LBP
/
nagios_nrpe
mirror de https://github.com/NagiosEnterprises/nrpe.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
							# ===========================================================================
# SYNOPSIS
#
#   AX_NAGIOS_GET_SSL
#
# DESCRIPTION
#
#    This macro finds the openssl binary, the header files directory and
#    the library files directory. It will also search for the gnutls
#    compatibility library/headers and the nss compatibility library/headers.
#
# LICENSE
#
#    Copyright (c) 2016 Nagios Core Development Team
#
#   This program is free software; you can redistribute it and/or modify it
#   under the terms of the GNU General Public License as published by the
#   Free Software Foundation; either version 2 of the License, or (at your
#   option) any later version.
#
#   This program is distributed in the hope that it will be useful, but
#   WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
#   Public License for more details.
#
#   You should have received a copy of the GNU General Public License along
#   with this program. If not, see <http://www.gnu.org/licenses/>.
#
#   As a special exception, the respective Autoconf Macro's copyright owner
#   gives unlimited permission to copy, distribute and modify the configure
#   scripts that are the output of Autoconf when processing the Macro. You
#   need not follow the terms of the GNU General Public License when using
#   or distributing such scripts, even though portions of the text of the
#   Macro appear in them. The GNU General Public License (GPL) does govern
#   all other use of the material that constitutes the Autoconf Macro.
#
#   This special exception to the GPL applies to versions of the Autoconf
#   Macro released by the Autoconf Archive. When you make and distribute a
#   modified version of the Autoconf Macro, you may extend this special
#   exception to the GPL to apply to your modified version as well.
# ===========================================================================

AU_ALIAS([AC_NAGIOS_GET_SSL], [AX_NAGIOS_GET_SSL])
AC_DEFUN([AX_NAGIOS_GET_SSL],
[

# -------------------------------
#  SSL library and include paths
# -------------------------------

SSL_TYPE=openssl
ssl_dir=
ssl_inc_dir=
ssl_lib_dir=
SSL_INC_DIR=
SSL_LIB_DIR=

AC_SUBST(HAVE_SSL)
AC_SUBST(SSL_INC_DIR)
AC_SUBST(SSL_LIB_DIR)


# gnutls/openssl.h
# nss_compat_ossl/nss_compat_ossl.h

# Which type - openssl, gnutls-openssl, nss
AC_ARG_WITH([ssl-type],
dnl	AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls or nss to use one of these instead of openssl]),
	AS_HELP_STRING([--with-ssl-type=TYPE],[replace TYPE with gnutls to use that instead of openssl]),
	[SSL_TYPE=$withval])

AC_ARG_WITH([ssl],
	AS_HELP_STRING([--with-ssl=DIR],[sets location of the SSL installation]),
	[ssl_dir=$withval])
AC_ARG_WITH([ssl-inc],
	AS_HELP_STRING([--with-ssl-inc=DIR],
		[sets location of the SSL include files]),
	[ssl_inc_dir=$withval])
AC_ARG_WITH([ssl-lib],
	AS_HELP_STRING([--with-ssl-lib=DIR],[sets location of the SSL libraries]),
	[ssl_lib_dir=$withval])

AC_ARG_WITH([kerberos-inc],
	AS_HELP_STRING([--with-kerberos-inc=DIR],
		[sets location of the Kerberos include files]),
	[kerberos_inc_dir=$withval])

if test x$SSL_TYPE = xyes; then
    SSL_TYPE=openssl
fi


dflt_hdrs="$ssl_inc_dir $ssl_dir $ssl_dir/include $ssl_dir/include \
			/usr/local/opt/{BBB} /usr/include/{BBB} /usr/local/include{BBB} \
			/usr/local/{AAA} /usr/local/{BBB} /usr/lib/{AAA} /usr/lib/{BBB} \
			/usr/{AAA} /usr/pkg /usr/local /usr /usr/freeware/lib/{BBB} \
			/usr/sfw /usr/sfw/include /opt/{BBB}"

dflt_libs="$ssl_lib_dir {ssldir} {ssldir}/lib {ssldir}/lib64 /usr/lib64 \
			/usr/lib /usr/lib/x86_64-linux-gnu /usr/lib/i386-linux-gnu \
			/usr/local/lib /usr/lib/{AAA} /usr/{AAA}/lib /usr/{BBB}/lib \
			/usr/pkg/lib /usr/freeware/lib/{BBB} /usr/sfw/lib /opt/freeware/lib \
			/opt/{BBB}/lib/hpux64 /opt/{BBB}/lib/pa20_64 /opt/{BBB}/lib/hpux32 \
			/opt/{BBB}/lib /opt/{BBB}";


AS_CASE([$SSL_TYPE],
	[no], [SSL_TYPE=NONE],
	[yes|openssl],
		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/ssl/g' | sed -e 's/{BBB}/openssl/g'`
		 ssl_hdr=ssl.h
		 ssl_lib=libssl],
	[gnutls],
		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/gnutls/g' | sed -e 's/{BBB}/gnutls/g'`
		 ssl_hdr=compat.h
		 ssl_lib=libgnutls],
	[nss],
		[ssl_hdr_dirs=`echo "$dflt_hdrs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
		 ssl_lib_dirs=`echo "$dflt_libs" | sed -e 's/{AAA}/nss_compat_ossl/g' | sed -e 's/{BBB}/nss_compat_ossl/g'`
		 ssl_hdr=nss_compat_ossl.h
		 ssl_lib=libnss_compat],
	[*], echo >&6; AC_MSG_ERROR(['--with-ssl-type=$SSL_TYPE' is invalid])
)


