strncpy() is _NOT_ a safe version of strcpy() and it should not be used
(ineffective and dangerous since a NUL termination might be missing).
Instead snprintf() the way to safely construct a string with a given
limit. This commit implements this for the action parsing in ykpamcfg.
This checks the return code of snprintf() and makes sure that fullpath
actually fits into a buffer of size PATH_MAX. Otherwise, it will output
an error and exit.
Instead of hardcoding the buffer size to 256, using PATH_MAX makes more
sense here, since this can be defined differently on different
platforms. This is not perfect, though, refer to [1] for some details.
In our case it should be good enough.
[1]: https://eklitzke.org/path-max-is-tricky
Certain phrases (Challenge-response) were not spelled consistently
throughout the project. This commit adjusts for that and fixes a
couple of typos along the way and uses the base form of verbs in
case of error messages.
A previous commit (d51124e) added the `e` flag to the `fopen()` calls. However
this flag is not supported on all platforms (MacOS) and will be silently
dropped (see #145). This patch works around those issues by manually opening
the file descriptor using `open()` with the `O_CLOEXEC` flag, and invoking
`fd_open()` on the resulting file descriptor to open an appropriate `FILE`
stream.
This makes sure that all files used by pam_yubico will be opened with the
`O_CLOEXEC` flag on all supported platforms to mitigate issues with missing
`fclose()` invocation (see #136).
This uses mkostemp() instead of mkstemp(), passing along the `O_CLOEXEC` flag,
which makes sure that the file descriptor is closed and won't be leaked into
any child process, which was previously an issue due to a missing fclose()
(#136).
This adds the `e` flag to fopen() calls, making sure the `O_CLOEXEC` flag is
used. This makes sure that the file descriptor is being closed and not leaked
into child processes. This was an issues previously due to a missing fclose()
(#136).
This opens any file descriptors with the O_CLOEXEC flag, which will make sure
that file descriptors won't be leaked into any child process. This was
previously an issue due to a forgotten fclose() (#136).
This fixes a couple of compiler warnings due to wrong pointer casts in regards
to the pamh structure, which is a bit of a hackery way to access the test data.
