dnl dnl autoconf script for the Nessus libraries dnl dnl dnl Supported options : dnl dnl --enable-release AC_INIT(.root-dir) AC_REVISION($Revision$)dnl PWDD=`pwd` VERSION=`cat VERSION` save_IFS="${IFS}" IFS=. read NESSUS_MAJOR NESSUS_MINOR NESSUS_PATCH /dev/null || AC_MSG_ERROR([ *** Panic: Corrupt version file]) version=$NESSUS_MAJOR.$NESSUS_MINOR.$NESSUS_PATCH dnl A tribute to libtool: more fiddling around wirh versions NESSUS_SUPER=`expr $NESSUS_MAJOR + $NESSUS_MINOR` dnl Set up the main lines of the config script AC_CONFIG_HEADER(include/config.h) AC_PREFIX_DEFAULT("/usr/local") AC_LANG_C dnl Set some defaults, enable with keyword 'yes' use_cipher=yes GCC_NO_PIPE=no dnl some compiler option AC_ARG_ENABLE(gccpipe,[ --enable-gccpipe use \"gcc -pipe\" for compilation, where possible], [case $enable_gccpipe in n*|N*) GCC_NO_PIPE=yes ;; y*|Y*) unset GCC_NO_PIPE ;; esac]) test x$GCC_NO_PIPE = xno && unset GCC_NO_PIPE dnl Check for several programs AC_PROG_CC AC_LIBTOOL_WIN32_DLL AM_PROG_LIBTOOL # test, whether the compiler understands the -pipe command # (thanks to Tatu Illonen: ssh/configure.in) CC_NOPIPE="$CC" if test -z "$GCC_NO_PIPE" -a -n "$GCC"; then AC_MSG_CHECKING([if the compiler understands -pipe]) CC="$CC -pipe" AC_TRY_COMPILE(,, AC_MSG_RESULT(yes), CC="$CC_NOPIPE" AC_MSG_RESULT(no)) fi AC_PROG_MAKE_SET AC_PROG_INSTALL echo "$INSTALL" | egrep "^\./" 2>&1 > /dev/null && { INSTALL="$PWDD/install-sh" } INSTALL_DIR="$INSTALL -d" test -z "$GCC" || CWARN="-Wall" dnl Check for extra libraries AC_HAVE_LIBRARY(resolv, LIBS="-lresolv $LIBS") # These libraries break stuff under IRIX if test "`uname`" != "IRIX" ; then AC_HAVE_LIBRARY(socket, [socket_lib="-lsocket";LIBS="-lsocket $LIBS";]) AC_HAVE_LIBRARY(nsl, [nsl_lib="-lnsl";LIBS="-lnsl $LIBS";]) fi dnl User options AC_ARG_ENABLE(release,[ --enable-release set the compiler flags to -O6], CFLAGS="-O6") bpfshare="" AC_ARG_ENABLE(bpf-sharing, [ --enable-bpf-sharing share one BPF among processes (see README.BPF)], [if test x$enable_bpf_sharing = xno ; then bpfshare=no else bpfshare=yes AC_DEFINE(HAVE_DEV_BPFN) fi]) test -z "$bpfshare" -a -c /dev/bpf0 -a ! -c /dev/bpf42 && { AC_DEFINE(HAVE_DEV_BPFN) bpfshare=yes } debug_ssl="" AC_ARG_ENABLE(debug-ssl,[ --enable-debug-ssl makes OpenSSL produce verbose output], debug_ssl="-DDEBUG_SSL=1") nessuspcap="" AC_ARG_ENABLE(nessuspcap, [ --enable-nessuspcap use the libpcap that comes with this package], nessuspcap="yes", nessuspcap="") if test x$enable_nessuspcap = xno ; then nessuspcap="no" fi if test x$enable_nessuspcap = x ; then nessuspcap="yes" fi AC_ARG_ENABLE(debug,[ --enable-debug set the compiler flags to -g], debug_cflags="-DDEBUG -g") AC_ARG_ENABLE(cipher, [ --enable-cipher crypts the client - server communication], [if test x$enable_cipher = xno ; then use_cipher=no else use_cipher=yes fi]) ### use option --with-ssl to compile in the SSL support ssl="" sslcflags="" AC_ARG_WITH(ssl, [ --with-ssl=[DIR] enable SSL support using libraries in DIR], [with_ssl=$withval]) AC_ARG_WITH(egd, [ --with-egd=/path specifies the path to the EGD socket], [ egdpath="$withval" AC_DEFINE_UNQUOTED(EGD_PATH, "$egdpath") ]) AC_C_BIGENDIAN test "$with_ssl" = "yes" && forcessl="yes" if test "$with_ssl" = "yes" -o -z "$with_ssl" then # He didn't specify an SSL location. Let's look at some common # directories where SSL has been found in the past and try and auto # configure for SSL. OpenSSL determination will be made later. # This will screw up if an OpenSSL install is located in a later # directory than an older SSLeay install, but the user should fix that # anyways and he can override on the configure line. with_ssl="" for ac_dir in \ /usr/local/ssl \ /usr/ssl \ /local/ssl \ /opt/ssl \ /usr/freeware \ ; \ do if test -d "$ac_dir" ; then with_ssl=$ac_dir break; fi done test -z "$with_ssl" && { for ac_dir in \ /usr \ /usr/local \ /sw \ ; \ do if test -r "$ac_dir/include/openssl/ssl.h" ; then with_ssl=$ac_dir break; fi done } fi if test -n "$with_ssl" -a "$with_ssl" != "no" then AC_CHECK_LIB(dl, dlopen, withdl="-ldl") # With the autoconfigure above, the only time this is going to be # true is going to be when we could not find the headers. If they # are not in system standard locations, we are going to be broken. if test "$with_ssl" = "yes" then # Let's just define the standard location for the SSLeay root with_ssl="/usr/local/ssl" fi if test -r $with_ssl/include/openssl/ssl.h then ### ssl.h found under openssl. Use openssl configuration preferentially echo "Enabling OpenSSL support in $with_ssl" if test "$with_ssl" = "/usr"; then CEFLAGS="$CEFLAGS -I$with_ssl/include/openssl" sslcflags="-I$with_ssl/include/openssl" else CEFLAGS="$CEFLAGS -I$with_ssl/include -I$with_ssl/include/openssl" sslcflags="-I$with_ssl/include -I$with_ssl/include/openssl" fi ### OpenBSD comes with ssl headers elif test -r /usr/include/ssl/ssl.h then echo "Enabling SSLeay support in $with_ssl" sslcflags="-I/usr/include/ssl" else echo "Enabling SSLeay support in $with_ssl" sslcflags="-I$with_ssl/include" fi if test `uname` = "IRIX" -a "$with_ssl" = "/usr/freeware" ; then ssl="-L$with_ssl/lib32 -lssl -lcrypto $withdl" else ssl="-L$with_ssl/lib -lssl -lcrypto $withdl" fi else with_ssl="" echo 'Disabling SSL support...' fi test -n "$with_ssl" && { XCFLAGS=$CFLAGS CFLAGS="$XCFLAGS -I$with_ssl/include -L$with_ssl/lib" XLDFLAGS=$LDFLAGS LDFLAGS="-lcrypto" AC_CHECK_LIB(ssl, RAND_status, AC_DEFINE(HAVE_RAND_STATUS)) CFLAGS=$XCFLAGS LDFLAGS=$XLDFLAGS } test -n "$with_ssl" && { sslcflags="-DHAVE_SSL $sslcflags" AC_DEFINE(HAVE_SSL) test "x$use_cipher" = "xyes" -o -z "$use_cipher" && { cipher_cflags="-DNESSUS_ON_SSL" } } test -n "$forcessl" -a -z "$with_ssl" && AC_ERROR("OpenSSL not found") AC_ARG_ENABLE(getoptlong,[ --enable-getoptlong force using/disbling the internal GNU getopt package], [case $enable_getoptlong in n*|N*) USE_GETOPT=no ;; *) USE_GETOPT=yes ;; esac]) AC_ARG_ENABLE(ptmx,[ --enable-ptmx force using/disabling the /dev/ptmx multiplexer], [case $enable_ptmx in n*|N*) USE_PTMX=no ;; *) USE_PTMX=yes ;; esac]) AC_ARG_ENABLE(openpty,[ --enable-openpty if present, use/disable openpty for creating ptys], [case $enable_openpty