Bug 143493 - freeradius2.1.8 + rlm_perl + libtool2.2 broken
Summary: freeradius2.1.8 + rlm_perl + libtool2.2 broken
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wesley Shields
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-02 18:20 UTC by ncrogers
Modified: 2010-02-22 14:50 UTC (History)
0 users

See Also:


Attachments
file.diff (323 bytes, patch)
2010-02-02 18:20 UTC, ncrogers
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description ncrogers 2010-02-02 18:20:02 UTC
Using FreeRADIUS 2.1.8 installed from ports (ports/net/freeradius2) in conjunction with rlm_perl module and certain perl modules results in a perl exception when loading radiusd.

Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
 at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1)
    (F) The module you tried to load failed to load a dynamic extension. This
    may either mean that you upgraded your version of perl to one that is
    incompatible with your old dynamic extensions (which is known to happen
    between major versions of perl), or (more likely) that your dynamic
    extension was built against an older version of the library that is
    installed on your system. You may need to rebuild your old dynamic
    extensions.

Fix: The problem is due to the fact that FreeRADIUS 2.1.8 still uses the libtool1.5 API. However, the FreeBSD port includes libtool2.2 because 1.5 was removed from the ports tree some time ago. FreeRADIUS has support for the new libtool API in its code via a new function but use of the new function is not enabled yet. Applying a simple patch to compile in the new function that works with the new libtool API fixes the problem. I've attached the patch file to this PR. Placing the file in the port's "files" directory and rebuilding/reinstalling the port fixes radiusd + rlm_perl + IO;

Patch attached with submission follows:
How-To-Repeat: Install freeradius2 (2.1.8) from ports.

Use the following radiusd.conf...

############################################################
# cat /usr/local/etc/raddb/radiusd.conf
user = freeradius
group = freeradius
raddbdir = /usr/local/etc/raddb
logdir = /var/log
libdir = /usr/local/lib
pidfile = /var/run/radiusd/radiusd.pid
prefix = /usr/local
exec_prefix = ${prefix}
localstatedir = /var
sbindir = ${exec_prefix}/sbin
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = /var/log/radius.log
log_destination = files
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 256

listen {
    ipaddr = *
    port = 1812
    type = auth
}

listen {
    ipaddr = *
    port = 1813
    type = acct
}

hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
proxy_requests = no
snmp = no

security {
    max_attributes = 200
    reject_delay = 1
    status_server = no
}

thread pool {
    start_servers = 1
    max_servers = 16
    min_spare_servers = 0
    max_spare_servers = 5
    max_requests_per_server = 0
}

modules {
    perl {
        module = /tmp/freeradius_hook
    }
    
    detail {
        detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
        detailperm = 0644
    }

    acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }

    eap {
        default_eap_type = peap
        timer_expire     = 60
        ignore_unknown_eap_types = no

        #  Generic Token Card.
        #
        #  Currently, this is only permitted inside of EAP-TTLS,
        #  or EAP-PEAP.  The module "challenges" the user with
        #  text, and the response from the user is taken to be
        #  the User-Password.
        #
        #  Proxying the tunneled EAP-GTC session is a bad idea,
        #  the users password will go over the wire in plain-text,
        #  for anyone to see.
        #
        gtc {
            challenge = "Password: "
            auth_type = perl
        }

        tls {
            private_key_password =
            private_key_file = /etc/ssl/server.key
            certificate_file = /etc/ssl/server.crt
            CA_file = /etc/ssl/server.crt
            dh_file = /usr/local/etc/raddb/dhparam
            random_file = /space/rxg/rxgd/bin/random
        }

        ttls {
            default_eap_type = gtc
            copy_request_to_tunnel = yes
            use_tunneled_reply = yes
        }

        peap {
            default_eap_type = gtc
            copy_request_to_tunnel = yes
            use_tunneled_reply = yes
        }
    }

    radutmp {
        filename = ${logdir}/radutmp
        username = %{User-Name}
        case_sensitive = yes
        check_with_nas = yes
        callerid = "yes"
    }

    radutmp sradutmp {
        filename = ${logdir}/sradutmp
        perm = 0644
        callerid = "no"
    }

    attr_filter {
        attrsfile = ${confdir}/attrs
    }

    counter daily {
        filename = ${raddbdir}/db.daily
        key = User-Name
        count-attribute = Acct-Session-Time
        reset = daily
        counter-name = Daily-Session-Time
        check-name = Max-Daily-Session
        allowed-servicetype = Framed-User
        cache-size = 5000
    }

    preprocess {
        huntgroups = ${confdir}/huntgroups
        hints = ${confdir}/hints
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
    }
}

authorize {
    preprocess
    eap
    perl
}

authenticate {
    Auth-Type PERL {
        perl
    }
    eap
}

preacct {
    preprocess
    acct_unique
}

accounting {
    detail
    radutmp
    perl
}

session {
    radutmp
}

############################################################

Create the following perl script in /tmp/freeradius_hook

# cat /tmp/freeradius_hook
#!/usr/bin/perl

use strict;
use diagnostics;

use IO ();

