From: Matthew G. <mg...@sh...> - 2008-07-13 06:27:47
|
All, Has anyone else noticed that if a /usr/local dependency is used to build ipsec-tools, it will prefer the libradius installed in the /usr/local prefix over the system version. This produces build errors. To reproduce, just install a radius package or build from ports. Then run configure and build ipsec tools with radius and any other option that imports a lib from the /usr/local prfix ( like ldap or gssapi ). -Matthew |
From: Matthew G. <mg...@sh...> - 2008-07-15 05:50:22
|
Matthew Grooms wrote: > All, > > Has anyone else noticed that if a /usr/local dependency is used to build > ipsec-tools, it will prefer the libradius installed in the /usr/local > prefix over the system version. This produces build errors. > > To reproduce, just install a radius package or build from ports. Then > run configure and build ipsec tools with radius and any other option > that imports a lib from the /usr/local prfix ( like ldap or gssapi ). > All, I spent 6 hours tonight trying to find a way to solve this problem. The autoconf section for libradius looks like this ... AC_MSG_CHECKING(if --with-libradius option is specified) AC_ARG_WITH(libradius, [ --with-libradius=DIR specify libradius path (like/usr/pkg)], [libradius_dir=$withval], [libradius_dir=no]) AC_MSG_RESULT($libradius_dir) if test "$libradius_dir" != "no"; then if test "$libradius_dir" = "yes" ; then libradius_dir=""; fi; if test "x$libradius_dir" = "x"; then RACOON_PATH_LIBS([rad_create_request], [radius]) else if test -d "$libradius_dir/lib" -a \ -d "$libradius_dir/include" ; then RACOON_PATH_LIBS([rad_create_request], [radius], ["$libradius_dir/lib"]) CPPFLAGS_ADD="$CPPFLAGS_ADD -I$libradius_dir/include" else AC_MSG_ERROR([RADIUS libs or includes not found. Aborting.]) fi fi AC_DEFINE([HAVE_LIBRADIUS], [], [Hybrid authentication uses RADIUS]) LIBS="$LIBS -L$libradius_dir/lib -R$libradius_dir/lib -lradius" AC_CHECK_FUNCS(rad_create_request) fi ... As you can see, the check is for a libradius that contains the rad_create_request function. On FreeBSD, there is a system library under /usr/lib named libradius. The configure check passes without issue. But if you have another radius library like FreeRadius installed in the /usr/local/lib prefix, the linker will use the local version instead of the system version. This occurs even if --with-libradius=/usr is specified in the configure check. /usr/local/bin/bash ../../libtool --tag=CC --mode=link gcc -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/local/etc\" -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2 -Wall -Werror -Wno-unused ../libipsec/libipsec.la -o racoon main.o session.o isakmp.o handler.o isakmp_ident.o isakmp_agg.o isakmp_base.o isakmp_quick.o isakmp_inf.o isakmp_newg.o gssapi.o dnssec.o getcertsbyname.o privsep.o pfkey.o admin.o evt.o ipsec_doi.o oakley.o grabmyaddr.o vendorid.o policy.o localconf.o remoteconf.o crypto_openssl.o algorithm.o proposal.o sainfo.o strnames.o plog.o logger.o schedule.o str2val.o safefile.o backupsa.o genlist.o rsalist.o cftoken.o cfparse.o prsa_tok.o prsa_par.o sha2.o isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o -lfl vmbuf.o sockmisc.o misc.o -L/usr/local/lib -lldap -lradius -lutil -lcrypto -lreadline -lcrypt -L/usr/lib -R/usr/lib -lradius -L/usr/local/lib -R/usr/local/lib -lldap gcc -D_GNU_SOURCE -DSYSCONFDIR=\"/usr/local/etc\" -DADMINPORTDIR=\"/usr/local/var/racoon\" -g -O2 -Wall -Werror -Wno-unused -o racoon main.o session.o isakmp.o handler.o isakmp_ident.o isakmp_agg.o isakmp_base.o isakmp_quick.o isakmp_inf.o isakmp_newg.o gssapi.o dnssec.o getcertsbyname.o privsep.o pfkey.o admin.o evt.o ipsec_doi.o oakley.o grabmyaddr.o vendorid.o policy.o localconf.o remoteconf.o crypto_openssl.o algorithm.o proposal.o sainfo.o strnames.o plog.o logger.o schedule.o str2val.o safefile.o backupsa.o genlist.o rsalist.o cftoken.o cfparse.o prsa_tok.o prsa_par.o sha2.o isakmp_xauth.o isakmp_cfg.o isakmp_unity.o throttle.o vmbuf.o sockmisc.o misc.o ../libipsec/.libs/libipsec.a -L/usr/local/lib -L/usr/lib -lfl -lutil -lreadline /usr/local/lib/libradius.so -pthread -lcrypt /usr/local/lib/libldap.so /usr/local/lib/liblber.so -lssl -lcrypto -Wl,--rpath -Wl,/usr/local/lib -Wl,--rpath -Wl,/usr/local/lib -Wl,--rpath -Wl,/usr/lib isakmp_xauth.o(.text+0x416): In function `xauth_radius_init': /usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:473: undefined reference to `rad_acct_open' isakmp_xauth.o(.text+0x42e):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:479: undefined reference to `rad_config' isakmp_xauth.o(.text+0x450):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:483: undefined reference to `rad_close' isakmp_xauth.o(.text+0x472):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:455: undefined reference to `rad_auth_open' isakmp_xauth.o(.text+0x486):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:461: undefined reference to `rad_config' isakmp_xauth.o(.text+0x4ac):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:465: undefined reference to `rad_close' isakmp_xauth.o(.text+0x52d):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:462: undefined reference to `rad_strerror' isakmp_xauth.o(.text+0x56f):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:480: undefined reference to `rad_strerror' isakmp_xauth.o(.text+0x5bd): In function `xauth_login_radius': /usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:503: undefined reference to `rad_create_request' isakmp_xauth.o(.text+0x5d9):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:510: undefined reference to `rad_put_string' isakmp_xauth.o(.text+0x5f5):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:517: undefined reference to `rad_put_string' isakmp_xauth.o(.text+0x631):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:527: undefined reference to `rad_send_request' isakmp_xauth.o(.text+0x67d):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:546: undefined reference to `rad_get_attr' isakmp_xauth.o(.text+0x6e0):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:546: undefined reference to `rad_get_attr' isakmp_xauth.o(.text+0x759):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:532: undefined reference to `rad_cvt_addr' isakmp_xauth.o(.text+0x781):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:538: undefined reference to `rad_cvt_addr' isakmp_xauth.o(.text+0x7b0):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:504: undefined reference to `rad_strerror' isakmp_xauth.o(.text+0x7e7):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:511: undefined reference to `rad_strerror' isakmp_xauth.o(.text+0x81f):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:518: undefined reference to `rad_strerror' isakmp_xauth.o(.text+0x857):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_xauth.c:558: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x1148): In function `isakmp_cfg_radius_common': /usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1609: undefined reference to `rad_put_addr' isakmp_cfg.o(.text+0x115b):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1616: undefined reference to `rad_put_int' isakmp_cfg.o(.text+0x116d):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1623: undefined reference to `rad_put_int' isakmp_cfg.o(.text+0x117f):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1630: undefined reference to `rad_put_int' isakmp_cfg.o(.text+0x11be):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1617: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x11ea):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1624: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x125f):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1610: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x12c5):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1631: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x131a): In function `isakmp_cfg_accounting': /usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1496: undefined reference to `rad_acct_open' isakmp_cfg.o(.text+0x1354):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1512: undefined reference to `rad_create_request' isakmp_cfg.o(.text+0x1373):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1514: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x13e1):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1520: undefined reference to `rad_put_string' isakmp_cfg.o(.text+0x141a):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1540: undefined reference to `rad_put_addr' isakmp_cfg.o(.text+0x1440):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1542: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x14ae):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1522: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x14d5):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1502: undefined reference to `rad_config' isakmp_cfg.o(.text+0x14f8):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1506: undefined reference to `rad_close' isakmp_cfg.o(.text+0x1526):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1548: undefined reference to `rad_put_addr' isakmp_cfg.o(.text+0x154c):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1550: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x1576):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1503: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x15ea):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1556: undefined reference to `rad_put_int' isakmp_cfg.o(.text+0x160d):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1557: undefined reference to `rad_strerror' isakmp_cfg.o(.text+0x165e):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1567: undefined reference to `rad_send_request' isakmp_cfg.o(.text+0x1688):/usr/home/mgrooms/ipsec-tools/cvs/src/racoon/isakmp_cfg.c:1568: undefined reference to `rad_strerror' Since the test passed, it must have initially found the /usr/lib/ version that contains rad_create_request. Again, as you can see from the output above, the lib we are linking to is in /usr/local/lib. I don't know if this is a problem with autoconf, automake, libtool or our configure.ac file. My understanding of the GNU auto tools is slim to none. I also won't have much time to spend on this problem before the 0.7.1 release. If someone with more autoconf tool know-how would like to take a look at this, I'm sure it would make some FreeBSD users very happy. Thanks, -Matthew |
From: Emmanuel D. <ma...@ne...> - 2008-07-15 08:06:21
|
On Tue, Jul 15, 2008 at 12:50:36AM -0500, Matthew Grooms wrote: > I also won't have much time to spend on this problem before the 0.7.1 > release. If someone with more autoconf tool know-how would like to take > a look at this, I'm sure it would make some FreeBSD users very happy. I am affraid I am the culprit here, since I wrote that chunk of code. Unfortunately I am also clueless about autotools. With no doubt fixing it would please FreeBSD users, so perhaps a FreeBSD user with autotools expertise could work on it? And let us hope the fix will not break builds for other systems. -- Emmanuel Dreyfus ma...@ne... |