pam_ldap and passwd on 5.1

[Staffan Thomén <duck%shangtai.net@localhost>]

Hi, I discovered today that passwd will die with a memory fault if pam_ldap
is installed on NetBSD 5.1, it seems because of the old libcrypto in the base
system.

openssl, pam_ldap and openldap-client are installed from pkgsrc-2014Q1.

ldappasswd works perfectly fine, but this happens if I run passwd (on any user)
with the line

password        sufficient      pam_ldap.so

in pam.d/system:

#0  0x00000001605bb514 in strcmp () from /usr/lib/libc.so.12
#1  0x00000001602be2d4 in OBJ_NAME_remove () from /usr/lib/libcrypto.so.4
#2  0x0000000160302be0 in lh_doall_arg () from /usr/lib/libcrypto.so.4
#3  0x00000001603030b4 in lh_insert () from /usr/lib/libcrypto.so.4
#4  0x00000001602be774 in OBJ_NAME_add () from /usr/lib/libcrypto.so.4

Alright, old lib but then...

#5  0x00000001602bcb58 in EVP_add_cipher () from /usr/lib/libcrypto.so.4
#6  0x0000000160a4f2e4 in SSL_library_init () from /usr/pkg/lib/libssl.so.1.0.0

#7  0x000000016093d618 in tlso_init () from /usr/pkg/lib/libldap-2.4.so.2
#8  0x0000000160938fb8 in tls_init () from /usr/pkg/lib/libldap-2.4.so.2
#9  0x000000016093a988 in ldap_int_tls_start ()
   from /usr/pkg/lib/libldap-2.4.so.2
#10 0x000000016090cfc8 in ldap_int_open_connection ()
   from /usr/pkg/lib/libldap-2.4.so.2
#11 0x0000000160924750 in ldap_new_connection ()
   from /usr/pkg/lib/libldap-2.4.so.2
#12 0x000000016090cd30 in ldap_open_defconn ()
   from /usr/pkg/lib/libldap-2.4.so.2
#13 0x00000001609254ac in ldap_send_initial_request ()
   from /usr/pkg/lib/libldap-2.4.so.2
#14 0x0000000160917aa0 in ldap_sasl_bind () from /usr/pkg/lib/libldap-2.4.so.2
#15 0x0000000160917ffc in ldap_simple_bind ()
   from /usr/pkg/lib/libldap-2.4.so.2
#16 0x00000001608c7214 in _nss_ldap_init () from /usr/lib/nss_ldap.so.0
#17 0x00000001608c9730 in _nss_ldap_ent_context_init_locked ()
   from /usr/lib/nss_ldap.so.0
#18 0x00000001608ca394 in _nss_ldap_search_s () from /usr/lib/nss_ldap.so.0
#19 0x00000001608cabbc in _nss_ldap_getbyname () from /usr/lib/nss_ldap.so.0
#20 0x00000001608cb010 in _nss_ldap_getpwnam_r () from /usr/lib/nss_ldap.so.0
#21 0x00000001608d6e04 in nss_module_register () from /usr/lib/nss_ldap.so.0
#22 0x00000001605a7294 in nsdispatch () from /usr/lib/libc.so.12
#23 0x000000016054d6f0 in getpwnam_r () from /usr/lib/libc.so.12
#24 0x00000001606b1ae8 in pam_sm_chauthtok ()
   from /usr/lib/security/pam_unix.so.1
#25 0x00000001604a4e84 in openpam_dispatch () from /usr/lib/libpam.so.1
#26 0x00000001604a3dd8 in pam_chauthtok () from /usr/lib/libpam.so.1
#27 0x000000012000417c in pwpam_process ()
#28 0x0000000120002f2c in main ()

This seems to happen despite that all the relative libraries are linked with
the proper library versions, as seen with ldd:

/usr/lib/security/pam_ldap.so.1:
        -lldap-2.4.2 => /usr/pkg/lib/libldap-2.4.so.2
        -llber-2.4.2 => /usr/pkg/lib/liblber-2.4.so.2
        -lc.12 => /usr/lib/libc.so.12
        -lssl.1.0.0 => /usr/pkg/lib/libssl.so.1.0.0
        -lcrypto.1.0.0 => /usr/pkg/lib/libcrypto.so.1.0.0
        -lcrypt.0 => /usr/lib/libcrypt.so.0
        -lresolv.1 => /usr/lib/libresolv.so.1
        -lpam.1 => /usr/lib/libpam.so.1

/usr/pkg/lib/libldap-2.4.so.2:
        -llber-2.4.2 => /usr/pkg/lib/liblber-2.4.so.2
        -lc.12 => /usr/lib/libc.so.12
        -lssl.1.0.0 => /usr/pkg/lib/libssl.so.1.0.0
        -lcrypto.1.0.0 => /usr/pkg/lib/libcrypto.so.1.0.0

/usr/pkg/lib/libssl.so.1.0.0:
        -lcrypto.1.0.0 => /usr/pkg/lib/libcrypto.so.1.0.0
        -lc.12 => /usr/lib/libc.so.12

As per a suggestion on #netbsd, I tried setting LD_LIBRARY_PATH to
"/usr/pkg/lib:/usr/lib" but this doesn't seem to change anything. All of the
above all only have one RPATH symbol set to /usr/pkg/lib

I'm not really sure what to do about this so if anyone has a good suggestion...

Staffan

-- 
Staffan Thomén - ADB3 455F 10D5 86D1 78D6  048D 11BB D66E 7C7E 2EF8