I suppose you need to modify the .spec file to make sure you're running
autoreconf twice up front (or libtoolize, aclocal, autoconf, automake,
possibly autoheader).
Note you'll want to remove the .la files from the destdir, and list the
.so files in the %files section, /usr/lib/openvpn/*.so might do the
trick ISTR that RPM does globbing.
Your patches did not work!
As with my initial post on this thread - the flags are *exactly* the
same (hard-coded):
make: Entering directory
`/home/zeek/rpmbuild/BUILD/openvpn-2.1.4/plugin/down-root'
gcc -O2 -Wall -fPIC -c -I../.. down-root.c
gcc -O2 -Wall -fPIC -shared -Wl,-soname,openvpn-down-root.so -o
openvpn-down-root.so down-root.o -lc
make: Leaving directory
`/home/zeek/rpmbuild/BUILD/openvpn-2.1.4/plugin/down-root'
+ for plugin in down-root auth-pam
+ /usr/bin/make -C plugin/auth-pam
make: Entering directory
`/home/zeek/rpmbuild/BUILD/openvpn-2.1.4/plugin/auth-pam'
gcc -O2 -Wall -DDLOPEN_PAM=0 -fPIC -c -I../.. auth-pam.c
gcc -O2 -Wall -DDLOPEN_PAM=0 -fPIC -c -I../.. pamdl.c
gcc -O2 -Wall -DDLOPEN_PAM=0 -fPIC -shared
-Wl,-soname,openvpn-auth-pam.so -o openvpn-auth-pam.so auth-pam.o
pamdl.o -lc -lpam
make: Leaving directory
`/home/zeek/rpmbuild/BUILD/openvpn-2.1.4/plugin/auth-pam'
I also had to adjust your patches slightly to fit the 2.1.4 source tree
- see the modified versions attached.
---
configure.ac | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/configure.ac b/configure.ac
index 4777108..529abd3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -33,6 +33,7 @@ AC_CONFIG_SRCDIR(syshead.h)
dnl Guess host type.
AC_CANONICAL_HOST
AC_CANONICAL_SYSTEM
+AC_GNU_SOURCE
AM_INIT_AUTOMAKE(openvpn, [$PACKAGE_VERSION])
AC_ARG_WITH(cygwin-native,
@@ -331,7 +332,6 @@ dnl Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_GCC_TRADITIONAL
-AC_GNU_SOURCE
if test "${WIN32}" = "yes"; then
AC_ARG_VAR([MAN2HTML], [man2html utility])
This includes autoconf checks so we only build auth-pam on systems that have
security/pam_appl.h
---
Makefile.am | 16 ++++++++++++++++
configure.ac | 10 ++++++++++
m4/README | 3 +++
plugin/README | 13 +++++++------
4 files changed, 36 insertions(+), 6 deletions(-)
create mode 100644 m4/README
diff --git a/Makefile.am b/Makefile.am
index ad0f7e3..3918cf7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -29,6 +29,8 @@ LDADD = @LIBOBJS@
# INSTALL targets:
AUTOMAKE_OPTIONS = foreign
+ACLOCAL_AMFLAGS = -I m4
+
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
@@ -141,6 +143,20 @@ openvpn_SOURCES = \
win32.h win32.c \
cryptoapi.h cryptoapi.c
+# building default plugins
+pkglib_LTLIBRARIES = down-root.la
+if HAVE_PAM
+pkglib_LTLIBRARIES += auth-pam.la
+endif
+libtoolmoduleflags = -module -avoid-version
+down_root_la_SOURCES = plugin/down-root/down-root.c
+down_root_la_LDFLAGS = $(libtoolmoduleflags)
+
+auth_pam_la_SOURCES = plugin/auth-pam/auth-pam.c \
+ plugin/auth-pam/pamdl.h \
+ plugin/auth-pam/pamdl.c
+auth_pam_la_LIBADD = -lpam
+auth_pam_la_LDFLAGS = $(libtoolmoduleflags)
dist-hook:
cd $(distdir) && for i in $(EXTRA_DIST) $(SUBDIRS) ; do find $$i -name
.svn -type d -prune -exec rm -rf '{}' ';' ; rm -f `find $$i -type f | grep -E
'(^|\/)\.?\#|\~$$|\.s?o$$'` ; done
diff --git a/configure.ac b/configure.ac
index 529abd3..f6280cd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,6 +29,7 @@ m4_include(version.m4)
AC_INIT([OpenVPN], [PRODUCT_VERSION], [openvpn-us...@lists.sourceforge.net],
[openvpn])
AM_CONFIG_HEADER(config.h)
AC_CONFIG_SRCDIR(syshead.h)
+AC_CONFIG_MACRO_DIR([m4])
dnl Guess host type.
