my struggle with the build system

Tue Jan 14 14:20:13 UTC 2025

On Jan 14, 2025, at 8:45 AM, David Huss <david.huss at hfbk-hamburg.de> wrote:
> I am trying to add argon2-support to the rlm_pap module in v3.0 of freeradius. argon2 is a modern password hashing algorithm that our (art university) LDAP uses. Now we were under the (obviously wrong) assumption that any program would send the cleartext password to our LDAP and ask it for a thumbs-up/down. Hence the need to add the hashing function.

  I don't understand the issue.   If the PAP module needs to be updated with argon hashing, then it has the clear-text password.  Which means that the LDAP module can send the clear-text password to the LDAP server.

  Does your LDAP server forbid clear-text passwords for user authentication?

  If so, that seems not just weird, but downright stupid.

> I think I am fine in terms of the code, but am fighting a bit with the build system.
> 
> Does anybody have pointers where I would add the dependencies? I didn't find any documentation on that and my learnings from looking at other modules was somewhat limited. My first hunch was to add them to src/includes and to src/includes/all.mk but then I realized all the implementation C-files are located at src/lib

 Yes.

> So I tried the following:
> - adding argon.h to src/includes/argon.h
> - adding argon.h to src/includes/all.mk
> - adding all of the argon.h dependencies to src/includes as well

  I'm not sure what that last line means.  Normally a header file just includes what it needs.

> - adding argon.c to src/lib/argon.c
> - adding argon.c to src/lib.all.mk
> - adding all of the argon.c dependencies (.c-files) to src/lib

  Again, what does that mean?  "I added a bunch of stuff" doesn't tell me anything.

  If you're adding .c files to the build system, then they have to be added to the build system.  i.e. if you expect the server to build and use a .c file, then it has to be added to the relevant Makefile.  This is how the build system works.

> This does not work as the linker fails to find some functions from the argon.c dependencies:
> 
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `fill_memory_blocks'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `finalize'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `clear_internal_memory'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `numlen'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `validate_inputs'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `initialize'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `decode_string'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `b64len'
> /usr/bin/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `encode_string'
> 
> Is there a correct way of adding those dependencies? Forgive my C-noob-question..

  You've added argon.c to src/lib/all.mk, but likely haven't added the other new .c files to src/lib/all.mk.  Go do that, and it should be fine.

  Or, just send the clear-text password to the LDAP server.  If that's forbidden, then you should explain very slowly to the system administrator that forbidding clear-text passwords is ridiculous.

  Alan DeKok.