Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 375713 - net-proxy/dante-1.3.1 can not enable "preload"
Summary: net-proxy/dante-1.3.1 can not enable "preload"
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Network Proxy Developers (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-20 04:11 UTC by kouyu
Modified: 2013-03-04 12:34 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Temporary patch for dante to enable preload (dante-enable-preload.patch,829 bytes, patch)
2011-07-22 05:18 UTC, kouyu
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description kouyu 2011-07-20 04:11:46 UTC
When I executed /usr/bin/socksify which belongs to net-proxy/dante-1.3.1, the program refused to run, and told me "error: dante client not built with preloading support."

Then I wanted to find where the problem is. I digged into the source of dante, and I found that the result of running ./configure told me "preload" is disabled.

So I read ./configure, ./config.log and ./preload.m4 in dante source directory. And then I found dante configure uses the code as following to check if preload can be enabled.

#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
   char buf[1024];

   strcpy(buf, "lari -V ");
   strcat(buf, argv[0]);
   strcat(buf, " | grep read | grep protected > /dev/null");

   /*
    * return error if 'protected'
    * (ignore errors, not indicative of blocking) */
   if (system(buf) == 0)
        return 1;
   else
        return 0;
}

ssize_t
read(d, buf, nbytes)
   int d;
   void *buf;
   size_t nbytes;
{
   return 0;
}

Obviously, in Linux system, there is no program named as "lari", so running this test program must be failed. In config.log, you can also see the failure result, as following.

configure:31760: checking libc preload blocking
configure:31813: x86_64-pc-linux-gnu-gcc -o conftest  -g  -pipe  -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -U__GNUC__ -D__GNUC__=0 -DDEBUG=1  conftest.c  -ldl  >&5
configure:31816: $? = 0
configure:31822: ./conftest
sh: lari: command not found
configure:31825: $? = 0
configure:31827: result: no


Reproducible: Always

Steps to Reproduce:
1. Decompress dante source package
2. ./configure
Actual Results:  
Then you can see the result tells you that "preload" is disabled.

Expected Results:  
"Preload" should have been enabled in Linux system.
Comment 1 kouyu 2011-07-20 04:29:43 UTC
Output of emerge -vp dante is
[ebuild   R    ] net-proxy/dante-1.3.1  USE="pam tcpd -debug -kerberos (-selinux) -static-libs"

emerge --info

Portage 2.2.0_alpha45 (default/linux/amd64/10.0, gcc-4.5.2, glibc-2.13-r4, 2.6.38-tuxonice-r2-ibm-thinkpad-x60 x86_64)
=================================================================
System uname: Linux-2.6.38-tuxonice-r2-ibm-thinkpad-x60-x86_64-Intel-R-_Core-TM-2_CPU_T7200_@_2.00GHz-with-gentoo-2.0.3
Timestamp of tree: Wed, 20 Jul 2011 00:00:01 +0000
ccache version 3.1.5 [disabled]
app-shells/bash:          4.2_p10
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.2, 3.1.3-r1, 3.2
dev-util/ccache:          3.1.5
dev-util/cmake:           2.8.5-r2
dev-util/pkgconfig:       0.26
sys-apps/baselayout:      2.0.3
sys-apps/openrc:          0.8.3-r1
sys-apps/sandbox:         2.5
sys-devel/autoconf:       2.13, 2.68
sys-devel/automake:       1.9.6-r3, 1.10.3, 1.11.1-r1
sys-devel/binutils:       2.21.1
sys-devel/gcc:            4.5.2
sys-devel/gcc-config:     1.4.1-r1
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r1
sys-kernel/linux-headers: 2.6.38 (virtual/os-headers)
sys-libs/glibc:           2.13-r4
Repositories: gentoo dottout sunrise gentoo-zh zugaina wschlich wschlich-testing kouhy
Installed sets: 
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA dlj-1.1 PUEL skype-eula AdobeFlash-10 AdobeFlash-10.1 googleearth"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -msse3 -mfpmath=sse -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /etc/udev/rules.d /lib64/rc /lib64/rcscripts /lib64/udev/rules.d /lib64/udev/uam /usr/sbin/laptop_mode /usr/share/gnupg/qualified.txt /usr/share/laptop-mode-tools /usr/share/openvpn/easy-rsa /usr/share/vim/vimfiles/ftdetect"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo"
CXXFLAGS="-march=core2 -msse3 -mfpmath=sse -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests binpkg-logs candy collision-protect distlocks ebuild-locks fixlafiles fixpackages metadata-transfer news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS=""
GENTOO_MIRRORS="http://gentoo.osuosl.org/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en zh zh_CN zh_HK zh_TW en_US"
MAKEOPTS="-j3"
PKGDIR="/var/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/dottout /var/lib/layman/sunrise /var/lib/layman/gentoo-zh /var/lib/layman/zugaina /var/lib/layman/wschlich /var/lib/layman/wschlich-testing /usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext aalib acl acpi alsa amd64 berkdb bluetooth bzip2 cdr cjk cli cracklib crypt cups cxx dbus directfb dri dts dv dvd fbcon fortran gdbm gif gpm gstreamer iconv ieee1394 ipv6 javascript jpeg lame laptop libcaca mad mmx mmxext modules mp3 mpeg mudflap multilib ncurses nls nptl nptlonly openmp pam pcre perl png posix pppd python quicktime readline sdl session socks5 sse sse2 sse3 ssl ssse3 startup-notification sysfs tcpd threads unicode upnp v4l2 wifi x264 xml xorg xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="canon ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" FOO2ZJS_DEVICES="hp1020" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev ps2mouse serialmouse linuxinput joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en zh zh_CN zh_HK zh_TW en_US" LIRC_DEVICES="alsa_usb audio_alsa irlink logitech macmini mceusb mouseremote mouseremote_ps2 mp3anywhere mplay parallel samsung serial sir tvbox udp usbx userspace wpc8769l xboxusb" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel i945 i810 vesa fbdev vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 2 kouyu 2011-07-20 06:05:51 UTC
In addition to the error I mentioned above, I found another error in dante configure script. This error may also cause "preload" is disabled. 

