Re: On non-PIC PAM module for OpenSolaris.

[Russ Allbery]

Mats Erik Andersson <address@hidden> writes:

> @@ -287,6 +282,7 @@ pam_sm_chauthtok (pam_handle_t * pamh, int flags, int 
> argc, const char **argv)
>    return retval;
>  }
>  
> +/* Particular to Linux-PAM.  */
>  #ifdef PAM_STATIC
>  
>  struct pam_module _pam_shishi_modstruct = {

PAM_STATIC and this _modstruct stuff is not specific to Linux-PAM; it's
also used by FreeBSD PAM.  However, the correct way to instantiate it on
FreeBSD is:

    #ifdef PAM_MODULE_ENTRY
    PAM_MODULE_ENTRY("pam_shishi");
    #endif

which takes care of all the structs and whatnot and behaves correctly when
used in combination with PAM_EXTERN on all the pam_sm_* declarations.

I've never seen anyone use this on Linux PAM, although I think it
theoretically supports it.  It's more of a FreeBSD thing.  I added support
for PAM_EXTERN and PAM_MODULE_ENTRY (if you use those two, you don't have
to explicitly check PAM_STATIC; everything else gets set up for you), but
I was never able to get confirmation from a FreeBSD user that it actually
worked.

Incidentally, this is all a misnomer; on FreeBSD, which is the only place
this stuff appears to be used, none of this actually creates a statically
linked PAM module.  (I'm not sure what such a thing would even be.)
Rather, it creates a dynamic module that doesn't export any symbols except
for _pam_shishi_modstruct, which cuts down on symbol leakage.

Other than that, your patch looks good to me.

-- 
Russ Allbery (address@hidden)             <http://www.eyrie.org/~eagle/>