argus + sasl: does this works?

Carter Bullard carter at qosient.com
Sat Nov 7 10:51:52 EST 2009


Peter,
Because there is no "-lsasl2" in your gcc link statement,  I can with  
confidence
know that your ./configure isn't working correctly.  If you add "- 
lsasl2" to
COMPATLIB in your ./argus/Makefile (as a test) then all should work  
well?

What does your config.log indicate about the tests for sasl?
Do you have sasl2 installed or the older sasl?
We shouldn't have to modify the code itself to solve this problem.

Your ratop() isn't working probably because you don't have ncurses  
installed?

Carter

On Nov 7, 2009, at 9:54 AM, Peter Volkov wrote:

> В Срд, 28/10/2009 в 10:22 -0400, Carter Bullard пишет:
>> Sasl support is turned on through ./configure, so we don't need (or  
>> at
>> least we shouldn't need)  the SASLLIB compile switch.  My configure  
>> finds
>> sasl2 and adds "-lsasl2" to @COMPATLIB@, and turns on "ARGUS_SASL=1".
>
>> ./configure --with-sasl=yes
>
> Yup, configure finds sasl, but later argus fails to build with:
>
> gcc -O3 -I.  -I./../include  -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME= 
> \"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" - 
> DPACKAGE_BUGREPORT=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 - 
> DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 - 
> DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 - 
> DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 - 
> DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 - 
> DHAVE_SYS_VFS_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 - 
> DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 - 
> DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DHAVE_SYS_BITYPES_H=1 - 
> DHAVE_INTTYPES_H=1 -DHAVE_VSNPRINTF=1 -DHAVE_SNPRINTF=1 - 
> DHAVE_GETADDRINFO=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_NETINET_ETHER_H=1 - 
> DNETINET_ETHER_H_DECLARES_ETHER_HOSTTON=/\*\*/ - 
> DHAVE_DECL_ETHER_HOSTTON=1 -DHAVE_PCAP_LIST_DATALINKS=1 - 
> DHAVE_PCAP_SET_DATALINK=1 -DHAVE_PCAP_DATALINK_NAME_TO_VAL=1 - 
> DHAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION=1 - 
> DHAVE_PCAP_GET_SELECTABLE_FD=1 -DHAVE_PCAP_NEXT_EX=1 - 
> DHAVE_PCAP_DUMP_FTELL=1 -DHAVE_TCP_WRAPPER=1 -DARGUS_SASL=1 - 
> DSTDC_HEADERS=1 -DARGUS_SYSLOG=1 -o ../bin/argus argus.o  
> ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o ArgusUdp.o  
> ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o ArgusFrag.o  
> ArgusAuth.o ArgusApp.o  -lpcap -lwrap -lnsl  ../lib/argus_common.a -lm
> ArgusUtil.o: In function `ArgusWriteOutSocket':
> ArgusUtil.c:(.text+0x23c5): undefined reference to `sasl_encode'
> [snipped other undefined references]
>
> so patch I've sent is required to make argus build here.
>
>
>> Try the "./configure --with-sasl=yes" on both argus and the clients,
>> and see if that doesn't make it?
>
> Of course I've both client and server are built with sasl support.
>
>> Be sure and run with the ra() clients with "-D2", which should show
>> all the sasl debug messages.
>
> Thank you for this tip. It helped a lot.
>
>> Possibly you don't have an appropriate MECH?
>
> Yup. looks like that. I've managed to get argus working with auxprop
> plugin (had to rebuild cyrus-sasl with some database support and  
> create
> login/password database.
>
> But still I failed to manage to configure argus to work with  
> saslauthd.
> For some reason /etc/sasl2/argus.conf configuration file is ignored.
> Here is it's contents:
>
> tablet bin # cat /etc/sasl2/argus.conf
> pwcheck_method: saslauthd
> saslauthd_path: /var/lib/sasl2/mux
> log_level: 5
>
> I've checked twice that on my system sasl2 App.conf should be
> in /etc/sasl2, `strace -eopen argus` shows:
>
> open("/etc/sasl2/argus.conf", O_RDONLY) = 5
>
> so yes this file is opened, but for unknown reason argus still tries  
> to
> use auxprop plugin. Although this is a problem we can live with it.
>
> But the next failure I have: ratop does not connects without -M  
> nocurses. If I ran:
>
> ratop -D2 -S 127.0.0.1:509
>
> I see 'Username:' request, but I'm unable to enter neither username  
> nor
> password. Are there any tricks around this problem?
>
>
> And last, please, apply patch in attachment to avoid garbage in
> debugging output.
>
> -- 
> Peter.
>
> <argus-ArgusOutput.c.patch>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091107/56bd0cee/attachment.bin>


More information about the argus mailing list