NetBSD Problem Report #50585
From www@NetBSD.org Wed Dec 23 15:06:11 2015
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.NetBSD.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 1E7487A221
for <gnats-bugs@gnats.NetBSD.org>; Wed, 23 Dec 2015 15:06:11 +0000 (UTC)
Message-Id: <20151223150609.B9CD77ACB1@mollari.NetBSD.org>
Date: Wed, 23 Dec 2015 15:06:09 +0000 (UTC)
From: nonakap@gmail.com
Reply-To: nonakap@gmail.com
To: gnats-bugs@NetBSD.org
Subject: security/pam-yubico: no pam_sm_* symbols.
X-Send-Pr-Version: www-1.0
>Number: 50585
>Category: pkg
>Synopsis: security/pam-yubico: no pam_sm_* symbols.
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pettai
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed Dec 23 15:10:00 +0000 2015
>Closed-Date: Tue Mar 22 12:42:10 +0000 2016
>Last-Modified: Tue Mar 22 12:42:10 +0000 2016
>Originator: NONAKA Kimihiro
>Release: HEAD (20151223)
>Organization:
>Environment:
NetBSD koharu.myhome.nonakap.org 7.99.24 NetBSD 7.99.24 (KOHARU) #3367: Sun Dec 20 14:07:44 JST 2015 nonaka@koharu.myhome.nonakap.org:/home/storage/snapshot/NetBSD/20151209/obj.NetBSD-amd64/amd64/sys/arch/amd64/compile/KOHARU amd64
>Description:
The following error message is output to /var/log/authlog when use pam_yubico module.
> Dec 23 14:34:19 koharu login: in openpam_dispatch(): /usr/pkg/lib/security/pam_yubico.so: no pam_sm_authenticate()
> Dec 23 14:34:21 koharu login: nonaka on tty ttyE1
> Dec 23 14:34:21 koharu login: in openpam_dispatch(): /usr/pkg/lib/security/pam_yubico.so: no pam_sm_setcred()
$ nm /usr/pkg/lib/security/pam_yubico.so
0000000000203028 d _DYNAMIC
0000000000203388 d _GLOBAL_OFFSET_TABLE_
w _Jv_RegisterClasses
0000000000203008 d __CTOR_LIST_END__
0000000000002870 r __FUNCTION__.4014
0000000000002850 r __FUNCTION__.4029
0000000000002990 r __FUNCTION__.4254
0000000000002970 r __FUNCTION__.4260
000000000020355c D __bss_start
w __cxa_finalize
w __deregister_frame_info@@GCC_3.0
0000000000203510 d __dso_handle
U __errno
U __getpwnam50
w __register_frame_info@@GCC_3.0
U __sF
000000000020355c D _edata
0000000000203560 D _end
0000000000002580 T _fini
00000000000013b0 T _init
00000000000019f3 T challenge_response
00000000000018b9 T check_firmware_version
U fclose
U fflush
U fileno
U fopen
U fprintf
U fread
U free
U fscanf
U fsync
U ftruncate
U fwrite
0000000000001863 T generate_random
0000000000001770 T get_user_cfgfile_path
0000000000001b19 T get_user_challenge_file
U getegid
U geteuid
U getgroups
00000000000019ce T init_yubikey
U initgroups
0000000000001c6d T load_chalresp_state
U malloc
U memset
00000000000021f0 T pam_modutil_drop_priv
0000000000002422 T pam_modutil_regain_priv
U printf
U putchar
U rewind
U setegid
U seteuid
U setgroups
U snprintf
U strerror
0000000000001ffe T write_chalresp_state
U yk_challenge_response@@LIBYKPERS_1.8
U yk_get_serial@@LIBYKPERS_1.5
U yk_get_status@@LIBYKPERS_1.0
U yk_hmac_sha1@@LIBYKPERS_1.9
U yk_init@@LIBYKPERS_1.0
U yk_open_first_key@@LIBYKPERS_1.0
U yk_pbkdf2@@LIBYKPERS_1.0
U ykds_alloc@@LIBYKPERS_1.0
U ykds_version_build@@LIBYKPERS_1.0
U ykds_version_major@@LIBYKPERS_1.0
U ykds_version_minor@@LIBYKPERS_1.0
U yubikey_hex_decode@@YUBIKEY_1.0
U yubikey_hex_encode@@YUBIKEY_1.0
U yubikey_hex_p@@YUBIKEY_1.5
>How-To-Repeat:
1. install security/pam-yubico package.
