bsd-auth: small work

1 files changed, 37 insertions, 0 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index f4cfc4b..8bbc474 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -1135,6 +1135,43 @@
   :CUSTOM_ID: auth_check_expire
   :END:
 
+  @@html: <details> <summary> @@
+  #+begin_src c
+  quad_t auth_check_expire(auth_session_t *as)
+  #+end_src
+  @@html: </summary> @@
+  #+begin_src c
+  {
+      if (as->pwd == NULL && auth_setpwd(as, NULL) < 0) {
+          as->state &= ~AUTH_ALLOW;
+          as->state |= AUTH_EXPIRED;	/* XXX */
+          return (-1);
+      }
+
+      if (as->pwd == NULL)
+          return (0);
+
+      if (as->pwd && (quad_t)as->pwd->pw_expire != 0) {
+          if (as->now.tv_sec == 0)
+              WRAP(gettimeofday)(&as->now, NULL);
+          if ((quad_t)as->now.tv_sec >= (quad_t)as->pwd->pw_expire) {
+              as->state &= ~AUTH_ALLOW;
+              as->state |= AUTH_EXPIRED;
+          }
+          if ((quad_t)as->now.tv_sec == (quad_t)as->pwd->pw_expire)
+              return (-1);
+          return ((quad_t)as->pwd->pw_expire - (quad_t)as->now.tv_sec);
+      }
+      return (0);
+  }
+  #+end_src
+  @@html: </details> @@
+
+  =auth_check_expire= is used to check whether an authentication
+  request is expired. This is used in the mainly context of
+  challenge-response authentication.
+
+  <<here>>
 
 * _auth_validuser
   :PROPERTIES: