configure.ac 85.6 KB
Newer Older
1
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Tinderbox User's avatar
Tinderbox User committed
2
#
3 4 5
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 7 8
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
9

10
AC_INIT(BIND, [9.15], [info@isc.org], [], [https://www.isc.org/downloads/BIND/])
11
AC_PREREQ([2.60])
Bob Halley's avatar
Bob Halley committed
12 13

AC_CONFIG_HEADER(config.h)
Ondřej Surý's avatar
Ondřej Surý committed
14
AC_CONFIG_MACRO_DIR([m4])
Bob Halley's avatar
Bob Halley committed
15 16

AC_CANONICAL_HOST
17 18 19 20

#
# Enable system extensions to C and POSIX
#
21 22
AC_USE_SYSTEM_EXTENSIONS

23 24 25 26 27 28
#
# Enable large file support
#
AC_SYS_LARGEFILE
AC_FUNC_FSEEKO

29 30 31 32 33 34 35 36
LFS_CFLAGS=`getconf LFS_CFLAGS 2>/dev/null`
LFS_LDFLAGS=`getconf LFS_LDFLAGS 2>/dev/null`
LFS_LIBS=`getconf LFS_LIBS 2>/dev/null`

AC_SUBST([LFS_CFLAGS])
AC_SUBST([LFS_LDFLAGS])
AC_SUBST([LFS_LIBS])

37 38
# Enable RFC 3542 APIs on macOS
AC_DEFINE([__APPLE_USE_RFC_3542], [1], [Select RFC3542 IPv6 API on macOS])
Bob Halley's avatar
Bob Halley committed
39

40
AC_PROG_MAKE_SET
41

42
AC_PROG_LIBTOOL
43
AC_PROG_INSTALL
44
AC_PROG_LN_S
45
AX_POSIX_SHELL
46 47 48 49

AC_SUBST(STD_CINCLUDES)
AC_SUBST(STD_CDEFINES)
AC_SUBST(STD_CWARNINGS)
50
AC_SUBST(CCOPT)
Evan Hunt's avatar
Evan Hunt committed
51
AC_SUBST(CCNOOPT)
Mark Andrews's avatar
Mark Andrews committed
52
AC_SUBST(BACKTRACECFLAGS)
53

54 55 56 57 58 59
#
# Use pkg-config
#

PKG_PROG_PKG_CONFIG

60
# Warn if the user specified libbind, which is now deprecated
61
AC_ARG_ENABLE(libbind, AS_HELP_STRING([--enable-libbind], [deprecated]))
62 63 64 65 66 67 68 69 70 71

case "$enable_libbind" in
	yes)
		AC_MSG_ERROR(['libbind' is no longer part of the BIND 9 distribution.
It is available from http://www.isc.org as a separate download.])
		;;
	no|'')
		;;
esac

72 73 74 75
AC_ARG_ENABLE(buffer_useinline,
	      AS_HELP_STRING([--enable-buffer-useinline],
		             [define ISC_BUFFER_USEINLINE when compiling
				[default=yes]]),
76 77 78 79 80 81 82
	      if test yes = "${enable}"
	      then
		      AC_DEFINE([ISC_BUFFER_USEINLINE], [1],
			        [Define if you want to use inline buffers])
	      fi,
	      AC_DEFINE([ISC_BUFFER_USEINLINE], [1]))

83 84 85
AC_ARG_ENABLE(warn_shadow,
	      AS_HELP_STRING([--enable-warn-shadow],
			     [turn on -Wshadow when compiling]))
86

87 88 89
AC_ARG_ENABLE(warn_error,
	      AS_HELP_STRING([--enable-warn-error],
			    [turn on -Werror when compiling]))
90

91 92 93
AC_ARG_ENABLE(developer,
	      AS_HELP_STRING([--enable-developer],
			     [enable developer build settings]))
94
XTARGETS=
95 96
case "$enable_developer" in
yes)
97
	STD_CDEFINES="$STD_CDEFINES -DISC_MEM_DEFAULTFILL=1 -DISC_LIST_CHECKINIT=1"
98
	test "${enable_fixed_rrset+set}" = set || enable_fixed_rrset=yes
99
	test "${enable_querytrace+set}" = set || enable_querytrace=yes
100
	test "${with_cmocka+set}" = set || with_cmocka=yes
101
	test "${with_dlz_filesystem+set}" = set || with_dlz_filesystem=yes
Evan Hunt's avatar
Evan Hunt committed
102
	test "${enable_symtable+set}" = set || enable_symtable=all
103
	test "${enable_warn_error+set}" = set || enable_warn_error=yes
104
	test "${enable_warn_shadow+set}" = set || enable_warn_shadow=yes
105
	test "${with_zlib+set}" = set || with_zlib=yes
106
	XTARGETS='${XTARGETS}'
107 108
	;;
esac
109
AC_SUBST(XTARGETS)
110

111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
AC_ARG_ENABLE([fuzzing],
	      [AS_HELP_STRING([--enable-fuzzing=<afl|libfuzzer>],
			      [Enable fuzzing using American Fuzzy Lop or libFuzzer (default=no)])],
	      [],
	      [enable_fuzzing=no])

AC_MSG_CHECKING([whether to enable fuzzing mode])
AS_CASE([$enable_fuzzing],
	[no],[AC_MSG_RESULT([no])],
	[afl],[
	  AC_MSG_RESULT([using AFL])
	  AC_DEFINE([ENABLE_AFL], [1],
		    [Define to enable American Fuzzy Lop test harness])
	  CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"
	  LIBS="$LIBS -lpthread"],
	[libfuzzer],[
	  AC_MSG_RESULT([using libFuzzer])
	  CFLAGS="$CFLAGS -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -fsanitize=fuzzer,address,undefined"
	  LDFLAGS="$LDFLAGS -fsanitize=fuzzer,address,undefined"],
	[*],[AC_MSG_ERROR([You need to explicitly select the fuzzer])])

AS_IF([test "$enable_fuzzing" = "afl"],
      [AC_MSG_CHECKING("for AFL enabled compiler")
       AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
					  [#ifndef __AFL_COMPILER
					   #error AFL compiler required
					   #endif
					  ])],
			 [AC_MSG_RESULT([yes])],
			 [AC_MSG_ERROR([set CC=afl-<gcc|clang> when --enable-fuzzing=afl is used])])
      ])
142

143 144 145
#
# Make very sure that these are the first files processed by
# config.status, since we use the processed output as the input for
Francis Dupont's avatar
Francis Dupont committed
146
# AC_SUBST_FILE() substitutions in other files.
147 148 149
#
AC_CONFIG_FILES([make/rules make/includes])

David Lawrence's avatar
David Lawrence committed
150 151 152 153 154
AC_PATH_PROG(AR, ar)
ARFLAGS="cruv"
AC_SUBST(AR)
AC_SUBST(ARFLAGS)

155 156 157 158 159
# The POSIX ln(1) program.  Non-POSIX systems may substitute
# "copy" or something.
LN=ln
AC_SUBST(LN)

160 161 162 163 164 165 166 167 168 169
case "$AR" in
	"")
		AC_MSG_ERROR([
ar program not found.  Please fix your PATH to include the directory in
which ar resides, or set AR in the environment with the full path to ar.
])

		;;
esac

Bob Halley's avatar
Bob Halley committed
170 171 172
#
# Etags.
#
173
AC_PATH_PROGS(ETAGS, etags emacs-etags)
Andreas Gustafsson's avatar
Andreas Gustafsson committed
174

