Trouble compiling heimdal 1.3.3 with openssl 1.0.0a for sparc solaris 9

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Trouble compiling heimdal 1.3.3 with openssl 1.0.0a for sparc solaris 9

Renata Maria Dart
Hi, compiling hemidal 1.3.3 with openssl 1.0.0a for solaris 9 fails
for me with the following error:

/bin/bash ../../libtool  --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I../../include -I../..$
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I. -I../../include -I../../include -I./ref -I/afs/slac/pac$
In file included from ../../include/crypto-headers.h:16,
                 from hx_locl.h:71,
                 from ca.c:34:
/usr/local/include/openssl/md2.h:63:2: #error MD2 is disabled.
*** Error code 1
make: Fatal error: Command failed for target `libhx509_la-ca.lo'
Current working directory /afs/slac.stanford.edu/package/heimdal/src/heimdal-1.3.3/lib/hx509
*** Error code 1
make: Fatal error: Command failed for target `all'
Current working directory /afs/slac.stanford.edu/package/heimdal/src/heimdal-1.3.3/lib/hx509
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'
Current working directory /afs/slac.stanford.edu/package/heimdal/src/heimdal-1.3.3/lib
*** Error code 1
make: Fatal error: Command failed for target `all-recursive'


I used the following configure:

./configure --without-ipv6 --with-x --enable-kcm --enable-static
            --disable-shared
            --prefix=/afs/.slac.stanford.edu/package/heimdal/1.3.3/sun4x_59
            --with-openssl=/afs/slac/package/ssl/1.0.0a

and changed or made additions to the following lines in the Makefile:

CC = cc
CXX = CC
F77 = f77
CFLAGS = -g -O2 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/0.9.8g/include
CPPFLAGS = -D_LARGE_FILES= -D_FILE_OFFSET_BITS=64 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/0.9.8g/include
LDFLAGS=-L/afs/slac/package/gnu2/db/4.2.52/lib -ldl


I looked around in the openssl 1.0.0a space and sure enough, there is no
md2.h.  So, I reverted to openssl 0.9.8g, which does have an md2.h,
and that build of heimdal succeeded.  Is there a known issue when
building heimdal 1.3.3 with openssl 1.0.0a?  Should there be an md2.h
available with openssl 1.0.0a?  (I built openssl 1.0.0a myself
and the make for it completed with no errors and generated the files
expected, but it is possible that I made a mistake when I built it).

Thanks for any light you can shed on this,

Renata

Reply | Threaded
Open this post in threaded view
|

Re: Trouble compiling heimdal 1.3.3 with openssl 1.0.0a for sparc solaris 9

Renata Maria Dart
A correction to my previous post...the entries I changed in
the Makefile should have read:

CFLAGS = -g -O2 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/1.0.0a/include
CPPFLAGS = -D_LARGE_FILES= -D_FILE_OFFSET_BITS=64 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/1.0.0a/include

not

>CFLAGS = -g -O2 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/0.9.8g/include
>CPPFLAGS = -D_LARGE_FILES= -D_FILE_OFFSET_BITS=64 -I/afs/slac/package/gnu2/db/4.2.52/include -I/afs/slac/package/ssl/0.9.8g/include

Sorry for the original misprint.

-Renata
Reply | Threaded
Open this post in threaded view
|

Re: Trouble compiling heimdal 1.3.3 with openssl 1.0.0a for sparc solaris 9

Quanah Gibson-Mount-3
--On Tuesday, July 20, 2010 5:34 PM -0700 Renata Maria Dart
<[hidden email]> wrote:

> A correction to my previous post...the entries I changed in
> the Makefile should have read:

This issue was already noted and addressed a while ago. ;)  The fix has
been committed to git (which was to remove MD2 altogether), or you can
temporarily use this patch:

[quanah@freelancer patches]$ more openssl1x.patch
--- heimdal-1.3.3/include/crypto-headers.h.orig 2010-07-09
11:12:29.000000000 -0700
+++ heimdal-1.3.3/include/crypto-headers.h      2010-07-09
11:12:49.000000000 -0700
@@ -13,7 +13,9 @@
 #include <openssl/des.h>
 #include <openssl/rc4.h>
 #include <openssl/rc2.h>
+#ifdef HAVE_OPENSSL_MD2_H
 #include <openssl/md2.h>
+#endif
 #include <openssl/md4.h>
 #include <openssl/md5.h>
 #include <openssl/sha.h>
--- heimdal-1.3.3/lib/hx509/crypto.c.orig       2010-07-09
11:13:13.000000000 -0700
+++ heimdal-1.3.3/lib/hx509/crypto.c    2010-07-09 11:14:01.000000000 -0700
@@ -1354,6 +1354,7 @@
     NULL
 };

+#ifdef HAVE_OPENSSL_MD2_H
 static const struct signature_alg md2_alg = {
     "rsa-md2",
     &asn1_oid_id_rsa_digest_md2,
@@ -1366,6 +1367,7 @@
     evp_md_verify_signature,
     NULL
 };
+#endif

 /*
  * Order matter in this structure, "best" first for each "key
@@ -1387,7 +1389,9 @@
     &sha256_alg,
     &sha1_alg,
     &md5_alg,
+#ifdef HAVE_OPENSSL_MD2_H
     &md2_alg,
+#endif
     NULL
 };



--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration
Reply | Threaded
Open this post in threaded view
|

Re: Trouble compiling heimdal 1.3.3 with openssl 1.0.0a for sparc solaris 9

Renata Maria Dart
Thanks Quanah!  I really did look through the archives before
posting my question...my search string must have been lacking.
Nice to see your name again though.

