Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120514041106.GS163@brightrain.aerifal.cx>
Date: Mon, 14 May 2012 00:11:06 -0400
From: Rich Felker <dalias@...ifal.cx>
To: musl@...ts.openwall.com
Subject: Re: make -i with linux-pam

On Sun, May 13, 2012 at 08:58:24PM -0700, Isaac Dunham wrote:
> .libs/pam_group.o: In function `check_account':
> pam_group.c:(.text+0x12fe): undefined reference to `innetgr'

This can be solved with a stub implementation the netgr stuff (all
functions behave as if there are no netgroups defined).

> pam_lastlog.c: In function ‘last_login_read’:
> pam_lastlog.c:167: error: ‘_PATH_LASTLOG’ undeclared (first use in this function)

Fixed.

> pam_namespace.h:169: error: ‘LOGIN_NAME_MAX’ undeclared here (not in a function)

Fixed.

> ../../libpam/include/security/pam_modutil.h:57: note: expected ‘const char *’ but argument is of type ‘const char **’
> pam_namespace.c:551: warning: format ‘%s’ expects type ‘char *’, but argument 4 has type ‘const char **’

This sounds bad; any idea what the cause is?

> opasswd.c: In function ‘compare_password’:
> opasswd.c:102: error: storage size of ‘output’ isn’t known
> opasswd.c:106: warning: implicit declaration of function ‘crypt_r’
> opasswd.c:102: warning: unused variable ‘output’

The code is there but has no exposed interface...

> .libs/pam_rhosts.o: In function `pam_sm_authenticate':
> pam_rhosts.c:(.text+0x36c): undefined reference to `ruserok'

This is junk... insecure legacy rhosts stuff. Can it be disabled?
Adding code to support it seems bad.

> pam_unix_passwd.c:57:21: error: rpc/rpc.h: No such file or directory

This would need an external rpc implementation, but I question why
unix_passwd support needs rpc to begin with...

> In file included from pam_unix_passwd.c:79:
> yppasswd.h:48: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘xdr_xpasswd’
> yppasswd.h:49: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘xdr_yppasswd’

Ugly NIS stuff...

> passverify.c: In function ‘unix_update_passwd’:
> passverify.c:794: warning: implicit declaration of function ‘putpwent’

Should not be hard to add.

Basically the problems break down into:
- missing crypt_r public interface
- missing NIS/RPC
- missing rhosts stuff
- missing netgroup stuff
- a few minor header file issues

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.