headers
vidya chandrasekaran | 1 Jan 2006 10:32
Picon
Favicon

undefined symbol:

Hi All,

Some time back i configured CVS to work with pam
through pam_ldap.
I am now trying the same on a different machine (This
time on the same box as where i have LDAP setup).
Things didn't work as well this time.

An strace of 'cvs login' shows

22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM unable to 
dlopen(/usr/local/pam/lib/security/pam_ldap.so)", 91,
0) = 91
22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
22808 time([1136107177])                = 1136107177
22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
{SIG_DFL}, 8) = 0
22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM [dlerror: 
/usr/local/pam/lib/security/pam_ldap.so: undefined
symbol: 
ber_pvt_opt_on]", 118, 0) = 118
22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
22808 time([1136107177])                = 1136107177
22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
{SIG_DFL}, 8) = 0
22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM adding
faulty module: 
/usr/local/pam/lib/security/pam_ldap.so", 95, 0) = 95

PAM then falls back to pam_deny.so as per my
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andreas Schindler | 2 Jan 2006 11:37
Picon

Re: Pam-list Digest, Vol 23, Issue 1

pam-list-request <at> redhat.com wrote:

> To:
> pam-list <at> redhat.com
> 
> 
> Hi All,
> 
> Some time back i configured CVS to work with pam
> through pam_ldap.
> I am now trying the same on a different machine (This
> time on the same box as where i have LDAP setup).
> Things didn't work as well this time.
> 
> An strace of 'cvs login' shows
> 
> 22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM unable to 
> dlopen(/usr/local/pam/lib/security/pam_ldap.so)", 91,
> 0) = 91
> 22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> 22808 time([1136107177])                = 1136107177
> 22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
> {SIG_DFL}, 8) = 0
> 22808 send(4, "<11>Jan  1 14:49:37 cvs: PAM [dlerror: 
> /usr/local/pam/lib/security/pam_ldap.so: undefined
> symbol: 
> ber_pvt_opt_on]", 118, 0) = 118
> 22808 rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> 22808 time([1136107177])                = 1136107177
> 22808 rt_sigaction(SIGPIPE, {0x1d9450, [], 0},
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mike Becher | 5 Jan 2006 13:47
Picon

Re: pam_login_access vs. pam_access (fwd)

Hi again,

because I don't know whether my patch for pam_access module (please
have a look at forwarded message but without patch) will be accepted
by list moderator or not (message was too large, larger than 40kB
because patch size is 100735 bytes) I post it again but now in 5
pieces in messages with subject: "pam_access patch part X of 5"

I hope this code finds the way into official distribution of
Linux-PAM.

Best regards,
  Mike

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

1) patches which content changes to configuration file
  p01-Linux-PAM-0.99.2.1-config.h.in
  p02-Linux-PAM-0.99.2.1-configure.in
  p10-Linux-PAM-0.99.2.1-modules-pam_access-Makefile.am
  p13-Linux-PAM-0.99.2.1-modules-pam_access-pam_access_config.h
(Continue reading)

Permalink | Reply | 5 comments |
headers
Mike Becher | 5 Jan 2006 13:48
Picon

pam_access patch part 1 of 5

pam_access patch part 1 of 5

patches which content changes to configuration file
  p01-Linux-PAM-0.99.2.1-config.h.in
  p02-Linux-PAM-0.99.2.1-configure.in
  p10-Linux-PAM-0.99.2.1-modules-pam_access-Makefile.am
  p13-Linux-PAM-0.99.2.1-modules-pam_access-pam_access_config.h

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

best regards,
  mike

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher <at> lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mike Becher | 5 Jan 2006 13:48
Picon

pam_access patch part 2 of 5

pam_access patch part 2 of 5

patches which enable manual stuff for PAM itself
  p05-Linux-PAM-0.99.2.1-modules-pam_access-access.conf.5
  p09-Linux-PAM-0.99.2.1-modules-pam_access-login.access.5
  p11-Linux-PAM-0.99.2.1-modules-pam_access-pam_access.8

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

best regards,
  mike

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher <at> lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------
(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Mike Becher
 | 
5 Jan 2006 13:49






