ports/143493: freeradius2.1.8 + rlm_perl + libtool2.2 broken
Nick Rogers
ncrogers at gmail.com
Tue Feb 2 18:20:02 UTC 2010
>Number: 143493
>Category: ports
>Synopsis: freeradius2.1.8 + rlm_perl + libtool2.2 broken
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Tue Feb 02 18:20:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Nick Rogers
>Release: 8.0-RELEASE
>Organization:
>Environment:
FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009 root at almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Using FreeRADIUS 2.1.8 installed from ports (ports/net/freeradius2) in conjunction with rlm_perl module and certain perl modules results in a perl exception when loading radiusd.
Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1)
(F) The module you tried to load failed to load a dynamic extension. This
may either mean that you upgraded your version of perl to one that is
incompatible with your old dynamic extensions (which is known to happen
between major versions of perl), or (more likely) that your dynamic
extension was built against an older version of the library that is
installed on your system. You may need to rebuild your old dynamic
extensions.
>How-To-Repeat:
Install freeradius2 (2.1.8) from ports.
Use the following radiusd.conf...
############################################################
# cat /usr/local/etc/raddb/radiusd.conf
user = freeradius
group = freeradius
raddbdir = /usr/local/etc/raddb
logdir = /var/log
libdir = /usr/local/lib
pidfile = /var/run/radiusd/radiusd.pid
prefix = /usr/local
exec_prefix = ${prefix}
localstatedir = /var
sbindir = ${exec_prefix}/sbin
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = /var/log/radius.log
log_destination = files
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256
listen {
ipaddr = *
port = 1812
type = auth
}
listen {
ipaddr = *
port = 1813
type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
proxy_requests = no
snmp = no
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
thread pool {
start_servers = 1
max_servers = 16
min_spare_servers = 0
max_spare_servers = 5
max_requests_per_server = 0
}
modules {
perl {
module = /tmp/freeradius_hook
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0644
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
# Generic Token Card.
#
# Currently, this is only permitted inside of EAP-TTLS,
# or EAP-PEAP. The module "challenges" the user with
# text, and the response from the user is taken to be
# the User-Password.
#
# Proxying the tunneled EAP-GTC session is a bad idea,
# the users password will go over the wire in plain-text,
# for anyone to see.
#
gtc {
challenge = "Password: "
auth_type = perl
}
tls {
private_key_password =
private_key_file = /etc/ssl/server.key
certificate_file = /etc/ssl/server.crt
CA_file = /etc/ssl/server.crt
dh_file = /usr/local/etc/raddb/dhparam
random_file = /space/rxg/rxgd/bin/random
}
ttls {
default_eap_type = gtc
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
peap {
default_eap_type = gtc
copy_request_to_tunnel = yes
use_tunneled_reply = yes
}
}
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
}
authorize {
preprocess
eap
perl
}
authenticate {
Auth-Type PERL {
perl
}
eap
}
preacct {
preprocess
acct_unique
}
accounting {
detail
radutmp
perl
}
session {
radutmp
}
############################################################
Create the following perl script in /tmp/freeradius_hook
# cat /tmp/freeradius_hook
#!/usr/bin/perl
use strict;
use diagnostics;
use IO ();
##############################################################
Run freeradius in debug mode
# radiusd -X
FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd8.0, built on Oct 23 2009 at 17:50:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
group = freeradius
user = freeradius
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/var"
logdir = "/var/log"
libdir = "/usr/local/lib"
radacctdir = "/var/log/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 256
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
log_stripped_names = no
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = "/tmp/freeradius_hook"
func_authorize = "authorize"
func_authenticate = "authenticate"
func_accounting = "accounting"
func_preacct = "preacct"
func_checksimul = "checksimul"
func_detach = "detach"
func_xlat = "xlat"
func_pre_proxy = "pre_proxy"
func_post_proxy = "post_proxy"
func_post_auth = "post_auth"
}
Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1)
(F) The module you tried to load failed to load a dynamic extension. This
may either mean that you upgraded your version of perl to one that is
incompatible with your old dynamic extensions (which is known to happen
between major versions of perl), or (more likely) that your dynamic
extension was built against an older version of the library that is
installed on your system. You may need to rebuild your old dynamic
extensions.
Uncaught exception from user code:
Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6.
at /tmp/freeradius_hook line 6
rlm_perl: perl_parse failed: /tmp/freeradius_hook not found or has syntax errors.
/usr/local/etc/raddb/radiusd.conf[65]: Instantiation failed for module "perl"
/usr/local/etc/raddb/radiusd.conf[169]: Failed to find module "perl".
/usr/local/etc/raddb/radiusd.conf[169]: Failed to parse "perl" entry.
Errors initializing modules
>Fix:
The problem is due to the fact that FreeRADIUS 2.1.8 still uses the libtool1.5 API. However, the FreeBSD port includes libtool2.2 because 1.5 was removed from the ports tree some time ago. FreeRADIUS has support for the new libtool API in its code via a new function but use of the new function is not enabled yet. Applying a simple patch to compile in the new function that works with the new libtool API fixes the problem. I've attached the patch file to this PR. Placing the file in the port's "files" directory and rebuilding/reinstalling the port fixes radiusd + rlm_perl + IO;
Patch attached with submission follows:
--- modules.c 2010-02-02 09:16:35.000000000 -0800
+++ modules.c 2010-02-02 09:17:06.000000000 -0800
@@ -207,6 +207,7 @@
* Solve the issues of libraries linking to other libraries
* by using a newer libltdl API.
*/
+#define HAVE_LT_DLADVISE_INIT
#ifndef HAVE_LT_DLADVISE_INIT
#define fr_dlopenext lt_dlopenext
#else
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list