[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Compile error in current CVS, src/server.c:5500

From: Mark D. Baushke
Subject: Re: Compile error in current CVS, src/server.c:5500
Date: Mon, 21 Jul 2003 10:54:59 -0700

Hi Brian,

Brian Murphy <brian@murphy.dk> writes:

> Mark D. Baushke wrote:
> >To be honest, I wonder why the result of pam_end() is not being captured
> >and causing a call to pam_strerror().
> >
> Well, pam_strerror needs the pam handle which gets destroyed by the
> call to pam_end to work and pam_end either returns success or failure
> (PAM_SYSTEM_ERROR) but no extra information. At least as far as I can
> see from the PAM code.

Okay. I was just going by the 'man pam_end' man page where-in I see

       May be translated to text with pam_strerror(3).

but it seems that the man page is for both pam_start() and pam_end(). It
is not clear from the documentation if the pam handle is really
destroyed if PAM_SUCCESS is not returned and I have not actually looked
in any of the open source implementations to see if anything is still
around for pam_strerror() to use for the handle or not.

However, it is my understanding that pam_end() will return PAM_SUCCESS
if everything goes well and and one of the other PAM_* macros from the
pam types on failure. So at the least, I would expect something like:

    retval = pam_end(pamh, retval);
    if (retval != PAM_SUCCESS)
        printf("E Fatal error, aborting.\n\
error EACCES pam failed to release authenticator (retval=%d)\n", retval);
        error_exit ();

or some such kind of indication to avoid losing information about what
happened. This kind of message may help us debug future problems with
the PAM service rather than just ripping it out as not being
maintainable. 1/2 :-)

        -- Mark

reply via email to

[Prev in Thread] Current Thread [Next in Thread]