Picon





pam_access patch part 3 of 5


pam_access patch part 3 of 5

patches with examples or other documatation stuff
  p03-Linux-PAM-0.99.2.1-doc-modules-pam_access.sgml
  p04-Linux-PAM-0.99.2.1-modules-pam_access-access.conf
  p06-Linux-PAM-0.99.2.1-modules-pam_access-ChangeLog
  p14-Linux-PAM-0.99.2.1-modules-pam_access-verify_access

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

best regards,
  mike

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher <at> lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------

(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Mike Becher
 | 
5 Jan 2006 13:49






Picon





pam_access patch part 4 of 5


pam_access patch part 4 of 5

patches for check_login_access test program
  p07-Linux-PAM-0.99.2.1-modules-pam_access-check_login_access.8
  p08-Linux-PAM-0.99.2.1-modules-pam_access-check_login_access.c

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

best regards,
  mike

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher <at> lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------


diff -u -r -N Linux-PAM-0.99.2.1.orig/modules/pam_access/check_login_access.8 Linux-PAM-0.99.2.1/modules/pam_access/check_login_access.8

(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Thorsten Kukuk
 | 
5 Jan 2006 14:00






Picon





pamh allowed to be NULL?



Hi,

the LSB PAM test suite expects that pamh can be NULL and the function
should not crash. With the current optimizations and usage of nonnull
attribute, it seems this is not always true anymore. I know it is
debateable if a library should crash in such cases or not and that
everybody has another opinion.

My question is: Is there any documentation which tells us how
a PAM function should behave if the pamh argument is NULL? I cannot
find this, even the LSB spec itself says nothing about this.

  Thorsten
--

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk <at> suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B






Permalink
| Reply
| 1 comment  
| 



  

  

  





headers


Mike Becher
 | 
5 Jan 2006 13:49






Picon





pam_access patch part 5 of 5


pam_access patch part 5 of 5

the patch again old version of pam_access.c (gzipped because it is
60kB) which enable the new features and does the code rearrangement.
   p12-Linux-PAM-0.99.2.1-modules-pam_access-pam_access.c.gz

short description:
-----------------

These patches enable:
 * convert_hostname feature
 * IPv4(/)  IPv6  support
 * the network(address) / netmask feature
 * external helper feature
 * manual support

best regards,
  mike

-----------------------------------------------------------------------------
 Mike Becher                              Mike.Becher <at> lrz-muenchen.de
 Leibniz-Rechenzentrum der                http://www.lrz.de
 Bayerischen Akademie der Wissenschaften  phone: +49-89-289-28721      
 Gruppe Hochleistungssysteme              fax:   +49-89-280-9460
 Barer Strasse 21                    
 D-80333 Muenchen
 Germany                   
-----------------------------------------------------------------------------


Attachment (p12-Linux-PAM-0.99.2.1-modules-pam_access-pam_access.c.gz): application/octet-stream, 12 KiB


(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  





headers


Darren Tucker
 | 
5 Jan 2006 14:32






Picon

Picon





Re: pamh allowed to be NULL?


On Thu, Jan 05, 2006 at 02:00:34PM +0100, Thorsten Kukuk wrote:
> the LSB PAM test suite expects that pamh can be NULL and the function
> should not crash. With the current optimizations and usage of nonnull
> attribute, it seems this is not always true anymore. I know it is
> debateable if a library should crash in such cases or not and that
> everybody has another opinion.
> 
> My question is: Is there any documentation which tells us how
> a PAM function should behave if the pamh argument is NULL? I cannot
> find this, even the LSB spec itself says nothing about this.

FWIW, XSSO [1] describes the pamh argument as "pamh (in): The
PAMauthentication handle, obtained from a previous call to pam_start()".
In pam_start(), it says "On successful completion, pamh refers to a
PAMhandle for use with subsequent calls to the authentication library."

I would interpret this as meaning that passing anything as a PAM handle
that was not returned by a successful call to pam_start as undefined
behaviour.  In that case, crashing on a NULL pamh is just as undefined
as any other behaviour.

On the other hand, the descriptions of pamh in most functions do not
say "obtained from a _successful_ call to pam_start", so you could
argue that if pam_start sets the pamh to NULL on failure, passing that
NULL to subsequent PAM calls is covered under "obtained from a previous
call to pam_start()".  I have no idea what LinuxPAM does if pam_start()
fails, though.

[1] http://www.opengroup.org/onlinepubs/008329799/toc.pdf


(Continue reading)






Permalink
| Reply
| 0 comments  
| 



  

  

  

  


  





    



Gmane