Bob Halley's avatar
Bob Halley committed
175 176 177 178 179 180 181 182 183 184 185 186 187
#
# Some systems, e.g. RH7, have the Exuberant Ctags etags instead of
# GNU emacs etags, and it requires the -L flag.
#
if test "X$ETAGS" != "X"; then
	AC_MSG_CHECKING(for Exuberant Ctags etags)
	if $ETAGS --version 2>&1 | grep 'Exuberant Ctags' >/dev/null 2>&1; then
		AC_MSG_RESULT(yes)
		ETAGS="$ETAGS -L"
	else
		AC_MSG_RESULT(no)
	fi
fi
188 189
AC_SUBST(ETAGS)

190 191
#
# Perl is optional; it is used only by some of the system test scripts.
192 193
# Note: the backtrace feature (see below) uses perl to build the symbol table,
# but it still compiles without perl, in which case an empty table will be used.
194 195 196 197
#
AC_PATH_PROGS(PERL, perl5 perl)
AC_SUBST(PERL)

198
#
199 200
# Python is also optional but required by default so that dnssec-keymgr gets
# installed unless explicitly prevented by the user using --without-python.
201
#
202 203 204
testminvers='import sys
if (sys.version_info < (2,7)) or (sys.version_info < (3,2) and sys.version_info >= (3,0)):
   exit(1)'
Evan Hunt's avatar
Evan Hunt committed
205 206 207 208

testargparse='try: import argparse
except: exit(1)'

209
testply='try: import ply
Evan Hunt's avatar
Evan Hunt committed
210
except: exit(1)'
Evan Hunt's avatar
Evan Hunt committed
211

212 213
default_with_python="python python3 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python2 python2.7"

214 215 216
AC_ARG_WITH([python],
	    AS_HELP_STRING([--with-python=PATH],
			   [specify path to Python interpreter]),
217
	    [], [with_python=$default_with_python])
218 219 220 221 222
AC_ARG_WITH([python-install-dir],
	    AS_HELP_STRING([--with-python-install-dir=PATH],
			   [installation directory for Python modules]),
	    [], with_python_install_dir="")

223 224 225
AS_IF([test "$with_python" = "yes"],
      [with_python=$default_with_python])

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272
AS_IF([test "$with_python" = "no"],
      [AC_MSG_CHECKING([for Python support])
       AC_MSG_RESULT([disabled])],
      [for p in $with_python
       do
	 AS_CASE([$p],
		 [/*],[PYTHON="$p"])

	 AC_PATH_PROG([PYTHON], [$p])
	 # Do not cache the result of the check from the previous line.  If the
	 # first found Python interpreter has missing module dependencies and
	 # the result of the above check is cached, subsequent module checks
	 # will erroneously keep on using the cached path to the first found
	 # Python interpreter instead of different ones.
	 unset ac_cv_path_PYTHON

	 AS_IF([test -z "$PYTHON"], [continue])

	 AC_MSG_CHECKING([if $PYTHON is python2 version >= 2.7 or python3 version >= 3.2])
	 AS_IF(["$PYTHON" -c "$testminvers" 2>/dev/null],
	       [AC_MSG_RESULT([yes])],
	       [AC_MSG_RESULT([no])
		unset PYTHON
		continue])

	 AC_MSG_CHECKING([Python module 'argparse'])
	 AS_IF(["$PYTHON" -c "$testargparse" 2>/dev/null],
	       [AC_MSG_RESULT([yes])],
	       [AC_MSG_RESULT([no])
		unset PYTHON
		continue])

	 AC_MSG_CHECKING([Python module 'ply'])
	 AS_IF(["$PYTHON" -c "$testply" 2>/dev/null],
	       [AC_MSG_RESULT([yes])],
	       [AC_MSG_RESULT([no])
		unset PYTHON
		continue])

	 # Stop looking any further once we find a Python interpreter
	 # satisfying all requirements.
	 break
       done

       AS_IF([test "X$PYTHON" = "X"],
	     [AC_MSG_CHECKING([for Python support])
	      AC_MSG_RESULT([no])
273 274 275 276 277 278 279
	      AC_MSG_ERROR([m4_normalize(
				[Python >= 2.7 or >= 3.2 and the PLY package
                                 are required for dnssec-keymgr and other
                                 Python-based tools. PLY may be
                                 available from your OS package manager
                                 as python-ply or python3-ply; it can also
                                 be installed via pip. To build without
280
                                 Python/PLY, use --without-python.]
281
			    )])])])
282 283

PYTHON_TOOLS=''
284
CHECKDS=''
Evan Hunt's avatar
Evan Hunt committed
285
COVERAGE=''
Evan Hunt's avatar
Evan Hunt committed
286
KEYMGR=''
287 288 289 290 291 292 293 294
AS_IF([test "X$PYTHON" != "X"],
      [PYTHON_TOOLS=python
       CHECKDS=checkds
       COVERAGE=coverage
       KEYMGR=keymgr
       PYTHON_INSTALL_DIR="$with_python_install_dir"
       AS_IF([test -n "$with_python_install_dir"],
	     [PYTHON_INSTALL_LIB="--install-lib=$with_python_install_dir"])])
295
AC_SUBST(CHECKDS)
Evan Hunt's avatar
Evan Hunt committed
296
AC_SUBST(COVERAGE)
Evan Hunt's avatar
Evan Hunt committed
297
AC_SUBST(KEYMGR)
298
AC_SUBST(PYTHON_TOOLS)
299 300
AC_SUBST(PYTHON_INSTALL_DIR)
AC_SUBST(PYTHON_INSTALL_LIB)
301

302 303 304
#
# Special processing of paths depending on whether --prefix,
# --sysconfdir or --localstatedir arguments were given.  What's
Mark Andrews's avatar
Mark Andrews committed
305
# desired is some compatibility with the way previous versions
306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321
# of BIND built; they defaulted to /usr/local for most parts of
# the installation, but named.boot/named.conf was in /etc
# and named.pid was in /var/run.
#
# So ... if none of --prefix, --sysconfdir or --localstatedir are
# specified, set things up that way.  If --prefix is given, use
# it for sysconfdir and localstatedir the way configure normally
# would.  To change the prefix for everything but leave named.conf
# in /etc or named.pid in /var/run, then do this the usual configure way:
# ./configure --prefix=/somewhere --sysconfdir=/etc
# ./configure --prefix=/somewhere --localstatedir=/var
#
# To put named.conf and named.pid in /usr/local with everything else,
# set the prefix explicitly to /usr/local even though that's the default:
# ./configure --prefix=/usr/local
#
322
case "$prefix" in
323 324 325 326 327 328 329 330 331 332 333 334
	NONE)
		case "$sysconfdir" in
			'${prefix}/etc')
				sysconfdir=/etc
				;;
		esac
		case "$localstatedir" in
			'${prefix}/var')
				localstatedir=/var
				;;
		esac
		;;
335
esac
Evan Hunt's avatar
Evan Hunt committed
336 337
expanded_sysconfdir=`eval echo $sysconfdir`
AC_SUBST(expanded_sysconfdir)
338

