diff options
| author | Dante Catalfamo | 2020-10-30 01:59:58 -0400 |
|---|---|---|
| committer | Dante Catalfamo | 2020-10-30 01:59:58 -0400 |
| commit | 532c26157eb934ddb0e6e791b7d60423e5f51165 (patch) | |
| tree | 43b88feedc5f99824b0f2cbbd049456ee583e12f /content/posts/WIP-how-bsd-authentication-works | |
| parent | 792f1e07ed9e8d34c78856cb178d00c1606f61ce (diff) | |
| download | blog-532c26157eb934ddb0e6e791b7d60423e5f51165.tar.gz blog-532c26157eb934ddb0e6e791b7d60423e5f51165.tar.bz2 blog-532c26157eb934ddb0e6e791b7d60423e5f51165.zip | |
Add a lot of clarity to auth_call
Diffstat (limited to 'content/posts/WIP-how-bsd-authentication-works')
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/index.org | 42 |
1 files changed, 30 insertions, 12 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 0903ee7..c9dd17f 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -422,20 +422,38 @@ option for each of them. After that the rest of the arguments are retrieved from - =_auth_next_arg= and added to the end of =argv=. + =_auth_next_arg= and added to the end of =argv=. Finally a =NULL= is + added to the end of =argv=. - If there are any extra options left over + Next a socket pair of type =PF_LOCAL, SOCK_STREAM= is created. This + is called the "back channel", and is used to communicate with the + authentication module. - <<here>> + The process now calls =fork()=. - Inside of =auth_call=, a socket pair of type =PF_LOCAL, SOCK_STREAM= - is created. This is called the "back channel", and is used to - communicate with the authentication module. The process then forks, - calling ~execve(path, argv, auth_environ)~, where the =argv= is - everything after =path= in the =auth_call= arguments. Any =authopts= - set in the auth session are also passed as arguments in the format =-v - opt1 -v opt2 -v opt3=, etc. =auth_environ= is defined at the top of - the file as + Here two constants are set for the "back channel" and optional + authentication file descriptors. + + #+begin_src c + #define COMM_FD 3 + #define AUTH_FD 4 + #+end_src + + In the child process, the "back channel" is set to file descriptor + 3, or =COMM_FD= using =dup2(3)=. If =as->fd=, is not =-1=, it is set + to file descriptor 4, or =AUTH_FD=, also using =dup2(3)=. The + remainder of the file descriptors are closed using either + =closefrom(COMM_FD + 1)= or =closefrom(AUTH_FD + 1)=, depending on + whether or not =AUTH_FD= is used. + + The child process then executes the module. + + #+begin_src c + execve(path, argv, auth_environ); + #+end_src + + =auth_environ= is defined at the top of the file as a very minimal + environment. #+BEGIN_SRC c static char *auth_environ[] = { @@ -445,7 +463,7 @@ }; #+END_SRC - Where both constants are defined in =paths.h= as + Where both constants are defined in =/include/paths.h=. #+BEGIN_SRC c #define _PATH_DEFPATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin" |