Reputation: 3363
Can't call custom PAM module from dotnet core - possibly related to multiarch
I've built a simple, custom, PAM module and the module works as expected with pamtester and with some other pam testing code I found online.
I've also built a simple dotnet core application which uses pinvoke to authenticate against pam.
As mentioned, the custom module works with pamtester and the custom dotnet app works (up to the point of receiving the conv callback) against the default ubuntu 15.10 pam setup.
However, if I hook the custom app up to the custom PAM module, I get an error in auth.log to say
dotnet: PAM unable to dlopen(pam_permit_log_response.so):
/lib/security/pam_permit_log_response.so: cannot open shared object file: No
such file or directory
... so it doesn't find the module in the /lib/x86_64-linux-gnu/security when calling into pam from dotnet to the custom module
If I change the pam config file to include the full path to the module then I get the error
dotnet: PAM unable to dlopen(/lib/x86_64-linux-
gnu/security/pam_permit_log_response.so): /lib/x86_64-linux-
gnu/security/pam_permit_log_response.so: undefined symbol: pam_syslog
So it seems like it's still failing to resolve things, this time it's the references in the custom pam module.
Could anyone point me in the right direction in terms of:
- Why PAM fails to find my custom module but can find the default ubuntu modules?
- Why that only happens when calling into pam from dotnet
- How I can build and/or configure my custom pam module to behave the same as the pre-existing system modules?
Upvotes: 0
Views: 409
Answers (1)
Reputation: 3363
I still don't know why it's an issue calling into my custom module from dotnet and not from pamtester but, to answer the most important question: "How I can build and/or configure my custom pam module to behave the same as the pre-existing system modules?"
The answer is that previously, I was linking the module using the following:
ld -x --shared -o pam_permit_log_response.so pam_permit_log_response.o
To fix the problem, I needed to indicate to the linker that this is a pam module using the -lpam flag so the call to link becomes:
ld -x --shared -o pam_permit_log_response.so pam_permit_log_response.o -lpam
Upvotes: 0
Related Questions
- .Net Core on Linux runs fine with 'dotnet myapp.dll' but fails with systemctl
- Adding PackageReference for package fails with 401 (Unauthorized)
- Auth0 implmentation with .net core 2.1
- In a cross-platform .NET Core executable, how can I specify paths to native dependencies / where do I put them?
- P-Invoke in .net core with Linux
- Why does calling libsass functions with .NET P/Invoke fail?
- How to create custom Authentication Provider in DotNetNuke
- DotNetNuke 5.2 - How do I assign a security role to a user from a custom module?
- DotNetNuke Service API Authorization throwing 401 Unauthorized code
- DotNetNuke 6.0 setting APIKey and Secret for Authentication Module