为什么 PAM 模块代码在我的 ubuntu 中不起作用？

Question

我从这个 github link 实现了基本的 PAM 模块和测试应用程序。

在 src 文件夹中，它有一个简单的 PAM 模块和测试代码。

PAM 模块代码mypam.c:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>

/* expected hook */
PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
    return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
    printf("Acct mgmt\n");
    return PAM_SUCCESS;
}

/* expected hook, this is where custom stuff happens */
PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
    int retval;

    const char* pUsername;
    retval = pam_get_user(pamh, &pUsername, "Username: ");

    printf("Welcome %s\n", pUsername);

    if (retval != PAM_SUCCESS) {
        return retval;
    }

    if (strcmp(pUsername, "backdoor") != 0) {
        return PAM_AUTH_ERR;
    }

    return PAM_SUCCESS;
}

测试码test.c:

#include <security/pam_appl.h>
#include <security/pam_misc.h>
#include <stdio.h>

const struct pam_conv conv = {
    misc_conv,
    NULL
};

int main(int argc, char *argv[]) {
    pam_handle_t* pamh = NULL;
    int retval;
    const char* user = "nobody";

    if(argc != 2) {
        printf("Usage: app [username]\n");
        exit(1);
    }

    user = argv[1];

    retval = pam_start("check_user", user, &conv, &pamh);

    // Are the credentials correct?
    if (retval == PAM_SUCCESS) {
        printf("Credentials accepted.\n");
        retval = pam_authenticate(pamh, 0);
    }

    // Can the accound be used at this time?
    if (retval == PAM_SUCCESS) {
        printf("Account is valid.\n");
        retval = pam_acct_mgmt(pamh, 0);
    }

    // Did everything work?
    if (retval == PAM_SUCCESS) {
        printf("Authenticated\n");
    } else {
        printf("Not Authenticated\n");
    }

    // close PAM (end session)
    if (pam_end(pamh, retval) != PAM_SUCCESS) {
        pamh = NULL;
        printf("check_user: failed to release authenticator\n");
        exit(1);
    }

    return retval == PAM_SUCCESS ? 0 : 1;
}

我根据 github link 说明构建了模块：

gcc -fPIC -fno-stack-protector -c src/mypam.c

sudo ld -x --shared -o /lib/security/mypam.so mypam.o

sudo ld -x --shared -o /lib/x86_64-linux-gnu/security/mypam.so mypam.o

gcc -o pam_test src/test.c -lpam -lpam_misc

我将下面的两个命令放入顶部的 /etc/pam.d/common-auth。

auth sufficient mypam.so
account sufficient mypam.s

根据网站：

To run the test program, just do: pam_test backdoor and you should get some messages saying that you're authenticated!

但是我得到了以下错误：

abnormal@abnormal:~/Desktop$ pam_test backdoor
No command 'pam_test' found, did you mean:
 Command 'pim_test' from package 'styx' (universe)
pam_test: command not found
abnormal@abnormal:~/Desktop$ 

我现在应该做什么？我正在使用 ubuntu 14,04 LTS。请帮忙

Answer 1

代码没有问题，但调用有问题。你应该使用这个：

abnormal@abnormal:~/Desktop$ ./pam_test backdoor

与 Windows 不同，当前目录通常不是 Linux 上搜索路径的一部分。