RE: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 08 Aug 2023 06:38:30 UTC
Michael Grimm <trashcan_at_ellael.org> wrote on
Date: Mon, 07 Aug 2023 20:43:22 UTC :
> I'm currently in the process to prepare for upcoming 14-STABLE. Thus, I upgraded one of my sytems from 13-STABLE to 14-CURRENT.
>
> Everything went fine, except for programs that need /usr/lib/pam_opie.so which are:
>
> 1) jexec <jailname> /usr/bin/login -u <user>
> 2) redis-server
> 3) mariadb1011-server
>
> Error messages:
>
> su[6371]: in openpam_load_module(): no pam_opie.so found
> su[6371]: pam_start: System error
>
> Well, although it has been reported some time ago that pam_opie and pam_opieaccess.so will become removed in Freebsd 14, there is a port security/opie providing both libraries. Quick workaround.
>
> But I want to understand why the above mentioned programs do fail although not dynamically linked against /usr/lib/pam_opie.so
openpam_load_module leads to dlopen use to open pam_opie.so
instead of it being prebound :
# grep -r openpam_load_module /usr/main-src/ | more
/usr/main-src/contrib/openpam/lib/libpam/openpam_impl.h:pam_module_t *openpam_load_module(const char *)
/usr/main-src/contrib/openpam/lib/libpam/openpam_configure.c: if ((this->module = openpam_load_module(modulename)) == NULL) {
/usr/main-src/contrib/openpam/lib/libpam/openpam_load.c:openpam_load_module(const char *modulename)
pam_module_t *
openpam_load_module(const char *modulename)
{
pam_module_t *module;
module = openpam_dynamic(modulename);
. . .
return (module);
}
That eventually gets to the likes of:
static void *
try_dlopen(const char *modfn)
{
int check_module_file;
void *dlh;
. . .
if ((dlh = dlopen(modfn, RTLD_NOW)) == NULL) {
openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
errno = 0;
return (NULL);
}
return (dlh);
}
Absent that load working, pam_start also reports a failure because
of the (pam_module_t *)NULL --or so I assume.
===
Mark Millard
marklmi at yahoo.com