PAM은 dlopen(sensepam.so)을 수행할 수 없습니다: /lib/security/sensepam.so: 정의되지 않은 기호: OPENSSL_init_crypto

PAM은 dlopen(sensepam.so)을 수행할 수 없습니다: /lib/security/sensepam.so: 정의되지 않은 기호: OPENSSL_init_crypto

Ubuntu에서 C 프로그래밍을 사용하여 Linux PAM 인증 모듈을 작성했습니다. 내 생각은 로그인할 때 입력한 사용자 이름과 비밀번호를 웹 서버에 저장된 사용자 이름과 비밀번호와 비교하여 동일하면 시스템에 들어갈 수 있거나 시스템에 들어갈 수 없다는 것입니다.

웹 서버는 다음과 같기 때문입니다.https://xxxxxxxxx.com, 그래서 나는 openssl을 사용하여 c 코드를 작성합니다. 내 C 코드(sensepam.c)는 다음과 같습니다.

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h> /* read, write, close */
#include <string.h>
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>

#include <sys/socket.h> /* socket, connect */
#include <netinet/in.h> /* struct sockaddr_in, struct sockaddr */
#include <netdb.h> /* struct hostent, gethostbyname */
#include <arpa/inet.h>
#include <openssl/crypto.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

void error(const char *msg) { perror(msg); exit(0); }

int sendreq(pam_handle_t *pamh, int argc, const char *uname, const char *pwd)
{
    int i;
    pam_syslog(pamh, 5, "********into  sendreq******");

    /* first where are we going to send it? */
    int portno = 1234;
    char *host = "xxxxxxx.com";
    char *method = "GET";
    char *path = "/authModule/authenticate";
    char *header = "Host:xxxxxxx.com:1234";
    char body[1024];
    char* test_ok = "aaaaaaa";
    SSL *ssl = NULL;
    int OK_status = 0;
    X509 *server_cert;
    char* str = NULL;
    int err;
    char querystring[1024];
    //int argc = 6;
    int ret = 0;

    struct hostent *server;
    struct sockaddr_in serv_addr;
    struct in_addr ip;
    SSL_CTX *ctx = NULL;
    int sockfd, bytes, sent, received, total, message_size;
    const SSL_METHOD *client_method;
    char *message, response[4096];

    if (argc < 5) { puts("Parameters: <host> <port> <method> <path> [<data> [<headers>]]"); exit(0); }
    
    
    memset(querystring,0,1024);
    strcat(querystring,"username=");
    strcat(querystring,uname);
    strcat(querystring,"&password=");
    strcat(querystring,pwd);
    strcat(querystring,"&reamId=1024");
    printf("querystring is %s-%d", querystring, strlen(querystring));

    
    SSL_library_init();
    ERR_load_crypto_strings();
    SSL_load_error_strings();
    OpenSSL_add_all_algorithms();

    client_method = SSLv23_client_method( );
    ctx = SSL_CTX_new(client_method);
    if (!ctx) {
        fprintf (stderr, "SSL_CTX_new failed:\n");
        ERR_print_errors_fp (stderr);
        return 0;
    }
   
    server = gethostbyname(host);
    if (server == NULL) error("ERROR, no such host");

    bcopy(server->h_addr, &(ip.s_addr), server->h_length);

    
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    memset(&serv_addr, '\0', sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(portno); 
    memcpy(&(serv_addr.sin_addr.s_addr),
            server->h_addr, server->h_length);
    err = connect(sockfd, (struct sockaddr*) &serv_addr,
                 sizeof(serv_addr));
    if (err < 0) { perror("can't connect to server port"); exit(1); }
 
    ssl = SSL_new(ctx); 
    if (!ssl) {
        fprintf (stderr, "SSL_new failed:\n");
        ERR_print_errors_fp (stderr);
        return 0;
    }

    SSL_set_fd(ssl, sockfd); 
    err = SSL_connect(ssl); 

    server_cert = SSL_get_peer_certificate(ssl);
    printf("(6) server's certificate was received:\n\n");
    str = X509_NAME_oneline(X509_get_subject_name(server_cert), 0, 0);
    printf(" subject: %s\n", str);
    str = X509_NAME_oneline(X509_get_issuer_name(server_cert), 0, 0);
    printf(" issuer: %s\n\n", str);

    X509_free(server_cert);


    /* How big is the message? */
    message_size=0;
    if(!strcmp(method,"GET"))
    {
        message_size+=strlen("%s %s%s%s HTTP/1.0\r\n");        /* method         */
        message_size+=strlen(path);                            /* path           */
        message_size+=strlen(header);                          /* headers        */
        if(argc>5)
            message_size+=strlen(querystring);                 /* query string   */
        for(i=6;i<argc;i++)                                    /* headers        */
            message_size+=strlen(header)+strlen("\r\n");
        message_size+=strlen("\r\n");                          /* blank line     */
    }
    else
    {
        message_size+=strlen("%s %s HTTP/1.0\r\n");
        message_size+=strlen(method);                         /* method         */
        message_size+=strlen(path);                         /* path           */
        for(i=6;i<argc;i++)                                    /* headers        */
            message_size+=strlen(header)+strlen("\r\n");
        if(argc>5)
            message_size+=strlen("Content-Length: %d\r\n")+10; /* content length */
        message_size+=strlen("\r\n");                          /* blank line     */
        if(argc>5)
            message_size+=strlen(body);                     /* body           */
    }

    /* allocate space for the message */
    message=malloc(message_size);

    /* fill in the parameters */
    if(!strcmp(method,"GET"))
    {
        if(argc>5)
            sprintf(message,"%s %s%s%s HTTP/1.0\r\n",
                strlen(method)>0?method:"GET",               /* method         */
                strlen(path)>0?path:"/",                 /* path           */
                strlen(querystring)>0?"?":"",                      /* ?              */
                strlen(querystring)>0?querystring:"");                 /* query string   */
        else
            sprintf(message,"%s %s HTTP/1.0\r\n",
                strlen(method)>0?method:"GET",               /* method         */
                strlen(path)>0?path:"/");                /* path           */
        //for(i=6;i<argc;i++)                                    /* headers        */
        {strcat(message,header);strcat(message,"\r\n");}
        strcat(message,"\r\n");                                /* blank line     */

        pam_syslog(pamh, 5, message);
    }
    else
    {
        sprintf(message,"%s %s HTTP/1.0\r\n",
            strlen(method)>0?method:"POST",                  /* method         */
            strlen(path)>0?path:"/");                    /* path           */
        //for(i=6;i<argc;i++)                                    /* headers        */
        //    {strcat(message,argv[i]);strcat(message,"\r\n");}
        //if(argc>5)
        //    sprintf(message+strlen(message),"Content-Length: %d\r\n",strlen(argv[5]));
        strcat(message,"\r\n");                                /* blank line     */
        //if(argc>5)
        //    strcat(message,argv[5]);                           /* body           */
    }

    /* What are we going to send? */
    printf("Request:\n%s\n",message);

    /* create the socket */
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    if (sockfd < 0) error("ERROR opening socket");

    /* lookup the ip address */
    server = gethostbyname(host);
    if (server == NULL) error("ERROR, no such host");

    /* fill in the structure */
    memset(&serv_addr,0,sizeof(serv_addr));
    serv_addr.sin_family = AF_INET;
    serv_addr.sin_port = htons(portno);
    memcpy(&serv_addr.sin_addr.s_addr,server->h_addr,server->h_length);

    /* connect the socket */
    if (connect(sockfd,(struct sockaddr *)&serv_addr,sizeof(serv_addr)) < 0)
        error("ERROR connecting");
    /* send the request */
    total = strlen(message);
    sent = 0;
    do {
        bytes = SSL_write(ssl,message+sent,total-sent); 
        if (bytes < 0)
            error("ERROR writing message to socket");
        if (bytes == 0)
            break;
        sent+=bytes;
    } while (sent < total);

    shutdown (sockfd, 1); /* send EOF to server */

    pam_syslog(pamh, 5, response);
    memset(response,0,sizeof(response));
    total = sizeof(response)-1;
    received = 0;
    do {
        bytes = SSL_read(ssl,response+received,total-received);
        if (bytes < 0)
            error("ERROR reading response from socket");
        if (bytes == 0)
            break;
        received+=bytes;
    } while (bytes > 0);
    printf("Response:\n%s\n",response);
   
    SSL_shutdown(ssl);
    close(sockfd);
    SSL_free(ssl);
    SSL_CTX_free(ctx);
   

}

PAM_EXTERN int pam_sm_setcred( pam_handle_t *pamh, int flags, int argc, const char **argv ) {
        return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
        printf("Acct mgmt\n");
        return PAM_SUCCESS;
}

