bsd-auth: move auth_approval section

1 files changed, 97 insertions, 97 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index dcc6520..5635604 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -2204,103 +2204,6 @@
   return (auth_getstate(as) & AUTH_ALLOW);
   #+end_src
 
-* auth_check_expire
-  :PROPERTIES:
-  :CUSTOM_ID: auth_check_expire
-  :END:
-
-  @@html: <details> <summary> @@
-  #+begin_src c
-  quad_t auth_check_expire(auth_session_t *as)
-  #+end_src
-  @@html: </summary> @@
-  #+begin_src c
-  {
-      if (as->pwd == NULL && auth_setpwd(as, NULL) < 0) {
-          as->state &= ~AUTH_ALLOW;
-          as->state |= AUTH_EXPIRED;	/* XXX */
-          return (-1);
-      }
-
-      if (as->pwd == NULL)
-          return (0);
-
-      if (as->pwd && (quad_t)as->pwd->pw_expire != 0) {
-          if (as->now.tv_sec == 0)
-              WRAP(gettimeofday)(&as->now, NULL);
-          if ((quad_t)as->now.tv_sec >= (quad_t)as->pwd->pw_expire) {
-              as->state &= ~AUTH_ALLOW;
-              as->state |= AUTH_EXPIRED;
-          }
-          if ((quad_t)as->now.tv_sec == (quad_t)as->pwd->pw_expire)
-              return (-1);
-          return ((quad_t)as->pwd->pw_expire - (quad_t)as->now.tv_sec);
-      }
-      return (0);
-  }
-  #+end_src
-  @@html: </details> @@
-
-  [[https://man.openbsd.org/auth_subr.3#auth_check_expire][=auth_check_expire=]] is used to check if the account used for a
-  session is expired. If an account is valid, it returns =0=.
-  Otherwise it returns a negative number representing the number of
-  seconds elapsed since the account expired. If there's no account
-  associated with the session, it will return =-1=.
-
-  It first checks if =as->pwd= is set, and if it isn't it tries to set
-  it using [[#auth_setpwd][=auth_setpwd=]]. If both of those fail, then it returns =-1=
-  and removes the =AUTH_ALLOW= bitmask from =as->state=, and adds the
-  bitmask for =AUTH_EXPIRED=.
-
-  Interestingly, if there's an account name associated with the
-  session but it doesn't exist on the system, this function will still
-  return =0= instead of =-1=.
-
-* auth_check_change
-  :PROPERTIES:
-  :CUSTOM_ID: auth_check_change
-  :END:
-
-  @@html: <details> <summary> @@
-  #+begin_src c
-  quad_t auth_check_change(auth_session_t *as)
-  #+end_src
-  @@html: </summary> @@
-  #+begin_src c
-  {
-      if (as->pwd == NULL && auth_setpwd(as, NULL) < 0) {
-          as->state &= ~AUTH_ALLOW;
-          as->state |= AUTH_PWEXPIRED;	/* XXX */
-          return (-1);
-      }
-
-      if (as->pwd == NULL)
-          return (0);
-
-      if (as->pwd && (quad_t)as->pwd->pw_change) {
-          if (as->now.tv_sec == 0)
-              WRAP(gettimeofday)(&as->now, NULL);
-          if (as->now.tv_sec >= (quad_t)as->pwd->pw_change) {
-              as->state &= ~AUTH_ALLOW;
-              as->state |= AUTH_PWEXPIRED;
-          }
-          if ((quad_t)as->now.tv_sec == (quad_t)as->pwd->pw_change)
-              return (-1);
-          return ((quad_t)as->pwd->pw_change - (quad_t)as->now.tv_sec);
-      }
-      return (0);
-  }
-  #+end_src
-  @@html: </details> @@
-
-  [[https://man.openbsd.org/auth_subr.3#auth_check_change][=auth_check_change=]] is used to check if the password associated with
-  an account is expired. If the password isn't expired, it returns
-  =0=. Otherwise it returns a negative number representing the number
-  of seconds elapsed since the password expired. If there's no account
-  associated with the session, it will return =-1=.
-
-  It operates very similarly to [[#auth_check_expire][=auth_check_expire=]].
-
 * auth_approval
   :PROPERTIES:
   :CUSTOM_ID: auth_approval
@@ -2471,6 +2374,103 @@
 
   It returns either =0= for disapproval, or non-zero for approval.
 
