[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

return values from modules?



I noticied in docs that almost every pam entry point
in module (pam_sm_xxx) have documented list of possible
error codes that it can return.  Most modules just
uses something like:

   if ((r = pam_set_data(...)) != PAM_SUCCESS)
     return r;

to return from that entry point.
Thus, the question -- should that checks/returns
be rewritten to be something like
     return PAM_SESSION_ERROR;
instead of
     return r;
or should docs be updated to say something like
"this entry can return any PAM_error_code, but
most "significant" codes are:" ?

First case seemed to be too nontrivial.

Also, in case of auth stack:
what should module do with empty username?
I.e. if pam_get_user returned empty string?
Login from util-linux doesn't understand
PAM_INCOMPLETE in this case...

P.S.  login from util-linux has just too many
bugs :((

  $ login
  login: ^D
  login: ^D
  Segmentation fault (core dumped)
  $ _

With this, we should really be _very_ careful with
tidyng up passwords inside pam modules...





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []