PAM modules dependency on PAM library (was: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c)
On Mon, Apr 08, 2002 at 02:49:04PM +0200, Dag-Erling Smorgrav wrote:
Ruslan Ermilov [EMAIL PROTECTED] writes:
You're right. I forgot to relink pam_ssh.so library, and the diff was
against the wrong revision. I will still commit the const poisoning
patch to libutil, as the impact turned out to be really low.
Thanks, const poisoning is a Good Thing [tm].
BTW, could you try to figure out a way we can split up the libpam
build so the modules can depend on libpam.so? What I'd like is:
1) build static modules
2) build static and dynamic libpam
3) build dynamic modules (with dependency on libpam.so)
or
1) build dynamic libpam
2) build modules (with dependency on libpam.so)
3) build static libpam
or something similar.
Uh oh, here is the version that seems to work. Once I'm confident it
passes the make release test (it has already passed the preliminary
make buildworld test), I intend to commit it.
Note that I'm not passing the _NO_LIBPAM_SO_YET to the depend stage
intentionally; otherwise, it results in incomplete .depend files.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
Index: Makefile.inc1
===
RCS file: /home/ncvs/src/Makefile.inc1,v
retrieving revision 1.311
diff -u -r1.311 Makefile.inc1
--- Makefile.inc1 13 Nov 2002 13:49:29 - 1.311
+++ Makefile.inc1 14 Nov 2002 14:39:46 -
@@ -729,7 +729,8 @@
.endif
_prebuild_libs+= lib/libcom_err lib/libcrypt lib/libkvm lib/libmd \
- lib/libncurses lib/libopie lib/libradius lib/librpcsvc \
+ lib/libncurses lib/libopie lib/libpam lib/libradius \
+ lib/librpcsvc \
lib/libsbuf lib/libtacplus lib/libutil lib/libypclnt \
lib/libz lib/msun
@@ -755,7 +756,7 @@
_generic_libs+=usr.sbin/pcvt/keycap
.endif
-.for _lib in ${_startup_libs} ${_prebuild_libs} ${_generic_libs}
+.for _lib in ${_startup_libs} ${_prebuild_libs:Nlib/libpam} ${_generic_libs}
${_lib}__L: .PHONY
.if exists(${.CURDIR}/${_lib})
${ECHODIR} === ${_lib}; \
@@ -765,6 +766,16 @@
${MAKE} DIRPRFX=${_lib}/ install
.endif
.endfor
+
+# libpam is special: we need to build static PAM modules before
+# static PAM library, and dynamic PAM library before dynamic PAM
+# modules.
+lib/libpam__L: .PHONY
+ ${ECHODIR} === lib/libpam; \
+ cd ${.CURDIR}/lib/libpam; \
+ ${MAKE} DIRPRFX=lib/libpam/ depend; \
+ ${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET all; \
+ ${MAKE} DIRPRFX=lib/libpam/ -D_NO_LIBPAM_SO_YET install
_startup_libs: ${_startup_libs:S/$/__L/}
_prebuild_libs: ${_prebuild_libs:S/$/__L/}
Index: lib/libpam/modules/Makefile.inc
===
RCS file: /home/ncvs/src/lib/libpam/modules/Makefile.inc,v
retrieving revision 1.13
diff -u -r1.13 Makefile.inc
--- lib/libpam/modules/Makefile.inc 13 May 2002 10:53:24 - 1.13
+++ lib/libpam/modules/Makefile.inc 14 Nov 2002 14:39:46 -
@@ -4,7 +4,6 @@
NOINSTALLLIB= yes
NOPROFILE= yes
-SHLIB_NAME?= ${LIB}.so.${SHLIB_MAJOR}
CFLAGS+= -I${PAMDIR}/include
CFLAGS+= -I${.CURDIR}/../../libpam
@@ -14,8 +13,12 @@
# This is nasty.
# For the static case, libpam.a depends on the modules.
# For the dynamic case, the modules depend on libpam.so.N
-# Punt for the time being until I can figure out how to do it.
-#DPADD+= ${LIBPAM}
-#LDADD+= -lpam
+.if defined(_NO_LIBPAM_SO_YET)
+NOPIC= YES
+.else
+SHLIB_NAME?= ${LIB}.so.${SHLIB_MAJOR}
+DPADD+=${LIBPAM}
+LDADD+=-lpam
+.endif
.include ../Makefile.inc
msg46674/pgp0.pgp
Description: PGP signature
Re: PAM modules dependency on PAM library (was: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c)
On Thu, Nov 14, 2002 at 04:28:37PM +0100, Dag-Erling Smorgrav wrote: Ruslan Ermilov [EMAIL PROTECTED] writes: Uh oh, here is the version that seems to work. Once I'm confident it passes the make release test (it has already passed the preliminary make buildworld test), I intend to commit it. Thanks! I've tested it with i386 buildworld and cross-release of alpha. (i386 release died in buildkernel due to already fixed breakage in /sys/dev/pccard.) This is now committed. Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age msg46709/pgp0.pgp Description: PGP signature
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
On Mon, Apr 08, 2002 at 04:13:38PM +0200, Dag-Erling Smorgrav wrote:
Ruslan Ermilov [EMAIL PROTECTED] writes:
That should be as simple as that:
[...]
Thank you very much!
Sorry, this doesn't seem to work in the `makeworld' environment
because at the time we build shared PAM modules, libpam.so doesn't
yet installed under ${WORLDTMP}/usr/lib. I will see if I can
fix this later today.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
msg37116/pgp0.pgp
Description: PGP signature
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
On Sun, Apr 07, 2002 at 01:43:27PM -0700, Dag-Erling Smorgrav wrote:
des 2002/04/07 13:43:27 PDT
Modified files:
lib/libpam/modules/pam_unix pam_unix.c
Log:
Fix bug in previous commit that passed the wrong default value to
login_getcapstr(3). Also fix a longer-standing bug (login_close(3)
frees the string returned by login_getcapstr(3)) by reorganizing the
code a little, and use login_getpwclass(3) instead of login_getclass(3)
if we already have a struct pwd.
Sponsored by: DARPA, NAI Labs
Revision ChangesPath
1.29 +8 -6 src/lib/libpam/modules/pam_unix/pam_unix.c
This change also broke the Password: prompt. The bug is hidden by
the -Wno-uninitialized setting in bsd.sys.mk. Here's the patch:
%%%
Index: pam_unix.c
===
RCS file: /home/ncvs/src/lib/libpam/modules/pam_unix/pam_unix.c,v
retrieving revision 1.28
diff -u -p -r1.28 pam_unix.c
--- pam_unix.c 6 Apr 2002 19:30:04 - 1.28
+++ pam_unix.c 8 Apr 2002 09:53:12 -
@@ -122,7 +122,8 @@ pam_sm_authenticate(pam_handle_t *pamh,
struct passwd *pwd;
int retval;
const char *pass, *user;
- char *encrypted, *password_prompt;
+ char *encrypted;
+ const char *password_prompt;
pam_std_option(options, other_options, argc, argv);
@@ -141,7 +142,7 @@ pam_sm_authenticate(pam_handle_t *pamh,
lc = login_getclass(NULL);
password_prompt = login_getcapstr(lc, passwd_prompt,
- password_prompt, NULL);
+ Password:, NULL);
login_close(lc);
lc = NULL;
@@ -512,7 +513,8 @@ local_passwd(const char *user, const cha
login_cap_t * lc;
struct passwd *pwd;
int pfd, tfd;
- char *crypt_type, salt[SALTSIZE + 1];
+ const char *crypt_type;
+ char salt[SALTSIZE + 1];
pwd = getpwnam(user);
if (pwd == NULL)
%%%
But this patch won't work without the const poisoning lib/libutil:
%%%
Index: login_auth.c
===
RCS file: /home/ncvs/src/lib/libutil/login_auth.c,v
retrieving revision 1.12
diff -u -p -r1.12 login_auth.c
--- login_auth.c30 Sep 2001 22:35:07 - 1.12
+++ login_auth.c8 Apr 2002 09:58:59 -
@@ -65,7 +65,7 @@ __FBSDID($FreeBSD: src/lib/libutil/logi
void
auth_checknologin(login_cap_t *lc)
{
- char *file;
+ const char *file;
/* Do we ignore a nologin file? */
if (login_getcapbool(lc, ignorenologin, 0))
Index: login_cap.3
===
RCS file: /home/ncvs/src/lib/libutil/login_cap.3,v
retrieving revision 1.27
diff -u -p -r1.27 login_cap.3
--- login_cap.3 1 Oct 2001 16:09:18 - 1.27
+++ login_cap.3 8 Apr 2002 09:58:59 -
@@ -52,12 +52,12 @@
.Fn login_getpwclass const struct passwd *pwd
.Ft login_cap_t *
.Fn login_getuserclass const struct passwd *pwd
-.Ft char *
-.Fn login_getcapstr login_cap_t *lc const char *cap char *def char *error
+.Ft const char *
+.Fn login_getcapstr login_cap_t *lc const char *cap const char *def const char
+*error
.Ft char **
.Fn login_getcaplist login_cap_t *lc const char *cap const char *chars
-.Ft char *
-.Fn login_getpath login_cap_t *lc const char *cap char *error
+.Ft const char *
+.Fn login_getpath login_cap_t *lc const char *cap const char *error
.Ft rlim_t
.Fn login_getcaptime login_cap_t *lc const char *cap rlim_t def rlim_t error
.Ft rlim_t
@@ -66,8 +66,8 @@
.Fn login_getcapsize login_cap_t *lc const char *cap rlim_t def rlim_t error
.Ft int
.Fn login_getcapbool login_cap_t *lc const char *cap int def
-.Ft char *
-.Fn login_getstyle login_cap_t *lc char *style const char *auth
+.Ft const char *
+.Fn login_getstyle login_cap_t *lc const char *style const char *auth
.Ft const char *
.Fn login_setcryptfmt login_cap_t *lc const char *def const char *error
.Sh DESCRIPTION
Index: login_cap.c
===
RCS file: /home/ncvs/src/lib/libutil/login_cap.c,v
retrieving revision 1.26
diff -u -p -r1.26 login_cap.c
--- login_cap.c 6 Mar 2002 15:24:51 - 1.26
+++ login_cap.c 8 Apr 2002 09:58:59 -
@@ -344,8 +344,8 @@ login_getuserclass(const struct passwd *
* an error string on error.
*/
-char *
-login_getcapstr(login_cap_t *lc, const char *cap, char *def, char *error)
+const char *
+login_getcapstr(login_cap_t *lc, const char *cap, const char *def, const char *error)
{
char*res;
intret;
@@ -373,7 +373,7 @@ login_getcaplist(login_cap_t *lc, const
if (chars == NULL)
chars = , \t;
-if ((lstring = login_getcapstr(lc, cap, NULL, NULL)) != NULL)
+if ((lstring = (char *)login_getcapstr(lc, cap, NULL, NULL)) != NULL)
return arrayize(lstring, chars, NULL);
return NULL;
}
@@ -387,15 +387,15 @@ login_getcaplist(login_cap_t *lc, const
* If there
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
Ruslan Ermilov [EMAIL PROTECTED] writes: On Sun, Apr 07, 2002 at 01:43:27PM -0700, Dag-Erling Smorgrav wrote: Log: Fix bug in previous commit that passed the wrong default value to login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. This change also broke the Password: prompt. The bug is hidden by the -Wno-uninitialized setting in bsd.sys.mk. Here's the patch: The commit you quote *fixed* the bug you're referring to. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
On Mon, Apr 08, 2002 at 12:15:17PM +0200, Dag-Erling Smorgrav wrote: Ruslan Ermilov [EMAIL PROTECTED] writes: On Sun, Apr 07, 2002 at 01:43:27PM -0700, Dag-Erling Smorgrav wrote: Log: Fix bug in previous commit that passed the wrong default value to login_getcapstr(3). Also fix a longer-standing bug (login_close(3) frees the string returned by login_getcapstr(3)) by reorganizing the code a little, and use login_getpwclass(3) instead of login_getclass(3) if we already have a struct pwd. This change also broke the Password: prompt. The bug is hidden by the -Wno-uninitialized setting in bsd.sys.mk. Here's the patch: The commit you quote *fixed* the bug you're referring to. You're right. I forgot to relink pam_ssh.so library, and the diff was against the wrong revision. I will still commit the const poisoning patch to libutil, as the impact turned out to be really low. Cheers, -- Ruslan Ermilov Sysadmin and DBA, [EMAIL PROTECTED] Sunbay Software AG, [EMAIL PROTECTED] FreeBSD committer, +380.652.512.251Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age msg37092/pgp0.pgp Description: PGP signature
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
Ruslan Ermilov [EMAIL PROTECTED] writes: You're right. I forgot to relink pam_ssh.so library, and the diff was against the wrong revision. I will still commit the const poisoning patch to libutil, as the impact turned out to be really low. Thanks, const poisoning is a Good Thing [tm]. BTW, could you try to figure out a way we can split up the libpam build so the modules can depend on libpam.so? What I'd like is: 1) build static modules 2) build static and dynamic libpam 3) build dynamic modules (with dependency on libpam.so) or 1) build dynamic libpam 2) build modules (with dependency on libpam.so) 3) build static libpam or something similar. DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
On Mon, Apr 08, 2002 at 02:49:04PM +0200, Dag-Erling Smorgrav wrote:
Ruslan Ermilov [EMAIL PROTECTED] writes:
You're right. I forgot to relink pam_ssh.so library, and the diff was
against the wrong revision. I will still commit the const poisoning
patch to libutil, as the impact turned out to be really low.
Thanks, const poisoning is a Good Thing [tm].
BTW, could you try to figure out a way we can split up the libpam
build so the modules can depend on libpam.so? What I'd like is:
1) build static modules
2) build static and dynamic libpam
3) build dynamic modules (with dependency on libpam.so)
or
1) build dynamic libpam
2) build modules (with dependency on libpam.so)
3) build static libpam
or something similar.
That should be as simple as that:
%%%
Index: Makefile.inc
===
RCS file: /home/ncvs/src/lib/libpam/modules/Makefile.inc,v
retrieving revision 1.10
diff -u -r1.10 Makefile.inc
--- Makefile.inc6 Apr 2002 19:32:37 - 1.10
+++ Makefile.inc8 Apr 2002 14:03:39 -
@@ -9,11 +9,7 @@
CFLAGS+= -I${.CURDIR}/../../libpam
WARNS?=4
-# This is nasty.
-# For the static case, libpam.a depends on the modules.
-# For the dynamic case, the modules depend on libpam.so.N
-# Punt for the time being until I can figure out how to do it.
-#DPADD+= ${LIBPAM}
-#LDADD+= -lpam
+# Break `checkdpadd' deliberately.
+LDADD+=-lpam
.include ../Makefile.inc
%%%
For the static case (Mark probably means building of libpam.a here),
libpam.a indeed depends on the modules, but in the make(1) sense of
dependency, which we (sorry, _you_ Mark :-) handle nicely with the
STATIC_MODULES thingie.
Cheers,
--
Ruslan Ermilov Sysadmin and DBA,
[EMAIL PROTECTED] Sunbay Software AG,
[EMAIL PROTECTED] FreeBSD committer,
+380.652.512.251Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
msg37096/pgp0.pgp
Description: PGP signature
Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c
Ruslan Ermilov [EMAIL PROTECTED] writes: That should be as simple as that: [...] Thank you very much! DES -- Dag-Erling Smorgrav - [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
