用了6个小时解决这个问题.
下面是busybox的login.c的code:
pw = NULL;
getpwnam_r(username, &pwdstruct, pwdbuf, sizeof(pwdbuf), &pw);
if (!pw)
goto auth_failed;
getpwnam_r()总是返回NULL, 换成getpwnam()也是一样的。
但是自己类似busybox写的下面的代码运行没问题:
#include <sys/types.h>
#include <stdio.h>
#include <pwd.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>
static const struct pam_conv conv = {
misc_conv,
NULL
};
int main(int argc, char ** argv)
{
struct passwd * pw = NULL;
char *username = "abc";
int pamret;
pam_handle_t *pamh;
const char *pamuser;
const char *failed_msg;
struct passwd pwdstruct;
char pwdbuf[256];
char **pamenv;
pamret = pam_start("login", username, &conv, &pamh);
if (pamret != PAM_SUCCESS) {
printf("start failed\n");
}
pamret = pam_set_item(pamh, PAM_RHOST, "132.196.28.190");
if (pamret != PAM_SUCCESS) {
printf("set item failed\n");
}
pamret = pam_authenticate(pamh, 0);
if (pamret != PAM_SUCCESS) {
printf("auth failed\n");
}
/* check that the account is healthy */
pamret = pam_acct_mgmt(pamh, 0);
if (pamret != PAM_SUCCESS) {
printf("acct failed\n");
}
/* read user back */
pamuser = NULL;
/* gcc: "dereferencing type-punned pointer breaks aliasing rules..."
* thus we cast to (void*) */
if (pam_get_item(pamh, PAM_USER, (void*)&pamuser) != PAM_SUCCESS) {
printf("get user failed\n");
}
if (!pamuser || !pamuser[0])
printf("user is null failed\n");
pw = getpwnam(pamuser);
if (!pw)
{
printf("getpwnam failed\n");
return 1;
}
printf("getpwnam results:\n");
printf("user:\t%s\n", pw->pw_name);
printf("crypt:\t%s\n", pw->pw_passwd);
printf("uid:\t%d\n", pw->pw_uid);
printf("gid:\t%d\n", pw->pw_gid);
printf("home:\t%s\n", pw->pw_dir);
printf("shell\t%s\n", pw->pw_shell);
return 0;
}
原因是busybox的USE_BB_PWD_GRP配置的问题。如果这个配置是y,就不会调用glibc的pwssword/group相关函数。这也是为什么自己写程序运行没问题, 而busybox有问题。
config USE_BB_PWD_GRP
bool "Use internal password and group functions rather than system functions"
default y
help
If you leave this disabled, busybox will use the system's password and group functions. And if you are using the GNU C library (glibc), you will then need to install the /etc/nsswitch.conf configuration file and the required /lib/libnss_* libraries in order for the password and group functions to work. This generally makes your embedded system quite a bit larger.
Enabling this option will cause busybox to directly access the system's /etc/password, /etc/group files (and your system will be smaller, and I will get fewer emails asking about how glibc NSS works). When this option is enabled, you will not be able to use PAM to access remote LDAP password servers and whatnot. And if you want hostname resolution to work with glibc, you still need the /lib/libnss_* libraries.
If you need to use glibc's nsswitch.conf mechanism
(e.g. if user/group database is NOT stored in /etc/passwd etc), you must NOT use this option.
If you enable this option, it will add about 1.5k.
分享到:
相关推荐
centos7.2安装最新版Google Chrome提示缺少 fornt nss ssl 等lib,实际为系统lib版本较低造成,再离线状态不想更新系统的情况下可以下载该版本的Google解决,无需更新lib
SPI库函数配置中,结构体成员有SPI_NSS这个东西,这个东西是什么意思,当时看着是不知所云。 经过不断查找资料得出以下答案: 软件模式: SPI_InitStructure.SPI_NSS = SPI_NSS_Soft; 硬件模式 SPI_InitStructure....
cef_binary_73.1.1373.0.3683.75_linux64和nss-3.39-with-nspr-4.20,配套使用
离线安装包,亲测可用
NSS_PPT_CHAP05_V1.5
NSS_PPT_CHAP07_V1.5
NSS_PPT_CHAP06_V1.5
NSS_PPT_chap02_V1.3
NSS_PPT_chap04_V1 5
NSS_PPT_CHAP03_V1.4
官方离线安装包,亲测可用。使用rpm -ivh [rpm完整包名] 进行安装
官方离线安装包,亲测可用。使用rpm -ivh [rpm完整包名] 进行安装
官方离线安装包,亲测可用
离线安装包,亲测可用
离线安装包,亲测可用
官方离线安装包,测试可用。使用rpm -ivh [rpm完整包名] 进行安装
离线安装包,亲测可用
rpm安装包,rpm -i example.rpm
官方离线安装包,亲测可用。使用rpm -ivh [rpm完整包名] 进行安装
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm