Problem with sftp server, static linking, pam and nss_ldap.
Piotr Buliński
bulinskp at iem.pw.edu.pl
Sun Jan 31 21:53:28 UTC 2010
On 2010-01-31, at 13:58, Jilles Tjoelker wrote:
> On Sun, Jan 31, 2010 at 12:37:19PM +0100, Piotr Buliński wrote:
>> As you can see, it works great with dynamic linking, but if it's build with
>> static linking it can't get user information from LDAP database.
>
> Correct, NSS only works from dynamically-linked executables.
I didn't know that.
>> During the upgrade to OpenSSH 5.3p1 /head/secure/libexec/sftp-server/Makefile file changed a little bit:
>>
>> revision 181111, Fri Aug 1 02:48:36 2008 UTC ---> revision 197679, Thu Oct 1 17:12:52 2009 UTC
>> LDADD= -lssh -lcrypt -lcrypto -lz ---> LDADD= -lcrypt -lcrypto -lz -static -lssh
>
>> So I've tried to build sftp-server without -static switch, but it
>> result in failure like below:
>
>> {volt}-{/usr/src/secure/libexec/sftp-server}% sudo make
>> Warning: Object directory not changed from original /usr/src/secure/libexec/sftp-server
>> cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server.c
>> cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-common.c
>> cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -c /usr/src/secure/libexec/sftp-server/../../../crypto/openssh/sftp-server-main.c
>> cc -O2 -pipe -fomit-frame-pointer -march=opteron -I/usr/src/secure/libexec/sftp-server/../../../crypto/openssh -include ssh_namespace.h -std=gnu99 -Wno-pointer-sign -o sftp-server sftp-server.o sftp-common.o sftp-server-main.o -lssh -lcrypt -lcrypto -lz
>> /usr/lib/libssh.so: undefined reference to `ssh_add_recv_bytes'
>> /usr/lib/libssh.so: undefined reference to `ssh_roaming_write'
>> /usr/lib/libssh.so: undefined reference to `ssh_roaming_read'
>> *** Error code 1
>
>> Stop in /usr/src/secure/libexec/sftp-server.
>> {volt}-{/usr/src/secure/libexec/sftp-server}%
>
>> Do you have any idea how to make it works?
>
> Apparently something broke so that sftp-server cannot link to libssh
> dynamically, even though scp and ssh can still use it.
> By changing the line in secure/libexec/sftp-server/Makefile to
>
> LDADD= -lcrypt -lcrypto -lz -Wl,-static -lssh -Wl,-call_shared
>
> it links only libssh and its dependencies statically, which may be
> enough to fix your problem. This still links quite a lot more than
> libssh statically, I am not happy with it at all.
Thanks a lot! This solved my problem for now.
I'll be testing it this week.
Will you put this "patch" to the source tree of CURRENT
(or maybe it's good only as a temporary solution)?
Thanks again!
Regards
--
Piotr Buliński
Informatyka na Wydziale Elektrycznym
Politechnika Warszawska
More information about the freebsd-current
mailing list