Compiling PAM modules
I have TAR'ed the current PAM source and want to compile a few of them. What is the proper MAKE command, and from where should it be issued? -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
>>> On Sat, Feb 2, 2008 at 4:53 PM, in message <[EMAIL PROTECTED]>, Binyamin Dissen <[EMAIL PROTECTED]> wrote: > I have TAR'ed the current PAM source and want to compile a few of them. > > What is the proper MAKE command, and from where should it be issued? What distribution are you building it for? That will determine to a large extent how you do it. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
On Sat, 2 Feb 2008 23:04:43 -0700 Mark Post <[EMAIL PROTECTED]> wrote: : On Sat, Feb 2, 2008 at 4:53 PM, in message :><[EMAIL PROTECTED]>, Binyamin Dissen :><[EMAIL PROTECTED]> wrote: :>> I have TAR'ed the current PAM source and want to compile a few of them. :>> What is the proper MAKE command, and from where should it be issued? :>What distribution are you building it for? That will determine to a large extent how you do it. SUSE for Z. But to be even more basic. Say I write my own PAM routine - exactly what command is required to compile it into an .so format? Do I need to create a make file? -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
Binyamin Dissen wrote: On Sat, 2 Feb 2008 23:04:43 -0700 Mark Post <[EMAIL PROTECTED]> wrote: : On Sat, Feb 2, 2008 at 4:53 PM, in message :><[EMAIL PROTECTED]>, Binyamin Dissen :><[EMAIL PROTECTED]> wrote: :>> I have TAR'ed the current PAM source and want to compile a few of them. :>> What is the proper MAKE command, and from where should it be issued? :>What distribution are you building it for? That will determine to a large extent how you do it. SUSE for Z. I would have a look at how the vendor's built the package(s). Also, unless you have good reason not to, the vendor's source is the source to start from. But to be even more basic. Say I write my own PAM routine - exactly what command is required to compile it into an .so format? The gcc command can do it. Do I need to create a make file? Well, you don't, but it's a good way to document how to build it, and it's pretty important if you think there's any likelihood of your module finding widespread use. At the risk of sounding patronising, if you need to ask these questions then you are probably not the person to write the pam module(s). If you get something wrong, and it seems even the best programmers do, then you have the potential to do serious harm to some very serious work. Whether you decide to do this, or have someone else do it, if possible develop on intellish hardware running your distro (or a free version of it). the source code is compatible unless you do something strange such as write assembler core or depend on byte ordering, and development way well proceed more quickly and have litle risk of harm when something breaks. I once wrote a JES2 exit that examined and modified JCL as it was converted to the internal format; I have some experience of what can happen when critical code doesn't work properly. -- Cheers John -- spambait [EMAIL PROTECTED] [EMAIL PROTECTED] -- Advice http://webfoot.com/advice/email.top.php http://www.catb.org/~esr/faqs/smart-questions.html http://support.microsoft.com/kb/555375 You cannot reply off-list:-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
>>> On Sun, Feb 3, 2008 at 3:50 AM, in message <[EMAIL PROTECTED]>, Binyamin Dissen <[EMAIL PROTECTED]> wrote: > On Sat, 2 Feb 2008 23:04:43 -0700 Mark Post <[EMAIL PROTECTED]> wrote: -snip- > :>What distribution are you building it for? That will determine to a large > extent how you do it. > > SUSE for Z. Ok, that's an RPM-based distribution. If you had been developing for Slack/390 or Debian/390, that wouldn't have been the case. > But to be even more basic. Say I write my own PAM routine - exactly what > command is required to compile it into an .so format? What I normally recommend to people that want to build packages for a Linux distribution is look at how the distribution provider normally does it. In this case, look at the *.src.rpm package for the PAM modules shipped with SLES. If you do an "rpm -ivh pam*.src.rpm" the source files and patches get put into /usr/src/packages/SOURCES/ and the .spec file gets put into /usr/src/packages/SPECS/. You can look at the .spec file and see exactly how the as-shipped package is built, and adapt that to meet your own needs. > Do I need to create a make file? If you do the job right, and I suspect you're the kind of person that does, then you'll need to create a whole lot more than that. Creating your own .spec file from an existing one can be very tedious trial-and-error work. You'll also need to create your own .src.rpm and ship that with the package. Most PAM packages have a GPL license on them, but some have mixed BSD and GPL , or an Apache license. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
On Sun, 3 Feb 2008 22:36:49 +0900 John Summerfield <[EMAIL PROTECTED]> wrote: :>Binyamin Dissen wrote: :>> On Sat, 2 Feb 2008 23:04:43 -0700 Mark Post <[EMAIL PROTECTED]> wrote: :>> : On Sat, Feb 2, 2008 at 4:53 PM, in message :>> :><[EMAIL PROTECTED]>, Binyamin Dissen :>> :><[EMAIL PROTECTED]> wrote: :>> :>> I have TAR'ed the current PAM source and want to compile a few of them. :>> :>> What is the proper MAKE command, and from where should it be issued? :>> :>What distribution are you building it for? That will determine to a large extent how you do it. :>> SUSE for Z. :>I would have a look at how the vendor's built the package(s). Also, :>unless you have good reason not to, the vendor's source is the source to :>start from. I would prefer starting off with something other than a sledgehammer. :>> But to be even more basic. Say I write my own PAM routine - exactly what :>> command is required to compile it into an .so format? :>The gcc command can do it. Thus leading to my question - are there any special options required? Is gcc -o enough? :>> Do I need to create a make file? :>Well, you don't, but it's a good way to document how to build it, and :>it's pretty important if you think there's any likelihood of your module :>finding widespread use. True. But I am just starting. I would rather concentrate on the code, rather than packaging at this early time. :>At the risk of sounding patronising, if you need to ask these questions :>then you are probably not the person to write the pam module(s). If you :>get something wrong, and it seems even the best programmers do, then you :> have the potential to do serious harm to some very serious work. I understand the impact, and my initial attempt will be against FTP with a session ready to restore the /etc file should my stuff blow. :>Whether you decide to do this, or have someone else do it, if possible :>develop on intellish hardware running your distro (or a free version of :>it). the source code is compatible unless you do something strange such :>as write assembler core or depend on byte ordering, and development way :>well proceed more quickly and have litle risk of harm when something breaks. :>I once wrote a JES2 exit that examined and modified JCL as it was :>converted to the internal format; I have some experience of what can :>happen when critical code doesn't work properly. I have decades of SP experience on the MVS platform, with more system exits than you could count. And several years on VM, including CP mods. My issue is not in writing the code - it is in the installation. And I would like as easy a build method as possible as I start this coding. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
On Sun, 3 Feb 2008 11:52:37 -0700 Mark Post <[EMAIL PROTECTED]> wrote: :>If you do the job right, and I suspect you're the kind of person that does, then you'll need to create a whole lot more than that. Creating your own .spec file from an existing one can be very tedious trial-and-error work. You'll also need to create your own .src.rpm and ship that with the package. Most PAM packages have a GPL license on them, but some have mixed BSD and GPL , or an Apache license. But until I am ready to distribute, and the code is just running locally, I would like a quick path. Something like 1. Use these compiler/linker options (not sure) 2. Post processing? 3. Install the load module here (= /lib/security) -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
>>> On Sun, Feb 3, 2008 at 4:28 PM, in message <[EMAIL PROTECTED]>, Binyamin Dissen <[EMAIL PROTECTED]> wrote: -snip- > But until I am ready to distribute, and the code is just running locally, I > would like a quick path. > > Something like > > 1. Use these compiler/linker options (not sure) > 2. Post processing? > 3. Install the load module here (= /lib/security) Again, the .spec file from an existing SRPM package will show you how other people are building similar modules, including compiler and linker options, include directories, installation directories, etc. Certainly, during your initial coding/debugging/testing, you can just write a simple script to do all of that, but draw what goes into that script from the .spec file. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
On Sun, 3 Feb 2008 14:44:36 -0700 Mark Post <[EMAIL PROTECTED]> wrote: : On Sun, Feb 3, 2008 at 4:28 PM, in message :><[EMAIL PROTECTED]>, Binyamin Dissen :><[EMAIL PROTECTED]> wrote: :>-snip- :>> But until I am ready to distribute, and the code is just running locally, I :>> would like a quick path. :>> Something like :>> 1. Use these compiler/linker options (not sure) :>> 2. Post processing? :>> 3. Install the load module here (= /lib/security) :>Again, the .spec file from an existing SRPM package will show you how other people are building similar modules, including compiler and linker options, include directories, installation directories, etc. Certainly, during your initial coding/debugging/testing, you can just write a simple script to do all of that, but draw what goes into that script from the .spec file. I downloaded from http://www.kernel.org/pub/linux/libs/pam/ . >From the spec directory, it appears that the only unique compiler option is "-lpamc". The make files for even the simple PAM modules are monsters. That is why I was hoping for some simple help. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
>>> On Sun, Feb 3, 2008 at 5:50 PM, in message <[EMAIL PROTECTED]>, Binyamin Dissen <[EMAIL PROTECTED]> wrote: -snip- > I downloaded from http://www.kernel.org/pub/linux/libs/pam/ . > > From the spec directory, it appears that the only unique compiler option is > "-lpamc". That wasn't the source that I meant, since it's not what any particular Linux distribution will ship. For example, the pam_lpap package, as shipped with SLES10 compiles and links as follows: gcc -DHAVE_CONFIG_H -I. -I. -I. -DLDAP_REFERRALS -DLDAP_DEPRECATED -D_REENTRANT -O2 -g -fmessage-length=0 -fno-strict-aliasing -Wall -fPIC -MT pam_ldap.o -MD -MP -MF ".deps/pam_ldap.Tpo" -c -o pam_ldap.o pam_ldap.c gcc -DHAVE_CONFIG_H -I. -I. -I. -DLDAP_REFERRALS -DLDAP_DEPRECATED -D_REENTRANT -O2 -g -fmessage-length=0 -fno-strict-aliasing -Wall -fPIC -MT md5.o -MD -MP -MF ".deps/md5.Tpo" -c -o md5.o md5.c gcc -O2 -g -fmessage-length=0 -fno-strict-aliasing -Wall -fPIC -o pam_ldap.so -shared -Wl,-Bdynamic -Wl,--version-script,./exports.linux pam_ldap.o md5.o -lldap -llber -lnsl -lcrypt -lresolv -lpam -ldl Clearly, some of those switches are going to be specific to the purpose of talking to an LDAP server, but others are not. > The make files for even the simple PAM modules are monsters. That is why I > was > hoping for some simple help. That's because they are using automake and autoconf to generate them. While increasing the ease of maintenance, it makes them pretty ugly looking and hard to understand. You don't need to go that route, necessarily, at least not at the beginning. You can largely hard-code things and later work to massage them into something more flexible. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
> :>I would have a look at how the vendor's built the package(s). Also, > :>unless you have good reason not to, the vendor's source is the source to > :>start from. > I would prefer starting off with something other than a sledgehammer. Actually, this is rather good advice, especially if you expect your code to interoperate and otherwise play nicely with PAM. There are lots of moving parts to PAM, and looking at how someone else did it will help you get your stuff structured in a compatible way. > Thus leading to my question - are there any special options required? That's what looking at the distribution build will tell you. The various distributions sometimes put PAM headers in different places, and some expect particular options to be used when building libraries, etc. > Is gcc -o enough? No. See above. > I would rather concentrate on the code, rather than packaging at this > early > time. > [snip] > My issue is not in writing the code - it is in the installation. And I > would > like as easy a build method as possible as I start this coding. The two are fairly closely linked. You need to be conscious of how PAM is installed and maintained on your distribution to avoid a lot of extra work later in the game. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