339 340 341 342 343 344 345 346
#
# Make sure INSTALL uses an absolute path, else it will be wrong in all
# Makefiles, since they use make/rules.in and INSTALL will be adjusted by
# configure based on the location of the file where it is substituted.
# Since in BIND9 INSTALL is only substituted into make/rules.in, an immediate
# subdirectory of install-sh, This relative path will be wrong for all
# directories more than one level down from install-sh.
#
347 348
case "$INSTALL" in
	/*)
349 350 351 352 353 354 355 356 357 358
		;;
	*)
		#
		# Not all systems have dirname.
		#
		changequote({, })
		ac_dir="`echo $INSTALL | sed 's%/[^/]*$%%'`"
		changequote([, ])

		ac_prog="`echo $INSTALL | sed 's%.*/%%'`"
359
		test "X$ac_dir" = "X$ac_prog" && ac_dir=.
360 361 362
		test -d "$ac_dir" && ac_dir="`(cd \"$ac_dir\" && pwd)`"
		INSTALL="$ac_dir/$ac_prog"
		;;
363 364
esac

365
AC_PROG_CC
366
AC_PROG_CC_C99
367

Evan Hunt's avatar
Evan Hunt committed
368 369 370 371 372 373 374
#
# CCNOOPT defaults to -O0 on gcc and disables optimization when is last
#
if test "X$CCNOOPT" = "X" -a "X$GCC" = "Xyes"; then
	CCNOOPT="-O0"
fi

375 376
AC_HEADER_STDC

Mark Andrews's avatar
Mark Andrews committed
377
AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/mman.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h sys/socket.h net/route.h linux/netlink.h linux/rtnetlink.h,,,
378 379 380 381
[$ac_includes_default
#ifdef HAVE_SYS_PARAM_H
# include <sys/param.h>
#endif
382 383 384
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
385
])
386

387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425
#
# Check for thread local storage
#
AC_CHECK_HEADERS([threads.h],
		 [
		     AC_MSG_CHECKING([for C11 Thread-Local Storage using thread_local])
		     AC_COMPILE_IFELSE(
			 [AC_LANG_PROGRAM(
			      [
				  #include <threads.h>
			      ],[
				  static thread_local int tls = 0;
				  return (tls);
			      ])
			 ],[
			     AC_MSG_RESULT([yes])
			     AC_DEFINE([HAVE_THREAD_LOCAL],[1],[Define if thread_local keyword is available])
			     AC_DEFINE([HAVE_TLS],[1],[Define if Thread-Local Storage is available])
			 ],[
			     AC_MSG_RESULT([no])
			 ])
		 ],[
		     AC_MSG_CHECKING([for Thread-Local Storage using __thread])
		     AC_COMPILE_IFELSE(
			 [AC_LANG_PROGRAM(
			      [
			      ],[
				  static __thread int tls = 0;
				  return (tls);
			      ])
			 ],[
			     AC_MSG_RESULT([yes])
			     AC_DEFINE([HAVE___THREAD],[1],[Define if __thread keyword is available])
			     AC_DEFINE([HAVE_TLS],[1],[Define if Thread-Local Storage is available])
			 ],[
			     AC_MSG_RESULT([no])
			 ])
		 ])

426 427
AC_C_CONST
AC_C_INLINE
428
AC_C_VOLATILE
429
AC_C_FLEXIBLE_ARRAY_MEMBER
430

431 432 433 434
#
# Check for yield support on ARM processors
#
AS_CASE([$host],
435 436 437 438 439 440 441 442 443
	[arm*],
	[AC_MSG_CHECKING([for yield instruction support])
	 AC_COMPILE_IFELSE(
	     [AC_LANG_PROGRAM([[]],
			     [[__asm__ __volatile__ ("yield")]])],
	     [AC_MSG_RESULT([yes])
	      AC_DEFINE([HAVE_ARM_YIELD], [1],
			[define if the ARM yield instruction is available])],
	     [AC_MSG_RESULT([no])])])
444

445 446
AC_CHECK_FUNCS([sysctlbyname])

Evan Hunt's avatar
Evan Hunt committed
447 448 449 450 451
#
# Check for the existence of mmap to enable the fast format zones
#
AC_CHECK_FUNCS(mmap)

452 453 454 455 456 457
#
# Older versions of HP/UX don't define seteuid() and setegid()
#
AC_CHECK_FUNCS(seteuid setresuid)
AC_CHECK_FUNCS(setegid setresgid)

458
AC_TYPE_SIZE_T
459 460 461
AC_TYPE_SSIZE_T
AC_TYPE_UINTPTR_T

462 463
AC_HEADER_TIME

464 465 466
#
# check for uname library routine
#
467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484
AC_MSG_CHECKING([for uname])
AC_COMPILE_IFELSE(
  [AC_LANG_PROGRAM(
     [[#include <sys/utsname.h>
       #include <stdio.h>
      ]],
     [[
       struct utsname uts;
       uname(&uts);
       printf("running on %s %s %s for %s\n",
	      uts.sysname, uts.release, uts.version, uts.machine);
     ]])],
  [AC_MSG_RESULT(yes)
   AC_DEFINE([HAVE_UNAME], [1], [define if uname is available])
  ],
  [AC_MSG_RESULT(no)
   AC_MSG_WARN([uname is not correctly supported])
  ])
485

Francis Dupont's avatar
Francis Dupont committed
486 487 488 489 490 491 492 493 494 495
#
# check for GCC noreturn attribute
#
AC_MSG_CHECKING(for GCC noreturn attribute)
AC_TRY_COMPILE([],[void foo() __attribute__((noreturn));],
	[AC_MSG_RESULT(yes)
		ISC_PLATFORM_NORETURN_PRE="#define ISC_PLATFORM_NORETURN_PRE"
		ISC_PLATFORM_NORETURN_POST="#define ISC_PLATFORM_NORETURN_POST __attribute__((noreturn))"],
	[AC_MSG_RESULT(no)
		ISC_PLATFORM_NORETURN_PRE="#define ISC_PLATFORM_NORETURN_PRE"
496
		ISC_PLATFORM_NORETURN_POST="#define ISC_PLATFORM_NORETURN_POST"])
Francis Dupont's avatar
Francis Dupont committed
497 498 499
AC_SUBST(ISC_PLATFORM_NORETURN_PRE)
AC_SUBST(ISC_PLATFORM_NORETURN_POST)

500 501 502
#
# check if we have kqueue
#
503 504 505 506 507 508 509
AC_ARG_ENABLE([kqueue],
	      [AS_HELP_STRING([--enable-kqueue],
			      [use BSD kqueue when available [default=yes]])],
	      [], enable_kqueue="yes")

AS_IF([test "$enable_kqueue" = "yes"],
      [AC_CHECK_FUNCS([kqueue])])
510 511

#
512 513
# check if we have epoll.  Linux kernel 2.4 has epoll_create() which fails,
# so we need to try running the code, not just test its existence.
514
#
515 516 517 518 519 520 521
AC_ARG_ENABLE([epoll],
	      [AS_HELP_STRING([--enable-epoll],
			      [use Linux epoll when available [default=auto]])],
	      [], [enable_epoll="yes"])

AS_IF([test "$enable_epoll" = "yes"],
      [AC_CHECK_FUNCS([epoll_create1])])
522 523 524 525

#
# check if we support /dev/poll
#
526 527 528 529 530 531
AC_ARG_ENABLE([devpoll],
	      [AS_HELP_STRING([--enable-devpoll],
			      [use /dev/poll when available [default=yes]])],
	      [], [enable_devpoll="yes"])
AS_IF([test "$enable_devpoll" = "yes"],
      [AC_CHECK_HEADERS([sys/devpoll.h devpoll.h])])
532

