Re: problem building rlm_ldap
Alan DeKok wrote: > Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > > Now, this is progress! When I include all the neccesary libraries by > > exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl > > -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and > > libx509 seems to be included in libssl. > > I don't know why it wouldn't work in the 'configure' script. That > already checks for -lssl -lresolv, etc. > > Can you look at the 'config.log' file from a failed configure > attempt, and see *where* it's failing to link to the libraries? I'll try to find out why it failed tomorrow; but as I have spendt a few hours today learning gdb (a suprisingly pleasant experience btw), I have can answer your other question: > > FreeRADIUS start fine, connects to the server and handles a request > > just fine, before it dumps core: > > Hmm.. can you run gdb? See 'doc/BUGS' > > That looks like a simple bug to fix. Heres part of my debugging session: Breakpoint 1, call_modsingle (component=1, sp=0x178868, request=0x17b118, default_result=6) at modcall.c:202 202 int myresult = default_result; (gdb) c Continuing. modcall[authorize]: module "files" returns notfound Breakpoint 1, call_modsingle (component=1, sp=0x178dd8, request=0x17b118, default_result=6) at modcall.c:202 202 int myresult = default_result; (gdb) s 204 safe_lock(sp->modinst); (gdb) n 205 myresult = sp->modinst->entry->module->methods[component]( (gdb) print request->packet $1 = (RADIUS_PACKET *) 0x17b058 (gdb) s ldap_authorize (instance=0x126dc8, request=0x17b118) at rlm_ldap.c:764 764 LDAPMessage *result = NULL; (gdb) print request->packet $2 = (RADIUS_PACKET *) 0x0 (gdb) c Continuing. rlm_ldap: - authorize rlm_ldap: performing user authorization for radius_xlat: '(uid=pr-test-1)' radius_xlat: 'ou=plus-users,dc=telenor,dc=net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:1389:389, authentication 0 rlm_ldap: bind as ou=plus-users,dc=telenor,dc=net/ rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=plus-users,dc=telenor,dc=net, with filter (uid=pr-test-1) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Program received signal SIGSEGV, Segmentation fault. 0xdec50 in pairadd (first=0x38, add=0x17c1a0) at valuepair.c:128 128 if (*first == NULL) { (gdb) bt #0 0xdec50 in pairadd (first=0x38, add=0x17c1a0) at valuepair.c:128 #1 0xfef5319c in ldap_authorize (instance=0x126dc8, request=0x17b118) at rlm_ldap.c:827 #2 0x37e04 in call_modsingle (component=1, sp=0x178dd8, request=0x17b118, default_result=6) at modcall.c:205 #3 0x380fc in modcall (component=1, c=0x178dd8, request=0x17b118) at modcall.c:288 #4 0x37e84 in call_modgroup (component=1, g=0x178828, request=0x17b118, default_result=6) at modcall.c:227 #5 0x38084 in modcall (component=1, c=0x178828, request=0x17b118) at modcall.c:281 #6 0x3724c in indexed_modcall (comp=1, idx=0, request=0x17b118) at modules.c:456 #7 0x37784 in module_authorize (autz_type=0, request=0x17b118) at modules.c:633 #8 0x31ba0 in rad_authenticate (request=0x17b118) at auth.c:518 #9 0x29ac4 in rad_respond (request=0x17b118, fun=0x318fc ) at radiusd.c:1524 #10 0x294dc in rad_process (request=0x17b118, dospawn=0) at radiusd.c:1272 #11 0x28efc in main (argc=2, argv=0xffbefb1c) at radiusd.c:1069 (gdb) As you can see; the problem is that request->packet is set to null after the call to ldap_authorize(). I can't see why this happens, but it causes FreeRADIUS to dump in pairadd() later on. request points to the same address both before an after the call to ldap_authorize(). I have compiled FreeRADIUS w/o optimalization and given --enable-developer before running it through gdb. -- We tend to meet any new situation by reorganising; and a wonderful method it can be for creating the illusion of progress while producing confusion, inefficiency and demoralisation.-- Gaius Petronius, 60 AD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > Now, this is progress! When I include all the neccesary libraries by > exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl > -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and > libx509 seems to be included in libssl. I don't know why it wouldn't work in the 'configure' script. That already checks for -lssl -lresolv, etc. Can you look at the 'config.log' file from a failed configure attempt, and see *where* it's failing to link to the libraries? > FreeRADIUS start fine, connects to the server and handles a request > just fine, before it dumps core: Hmm.. can you run gdb? See 'doc/BUGS' That looks like a simple bug to fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Alan DeKok wrote: > Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > > struct berval *bv; > > ber_init(bv); > > You shouldn't have to do this. The declaration of ber_init in the > first example should take care of any compiler warnings. You're right; on a fresh code tree, this (ber_init) test works fine. > > SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so > > Was this message printed out before you made the change? Or were > the errors different before? When I test now, it seems to do the same thing. My bummer, as usual. :-( > > To me, it looks like I am missing some crypto libraries, but these should > > not be required to compile? > > They are required. Your linker is telling you they're required. > > Try: > > $ LIBS="-lssl -lx509" /configure --with-rlm-ldap-lib-dir= Now, this is progress! When I include all the neccesary libraries by exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and libx509 seems to be included in libssl. FreeRADIUS start fine, connects to the server and handles a request just fine, before it dumps core: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32882, id=215, length=112 User-Name = "pr-test-1" CHAP-Password = 0xd714fa45fb4c86f3da7cc5f528d138299c NAS-IP-Address = 130.67.10.1 NAS-Port-Id = "0" NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "22332211" Called-Station-Id = "153381007005" Acct-Session-Id = "379094840" modcall: entering group authorize modcall[authorize]: module "suffix" returns ok modcall[authorize]: module "files" returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for ×?