Hello,
I realize this has been discussed before, yet I failed to find something
directly relevant to my issue.
I am somewhat new to writing PAM modules and using PCSC, however, after much
research and trying I cannot get around this.
Although my final problem is entrenched in a larger set of code, I have managed
to isolate the issue I am experiencing to a fairly simple PAM module that I
have put into the gdm stack. Basically, in pam_authenticate, I do the
following (pseudo-code) :
pam_prompt : "enter YES to try the card"
{
if YES, then perform a very basic PCSC set of calls :
GetContext
GetReaders
GetStateChange - passing UNAWARE to get the current state
GetStateChange - block with some reasonable timeout, awaiting a state other
than the initial
ReleaseContext
pam_prompt: "done. card event or timeout over. enter anything to continue"
}
return PAM_SUCCESS
This module is entered as "auth required test_module.so", which will return
success and continue to PAM_UNIX and ask for a username and password.
When I run the same set of PCSC calls in a simple app from the command line,
i.e. NOT from within the GDM PAM environment, everything is fine.
However, when I actually logout and get GDM to run my module, it is my belief
that any actual state change that occurs with my single usb card reader causes
PAM to restart the GDM login process. What I experience is the first prompt,
to which I enter "YES", then either insert or remove the card, and I quickly
see the final "done. card event" prompt, yet very quickly it will reset the
process - the screen blinks and I am prompted again with "enter YES...". If I
initially enter "NO", I am taken right to the standard username prompt, as
expected.
A look at the /var/log/messages file reveals a few hints :
gdm[pid] : conversation failed
gdm[pid] : gdm_cleanup_children: child [...] crashed of signal 11
gdm[pid] : gdm_cleanup_children: slave crashed, killing it's children
and /var/log/secure has something like this :
pam_succeed_if(gdm:auth) error retrieving user name: Conversation error
This looks to me like a segfault occured somewhere, the result of which is that
PAM was unable to get my username, either because of or after which it
restarts. Yet as I said, when I run this exact set of PCSC calls as a simple
command line application through valgrind and gdb, all is well. If I use this
PAM module through SU, it also works without a hitch.
Any advice or help is appreciated.
Thanks much
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
