NetBSD Problem Report #55216
From www@netbsd.org Tue Apr 28 20:43:57 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 8EBA41A9217
for <gnats-bugs@gnats.NetBSD.org>; Tue, 28 Apr 2020 20:43:57 +0000 (UTC)
Message-Id: <20200428204356.A246B1A921A@mollari.NetBSD.org>
Date: Tue, 28 Apr 2020 20:43:56 +0000 (UTC)
From: derrick@givex.com
Reply-To: derrick@givex.com
To: gnats-bugs@NetBSD.org
Subject: google_authenticator 1.05
X-Send-Pr-Version: www-1.0
>Number: 55216
>Category: security
>Synopsis: google_authenticator 1.05
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: security-officer
>State: closed
>Class: support
>Submitter-Id: net
>Arrival-Date: Tue Apr 28 20:45:00 +0000 2020
>Closed-Date: Thu Apr 30 21:06:06 +0000 2020
>Last-Modified: Thu Apr 30 21:06:06 +0000 2020
>Originator: derrick lobo
>Release: pkgsrc-2019Q4
>Organization:
givex
>Environment:
NetBSD build9 9.0 NetBSD 9.0 (VAULTS) #0: Tue Feb 18 12:26:39 EST 2020 root@build9:/usr/src/sys/arch/amd64/compile/VAULTS amd64
>Description:
when I enable pam to use google-authenticator I get the following error in /var/log/messages
Apr 28 14:46:42 build9 sshd: in openpam_dispatch(): /usr/pkg/lib/security/pam_google_authenticator.so: no pam_sm_authenticate()
Apr 28 14:46:42 build9 sshd: in openpam_check_error_code(): pam_sm_authenticate(): unexpected return value 2
and the following in /var/log/authlog
Apr 28 14:32:17 build9 sshd[27011]: error: PAM: Invalid symbol for <user> from <IP>
>How-To-Repeat:
enable google-authenticator in /etc/pam.d/sshd
>Fix:
>Release-Note:
>Audit-Trail:
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55216 CVS commit: pkgsrc/security/openpam
Date: Tue, 28 Apr 2020 23:01:26 +0000
Module Name: pkgsrc
Committed By: riastradh
Date: Tue Apr 28 23:01:26 UTC 2020
Modified Files:
pkgsrc/security/openpam: builtin.mk
Log Message:
security/openpam: define NO_STATIC_MODULES on NetBSD
This is a hack to work around a mistake in the NetBSD openpam build
which leaked into the public header files. We will fix this in the
NetBSD build but it's been in the public header files for nearly a
decade now, with each individual pam module sometimes having this
workaround, so let's apply the workaround uniformly for now.
PR security/39313
PR security/55216
To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/openpam/builtin.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Taylor R Campbell" <riastradh@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/55216 CVS commit: src
Date: Wed, 29 Apr 2020 02:16:57 +0000
Module Name: src
Committed By: riastradh
Date: Wed Apr 29 02:16:57 UTC 2020
Modified Files:
src/external/bsd/openpam/dist/include/security: openpam.h
src/lib/libpam: Makefile.inc
src/lib/libpam/libpam: Makefile
src/lib/libpam/modules: mod.mk
Log Message:
Reverse sense of NO_STATIC_MODULES -> OPENPAM_STATIC_MODULES.
This avoids leaking NO_STATIC_MODULES into the public header, which
has led to considerable confusion and workarounds in pkgrsc.
PR security/39313
PR security/55216
ok christos
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 \
src/external/bsd/openpam/dist/include/security/openpam.h
cvs rdiff -u -r1.18 -r1.19 src/lib/libpam/Makefile.inc
cvs rdiff -u -r1.23 -r1.24 src/lib/libpam/libpam/Makefile
cvs rdiff -u -r1.15 -r1.16 src/lib/libpam/modules/mod.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: riastradh@NetBSD.org
State-Changed-When: Thu, 30 Apr 2020 21:06:06 +0000
State-Changed-Why:
fixed and worked around
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.