(HAVE_ESP, 1, [Build with ESP support]) fi if test "$dtls" != ""; then AC_DEFINE(HAVE_DTLS, 1, [Build with DTLS support]) fi AC_ARG_WITH(lz4, AS_HELP_STRING([--without-lz4], [disable support for LZ4 compression]), test_for_lz4=$withval, test_for_lz4=yes) lz4_pkg=no if test "$test_for_lz4" = yes; then PKG_CHECK_MODULES([LIBLZ4], [liblz4], [ AC_SUBST(LIBLZ4_PC, liblz4) AC_DEFINE([HAVE_LZ4], [], [LZ4 was found]) lz4_pkg=yes oldLIBS="$LIBS" LIBS="$LIBS $LIBLZ4_LIBS" oldCFLAGS="$CFLAGS" CFLAGS="$CFLAGS $LIBLZ4_CFLAGS" AC_MSG_CHECKING([for LZ4_compress_default()]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include ],[ LZ4_compress_default("", (char *)0, 0, 0);])], [AC_MSG_RESULT(yes) AC_DEFINE([HAVE_LZ4_COMPRESS_DEFAULT], [], [From LZ4 r129]) ], [AC_MSG_RESULT(no)]) LIBS="$oldLIBS" CFLAGS="$oldCFLAGS" ], [ AC_MSG_WARN([[ *** *** lz4 not found. *** ]]) ]) fi # For some bizarre reason now that we use AM_ICONV, the mingw32 build doesn't # manage to set EGREP properly in the created ./libtool script. Make sure it's # found. AC_PROG_EGREP # Needs to happen after we default to static/shared libraries based on OpenSSL AC_PROG_LIBTOOL if test "$use_openbsd_libtool" = "true" && test -x /usr/bin/libtool; then echo using OpenBSD libtool LIBTOOL=/usr/bin/libtool fi AM_CONDITIONAL(OPENBSD_LIBTOOL, [ test "$use_openbsd_libtool" = "true" ]) AX_CHECK_VSCRIPT PKG_CHECK_MODULES(LIBXML2, libxml-2.0) PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])], [oldLIBS="$LIBS" LIBS="$LIBS -lz" AC_MSG_CHECKING([for zlib without pkg-config]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include ],[ z_stream zs; deflateInit2(&zs, Z_DEFAULT_COMPRESSION, Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY);])], [AC_MSG_RESULT(yes) AC_SUBST([ZLIB_LIBS], [-lz]) AC_SUBST([ZLIB_CFLAGS], [])], [AC_MSG_RESULT(no) AC_ERROR([Could not build against zlib])]) LIBS="$oldLIBS"]) AC_ARG_WITH([libproxy], AS_HELP_STRING([--without-libproxy], [Build without libproxy library [default=auto]])) AS_IF([test "x$with_libproxy" != "xno"], [ PKG_CHECK_MODULES(LIBPROXY, libproxy-1.0, [AC_SUBST(LIBPROXY_PC, libproxy-1.0) AC_DEFINE([LIBPROXY_HDR], ["proxy.h"], [libproxy header file]) libproxy_pkg=yes], libproxy_pkg=no) ], [libproxy_pkg=disabled]) dnl Libproxy *can* exist without a .pc file, and its header may be called dnl libproxy.h in that case. if (test "$libproxy_pkg" = "no"); then AC_MSG_CHECKING([for libproxy]) oldLIBS="$LIBS" LIBS="$LIBS -lproxy" AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [(void)px_proxy_factory_new();])], [AC_MSG_RESULT(yes (with libproxy.h)) AC_DEFINE([LIBPROXY_HDR], ["libproxy.h"]) AC_SUBST([LIBPROXY_LIBS], [-lproxy]) libproxy_pkg=yes], [AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [(void)px_proxy_factory_new();])], [AC_MSG_RESULT(yes (with proxy.h)) AC_DEFINE([LIBPROXY_HDR], ["proxy.h"]) AC_SUBST([LIBPROXY_LIBS], [-lproxy]) libproxy_pkg=yes], [AC_MSG_RESULT(no)])]) LIBS="$oldLIBS" fi AC_ARG_WITH([stoken], AS_HELP_STRING([--without-stoken], [Build without libstoken