diff options
| author | Dante Catalfamo | 2020-06-27 23:32:14 -0400 |
|---|---|---|
| committer | Dante Catalfamo | 2020-06-27 23:32:14 -0400 |
| commit | 2e359a4847f4a2694582eb726790aa7d026894c8 (patch) | |
| tree | b63ad0f3b2efdf66a9b5197360390db90555a608 /content/posts/how-bsd-authentication-works/index.org | |
| parent | 8f2f21b759e9523e08f6ef85881afae88195e492 (diff) | |
| download | blog-2e359a4847f4a2694582eb726790aa7d026894c8.tar.gz blog-2e359a4847f4a2694582eb726790aa7d026894c8.tar.bz2 blog-2e359a4847f4a2694582eb726790aa7d026894c8.zip | |
More work on bsd auth
Diffstat (limited to 'content/posts/how-bsd-authentication-works/index.org')
| -rw-r--r-- | content/posts/how-bsd-authentication-works/index.org | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org index 28ceb2d..42e4b41 100644 --- a/content/posts/how-bsd-authentication-works/index.org +++ b/content/posts/how-bsd-authentication-works/index.org @@ -127,7 +127,8 @@ checks the login class against the =login.conf= db, along with confirming the login styles available. If the password is non-=NULL=, then an =auth_session_t= struct is -created by calling =auth_open()=, then it calls +created by calling =auth_open()=, then it calls (with the session +struct as the variable =as=) #+BEGIN_SRC c auth_setitem(as, AUTHV_SERVICE, "response"); @@ -138,11 +139,19 @@ auth_setdata(as, password, strlen(password) + 1); setting the service protocol to =response=, adding an empty line to the session data, then adding the password as data. If the password is =NULL=, it sets the =auth_session_t= pointer to =NULL=. It then passes -the user name, style, and login class to =auth_verify=, and returns -the the auth session pointer the call returns. - +the user name, style, login class, and =NULL= char pointer to +=auth_verify=. The last two variables are received as variable +arguments. It then returns the auth session pointer the call +returns. +#+BEGIN_SRC c +auth_session_t *auth_verify(auth_session_t *as, char *style, char *name, ...) +#+END_SRC +=auth_verify= creates an auth session if =as= is =NULL=. It then sets +the user name and style of the session, if the respective arguments +are non-=NULL=. It then copies its variable arguments to the auth +session's =va_list ap=, which is used inside of =auth_call=. After that it constructs the path of the authentication module by combining =_PATH_AUTHPROG=, which is defined in =login_cap.h= as @@ -152,13 +161,18 @@ case of auth style =passwd=, it would result in the path Then =auth_call= is called with the struct, the path to the auth module, the auth style, the "-s" flag followed by the service -(login, challenge, response), a double dash, and the user name. +(login, challenge, response), a double dash, the user name, and a +=NULL= character pointer. #+BEGIN_SRC c auth_call(as, path, auth_getitem(as, AUTHV_STYLE), "-s", auth_getitem(as, AUTHV_SERVICE), "--", name, (char *)NULL); #+END_SRC +#+BEGIN_SRC c +int auth_call(auth_session_t *as, char *path, ...) +#+END_SRC + Inside of =auth_call=, a socket pair of type =PF_LOCAL, SOCK_STREAM= is created. This is called the "back channel", and is used to communicate between with the authentication module. The |