-Renata

On Tue, 20 Jul 2010, Quanah Gibson-Mount wrote:

>
> This issue was already noted and addressed a while ago. ;)  The fix has been
> committed to git (which was to remove MD2 altogether), or you can temporarily
> use this patch:
Reply | Threaded
Open this post in threaded view
|

Ipropd problems....master recvauth malloc out of memory, slave sendauth not enough space....

Renata Maria Dart
In reply to this post by Renata Maria Dart
Hi, we use heimdal for our kdc and we have an iprop master
and a few slaves.  Early this morning, the master says the
slave are down and ipropd-slave keeps restarting.  I see
messages like:

Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: connection successful to master: afsdb1.slac.stanford.edu[134.79.18.25]
Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: krb5_sendauth: Not enough space
Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: disconnected for server
Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: sleeping 7 seconds before retrying to connect


And this on our master:

ipropd-master[23172]: [ID 702911 daemon.info] krb5_recvauth: malloc: out of memory

but I cannot see what is wrong...the master has plenty of memory.

Any help is much appreciated.

Thanks,

Renata
Reply | Threaded
Open this post in threaded view
|

Re: Ipropd problems....master recvauth malloc out of memory, slave sendauth not enough space....

Jeffrey Altman-2
On 4/5/2016 1:47 PM, Renata Maria Dart wrote:

> Hi, we use heimdal for our kdc and we have an iprop master
> and a few slaves.  Early this morning, the master says the
> slave are down and ipropd-slave keeps restarting.  I see
> messages like:
>
> Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: connection successful to master: afsdb1.slac.stanford.edu[134.79.18.25]
> Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: krb5_sendauth: Not enough space
> Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: disconnected for server
> Apr  5 10:28:29 k5auth-mgmt ipropd-slave[26095]: sleeping 7 seconds before retrying to connect
>
>
> And this on our master:
>
> ipropd-master[23172]: [ID 702911 daemon.info] krb5_recvauth: malloc: out of memory
>
> but I cannot see what is wrong...the master has plenty of memory.
>
> Any help is much appreciated.
>
> Thanks,
>
> Renata
>
Renata,

It would be helpful to those that might try to help you if you would
specify which version of Heimdal you are running and on which platform.

Jeffrey Altman



smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Ipropd problems....master recvauth malloc out of memory, slave sendauth not enough space....

Renata Maria Dart
Hi Jeff...you are right...I was too embarrassed to say that
we are running heimdal 1.2, on solaris 10.  I have tried
restarting the master and the slaves.  I have not yet
tried rebooting.  Another odd fact, our slaves have a
heimdal.db timestamped from the time this problem started
while the kdc.log and the heimdal-NEW.db seem to be new copies:


-rw-------   1 root     root     27222016 Apr  5 12:31 heimdal-NEW.db
-rw-r--r--   1 root     other    1001145 Apr  5 12:31 kdc.log
drwxr-xr-x   5 root     root        1024 Apr  5 00:38 ./
-rw-------   1 root     root     30285824 Apr  5 00:37 heimdal.db
-rw-r--r--   1 root     other     245824 Apr  5 00:37 log


and the slaves are reporting:

Apr  5 12:41:33 afsdb3 ipropd-slave[6767]: [ID 702911 daemon.info] ipropd-slave started at version: 1194393372
Apr  5 12:41:33 afsdb3 ipropd-slave[6767]: [ID 702911 daemon.info] receive complete database
Apr  5 12:41:47 afsdb3 ipropd-slave[6767]: [ID 702911 daemon.info] hdb_store: Entry already exists in database
Apr  5 12:41:47 afsdb3 ipropd-slave[6768]: [ID 702911 daemon.info] connecting to master afsdb1.slac.stanford.edu
Apr  5 12:41:47 afsdb3 ipropd-slave[6768]: [ID 702911 daemon.info] connected

Apr  5 12:49:23 afsdb2 ipropd-slave[1401]: [ID 702911 daemon.info] connecting to master afsdb1.slac.stanford.edu
Apr  5 12:49:23 afsdb2 ipropd-slave[1401]: [ID 702911 daemon.info] connected
Apr  5 12:49:37 afsdb2 ipropd-slave[1401]: [ID 702911 daemon.info] ipropd-slave started at version: 1194393372
Apr  5 12:49:37 afsdb2 ipropd-slave[1401]: [ID 702911 daemon.info] receive complete database
Apr  5 12:49:50 afsdb2 ipropd-slave[1401]: [ID 702911 daemon.info] hdb_store: Entry already exists in database



while the master reports:

Apr  5 12:46:50 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] slave iprop/[hidden email] dead
Apr  5 12:46:50 afsdb1 last message repeated 1 time
Apr  5 12:46:51 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] connection from iprop/[hidden email]
Apr  5 12:46:51 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] Slave iprop/[hidden email] have later version the master OUT OF SYNC
Apr  5 12:46:51 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] sending complete log to fresh slave iprop/[hidden email]
Apr  5 12:47:04 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] hdb_foreach: write: Broken pipe
Apr  5 12:47:04 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] slave iprop/[hidden email] dead
Apr  5 12:47:04 afsdb1 last message repeated 1 time
Apr  5 12:47:04 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] connection from iprop/[hidden email]
Apr  5 12:47:04 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] Slave iprop/[hidden email] have later version the master OUT OF SYNC
Apr  5 12:47:04 afsdb1 ipropd-master[513]: [ID 702911 daemon.info] sending complete log to fresh slave iprop/[hidden email]


Renata