From 9bc4c5961d2d9b7e947d560f1eb2619c7ea082ab Mon Sep 17 00:00:00 2001 From: zrj Date: Fri, 10 Nov 2017 20:30:05 +0200 Subject: [PATCH] world: Attempt to fix NOSHARED MINUSLPAM handling. * Add missing LIBYPCLNT as a dependency. TODO: NO_NIS handling. * Add missing LIBSSH (only needed in case of pam_ssh module). * Add missing LIBRECRYPTO too. * Introduce LDFLAGSPAM helper for priv libs. Now NOSHARED=yes buildworld is possible and it is usable. Dynamic .so libraries are still built, just not used during linking of executables (with exceptions). There should be no issues building standard buildworld over static one. Keep in mind that static built utilities like su(1), login(1) will still try to dlopen() the shared pam modules (and fail with sorry "Service unavailable") followed by fallback case of loading static modules through openpam_static(). Because of that syslog and console will get spammed on any login attempts with: _ login: in try_dlopen(): /usr/lib/security/pam_opie.so.2: Service unavailable _ login: in try_dlopen(): /usr/lib/security/pam_unix.so.2: Service unavailable ... _ su: in try_dlopen(): /usr/lib/security/pam_rootok.so.2: Service unavailable _ su: in try_dlopen(): /usr/lib/security/pam_self.so.2: Service unavailable Because libpam.a can still be linked in dynamic exec, not disabling warnings. Currently used OpenPAM Micrampelis is quite stale (at the moment newest release is Resedacea). Also with OpenSSH update there might be an API issue. Please report any breakages on master. --- libexec/atrun/Makefile | 1 + libexec/ftpd/Makefile | 1 + share/mk/bsd.libnames.mk | 12 +++++++++--- usr.bin/login/Makefile | 1 + usr.bin/passwd/Makefile | 2 +- usr.bin/su/Makefile | 2 +- usr.sbin/cron/cron/Makefile | 4 ++-- 7 files changed, 16 insertions(+), 7 deletions(-) diff --git a/libexec/atrun/Makefile b/libexec/atrun/Makefile index ebe8124ec8..c22f12a52a 100644 --- a/libexec/atrun/Makefile +++ b/libexec/atrun/Makefile @@ -15,5 +15,6 @@ CFLAGS+=-DLOGIN_CAP -DPAM DPADD= ${LIBPAM} ${LIBUTIL} LDADD= ${MINUSLPAM} -lutil +LDFLAGS+= ${LDFLAGSPAM} .include diff --git a/libexec/ftpd/Makefile b/libexec/ftpd/Makefile index ff773c42ff..ac1cde1b60 100644 --- a/libexec/ftpd/Makefile +++ b/libexec/ftpd/Makefile @@ -39,6 +39,7 @@ CFLAGS+=-DINET6 CFLAGS+=-DUSE_PAM DPADD+= ${LIBPAM} LDADD+= ${MINUSLPAM} +LDFLAGS+= ${LDFLAGSPAM} .endif .include diff --git a/share/mk/bsd.libnames.mk b/share/mk/bsd.libnames.mk index 541be74863..0adf92dbc8 100644 --- a/share/mk/bsd.libnames.mk +++ b/share/mk/bsd.libnames.mk @@ -63,9 +63,15 @@ LIBOPIE?= ${DESTDIR}${LIBDIR}/libopie.a LIBPAM?