Linux
PAM 無法 dlopen(sensepam.so):/lib/security/sensepam.so:未定義符號:OPENSSL_init_crypto
我在ubuntu下用c程式寫了一個linux pam認證模組。我的想法是登錄時輸入使用者名和密碼與web伺服器保存的使用者名和密碼比較,如果它們相同,那麼你可以進入系統,或者你可以不進入系統。
因為web伺服器就像https://xxxxxxxxx.com,所以我用openssl寫c程式碼,我的c程式碼(sensepam.c)是這樣的:
#include <stdio.h> #include <stdlib.h> #include <unistd.h> /* read, write, close */ #include <string.h> #include <security/pam_appl.h> #include <security/pam_modules.h> #include <security/pam_ext.h> #include <sys/socket.h> /* socket, connect */ #include <netinet/in.h> /* struct sockaddr_in, struct sockaddr */ #include <netdb.h> /* struct hostent, gethostbyname */ #include <arpa/inet.h> #include <openssl/crypto.h> #include <openssl/x509.h> #include <openssl/pem.h> #include <openssl/ssl.h> #include <openssl/err.h> void error(const char *msg) { perror(msg); exit(0); } int sendreq(pam_handle_t *pamh, int argc, const char *uname, const char *pwd) { int i; pam_syslog(pamh, 5, "********into sendreq******"); /* first where are we going to send it? */ int portno = 1234; char *host = "xxxxxxx.com"; char *method = "GET"; char *path = "/authModule/authenticate"; char *header = "Host:xxxxxxx.com:1234"; char body[1024]; char* test_ok = "aaaaaaa"; SSL *ssl = NULL; int OK_status = 0; X509 *server_cert; char* str = NULL; int err; char querystring[1024]; //int argc = 6; int ret = 0; struct hostent *server; struct sockaddr_in serv_addr; struct in_addr ip; SSL_CTX *ctx = NULL; int sockfd, bytes, sent, received, total, message_size; const SSL_METHOD *client_method; char *message, response[4096]; if (argc < 5) { puts("Parameters: <host> <port> <method> <path> [<data> [<headers>]]"); exit(0); } memset(querystring,0,1024); strcat(querystring,"username="); strcat(querystring,uname); strcat(querystring,"&password="); strcat(querystring,pwd); strcat(querystring,"&reamId=1024"); printf("querystring is %s-%d", querystring, strlen(querystring)); SSL_library_init(); ERR_load_crypto_strings(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); client_method = SSLv23_client_method( ); ctx = SSL_CTX_new(client_method); if (!ctx) { fprintf (stderr, "SSL_CTX_new failed:\n"); ERR_print_errors_fp (stderr); return 0; } server = gethostbyname(host); if (server == NULL) error("ERROR, no such host"); bcopy(server->h_addr, &(ip.s_addr), server->h_length); sockfd = socket(AF_INET, SOCK_STREAM, 0); memset(&serv_addr, '\0', sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(portno); memcpy(&(serv_addr.sin_addr.s_addr), server->h_addr, server->h_length); err = connect(sockfd, (struct sockaddr*) &serv_addr, sizeof(serv_addr)); if (err < 0) { perror("can't connect to server port"); exit(1); } ssl = SSL_new(ctx); if (!ssl) { fprintf (stderr, "SSL_new failed:\n"); ERR_print_errors_fp (stderr); return 0; } SSL_set_fd(ssl, sockfd); err = SSL_connect(ssl); server_cert = SSL_get_peer_certificate(ssl); printf("(6) server's certificate was received:\n\n"); str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0); printf(" subject: %s\n", str); str = X509_NAME_oneline(X509_get_issuer_name(server_cert), 0, 0); printf(" issuer: %s\n\n", str); X509_free(server_cert); /* How big is the message? */ message_size=0; if(!strcmp(method,"GET")) { message_size+=strlen("%s %s%s%s HTTP/1.0\r\n"); /* method */ message_size+=strlen(path); /* path */ message_size+=strlen(header); /* headers */ if(argc>5) message_size+=strlen(querystring); /* query string */ for(i=6;i<argc;i++) /* headers */ message_size+=strlen(header)+strlen("\r\n"); message_size+=strlen("\r\n"); /* blank line */ } else { message_size+=strlen("%s %s HTTP/1.0\r\n"); message_size+=strlen(method); /* method */ message_size+=strlen(path); /* path */ for(i=6;i<argc;i++) /* headers */ message_size+=strlen(header)+strlen("\r\n"); if(argc>5) message_size+=strlen("Content-Length: %d\r\n")+10; /* content length */ message_size+=strlen("\r\n"); /* blank line */ if(argc>5) message_size+=strlen(body); /* body */ } /* allocate space for the message */ message=malloc(message_size); /* fill in the parameters */ if(!strcmp(method,"GET")) { if(argc>5) sprintf(message,"%s %s%s%s HTTP/1.0\r\n", strlen(method)>0?method:"GET", /* method */ strlen(path)>0?path:"/", /* path */ strlen(querystring)>0?"