Joerg Sonnenberger wrote:
On Mon, Mar 08, 2010 at 03:16:29PM -0500, Richard Hansen wrote:There's at least one other way pam_start() can fail: if you misspell the name of a pam module in an /etc/pam.d file. (Can you guess how I originally stumbled across the segfault? :-P) A "module not found" message would be useful.Yes, but that error is not send down in any meaningful way.
I'm not sure what you mean -- passwd prints the error message to stderr. Other apps might not have a useful way to deliver the error message to the user, but that's for the apps to figure out.
We could modify pam_start() to set pamh to NULL on error so that pam_strerror() does the right thing, or we could do what we're doing now and simply ignore pamh in pam_strerror().I think the problem will remain the same though -- you can't assume pam_strerror will work after a failing pam_start.
We can if pam_strerror(3) says it will. :)
It doesn't make much sense either.
If pam_start() set pamh to NULL on error, then pam_strerror() would know that NULL meant a failure in pam_start(). Upon invocation with pamh=NULL, pam_strerror() could either return a generic message corresponding to the error_number (as it does right now), or it could do some sleuthing to generate a more detailed message (such as "module /misspelled/path/to/pam_foo.so not found") in a static buffer.
-Richard