Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Feb 2013 14:38:51 GMT
From:      Constantin Stefanov <cstef@parallel.ru>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/176264: [PATCH] security/pam_ssh_agent_auth breaks PAM
Message-ID:  <201302191438.r1JEcpWK083618@red.freebsd.org>
Resent-Message-ID: <201302191440.r1JEe0pH080975@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         176264
>Category:       ports
>Synopsis:       [PATCH] security/pam_ssh_agent_auth breaks PAM
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 19 14:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Constantin Stefanov
>Release:        9.1-RELEASE
>Organization:
RCC MSU
>Environment:
FreeBSD hosting.srcc.msu.ru 9.1-RELEASE FreeBSD 9.1-RELEASE #0 r243825: Tue Dec  4 09:23:10 UTC 2012     root@farrell.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  amd64

>Description:
After upgrading to pam_ssh_agent_auth-0.9.4 (security/pam_ssh_agent_auth) any program using it as PAM module (sudo in my case) fails to initialize PAM. The cause is that pam_ssh_user_agent.so want some external symbols which are not defined anywhere. These symbols like pamsshagentauth___b64_ntop should be defined and reference correct variant, but that does not happen.

The attached patch (which should be placed into /usr/ports/security/pam_ssh_agent_auth/files fixes the problem, defining necessary functions.
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ur openbsd-compat/base64.h openbsd-compat/base64.h
--- openbsd-compat/base64.h	2013-02-19 17:52:53.000000000 +0400
+++ openbsd-compat/base64.h	2013-02-19 17:49:44.000000000 +0400
@@ -54,6 +54,7 @@
 # endif /* !HAVE_B64_NTOP */
 # define pamsshagentauth___b64_ntop(a,b,c,d) b64_ntop(a,b,c,d)
 #endif /* HAVE___B64_NTOP */
+#define pamsshagentauth___b64_ntop(a,b,c,d) __b64_ntop(a,b,c,d)
 
 #ifndef HAVE___B64_PTON
 # ifndef HAVE_B64_PTON
@@ -61,5 +62,6 @@
 # endif /* !HAVE_B64_PTON */
 # define pamsshagentauth___b64_pton(a,b,c) b64_pton(a,b,c)
 #endif /* HAVE___B64_PTON */
+#define pamsshagentauth___b64_pton(a,b,c) __b64_pton(a,b,c)
 
 #endif /* _BSD_BASE64_H */
diff -ur openbsd-compat/bsd-arc4random.c openbsd-compat/bsd-arc4random.c
--- openbsd-compat/bsd-arc4random.c	2012-06-28 05:47:49.000000000 +0400
+++ openbsd-compat/bsd-arc4random.c	2013-02-19 18:02:38.000000000 +0400
@@ -82,4 +82,17 @@
 
 	rc4_ready = REKEY_BYTES;
 }
+#else /* HAVE_ARC4RANDOM */
+
+unsigned int
+pamsshagentauth_arc4random(void)
+{
+        return arc4random();
+}
+
+void
+pamsshagentauth_arc4random_stir(void)
+{
+        arc4random_stir();
+}
 #endif /* !HAVE_ARC4RANDOM */
diff -ur openbsd-compat/strlcat.c openbsd-compat/strlcat.c
--- openbsd-compat/strlcat.c	2012-06-28 05:47:49.000000000 +0400
+++ openbsd-compat/strlcat.c	2013-02-19 18:03:34.000000000 +0400
@@ -59,4 +59,10 @@
 	return(dlen + (s - src));	/* count does not include NUL */
 }
 
+#else /* HAVE_STRLCAT */
+size_t
+pamsshagentauth_strlcat(char *dst, const char *src, size_t siz)
+{
+        return strlcat(dst, src, siz);
+}
 #endif /* !HAVE_STRLCAT */
diff -ur openbsd-compat/strlcpy.c openbsd-compat/strlcpy.c
--- openbsd-compat/strlcpy.c	2012-06-28 05:47:49.000000000 +0400
+++ openbsd-compat/strlcpy.c	2013-02-19 18:04:18.000000000 +0400
@@ -55,4 +55,10 @@
 	return(s - src - 1);	/* count does not include NUL */
 }
 
+#else /* HAVE_STRLCPY */
+size_t
+pamsshagentauth_strlcpy(char *dst, const char *src, size_t siz)
+{
+        return strlcpy(dst, src, siz);
+}
 #endif /* !HAVE_STRLCPY */
diff -ur openbsd-compat/strtonum.c openbsd-compat/strtonum.c
--- openbsd-compat/strtonum.c	2012-06-28 05:47:49.000000000 +0400
+++ openbsd-compat/strtonum.c	2013-02-19 18:05:16.000000000 +0400
@@ -69,4 +69,11 @@
 	return (ll);
 }
 
-#endif /* HAVE_STRTONUM */
+#else /* HAVE_STRTONUM */
+long long
+pamsshagentauth_strtonum(const char *numstr, long long minval, long long maxval,
+    const char **errstrp)
+{
+        return strtonum(numstr, minval, maxval, errstrp);
+}
+#endif /* i!HAVE_STRTONUM */


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201302191438.r1JEcpWK083618>