?":"", /* ? */ strlen(querystring)>0?querystring:""); /* query string */ else sprintf(message,"%s %s HTTP/1.0\r\n", strlen(method)>0?method:"GET", /* method */ strlen(path)>0?path:"/"); /* path */ //for(i=6;i<argc;i++) /* headers */ {strcat(message,header);strcat(message,"\r\n");} strcat(message,"\r\n"); /* blank line */ pam_syslog(pamh, 5, message); } else { sprintf(message,"%s %s HTTP/1.0\r\n", strlen(method)>0?method:"POST", /* method */ strlen(path)>0?path:"/"); /* path */ //for(i=6;i<argc;i++) /* headers */ // {strcat(message,argv[i]);strcat(message,"\r\n");} //if(argc>5) // sprintf(message+strlen(message),"Content-Length: %d\r\n",strlen(argv[5])); strcat(message,"\r\n"); /* blank line */ //if(argc>5) // strcat(message,argv[5]); /* body */ } /* What are we going to send? */ printf("Request:\n%s\n",message); /* create the socket */ sockfd = socket(AF_INET, SOCK_STREAM, 0); if (sockfd < 0) error("ERROR opening socket"); /* lookup the ip address */ server = gethostbyname(host); if (server == NULL) error("ERROR, no such host"); /* fill in the structure */ memset(&serv_addr,0,sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(portno); memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length); /* connect the socket */ if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0) error("ERROR connecting"); /* send the request */ total = strlen(message); sent = 0; do { bytes = SSL_write(ssl,message+sent,total-sent); if (bytes < 0) error("ERROR writing message to socket"); if (bytes == 0) break; sent+=bytes; } while (sent < total); shutdown (sockfd, 1); /* send EOF to server */ pam_syslog(pamh, 5, response); memset(response,0,sizeof(response)); total = sizeof(response)-1; received = 0; do { bytes = SSL_read(ssl,response+received,total-received); if (bytes < 0) error("ERROR reading response from socket"); if (bytes == 0) break; received+=bytes; } while (bytes > 0); printf("Response:\n%s\n",response); SSL_shutdown(ssl); close(sockfd); SSL_free(ssl); SSL_CTX_free(ctx); } PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) { return PAM_SUCCESS; } PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { printf("Acct mgmt\n"); return PAM_SUCCESS; } PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) { int retval; const char* pUsername; const char* pPassword; char cmd[255]; memset(cmd, 0, 255); retval = pam_get_user(pamh, &pUsername, "Username: "); printf("Welcome %s\n", pUsername); if (retval != PAM_SUCCESS) { return retval; } retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pPassword , NULL); pam_syslog(pamh, 5, "mypam.so login"); pam_syslog(pamh, 5, pUsername); pam_syslog(pamh, 5, pPassword); if (!sendreq(pamh, 6, pUsername, pPassword)) { return PAM_AUTH_ERR; } pam_syslog(pamh, 5, "add user..."); sprintf(cmd,"useradd -m %s",pUsername); system(cmd); return PAM_SUCCESS; } int main(int argc, char *argv[]) { char *uname="aaaaa"; char *pwd="123"; sendreq(NULL, 6, uname, pwd); }我的 gdm 密碼如下:
aaa@ubuntu:/etc/pam.d$ cat gdm-password auth sufficient sensepam.so account sufficient sensepam.so #%PAM-1.0 auth requisite pam_nologin.so auth required pam_succeed_if.so user != root quiet_success @include common-auth auth optional pam_gnome_keyring.so @include common-account # SELinux needs to be the first session rule. This ensures that any # lingering context has been cleared. Without this it is possible # that a module could execute code in the wrong domain. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_loginuid.so # SELinux needs to intervene at login time to ensure that the process # starts in the proper default security context. Only sessions which are # intended to run in the user's context should be run after this. # pam_selinux.so changes the SELinux context of the used TTY and configures # SELinux in order to transition to the user context with the next execve() # call. session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open session optional pam_keyinit.so force revoke session required pam_limits.so session required pam_env.so readenv=1 session required pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale @include common-session session optional pam_gnome_keyring.so auto_start @include common-password我的系統資訊如下:
aaa@ubuntu:~$ uname -a Linux ubuntu 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux我已經安裝了 openssl :
aaa@ubuntu:~$ openssl version -a OpenSSL 1.1.1k 25 Mar 2021 built on: Fri Jul 2 10:45:57 2021 UTC platform: linux-x86_64 options: bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG OPENSSLDIR: "/usr/local/ssl" ENGINESDIR: "/usr/local/lib/engines-1.1" Seeding source: os-specific我使用以下命令進行編譯:
#!/bin/bash gcc -fPIC -fno-stack-protector -c src/sensepam.c -lssl -lcrypto sudo ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so sensepam.o rm sensepam.o但是當我嘗試登錄系統時,它無法工作,所以我在 /var/log/auth.log 查看日誌