2. edit /etc/pam.d/login
--- login.orig 2015-12-23 23:05:55.000000000 +0900
+++ login 2015-12-23 23:06:37.000000000 +0900
@@ -6,6 +6,7 @@
# auth
auth sufficient pam_self.so no_warn
auth required pam_nologin.so no_warn
+auth sufficient /usr/pkg/lib/security/pam_yubico.so id=1 debug
auth include system
# account
3. login from console.
4. see /var/log/authlog.
>Fix:
I found other pam module packages already have a workaround for this problem.
Please apply the following patch.
Index: security/pam-yubico/Makefile
===================================================================
RCS file: /cvsroot/pkgsrc/security/pam-yubico/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- security/pam-yubico/Makefile 10 Nov 2014 21:55:31 -0000 1.10
+++ security/pam-yubico/Makefile 23 Dec 2015 06:59:08 -0000
@@ -15,6 +15,11 @@ GNU_CONFIGURE= yes
USE_TOOLS+= pkg-config
USE_LIBTOOL= yes
+# Workaround a bug with NetBSD's openpam
+# The bug is described in PR security/39313
+#
+CFLAGS.NetBSD+= -DNO_STATIC_MODULES
+
.include "../../security/libyubikey/buildlink3.mk"
.include "../../security/ykclient/buildlink3.mk"
.include "../../security/ykpers/buildlink3.mk"
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: pkg-manager->pettai
Responsible-Changed-By: hauke@NetBSD.org
Responsible-Changed-When: Wed, 23 Dec 2015 20:43:28 +0000
Responsible-Changed-Why:
Over to maintainer.
From: NONAKA Kimihiro <nonakap@gmail.com>
To: "gnats-bugs@netbsd.org" <gnats-bugs@netbsd.org>
Cc: pettai@netbsd.org, pkg-manager@netbsd.org, pkgsrc-bugs@netbsd.org,
"gnats-admin@netbsd.org" <gnats-admin@netbsd.org>, hauke@netbsd.org
Subject: Re: pkg/50585 (security/pam-yubico: no pam_sm_* symbols.)
Date: Thu, 18 Feb 2016 12:45:54 +0900
ping
2015-12-24 5:43 GMT+09:00 <hauke@netbsd.org>:
> Synopsis: security/pam-yubico: no pam_sm_* symbols.
>
> Responsible-Changed-From-To: pkg-manager->pettai
> Responsible-Changed-By: hauke@NetBSD.org
> Responsible-Changed-When: Wed, 23 Dec 2015 20:43:28 +0000
> Responsible-Changed-Why:
> Over to maintainer.
>
>
>
From: "Fredrik Pettai" <pettai@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/50585 CVS commit: pkgsrc/security/pam-yubico
Date: Mon, 22 Feb 2016 13:20:09 +0000
Module Name: pkgsrc
Committed By: pettai
Date: Mon Feb 22 13:20:09 UTC 2016
Modified Files:
pkgsrc/security/pam-yubico: Makefile
Log Message:
Apply fix from PR pkg/50585
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/security/pam-yubico/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Fredrik Pettai <pettai@nordu.net>
To: nonakap@gmail.com
Cc: pettai@NetBSD.org, gnats-admin@netbsd.org, pkgsrc-bugs@netbsd.org,
gnats-bugs@NetBSD.org
Subject: Re: pkg/50585 (security/pam-yubico: no pam_sm_* symbols.)
Date: Mon, 22 Feb 2016 20:28:18 +0100
Hi,
Sorry for my slow response. I don=E2=80=99t have time for working on =
NetBSD / pkgsrc work ATM
But the suggested patch was straight-forward, so I hope you got a note =
that it was applied to pkgsrc current earlier today.
Re,
/P=
State-Changed-From-To: open->closed
State-Changed-By: pettai@NetBSD.org
State-Changed-When: Tue, 22 Mar 2016 12:42:10 +0000
State-Changed-Why:
fix committed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.