I help create an access plugin. Our module initially implemented a PAM session with only one message, and it worked fine. Then we needed to add a second message to the conversation, and thought that it would be enough just to increase num_msg by one and pass the necessary pointers.
However, with the code below, PAM now returns an error after the user responds to the first invitation. (The error is a pam session error, oddly enough, although this is not indicated as the response type for the conv function.)
Separating invitations into two different conversation objects works fine, but I would like to add a few tips to the same conversation. Googling shows that bad behavior can be expected with several messages in one conversation, although I could not find anything specific. Any thoughts on what's going on here or what I don't see?
pam_message first_message;
first_message.msg = const_cast<char *> ("First prompt: ");
first.msg_style = PAM_PROMPT_ECHO_OFF;
pam_message second_message;
second_message.msg = const_cast<char *> ("Second prompt: ");
second_message.msg_style = PAM_PROMPT_ECHO_OFF;
std::vector<const pam_message *> messages;
messages.push_back (&first_message);
messages.push_back (&second_message);
std::vector<pam_response *> responses (2);
int conv_result = conv->conv (2, messages.data(), responses.data(),
conv->appdata_ptr);
source
share