On Thu, Jan 05, 2006 at 02:00:34PM +0100, Thorsten Kukuk wrote: > the LSB PAM test suite expects that pamh can be NULL and the function > should not crash. With the current optimizations and usage of nonnull > attribute, it seems this is not always true anymore. I know it is > debateable if a library should crash in such cases or not and that > everybody has another opinion. > > My question is: Is there any documentation which tells us how > a PAM function should behave if the pamh argument is NULL? I cannot > find this, even the LSB spec itself says nothing about this. FWIW, XSSO [1] describes the pamh argument as "pamh (in): The PAMauthentication handle, obtained from a previous call to pam_start()". In pam_start(), it says "On successful completion, pamh refers to a PAMhandle for use with subsequent calls to the authentication library." I would interpret this as meaning that passing anything as a PAM handle that was not returned by a successful call to pam_start as undefined behaviour. In that case, crashing on a NULL pamh is just as undefined as any other behaviour. On the other hand, the descriptions of pamh in most functions do not say "obtained from a _successful_ call to pam_start", so you could argue that if pam_start sets the pamh to NULL on failure, passing that NULL to subsequent PAM calls is covered under "obtained from a previous call to pam_start()". I have no idea what LinuxPAM does if pam_start() fails, though. [1] http://www.opengroup.org/onlinepubs/008329799/toc.pdf -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