533 534 535 536 537
#
# Find the machine's endian flavor.
#
AC_C_BIGENDIAN

Michael Graff's avatar
Michael Graff committed
538
#
Evan Hunt's avatar
Evan Hunt committed
539
# GeoIP support?
Michael Graff's avatar
Michael Graff committed
540
#
Evan Hunt's avatar
Evan Hunt committed
541 542 543
GEOIPLINKSRCS=
GEOIPLINKOBJS=
AC_ARG_WITH(geoip,
544 545
	    AS_HELP_STRING([--with-geoip=PATH],
			   [Build with GeoIP support (yes|no|path)]),
Evan Hunt's avatar
Evan Hunt committed
546
    use_geoip="$withval", use_geoip="no")
Michael Graff's avatar
Michael Graff committed
547

548
if test "yes" = "$use_geoip"
549
then
550
	for d in /usr /usr/local /opt/local
551
	do
Evan Hunt's avatar
Evan Hunt committed
552
		if test -f $d/include/GeoIP.h
553
		then
Evan Hunt's avatar
Evan Hunt committed
554
			use_geoip=$d
555 556 557 558
			break
		fi
	done
fi
Evan Hunt's avatar
Evan Hunt committed
559 560 561 562 563

case "$use_geoip" in
	no|'')
		AC_MSG_CHECKING([for GeoIP support])
		AC_MSG_RESULT([disabled])
564
		;;
565
	*)
Evan Hunt's avatar
Evan Hunt committed
566
		if test -d "$use_geoip" -o -L "$use_geoip"
567
		then
Evan Hunt's avatar
Evan Hunt committed
568 569
			CFLAGS="$CFLAGS -I$use_geoip/include"
			CPPFLAGS="$CPPFLAGS -I$use_geoip/include"
570
			LIBS="$LIBS -L$use_geoip/lib"
Evan Hunt's avatar
Evan Hunt committed
571 572 573 574
			case "$host_os" in
				netbsd*|openbsd*|solaris*)
					LIBS="$LIBS -Wl,-rpath=$use_geoip/lib"
					;;
575
			esac
576
		elif test "yes" = "$use_geoip"
577
		then
Evan Hunt's avatar
Evan Hunt committed
578 579 580
			AC_MSG_ERROR([GeoIP path not found])
		else
			AC_MSG_ERROR([GeoIP path $use_geoip does not exist])
581
		fi
Evan Hunt's avatar
Evan Hunt committed
582 583 584
		AC_CHECK_HEADER(GeoIP.h, [],
			[AC_MSG_ERROR([GeoIP header file not found])]
		)
585 586
		AC_SEARCH_LIBS(GeoIP_id_by_addr_gl, GeoIP, [],
			[AC_MSG_ERROR([suitable GeoIP library not found])]
Evan Hunt's avatar
Evan Hunt committed
587 588 589 590
		)
		AC_SEARCH_LIBS(fabsf, m, [],
			[AC_MSG_ERROR([Math library not found])]
		)
591
		AC_DEFINE(HAVE_GEOIP, 1, Build with GeoIP support)
Evan Hunt's avatar
Evan Hunt committed
592 593 594 595
		GEOIPLINKSRCS='${GEOIPLINKSRCS}'
		GEOIPLINKOBJS='${GEOIPLINKOBJS}'
		AC_MSG_CHECKING([for GeoIP support])
		AC_MSG_RESULT([yes])
596

Evan Hunt's avatar
Evan Hunt committed
597 598 599 600 601 602 603 604 605 606 607
		AC_MSG_CHECKING([for GeoIP Country IPv6 support])
		AC_COMPILE_IFELSE(
			[AC_LANG_PROGRAM([
				#include <GeoIP.h>
				#include <netinet/in.h>
			], [
				struct in6_addr in6;
				GeoIP_country_name_by_ipnum_v6(NULL, in6);
			])],
			[
				AC_MSG_RESULT([yes])
608
				AC_DEFINE(HAVE_GEOIP_V6, 1, Build with GeoIP Country IPv6 support)
Evan Hunt's avatar
Evan Hunt committed
609 610 611
			],
			[AC_MSG_RESULT([no])]
		)
612

Evan Hunt's avatar
Evan Hunt committed
613 614 615 616 617 618 619 620
		AC_MSG_CHECKING([for GeoIP City IPv6 support])
		AC_COMPILE_IFELSE(
			[AC_LANG_PROGRAM([
				#include <GeoIP.h>
				#include <GeoIPCity.h>
				#include <netinet/in.h>
			], [
				struct in6_addr in6;
621
				int i = GEOIP_CITY_EDITION_REV0_V6;
Evan Hunt's avatar
Evan Hunt committed
622 623 624 625
				GeoIP_record_by_ipnum_v6(NULL, in6);
			])],
			[
				AC_MSG_RESULT([yes])
626
				AC_DEFINE(HAVE_GEOIP_CITY_V6, 1, Build with GeoIP City IPv6 support)
Evan Hunt's avatar
Evan Hunt committed
627 628
			],
			[AC_MSG_RESULT([no])]
629
		)
Evan Hunt's avatar
Evan Hunt committed
630
		;;
631
esac
Evan Hunt's avatar
Evan Hunt committed
632 633
AC_SUBST(GEOIPLINKSRCS)
AC_SUBST(GEOIPLINKOBJS)
634

Francis Dupont's avatar
Francis Dupont committed
635
#
636
# Do we have arc4random(), etc ?
Francis Dupont's avatar
Francis Dupont committed
637
#
638
AC_CHECK_FUNCS(arc4random arc4random_buf arc4random_uniform getrandom)
Francis Dupont's avatar
Francis Dupont committed
639

640
AX_PTHREAD
Francis Dupont's avatar
Francis Dupont committed
641

642 643 644
LIBS="$PTHREAD_LIBS $LIBS"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
CC="$PTHREAD_CC"
Evan Hunt's avatar
Evan Hunt committed
645

646
AC_CHECK_FUNCS([pthread_attr_getstacksize pthread_attr_setstacksize])
Witold Krecicki's avatar
Witold Krecicki committed
647

648
AC_ARG_WITH([locktype],
Witold Krecicki's avatar
Witold Krecicki committed
649 650
	    AS_HELP_STRING([--with-locktype=ARG],
			   [Specify mutex lock type
651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681
			    (adaptive or standard)]),
	    [], [with_locktype="adaptive"])

AS_CASE([$with_locktype],
	[adaptive],[
	  AC_MSG_CHECKING([for PTHREAD_MUTEX_ADAPTIVE_NP])
	  AC_COMPILE_IFELSE(
	    [AC_LANG_PROGRAM(
	       [[
		 #ifndef _GNU_SOURCE
		 #define _GNU_SOURCE
		 #endif
		 #include <pthread.h>
	       ]],
	       [[
		 return (PTHREAD_MUTEX_ADAPTIVE_NP);
	       ]]
	     )],
	    [AC_MSG_RESULT([using adaptive lock type])
	     AC_DEFINE([HAVE_PTHREAD_MUTEX_ADAPTIVE_NP], 1,
		       [Support for PTHREAD_MUTEX_ADAPTIVE_NP]) ],
	    [AC_MSG_RESULT([using standard lock type])]
	  )],
	[standard],[AC_MSG_RESULT([using standard lock type])],
	[AC_MSG_ERROR([You must specify "adaptive" or "standard" for --with-locktype.])]
       )

