Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Aug 2023 23:38:30 -0700
From:      Mark Millard <marklmi@yahoo.com>
To:        trashcan@ellael.org, Current FreeBSD <freebsd-current@freebsd.org>
Subject:   RE: 14-CURRENT | alternatives for defunct /usr/lib/pam_opie.so?
Message-ID:  <2A3D0A54-EE70-47D5-A7AF-E141CC0EE6FE@yahoo.com>
References:  <2A3D0A54-EE70-47D5-A7AF-E141CC0EE6FE.ref@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Michael Grimm <trashcan_at_ellael.org> wrote on
Date: Mon, 07 Aug 2023 20:43:22 UTC :

> I'm currently in the process to prepare for upcoming 14-STABLE. Thus, =
I upgraded one of my sytems from 13-STABLE to 14-CURRENT.
>=20
> Everything went fine, except for programs that need =
/usr/lib/pam_opie.so which are:
>=20
> 1) jexec <jailname> /usr/bin/login -u <user>
> 2) redis-server
> 3) mariadb1011-server
>=20
> Error messages:
>=20
> su[6371]: in openpam_load_module(): no pam_opie.so found
> su[6371]: pam_start: System error
>=20
> Well, although it has been reported some time ago that pam_opie and =
pam_opieaccess.so will become removed in Freebsd 14, there is a port =
security/opie providing both libraries. Quick workaround.
>=20
> But I want to understand why the above mentioned programs do fail =
although not dynamically linked against /usr/lib/pam_opie.so



openpam_load_module leads to dlopen use to open pam_opie.so
instead of it being prebound :=20

# grep -r openpam_load_module /usr/main-src/ | more
/usr/main-src/contrib/openpam/lib/libpam/openpam_impl.h:pam_module_t    =
*openpam_load_module(const char *)
/usr/main-src/contrib/openpam/lib/libpam/openpam_configure.c:           =
if ((this->module =3D openpam_load_module(modulename)) =3D=3D NULL) {
=
/usr/main-src/contrib/openpam/lib/libpam/openpam_load.c:openpam_load_modul=
e(const char *modulename)

pam_module_t *
openpam_load_module(const char *modulename)
{
        pam_module_t *module;

        module =3D openpam_dynamic(modulename);
. . .
        return (module);
}

That eventually gets to the likes of:

static void *
try_dlopen(const char *modfn)
{
        int check_module_file;
        void *dlh;
. . .
        if ((dlh =3D dlopen(modfn, RTLD_NOW)) =3D=3D NULL) {
                openpam_log(PAM_LOG_ERROR, "%s: %s", modfn, dlerror());
                errno =3D 0;
                return (NULL);
        }
        return (dlh);
}

Absent that load working, pam_start also reports a failure because
of the (pam_module_t *)NULL --or so I assume.

=3D=3D=3D
Mark Millard
marklmi at yahoo.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2A3D0A54-EE70-47D5-A7AF-E141CC0EE6FE>