pamh allowed to be NULL?
Darren Tucker
dtucker at zip.com.au
Thu Jan 5 13:32:00 UTC 2006
On Thu, Jan 05, 2006 at 02:00:34PM +0100, Thorsten Kukuk wrote:
> the LSB PAM test suite expects that pamh can be NULL and the function
> should not crash. With the current optimizations and usage of nonnull
> attribute, it seems this is not always true anymore. I know it is
> debateable if a library should crash in such cases or not and that
> everybody has another opinion.
>
> My question is: Is there any documentation which tells us how
> a PAM function should behave if the pamh argument is NULL? I cannot
> find this, even the LSB spec itself says nothing about this.
FWIW, XSSO [1] describes the pamh argument as "pamh (in): The
PAMauthentication handle, obtained from a previous call to pam_start()".
In pam_start(), it says "On successful completion, pamh refers to a
PAMhandle for use with subsequent calls to the authentication library."
I would interpret this as meaning that passing anything as a PAM handle
that was not returned by a successful call to pam_start as undefined
behaviour. In that case, crashing on a NULL pamh is just as undefined
as any other behaviour.
On the other hand, the descriptions of pamh in most functions do not
say "obtained from a _successful_ call to pam_start", so you could
argue that if pam_start sets the pamh to NULL on failure, passing that
NULL to subsequent PAM calls is covered under "obtained from a previous
call to pam_start()". I have no idea what LinuxPAM does if pam_start()
fails, though.
[1] http://www.opengroup.org/onlinepubs/008329799/toc.pdf
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the Pam-list
mailing list