Re: OpenPAM Figwort broke PAM modules from ports

From: Jeremie Le Hen <jeremie_at_le-hen.org>
Date: Mon, 27 Jun 2005 15:04:49 +0200
Hi Dag-Erling,

> > This prevents PAM modules installed in /usr/local/lib from being
> > dlopen(3)'d.  I'm not sure whether FreeBSD really wants this new
> > ``feature'' or not, but actually I think this needs a note in
> > src/UPDATING to be issued, explaining that PAM modules installed from
> > ports need to be specified with their full path now.
> 
> They always did.

With all respect I owe you you, the last upgrade of my -CURRENT box
constrained me to use the following patch to make pam_alreadyloggedin.so
work again :
%%%
    --- login.old	Mon Jun 27 16:13:34 2005
    +++ login	Mon Jun 27 01:12:30 2005
    _at__at_ -6,7 +6,7 _at__at_
     
     # auth
     auth		required	pam_nologin.so		no_warn
    -auth		sufficient	pam_alreadyloggedin.so	no_root
    +auth		sufficient	/usr/local/lib/pam_alreadyloggedin.so	no_root
     auth		sufficient	pam_self.so		no_warn
     auth		include		system
%%% 

It can be verified by hacking src/contrib/openpam/lib/openpam_dynamic.c
(this trivially reverts the diff I posted in my previous email) :
%%%
    Index: openpam_dynamic.c
    ===================================================================
    RCS file: /nfs/donald/repo/FreeBSD/src/contrib/openpam/lib/openpam_dynamic.c,v
    retrieving revision 1.1.1.8
    diff -u -r1.1.1.8 openpam_dynamic.c
    --- openpam_dynamic.c	17 Jun 2005 08:11:42 -0000	1.1.1.8
    +++ openpam_dynamic.c	27 Jun 2005 14:16:45 -0000
    _at__at_ -71,6 +71,7 _at__at_
     		prefix = OPENPAM_MODULES_DIR;
     	else
     		prefix = "";
    +	prefix = "";
     
     	/* try versioned module first, then unversioned module */
     	if (asprintf(&vpath, "%s%s.%d", prefix, path, LIB_MAJ) < 0)
%%%

Compiling libpam with this patch allows me to use pam_alreadyloggedin.so
without specifying its full path, like it was before the upgrade to
OpenPAM Figwort.  I think this is due to rc.d/ldconfig default settings
which add the content of /usr/local/lib into rtld(1) standard hints file.
Now that the path is fully specified in libpam, this doesn't work any
longer.  It would be nice to have a note in src/UPDATING about this.

Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
Received on Mon Jun 27 2005 - 11:04:37 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:37 UTC