##############################################################

Run freeradius in debug mode

# radiusd -X
FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd8.0, built on Oct 23 2009 at 17:50:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
group = freeradius
user = freeradius
including dictionary file /usr/local/etc/raddb/dictionary
main {
	prefix = "/usr/local"
	localstatedir = "/var"
	logdir = "/var/log"
	libdir = "/usr/local/lib"
	radacctdir = "/var/log/radacct"
	hostname_lookups = no
	max_request_time = 30
	cleanup_delay = 5
	max_requests = 256
	allow_core_dumps = no
	pidfile = "/var/run/radiusd/radiusd.pid"
	checkrad = "/usr/local/sbin/checkrad"
	debug_level = 0
	proxy_requests = no
	log_auth = yes
	log_auth_badpass = no
	log_auth_goodpass = no
	log_stripped_names = no
 security {
	max_attributes = 200
	reject_delay = 1
	status_server = no
 }
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
radiusd: #### Instantiating modules ####
radiusd: #### Loading Virtual Servers ####
server {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_perl
 Module: Instantiating perl
  perl {
	module = "/tmp/freeradius_hook"
	func_authorize = "authorize"
	func_authenticate = "authenticate"
	func_accounting = "accounting"
	func_preacct = "preacct"
	func_checksimul = "checksimul"
	func_detach = "detach"
	func_xlat = "xlat"
	func_pre_proxy = "pre_proxy"
	func_post_proxy = "post_proxy"
	func_post_auth = "post_auth"
  }
Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
 at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6 (#1)
    (F) The module you tried to load failed to load a dynamic extension. This
    may either mean that you upgraded your version of perl to one that is
    incompatible with your old dynamic extensions (which is known to happen
    between major versions of perl), or (more likely) that your dynamic
    extension was built against an older version of the library that is
    installed on your system. You may need to rebuild your old dynamic
    extensions.
    
Uncaught exception from user code:
	Can't load '/usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so' for module IO: /usr/local/lib/perl5/5.8.9/mach/auto/IO/IO.so: Undefined symbol "PL_sv_undef" at /usr/local/lib/perl5/5.8.9/mach/XSLoader.pm line 70.
 at /usr/local/lib/perl5/5.8.9/mach/IO.pm line 11
Compilation failed in require at /tmp/freeradius_hook line 6.
BEGIN failed--compilation aborted at /tmp/freeradius_hook line 6.
 at /tmp/freeradius_hook line 6
rlm_perl: perl_parse failed: /tmp/freeradius_hook not found or has syntax errors.  
/usr/local/etc/raddb/radiusd.conf[65]: Instantiation failed for module "perl"
/usr/local/etc/raddb/radiusd.conf[169]: Failed to find module "perl".
/usr/local/etc/raddb/radiusd.conf[169]: Failed to parse "perl" entry.
Errors initializing modules
Comment 1 Wesley Shields freebsd_committer 2010-02-02 18:31:00 UTC
Responsible Changed
From-To: freebsd-ports-bugs->wxs

I'll take it.
Comment 2 dfilter service freebsd_committer 2010-02-22 14:46:52 UTC
wxs         2010-02-22 14:46:37 UTC

  FreeBSD ports repository

  Modified files:
    net/freeradius2      Makefile 
  Log:
  - Fix libtool problem when using perl option. See ports/143487 for information.
  
  PR:             ports/143487, ports/143656, ports/143493, ports/138445
  Submitted by:   Ryan Steinmetz <rpsfa@rit.edu>
  Approved by:    maintainer timeout
  Feature safe:   yes
  
  Revision  Changes    Path
  1.82      +3 -0      ports/net/freeradius2/Makefile
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Wesley Shields freebsd_committer 2010-02-22 14:47:31 UTC
State Changed
From-To: open->closed

Committed the patch in ports/143487. Thanks!