OpenWrt系统安全改进<二> --- 使能PAM
2014-12-04 16:17
1246 查看
使能BUSYBOX的PAM
index 3380885..668679e 100644
— a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -17,7 +17,7 @@ PKG_SOURCE_URL:=http://www.busybox.net/downloads \
http://distfiles.gentoo.org/distfiles/
PKG_MD5SUM:=337d1a15ab1cb1d4ed423168b1eb7d7e
-PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc
+PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc BUSYBOX_CONFIG_PAM:libpam
PKG_BUILD_PARALLEL:=1
PKG_CHECK_FORMAT_SECURITY:=0
@@ -42,7 +42,7 @@ define Package/busybox
MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
TITLE:=Core utilities for embedded Linux
URL:=http://busybox.net/
DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc
+ DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc +BUSYBOX_CONFIG_PAM:libpam
MENU:=1
endef
@@ -80,6 +80,12 @@ ifdef CONFIG_BUSYBOX_USE_LIBRPC
LDLIBS += rpc
endif
+ifdef CONFIG_BUSYBOX_CONFIG_PAM
+ TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
+ export LDFLAGS=$(TARGET_LDFLAGS)
+ LDLIBS += pam pam_misc pthread
+endif
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
libcrypt.so.0 => /lib/libcrypt.so.0 (0x77911000)
libm.so.0 => /lib/libm.so.0 (0x778ec000)
libpam.so.0 => /lib/libpam.so.0 (0x778d1000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x778bf000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7789c000)
libc.so.0 => /lib/libc.so.0 (0x77830000)
libdl.so.0 => /lib/libdl.so.0 (0x7781c000)
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77938000)
OTHER auth required /lib/security/pam_unix.so
OTHER account required /lib/security/pam_unix.so
OTHER password required /lib/security/pam_unix.so
OTHER session required /lib/security/pam_unix.so
ERROR :loginutils/login.c:29:32: fatal error: security/pam_appl.h: No such file or directory
USELESS : make menuconfig 、 Library、libpam
cp feeds/packages/libs/libpam/ to packages/libpam( Maybe not neccessary )
add dependency of busybox to libpam
EFFECT : busybox compile success
ERROR : login.c:(.text.login_main+0x49c): undefined reference to `pam_getenvlist'
package/busybox Makefile add LDLIBS += pam pam_misc
ERROR : cannot find -lpam / cannot find -lpam_misc
删除build_dir下的pam和busybox重编,修改busybox Makefile
ERROR : pam 没有生效
单独执行busybox下的make menuconfig,使ENABLE_PAM为1
ERROR : 输入login返回失败Login incorrect
创建/etc/pam.conf
1 修改.config
make menuconfig 、base system、 busybox、 Login ...、Support for PAM2 修改package/busybox下的Makefile
diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefileindex 3380885..668679e 100644
— a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -17,7 +17,7 @@ PKG_SOURCE_URL:=http://www.busybox.net/downloads \
http://distfiles.gentoo.org/distfiles/
PKG_MD5SUM:=337d1a15ab1cb1d4ed423168b1eb7d7e
-PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc
+PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc BUSYBOX_CONFIG_PAM:libpam
PKG_BUILD_PARALLEL:=1
PKG_CHECK_FORMAT_SECURITY:=0
@@ -42,7 +42,7 @@ define Package/busybox
MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
TITLE:=Core utilities for embedded Linux
URL:=http://busybox.net/
DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc
+ DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc +BUSYBOX_CONFIG_PAM:libpam
MENU:=1
endef
@@ -80,6 +80,12 @@ ifdef CONFIG_BUSYBOX_USE_LIBRPC
LDLIBS += rpc
endif
+ifdef CONFIG_BUSYBOX_CONFIG_PAM
+ TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
+ export LDFLAGS=$(TARGET_LDFLAGS)
+ LDLIBS += pam pam_misc pthread
+endif
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
3 确认PAM编译成功
root@SFP:/# ldd bin/busyboxlibcrypt.so.0 => /lib/libcrypt.so.0 (0x77911000)
libm.so.0 => /lib/libm.so.0 (0x778ec000)
libpam.so.0 => /lib/libpam.so.0 (0x778d1000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x778bf000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7789c000)
libc.so.0 => /lib/libc.so.0 (0x77830000)
libdl.so.0 => /lib/libdl.so.0 (0x7781c000)
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77938000)
4 验证PAM
命令行下输入login,无论什么用户名都会返回失败,需要增加/etc/pam.conf才能正常loginOTHER auth required /lib/security/pam_unix.so
OTHER account required /lib/security/pam_unix.so
OTHER password required /lib/security/pam_unix.so
OTHER session required /lib/security/pam_unix.so
5 调试记录
make menuconfig 、base system、 busybox、 Login ...、Support for PAMERROR :loginutils/login.c:29:32: fatal error: security/pam_appl.h: No such file or directory
USELESS : make menuconfig 、 Library、libpam
cp feeds/packages/libs/libpam/ to packages/libpam( Maybe not neccessary )
add dependency of busybox to libpam
EFFECT : busybox compile success
ERROR : login.c:(.text.login_main+0x49c): undefined reference to `pam_getenvlist'
package/busybox Makefile add LDLIBS += pam pam_misc
ERROR : cannot find -lpam / cannot find -lpam_misc
删除build_dir下的pam和busybox重编,修改busybox Makefile
ERROR : pam 没有生效
单独执行busybox下的make menuconfig,使ENABLE_PAM为1
ERROR : 输入login返回失败Login incorrect
创建/etc/pam.conf
6 心得体会
最后鄙视一下Baidu,在上面找了三天勉勉强强把功能做了出来,用google一搜,第一页就有教怎么实现这个功能的。相关文章推荐
- OpenWrt系统安全改进<四> --- Web UI权限分级
- 黑马程序员 面试技巧<二>--->交通灯管理系统
- 程序员 7K面试题<二>---银行业务系统
- Android 源码系列之<二>从安全的角度深入理解BroadcastReceiver(上)
- 网络安全基础之<二>
- Web系统的测试方法&lt;二&gt;
- 面试项目<二>_银行业务调度系统
- Hadoop学习<二>--HDFS文件系统操作方式
- JavaScript导出table数据到Excel<二>
- (&lt;虚拟项目&gt;广告管理投放系统-2)Sql Server 2008 R2主数据管理系统的安装和配置
- SQL Server 阻止了对组件 'Ad Hoc Distributed Queries' 的 STATEMENT'OpenRowset/OpenDatasource' 的访问,因为此组件已作为此服务器安全配置的一部分而被关闭。系统管理员可以通过使用 s
- 记录我开发鞋服行业供应链软件的历程<设计系统技术架构>
- 如何实现具有层次结构的 TreeView <二> (WPF/TreeView/Style/Template)
- 30分钟学会使用Ajax:<二>
- <寒江独钓>Windows内核安全编程__一个简单的Windows串口过滤驱动程序的开发
- <寒江独钓>Windows内核安全编程__键盘过滤之内核级Hook(二)
- <寒江独钓>Windows内核安全编程__键盘过滤之内核级Hook(一)
- <寒江独钓>Windows内核安全编程__具有还原功能的磁盘卷过滤驱动
- mysql cluster 7.2尝鲜<一>---对join的改进
- &lt;&lt;深入理解计算机系统&gt;&gt;家庭作业3.38, 分析全过程