On 2023/12/27 14:21:42 +0100, Stefan Sperling <stsp@stsp.name> wrote:
> > > One quirk which deviates from our usual style is that auth_check() will
> > > not free the *username pointer on failure. I chose to free it in the
> > > caller instead to keep the existing auth_check() implementation mostly
> > > as it is, since the early returns are an important part of the code flow.
> > > Alternatively, we could do another getpwuid() call in the caller but a
> > > call to strdup() on the existing passwd object is likely cheaper.
> > 
> > I think it's fine.  Alternatively, we could just use a stack-allocated
> > buffer and avoid all the headaches with managing another allocation.
> 
> The maximum length of the username is not easy to determine in
> a portable way.

true, in this case (log) I assumed truncating wasn't a problem so we
could have used just a buffer of, say, 64/128/256 bytes and be done with
it.  Not a big deal however, and thanks for improving the logs :)