argus + sasl: does this works?

Peter Volkov pva at gentoo.org
Sat Nov 7 09:54:37 EST 2009 

В Срд, 28/10/2009 в 10:22 -0400, Carter Bullard пишет: 
> Sasl support is turned on through ./configure, so we don't need (or at  
> least we shouldn't need)  the SASLLIB compile switch.  My configure finds  
> sasl2 and adds "-lsasl2" to @COMPATLIB@, and turns on "ARGUS_SASL=1".

> ./configure --with-sasl=yes

Yup, configure finds sasl, but later argus fails to build with:

gcc -O3 -I.  -I./../include  -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 -DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 -DHAVE_SYS_VFS_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 -DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DHAVE_SYS_BITYPES_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_VSNPRINTF=1 -DHAVE_SNPRINTF=1 -DHAVE_GETADDRINFO=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_NETINET_ETHER_H=1 -DNETINET_ETHER_H_DECLARES_ETHER_HOSTTON=/\*\*/ -DHAVE_DECL_ETHER_HOSTTON=1 -DHAVE_PCAP_LIST_DATALINKS=1 -DHAVE_PCAP_SET_DATALINK=1 -DHAVE_PCAP_DATALINK_NAME_TO_VAL=1 -DHAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION=1 -DHAVE_PCAP_GET_SELECTABLE_FD=1 -DHAVE_PCAP_NEXT_EX=1 -DHAVE_PCAP_DUMP_FTELL=1 -DHAVE_TCP_WRAPPER=1 -DARGUS_SASL=1 -DSTDC_HEADERS=1 -DARGUS_SYSLOG=1 -o ../bin/argus argus.o ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o ArgusUdp.o ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o ArgusFrag.o ArgusAuth.o ArgusApp.o  -lpcap -lwrap -lnsl  ../lib/argus_common.a -lm
ArgusUtil.o: In function `ArgusWriteOutSocket':
ArgusUtil.c:(.text+0x23c5): undefined reference to `sasl_encode'
[snipped other undefined references]

so patch I've sent is required to make argus build here.


> Try the "./configure --with-sasl=yes" on both argus and the clients,  
> and see if that doesn't make it?

Of course I've both client and server are built with sasl support.

> Be sure and run with the ra() clients with "-D2", which should show  
> all the sasl debug messages.

Thank you for this tip. It helped a lot.

> Possibly you don't have an appropriate MECH?

Yup. looks like that. I've managed to get argus working with auxprop
plugin (had to rebuild cyrus-sasl with some database support and create
login/password database.

But still I failed to manage to configure argus to work with saslauthd.
For some reason /etc/sasl2/argus.conf configuration file is ignored.
Here is it's contents:

tablet bin # cat /etc/sasl2/argus.conf
pwcheck_method: saslauthd
saslauthd_path: /var/lib/sasl2/mux
log_level: 5

I've checked twice that on my system sasl2 App.conf should be
in /etc/sasl2, `strace -eopen argus` shows:

open("/etc/sasl2/argus.conf", O_RDONLY) = 5

so yes this file is opened, but for unknown reason argus still tries to
use auxprop plugin. Although this is a problem we can live with it.

But the next failure I have: ratop does not connects without -M nocurses. If I ran:

ratop -D2 -S 127.0.0.1:509

I see 'Username:' request, but I'm unable to enter neither username nor
password. Are there any tricks around this problem?


And last, please, apply patch in attachment to avoid garbage in
debugging output.

-- 
Peter.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: argus-ArgusOutput.c.patch
Type: text/x-patch
Size: 316 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091107/82796e87/attachment.bin>

More information about the argus mailing list