+* auth_check_expire
+  :PROPERTIES:
+  :CUSTOM_ID: auth_check_expire
+  :END:
+
+  @@html: <details> <summary> @@
+  #+begin_src c
+  quad_t auth_check_expire(auth_session_t *as)
+  #+end_src
+  @@html: </summary> @@
+  #+begin_src c
+  {
+      if (as->pwd == NULL && auth_setpwd(as, NULL) < 0) {
+          as->state &= ~AUTH_ALLOW;
+          as->state |= AUTH_EXPIRED;	/* XXX */
+          return (-1);
+      }
+
+      if (as->pwd == NULL)
+          return (0);
+
+      if (as->pwd && (quad_t)as->pwd->pw_expire != 0) {
+          if (as->now.tv_sec == 0)
+              WRAP(gettimeofday)(&as->now, NULL);
+          if ((quad_t)as->now.tv_sec >= (quad_t)as->pwd->pw_expire) {
+              as->state &= ~AUTH_ALLOW;
+              as->state |= AUTH_EXPIRED;
+          }
+          if ((quad_t)as->now.tv_sec == (quad_t)as->pwd->pw_expire)
+              return (-1);
+          return ((quad_t)as->pwd->pw_expire - (quad_t)as->now.tv_sec);
+      }
+      return (0);
+  }
+  #+end_src
+  @@html: </details> @@
+
+  [[https://man.openbsd.org/auth_subr.3#auth_check_expire][=auth_check_expire=]] is used to check if the account used for a
+  session is expired. If an account is valid, it returns =0=.
+  Otherwise it returns a negative number representing the number of
+  seconds elapsed since the account expired. If there's no account
+  associated with the session, it will return =-1=.
+
+  It first checks if =as->pwd= is set, and if it isn't it tries to set
+  it using [[#auth_setpwd][=auth_setpwd=]]. If both of those fail, then it returns =-1=
+  and removes the =AUTH_ALLOW= bitmask from =as->state=, and adds the
+  bitmask for =AUTH_EXPIRED=.
+
+  Interestingly, if there's an account name associated with the
+  session but it doesn't exist on the system, this function will still
+  return =0= instead of =-1=.
+
+* auth_check_change
+  :PROPERTIES:
+  :CUSTOM_ID: auth_check_change
+  :END:
+
+  @@html: <details> <summary> @@
+  #+begin_src c
+  quad_t auth_check_change(auth_session_t *as)
+  #+end_src
+  @@html: </summary> @@
+  #+begin_src c
+  {
+      if (as->pwd == NULL && auth_setpwd(as, NULL) < 0) {
+          as->state &= ~AUTH_ALLOW;
+          as->state |= AUTH_PWEXPIRED;	/* XXX */
+          return (-1);
+      }
+
+      if (as->pwd == NULL)
+          return (0);
+
+      if (as->pwd && (quad_t)as->pwd->pw_change) {
+          if (as->now.tv_sec == 0)
+              WRAP(gettimeofday)(&as->now, NULL);
+          if (as->now.tv_sec >= (quad_t)as->pwd->pw_change) {
+              as->state &= ~AUTH_ALLOW;
+              as->state |= AUTH_PWEXPIRED;
+          }
+          if ((quad_t)as->now.tv_sec == (quad_t)as->pwd->pw_change)
+              return (-1);
+          return ((quad_t)as->pwd->pw_change - (quad_t)as->now.tv_sec);
+      }
+      return (0);
+  }
+  #+end_src
+  @@html: </details> @@
+
+  [[https://man.openbsd.org/auth_subr.3#auth_check_change][=auth_check_change=]] is used to check if the password associated with
+  an account is expired. If the password isn't expired, it returns
+  =0=. Otherwise it returns a negative number representing the number
+  of seconds elapsed since the password expired. If there's no account
+  associated with the session, it will return =-1=.
+
+  It operates very similarly to [[#auth_check_expire][=auth_check_expire=]].
+
 * auth_checknologin
   :PROPERTIES:
   :CUSTOM_ID: auth_checknologin