ctypes.ArgumentError: argument 1: TypeError: expected PamHandle instance instead of NoneType

[gongsu832]

Hi, I'm using python-pam to authenticate users in a Flask app. A /login REST API calls pam.authenticate(username, password) to authenticate the user. Occasionally, I would see an exception like this:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2552, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2532, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 2529, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1825, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1823, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.10/dist-packages/flask/app.py", line 1799, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
  File "/usr/local/lib/python3.10/dist-packages/flask_httpauth.py", line 161, in decorated
    user = self.authenticate(auth, password)
  File "/usr/local/lib/python3.10/dist-packages/flask_httpauth.py", line 245, in authenticate
    return self.ensure_sync(self.verify_password_callback)(
  File "/usr/local/lib/python3.10/dist-packages/ztagger/portal/restapi.py", line 162, in verify_password
    elif username and password and pam.authenticate(username, password):
  File "/usr/local/lib/python3.10/dist-packages/pam/__init__.py", line 132, in authenticate
    return __PA.authenticate(username, password, service, env, call_end, encoding, resetcreds, print_failure_messag
es)
  File "/usr/local/lib/python3.10/dist-packages/pam/__internals.py", line 371, in authenticate
    auth_success = self.pam_acct_mgmt(self.handle, 0)
ctypes.ArgumentError: argument 1: TypeError: expected PamHandle instance instead of NoneType

This only seems to happen when the /login request is sent from a browser/javascript but never with curl.

[sents]

This also happens to me since updating from 1.8.4 to 2.0.2.

[sents]

This seems to be the same issue as in #37, that python-pam is not thread safe anymore. That might be why triggering it with a single curl request doesn't raise any issues.

[gongsu832]

Yes it indeed seems to be thread-safety related. I typically only observe the exception when multiple /login requests are simultaneously sent by the browser/javascript.