search

kravietz / pam_tacplus

TACACS+ protocol client library and PAM module in C. This PAM module support authentication, authorization (account management) and accounting (session management)performed using TACACS+ protocol designed by Cisco.
GNU Lesser General Public License v3.0
132 stars 102 forks source link

Does not compile without getrandom() #190

Closed nafmo closed 2 years ago

nafmo commented 2 years ago

I am trying to update a build of libtac on Red Hat Enterprise Linux 7 (or, to be more precise, CentOS 7), which has GLibC 2.17. It does not support getrandom(), which appeared in 2.25. The configure script correctly undefines HAVE_GETRANDOM, but the compile fails as getrandom() is used without a test in libtac/lib/crypt.c:digest_chap(), and is included without an ifdef in libtac/include/libtac.h and libtac/lib/crypt.c.

This is an old OS, and it is closing in on end-of-life, so if this is not going to be supported, the configure script should be updated to reject platforms where getrandom() is not defined.

diff --git a/libtac/include/libtac.h b/libtac/include/libtac.h
index 90990fc6b3e..b8217ec9ba3 100644
--- a/libtac/include/libtac.h
+++ b/libtac/include/libtac.h
@@ -57,7 +57,9 @@ extern "C"
 #include <getopt.h>
 #include <stdlib.h>
 #include <string.h>
+#ifdef HAVE_GETRANDOM
 #include <sys/random.h>
+#endif
 #include "gl_array_list.h"
 #include "gl_list.h"
 #include "gl_xlist.h"
diff --git a/libtac/lib/crypt.c b/libtac/lib/crypt.c
index e56c97a392d..15b725885e9 100644
--- a/libtac/lib/crypt.c
+++ b/libtac/lib/crypt.c
@@ -21,7 +21,9 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
+#ifdef HAVE_GETRANDOM
 #include <sys/random.h>
+#endif

 #include "libtac.h"
kravietz commented 2 years ago

@nafmo Thank you Peter, this will go into the next release.

nafmo commented 2 years ago

The patch doesn't fix the use of getrandom() in crypt.c, though, I don't know the code well enough to know what to write as an alternative path.

kravietz commented 2 years ago

@nafmo getrandom() should be provided by gnulib if it's not available on your system. Have you completed the gnulib-tool step?

nafmo commented 2 years ago

Maybe I am not doing it correctly, then. The gnulib-devel RPM on CentOS 7 is too old (does not provide the malloca.c file that the build scripts check for), so I ran the install step on Rocky Linux 9 and copied the files over to my CentOS 7 installation. That seemed not to give me the needed functions, I will have to try again with tomorrow.

kravietz commented 2 years ago

@nafmo This is a known problem, please try this step https://github.com/kravietz/pam_tacplus#outdated-gnulib

nafmo commented 2 years ago

Thanks for the pointer. I cannot get it to find the lib/sys/random.h from the #include <sys/random.h> directive with the standard build rules out of the box, so I guess I need to either patch all includes to #else #include "lib/sys/random.h", or add the lib/sys directory to the include search path somehow, possibly by passing CFLAGS to the configure script?

I am doing all my builds out-of-tree since I am building for multiple platforms on my development machine, this might complicate things. The lib/sys/random.h file is generated inside the build tree, not the source tree

$ cd $BUILD
$ ls -l lib/sys/
totalt 136
-rw-r--r-- 1 peter peter 26574 2022-11-17 09:45 random.h
-rw-r--r-- 1 peter peter 46954 2022-11-17 09:45 socket.h
-rw-r--r-- 1 peter peter 49372 2022-11-17 09:45 stat.h
-rw-r--r-- 1 peter peter  3049 2022-11-17 09:45 types.h
-rw-r--r-- 1 peter peter  1628 2022-11-17 09:45 uio.h
nafmo commented 2 years ago

This patch fixes compile on RHEL 7 for me, at least for the parts I am using. It now finds the sys/random.h file from the build tree. I had to re-instate the #include I removed above.

