| < C TAP Harness 1.6 | Russ Allbery > Eagle's Path > December 2010 | pam-afs-session 2.0 > |
The major additions in this release of my collection of C utility libraries and Autoconf probes is a new PAM utility library and a fake PAM library for testing.
The PAM utility library is something that I've been working on for much of the year. The idea originally came from seeing how annoying and repetitive the code for the options parsing in pam-afs-session and particularly pam-krb5 had become. Adding new options required changing code in multiple places, including long, tedious if trees, and duplicating default value information in several ways.
The core of the new PAM utility library is a table-driven option parser. The PAM module need only provide a table of options and default values and a struct into which those values will be written, and the option parser does the rest. The code to write the values into the struct uses some scary C type violations and some techniques that I developed when writing the "new" inn.conf parser for INN. This parser also supports reading options from krb5.conf in addition to the PAM configuration, with appropriate handling of defaults and allowing the krb5.conf support to be optional, and has some neat bits like using a binary search to find an option in the option table so that there shouldn't be much speed penalty from adding more options (apart from the unfortunately linear check for each option in krb5.conf if that's enabled).
Also in the utility library are logging functions that handle calling pam_syslog with the right options and a vector library for handling automatically resizing arrays of strings. The latter is also used for PAM options that are actually lists of things inside the option parser.
Also in this release is a fake PAM library that implements just enough of PAM to allow a test program to call all the entry points of a PAM module. This is needed for good PAM module testing, since the system PAM library always looks at the system configuration and doesn't given the caller any control over skipping that. This library can be initialized by a test case and provides enough of the PAM library that a module will be happy, and allows the test case to inspect the internal PAM data if required.
This release also includes substantial improvements to the kafs replacement library, including Mac OS X and Solaris 11 support and support for k_haspag (even if building with a kafs library that doesn't have it). It also includes additional Kerberos portability glue and fixes some broken GCC attribute markers in the utility library.
You can get the latest version from the rra-c-util distribution page.
Posted: 2010-12-29 17:12 — Why no comments?
| < C TAP Harness 1.6 | Russ Allbery > Eagle's Path > December 2010 | pam-afs-session 2.0 > |