PAM_EXTERN int pam_sm_authenticate( pam_handle_t *pamh, int flags,int argc, const char **argv ) {
        int retval;

        const char* pUsername;
        const char* pPassword;
        char cmd[255];
        memset(cmd, 0, 255);

        retval = pam_get_user(pamh, &pUsername, "Username: ");

        printf("Welcome %s\n", pUsername);

        if (retval != PAM_SUCCESS) {
                return retval;
        }

        retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pPassword , NULL);

        pam_syslog(pamh, 5, "mypam.so login");
        pam_syslog(pamh, 5, pUsername);
        pam_syslog(pamh, 5, pPassword);


        if (!sendreq(pamh, 6, pUsername, pPassword)) {
                return PAM_AUTH_ERR;
        }

        pam_syslog(pamh, 5, "add user...");
        sprintf(cmd,"useradd -m %s",pUsername);
        system(cmd);

        return PAM_SUCCESS;
}

int main(int argc, char *argv[])
{
    char *uname="aaaaa";
    char *pwd="123";
    sendreq(NULL, 6, uname, pwd);
}

내 gdm 비밀번호는 다음과 같습니다.

aaa@ubuntu:/etc/pam.d$  cat gdm-password 
auth sufficient sensepam.so
account sufficient sensepam.so

#%PAM-1.0
auth    requisite       pam_nologin.so
auth    required    pam_succeed_if.so user != root quiet_success
@include common-auth
auth    optional        pam_gnome_keyring.so
@include common-account
# SELinux needs to be the first session rule. This ensures that any 
# lingering context has been cleared. Without this it is possible 
# that a module could execute code in the wrong domain.
session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so close
session required        pam_loginuid.so
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
# pam_selinux.so changes the SELinux context of the used TTY and configures
# SELinux in order to transition to the user context with the next execve()
# call.
session [success=ok ignore=ignore module_unknown=ignore default=bad]        pam_selinux.so open
session optional        pam_keyinit.so force revoke
session required        pam_limits.so
session required        pam_env.so readenv=1
session required        pam_env.so readenv=1 user_readenv=1 envfile=/etc/default/locale
@include common-session
session optional        pam_gnome_keyring.so auto_start
@include common-password

내 시스템 정보는 다음과 같습니다.

aaa@ubuntu:~$  uname -a
Linux ubuntu 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

openssl을 설치했습니다.

aaa@ubuntu:~$  openssl version -a
OpenSSL 1.1.1k  25 Mar 2021
built on: Fri Jul  2 10:45:57 2021 UTC
platform: linux-x86_64
options:  bn(64,64) rc4(16x,int) des(int) idea(int) blowfish(ptr) 
compiler: gcc -fPIC -pthread -m64 -Wa,--noexecstack -Wall -O3 -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM -DNDEBUG
OPENSSLDIR: "/usr/local/ssl"
ENGINESDIR: "/usr/local/lib/engines-1.1"
Seeding source: os-specific

다음 명령을 사용하여 컴파일합니다.

#!/bin/bash

gcc -fPIC -fno-stack-protector -c src/sensepam.c -lssl -lcrypto

sudo ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so  sensepam.o

rm sensepam.o

그런데 시스템에 로그인하려고 하면 작동하지 않아서 /var/log/auth.log에서 로그를 확인합니다.