= ${DESTDIR}${LIBDIR}/libpam.a MINUSLPAM?= -lpam .if defined(NOSHARED) && ${NOSHARED} != "no" && ${NOSHARED} != "NO" -LIBPAM+= ${LIBRADIUS} ${LIBTACPLUS} ${LIBOPIE} ${LIBCRYPT} ${LIBMD} \ - ${LIBUTIL} -MINUSLPAM+= -lradius -ltacplus -lopie -lcrypt -lmd -lutil +.if !defined(NO_CRYPT) +LIBPAM+= ${LIBSSH} +MINUSLPAM+= -lprivate_ssh +.endif +LIBPAM+= ${LIBRADIUS} ${LIBTACPLUS} ${LIBOPIE} ${LIBYPCLNT} \ + ${LIBCRYPT} ${LIBMD} ${LIBRECRYPTO} ${LIBUTIL} +MINUSLPAM+= -lradius -ltacplus -lopie -lypclnt \ + -lcrypt -lmd -lprivate_crypto -lutil +LDFLAGSPAM+= ${PRIVATELIB_LDFLAGS} .endif LIBPANEL?= ${DESTDIR}${LIBDIR}/priv/libprivate_panel.a diff --git a/usr.bin/login/Makefile b/usr.bin/login/Makefile index ec5cf6646b..08732484f8 100644 --- a/usr.bin/login/Makefile +++ b/usr.bin/login/Makefile @@ -10,6 +10,7 @@ CFLAGS+=-DLOGALL DPADD= ${LIBUTIL} ${LIBPAM} LDADD= -lutil ${MINUSLPAM} +LDFLAGS+= ${LDFLAGSPAM} BINOWN= root BINMODE=4555 diff --git a/usr.bin/passwd/Makefile b/usr.bin/passwd/Makefile index f854daa42e..f4e6c4bb62 100644 --- a/usr.bin/passwd/Makefile +++ b/usr.bin/passwd/Makefile @@ -1,12 +1,12 @@ # From: @(#)Makefile 8.3 (Berkeley) 4/2/94 # $FreeBSD: src/usr.bin/passwd/Makefile,v 1.46 2004/12/29 08:16:39 ache Exp $ -# $DragonFly: src/usr.bin/passwd/Makefile,v 1.5 2007/08/27 16:50:57 pavalos Exp $ PROG= passwd BINOWN= root BINMODE= 4555 DPADD= ${LIBPAM} LDADD= ${MINUSLPAM} +LDFLAGS+= ${LDFLAGSPAM} .if !defined(NO_NIS) LINKS= ${BINDIR}/passwd ${BINDIR}/yppasswd MLINKS= passwd.1 yppasswd.1 diff --git a/usr.bin/su/Makefile b/usr.bin/su/Makefile index 84b02bef4c..18e008a94a 100644 --- a/usr.bin/su/Makefile +++ b/usr.bin/su/Makefile @@ -1,11 +1,11 @@ # @(#)Makefile 8.1 (Berkeley) 7/19/93 # $FreeBSD: src/usr.bin/su/Makefile,v 1.39 2004/02/02 18:01:19 ru Exp $ -# $DragonFly: src/usr.bin/su/Makefile,v 1.8 2007/10/01 08:12:43 swildner Exp $ PROG= su DPADD= ${LIBUTIL} ${LIBPAM} LDADD= -lutil ${MINUSLPAM} +LDFLAGS+= ${LDFLAGSPAM} BINOWN= root BINMODE=4555 diff --git a/usr.sbin/cron/cron/Makefile b/usr.sbin/cron/cron/Makefile index 8eb28955b1..9db9cdbba7 100644 --- a/usr.sbin/cron/cron/Makefile +++ b/usr.sbin/cron/cron/Makefile @@ -1,11 +1,11 @@ # $FreeBSD: src/usr.sbin/cron/cron/Makefile,v 1.16 2007/06/17 17:25:53 yar Exp $ -# $DragonFly: src/usr.sbin/cron/cron/Makefile,v 1.3 2008/01/07 14:11:23 matthias Exp $ PROG= cron SRCS= cron.c database.c do_command.c job.c user.c popen.c CFLAGS+=-DLOGIN_CAP -DPAM DPADD= ${LIBCRON} ${LIBPAM} ${LIBUTIL} -LDADD= ${LIBCRON} -lpam -lutil +LDADD= ${LIBCRON} ${MINUSLPAM} -lutil +LDFLAGS+= ${LDFLAGSPAM} MAN= cron.8 .include -- 2.11.4.GIT