Goroutine not starting in shared library

I’m trying to create a pam module to be used for authorization with SSH.

Unfortunately every goroutine does not start within the PAM module, if it was used within SSH flow. It does indeed work with pamtester without any issues.

Here is the code:

package main

/*
#include <security/pam_modules.h>
typedef const char cchar_t;
*/
import "C"
import (
	"log"
	"time"
)

func main() {}

//export pam_sm_authenticate
func pam_sm_authenticate(pamh *C.pam_handle_t, flags C.int, argc C.int, argv **C.cchar_t) C.int {
	log.Printf("golib.so: before start goroutine")
	go func() {
        // This will not happen and the whole program will hang from
        // here on...
		log.Printf("golib.so: something out of the goroutine")
	}()
	log.Printf("golib.so: after start goroutine")

	return C.PAM_SUCCESS
}

//export pam_sm_setcred
func pam_sm_setcred(pamh *C.pam_handle_t, flags C.int, argc C.int, argv **C.cchar_t) C.int {
	return C.PAM_IGNORE
}

Environment

  • OS: Ubuntu 22.04.4 LTS
  • SSH: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
  • Go: go version go1.22.5 linux/amd64
  • pemtester: 0.1.2

Similar issues

  1. golang/go#57394
  2. golang/go#15538
  3. golang/go#15556

So far non of those tickets helped me to solve the issue.

My main problem is not that I even intent to use goroutines but if I’m using http.Client goroutines are everywhere.

BTW: Do not focus that much on what is happening inside of the methods. The goroutine does not even start. Not even golib.so: goroutine begin will be visible.

So: I’m happy for proposals to make the goroutines in the context of a PAM modules within SSH work or to do HTTP requests without goroutines. :smirk:

Thanks for your support!

Hi, can you try these

  • Use synchronous HTTP calls without goroutines.
  • Create a custom http.Transport to disable goroutines.
  • Check SSH/PAM logs for thread issues.
  • Use net.Dial for manual HTTP requests.
  • Limit Go threads with runtime.GOMAXPROCS(1).

I hope this will work for you….