AC_CHECK_HEADERS([sched.h])

AC_SEARCH_LIBS([sched_yield],[rt])
AC_CHECK_FUNCS([sched_yield pthread_yield pthread_yield_np])
Witold Krecicki's avatar
Witold Krecicki committed
682

Witold Krecicki's avatar
Witold Krecicki committed
683 684 685 686
AC_CHECK_HEADERS([sys/cpuset.h])
AC_CHECK_HEADERS([sys/procset.h])
AC_CHECK_FUNCS([pthread_setaffinity_np cpuset_setaffinity processor_bind sched_setaffinity])

Witold Krecicki's avatar
Witold Krecicki committed
687
# Look for functions relating to thread naming
688
AC_CHECK_FUNCS([pthread_setname_np pthread_set_name_np])
Witold Krecicki's avatar
Witold Krecicki committed
689 690
AC_CHECK_HEADERS([pthread_np.h], [], [], [#include <pthread.h>])

691 692 693 694 695
#
# flockfile is usually provided by pthreads
#
AC_CHECK_FUNCS([flockfile getc_unlocked])

Witold Krecicki's avatar
Witold Krecicki committed
696 697 698
#
# Look for sysconf to allow detection of the number of processors.
#
699
AC_CHECK_FUNCS([sysconf])
700

Ondřej Surý's avatar
Ondřej Surý committed
701
AC_SUBST(ALWAYS_DEFINES)
Ondřej Surý's avatar
Ondřej Surý committed
702

Ondřej Surý's avatar
Ondřej Surý committed
703 704 705
AC_MSG_CHECKING(for libtool)
AC_ARG_WITH(libtool, AS_HELP_STRING([--with-libtool], [use GNU libtool]),
	    use_libtool="$withval", use_libtool="no")
706

Ondřej Surý's avatar
Ondřej Surý committed
707
case $use_libtool in
708
	yes)
Ondřej Surý's avatar
Ondřej Surý committed
709 710 711 712 713
		AC_MSG_RESULT(yes)
		AM_PROG_LIBTOOL
		O=lo
		A=la
		LIBTOOL_MKDEP_SED='s;\.o;\.lo;'
714 715 716 717
		LIBTOOL_MODE_COMPILE='--mode=compile'
		LIBTOOL_MODE_INSTALL='--mode=install'
		LIBTOOL_MODE_LINK='--mode=link'
		LIBTOOL_MODE_UNINSTALL='--mode=uninstall'
Ondřej Surý's avatar
Ondřej Surý committed
718
		INSTALL_LIBRARY='${INSTALL_PROGRAM}'
719 720
		;;
	*)
Ondřej Surý's avatar
Ondřej Surý committed
721 722 723 724 725 726 727 728 729 730 731
		AC_MSG_RESULT(no)
		O=o
		A=a
		LIBTOOL=
		AC_SUBST(LIBTOOL)
		LIBTOOL_MKDEP_SED=
		LIBTOOL_MODE_COMPILE=
		LIBTOOL_MODE_INSTALL=
		LIBTOOL_MODE_LINK=
		LIBTOOL_MODE_UNINSTALL=
		INSTALL_LIBRARY='${INSTALL_DATA}'
732
		;;
Ondřej Surý's avatar
Ondřej Surý committed
733 734
esac
AC_SUBST(INSTALL_LIBRARY)
735

736 737 738
#
# If PIC is disabled, shared libraries must also be
#
739
AS_IF([test "$pic_mode" = "no"],
740 741
      [enable_shared="no"])

Ondřej Surý's avatar
Ondřej Surý committed
742
CRYPTO=OpenSSL
743

Ondřej Surý's avatar
Ondřej Surý committed
744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765
#
# was --with-openssl specified?
#
AX_CHECK_OPENSSL([:],[AC_MSG_FAILURE([OpenSSL/LibreSSL not found])])

save_CFLAGS="$CFLAGS"
save_LIBS="$LIBS"
save_LDFLAGS="$LDFLAGS"
CFLAGS="$CFLAGS $OPENSSL_INCLUDES"
LIBS="$LIBS $OPENSSL_LIBS"
LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"

AC_MSG_CHECKING([for OpenSSL >= 1.0.0 or LibreSSL])
AC_COMPILE_IFELSE(
    [AC_LANG_PROGRAM([[#include <openssl/opensslv.h>]],
		     [[#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER < 0x1000000fL)
		       #error OpenSSL >= 1.0.0 or LibreSSL required
		       #endif
		      ]])],
    [AC_MSG_RESULT([yes])],
    [AC_MSG_FAILURE([not found])])

766 767 768 769 770 771 772 773 774
#
# Check for functions added in OpenSSL or LibreSSL
#

AC_CHECK_FUNCS([CRYPTO_zalloc])
AC_CHECK_FUNCS([EVP_CIPHER_CTX_new EVP_CIPHER_CTX_free])
AC_CHECK_FUNCS([EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset])
AC_CHECK_FUNCS([HMAC_CTX_new HMAC_CTX_free HMAC_CTX_reset HMAC_CTX_get_md])

Ondřej Surý's avatar
Ondřej Surý committed
775 776 777 778 779 780 781 782 783
#
# Check for algorithm support in OpenSSL
#

AC_CHECK_FUNCS([ECDSA_sign ECDSA_verify], [:],
	       [AC_MSG_FAILURE([ECDSA support in OpenSSL is mandatory.])])

AC_MSG_CHECKING([for ECDSA P-256 support])
AC_COMPILE_IFELSE(
784 785 786
    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
		       #include <openssl/ec.h>]],
		     [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);]])],
Ondřej Surý's avatar
Ondřej Surý committed
787 788 789 790 791
    [AC_MSG_RESULT([yes])],
    [AC_MSG_FAILURE([not found.  ECDSA P-256 support in OpenSSL is mandatory.])])

AC_MSG_CHECKING([for ECDSA P-384 support])
AC_COMPILE_IFELSE(
792 793 794
    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
		       #include <openssl/ec.h>]],
		     [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);]])],
Ondřej Surý's avatar
Ondřej Surý committed
795 796 797 798 799
    [AC_MSG_RESULT([yes])],
    [AC_MSG_FAILURE([not found.  ECDSA P-384 support in OpenSSL is mandatory.])])