úEû??óÚ|Åõ(Ñ8)? radius_xlat: '(uid=pr-test-1)' radius_xlat: 'ou=plus-users,dc=telenor,dc=net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:1389:389, authentication 0 rlm_ldap: bind as ou=plus-users,dc=telenor,dc=net/kaketroll rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=plus-users,dc=telenor,dc=net, with filter (uid=pr-test-1) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Segmentation Fault (core dumped) ducati(bn) radius 352$ Oh well. At least I'm closer than ever. :) -- We tend to meet any new situation by reorganising; and a wonderful method it can be for creating the illusion of progress while producing confusion, inefficiency and demoralisation.-- Gaius Petronius, 60 AD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > I have tried to get rlm_ldap to build, but w/o success. The problem seems > to be that the code in the configure-script testing if the lber- and ldap- > libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have > fixed the lber test code by replacing: > > #include "confdefs.h" > extern char ber_init(); > int main() { > ber_init() ... > with ... > struct berval *bv; > ber_init(bv); You shouldn't have to do this. The declaration of ber_init in the first example should take care of any compiler warnings. > However, this does not work. I guess it is because my test program doesn't > compile: > > ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include >-L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c > Undefined first referenced > symbol in file > SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so Was this message printed out before you made the change? Or were the errors different before? > To me, it looks like I am missing some crypto libraries, but these should > not be required to compile? They are required. Your linker is telling you they're required. Try: $ LIBS="-lssl -lx509" /configure --with-rlm-ldap-lib-dir= Which will force the configure script to link to the libraries you gave it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem building rlm_ldap
I have tried to get rlm_ldap to build, but w/o success. The problem seems to be that the code in the configure-script testing if the lber- and ldap- libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have fixed the lber test code by replacing: #include "confdefs.h" extern char ber_init(); int main() { ber_init() ; return 0; } with #include "confdefs.h" #include int main () { struct berval *bv; ber_init(bv); return 0; } in the configure script in the rlm_ldap directory. As the ldap test failed in a similiar manner, I tried to do the same thing here, replacing: #include "confdefs.h" extern char ldap_init(); int main() { ldap_init() ; return 0; } with #include "confdefs.h" #include int main () { char *name = "foo"; int port = 1; ldap_init(name, port); return 0; } However, this does not work. I guess it is because my test program doesn't compile: ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include -L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c Undefined first referenced symbol in file SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so ERR_error_string/local/db/openldap/2.0.21/lib/libldap.so SSL_CTX_set_cipher_list /local/db/openldap/2.0.21/lib/libldap.so SSL_CIPHER_get_bits /local/db/openldap/2.0.21/lib/libldap.so CRYPTO_free /local/db/openldap/2.0.21/lib/libldap.so X509_get_issuer_name/local/db/openldap/2.0.21/lib/libldap.so To me, it looks like I am missing some crypto libraries, but these should not be required to compile? Anyway, let's go back to the original problem. This is the complete output from the configure script: ducati(bn) rlm_ldap 1317$ ./configure --with-rlm-ldap-lib-dir=/local/db/openldap/2.0.21/lib --with-rlm-ldap-include-dir=/local/db/openldap/2.0.21/include creating cache ./config.cache checking for gcc... /local/gnu/bin/gcc checking whether the C compiler (/local/gnu/bin/gcc ) works... yes checking whether the C compiler (/local/gnu/bin/gcc ) is a cross-compiler... nochecking whether we are using GNU C... yes checking whether /local/gnu/bin/gcc accepts -g... yes checking for inet_aton in -lresolv... yes checking for lber.h... yes checking for ldap.h... yes checking for sasl_encode in -lsasl... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking for ber_init in -llber... yes checking for ldap_init in -lldap... no configure: warning: silently not building rlm_ldap. configure: warning: FAILURE: rlm_ldap requires: libldap. updating cache ./config.cache creating ./config.status creating Makefile ducati(bn) rlm_ldap 1318$ I have checked that the configure script does indeed try the compile the tests with the correct paths (ie. /local/db/openldap/...), and I am quite certain it does find the libraries/includes it needs. I have tried this with both FreeRADIUS 0.5, and the lates from CVS. Any help greatly appreciated! -- We tend to meet any new situation by reorganising; and a wonderful method it can be for creating the illusion of progress while producing confusion, inefficiency and demoralisation.-- Gaius Petronius, 60 AD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html