rra-c-util 4.0

The big addition in this release is a test driver framework for PAM modules that rests on top of the fake PAM library added in version 3.0. This is a data-driven test framework that allows most of a PAM test to be specified by a simple text configuration file. I'll write more about this later, including a complete example.

In support of that test framework, and in order to use both it and the fake PAM library with pam-krb5, the fake PAM library has been fleshed out considerably. It now handles everything that pam-krb5 uses, including authentication tokens and conversation functions, and supports intercepting getpwnam calls and returning a fake structure so that things involving ownership and home directories can be tested in isolation.

Also in this release are improvements to the PAM utility library, particularly around logging of PAM flags and avoiding memory leaks in option parsing.

In non-PAM news, this release avoids calling krb5_get_error_message with a NULL context, which older versions of Heimdal can't handle. The Kerberos probes can now cope with krb5/krb5.h being present and krb5.h missing (such as on NetDB), and there's a new Autoconf probe for Kerberos kadmin client libraries. That probe was written using a new, more generic framework for writing Autoconf library probes, to which the other probes will be converted when I find time.

There are substantial additions to the TAP add-on library, particularly around Kerberos. Test configuration is now expected to be in tests/config instead of tests/data, and temporary files are now created in tests/tmp instead of in the current working directory. There's a test function to get Kerberos password information from a configuration file, another to generate a krb5.conf file for testing, and another to determine the principal found in a keytab to avoid requiring the user to provide additional configuration giving the principal name. There's a new test function that uses the kadmin client library to set a password expired for test cases involving that. And, finally, there's a generic TAP add-on that wraps asprintf and vasprintf and checks for failure, calling bail if necessary.

Finally, the remctl Autoconf probe has been fixed (yet again) and now the optional version should work properly, and there are a few other, more minor bug fixes.

You can get the latest version from the rra-c-util distribution page.