in n*|N*) USE_OPENPTY=no ;; *) USE_OPENPTY=yes ;; esac]) dnl Check for several headers AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_HEADER_TIME AC_HEADER_DIRENT AC_CHECK_HEADERS(unistd.h getopt.h string.h strings.h sys/sockio.h sys/socketio.h) AC_CHECK_HEADERS(sys/param.h netinet/in_systm.h) AC_CHECK_HEADERS(netinet/in.h,,,[#include ]) AC_CHECK_HEADERS(netinet/in_systm.h,,,[#include ]) AC_CHECK_HEADERS(netinet/ip.h,,,[#include #include #include ]) AC_CHECK_HEADERS(netinet/ip_icmp.h,,,[#include #include #include #include ]) AC_CHECK_HEADERS(netinet/ip.h netinet/udp.h netinet/protocols.h netinet/ip_udp.h netinet/ip_tcp.h netinet/tcpip.h ,,,[#include #include #include #include #include ]) AC_CHECK_HEADERS(sys/socket.h) AC_CHECK_HEADERS(net/if.h,,,[#include ]) AC_CHECK_HEADERS(sys/ioctl.h) AC_CHECK_HEADERS(rpc/rpc.h dlfcn.h sys/un.h memory.h ctype.h errno.h) AC_CHECK_HEADERS(sys/types.h stdlib.h stdio.h pthread.h sys/filio.h pwd.h) AC_CHECK_HEADERS(assert.h netdb.h arpa/inet.h setjmp.h) AC_CHECK_HEADERS(poll.h sys/poll.h fcntl.h signal.h sys/termio.h) AC_CHECK_HEADERS(sys/stat.h stat.h sys/mman.h termio.h termios.h sgtty.h) AC_CHECK_HEADERS(ptem.h sys/ptem.h ldterm.h sys/ldterm.h stropts.h values.h) AC_CHECK_HEADERS(sys/param.h sys/sysctl.h limits.h) dnl ./configure fails to determine the existence of some dnl headers under IRIX case "$host" in *-irix*) AC_DEFINE(HAVE_SYS_SOCKET_H) AC_DEFINE(HAVE_NETINET_IP_H) AC_DEFINE(HAVE_NETINET_TCP_H) ;; *) ;; esac case "$host" in *-hpux*) AC_DEFINE(HPUX) ;; esac dnl Check for several functions AC_FUNC_ALLOCA AC_CHECK_FUNCS(sigaction sysctl setproctitle setitimer) AC_CHECK_FUNCS(lstat memmove gettimeofday gethrtime getrusage rand) AC_CHECK_FUNCS(strchr memcpy select poll unlockpt) AC_CHECK_FUNCS(vsnprintf snprintf vasnprintf vasprintf asprintf asnprintf) AC_CHECK_FUNCS(bzero bcopy setsid) AC_CHECK_FUNCS(addr2ascii inet_neta lrand48 setitimer) dnl check for getopt, or assume it (not) present case $USE_GETOPT in yes|no) AC_MSG_CHECKING(for getopt_long to assume by config argument) esac if test x$USE_GETOPT = xyes ; then AC_MSG_RESULT(yes) AC_DEFINE(ENABLE_GETOPT_LONG) elif test x$USE_GETOPT = xno ; then AC_MSG_RESULT(no) else AC_CHECK_FUNCS(getopt_long) fi # disable openpty() upon request, only if test x$USE_OPENPTY != xno -a x$USE_PTMX != xyes ; then AC_CHECK_LIB(util,openpty,LIBS="-lutil $LIBS") save_LDFLAGS=$LDFLAGS LDFLAGS="$LDFLAGS $LIBS" AC_CHECK_FUNCS(openpty,FOUND_OPENPTY=yes) LDFLAGS=$save_LDFLAGS # undef the request for openpty as it is not available if test x$FOUND_OPENPTY != xyes ;then USE_OPENPTY=no fi fi dnl check for pty multiplexer device if test x$USE_PTMX = x ; then AC_MSG_CHECKING(for "/dev/ptmx" as a character device) test -c "/dev/ptmx" else AC_MSG_CHECKING(for "/dev/ptmx" to exist by config argument) test x$USE_PTMX = xyes fi if test $? = 0 ; then if test x$USE_OPENPTY = xyes ; then AC_MSG_RESULT([unsing openpty(), instead]) else AC_MSG_RESULT(yes) AC_DEFINE(HAVE_DEV_PTMX) HAVE_DEV_PTMX=yes fi else AC_MSG_RESULT(no) fi dnl check for pty multiplexer libraries, needed