Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2018786 - /usr/lib64/security/pam_mysql.so: undefined symbol: compat_make_scrambled_password_323
Summary: /usr/lib64/security/pam_mysql.so: undefined symbol: compat_make_scrambled_pas...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: pam_mysql
Version: 35
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paul P Komkoff Jr
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-10-31 08:23 UTC by Spike
Modified: 2021-11-14 04:06 UTC (History)
3 users (show)

Fixed In Version: pam_mysql-1.0.0~beta1-1.fc34 pam_mysql-1.0.0~beta1-1.fc33 pam_mysql-1.0.0~beta1-1.fc35
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-14 03:43:14 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Spike 2021-10-31 08:23:13 UTC
Description of problem:
Any use of pam_mysql on Fedora 35 fails with the following message in the system journal:

PAM unable to dlopen(/usr/lib64/security/pam_mysql.so): /usr/lib64/security/pam_mysql.so: undefined symbol: compat_make_scrambled_password_323
PAM adding faulty module: /usr/lib64/security/pam_mysql.so


Version-Release number of selected component (if applicable):
pam_mysql-0.8.1-0.10.fc35.x86_64.rpm

How reproducible:
Always

Steps to Reproduce:
1. Create database, e.g.
CREATE database vpn_db;

CREATE TABLE tbl_user (
  username varchar(128),
  password varchar(128) NOT NULL,
  PRIMARY KEY (username)
);

INSERT INTO vpn_db.tbl_user (username, password) VALUES ('test', sha2('test', 512));

2. Create /etc/pam.d/mysql with the following content
auth       optional     pam_mysql.so config_file=/etc/pam_mysql.conf verbose=1
account    required     pam_mysql.so config_file=/etc/pam_mysql.conf verbose=1

3. Create /etc/pam_mysql.conf (change username/password/host/port accordingly)
users.host            = 127.0.0.1:3306
users.database        = vpn_db
users.db_user         = root
users.db_passwd       = my-secret-pw
users.table           = tbl_user
users.user_column     = tbl_user.username
users.password_column = tbl_user.password
users.password_crypt  = 8

Note: These match the default of the official mysql and maraidb containers, so one can quickly test this by running 
docker run --name some-mariadb --network=host -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mariadb

4. Run pamtester:
echo "test" | pamtester -v mysql test authenticate

Actual results:
pamtester: invoking pam_start(mysql, test, ...)
pamtester: performing operation - authenticate
pamtester: Permission denied

Expected results:
pamtester: invoking pam_start(mysql, test, ...)
pamtester: performing operation - authenticate
Password:pamtester: successfully authenticated

Additional info:
Seems like anything before https://github.com/NigelCunningham/pam-MySQL/commit/f3d32aa9fb121e51a2168871a7b0856c2cdcf0ab works fine (test builds at https://copr.fedorainfracloud.org/coprs/spike/pam-MySQL/)

Comment 1 Spike 2021-11-01 09:40:35 UTC
This could be fixed with https://src.fedoraproject.org/rpms/pam_mysql/pull-request/2

Comment 2 Fedora Update System 2021-11-03 16:55:13 UTC
FEDORA-2021-87f7b6b10e has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2021-87f7b6b10e

Comment 3 Fedora Update System 2021-11-03 16:55:16 UTC
FEDORA-2021-8f605d9ac3 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2021-8f605d9ac3

Comment 4 Fedora Update System 2021-11-03 16:55:18 UTC
FEDORA-2021-f118399480 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2021-f118399480

Comment 5 Fedora Update System 2021-11-04 13:56:52 UTC
FEDORA-2021-87f7b6b10e has been pushed to the Fedora 33 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-87f7b6b10e`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-87f7b6b10e

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 6 Fedora Update System 2021-11-04 14:08:43 UTC
FEDORA-2021-f118399480 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-f118399480`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-f118399480

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 7 Fedora Update System 2021-11-04 14:13:51 UTC
FEDORA-2021-8f605d9ac3 has been pushed to the Fedora 34 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-8f605d9ac3`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2021-8f605d9ac3

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2021-11-14 03:43:14 UTC
FEDORA-2021-8f605d9ac3 has been pushed to the Fedora 34 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 9 Fedora Update System 2021-11-14 03:49:39 UTC
FEDORA-2021-87f7b6b10e has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 10 Fedora Update System 2021-11-14 04:06:21 UTC
FEDORA-2021-f118399480 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.