pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/50585: security/pam-yubico: no pam_sm_* symbols.
>Number: 50585
>Category: pkg
>Synopsis: security/pam-yubico: no pam_sm_* symbols.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Dec 23 15:10:00 +0000 2015
>Originator: NONAKA Kimihiro
>Release: HEAD (20151223)
>Organization:
>Environment:
NetBSD koharu.myhome.nonakap.org 7.99.24 NetBSD 7.99.24 (KOHARU) #3367: Sun Dec 20 14:07:44 JST 2015 nonaka%koharu.myhome.nonakap.org@localhost:/home/storage/snapshot/NetBSD/20151209/obj.NetBSD-amd64/amd64/sys/arch/amd64/compile/KOHARU amd64
>Description:
The following error message is output to /var/log/authlog when use pam_yubico module.
> Dec 23 14:34:19 koharu login: in openpam_dispatch(): /usr/pkg/lib/security/pam_yubico.so: no pam_sm_authenticate()
> Dec 23 14:34:21 koharu login: nonaka on tty ttyE1
> Dec 23 14:34:21 koharu login: in openpam_dispatch(): /usr/pkg/lib/security/pam_yubico.so: no pam_sm_setcred()
$ nm /usr/pkg/lib/security/pam_yubico.so
0000000000203028 d _DYNAMIC
0000000000203388 d _GLOBAL_OFFSET_TABLE_
w _Jv_RegisterClasses
0000000000203008 d __CTOR_LIST_END__
0000000000002870 r __FUNCTION__.4014
0000000000002850 r __FUNCTION__.4029
0000000000002990 r __FUNCTION__.4254
0000000000002970 r __FUNCTION__.4260
000000000020355c D __bss_start
w __cxa_finalize
w __deregister_frame_info@@GCC_3.0
0000000000203510 d __dso_handle
U __errno
U __getpwnam50
w __register_frame_info@@GCC_3.0
U __sF
000000000020355c D _edata
0000000000203560 D _end
0000000000002580 T _fini
00000000000013b0 T _init
00000000000019f3 T challenge_response
00000000000018b9 T check_firmware_version
U fclose
U fflush
U fileno
U fopen
U fprintf
U fread
U free
U fscanf
U fsync
U ftruncate
U fwrite
0000000000001863 T generate_random
0000000000001770 T get_user_cfgfile_path
0000000000001b19 T get_user_challenge_file
U getegid
U geteuid
U getgroups
00000000000019ce T init_yubikey
U initgroups
0000000000001c6d T load_chalresp_state
U malloc
U memset
00000000000021f0 T pam_modutil_drop_priv
0000000000002422 T pam_modutil_regain_priv
U printf
U putchar
U rewind
U setegid
U seteuid
U setgroups
U snprintf
U strerror
0000000000001ffe T write_chalresp_state
U yk_challenge_response@@LIBYKPERS_1.8
U yk_get_serial@@LIBYKPERS_1.5
U yk_get_status@@LIBYKPERS_1.0
U yk_hmac_sha1@@LIBYKPERS_1.9
U yk_init@@LIBYKPERS_1.0
U yk_open_first_key@@LIBYKPERS_1.0
U yk_pbkdf2@@LIBYKPERS_1.0
U ykds_alloc@@LIBYKPERS_1.0
U ykds_version_build@@LIBYKPERS_1.0
U ykds_version_major@@LIBYKPERS_1.0
U ykds_version_minor@@LIBYKPERS_1.0
U yubikey_hex_decode@@YUBIKEY_1.0
U yubikey_hex_encode@@YUBIKEY_1.0
U yubikey_hex_p@@YUBIKEY_1.5
>How-To-Repeat:
1. install security/pam-yubico package.
2. edit /etc/pam.d/login
--- login.orig 2015-12-23 23:05:55.000000000 +0900
+++ login 2015-12-23 23:06:37.000000000 +0900
@@ -6,6 +6,7 @@
# auth
auth sufficient pam_self.so no_warn
auth required pam_nologin.so no_warn
+auth sufficient /usr/pkg/lib/security/pam_yubico.so id=1 debug
auth include system
# account
3. login from console.
4. see /var/log/authlog.
>Fix:
I found other pam module packages already have a workaround for this problem.
Please apply the following patch.
Index: security/pam-yubico/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam-yubico/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- security/pam-yubico/Makefile 10 Nov 2014 21:55:31 -0000 1.10
+++ security/pam-yubico/Makefile 23 Dec 2015 06:59:08 -0000
@@ -15,6 +15,11 @@ GNU_CONFIGURE= yes
USE_TOOLS+= pkg-config
USE_LIBTOOL= yes
+# Workaround a bug with NetBSD's openpam
+# The bug is described in PR security/39313
+#
+CFLAGS.NetBSD+= -DNO_STATIC_MODULES
+
.include "../../security/libyubikey/buildlink3.mk"
.include "../../security/ykclient/buildlink3.mk"
.include "../../security/ykpers/buildlink3.mk"
Home |
Main Index |
Thread Index |
Old Index