From the 31499th line, the code as following:

for file in `ldconfig -p | grep /libc.so| xargs -n 1 echo | grep /libc.so`; do
    test -s "$file" && LIBC_ALTS="${LIBC_ALTS}${LIBC_ALTS:+ }$file"
done
LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/.*\///' | sort -nr | head -n 1`


On my system, the output of command "ldconfig -p | grep /libc.so| xargs -n 1 echo | grep /libc.so" is (as following)
/libc.so
/lib64/libc.so.6
/lib32/libc.so.6
/usr/lib32/libc.so.5

So after for loop, the value of $LIBC_ALTS is
"/lib64/libc.so.6 /lib32/libc.so.6 /usr/lib32/libc.so.5"

You can see the result is just one line. But obviously the last command "LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/.*\///' | sort -nr | head -n 1`" requires the result is more than one line.

The one line value of $LIBC_ALTS, which is wrong, causes the final result, the name of libc, on my system is libc.so.5, which belongs to app-emulation/emul-linux-x86-compat. This is absolutely wrong. The libc name should be libc.so.6, which is the native glibc on my system.

This is a significant error, isn't it. I'm not sure whether this error can cause other more serious problem.

I think the last command should be changed into:
LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/ \+/\n/g' | sed -e 's/.*\///' | sort -nr | head -n 1`

That means, first of all, replace whitespace with newline.
Comment 3 Jeroen Roovers gentoo-dev 2011-07-21 13:46:49 UTC
It would be easy to test if your system supported preload after all: Edit the installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is set.
Comment 4 Jeroen Roovers gentoo-dev 2011-07-21 14:11:29 UTC
Actually, I can't reproduce that error, despite not having lari(1) installed either. Could you attach the entire build log, please?
Comment 5 kouyu 2011-07-22 04:55:10 UTC
(In reply to comment #3)
> It would be easy to test if your system supported preload after all: Edit the
> installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is
> set.


Of course, I had already tested it in your way before I first reported this bug.
And socksify worked fine. And I use tsocks for a long time, it works fine too. So I belive my system does support preload, but ./configure in dante doesn't think so.
Comment 6 kouyu 2011-07-22 05:18:22 UTC
Created attachment 280567 [details, diff]
Temporary patch for dante to enable preload

This patch includes two parts.
1st correct an obvious bug in configure script.
2nd avoid executing 'lari' on my system, because there is no command 'lari' at all.
Comment 7 kouyu 2011-07-22 05:55:52 UTC
(In reply to comment #4)
> Actually, I can't reproduce that error, despite not having lari(1) installed
> either. Could you attach the entire build log, please?

Maybe I didn't make myself clear. I didn't say there is error when emerge dante, or configure/compile dante. What I said is the result of ./configure is not correct. ./configure can run successfully, but the checking result is not what I expect.

I think there is no need to show you the entire build.log, but if you insist, I will upload it for you.

