On Mon, 2006 Jul 17 06:59:32 -0400, David Quigley wrote: > Hello, > I was looking through the modules directory for the PAM sources and it > seems that almost all of the modules exist in one source file in which > every function is static except for the main PAM exports. Is there a > reason for that? Is there a reason for not breaking a large module up > into smaller source files? > I'll try a stab at this, as this is more a C thing than anything PAM-specific. The reason is to produce a shared object with no other externally-visible symbols beyond the standard PAM functions. If you break the module up into multiple objects, this will usually involve module-internal functions that are nonetheless exported, which can be problematic. E.g. if the pam_sm_open_session() function is in foo-session.c, but it calls out to a routine do_blah() in foo-common.c, then the resulting foo.so PAM module will show do_blah() as an export alongside the standard PAM entry points. This is bad if the consuming application links against another shared library that also has a do_blah() export. Now, there are various ways to address this issue: 1. Prefix the module-internal-but-non-static symbols with e.g. "__foo_" (__foo_do_blah() and so on), to reduce the risk of namespace collisions 2. Use Libtool's symbol-visibility functionality to hide the module-internal symbols (may not work on all platforms) 3. Have various source files, but declare all module-internal functions static and compile a single master source file that #includes all the others 4. Implement each PAM function in a separate source file, with all other functions declared static (simple but inflexible) As for why Linux-PAM doesn't take these approaches more often... well, most modules aren't that big, and the single-source-file MO is simpler :-) HTH, --Daniel -- NAME = Daniel Richard G. ## Remember, skunks _\|/_ meef? EMAIL1 = skunk@xxxxxxxxxx ## don't smell bad--- (/o|o\) / EMAIL2 = skunk@xxxxxxxxxxxx ## it's the people who < (^),> WWW = http://www.******.org/ ## annoy them that do! / \ -- (****** = site not yet online) _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list