> I downloaded from http://www.kernel.org/pub/linux/libs/pam/ . > >From the spec directory, it appears that the only unique compiler option > is > "-lpamc". > The make files for even the simple PAM modules are monsters. That is why I > was > hoping for some simple help. Welcome to building software that has to run correctly on 70+ different platforms and operating systems. 8-) -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
On Sun, 3 Feb 2008 20:23:12 -0500 David Boyes <[EMAIL PROTECTED]> wrote: :>> :>I would have a look at how the vendor's built the package(s). Also, :>> :>unless you have good reason not to, the vendor's source is the :>source to :>> :>start from. :>> I would prefer starting off with something other than a sledgehammer. :>Actually, this is rather good advice, especially if you expect your code :>to interoperate and otherwise play nicely with PAM. There are lots of :>moving parts to PAM, and looking at how someone else did it will help :>you get your stuff structured in a compatible way. :>> Thus leading to my question - are there any special options required? :>That's what looking at the distribution build will tell you. The various :>distributions sometimes put PAM headers in different places, and some :>expect particular options to be used when building libraries, etc. :>> Is gcc -o enough? :>No. See above. :>> I would rather concentrate on the code, rather than packaging at this :>> early :>> time. :>> [snip] :>> My issue is not in writing the code - it is in the installation. And I :>> would :>> like as easy a build method as possible as I start this coding. :>The two are fairly closely linked. You need to be conscious of how PAM :>is installed and maintained on your distribution to avoid a lot of extra :>work later in the game. OK. I used an existing directory as a model and I now have modules/pam_dissen as a directory with what appears to be the appropriate make files. What make command can I issue to compile pam_dissen.c and generate pam_dissen.so ? >From which directory should I issue the make command? I tried make modules/pam_dissen from the Linux-PAM-0.99.9.0 directory, with result make: Nothing to be done for `modules/pam_dissen'. -- Binyamin Dissen <[EMAIL PROTECTED]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Compiling PAM modules
> OK. > I used an existing directory as a model and I now have modules/pam_dissen > as a > directory with what appears to be the appropriate make files. > What make command can I issue to compile pam_dissen.c and generate > pam_dissen.so ? Test it with 'make -n' in the same directory as your files. -n says do the evaluation of what needs to be done then tell me, but don't actually do it. If it says it's going to do what you expect, a plain 'make' should work. > >From which directory should I issue the make command? > > I tried > >make modules/pam_dissen > > from the > > Linux-PAM-0.99.9.0 > > directory, with result > > make: Nothing to be done for `modules/pam_dissen'. Yes, and it's right. Unless told otherwise, make assumes you are giving it a target string to find *in the makefile in the current directory*. Use 'make -f modules/pam_dissen/Makefile pam_dissen' (assuming the rule in your makefile in modules/pam_dissen is called 'pam_dissen'). If you omit it, it will build the default target for that makefile. So, first, do the make from the directory containing the source. If you need to integrate it into the larger build, then you'll need to modify the makefiles at the higher levels in the directory tree. There's an excellent tutorial on the intricacies of make in the BSD 4.3 System Administrators Guide (probably available in your local public library), or the OReilly book on make is also good. This online guide: http://www.eng.hawaii.edu/Tutor/Make/index.html is also a good start. > > -- > Binyamin Dissen <[EMAIL PROTECTED]> > http://www.dissensoftware.com > > Director, Dissen Software, Bar & Grill - Israel > > > Should you use the mailblocks package and expect a response from me, > you should preauthorize the dissensoftware.com domain. > > I very rarely bother responding to challenge/response systems, > especially those from irresponsible companies. > > -- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