Jul 5 15:50:54 ubuntu systemd-logind[644]: System is rebooting. Jul 5 15:51:03 ubuntu systemd-logind[646]: New seat seat0. Jul 5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event0 (Power Button) Jul 5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event1 (Sleep Button) Jul 5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard) Jul 5 15:51:03 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0) Jul 5 15:51:03 ubuntu systemd-logind[646]: New session c1 of user gdm. Jul 5 15:51:04 ubuntu systemd: pam_unix(systemd-user:session): session opened for user gdm by (uid=0) Jul 5 15:51:04 ubuntu su: (to aaa) root on none Jul 5 15:51:04 ubuntu su: pam_unix(su:session): session opened for user aaa by (uid=0) Jul 5 15:51:04 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0) Jul 5 15:51:04 ubuntu su: pam_unix(su:session): session closed for user aaa Jul 5 15:51:06 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.71 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Jul 5 15:51:12 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 15:51:12 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 15:51:12 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:14 ubuntu systemd: pam_unix(systemd-user:session): session closed for user aaa Jul 5 15:51:15 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:15 ubuntu gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=uos001 Jul 5 15:51:19 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 15:51:19 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 15:51:19 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:22 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:22 ubuntu gdm-password]: gkr-pam: unable to locate daemon control file Jul 5 15:51:22 ubuntu gdm-password]: gkr-pam: stashed password to try later in open session Jul 5 15:51:22 ubuntu gdm-password]: pam_unix(gdm-password:session): session opened for user aaa by (uid=0) Jul 5 15:51:22 ubuntu systemd-logind[646]: New session 3 of user aaa. Jul 5 15:51:22 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0) Jul 5 15:51:22 ubuntu gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring Jul 5 15:51:23 ubuntu gnome-keyring-daemon[1830]: The Secret Service was already initialized Jul 5 15:51:23 ubuntu gnome-keyring-daemon[1830]: The PKCS#11 component was already initialized Jul 5 15:51:24 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:3 (system bus name :1.142 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Jul 5 15:51:27 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm Jul 5 15:51:27 ubuntu systemd-logind[646]: Session c1 logged out. Waiting for processes to exit. Jul 5 15:51:27 ubuntu systemd-logind[646]: Removed session c1. Jul 5 15:51:27 ubuntu polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Jul 5 15:51:29 ubuntu dbus-daemon[608]: [system] Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms) Jul 5 15:51:38 ubuntu systemd: pam_unix(systemd-user:session): session closed for user gdm Jul 5 15:51:39 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:41 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:51:41 ubuntu sudo: aaa : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/su Jul 5 15:51:41 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jul 5 15:51:41 ubuntu su: (to root) aaa on pts/0 Jul 5 15:51:41 ubuntu su: pam_unix(su:session): session opened for user root by (uid=0) Jul 5 15:57:28 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:57:32 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:57:32 ubuntu sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=aaa rhost= user=aaa Jul 5 15:57:35 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:57:37 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 15:57:37 ubuntu sudo: aaa : TTY=pts/1 ; PWD=/home/aaa ; USER=root ; COMMAND=/usr/bin/ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so /usr/local/lib/libcrypto.so sensepam.o Jul 5 15:57:37 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jul 5 15:57:37 ubuntu sudo: pam_unix(sudo:session): session closed for user root Jul 5 15:57:40 ubuntu sudo: aaa : TTY=pts/1 ; PWD=/home/aaa ; USER=root ; COMMAND=/usr/bin/ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so /usr/local/lib/libcrypto.so sensepam.o Jul 5 15:57:40 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jul 5 15:57:40 ubuntu sudo: pam_unix(sudo:session): session closed for user root Jul 5 16:07:15 ubuntu sudo: aaa : TTY=pts/1 ; PWD=/usr/lib/x86_64-linux-gnu/security ; USER=root ; COMMAND=/usr/bin/su - Jul 5 16:07:15 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jul 5 16:07:15 ubuntu su: (to root) aaa on pts/1 Jul 5 16:07:15 ubuntu su: pam_unix(su-l:session): session opened for user root by (uid=0) Jul 5 16:09:04 ubuntu systemd-logind[649]: New seat seat0. Jul 5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event0 (Power Button) Jul 5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event1 (Sleep Button) Jul 5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard) Jul 5 16:09:04 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0) Jul 5 16:09:05 ubuntu systemd-logind[649]: New session c1 of user gdm. Jul 5 16:09:05 ubuntu systemd: pam_unix(systemd-user:session): session opened for user gdm by (uid=0) Jul 5 16:09:05 ubuntu su: (to aaa) root on none Jul 5 16:09:05 ubuntu su: pam_unix(su:session): session opened for user aaa by (uid=0) Jul 5 