本文主要是介绍OpenWrt系统安全改进二 --- 使能PAM,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
使能BUSYBOX的PAM
1 修改.config
make menuconfig 、base system、 busybox、 Login ...、Support for PAM
2 修改package/busybox下的Makefile
diff --git a/package/utils/busybox/Makefile b/package/utils/busybox/Makefile
index 3380885..668679e 100644
— a/package/utils/busybox/Makefile
+++ b/package/utils/busybox/Makefile
@@ -17,7 +17,7 @@ PKG_SOURCE_URL:=http://www.busybox.net/downloads \
http://distfiles.gentoo.org/distfiles/
PKG_MD5SUM:=337d1a15ab1cb1d4ed423168b1eb7d7e-PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc
+PKG_BUILD_DEPENDS:=BUSYBOX_USE_LIBRPC:librpc BUSYBOX_CONFIG_PAM:libpam
PKG_BUILD_PARALLEL:=1
PKG_CHECK_FORMAT_SECURITY:=0@@ -42,7 +42,7 @@ define Package/busybox
MAINTAINER:=Felix Fietkau <nbd@openwrt.org>
TITLE:=Core utilities for embedded Linux
URL:=http://busybox.net/
- DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc
+ DEPENDS:=+BUSYBOX_USE_LIBRPC:librpc +BUSYBOX_CONFIG_PAM:libpam
MENU:=1
endef@@ -80,6 +80,12 @@ ifdef CONFIG_BUSYBOX_USE_LIBRPC
LDLIBS += rpc
endif+ifdef CONFIG_BUSYBOX_CONFIG_PAM
+ TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
+ export LDFLAGS=$(TARGET_LDFLAGS)
+ LDLIBS += pam pam_misc pthread
+endif
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
CC="$(TARGET_CC)" \
3 确认PAM编译成功
root@SFP:/# ldd bin/busybox
libcrypt.so.0 => /lib/libcrypt.so.0 (0x77911000)
libm.so.0 => /lib/libm.so.0 (0x778ec000)
libpam.so.0 => /lib/libpam.so.0 (0x778d1000)
libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x778bf000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x7789c000)
libc.so.0 => /lib/libc.so.0 (0x77830000)
libdl.so.0 => /lib/libdl.so.0 (0x7781c000)
ld-uClibc.so.0 => /lib/ld-uClibc.so.0 (0x77938000)
4 验证PAM
命令行下输入login,无论什么用户名都会返回失败,需要增加/etc/pam.conf才能正常login
OTHER auth required /lib/security/pam_unix.so
OTHER account required /lib/security/pam_unix.so
OTHER password required /lib/security/pam_unix.so
OTHER session required /lib/security/pam_unix.so
5 调试记录
make menuconfig 、base system、 busybox、 Login ...、Support for PAM
ERROR :loginutils/login.c:29:32: fatal error: security/pam_appl.h: No such file or directory
USELESS : make menuconfig 、 Library、libpam
cp feeds/packages/libs/libpam/ to packages/libpam( Maybe not neccessary )
add dependency of busybox to libpam
EFFECT : busybox compile success
ERROR : login.c:(.text.login_main+0x49c): undefined reference to `pam_getenvlist'
package/busybox Makefile add LDLIBS += pam pam_misc
ERROR : cannot find -lpam / cannot find -lpam_misc
删除build_dir下的pam和busybox重编,修改busybox Makefile
ERROR : pam 没有生效
单独执行busybox下的make menuconfig,使ENABLE_PAM为1
ERROR : 输入login返回失败Login incorrect
创建/etc/pam.conf
6 心得体会
最后鄙视一下Baidu,在上面找了三天勉勉强强把功能做了出来,用google一搜,第一页就有教怎么实现这个功能的。
这篇关于OpenWrt系统安全改进二 --- 使能PAM的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!