test x$HAVE_DEV_PTMX = xyes && AC_CHECK_FUNCS(grantpt ptsname,,test x$USE_PTMX = xyes && AC_ERROR([ *** You loose: /dev/ptmx needs to be supported by grantpt() and ptsname(). ])) AC_CHECK_FUNC(inet_aton, AC_DEFINE(HAVE_INET_ATON)) AC_CHECK_LIB(resolv, inet_aton, AC_DEFINE(HAVE_INET_ATON)) AC_CHECK_LIB(nsl, inet_aton, AC_DEFINE(HAVE_INET_ATON)) llib=""; AC_CHECK_LIB(l, yylex, llib=-ll) test -z "$llib" && { AC_CHECK_LIB(fl, yylex, llib=-lfl) } test -z "$llib" && { AC_CHECK_LIB(l, lex_init, llib=-ll) test -z "$llib" && { AC_CHECK_LIB(fl, lex_init, llib=-lfl) } } pcap_flag="-lpcap-nessus" pcap_dir="libpcap-nessus" BUILD_PCAP="" if test "x$nessuspcap" = "x" ; then AC_HAVE_LIBRARY(pcap, BUILD_PCAP="", BUILD_PCAP=libpcap-nessus.la) else if test "x$nessuspcap" = "xyes" ; then BUILD_PCAP=libpcap-nessus.la else if test "x$nessuspcap" = "xno" ; then AC_HAVE_LIBRARY(pcap, BUILD_PCAP="", AC_MSG_ERROR("Your system lacks libpcap. Use ./configure --enable-nessuspcap")) fi fi fi if test "x$BUILD_PCAP" = "x" ; then syspcap="-DSYSTEM_PCAP" pcap_flag="-lpcap" pcap_dir="" unset pcap_install unset pcap_make unset pcap_clean unset pcap_distclean else syspcap="" pcap_flag="-lpcap-nessus" pcap_install="pcap-install" pcap_make="pcap-make" pcap_clean="pcap-clean" pcap_distclean="pcap-distclean" fi case "$host" in *-cygwin*) AC_DEFINE(_CYGWIN_) AC_HAVE_LIBRARY(wpcap, , AC_MSG_ERROR("Your system lacks the libwpcap")) AC_HAVE_LIBRARY(Packet, , AC_MSG_ERROR("Your system lacks the libPacket")) AC_HAVE_LIBRARY(ws2_32, with_ws2_32="-lws2_32") syspcap="-DSYSTEM_PCAP" pcap_flag="-lwpcap -lPacket" pcap_dir="" BUILD_PCAP="" pcap_install="" pcap_make="" pcap_clean="" pcap_distclean="" ;; *) ;; esac dnl This test is from the configure.in of Unix Network Programming second dnl edition example code by W. Richard Stevens dnl ################################################################## dnl Check if sockaddr{} has sa_len member. dnl AC_CACHE_CHECK(if sockaddr{} has sa_len member, ac_cv_sockaddr_has_sa_len, AC_TRY_COMPILE([ # include # include ], [unsigned int i = sizeof(((struct sockaddr *)0)->sa_len)], ac_cv_sockaddr_has_sa_len=yes, ac_cv_sockaddr_has_sa_len=no)) if test $ac_cv_sockaddr_has_sa_len = yes ; then AC_DEFINE(HAVE_SOCKADDR_SA_LEN) fi AC_CHECK_TYPE(time_t,int) AC_TYPE_PID_T AC_TYPE_SIZE_T AC_TYPE_UID_T dnl this routine has been adopted from the GNU emacs20 distrubution AC_MSG_CHECKING(for struct timeval) AC_TRY_COMPILE([#ifdef TIME_WITH_SYS_TIME #include #include #else #ifdef HAVE_SYS_TIME_H #include #else #include #endif #endif], [static struct timeval x; x.tv_sec = x.tv_usec;], [AC_MSG_RESULT(yes) HAVE_TIMEVAL=yes AC_DEFINE(HAVE_TIMEVAL)], [AC_MSG_RESULT(no) HAVE_TIMEVAL=no]) AC_MSG_CHECKING(if optind is defined in a library already) AC_TRY_COMPILE([#include ], [extern int optind;], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_OPTIND)], [AC_MSG_RESULT(no) ]) dnl Check for the number of arguments for gettimeofday (), this routine dnl has been adopted from the GNU emacs20 distrubution if test "x$HAVE_TIMEVAL" = xyes; then AC_MSG_CHECKING([whether gettimeofday