Re: Calling PAM from within an SO

[Mark Valence <kurash sassafras com>]

> Mark Valence wrote:
> >  My program loads a shared lib (.so) that then calls pam_start, etc.
> >  pam_start succeeds, but when I call pam_authenticate it fails with
> >  error "Module is unknown".
> >
> >  Same exact code works when linked into the main program (i.e., not in
> >  the .so).  Is there anything special about using pam from within a
> >  .so?
>
> http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/pam/Linux-PAM/dynamic/ 
> pam.c?rev=1.1&content-type=text/vnd.viewcvs-markup
>
> Feedback appreciated.

Looks like that would solve the problem, although isn't the crucial 
part simply the use of RTLD_GLOBAL|RTLD_NOW as the mode in dlopen? 
If that is the case, then that's what I will use as a fix for now 
(since I need to be backward compatible with older versions of pam), 
and not do the -lpam when I build.

One comment on your CONFIRM_PAM_FUNCTION macro.  Why not just go all the way:

#define GENERATE_PAM_FUNCTION(x, y, z, p, err) \
    y x { \
        static y (*real_##x) z;
        union { const void *tpointer; y (*fn) z ; } fptr; \
	fptr.tpointer = dlsym(libpam_h, #x); real_##x = fptr.fn; \
	if (real_##x == NULL) { \
	    D(("unable to resolve '" #x "': %s", dlerror())); \
	    return err; \
	} \
        return real_##x p; \
    }

GENERATE_PAM_FUNCTION(pam_start, int,
                          (const char *sn, const char *user,
                              const struct pam_conv *conv,
                              pam_handle_t **pamh),
                          (sn, user, conv, pamh),
                          PAM_ABORT)

GENERATE_PAM_FUNCTION(pam_end, int,
                          (pam_handle_t *pamh,
                              int pam_status),
                          (pamh, pam_status),
                          PAM_ABORT)

... etc. ;-)

Thanks for the tip.

Mark.