Jul  5 15:50:54 ubuntu systemd-logind[644]: System is rebooting.
Jul  5 15:51:03 ubuntu systemd-logind[646]: New seat seat0.
Jul  5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event0 (Power Button)
Jul  5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul  5 15:51:03 ubuntu systemd-logind[646]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
Jul  5 15:51:03 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)
Jul  5 15:51:03 ubuntu systemd-logind[646]: New session c1 of user gdm.
Jul  5 15:51:04 ubuntu systemd: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)
Jul  5 15:51:04 ubuntu su: (to aaa) root on none
Jul  5 15:51:04 ubuntu su: pam_unix(su:session): session opened for user aaa by (uid=0)
Jul  5 15:51:04 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0)
Jul  5 15:51:04 ubuntu su: pam_unix(su:session): session closed for user aaa
Jul  5 15:51:06 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.71 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jul  5 15:51:12 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 15:51:12 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 15:51:12 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:14 ubuntu systemd: pam_unix(systemd-user:session): session closed for user aaa
Jul  5 15:51:15 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:15 ubuntu gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=uos001
Jul  5 15:51:19 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 15:51:19 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 15:51:19 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:22 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:22 ubuntu gdm-password]: gkr-pam: unable to locate daemon control file
Jul  5 15:51:22 ubuntu gdm-password]: gkr-pam: stashed password to try later in open session
Jul  5 15:51:22 ubuntu gdm-password]: pam_unix(gdm-password:session): session opened for user aaa by (uid=0)
Jul  5 15:51:22 ubuntu systemd-logind[646]: New session 3 of user aaa.
Jul  5 15:51:22 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0)
Jul  5 15:51:22 ubuntu gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
Jul  5 15:51:23 ubuntu gnome-keyring-daemon[1830]: The Secret Service was already initialized
Jul  5 15:51:23 ubuntu gnome-keyring-daemon[1830]: The PKCS#11 component was already initialized
Jul  5 15:51:24 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:3 (system bus name :1.142 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jul  5 15:51:27 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm
Jul  5 15:51:27 ubuntu systemd-logind[646]: Session c1 logged out. Waiting for processes to exit.
Jul  5 15:51:27 ubuntu systemd-logind[646]: Removed session c1.
Jul  5 15:51:27 ubuntu polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jul  5 15:51:29 ubuntu dbus-daemon[608]: [system] Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms)
Jul  5 15:51:38 ubuntu systemd: pam_unix(systemd-user:session): session closed for user gdm
Jul  5 15:51:39 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:41 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:51:41 ubuntu sudo:      aaa : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/su
Jul  5 15:51:41 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul  5 15:51:41 ubuntu su: (to root) aaa on pts/0
Jul  5 15:51:41 ubuntu su: pam_unix(su:session): session opened for user root by (uid=0)
Jul  5 15:57:28 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:57:32 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:57:32 ubuntu sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/1 ruser=aaa rhost=  user=aaa
Jul  5 15:57:35 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:57:37 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 15:57:37 ubuntu sudo:      aaa : TTY=pts/1 ; PWD=/home/aaa ; USER=root ; COMMAND=/usr/bin/ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so /usr/local/lib/libcrypto.so sensepam.o
Jul  5 15:57:37 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul  5 15:57:37 ubuntu sudo: pam_unix(sudo:session): session closed for user root
Jul  5 15:57:40 ubuntu sudo:      aaa : TTY=pts/1 ; PWD=/home/aaa ; USER=root ; COMMAND=/usr/bin/ld -x --shared -o /usr/lib/x86_64-linux-gnu/security/sensepam.so /usr/local/lib/libcrypto.so sensepam.o
Jul  5 15:57:40 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul  5 15:57:40 ubuntu sudo: pam_unix(sudo:session): session closed for user root
Jul  5 16:07:15 ubuntu sudo:      aaa : TTY=pts/1 ; PWD=/usr/lib/x86_64-linux-gnu/security ; USER=root ; COMMAND=/usr/bin/su -
Jul  5 16:07:15 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul  5 16:07:15 ubuntu su: (to root) aaa on pts/1
Jul  5 16:07:15 ubuntu su: pam_unix(su-l:session): session opened for user root by (uid=0)
Jul  5 16:09:04 ubuntu systemd-logind[649]: New seat seat0.
Jul  5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event0 (Power Button)
Jul  5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event1 (Sleep Button)
Jul  5 16:09:04 ubuntu systemd-logind[649]: Watching system buttons on /dev/input/event2 (AT Translated Set 2 keyboard)
Jul  5 16:09:04 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)
Jul  5 16:09:05 ubuntu systemd-logind[649]: New session c1 of user gdm.
Jul  5 16:09:05 ubuntu systemd: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)
Jul  5 16:09:05 ubuntu su: (to aaa) root on none
Jul  5 16:09:05 ubuntu su: pam_unix(su:session): session opened for user aaa by (uid=0)
