argus + sasl: does this works?

Peter Volkov pva at gentoo.org
Tue Nov 10 04:12:03 EST 2009 

В Сбт, 07/11/2009 в 10:51 -0500, Carter Bullard пишет:
> Because there is no "-lsasl2" in your gcc link statement,  I can with  
> confidence know that your ./configure isn't working correctly.  If you add "- 
> lsasl2" to COMPATLIB in your ./argus/Makefile (as a test) then all should work  
> well?

Yes, it works.

> What does your config.log indicate about the tests for sasl?

They succeed:
checking sasl/sasl.h usability... yes
checking sasl/sasl.h presence... yes
checking for sasl/sasl.h... yes
checking sasl/saslutil.h usability... yes
checking sasl/saslutil.h presence... yes
checking for sasl/saslutil.h... yes

config.log in attachment.

> Do you have sasl2 installed or the older sasl?

I have dev-libs/cyrus-sasl-2.1.23-r1.

> We shouldn't have to modify the code itself to solve this problem.

Ok, then any suggestion? Reading code I don't see how this could work
without suggested changes.

 $=> grep COMPATLIB * -r
argus/Makefile.in:COMPATLIB = @COMPATLIB@
argus/Makefile.in:LIB = @LIBS@ $(WRAPLIBS) $(COMPATLIB) ../lib/argus_common.a -lm
configure.in:      *) COMPATLIB="$COMPATLIB $V_THREADS"
configure.in:   COMPATLIB="$COMPATLIB -lodm -lcfg"
configure.in:   COMPATLIB="$COMPATLIB -lsocket -lnsl -lrt"
configure.in:AC_SUBST(COMPATLIB)

No sign that -lsasl2 could be in COMPATLIB ^^

> Your ratop() isn't working probably because you don't have ncurses  
> installed?

I have 5.6-r2 version installed:

checking ncurses.h usability... yes
checking ncurses.h presence... yes
checking for ncurses.h... yes
checking for initscr in -lncurses... yes

And ratop works in case I rebuild both argus and argus-client without
sasl.

With best regards,
--
Peter.

> On Nov 7, 2009, at 9:54 AM, Peter Volkov wrote:
> 
> > В Срд, 28/10/2009 в 10:22 -0400, Carter Bullard пишет:
> >> Sasl support is turned on through ./configure, so we don't need (or  
> >> at
> >> least we shouldn't need)  the SASLLIB compile switch.  My configure  
> >> finds
> >> sasl2 and adds "-lsasl2" to @COMPATLIB@, and turns on "ARGUS_SASL=1".
> >
> >> ./configure --with-sasl=yes
> >
> > Yup, configure finds sasl, but later argus fails to build with:
> >
> > gcc -O3 -I.  -I./../include  -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME= 
> > \"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" - 
> > DPACKAGE_BUGREPORT=\"\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 - 
> > DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 - 
> > DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 - 
> > DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_STRING_H=1 - 
> > DHAVE_FCNTL_H=1 -DHAVE_SYS_FILE_H=1 -DHAVE_SYSLOG_H=1 - 
> > DHAVE_SYS_VFS_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 - 
> > DHAVE_STRDUP=1 -DHAVE_STRFTIME=1 -DHAVE_SETLINEBUF=1 -DHAVE_ALARM=1 - 
> > DHAVE_STRERROR=1 -DHAVE_STRTOF=1 -DHAVE_SYS_BITYPES_H=1 - 
> > DHAVE_INTTYPES_H=1 -DHAVE_VSNPRINTF=1 -DHAVE_SNPRINTF=1 - 
> > DHAVE_GETADDRINFO=1 -DHAVE_ETHER_HOSTTON=1 -DHAVE_NETINET_ETHER_H=1 - 
> > DNETINET_ETHER_H_DECLARES_ETHER_HOSTTON=/\*\*/ - 
> > DHAVE_DECL_ETHER_HOSTTON=1 -DHAVE_PCAP_LIST_DATALINKS=1 - 
> > DHAVE_PCAP_SET_DATALINK=1 -DHAVE_PCAP_DATALINK_NAME_TO_VAL=1 - 
> > DHAVE_PCAP_DATALINK_VAL_TO_DESCRIPTION=1 - 
> > DHAVE_PCAP_GET_SELECTABLE_FD=1 -DHAVE_PCAP_NEXT_EX=1 - 
> > DHAVE_PCAP_DUMP_FTELL=1 -DHAVE_TCP_WRAPPER=1 -DARGUS_SASL=1 - 
> > DSTDC_HEADERS=1 -DARGUS_SYSLOG=1 -o ../bin/argus argus.o  
> > ArgusModeler.o ArgusSource.o ArgusUtil.o ArgusOutput.o ArgusUdp.o  
> > ArgusTcp.o ArgusIcmp.o ArgusIgmp.o ArgusEsp.o ArgusArp.o ArgusFrag.o  
> > ArgusAuth.o ArgusApp.o  -lpcap -lwrap -lnsl  ../lib/argus_common.a -lm
> > ArgusUtil.o: In function `ArgusWriteOutSocket':
> > ArgusUtil.c:(.text+0x23c5): undefined reference to `sasl_encode'
> > [snipped other undefined references]
> >
> > so patch I've sent is required to make argus build here.
> >
> >
> >> Try the "./configure --with-sasl=yes" on both argus and the clients,
> >> and see if that doesn't make it?
> >
> > Of course I've both client and server are built with sasl support.
> >
> >> Be sure and run with the ra() clients with "-D2", which should show
> >> all the sasl debug messages.
> >
> > Thank you for this tip. It helped a lot.
> >
> >> Possibly you don't have an appropriate MECH?
> >
> > Yup. looks like that. I've managed to get argus working with auxprop
> > plugin (had to rebuild cyrus-sasl with some database support and  
> > create
> > login/password database.
> >
> > But still I failed to manage to configure argus to work with  
> > saslauthd.
> > For some reason /etc/sasl2/argus.conf configuration file is ignored.
> > Here is it's contents:
> >
> > tablet bin # cat /etc/sasl2/argus.conf
> > pwcheck_method: saslauthd
> > saslauthd_path: /var/lib/sasl2/mux
> > log_level: 5
> >
> > I've checked twice that on my system sasl2 App.conf should be
> > in /etc/sasl2, `strace -eopen argus` shows:
> >
> > open("/etc/sasl2/argus.conf", O_RDONLY) = 5
> >
> > so yes this file is opened, but for unknown reason argus still tries  
> > to
> > use auxprop plugin. Although this is a problem we can live with it.
> >
> > But the next failure I have: ratop does not connects without -M  
> > nocurses. If I ran:
> >
> > ratop -D2 -S 127.0.0.1:509
> >
> > I see 'Username:' request, but I'm unable to enter neither username  
> > nor
> > password. Are there any tricks around this problem?
> >
> >
> > And last, please, apply patch in attachment to avoid garbage in
> > debugging output.
> >
> > -- 
> > Peter.
> >
> > <argus-ArgusOutput.c.patch>
> 


-- 
Peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: config.log.gz
Type: application/x-gzip
Size: 7444 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20091110/5bd3485c/attachment.bin>

More information about the argus mailing list