Re: problem building rlm_ldap
Alan DeKok wrote:
> Bjorn Nordbo <[EMAIL PROTECTED]> wrote:
> > Now, this is progress! When I include all the neccesary libraries by
> > exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl
> > -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and
> > libx509 seems to be included in libssl.
>
> I don't know why it wouldn't work in the 'configure' script. That
> already checks for -lssl -lresolv, etc.
>
> Can you look at the 'config.log' file from a failed configure
> attempt, and see *where* it's failing to link to the libraries?
I'll try to find out why it failed tomorrow; but as I have spendt a few
hours today learning gdb (a suprisingly pleasant experience btw), I have
can answer your other question:
> > FreeRADIUS start fine, connects to the server and handles a request
> > just fine, before it dumps core:
>
> Hmm.. can you run gdb? See 'doc/BUGS'
>
> That looks like a simple bug to fix.
Heres part of my debugging session:
Breakpoint 1, call_modsingle (component=1, sp=0x178868, request=0x17b118,
default_result=6) at modcall.c:202
202 int myresult = default_result;
(gdb) c
Continuing.
modcall[authorize]: module "files" returns notfound
Breakpoint 1, call_modsingle (component=1, sp=0x178dd8, request=0x17b118,
default_result=6) at modcall.c:202
202 int myresult = default_result;
(gdb) s
204 safe_lock(sp->modinst);
(gdb) n
205 myresult = sp->modinst->entry->module->methods[component](
(gdb) print request->packet
$1 = (RADIUS_PACKET *) 0x17b058
(gdb) s
ldap_authorize (instance=0x126dc8, request=0x17b118) at rlm_ldap.c:764
764 LDAPMessage *result = NULL;
(gdb) print request->packet
$2 = (RADIUS_PACKET *) 0x0
(gdb) c
Continuing.
rlm_ldap: - authorize
rlm_ldap: performing user authorization for
radius_xlat: '(uid=pr-test-1)'
radius_xlat: 'ou=plus-users,dc=telenor,dc=net'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:1389:389, authentication 0
rlm_ldap: bind as ou=plus-users,dc=telenor,dc=net/
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in ou=plus-users,dc=telenor,dc=net, with filter
(uid=pr-test-1)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
Program received signal SIGSEGV, Segmentation fault.
0xdec50 in pairadd (first=0x38, add=0x17c1a0) at valuepair.c:128
128 if (*first == NULL) {
(gdb) bt
#0 0xdec50 in pairadd (first=0x38, add=0x17c1a0) at valuepair.c:128
#1 0xfef5319c in ldap_authorize (instance=0x126dc8, request=0x17b118)
at rlm_ldap.c:827
#2 0x37e04 in call_modsingle (component=1, sp=0x178dd8, request=0x17b118,
default_result=6) at modcall.c:205
#3 0x380fc in modcall (component=1, c=0x178dd8, request=0x17b118)
at modcall.c:288
#4 0x37e84 in call_modgroup (component=1, g=0x178828, request=0x17b118,
default_result=6) at modcall.c:227
#5 0x38084 in modcall (component=1, c=0x178828, request=0x17b118)
at modcall.c:281
#6 0x3724c in indexed_modcall (comp=1, idx=0, request=0x17b118)
at modules.c:456
#7 0x37784 in module_authorize (autz_type=0, request=0x17b118)
at modules.c:633
#8 0x31ba0 in rad_authenticate (request=0x17b118) at auth.c:518
#9 0x29ac4 in rad_respond (request=0x17b118, fun=0x318fc )
at radiusd.c:1524
#10 0x294dc in rad_process (request=0x17b118, dospawn=0) at radiusd.c:1272
#11 0x28efc in main (argc=2, argv=0xffbefb1c) at radiusd.c:1069
(gdb)
As you can see; the problem is that request->packet is set to null after
the call to ldap_authorize(). I can't see why this happens, but it causes
FreeRADIUS to dump in pairadd() later on. request points to the same
address both before an after the call to ldap_authorize().
I have compiled FreeRADIUS w/o optimalization and given --enable-developer
before running it through gdb.
--
We tend to meet any new situation by reorganising; and a wonderful method
it can be for creating the illusion of progress while producing confusion,
inefficiency and demoralisation.-- Gaius Petronius, 60 AD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > Now, this is progress! When I include all the neccesary libraries by > exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl > -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and > libx509 seems to be included in libssl. I don't know why it wouldn't work in the 'configure' script. That already checks for -lssl -lresolv, etc. Can you look at the 'config.log' file from a failed configure attempt, and see *where* it's failing to link to the libraries? > FreeRADIUS start fine, connects to the server and handles a request > just fine, before it dumps core: Hmm.. can you run gdb? See 'doc/BUGS' That looks like a simple bug to fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Alan DeKok wrote: > Bjorn Nordbo <[EMAIL PROTECTED]> wrote: > > struct berval *bv; > > ber_init(bv); > > You shouldn't have to do this. The declaration of ber_init in the > first example should take care of any compiler warnings. You're right; on a fresh code tree, this (ber_init) test works fine. > > SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so > > Was this message printed out before you made the change? Or were > the errors different before? When I test now, it seems to do the same thing. My bummer, as usual. :-( > > To me, it looks like I am missing some crypto libraries, but these should > > not be required to compile? > > They are required. Your linker is telling you they're required. > > Try: > > $ LIBS="-lssl -lx509" /configure --with-rlm-ldap-lib-dir= Now, this is progress! When I include all the neccesary libraries by exporting the LIBS variable set to "-lldap -llber -lsocket -lrt -lnsl -lresolv -lssl -lcrypto" it compiles. Note that I use OpenSSL and libx509 seems to be included in libssl. FreeRADIUS start fine, connects to the server and handles a request just fine, before it dumps core: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32882, id=215, length=112 User-Name = "pr-test-1" CHAP-Password = 0xd714fa45fb4c86f3da7cc5f528d138299c NAS-IP-Address = 130.67.10.1 NAS-Port-Id = "0" NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "22332211" Called-Station-Id = "153381007005" Acct-Session-Id = "379094840" modcall: entering group authorize modcall[authorize]: module "suffix" returns ok modcall[authorize]: module "files" returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for ×?úEû??óÚ|Åõ(Ñ8)? radius_xlat: '(uid=pr-test-1)' radius_xlat: 'ou=plus-users,dc=telenor,dc=net' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:1389:389, authentication 0 rlm_ldap: bind as ou=plus-users,dc=telenor,dc=net/kaketroll rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=plus-users,dc=telenor,dc=net, with filter (uid=pr-test-1) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed Segmentation Fault (core dumped) ducati(bn) radius 352$ Oh well. At least I'm closer than ever. :) -- We tend to meet any new situation by reorganising; and a wonderful method it can be for creating the illusion of progress while producing confusion, inefficiency and demoralisation.-- Gaius Petronius, 60 AD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Bjorn Nordbo <[EMAIL PROTECTED]> wrote:
> I have tried to get rlm_ldap to build, but w/o success. The problem seems
> to be that the code in the configure-script testing if the lber- and ldap-
> libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have
> fixed the lber test code by replacing:
>
> #include "confdefs.h"
> extern char ber_init();
> int main() {
> ber_init()
...
> with
...
> struct berval *bv;
> ber_init(bv);
You shouldn't have to do this. The declaration of ber_init in the
first example should take care of any compiler warnings.
> However, this does not work. I guess it is because my test program doesn't
> compile:
>
> ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include
>-L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c
> Undefined first referenced
> symbol in file
> SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so
Was this message printed out before you made the change? Or were
the errors different before?
> To me, it looks like I am missing some crypto libraries, but these should
> not be required to compile?
They are required. Your linker is telling you they're required.
Try:
$ LIBS="-lssl -lx509" /configure --with-rlm-ldap-lib-dir=
Which will force the configure script to link to the libraries you
gave it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem building rlm_ldap
I have tried to get rlm_ldap to build, but w/o success. The problem seems
to be that the code in the configure-script testing if the lber- and ldap-
libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have
fixed the lber test code by replacing:
#include "confdefs.h"
extern char ber_init();
int main() {
ber_init()
; return 0; }
with
#include "confdefs.h"
#include
int main ()
{
struct berval *bv;
ber_init(bv);
return 0;
}
in the configure script in the rlm_ldap directory. As the ldap test failed
in a similiar manner, I tried to do the same thing here, replacing:
#include "confdefs.h"
extern char ldap_init();
int main() {
ldap_init()
; return 0; }
with
#include "confdefs.h"
#include
int main () {
char *name = "foo";
int port = 1;
ldap_init(name, port);
return 0;
}
However, this does not work. I guess it is because my test program doesn't
compile:
ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include
-L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c
Undefined first referenced
symbol in file
SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so
ERR_error_string/local/db/openldap/2.0.21/lib/libldap.so
SSL_CTX_set_cipher_list /local/db/openldap/2.0.21/lib/libldap.so
SSL_CIPHER_get_bits /local/db/openldap/2.0.21/lib/libldap.so
CRYPTO_free /local/db/openldap/2.0.21/lib/libldap.so
X509_get_issuer_name/local/db/openldap/2.0.21/lib/libldap.so
To me, it looks like I am missing some crypto libraries, but these should
not be required to compile? Anyway, let's go back to the original problem.
This is the complete output from the configure script:
ducati(bn) rlm_ldap 1317$ ./configure
--with-rlm-ldap-lib-dir=/local/db/openldap/2.0.21/lib
--with-rlm-ldap-include-dir=/local/db/openldap/2.0.21/include
creating cache ./config.cache
checking for gcc... /local/gnu/bin/gcc
checking whether the C compiler (/local/gnu/bin/gcc ) works... yes
checking whether the C compiler (/local/gnu/bin/gcc ) is a cross-compiler...
nochecking whether we are using GNU C... yes
checking whether /local/gnu/bin/gcc accepts -g... yes
checking for inet_aton in -lresolv... yes
checking for lber.h... yes
checking for ldap.h... yes
checking for sasl_encode in -lsasl... no
checking for DH_new in -lcrypto... no
checking for SSL_new in -lssl... no
checking for ber_init in -llber... yes
checking for ldap_init in -lldap... no
configure: warning: silently not building rlm_ldap.
configure: warning: FAILURE: rlm_ldap requires: libldap.
updating cache ./config.cache
creating ./config.status
creating Makefile
ducati(bn) rlm_ldap 1318$
I have checked that the configure script does indeed try the compile the
tests with the correct paths (ie. /local/db/openldap/...), and I am quite
certain it does find the libraries/includes it needs. I have tried this
with both FreeRADIUS 0.5, and the lates from CVS.
Any help greatly appreciated!
--
We tend to meet any new situation by reorganising; and a wonderful method
it can be for creating the illusion of progress while producing confusion,
inefficiency and demoralisation.-- Gaius Petronius, 60 AD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
