http://vsftpd.beasts.org/
SULinux 1.5 (CentOS 4 32bit)에 vsftpd 2.0.7을 컴파일 설치 시도해 보았다.
기본 내장된 vsftpd 가 2.0.1로 터무니없이(?) 낮은 편이다. 요걸로 FTPS를 운영한다 하더라도 보안이 문제되고 파일질라 2.x로만 접근이 가능하고 3.x에서는 무용지물이다.
http://www.digimoon.net/blog/321
builddefs.h 파일을 아래와 같이 수정 후
#ifndef VSF_BUILDDEFS_H
#define VSF_BUILDDEFS_H
#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */
#define VSF_BUILDDEFS_H
#define VSF_BUILD_TCPWRAPPERS
#define VSF_BUILD_PAM
#define VSF_BUILD_SSL
#endif /* VSF_BUILDDEFS_H */
컴파일 시도하면 아래와 같이 에러 발생
ssl.c: In function
`ssl_cert_digest':
ssl.c:549: warning: implicit declaration of function `EVP_sha256'
ssl.c:550: warning: passing arg 2 of `X509_digest' makes pointer from integer without a cast
gcc -c sysutil.c -O2 -Wall -W -Wshadow -idirafter dummyinc
gcc -c sysdeputil.c -O2 -Wall -W -Wshadow -idirafter dummyinc
gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh`
ssl.o(.text+0x638): In function `ssl_cert_digest':
: undefined reference to `EVP_sha256'
collect2: ld returned 1 exit status
make: *** [vsftpd] 오류 1
[root@localhost vsftpd-2.0.7]#
ssl.c:549: warning: implicit declaration of function `EVP_sha256'
ssl.c:550: warning: passing arg 2 of `X509_digest' makes pointer from integer without a cast
gcc -c sysutil.c -O2 -Wall -W -Wshadow -idirafter dummyinc
gcc -c sysdeputil.c -O2 -Wall -W -Wshadow -idirafter dummyinc
gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh`
ssl.o(.text+0x638): In function `ssl_cert_digest':
: undefined reference to `EVP_sha256'
collect2: ld returned 1 exit status
make: *** [vsftpd] 오류 1
[root@localhost vsftpd-2.0.7]#
해결법 당췌 모르겠음 ㅋ
CentOS 5에서는 문제없이 컴파일 되었는데 SULinux 1.5(CentOS 4)에서 이런 현상이 남
SULinux에 기본 포함된 ftp데몬이 vsftpd 2.0.1이란 점을 감안하여 2.0.1 소스버전을 설치 시도해 보았다.
그랬더니 에러 없이 설치가 된다.
여태 삽질한 원인이 아마도 vsftpd 2.0.7과 SULinux에 기본 설치된 openssl, openssl-devel 버전과의 궁합 문제인 걸로 추측된다.
[root@localhost vsftpd-2.0.7]# cat /etc/redhat-release
SULinux release 1.5 (Server)
[root@localhost vsftpd-2.0.7]# rpm -qa | grep openssl
openssl-devel-0.9.7a-43.17.el4_6.1
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
[root@localhost vsftpd-2.0.7]#
SULinux release 1.5 (Server)
[root@localhost vsftpd-2.0.7]# rpm -qa | grep openssl
openssl-devel-0.9.7a-43.17.el4_6.1
openssl-0.9.7a-43.17.el4_6.1
xmlsec1-openssl-1.2.6-3
[root@localhost vsftpd-2.0.7]#
openssl과 의존성을 갖는 패키지들이 너무 많은 관계로 SULinux와 CentOS 4에 vsftpd 2.0.7 소스버전을 설치하는 건 아무래도 무리일 듯 하다.
시험 삼아 openssl과 openssl-devel을 의존성 무시하고 강제 삭제 후 CentOS 5에 기본 내장된 버전으로 강제 설치하고 vsftpd 2.0.7을 컴파일 시도해 보았다.
그랬더니 여지없이 아래와 같은 무수한 에러를 낸다.
[root@localhost vsftpd-2.0.7]# make
gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh`
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_init_context@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_resolve@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_free@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_sname_to_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_free_entry@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_initialize@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `valid_cksumtype@k5crypto_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_cc_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_cc_get_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_mk_req_extended@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_close@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_context@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_getrcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_get_server_rcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_timeofday@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_destroy@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_principal_compare@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_ticket@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_decrypt_tkt_part@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_setrcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_checksum_size@k5crypto_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_get_lifespan@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `__stack_chk_fail@GLIBC_2.4'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_data_contents@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_init@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_get_entry@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libcrypto.so: undefined reference to `__syslog_chk@GLIBC_2.4'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_get_credentials@krb5_3_MIT'
collect2: ld returned 1 exit status
make: *** [vsftpd] 오류 1
[root@localhost vsftpd-2.0.7]#
gcc -o vsftpd main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o tunables.o ftpdataio.o secbuf.o ls.o postprivparent.o logging.o str.o netstr.o sysstr.o strlist.o banner.o filestr.o parseconf.o secutil.o ascii.o oneprocess.o twoprocess.o privops.o standalone.o hash.o tcpwrap.o ipaddrparse.o access.o features.o readwrite.o opts.o ssl.o sysutil.o sysdeputil.o -Wl,-s `./vsf_findlibs.sh`
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_init_context@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_resolve@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_free@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_sname_to_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_free_entry@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_initialize@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `valid_cksumtype@k5crypto_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_cc_default@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_cc_get_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_mk_req_extended@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_close@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_context@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_getrcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_get_server_rcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_timeofday@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_destroy@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_principal_compare@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_ticket@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_decrypt_tkt_part@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_principal@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_setrcache@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_checksum_size@k5crypto_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_rc_get_lifespan@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `__stack_chk_fail@GLIBC_2.4'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_free_data_contents@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_auth_con_init@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_kt_get_entry@krb5_3_MIT'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libcrypto.so: undefined reference to `__syslog_chk@GLIBC_2.4'
/usr/lib/gcc/i386-redhat-linux/3.4.6/../../../libssl.so: undefined reference to `krb5_get_credentials@krb5_3_MIT'
collect2: ld returned 1 exit status
make: *** [vsftpd] 오류 1
[root@localhost vsftpd-2.0.7]#
SSL을 지원하는 vsftpd 2.0.7을 사용코자 한다면 CentOS 5로 갈아타거나 차기 SULinux 버전을 기다리는 수 밖에 없겠다.
rpm으로 배포되는 vsftpd가 09년 1월 현재 최신버전이 2.0.5인 이유도 한몫한다. ㅋ
proftpd에 mod_tls을 적용해서 운영하는 것도 생각해 봐야겠다.