library [default=auto]])) AS_IF([test "x$with_stoken" != "xno"], [ PKG_CHECK_MODULES(LIBSTOKEN, stoken, [AC_SUBST(LIBSTOKEN_PC, stoken) AC_DEFINE([HAVE_LIBSTOKEN], 1, [Have libstoken]) libstoken_pkg=yes], libstoken_pkg=no) ], [libstoken_pkg=disabled]) AM_CONDITIONAL(OPENCONNECT_STOKEN, [test "$libstoken_pkg" = "yes"]) AC_ARG_WITH([libpcsclite], AS_HELP_STRING([--without-libpcsclite], [Build without libpcsclite library (for Yubikey support) [default=auto]])) AS_IF([test "x$with_libpcsclite" != "xno"], [ if test "$system_pcsc_libs" != ""; then AC_SUBST(LIBPCSCLITE_LIBS, "$system_pcsc_libs") AC_SUBST(LIBPCSCLITE_CFLAGS, "$system_pcsc_cflags") AC_SUBST(system_pcsc_libs) libpcsclite_pkg=yes else PKG_CHECK_MODULES(LIBPCSCLITE, libpcsclite, [AC_SUBST(LIBPCSCLITE_PC, libpcsclite) libpcsclite_pkg=yes], libpcsclite_pkg=no) fi ], [libpcsclite_pkg=disabled]) if test "$libpcsclite_pkg" = "yes"; then AC_DEFINE([HAVE_LIBPCSCLITE], 1, [Have libpcsclite]) fi AM_CONDITIONAL(OPENCONNECT_LIBPCSCLITE, [test "$libpcsclite_pkg" = "yes"]) AC_ARG_WITH([libpskc], AS_HELP_STRING([--without-libpskc], [Build without libpskc library [default=auto]])) AS_IF([test "x$with_libpskc" != "xno"], [ PKG_CHECK_MODULES(LIBPSKC, [libpskc >= 2.2.0], [AC_SUBST(LIBPSKC_PC, libpskc) AC_DEFINE([HAVE_LIBPSKC], 1, [Have libpskc]) libpskc_pkg=yes], libpskc_pkg=no)]) linked_gssapi=no AC_ARG_WITH([gssapi], AS_HELP_STRING([--without-gssapi], [Build without GSSAPI support [default=auto]])) AC_DEFUN([GSSAPI_CHECK_BUILD],[ gss_old_libs="$LIBS" LIBS="$LIBS ${GSSAPI_LIBS}" AC_MSG_CHECKING([GSSAPI compilation with "${GSSAPI_LIBS}"]) AC_LINK_IFELSE([AC_LANG_PROGRAM([ #include #include GSSAPI_HDR],[ OM_uint32 major, minor; gss_buffer_desc b = GSS_C_EMPTY_BUFFER; gss_ctx_id_t ctx = GSS_C_NO_CONTEXT; gss_init_sec_context(&minor, GSS_C_NO_CREDENTIAL, &ctx, GSS_C_NO_NAME, GSS_C_NO_OID, GSS_C_MUTUAL_FLAG, GSS_C_INDEFINITE, GSS_C_NO_CHANNEL_BINDINGS, NULL, NULL, NULL, NULL, NULL);])], [linked_gssapi=yes AC_MSG_RESULT(yes)], [linked_gssapi=no AC_MSG_RESULT(no)]) LIBS="$gss_old_libs" ]) # Attempt to work out how to build with GSSAPI. Mostly, krb5-config will # exist and work. Tested on FreeBSD 9, OpenBSD 5.5, NetBSD 6.1.4. Solaris # has krb5-config but it doesn't do GSSAPI so hard-code the results there. # Older OpenBSD (I tested 5.2) lacks krb5-config so leave that as an example. if test "$with_gssapi" != "no"; then found_gssapi=no if test "${with_gssapi}" != "yes" -a "${with_gssapi}" != "" ; then gssapi_root="${with_gssapi}" else gssapi_root="" fi # First: if they specify GSSAPI_LIBS and/or GSSAPI_CFLAGS then use them. if test "$GSSAPI_LIBS$GSSAPI_CFLAGS" != ""; then found_gssapi=yes fi # Second: try finding a viable krb5-config that supports gssapi if test "$found_gssapi" = "no"; then if test -n "${gssapi_root}"; then krb5path="${gssapi_root}/bin:$PATH" else krb5path="/usr/kerberos/bin:$PATH" fi if test -n "$host_alias"; then AC_PATH_PROG(KRB5_CONFIG, [${host_alias}-krb5-config], [], [$krb5path]) fi if test "$KRB5_CONFIG" = ""; then