bsd-auth: no longer WIP

1 files changed, 0 insertions, 83 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/notes.org b/content/posts/WIP-how-bsd-authentication-works/notes.org
deleted file mode 100644
index 9bd67d4..0000000
--- a/content/posts/WIP-how-bsd-authentication-works/notes.org
+++ /dev/null
@@ -1,83 +0,0 @@
-* Notes
-  https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/
-  - In the man page for [[https://man.openbsd.org/auth_subr.3#auth_call][=auth_call=]] it says
-    #+begin_src text
-    path    The full path name of the login script to run.  The call will
-                 fail if path does not pass the requirements of the secure_path(3)
-                 function.
-    #+end_src
-
-    However I don't see this enforced anywhere, I even wrote a small test
-    script to prove it.
-
-    #+CAPTION: =authfail.c=
-    #+begin_src c
-    #include <sys/types.h>
-    #include <login_cap.h>
-    #include <bsd_auth.h>
-    #include <stdio.h>
-
-    int main(void) {
-        auth_session_t *as;
-
-        as = auth_open();
-        auth_call(as, "/home/dante/auth_tests/authtest/test", "hello", NULL);
-        auth_close(as);
-    }
-    #+end_src
-
-    Changing ="/home/dante/auth_tests/authtest/test"= to the location
-    of the =test= binary.
-
-    #+CAPTION: =test.c=
-    #+begin_src c
-    #include <stdio.h>
-
-    int main(void) {
-        printf("Hello! I don't have a secure path!\n");
-        return 0;
-    }
-    #+end_src
-
-    #+CAPTION: =Makefile=
-    #+begin_src makefile
-    CFLAGS = -Wall -Wextra
-
-    run: authfail test
-        ./authfail
-
-    authfail: authfail.c
-        $(CC) -o $@ $(CFLAGS) $<
-
-    test: test.c
-        $(CC) -o $@ $(CFLAGS) $<
-    #+end_src
-
-    Which results in the following:
-
-    #+begin_src text
-    $ pwd && ls -l && make
-    /home/dante/auth_tests/authtest
-    total 12
-    -rw-r--r--  1 dante  dante  143 May 30 19:20 Makefile
-    -rw-r--r--  1 dante  dante  248 May 29 19:30 authfail.c
-    -rw-r--r--  1 dante  dante  115 May 29 19:22 test.c
-    cc -o authfail -Wall -Wextra authfail.c
-    cc -o test -Wall -Wextra test.c
-    ./authfail
-    Hello! I don't have a secure path!
-    #+end_src
-
-  - The manpage also says the path is limited to =/bin/= and =/usr/bin=,
-    which is also not the case.
-
-  - The man page describes the interface for =auth_getitem= is in the
-    format of =AUTH_<item>=, but in reality it is =AUTHV_<item>=.
-
- # Ask jcs about the file descriptor situation, I don't understand it
- # after reading both the man page and source.
-
- - The [[#auth_getchallenge][=auth_getchallenge=]] function in the [[https://man.openbsd.org/auth_subr.3#auth_getchallenge][=auth_subr(3)=]] man page
-   doesn't seem to exist in the source code.
-
-** TODO How are these configured in login.conf?