Some of the printf conversion specifications were wrong when used on
size_t, causing
> pam_yubico.c:957:57: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
> DBG (("OTP too short to be considered : %i < %i", password_len, (cfg->token_id_length + TOKEN_OTP_LEN)));
> ~~ ^~~~~~~~~~~~
> %zu
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
> ^
> ./util.h:47:12: note: expanded from macro 'D'
> printf x; \
> ^
and
> pam_yubico.c:967:14: warning: format specifies type 'int' but the argument has type 'size_t' (aka 'unsigned long') [-Wformat]
> skip_bytes, password_len, cfg->token_id_length, TOKEN_OTP_LEN));
> ^~~~~~~~~~~~
> pam_yubico.c:132:36: note: expanded from macro 'DBG'
> #define DBG(x) if (cfg->debug) { D(x); }
> ^
> ./util.h:47:12: note: expanded from macro 'D'
> printf x; \
> ^
Fix these by using the appropriate %zu conversions for size_t. While
looking through the code, there are a couple more places where format
string specifiers could be improved, e.g. using %zu instead of casting
the result of sizeof(x) or strlen(x) to unsigned long.
In addition, convert TOKEN_OTP_LEN, MAX_TOKEN_ID_LEN and
DEFAULT_TOKEN_ID_LEN to unsigned numbers, because negative values would
not make any sense for those.
On OS X and FreeBSD, struct pam_message does not declare its msg member
as constant. This causes a warning when assigning a constant string to
it:
pam_yubico.c:403:14: warning: assigning to 'char *' from 'const char *' discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
msg[0].msg = message;
^ ~~~~~~~
Sending the users password out in another direction is scary and
requires more thought. Ideally this should be solved by using ldap
GSSAPI or similar instead of sending a cleartext password over the
network.