# Check for SSL support

if test x$SSL_TYPE != xNONE; then

	found_ssl=no

	# RedHat 8.0 and 9.0 include openssl compiled with kerberos,
	# so we must include header file
	# Must come before openssl checks for Redhat EL 3
	AC_MSG_CHECKING(for Kerberos include files)
	found_kerberos=no
	for dir in $kerberos_inc_dir /usr/kerberos/include /usr/include/krb5 \
				/usr/include; do
		kerbdir="$dir"
		if test -f "$dir/krb5.h"; then
			found_kerberos=yes
			CFLAGS="$CFLAGS -I$kerbdir"
			AC_DEFINE_UNQUOTED(HAVE_KRB5_H,[1],[Have the krb5.h header file])
			break
		fi
	done

	if test x_$found_kerberos != x_yes; then
		AC_MSG_WARN(could not find include files)
	else
		AC_MSG_RESULT(found Kerberos include files in $kerbdir)
	fi

	# First, try using pkg_config
#	AC_CHECK_TOOL([PKG_CONFIG], [pkg-config])
#	if test x"$PKG_CONFIG" != x ; then
#		cflags=`$PKG_CONFIG $SSL_TYPE --cflags-only-I 2>/dev/null`
#		if test $? = 0; then
#			CFLAGS="$CFLAGS $cflags"
#			LDFLAGS="$LDFLAGS `$PKG_CONFIG $SSL_TYPE --libs-only-L 2>/dev/null`"
#			LIBS="$LIBS `$PKG_CONFIG $SSL_TYPE --libs-only-l 2>/dev/null`"
#			found_ssl=yes
#			AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
#		fi
#	fi

	if test x_$found_ssl != x_yes; then

		# Find the SSL Headers

		AC_MSG_CHECKING(for SSL headers)
		for dir in $ssl_hdr_dirs; do
			ssldir="$dir"
			if test -f "$dir/include/openssl/$ssl_hdr"; then
				found_ssl=yes
				CFLAGS="$CFLAGS -I$dir/include/openssl -I$ssldir/include"
				SSL_INC_DIR="$dir/include/openssl"
				break
			fi
			if test -f "$dir/include/$ssl_hdr"; then
				found_ssl=yes
				CFLAGS="$CFLAGS -I$dir/include"
				SSL_INC_DIR="$dir/include"
				break
			fi
			if test -f "$dir/$ssl_hdr"; then
				found_ssl=yes
				CFLAGS="$CFLAGS -I$dir"
				SSL_INC_DIR="$dir"
				ssldir="$dir/.."
				break
			fi
			if test -f "$dir/openssl/$ssl_hdr"; then
				found_ssl=yes
				CFLAGS="$CFLAGS -I$dir/openssl"
				SSL_INC_DIR="$dir/openssl"
				ssldir="$dir/.."
				break
			fi
		done

		if test x_$found_ssl != x_yes; then
			AC_MSG_ERROR(Cannot find ssl headers)
		else
			AC_MSG_RESULT(found in $ssldir)

			# Now try and find SSL libraries

			AC_MSG_CHECKING(for SSL libraries)
			found_ssl=no
			ssl_lib_dirs=`echo "$ssl_lib_dirs" | sed -e "s|{ssldir}|$ssldir|g"`

			if test "`uname -s`" = "Darwin" ; then
				soext="dylib"
			elif test "`uname -s`" = "HP-UX" ; then
				if test x$arch = "xia64"; then
					soext="so"
				else
					soext="sl"
				fi
			elif test "`uname -s`" = "AIX" ; then
				soext="a"
			else
				soext="so"
			fi

			for dir in $ssl_lib_dirs; do
				if test -f "$dir/$ssl_lib.$soext"; then
					found_ssl=yes
					SSL_LIB_DIR="$dir"
					break
				fi
			done

			if test x_$found_ssl != x_yes; then
				AC_MSG_ERROR(Cannot find ssl libraries)
			else
				AC_MSG_RESULT(found in $SSL_LIB_DIR)

				LDFLAGS="$LDFLAGS -L$SSL_LIB_DIR";
				LIBS="$LIBS -l`echo $ssl_lib | sed -e 's/^lib//'` -lcrypto";
				AC_DEFINE_UNQUOTED(HAVE_SSL,[1],[Have SSL support])
			fi
		fi
	fi

	if test x$found_ssl = xyes ; then
		# try to compile and link to see if SSL is set up properly
		AC_MSG_CHECKING([whether compiling and linking against SSL works])

		AC_LINK_IFELSE(
			[AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)])],
			[
				AC_MSG_RESULT([yes])
				$1
			], [
				AC_MSG_ERROR([no])
				$2
			])
	fi

	if test x$found_ssl = xyes -a x$need_dh = xyes; then

		# Find the openssl program

		if test x$need_dh = xyes; then
			AC_PATH_PROG(sslbin,openssl,value-if-not-found,$ssl_dir/sbin$PATH_SEPARATOR$ssl_dir/bin$PATH_SEPARATOR$PATH)
			AC_DEFINE(USE_SSL_DH)
			# Generate DH parameters
			if test -f "$sslbin"; then
				echo ""
				echo "*** Generating DH Parameters for SSL/TLS ***"
				# awk to strip off meta data at bottom of dhparam output
				$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
			fi
		fi
	fi
fi
])