AC_MSG_CHECKING([for Ed25519 support])
AC_COMPILE_IFELSE(
800 801 802
    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
		       #include <openssl/ec.h>]],
		     [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED25519);]])],
Ondřej Surý's avatar
Ondřej Surý committed
803 804 805
    [AC_DEFINE([HAVE_OPENSSL_ED25519], [1], [define if OpenSSL supports Ed25519])
     AC_MSG_RESULT([yes])],
    [AC_MSG_RESULT([no])])
806

Ondřej Surý's avatar
Ondřej Surý committed
807 808 809
AC_MSG_CHECKING([for Ed448 support])
AC_MSG_RESULT([broken])
#AC_COMPILE_IFELSE(
810 811 812
#    [AC_LANG_PROGRAM([[#include <openssl/evp.h>
#		       #include <openssl/ec.h>]],
#		     [[EC_KEY *key = EC_KEY_new_by_curve_name(NID_ED448);]])],
Ondřej Surý's avatar
Ondřej Surý committed
813 814 815
#    [AC_DEFINE([HAVE_OPENSSL_ED448], [1], [define if OpenSSL supports Ed448])
#     AC_MSG_RESULT([yes])],
#    [AC_MSG_RESULT([no])])
816

Ondřej Surý's avatar
Ondřej Surý committed
817 818 819 820 821
#
# Check for OpenSSL SHA-1 support
#
AC_CHECK_FUNCS([EVP_sha1], [:],
	       [AC_MSG_FAILURE([SHA-1 support in OpenSSL is mandatory.])])
822

Ondřej Surý's avatar
Ondřej Surý committed
823 824 825 826 827
#
# Check for OpenSSL SHA-2 support
#
AC_CHECK_FUNCS([EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512], [:],
	       [AC_MSG_FAILURE([SHA-2 support in OpenSSL is mandatory.])])
828

Ondřej Surý's avatar
Ondřej Surý committed
829 830 831 832 833
#
# Check for OpenSSL AES support
#
AC_CHECK_FUNCS([EVP_aes_128_ecb EVP_aes_192_ecb EVP_aes_256_ecb], [:],
	       [AC_MSG_FAILURE([AES support in OpenSSL is mandatory.])])
834

Evan Hunt's avatar
Evan Hunt committed
835
#
Ondřej Surý's avatar
Ondřej Surý committed
836
# Check for OpenSSL 1.1.x/LibreSSL functions
Evan Hunt's avatar
Evan Hunt committed
837
#
838
AC_CHECK_FUNCS([DH_get0_key ECDSA_SIG_get0 RSA_set0_key])
839

840 841 842 843 844 845 846 847 848 849 850 851 852 853 854
#
# Check whether FIPS mode is available and whether we should enable it
#
AC_ARG_ENABLE([fips-mode],
	      [AS_HELP_STRING([--enable-fips-mode],
			      [enable FIPS mode in OpenSSL library [default=no]])],
	      [], [enable_fips_mode="no"])

AC_MSG_CHECKING([whether to enable FIPS mode in OpenSSL library])
AS_CASE([$enable_fips_mode],
	[yes], [AC_MSG_RESULT([yes])
		AC_CHECK_FUNCS([FIPS_mode],
			       [], [AC_MSG_FAILURE([OpenSSL FIPS mode requested but not available.])])],
	[no], [AC_MSG_RESULT([no])])

Ondřej Surý's avatar
Ondřej Surý committed
855 856 857
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
LDFLAGS="$save_LDFLAGS"
858

Ondřej Surý's avatar
Ondřej Surý committed
859 860 861
AC_SUBST([OPENSSL_INCLUDES])
AC_SUBST([OPENSSL_LIBS])
AC_SUBST([OPENSSL_LDFLAGS])
862 863

#
Ondřej Surý's avatar
Ondřej Surý committed
864
# Client Cookie algorithm choice
865
#
Ondřej Surý's avatar
Ondřej Surý committed
866 867 868 869 870 871 872 873 874 875 876 877 878 879 880
AC_ARG_WITH([cc-alg],
	    [AS_HELP_STRING([--with-cc-alg=ALG],
			   [choose the algorithm for Client Cookie
			    [aes|sha1|sha256] (default is aes)])],
	    [:], [with_cc_alg="aes"])

AC_MSG_CHECKING([for the algorithm for Client Cookie])
AS_CASE([$with_cc_alg],
	[sha1|SHA1],[AC_MSG_RESULT([sha1])
		     AC_DEFINE([HMAC_SHA1_CC], [1], [Use HMAC-SHA1 for Client Cookie generation])],
	[sha256|SHA256],[AC_MSG_RESULT([sha256])
			 AC_DEFINE([HMAC_SHA256_CC], [1], [Use HMAC-SHA256 for Client Cookie generation])],
	[aes|AES|auto],[AC_MSG_RESULT([aes])
		       AC_DEFINE([AES_CC], [1], [Use AES for Client Cookie generation])],
	[AC_MSG_ERROR([Invalid $with_cc_alg algorithm for Client Cookie])])
881

882

Ondřej Surý's avatar
Ondřej Surý committed
883
PKCS11_TOOLS=
884
PKCS11_TEST=
885
#
Ondřej Surý's avatar
Ondřej Surý committed
886
# was --enable-native-pkcs11 specified?
887
#
Ondřej Surý's avatar
Ondřej Surý committed
888 889 890 891 892 893 894 895 896
AC_ARG_ENABLE(native-pkcs11,
	      AS_HELP_STRING([--enable-native-pkcs11],
			     [use native PKCS11 for public-key crypto [default=no]]),
	      [:], [enable_native_pkcs11="no"])

AC_MSG_CHECKING([for PKCS11 for Public-Key Cryptography])
AS_CASE([$enable_native_pkcs11],
	[no],[AC_MSG_RESULT([no])],
	[yes],[PKCS11_TOOLS=pkcs11
897
	       PKCS11_TEST=pkcs11
Ondřej Surý's avatar
Ondřej Surý committed
898 899 900 901 902 903
	       CRYPTO=pkcs11
	       AS_IF([$use_threads],
		     [:],
		     [AC_MSG_ERROR([PKCS11 requires threading support])])
	       AC_MSG_RESULT([yes])
	       AC_CHECK_FUNCS([getpassphrase])
904 905
	      ])
AC_SUBST([PKCS11_TEST])
Ondřej Surý's avatar
Ondřej Surý committed
906 907 908 909 910 911 912 913
AC_SUBST([PKCS11_TOOLS])

AS_CASE([$CRYPTO],
	[pkcs11],[AC_DEFINE([USE_PKCS11], [1], [define if PKCS11 is used for Public-Key Cryptography])],
	[AC_DEFINE([USE_OPENSSL], [1], [define if OpenSSL is used for Public-Key Cryptography])])

# preparation for automake
# AM_CONDITIONAL([PKCS11_TOOLS], [test "$with_native_pkcs11" = "yes"])
914

915
#
Ondřej Surý's avatar
Ondřej Surý committed
916
# was --with-pkcs11 specified?
917
#
Ondřej Surý's avatar
Ondřej Surý committed
918 919 920 921
AC_ARG_WITH([pkcs11],
	    [AS_HELP_STRING([--with-pkcs11[=PATH]],
			    [Build with PKCS11 support [no|path] (PATH is for the PKCS11 provider)])],
	    [:], [with_pkcs11="undefined"])
922

Ondřej Surý's avatar
Ondřej Surý committed
923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947
AS_CASE([$with_pkcs11],
	[yes|auto],[AC_MSG_ERROR([--with-pkcs11 needs explicit path to the PKCS11 library])],
	[no|undefined],[with_pkcs11="undefined"])
AC_DEFINE_UNQUOTED([PK11_LIB_LOCATION], ["$with_pkcs11"], [define the default PKCS11 library path])

# for PKCS11 benchmarks

have_clock_gt=no
AC_CHECK_FUNC(clock_gettime,have_clock_gt=yes,)
if test "no" = "$have_clock_gt"; then
	AC_CHECK_LIB(rt,clock_gettime,have_clock_gt=rt,)
fi

if test "no" != "$have_clock_gt"; then
	AC_DEFINE(HAVE_CLOCK_GETTIME, 1, [Define if clock_gettime is available.])
fi

if test "rt" = "$have_clock_gt"; then
	LIBS="-lrt $LIBS"
fi

AC_MSG_CHECKING(for GSSAPI library)
AC_ARG_WITH(gssapi,
	    AS_HELP_STRING([--with-gssapi=[PATH|[/path/]krb5-config]],
			   [Specify path for system-supplied GSSAPI
948 949
				[default=auto]]),
	    use_gssapi="$withval", use_gssapi="auto")
Ondřej Surý's avatar
Ondřej Surý committed
950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978

