[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

linking of pam modules

I've run into a dynamic linking snag while working with PAM, and I have a
suggestion for overcoming it.  My knowledge of dynamic linking in Linux is
however far from complete, so please point anything out if it looks suspect.

libpam loads modules using dlopen.  These modules obviously need to find
symbols in libpam (eg pam_get_item).  Normally this is not a problem,
because the application using libpam is dynamically linked to libpam, thus
the libpam symbols are available to pam_whatever.so when it is dlopen'ed. 
But what if the application using libpam is not linked to libpam at link
time, but instead uses dlopen to open it?  In this case, pam_whatever.so
cannot resolve the symbols it needs (the dlopen fails, dlerror says
"Unable to resolve symbol", and several lines like "can't resolve symbol
'pam_get_item'" are printed to stderr).  I believe (from my
experimentation and what I've read) the inability to find symbols in
libraries that are dlopen'ed instead of linked at link time is a "fact of
life" of Linux/ELF dynamic loading (well, this makes sense, because how
could dlopen pick among libraries that offer the same symbols?).

Without changing pam, this seems to be an insurmountable obstacle.  
Fortunately, there is an easy fix.  If the pam modules are linked to 
libpam at link time, they find their symbols and everone is happy.  So I 
am suggesting adding a -lpam option to the makefiles.  To test this, I 
linked lib_securetty.so with 

gcc -shared -Xlinker -x -o pam_securetty.so dynamic/pam_securetty.o -lpam

When I did this, my program worked without a hitch.  (This was tested only 
on a linux 2.0.30, RHL 4.2 system.)

Can this be changed in the PAM distribution?  Or is there a good reason 
for the current behavior?  (An education on dynamic loading would satisfy 
me almost as much as getting my program working.)


PS.  The reason that I can't just link my program to libpam at link time 
is that I lied; the program is not actually mine.  I'm really just 
writing some glue to use PAM from perl.  I'll be happy to share my work 
when I get anywhere :)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []