diff options
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/index.org | 48 |
1 files changed, 29 insertions, 19 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 4565580..3535cb2 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -289,33 +289,43 @@ format, and splits it accordingly. It then gets the user's password database entry through - [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then - uses that to retrieve the user's login class using [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass=]], - which returns a =login_cap_t=. Login classes are stored in the - [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database. + [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r(3)=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then + uses that to retrieve the user's login class using + [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass(3)=]], which returns a =login_cap_t=. Login classes + are stored in the [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database. - That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle=]], which also + That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle(3)=]], which also received the =*style= and =*type=. If =*type= is =NULL=, it returns the first available login style for that class. If =*style= is specified, it is returned if available, otherwise =NULL= is returned, which causes =auch_usercheck= to return =NULL= as well. - If the password is a string, then it creates a new session using - =auth_open=. It then sets the session =service= to ="response"=, and - adds the =password= string to the session's =data=. Here the newly - created session is called =as=. + It then creates a pointer =as= of type =auth_session_t=, and handles + it differently based on whether =*password= is =NULL=. - #+BEGIN_SRC c - auth_setitem(as, AUTHV_SERVICE, "response"); - auth_setdata(as, "", 1); - auth_setdata(as, password, strlen(password) + 1); - #+END_SRC + - If the password is a string, it creates a new session using + =auth_open= and assigns it to =as=. It then sets the session + =service= to ="response"=, and adds the =password= string to the + session's =data=. + + #+BEGIN_SRC c + auth_setitem(as, AUTHV_SERVICE, "response"); + auth_setdata(as, "", 1); + auth_setdata(as, password, strlen(password) + 1); + #+END_SRC + + - If =*password= is =NULL=, it sets =as= to =NULL=. - If the password is =NULL=, it sets the =auth_session_t= pointer to - =NULL=. It then passes the user name, style, login class, and =NULL= - char pointer to =auth_verify=. The last two variables are received - as variable arguments. It then returns the auth session pointer the - call returns. + It then passes the =auth_session_t= (=as=) pointer, =*name=, + =*style=, login class (=lc=), and a =NULL= char pointer to + =auth_verify=. It then returns the auth session pointer the call + returns. + + #+begin_src c + as = auth_verify(as, style, name, lc->lc_class, (char *)NULL); + // [...] some cleanup + return (as); + #+end_src * auth_verify |