# first try using krb5-config, if that does not work then fall back to "yes" method.

case "$use_gssapi" in
*/krb5-config|krb5-config)
    AC_MSG_RESULT(trying $use_gssapi)
    if test krb5-config = "$use_gssapi"
    then
	AC_PATH_PROG(KRB5_CONFIG, $use_gssapi)
    else
	KRB5_CONFIG="$use_gssapi"
    fi
    gssapi_cflags=`$KRB5_CONFIG --cflags gssapi`
    gssapi_libs=`$KRB5_CONFIG --libs gssapi`
    saved_cppflags="$CPPFLAGS"
    CPPFLAGS="$gssapi_cflags $CPPFLAGS"
    AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h,
	[ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"])
    if test "" = "$ISC_PLATFORM_GSSAPIHEADER"; then
	AC_MSG_RESULT([krb5-config: gssapi.h not found])
	CPPFLAGS="$saved_cppflags"
	use_gssapi="yes"
    else
	AC_CHECK_HEADERS(krb5/krb5.h krb5.h,
	    [ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"])
	if test "" = "$ISC_PLATFORM_KRB5HEADER"; then
	    AC_MSG_RESULT([krb5-config: krb5.h not found])
	    CPPFLAGS="$saved_cppflags"
	    use_gssapi="yes"
979
	else
Ondřej Surý's avatar
Ondřej Surý committed
980 981 982 983 984 985 986 987 988 989 990 991 992
	    CPPFLAGS="$saved_cppflags"
	    saved_libs="$LIBS"
	    LIBS=$gssapi_libs
	    AC_MSG_CHECKING([krb5-config linking as $LIBS])
	    AC_TRY_LINK( , [gss_acquire_cred();krb5_init_context()],
		gssapi_linked=yes, gssapi_linked=no)
	    case $gssapi_linked in
		yes) AC_MSG_RESULT([krb5-config: linked]);;
		no)  AC_MSG_RESULT([krb5-config: could not determine proper GSSAPI linkage])
		    use_gssapi="yes"
		    ;;
	    esac
	    LIBS=$saved_libs
993
	fi
Ondřej Surý's avatar
Ondřej Surý committed
994 995 996 997 998 999 1000 1001 1002
    fi
    if test "yes" = "$use_gssapi"; then
	AC_MSG_CHECKING([for GSSAPI library, non krb5-config method])
    fi
    ;;
esac

case "$host" in
*darwin*)
1003
	if test "yes" = "$use_gssapi" -o "auto" = "$use_gssapi"
Ondřej Surý's avatar
Ondřej Surý committed
1004 1005 1006 1007
	then
		use_gssapi=framework
	fi
	;;
1008
esac
1009

Ondřej Surý's avatar
Ondřej Surý committed
1010 1011 1012 1013 1014 1015
# gssapi is just the framework, we really require kerberos v5, so
# look for those headers (the gssapi headers must be there, too)
# The problem with this implementation is that it doesn't allow
# for the specification of gssapi and krb5 headers in different locations,
# which probably ought to be fixed although fixing might raise the issue of
# trying to build with incompatible versions of gssapi and krb5.
1016
if test "yes" = "$use_gssapi" -o "auto" = "$use_gssapi"
Evan Hunt's avatar
Evan Hunt committed
1017
then
Ondřej Surý's avatar
Ondřej Surý committed
1018 1019 1020 1021 1022 1023
	# first, deal with the obvious
	if test \( -f /usr/include/kerberosv5/krb5.h -o \
		   -f /usr/include/krb5/krb5.h -o \
		   -f /usr/include/krb5.h \)   -a \
		\( -f /usr/include/gssapi.h -o \
		   -f /usr/include/gssapi/gssapi.h \)
Evan Hunt's avatar
Evan Hunt committed
1024
	then
Ondřej Surý's avatar
Ondřej Surý committed
1025
		use_gssapi=/usr
Evan Hunt's avatar
Evan Hunt committed
1026
	else
Ondřej Surý's avatar
Ondřej Surý committed
1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040
	    krb5dirs="/usr/local /usr/local/krb5 /usr/local/kerberosv5 /usr/local/kerberos /usr/pkg /usr/krb5 /usr/kerberosv5 /usr/kerberos /usr"
	    for d in $krb5dirs
	    do
		if test -f $d/include/gssapi/gssapi_krb5.h -o \
			-f $d/include/krb5.h
		then
			if test -f $d/include/gssapi/gssapi.h -o \
				-f $d/include/gssapi.h
			then
				use_gssapi=$d
				break
			fi
		fi
	    done
1041 1042 1043 1044
	    if test "auto" = "$use_gssapi"
	    then
		use_gssapi="no"
	    fi
Evan Hunt's avatar
Evan Hunt committed
1045 1046
	fi
fi
1047

Ondřej Surý's avatar
Ondřej Surý committed
1048
case "$use_gssapi" in
Evan Hunt's avatar
Evan Hunt committed
1049
	no)
Ondřej Surý's avatar
Ondřej Surý committed
1050 1051
		AC_MSG_RESULT(disabled)
		USE_GSSAPI=''
1052
		;;
Ondřej Surý's avatar
Ondřej Surý committed
1053 1054
	yes)
		AC_MSG_ERROR([--with-gssapi must specify a path])
1055
		;;
Ondřej Surý's avatar
Ondřej Surý committed
1056 1057 1058 1059
	*/krb5-config|krb5-config)
		USE_GSSAPI='-DGSSAPI'
		DST_GSSAPI_INC="$gssapi_cflags"
		DNS_GSSAPI_LIBS="$gssapi_libs"
1060
		;;
Ondřej Surý's avatar
Ondřej Surý committed
1061 1062 1063 1064 1065 1066
	framework)
		USE_GSSAPI='-DGSSAPI'
		ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <Kerberos/Kerberos.h>"
		ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <Kerberos/Kerberos.h>"
		DNS_GSSAPI_LIBS="-framework Kerberos"
		AC_MSG_RESULT(framework)
Evan Hunt's avatar
Evan Hunt committed
1067
		;;
1068

1069
	*)
Ondřej Surý's avatar
Ondřej Surý committed
1070 1071 1072 1073 1074 1075 1076
		AC_MSG_RESULT(looking in $use_gssapi/lib)
		USE_GSSAPI='-DGSSAPI'
		saved_cppflags="$CPPFLAGS"
		CPPFLAGS="-I$use_gssapi/include $CPPFLAGS"
		AC_CHECK_HEADERS(gssapi.h gssapi/gssapi.h,
		    [ISC_PLATFORM_GSSAPIHEADER="#define ISC_PLATFORM_GSSAPIHEADER <$ac_header>"
		     gssapi_hack="#include <$ac_header>"])
1077

Ondřej Surý's avatar
Ondřej Surý committed
1078 1079 1080
		if test "" = "$ISC_PLATFORM_GSSAPIHEADER"; then
		    AC_MSG_ERROR([gssapi.h not found])
		fi
1081