AC_PATH_PROG(KRB5_CONFIG, [krb5-config], [], [$krb5path]) fi if test "$KRB5_CONFIG" != ""; then AC_MSG_CHECKING([whether $KRB5_CONFIG supports gssapi]) if "${KRB5_CONFIG}" --cflags gssapi > /dev/null 2>/dev/null; then AC_MSG_RESULT(yes) found_gssapi=yes GSSAPI_LIBS="`"${KRB5_CONFIG}" --libs gssapi`" GSSAPI_CFLAGS="`"${KRB5_CONFIG}" --cflags gssapi`" else AC_MSG_RESULT(no) fi fi fi # Third: look for or in some likely places, # and we'll worry about how to *link* it in a moment... if test "$found_gssapi" = "no"; then if test -n "${gssapi_root}"; then if test -r "${with_gssapi}/include/gssapi.h" -o \ -r "${with_gssapi}/include/gssapi/gssapi.h"; then GSSAPI_CFLAGS="-I\"${with_gssapi}/include\"" fi else if test -r /usr/kerberos/include/gssapi.h -o \ -r /usr/kerberos/include/gssapi/gssapi.h; then GSSAPI_CFLAGS=-I/usr/kerberos/include elif test -r /usr/include/kerberosV/gssapi.h -o \ -r /usr/include/kerberosV/gssapi/gssapi.h; then # OpenBSD 5.2 puts it here GSSAPI_CFLAGS=-I/usr/include/kerberosV else # Maybe it'll Just Work GSSAPI_CFLAGS= fi fi fi oldcflags="$CFLAGS" CFLAGS="$CFLAGS ${GSSAPI_CFLAGS}" # OK, now see if we've correctly managed to find gssapi.h at least... gssapi_hdr= AC_CHECK_HEADER([gssapi/gssapi.h], [gssapi_hdr=""], [AC_CHECK_HEADER([gssapi.h], [gssapi_hdr=""], [AC_MSG_WARN([Cannot find or ])])]) # Finally, unless we've already failed, see if we can link it. linked_gssapi=no if test -n "${gssapi_hdr}"; then AC_DEFINE_UNQUOTED(GSSAPI_HDR, $gssapi_hdr, [GSSAPI header]) if test "$found_gssapi" = "yes"; then # We think we have GSSAPI_LIBS already so try it... GSSAPI_CHECK_BUILD else LFLAG= if test -n "$gssapi_root"; then LFLAG="-L\"${gssapi_root}/lib$libsuff\"" fi # Solaris, HPUX, etc. GSSAPI_LIBS="$LFLAG -lgss" GSSAPI_CHECK_BUILD if test "$linked_gssapi" = "no"; then GSSAPI_LIBS="$LFLAG -lgssapi" GSSAPI_CHECK_BUILD fi if test "$linked_gssapi" = "no"; then GSSAPI_LIBS="$LFLAG -lgssapi_krb5" GSSAPI_CHECK_BUILD fi if test "$linked_gssapi" = "no"; then # OpenBSD 5.2 at least GSSAPI_LIBS="$LFLAG -lgssapi -lkrb5 -lcrypto" GSSAPI_CHECK_BUILD fi if test "$linked_gssapi" = "no"; then # MIT GSSAPI_LIBS="$LFLAG -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" GSSAPI_CHECK_BUILD fi if test "$linked_gssapi" = "no"; then # Heimdal GSSAPI_LIBS="$LFLAG -lkrb5 -lcrypto -lasn1 -lcom_err -lroken -lgssapi" GSSAPI_CHECK_BUILD fi if test "$linked_gssapi" = "no"; then AC_MSG_WARN([Cannot find GSSAPI. Try setting GSSAPI_LIBS and GSSAPI_CFLAGS manually]) fi fi fi CFLAGS="$oldcflags" if test "$linked_gssapi" = "yes"; then AC_DEFINE([HAVE_GSSAPI], 1, [Have GSSAPI support]) AC_SUBST(GSSAPI_CFLAGS) AC_SUBST(GSSAPI_LIBS) elif test "$with_gssapi" = ""; then AC_MSG_WARN([Building without GSSAPI support]); unset GSSAPI_CFLAGS unset GSSAPI_LIBS else AC_MSG_ERROR([GSSAPI support requested but not found. Try setting GSSAPI_LIBS/GSSAPI_CFLAGS]) fi fi AM_CONDITIONAL(OPENCONNECT_GSSAPI, [test "$linked_gssapi" = "yes"]) AC_ARG_WITH([java], AS_HELP_STRING([--with-java(=DIR)], [Build JNI bindings