can't accept two arguments]) AC_TRY_LINK([ #ifdef TIME_WITH_SYS_TIME #include #include #else #ifdef HAVE_SYS_TIME_H #include #else #include #endif #endif ], [ struct timeval time; struct timezone dummy; gettimeofday (&time, &dummy); ], [AC_MSG_RESULT(no)], [AC_MSG_RESULT(yes) AC_DEFINE(GETTIMEOFDAY_ONE_ARGUMENT)]) fi dnl Define several paths AC_SYS_LONG_FILE_NAMES EXTRA=$LIBS case "$host" in *-netbsd*) AC_DEFINE(NETBSD) ;; *-openbsd*) AC_DEFINE(OPENBSD) ;; *-sgi-irix5*) AC_DEFINE(IRIX) ;; *-sgi-irix6*) AC_DEFINE(IRIX) ;; *-solaris2.0*) AC_DEFINE(SOLARIS) ;; *-solaris2.1*) AC_DEFINE(SOLARIS) ;; *-solaris2.2*) AC_DEFINE(SOLARIS) ;; *-solaris2.3*) AC_DEFINE(SOLARIS) ;; *-solaris2.4*) AC_DEFINE(SOLARIS) ;; *-solaris2.5.1) AC_DEFINE(SOLARIS) ;; *-solaris*) AC_DEFINE(SOLARIS) ;; *-sunos4*) AC_DEFINE(SUNOS) ;; *-linux*) AC_DEFINE(LINUX) ;; *-freebsd*) AC_DEFINE(FREEBSD) ;; *-bsdi*) AC_DEFINE(BSDI) ;; esac case "$host" in *-freebsd*|*-bsdi*|*-netbsd*) AC_DEFINE(BSD_BYTE_ORDERING) esac test -n "$ssl" -a -d /usr/kerberos && { sslcflags="-I/usr/kerberos/include $sslcflags" ssl="-L/usr/kerberos/lib $ssl" } AC_CONFIG_SUBDIRS($pcap_dir) dnl Final step : substitute what we want to AC_SUBST(CC_NOPIPE) AC_SUBST(PWD) AC_SUBST(PWDD) AC_SUBST(CFLAGS) AC_SUBST(CWALL) AC_SUBST(CWARN) AC_SUBST(INSTALL_DIR) AC_SUBST(INSTALL) AC_SUBST(EXTRA) AC_SUBST(debug_cflags) AC_SUBST(cipher_cflags) AC_SUBST(pcap_install) AC_SUBST(pcap_make) AC_SUBST(pcap_clean) AC_SUBST(pcap_distclean) AC_SUBST(syspcap) AC_SUBST(with_ws2_32) AC_SUBST(ssl) AC_SUBST(sslcflags) AC_SUBST(llib) AC_SUBST(version) AC_SUBST(egdpath) AC_SUBST(debug_ssl) AC_SUBST(NESSUS_MAJOR) AC_SUBST(NESSUS_MINOR) AC_SUBST(NESSUS_SUPER) AC_SUBST(NESSUS_PATCH) AC_SUBST(NESSUS_DATE) AC_SUBST(BUILD_PCAP) AC_SUBST(pcap_flag) AC_SUBST(VERSION) AC_SUBST(ac_configure_args) dnl And we put everything in THREE files AC_OUTPUT(nessus.tmpl nessus-config.pre include/libvers.h uninstall-nessus) chmod +x uninstall-nessus test "$use_cipher" = "yes" -a -z "$with_ssl" && { AC_MSG_WARN([*** As SSL support is disabled, the communication between the server and the client will not be ciphered]) } AC_MSG_RESULT([ If you installed an older version of Nessus in the past you should run ./uninstall-nessus as root first. This script will remove the old libraries and binaries left by the older version but will keep your configuration untouched]) test -z "$bpfshare" -a -c /dev/bpf0 -a ! -c /dev/bpf40 && AC_MSG_RESULT([ *** You appear to be running a BPF-enabled operating system. (BPF stands for 'Berkeley Packet Filter') BPFs are used to capture incoming packets without using the operating system. Nessus uses those for some of its security checks and port scanners. However, you seem to not have enough bpfs, (we recommand that you get about 100 of them) so Nessus might miss some hosts or produce inaccurate port scans. If you can not create more bpfs, then you may want to enable the experimental bpf sharing daemon, by re-running this configure script with the option --enable-bpf-sharing Please read README.BPF before continuing]) exit 0