Ondřej Surý's avatar
Ondřej Surý committed
1082 1083 1084
		AC_CHECK_HEADERS(gssapi_krb5.h gssapi/gssapi_krb5.h,
		    [ISC_PLATFORM_GSSAPI_KRB5_HEADER="#define ISC_PLATFORM_GSSAPI_KRB5_HEADER <$ac_header>"
		     gssapi_krb5_hack="#include <$ac_header>"])
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1085

Ondřej Surý's avatar
Ondřej Surý committed
1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157
		AC_CHECK_HEADERS(krb5.h krb5/krb5.h kerberosv5/krb5.h,
		    [ISC_PLATFORM_KRB5HEADER="#define ISC_PLATFORM_KRB5HEADER <$ac_header>"
		    krb5_hack="#include <$ac_header>"])

		if test "" = "$ISC_PLATFORM_KRB5HEADER"; then
		    AC_MSG_ERROR([krb5.h not found])
		fi

		#
		# XXXDCL This probably doesn't work right on all systems.
		# It will need to be worked on as problems become evident.
		#
		# Essentially the problems here relate to two different
		# areas.  The first area is building with either KTH
		# or MIT Kerberos, particularly when both are present on
		# the machine.  The other is static versus dynamic linking.
		#
		# On the KTH vs MIT issue, Both have libkrb5 that can mess
		# up the works if one implementation ends up trying to
		# use the other's krb.  This is unfortunately a situation
		# that very easily arises.
		#
		# Dynamic linking when the dependency information is built
		# into MIT's libgssapi_krb5 or KTH's libgssapi magically makes
		# all such problems go away, but when that setup is not
		# present, because either the dynamic libraries lack
		# dependencies or static linking is being done, then the
		# problems start to show up.
		saved_libs="$LIBS"
		for TRY_LIBS in \
		    "-lgssapi_krb5" \
		    "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err" \
		    "-lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lresolv" \
		    "-lgssapi" \
		    "-lgssapi -lkrb5 -ldes -lcrypt -lasn1 -lroken -lcom_err" \
		    "-lgssapi -lkrb5 -lcrypt -lasn1 -lroken -lcom_err" \
		    "-lgssapi -lkrb5 -lgssapi_krb5 -lcrypt -lasn1 -lroken -lcom_err" \
		    "-lgssapi -lkrb5 -lhx509 -lcrypt -lasn1 -lroken -lcom_err" \
		    "-lgss -lkrb5"
		do
		    # Note that this does not include $saved_libs, because
		    # on FreeBSD machines this configure script has added
		    # -L/usr/local/lib to LIBS, which can make the
		    # -lgssapi_krb5 test succeed with shared libraries even
		    # when you are trying to build with KTH in /usr/lib.
		    if test "/usr" = "$use_gssapi"
		    then
			    LIBS="$TRY_LIBS $ISC_OPENSSL_LIBS"
		    else
			    LIBS="-L$use_gssapi/lib $TRY_LIBS $ISC_OPENSSL_LIBS"
		    fi
		    AC_MSG_CHECKING(linking as $TRY_LIBS)
		    AC_TRY_LINK([
#include <sys/types.h>
$gssapi_hack
$gssapi_krb5_hack
$krb5_hack
				] , [gss_acquire_cred(NULL, NULL, 0, NULL, 0, NULL, NULL, NULL);krb5_init_context(NULL);
#if defined(HAVE_GSSAPI_KRB5_H) || defined(HAVE_GSSAPI_GSSAPI_KRB5_H)
gsskrb5_register_acceptor_identity(NULL);
#endif],
				gssapi_linked=yes, gssapi_linked=no)
		    case $gssapi_linked in
		    yes) AC_MSG_RESULT(yes); break ;;
		    no)  AC_MSG_RESULT(no) ;;
		    esac
		done

		CPPFLAGS="$saved_cppflags"

		case $gssapi_linked in
		no) AC_MSG_ERROR(could not determine proper GSSAPI linkage) ;;
1158
		esac
Ondřej Surý's avatar
Ondřej Surý committed
1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190

		#
		# XXXDCL Major kludge.  Tries to cope with KTH in /usr/lib
		# but MIT in /usr/local/lib and trying to build with KTH.
		# /usr/local/lib can end up earlier on the link lines.
		# Like most kludges, this one is not only inelegant it
		# is also likely to be the wrong thing to do at least as
		# many times as it is the right thing.  Something better
		# needs to be done.
		#
		if test "/usr" = "$use_gssapi" -a \
			-f /usr/local/lib/libkrb5.a; then
		    FIX_KTH_VS_MIT=yes
		fi

		case "$FIX_KTH_VS_MIT" in
		yes)
		    case "$enable_static_linking" in
		    yes) gssapi_lib_suffix=".a"  ;;
		    *)   gssapi_lib_suffix=".so" ;;
		    esac

		    for lib in $LIBS; do
			case $lib in
			-L*)
			    ;;
			-l*)
			    new_lib=`echo $lib |
				     sed -e s%^-l%$use_gssapi/lib/lib% \
					 -e s%$%$gssapi_lib_suffix%`
			    NEW_LIBS="$NEW_LIBS $new_lib"
			    ;;
1191
			*)
Ondřej Surý's avatar
Ondřej Surý committed
1192 1193
			   AC_MSG_ERROR([KTH vs MIT Kerberos confusion!])
			    ;;
1194
			esac
Ondřej Surý's avatar
Ondřej Surý committed
1195 1196 1197
		    done
		    LIBS="$NEW_LIBS"
		    ;;
1198
		esac
Ondřej Surý's avatar
Ondřej Surý committed
1199 1200 1201 1202 1203 1204

		DST_GSSAPI_INC="-I$use_gssapi/include"
		DNS_GSSAPI_LIBS="$LIBS"

		AC_MSG_RESULT(using GSSAPI from $use_gssapi/lib and $use_gssapi/include)
		LIBS="$saved_libs"
Evan Hunt's avatar
Evan Hunt committed
1205 1206
		;;
esac
1207

Ondřej Surý's avatar
Ondřej Surý committed
1208 1209 1210 1211
AC_SUBST(ISC_PLATFORM_HAVEGSSAPI)
AC_SUBST(ISC_PLATFORM_GSSAPIHEADER)
AC_SUBST(ISC_PLATFORM_GSSAPI_KRB5_HEADER)
AC_SUBST(ISC_PLATFORM_KRB5HEADER)
Andreas Gustafsson's avatar
Andreas Gustafsson committed
1212

Ondřej Surý's avatar
Ondřej Surý committed
1213 1214 1215 1216
AC_SUBST(USE_GSSAPI)
AC_SUBST(DST_GSSAPI_INC)
AC_SUBST(DNS_GSSAPI_LIBS)
DNS_CRYPTO_LIBS="$DNS_GSSAPI_LIBS"
1217

Ondřej Surý's avatar
Ondřej Surý committed
1218 1219 1220
#
# Applications linking with libdns also need to link with these libraries.
#
1221

Ondřej Surý's avatar
Ondřej Surý committed
1222
AC_SUBST(DNS_CRYPTO_LIBS)
Francis Dupont's avatar
Francis Dupont committed
1223

1224 1225 1226 1227 1228
#
# was --with-lmdb specified?
#
AC_MSG_CHECKING(for lmdb library)
AC_ARG_WITH(lmdb,
1229 1230
	    AS_HELP_STRING([--with-lmdb[=PATH]],
			   [build with LMDB library [yes|no|path]]),
1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255