AC_CANONICAL_HOST
@@ -325,6 +326,11 @@ dnl Checks for programs.
AC_PROG_CC
AC_PROG_INSTALL
AC_PROG_GCC_TRADITIONAL
+LT_INIT([disable-static])
+dnl we need to dlopen() things, later, we might
+dnl look into libltdl stuff that can possibly link the plugin
+dnl statically, but I suppose that takes changes to plugin.? code,
+dnl too. -- Matthias Andree, 2011-01-06
if test "${WIN32}" = "yes"; then
AC_ARG_VAR([MAN2HTML], [man2html utility])
@@ -367,7 +373,9 @@ if test "${WIN32}" != "yes"; then
netinet/tcp.h arpa/inet.h dnl
netdb.h sys/uio.h linux/if_tun.h linux/sockios.h dnl
linux/types.h sys/poll.h sys/epoll.h err.h dnl
+ security/pam_appl.h dnl
)
+
AC_CHECK_HEADERS(net/if.h,,,
[#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
@@ -407,6 +417,8 @@ if test "${WIN32}" != "yes"; then
])
fi
+AM_CONDITIONAL(HAVE_PAM, test "$ac_cv_header_security_pam_appl_h" = yes)
+
AC_CACHE_SAVE
dnl check that in_addr_t is defined
diff --git a/m4/README b/m4/README
new file mode 100644
index 0000000..8f83679
--- /dev/null
+++ b/m4/README
@@ -0,0 +1,3 @@
+This directory is empty in the Git repository and gets
+populated by libtoolize (which is usually run automatically from
+autoreconf).
diff --git a/plugin/README b/plugin/README
index 6e490c5..7f8d805 100644
--- a/plugin/README
+++ b/plugin/README
@@ -2,8 +2,8 @@ OpenVPN Plugins
---------------
Starting with OpenVPN 2.0-beta17, compiled plugin modules are
-supported on any *nix OS which includes libdl or on Windows.
-One or more modules may be loaded into OpenVPN using
+supported on any *nix OS which includes libdl, or on Windows.
+ One or more modules may be loaded into OpenVPN using
the --plugin directive, and each plugin module is capable of
intercepting any of the script callbacks which OpenVPN supports:
@@ -28,7 +28,7 @@ auth-pam -- Authenticate using PAM and a split privilege
execution model which functions even if
root privileges or the execution environment
have been altered with --user/--group/--chroot.
- Tested on Linux only.
+ Tested on Linux only.
down-root -- Enable the running of down scripts with root privileges
even if --user/--group/--chroot have been used
@@ -42,6 +42,7 @@ examples -- A simple example that demonstrates a portable
Building Plugins
----------------
-cd to the top-level directory of a plugin, and use the
-"make" command to build it. The examples plugin is
-built using a build script, not a makefile.
+The auth-pam and down-root modules are built as part of the regular
+OpenVPN build. Other than that, cd to the top-level directory of a
+plugin, and use the "make" command to build it. The examples plugin is
+built using a build script, not a Makefile.
--