16:09:05 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0) Jul 5 16:09:05 ubuntu su: pam_unix(su:session): session closed for user aaa Jul 5 16:09:07 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.71 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Jul 5 16:09:17 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 16:09:17 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 16:09:17 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:09:20 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:09:20 ubuntu gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost= user=uos001 Jul 5 16:09:24 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 16:09:24 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 16:09:24 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:09:27 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:09:27 ubuntu gdm-password]: gkr-pam: unable to locate daemon control file Jul 5 16:09:27 ubuntu gdm-password]: gkr-pam: stashed password to try later in open session Jul 5 16:09:27 ubuntu gdm-password]: pam_unix(gdm-password:session): session opened for user aaa by (uid=0) Jul 5 16:09:27 ubuntu systemd-logind[649]: New session 3 of user aaa. Jul 5 16:09:27 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0) Jul 5 16:09:27 ubuntu gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring Jul 5 16:09:28 ubuntu gnome-keyring-daemon[1842]: The PKCS#11 component was already initialized Jul 5 16:09:28 ubuntu gnome-keyring-daemon[1842]: The Secret Service was already initialized Jul 5 16:09:29 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:3 (system bus name :1.147 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Jul 5 16:09:30 ubuntu dbus-daemon[606]: [system] Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms) Jul 5 16:09:32 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm Jul 5 16:09:32 ubuntu systemd-logind[649]: Session c1 logged out. Waiting for processes to exit. Jul 5 16:09:32 ubuntu systemd-logind[649]: Removed session c1. Jul 5 16:09:32 ubuntu polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Jul 5 16:17:01 ubuntu CRON[3961]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 5 16:17:01 ubuntu CRON[3961]: pam_unix(cron:session): session closed for user root Jul 5 16:30:01 ubuntu CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 5 16:30:01 ubuntu CRON[6263]: pam_unix(cron:session): session closed for user root Jul 5 16:42:09 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 16:42:09 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 16:42:09 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:42:14 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 16:42:14 ubuntu gdm-password]: gkr-pam: unlocked login keyring Jul 5 17:01:25 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 17:01:25 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 17:01:25 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:02:23 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:02:23 ubuntu gdm-password]: gkr-pam: unlocked login keyring Jul 5 17:17:01 ubuntu CRON[14250]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 5 17:17:01 ubuntu CRON[14250]: pam_unix(cron:session): session closed for user root Jul 5 17:22:02 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 17:22:02 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 17:22:02 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:22:05 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:22:05 ubuntu gdm-password]: gkr-pam: unlocked login keyring Jul 5 17:30:01 ubuntu CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0) Jul 5 17:30:01 ubuntu CRON[16439]: pam_unix(cron:session): session closed for user root Jul 5 17:34:46 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto Jul 5 17:34:46 ubuntu gdm-password]: PAM adding faulty module: sensepam.so Jul 5 17:34:46 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:34:50 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:34:50 ubuntu gdm-password]: gkr-pam: unlocked login keyring Jul 5 17:35:03 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:35:05 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory Jul 5 17:35:05 ubuntu sudo: aaa : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/su Jul 5 17:35:05 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Jul 5 17:35:05 ubuntu su: (to root) aaa on pts/0 Jul 5 17:35:05 ubuntu su: pam_unix(su:session): session opened for user root by (uid=0)我認為錯誤點是:
PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto那麼有什麼辦法可以解決這個問題嗎?謝謝!
連結共享庫時,應添加
-llib參數:ld -x --shared -o sensepam.so sensepam.o -lcrypto -lssl然後,安裝到 後
/lib/security,使用以下命令查找缺少的依賴項:ldd -r /lib/security/sensepam.so該
ldd命令將列印所有失去的依賴項、未定義的符號和失去的庫文件。現在,將缺少的 lib 文件從 OpenSSL lib 文件夾複製到系統庫。預設系統庫路徑是
/usr/lib/x86_64-linux-gnu/.