using jni.h from DIR [default=no]]), [], [with_java=no]) if test "$with_java" = "yes"; then AX_JNI_INCLUDE_DIR for JNI_INCLUDE_DIR in $JNI_INCLUDE_DIRS; do JNI_CFLAGS="$JNI_CFLAGS -I$JNI_INCLUDE_DIR" done elif test "$with_java" = "no"; then JNI_CFLAGS="" else JNI_CFLAGS="-I$with_java" fi if test "x$JNI_CFLAGS" != "x"; then oldCFLAGS="$CFLAGS" CFLAGS="$CFLAGS $JNI_CFLAGS" AC_MSG_CHECKING([jni.h usability]) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([#include ], [jint foo = 0; (void)foo;])], AC_MSG_RESULT([yes]), [AC_MSG_RESULT([no]) AC_MSG_ERROR([unable to compile JNI test program])]) CFLAGS="$oldCFLAGS" AC_SUBST(JNI_CFLAGS, [$JNI_CFLAGS]) fi AM_CONDITIONAL(OPENCONNECT_JNI, [test "$JNI_CFLAGS" != ""]) AC_ARG_ENABLE([jni-standalone], AS_HELP_STRING([--enable-jni-standalone], [build JNI stubs directly into libopenconnect.so [default=no]]), [jni_standalone=$enableval], [jni_standalone=no]) AM_CONDITIONAL(JNI_STANDALONE, [test $jni_standalone = yes]) symver_java= if test "$jni_standalone" = "yes" ; then symver_java=$(sed -n '/JNIEXPORT/{s/^JNIEXPORT.*\(Java_.*\) *(/\1;/ p}' ${srcdir}/jni.c) # Remove the newlines between each item. symver_java=$(echo $symver_java) fi AC_SUBST(SYMVER_JAVA, $symver_java) AC_CHECK_HEADER([if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["if_tun.h"], [if_tun.h include path])], [AC_CHECK_HEADER([linux/if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["linux/if_tun.h"])], [AC_CHECK_HEADER([net/if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["net/if_tun.h"])], [AC_CHECK_HEADER([net/tun/if_tun.h], [AC_DEFINE([IF_TUN_HDR], ["net/tun/if_tun.h"])])])])]) AC_CHECK_HEADER([net/if_utun.h], AC_DEFINE([HAVE_NET_UTUN_H], 1, [Have net/utun.h])) AC_CHECK_HEADER([alloca.h], AC_DEFINE([HAVE_ALLOCA_H], 1, [Have alloca.h])) AC_CHECK_HEADER([endian.h], [AC_DEFINE([ENDIAN_HDR], [], [endian header include path])], [AC_CHECK_HEADER([sys/endian.h], [AC_DEFINE([ENDIAN_HDR], [])], [AC_CHECK_HEADER([sys/isa_defs.h], [AC_DEFINE([ENDIAN_HDR], [])])])]) build_www=yes AC_PATH_PROGS(PYTHON, [python2 python], [], $PATH:/bin:/usr/bin) if (test -n "${ac_cv_path_PYTHON}"); then AC_MSG_CHECKING([that python is version 2.x]) if $PYTHON --version 2>&1 | grep "Python 2\." > /dev/null; then AC_MSG_RESULT([yes]) AC_SUBST(PYTHON, ${ac_cv_path_PYTHON}) else AC_MSG_RESULT([no]) AC_MSG_NOTICE([Python is not v2.x; not building HTML pages]) build_www=no fi else AC_MSG_NOTICE([Python not found; not building HTML pages]) build_www=no fi if test "${build_www}" = "yes"; then AC_MSG_CHECKING([if groff can create UTF-8 XHTML]) AC_PATH_PROGS_FEATURE_CHECK([GROFF], [groff], [$ac_path_GROFF -t -K UTF-8 -mandoc -Txhtml /dev/null > /dev/null 2>&1 && ac_cv_path_GROFF=$ac_path_GROFF]) if test -n "$ac_cv_path_GROFF"; then AC_MSG_RESULT(yes) AC_SUBST(GROFF, ${ac_cv_path_GROFF}) else AC_MSG_RESULT([no. Not building HTML pages]) build_www=no fi fi AM_CONDITIONAL(BUILD_WWW, [test "${build_www}" = "yes"]) # Checks for tests PKG_CHECK_MODULES([CWRAP], [uid_wrapper, socket_wrapper], have_cwrap=yes, have_cwrap=no) AM_CONDITIONAL(HAVE_CWRAP, test "x$have_cwrap" != xno) have_netns=no AC_PATH_PROG(NUTTCP, nuttcp) if test -n "$ac_cv_path_NUTTCP"; then AC_PATH_PROG(IP, ip, [], $PATH:/sbin:/usr/sbin) if test -n "$ac_cv_path_IP"; then AC_MSG_CHECKING([For network namespaces]) NETNS=openconnect-configure-test-$$ if ip netns add $NETNS >/dev/null 2>/dev/null; then ip netns delete $NETNS have_netns=yes fi AC_MSG_RESULT($have_netns) fi fi AM_CONDITIONAL(HAVE_NETNS, test "x$have_netns" != xno) AC_SUBST([CONFIG_STATUS_DEPENDENCIES], ['$(top_srcdir)/po/LINGUAS \ $(top_srcdir)/openconnect.h \ $(top_srcdir)/libopenconnect.map.in \ $(top_srcdir)/openconnect.8.in \ $(top_srcdir)/tests/softhsm2.conf.in \ $(top_srcdir)/tests/configs/test-user-cert.config.in \ $(top_srcdir)/tests/configs/test-user-pass.config.in']) RAWLINGUAS=`sed -e "/^#/d" -e "s/#.*//" "${srcdir}/po/LINGUAS"` # Remove newlines LINGUAS=`echo $RAWLINGUAS` AC_SUBST(LINGUAS) APIMAJOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MAJOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" APIMINOR="`sed -n 's/^#define OPENCONNECT_API_VERSION_MINOR \(.*\)/\1/p' ${srcdir}/openconnect.h`" AC_SUBST(APIMAJOR) AC_SUBST(APIMINOR) # We want version.c to depend on the files that would affect the # output of version.sh. But we cannot assume that they'll exist, # and we cannot use $(wildcard) in a non-GNU makefile. So we just # depend on the files which happen to exist at configure time. GITVERSIONDEPS= for a in ${srcdir}/.git/index ${srcdir}/.git/packed-refs \ ${srcdir}/.git/refs/tags ${srcdir}/.git/HEAD; do if test -r $a ; then GITVERSIONDEPS="$GITVERSIONDEPS $a" fi done AC_SUBST(GITVERSIONDEPS) AC_SUBST(OCSERV_USER, $(whoami)) AC_SUBST(OCSERV_GROUP, $(groups|cut -f 1 -d ' ')) AC_CONFIG_FILES(Makefile openconnect.pc po/Makefile www/Makefile \ libopenconnect.map openconnect.8 www/styles/Makefile \ www/inc/Makefile www/images/Makefile tests/Makefile \ tests/softhsm2.conf tests/configs/test-user-cert.config \ tests/configs/test-user-pass.config) AC_OUTPUT AC_DEFUN([SUMMARY], [pretty="$2" if test "$pretty" = "openssl"; then pretty=OpenSSL elif test "$pretty" = "gnutls" -o "$pretty" = "both"; then pretty=GnuTLS elif test "$pretty" = ""; then pretty=no fi echo "AS_HELP_STRING([$1:],[$pretty])"]) echo "BUILD OPTIONS:" SUMMARY([SSL library], [$ssl_library]) SUMMARY([[PKCS#11 support]], [$pkcs11_support]) SUMMARY([DTLS support], [$dtls]) SUMMARY([ESP support], [$esp]) SUMMARY([libproxy support], [$libproxy_pkg]) SUMMARY([RSA SecurID support], [$libstoken_pkg]) SUMMARY([PSKC OATH file support], [$libpskc_pkg]) SUMMARY([GSSAPI support], [$linked_gssapi]) SUMMARY([Yubikey support], [$libpcsclite_pkg]) SUMMARY([LZ4 compression], [$lz4_pkg]) SUMMARY([Java bindings], [$with_java]) SUMMARY([Build docs], [$build_www]) SUMMARY([Unit tests], [$have_cwrap]) SUMMARY([Net namespace tests], [$have_netns]) if test "$ssl_library" = "OpenSSL"; then AC_MSG_WARN([[ *** *** Be sure to run "make check" to verify OpenSSL DTLS support *** ]]) fi