Can't compile FreeRADIUS with pam module

John Dennis jdennis at redhat.com
Mon Nov 9 23:57:55 CET 2009


On 11/09/2009 05:05 PM, Chico Sokol wrote:
> Funny, configure's output seems to be fine:
>
> checking for pam_start in -lpam... yes
> checking security/pam_appl.h usability... yes
> checking security/pam_appl.h presence... yes
> checking for security/pam_appl.h... yes
> checking pam/pam_appl.h usability... yes
> checking pam/pam_appl.h presence... yes
> checking for pam/pam_appl.h... yes
>
> Well, I solved by changing the module's code (rlm_pam.c), including
> always my pam header file (witch is placed at /usr/include/pam),
> without that configure directive. It's definitely not the best way to
> fix it, but it works.

Ah ... I think I see the problem. You have *both* sets of pam header 
files installed on your system, that's weird, how did that happen?

Anyway the rlm_pam configure script and code look wrong to me.

The header file check in configure.in is coded this way:

	AC_CHECK_HEADERS( \
			security/pam_appl.h \
			pam/pam_appl.h \
			)

And the C code in rlm_pam.c has this:

#ifdef HAVE_SECURITY_PAM_APPL_H
#include	<security/pam_appl.h>
#endif

#ifdef HAVE_PAM_PAM_APPL_H
#include	<pam/pam_appl.h>
#endif

Hopefully you can see what will happen when you have both sets of header 
files installed, the compiler will try include them twice and it will 
succeed because the "guard" at the top of header looks like this:

#ifndef _SECURITY_PAM_APPL_H
#define _SECURITY_PAM_APPL_H

I presume the guard for pam/pam_appl.h looks the same.

Thus you'll include the definitions twice which is clearly wrong and 
will cause compiler errors.

So the easy fix is don't install duplicate sets of pam header files.

But the more robust fix would be to fix configure.in and the C code 
include directives so that the action-if-found clause of 
AC_CHECK_HEADERS added a -I to pam_cflags with the directory the header 
was found in and then did an explicit "break"

The C code should be:

#include "pam_appl.h"

This way the if more than one set of header files is installed it picks 
the first one in the list it finds and sets an explicit -I include 
directive for it.
-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



More information about the Freeradius-Users mailing list