[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pamh allowed to be NULL?

On Thu, Jan 05, 2006 at 02:00:34PM +0100, Thorsten Kukuk wrote:
> the LSB PAM test suite expects that pamh can be NULL and the function
> should not crash. With the current optimizations and usage of nonnull
> attribute, it seems this is not always true anymore. I know it is
> debateable if a library should crash in such cases or not and that
> everybody has another opinion.
> My question is: Is there any documentation which tells us how
> a PAM function should behave if the pamh argument is NULL? I cannot
> find this, even the LSB spec itself says nothing about this.

FWIW, XSSO [1] describes the pamh argument as "pamh (in): The
PAMauthentication handle, obtained from a previous call to pam_start()".
In pam_start(), it says "On successful completion, pamh refers to a
PAMhandle for use with subsequent calls to the authentication library."

I would interpret this as meaning that passing anything as a PAM handle
that was not returned by a successful call to pam_start as undefined
behaviour.  In that case, crashing on a NULL pamh is just as undefined
as any other behaviour.

On the other hand, the descriptions of pamh in most functions do not
say "obtained from a _successful_ call to pam_start", so you could
argue that if pam_start sets the pamh to NULL on failure, passing that
NULL to subsequent PAM calls is covered under "obtained from a previous
call to pam_start()".  I have no idea what LinuxPAM does if pam_start()
fails, though.

[1] http://www.opengroup.org/onlinepubs/008329799/toc.pdf

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]