bsd-auth: move notes to their own file

2 files changed, 83 insertions, 84 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index ba5a5f4..6c211a9 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -152,7 +152,6 @@
   The simplest way to authenticate a user with BSD Auth is by using
   [[#auth_userokay][=auth_userokay=]].
 
-** TODO How are these configured in login.conf?
 * Approval Scripts
   :PROPERTIES:
   :CUSTOM_ID: approval
@@ -174,7 +173,6 @@
   section of the =login.conf= man page.
 
   Approval scripts are run using [[#auth_approval][=auth_approval=]].
-** TODO How are these configured in login.conf?
 
 * auth_userokay
   :PROPERTIES:
@@ -2637,88 +2635,6 @@
 #+INCLUDE: "gen_dot.rb" src ruby
   @@html: </details> @@
 
-* Notes
-  https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/
-  - In the man page for [[https://man.openbsd.org/auth_subr.3#auth_call][=auth_call=]] it says
-    #+begin_src text
-    path    The full path name of the login script to run.  The call will
-                 fail if path does not pass the requirements of the secure_path(3)
-                 function.
-    #+end_src
-
-    However I don't see this enforced anywhere, I even wrote a small test
-    script to prove it.
-
-    #+CAPTION: =authfail.c=
-    #+begin_src c
-    #include <sys/types.h>
-    #include <login_cap.h>
-    #include <bsd_auth.h>
-    #include <stdio.h>
-
-    int main(void) {
-        auth_session_t *as;
-
-        as = auth_open();
-        auth_call(as, "/home/dante/auth_tests/authtest/test", "hello", NULL);
-        auth_close(as);
-    }
-    #+end_src
-
-    Changing ="/home/dante/auth_tests/authtest/test"= to the location
-    of the =test= binary.
-
-    #+CAPTION: =test.c=
-    #+begin_src c
-    #include <stdio.h>
-
-    int main(void) {
-        printf("Hello! I don't have a secure path!\n");
-        return 0;
-    }
-    #+end_src
-
-    #+CAPTION: =Makefile=
-    #+begin_src makefile
-    CFLAGS = -Wall -Wextra
-
-    run: authfail test
-        ./authfail
-
-    authfail: authfail.c
-        $(CC) -o $@ $(CFLAGS) $<
-
-    test: test.c
-        $(CC) -o $@ $(CFLAGS) $<
-    #+end_src
-
-    Which results in the following:
-
-    #+begin_src text
-    $ pwd && ls -l && make
-    /home/dante/auth_tests/authtest
-    total 12
-    -rw-r--r--  1 dante  dante  143 May 30 19:20 Makefile
-    -rw-r--r--  1 dante  dante  248 May 29 19:30 authfail.c
-    -rw-r--r--  1 dante  dante  115 May 29 19:22 test.c
-    cc -o authfail -Wall -Wextra authfail.c
-    cc -o test -Wall -Wextra test.c
-    ./authfail
-    Hello! I don't have a secure path!
-    #+end_src
-
-  - The manpage also says the path is limited to =/bin/= and =/usr/bin=,
-    which is also not the case.
-
-  - The man page describes the interface for =auth_getitem= is in the
-    format of =AUTH_<item>=, but in reality it is =AUTHV_<item>=.
-
- # Ask jcs about the file descriptor situation, I don't understand it
- # after reading both the man page and source.
-
- - The [[#auth_getchallenge][=auth_getchallenge=]] function in the [[https://man.openbsd.org/auth_subr.3#auth_getchallenge][=auth_subr(3)=]] man page
-   doesn't seem to exist in the source code.
-
 * Copyright
   :PROPERTIES:
   :CUSTOM_ID: copyright
diff --git a/content/posts/WIP-how-bsd-authentication-works/notes.org b/content/posts/WIP-how-bsd-authentication-works/notes.org
new file mode 100644
index 0000000..9bd67d4
--- /dev/null
+++ b/content/posts/WIP-how-bsd-authentication-works/notes.org
@@ -0,0 +1,83 @@
+* Notes
+  https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/
+  - In the man page for [[https://man.openbsd.org/auth_subr.3#auth_call][=auth_call=]] it says
+    #+begin_src text
+    path    The full path name of the login script to run.  The call will
+                 fail if path does not pass the requirements of the secure_path(3)
+                 function.
+    #+end_src
+
+    However I don't see this enforced anywhere, I even wrote a small test
+    script to prove it.
+
+    #+CAPTION: =authfail.c=
+    #+begin_src c
+    #include <sys/types.h>
+    #include <login_cap.h>
+    #include <bsd_auth.h>
+    #include <stdio.h>
+
+    int main(void) {
+        auth_session_t *as;
+
+        as = auth_open();
+        auth_call(as, "/home/dante/auth_tests/authtest/test", "hello", NULL);
+        auth_close(as);
+    }
+    #+end_src
+
+    Changing ="/home/dante/auth_tests/authtest/test"= to the location
+    of the =test= binary.
+
+    #+CAPTION: =test.c=
+    #+begin_src c
+    #include <stdio.h>
+
+    int main(void) {
+        printf("Hello! I don't have a secure path!\n");
+        return 0;
+    }
+    #+end_src
+
+    #+CAPTION: =Makefile=
+    #+begin_src makefile
+    CFLAGS = -Wall -Wextra
+
+    run: authfail test
+        ./authfail
+
+    authfail: authfail.c
+        $(CC) -o $@ $(CFLAGS) $<
+
+    test: test.c
+        $(CC) -o $@ $(CFLAGS) $<
+    #+end_src
+
+    Which results in the following:
+
+    #+begin_src text
+    $ pwd && ls -l && make
+    /home/dante/auth_tests/authtest
+    total 12
+    -rw-r--r--  1 dante  dante  143 May 30 19:20 Makefile
+    -rw-r--r--  1 dante  dante  248 May 29 19:30 authfail.c
+    -rw-r--r--  1 dante  dante  115 May 29 19:22 test.c
+    cc -o authfail -Wall -Wextra authfail.c
+    cc -o test -Wall -Wextra test.c
+    ./authfail
+    Hello! I don't have a secure path!
+    #+end_src
+
+  - The manpage also says the path is limited to =/bin/= and =/usr/bin=,
+    which is also not the case.
+
+  - The man page describes the interface for =auth_getitem= is in the
+    format of =AUTH_<item>=, but in reality it is =AUTHV_<item>=.
+
+ # Ask jcs about the file descriptor situation, I don't understand it
+ # after reading both the man page and source.
+
+ - The [[#auth_getchallenge][=auth_getchallenge=]] function in the [[https://man.openbsd.org/auth_subr.3#auth_getchallenge][=auth_subr(3)=]] man page
+   doesn't seem to exist in the source code.
+
+** TODO How are these configured in login.conf?