Pam conversations per se may also run in parallel, but this implies that
the application supports this.
Since this normally not the case, do not create modules that may invoke
the pam conversations in parallel by default, adding a mutex to protect
such calls.
Modules have the ability to start PAM conversations, so while the
transaction code can handle them we did not have a way to init them.
Yet.
So add some APIs allowing this, making it easier from the go side to
handle the conversations.
In this commit we only support text-based conversations, but code is
designed with the idea of supporting binary cases too.
Added the integration tests using the module that is now able to both
start conversation and handle them using Go only.
Module data is data associated with a module handle that is available
for the whole module loading time so it can be used also during
different operations.
We use cgo handles to preserve the life of the go objects so any value
can be associated with a pam transaction.
In order to properly test the interaction of a module transaction from
the application point of view, we need to perform operation in the
module and ensure that the expected values are returned and handled
In order to do this, without using the PAM apis that we want to test,
use a simple trick:
- Create an application that works as server using an unix socket
- Create a module that connects to it
- Pass the socket to the module via the module service file arguments
- Add some basic protocol that allows the application to send a request
and to the module to reply to that.
- Use reflection and serialization to automatically call module methods
and return the values to the application where we do the check
Lars Scheibling
Marco Trevisan (Treviño)