bsd-auth: Finish auth_challenge writeup

1 files changed, 29 insertions, 3 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index de2b651..dfdc3a3 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -1,12 +1,12 @@
 #+TITLE: How BSD Authentication Works
 #+DATE: 2020-11-02T16:49:46-05:00
 #+DRAFT: true
+#+SHOWTOC: true
 #+DESCRIPTION:
 #+TAGS[]: openbsd
 #+KEYWORDS[]: openbsd
 #+SLUG:
 #+SUMMARY:
-#+SHOWTOC: true
 
 [[https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/]]
 * History
@@ -903,7 +903,6 @@
   return (as);
   #+end_src
 
-
 * auth_challenge
   :PROPERTIES:
   :CUSTOM_ID: auth_challenge
@@ -921,7 +920,34 @@
   =NULL=, =as->name= is =NULL=, or if the username begins with a
   hyphen, or has a length of zero, the function returns =NULL=.
 
-  <<HERE>>
+  Then the path to the auth module is created.
+
+  #+begin_src c
+  snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", as->style);
+  #+end_src
+
+  =as->state= and =as->challenge= are then reset, in case they were
+  already set.
+
+  Then [[#auth_call][=auth_call=]] is called, with the challenge style set.
+
+  #+begin_src c
+  auth_call(as, path, as->style, "-s", "challenge", "--", as->name, as->class, (char *)NULL);
+  #+end_src
+
+  =as->state= is checked for the =AUTH_CHALLENGE= bit, and if it's
+  present, the challenge is extracted from the back channel output,
+  and used to set =as->challenge=.
+
+  #+begin_src c
+  if (as->state & AUTH_CHALLENGE)
+		as->challenge = auth_getvalue(as, "challenge");
+  #+end_src
+
+  =as->state= and =as->index= are then set to zero, discarding the
+  data.
+
+  =as->challenge= is then returned.
 
 * auth_userresponse
   :PROPERTIES: