1 files changed, 57 insertions, 0 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 0c1eaa8..f4cfc4b 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -330,6 +330,63 @@
 
    =auth_getstate= return the =state= of =*as=.
 
+** auth_setpwd
+   :PROPERTIES:
+   :CUSTOM_ID: auth_setpwd
+   :END:
+   @@html: <details> <summary> @@
+   #+begin_src c
+   int auth_setpwd(auth_session_t *as, struct passwd *pwd)
+   #+end_src
+   @@html: </summary> @@
+   #+begin_src c
+   {
+       struct passwd pwstore;
+       char *instance, pwbuf[_PW_BUF_LEN];
+
+       if (pwd == NULL && as->pwd == NULL && as->name == NULL)
+           return (-1);		/* true failure */
+
+       if (pwd == NULL) {
+           /*
+            * If we were not passed in a pwd structure we need to
+            * go find one for ourself.  Always look up the username
+            * (if it is defined) in the passwd database to see if there
+            * is an entry for the user.  If not, either use the current
+            * entry or simply return a 1 which implies there is
+            * no user by that name here.  This is not a failure, just
+            * a point of information.
+            */
+           if (as->name == NULL)
+               return (0);
+           getpwnam_r(as->name, &pwstore, pwbuf, sizeof(pwbuf), &pwd);
+           if (pwd == NULL) {
+               instance = strchr(as->name, '/');
+               if (instance == NULL)
+                   return (as->pwd ? 0 : 1);
+               if (strcmp(instance, "/root") == 0) {
+                   getpwnam_r(instance + 1, &pwstore, pwbuf,
+                       sizeof(pwbuf), &pwd);
+               }
+               if (pwd == NULL)
+                   return (as->pwd ? 0 : 1);
+           }
+       }
+       if ((pwd = pw_dup(pwd)) == NULL)
+           return (-1);		/* true failure */
+       if (as->pwd) {
+           explicit_bzero(as->pwd->pw_passwd, strlen(as->pwd->pw_passwd));
+           free(as->pwd);
+       }
+       as->pwd = pwd;
+       return (0);
+   }
+   #+end_src
+   @@html: </details> @@
+
+   =auth_setpwd= is used to retrieve and set the [[https://man.openbsd.org/man3/getpwnam.3][password database]]
+   entry in =as= if one isn't already set.
+
 ** auth_set_va_list
    :PROPERTIES:
    :CUSTOM_ID: auth_set_va_list