The following is the snippet of build.log after compiling dante without my patch. (I have uploaded my patch above)

                     Configure status:

Preloading:        Disabled
GSSAPI:            Not found/disabled
KRB5:              Not found/disabled
LDAP:              Not found/disabled
SASL:              Not found/disabled
UPNP:              Supported library not found

                     Modules:

redirect:          Not found
bandwidth:         Not found
session:           Not found
ldap:              Not found


You can see the configure status is preloading disabled. In order to change the configure status into preloading enabled. I found two bugs (see Comment #1 and Comment #3). So my patch includes two parts to correct these two bugs. The two parts in my patch are all necessary.

The 1st bug I had mentioned in Comment #3 causes the LIBC_NAME is libc.so.5, and this LIBC_NAME causes one conftest.c fail to run, which start at line 31616 in ./configure , shown as below.

/* end confdefs.h.  */

#include <dlfcn.h>
#include <stdio.h>

#include "include/symbols.h"

int main()
{
        void *lib;
        void *sym;

        if ((lib = dlopen(LIBRARY_CONNECT, DL_LAZY)) == NULL) {
                fprintf(stderr, "dlopen: %s\n", dlerror());
                return 1;
        }
        (void)dlerror();
        if ((sym = dlsym(lib, SYMBOL_CONNECT)) == NULL) {
                fprintf(stderr, "dlsym: %s\n", dlerror());
                return 1;
        }
        return 0;
}


In the code above, the LIBRARY_CONNECT will be expand to LIBRARY_LIBC (refer to "include/symbols.h" of dante). And LIBRARY_LIBC is ${LIBC_NAME} (which is libc.so.5), you can see the line 31519 in ./configure . 

So dlopen tries to open libc.so.5 in system path, but there is just libc.so.6, no libc.so.5 in system path on my system. So dlopen fails, and the failure causes ./configure thinks my system doesn't support preload (you can see the line 31672 in ./configure, it sets no_preload=t).


The 2nd bug is that command 'lari' does not exist in Linux system. So in my patch, I make another conftest.c return 1 at the beginning. That will avoid executing 'lari', and return 1 means preload can be enabled.


I think you can understand what I say by reading my patch. And I want say it again, there is no error when emerge dante. The problem is the configure status/result does not reflect the actual situation of my system.
Comment 8 Jeroen Roovers gentoo-dev 2011-07-22 13:30:49 UTC
(In reply to comment #5)
> (In reply to comment #3)
> > It would be easy to test if your system supported preload after all: Edit the
> > installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is
> > set.
> 
> 
> Of course, I had already tested it in your way before I first reported this
> bug.
> And socksify worked fine. And I use tsocks for a long time, it works fine too.

Right, so it's just the preload.m4 test that somehow fails for you and not for me.

> So I belive my system does support preload, but ./configure in dante doesn't
> think so.

Yes.
Comment 9 kouyu 2011-07-22 16:53:01 UTC
(In reply to comment #8)
> (In reply to comment #5)
> > (In reply to comment #3)
> > > It would be easy to test if your system supported preload after all: Edit the
> > > installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is
> > > set.
> > 
> > 
> > Of course, I had already tested it in your way before I first reported this
> > bug.
> > And socksify worked fine. And I use tsocks for a long time, it works fine too.
> 
> Right, so it's just the preload.m4 test that somehow fails for you and not for
> me.
> 
> > So I belive my system does support preload, but ./configure in dante doesn't
> > think so.
> 
> Yes.

So I found there are two bugs why ./configure doesn't think my system supports preload. And I made a patch to correct it temporarily.
Comment 10 Jeroen Roovers gentoo-dev 2011-08-02 03:12:03 UTC
I agree with the ldconfig -p change, but I still wonder why your system should return '0' on the lari -V output. It should be 1 since "protected" isn't found in lari's output.
Comment 11 Tim Harder gentoo-dev 2011-08-04 16:31:55 UTC
I'd be interested in seeing a complete build log as well since I can't reproduce the issue and the test for the Solaris lari tool outputs the same info for me.
Comment 12 kouyu 2011-08-10 05:12:50 UTC
Sorry for late reply, and sorry again, because I am in a business trip, so I have to provide what you need after I go back. Please wait for me, thank you :)
Comment 13 Tom Wijsman (TomWij) (RETIRED) gentoo-dev 2013-03-04 12:34:33 UTC
(In reply to comment #12)
> Sorry for late reply, and sorry again, because I am in a business trip, so I
> have to provide what you need after I go back. Please wait for me, thank you
> :)

Let us know when you return, maybe we should look into whether this lari part can be done using readelf instead.