diff options
| -rw-r--r-- | content/posts/how-bsd-authentication-works/index.org | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org index 5d756da..fb0103f 100644 --- a/content/posts/how-bsd-authentication-works/index.org +++ b/content/posts/how-bsd-authentication-works/index.org @@ -230,10 +230,11 @@ auth_session_t *auth_verify(auth_session_t *as, char *style, char *name, ...) #+END_SRC - =auth_verify= creates an auth session if =as= is =NULL=. It then sets - the user name and style of the session, if the respective arguments - are non-=NULL=. It then copies its variable arguments to the auth - session's =va_list ap=, which is used inside of =auth_call=. + =auth_verify= creates an auth session using =auth_open= if =as= is + =NULL=. It then sets the user name and style of the session, if the + respective arguments are non-=NULL=. It then copies its variable + arguments to the auth session's =va_list ap=, which is used inside + of =auth_call=. After that it constructs the path of the authentication module by combining =_PATH_AUTHPROG=, which is defined in =login_cap.h= as @@ -351,8 +352,18 @@ ** _auth_spool ** _recv_fd + * auth_close - <<here3>> + =auth_close= is the function responsible for cleaning up the session + and taking care of the values returned though the back channel. + + It first sets the environment variables returned through the back + channel by passing the auth session to =auth_setenv=. It then goes + through the =rmlist= of the session, deleting the files if the + session reported a failure. It then zeroes out all sensitive + information, and frees the various structs associated with the current + =auth_session_t=, and then the session itself. Finally it returns + the session's state =&='ed with =AUTH_ALLOW=. * grapgh? # Setting env on auth_close(as) # partual rewrite below |