Jul  5 16:09:05 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0)
Jul  5 16:09:05 ubuntu su: pam_unix(su:session): session closed for user aaa
Jul  5 16:09:07 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.71 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jul  5 16:09:17 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 16:09:17 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 16:09:17 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:09:20 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:09:20 ubuntu gdm-password]: pam_unix(gdm-password:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/tty1 ruser= rhost=  user=uos001
Jul  5 16:09:24 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 16:09:24 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 16:09:24 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:09:27 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:09:27 ubuntu gdm-password]: gkr-pam: unable to locate daemon control file
Jul  5 16:09:27 ubuntu gdm-password]: gkr-pam: stashed password to try later in open session
Jul  5 16:09:27 ubuntu gdm-password]: pam_unix(gdm-password:session): session opened for user aaa by (uid=0)
Jul  5 16:09:27 ubuntu systemd-logind[649]: New session 3 of user aaa.
Jul  5 16:09:27 ubuntu systemd: pam_unix(systemd-user:session): session opened for user aaa by (uid=0)
Jul  5 16:09:27 ubuntu gdm-password]: gkr-pam: gnome-keyring-daemon started properly and unlocked keyring
Jul  5 16:09:28 ubuntu gnome-keyring-daemon[1842]: The PKCS#11 component was already initialized
Jul  5 16:09:28 ubuntu gnome-keyring-daemon[1842]: The Secret Service was already initialized
Jul  5 16:09:29 ubuntu polkitd(authority=local): Registered Authentication Agent for unix-session:3 (system bus name :1.147 [/usr/bin/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jul  5 16:09:30 ubuntu dbus-daemon[606]: [system] Failed to activate service 'org.bluez': timed out (service_start_timeout=25000ms)
Jul  5 16:09:32 ubuntu gdm-launch-environment]: pam_unix(gdm-launch-environment:session): session closed for user gdm
Jul  5 16:09:32 ubuntu systemd-logind[649]: Session c1 logged out. Waiting for processes to exit.
Jul  5 16:09:32 ubuntu systemd-logind[649]: Removed session c1.
Jul  5 16:09:32 ubuntu polkitd(authority=local): Unregistered Authentication Agent for unix-session:c1 (system bus name :1.71, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jul  5 16:17:01 ubuntu CRON[3961]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  5 16:17:01 ubuntu CRON[3961]: pam_unix(cron:session): session closed for user root
Jul  5 16:30:01 ubuntu CRON[6263]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  5 16:30:01 ubuntu CRON[6263]: pam_unix(cron:session): session closed for user root
Jul  5 16:42:09 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 16:42:09 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 16:42:09 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:42:14 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 16:42:14 ubuntu gdm-password]: gkr-pam: unlocked login keyring
Jul  5 17:01:25 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 17:01:25 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 17:01:25 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:02:23 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:02:23 ubuntu gdm-password]: gkr-pam: unlocked login keyring
Jul  5 17:17:01 ubuntu CRON[14250]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  5 17:17:01 ubuntu CRON[14250]: pam_unix(cron:session): session closed for user root
Jul  5 17:22:02 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 17:22:02 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 17:22:02 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:22:05 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:22:05 ubuntu gdm-password]: gkr-pam: unlocked login keyring
Jul  5 17:30:01 ubuntu CRON[16439]: pam_unix(cron:session): session opened for user root by (uid=0)
Jul  5 17:30:01 ubuntu CRON[16439]: pam_unix(cron:session): session closed for user root
Jul  5 17:34:46 ubuntu gdm-password]: PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto
Jul  5 17:34:46 ubuntu gdm-password]: PAM adding faulty module: sensepam.so
Jul  5 17:34:46 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:34:50 ubuntu gdm-password]: pam_unix(gdm-password:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:34:50 ubuntu gdm-password]: gkr-pam: unlocked login keyring
Jul  5 17:35:03 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:35:05 ubuntu sudo: pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Jul  5 17:35:05 ubuntu sudo:      aaa : TTY=pts/0 ; PWD=/var/log ; USER=root ; COMMAND=/usr/bin/su
Jul  5 17:35:05 ubuntu sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jul  5 17:35:05 ubuntu su: (to root) aaa on pts/0
Jul  5 17:35:05 ubuntu su: pam_unix(su:session): session opened for user root by (uid=0)


제가 생각하는 오류 지점은 다음과 같습니다.

PAM unable to dlopen(sensepam.so): /lib/security/sensepam.so: undefined symbol: OPENSSL_init_crypto

그렇다면 이 문제를 해결할 수 있는 방법은 없을까요? 감사해요!

답변1

공유 라이브러리를 링크할 때 매개변수를 추가해야 합니다 -llib:

ld -x --shared -o sensepam.so sensepam.o -lcrypto -lssl

그런 다음 설치가 완료되면 /lib/security다음 명령을 사용하여 누락된 종속성을 찾습니다.

ldd -r /lib/security/sensepam.so

ldd명령은 인쇄됩니다모든 누락된 종속성, 정의되지 않은 기호라이브러리 파일이 누락되었습니다.

이제 OpenSSL lib 폴더에서 누락된 lib 파일을 시스템 라이브러리로 복사합니다. 기본 시스템 라이브러리 경로는 입니다 /usr/lib/x86_64-linux-gnu/.

관련 정보