From 861bf7947b9ff8d8a6e5703fc0e8e75b9f4878e3 Mon Sep 17 00:00:00 2001
From: Peter Krefting <peter@softwolves.pp.se>
Date: Thu, 17 Nov 2022 11:32:27 +0100
Subject: [PATCH] Fix out-of-tree build

Fixes out-of-tree build when using gnulib replacement for getrandom().

---
 Makefile.am        | 16 ++++++++--------
 libtac/lib/crypt.c |  2 --
 2 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index 7ecd93e073b..9c883eab404 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,7 @@ AM_CFLAGS = -Wall -Wextra -Werror
 bin_PROGRAMS = tacc
 tacc_SOURCES = tacc.c
 tacc_LDADD = libtac.la $(LTLIBINTL) $(LIB_CRYPTO)  $(LIB_GETRANDOM)
-tacc_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include @rt_debug_defines@ -I $(top_srcdir)/lib
+tacc_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include @rt_debug_defines@ -I $(top_srcdir)/lib -I $(top_builddir)/lib
 #endif

 lib_LTLIBRARIES = libtac.la
@@ -45,7 +45,7 @@ libtac_la_SOURCES = \
     libtac/lib/xstrncpy.c \
     $(libtac_include_HEADERS)

-libtac_la_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib @rt_debug_defines@
+libtac_la_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib @rt_debug_defines@
 libtac_la_LIBADD = lib/libgnu.la $(LTLIBINTL) $(LIB_CRYPTO) $(LIB_GETRANDOM)

 moduledir = @pamdir@
@@ -54,7 +54,7 @@ pam_tacplus_la_SOURCES = pam_tacplus.h \
     pam_tacplus.c \
     support.h \
     support.c
-pam_tacplus_la_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+pam_tacplus_la_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib
 pam_tacplus_la_LDFLAGS = -module -avoid-version
 pam_tacplus_la_LIBADD = libtac.la

@@ -76,15 +76,15 @@ check_PROGRAMS = tests/libtac/c-pap tests/libtac/c-chap tests/libtac/c-login tes
 bin_PROGRAMS += tests/runtests

 tests_libtac_c_pap_LDADD = $(top_srcdir)/tests/tap/libtap.a $(top_srcdir)/libtac.la
-tests_libtac_c_pap_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+tests_libtac_c_pap_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib
 tests_libtac_c_chap_LDADD = $(top_srcdir)/tests/tap/libtap.a $(top_srcdir)/libtac.la
-tests_libtac_c_chap_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+tests_libtac_c_chap_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib
 tests_libtac_c_login_LDADD = $(top_srcdir)/tests/tap/libtap.a $(top_srcdir)/libtac.la
-tests_libtac_c_login_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+tests_libtac_c_login_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib
 tests_libtac_c_author_LDADD = $(top_srcdir)/tests/tap/libtap.a $(top_srcdir)/libtac.la
-tests_libtac_c_author_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+tests_libtac_c_author_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib
 tests_libtac_c_acct_LDADD = $(top_srcdir)/tests/tap/libtap.a $(top_srcdir)/libtac.la
-tests_libtac_c_acct_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib
+tests_libtac_c_acct_CFLAGS = $(AM_CFLAGS) -I $(top_srcdir)/libtac/include -I $(top_srcdir)/lib -I $(top_builddir)/lib

 noinst_LIBRARIES = tests/tap/libtap.a
 tests_tap_libtap_a_SOURCES = tests/tap/basic.c tests/tap/basic.h tests/tap/macros.h
diff --git a/libtac/lib/crypt.c b/libtac/lib/crypt.c
index 15b725885e9..e56c97a392d 100644
--- a/libtac/lib/crypt.c
+++ b/libtac/lib/crypt.c
@@ -21,9 +21,7 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#ifdef HAVE_GETRANDOM
 #include <sys/random.h>
-#endif

 #include "libtac.h"

-- 
2.36.1