c - 无法在共享对象文件中通过 system() 命令运行 python 文件
问题描述
(找到下面附加的代码)我正在尝试更改 Ubuntu 系统中 SSH 的身份验证机制,以使用基于零知识证明的身份验证,而不是普通的用户名密码。我正在尝试在此 git repo中提供的工作的基础上进行构建,并减轻它的一些漏洞。它使用 /lib/x86_64-linux-gnu/security 中名为“pam_schnorr.so”的共享对象文件,该文件将 PAM_SUCCESS 或 PAM_IGNORE 返回给 ssh 进程并相应地授予身份验证。
pam_schnorr.so 使用 system() 命令运行 python3 文件 'attempt.py'。attempt.py 反过来使用 jpype 运行一些 java 代码(在一些计算之后将 y/n 写入 output.txt)。我面临的问题是 system() 命令无法成功运行 try.py,因为返回的 WEXITSTATUS 是 1。这些是我到目前为止尝试过的一些组合 -
- 我能够使用 test.c 中的 system() 命令成功运行 attempt.py 文件,该命令与 pam_schnorr.so 位于同一文件夹中
- 我能够通过终端成功运行 try.py
- 我可以通过 pam_schnorr.so 中的 system() 命令运行一个简单的 python 文件 test.py
- 如果我注释掉 import jpype 和其他 jpype 相关语句,我可以通过 pam_schnorr.so 中的 system() 运行 try.py
因此,我得出的结论是,当通过 .so 文件中的 system() 运行时,尝试在 try.py 中运行 jpype 语句可能会导致问题。
我用来从 pam_schnorr.c 生成 pam_schnorr.so 的命令是 -
$sudo gcc -c -fPIC pam_schnorr.c -o new_pam_schnorr.o
$sudo gcc new_pam_schnorr.o -shared -o pam_schnorr.so
我不确定到底是什么问题,但是从 pam_schnorr.so 运行 try.py 对于身份验证过程至关重要。对此的任何帮助表示赞赏
尝试.py
import jpype
import sys
import traceback
def main(a,b,c,d,e,f,g,h,i):
classpath = "-Djava.class.path=%s" % "/home/madhav/Downloads/6857-PasswordManager/out/production/6.857_ZKPassword/"
jpype.startJVM("/usr/lib/jvm/java-11-openjdk-amd64/lib/server/libjvm.so", classpath)
Main = jpype.JPackage("sixeightfiveseven").Main
Main.main([a,b,c,d,e,f,g,h,i])
if __name__ == "__main__":
# expect 9 arguments
a = sys.argv[1]
b = sys.argv[2]
c = sys.argv[3]
d = sys.argv[4]
e = sys.argv[5]
f = sys.argv[6]
g = sys.argv[7]
h = sys.argv[8]
i = sys.argv[9]
main(a, b, c, d, e, f, g, h, i)
test.c // WEXITSTATUS 返回为 0(成功)
#include <stdio.h>
#include <gmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/wait.h>
void main(){
FILE *f = fopen("/home/madhav/Desktop/debug.txt", "w+");
int status = system("sudo python3 /lib/x86_64-linux-gnu/security/attempt.py"); //providing the reqd arguments for attempt.py
fprintf(f, "\nSTATUS: %d", WEXITSTATUS(status));
if (status != 0) {
fprintf(f, "failed :(\n");
}
else{
fprintf(f, "success :)\n");
}
fclose(f);
}
测试.py
def func():
f = open("/home/madhav/Desktop/demofile.txt", "a")
f.write("Now the file has more content!")
f.close()
if __name__ == "__main__":
func()
pam_schnorr.c(pam_sm_athenticate 函数中的系统调用)
/* Define which PAM interfaces we provide */
#define PAM_SM_ACCOUNT
#define PAM_SM_AUTH
#define PAM_SM_PASSWORD
#define PAM_SM_SESSION
#include <stdio.h>
#include <gmp.h>
#include <sys/types.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/wait.h>
/* Include PAM headers */
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#include <security/pam_ext.h>
#include <security/_pam_macros.h>
#include <security/pam_modutil.h>
/* PAM entry point for session creation */
int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for session cleanup */
int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for accounting */
int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for authentication verification */
int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {
int retval;
const char *p;
retval = pam_get_authtok(pamh, PAM_AUTHTOK, &p , NULL);
// open a file to help debug
FILE *f = fopen("/home/sylvielee/Desktop/debug_log.txt", "w");
// Expect a string containing GP_x,GP_y,PK_x,PK_y,V_x,V_Y,r,n,userID in that order
int num_vars = 9;
int pv_index = 0;
char *packet_vars[num_vars];
const char *delimiter = ",";
char *saveptr;
char *var = strtok_r(p, delimiter, &saveptr);
if (!var) {
fprintf(f, "incorrect input");
fclose(f);
return(PAM_IGNORE);
}
packet_vars[pv_index++] = var;
while (pv_index < num_vars) {
var = strtok_r(NULL, delimiter, &saveptr);
fprintf(f, "\npv index is %d\n", pv_index);
fprintf(f, "var is %s\n", var);
if (!var) {
fprintf(f, "broke out");
break;
}
packet_vars[pv_index++] = var;
}
if (pv_index != num_vars) {
// didn't get all the desired variables
fclose(f);
return(PAM_IGNORE);
}
// call python script to check with verifier
char script_call[80];
sprintf(script_call, "python3 /lib/x86_64-linux-gnu/security/attempt.py %s %s %s %s %s %s %s %s %s",
packet_vars[0], packet_vars[1], packet_vars[2], packet_vars[3], packet_vars[4],
packet_vars[5], packet_vars[6], packet_vars[7], packet_vars[8]);
puts(script_call);
fprintf(f, "\n%s", script_call);
// check success of script call and log
int status = system(script_call);
fprintf(f, "\nSTATUS: %d", WEXITSTATUS(status));
if (status != 0) {
fprintf(f, "failed :(");
fclose(f);
return(PAM_IGNORE);
}
// read the verifier result
char *verifier_fp = "/home/sylvielee/Desktop/out.txt";
FILE *verifier_output = fopen(verifier_fp, "r");
int good = 0;
if (fgetc(verifier_output) == 121) { // ASCII for y
good = 1;
}
fprintf(f, "\nOutput is %d\n", good);
// return success of failure based on verifier result
fclose(f);
fclose(verifier_output);
if (good == 1) {
return(PAM_SUCCESS);
}
return(PAM_IGNORE);
}
/*
PAM entry point for setting user credentials (that is, to actually
establish the authenticated user's credentials to the service provider)
*/
int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
/* PAM entry point for authentication token (password) changes */
int pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv) {
return(PAM_IGNORE);
}
解决方案
推荐阅读
- r - PNS 数据的 lodown R 包问题
- php - 解析未关闭的`}`标签
- flutter - Flutter、Dart、VSCode:设置路径以在 MAC 上打开 GOOGLE chrome (#30DaysOfFlutter)
- swift - 面向协议的编程可选功能
- python - Pygame 窗口没有更新
- google-cloud-data-fusion - CDF 中的规则引擎插件问题
- amazon-web-services - Amazon WorkDocs - 用于文档下载的 API
- arrays - 传递给函数时在C中查找数组的大小
- python - 我收到一个 VSCode python 错误,有人知道为什么吗?
- ios - 为 UITableView 页脚 Swft 设置约束