diff options
| -rw-r--r-- | content/posts/how-bsd-authentication-works/index.org | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/content/posts/how-bsd-authentication-works/index.org b/content/posts/how-bsd-authentication-works/index.org index 29a9d62..28ceb2d 100644 --- a/content/posts/how-bsd-authentication-works/index.org +++ b/content/posts/how-bsd-authentication-works/index.org @@ -71,29 +71,6 @@ returns a finished auth session of type =auth_session_t=. It closes the auth session using =auth_close= and returns the value returned from closing. -=auth_usercheck= checks the user name against the passwd db. It also -checks the login class against the =login.conf= db, along with -confirming the login styles available. - -#+begin_quote -Validates the checks that the user exists, gets the user's login -class, verifies the auth type, and that the auth style can be used. - -It creates an auth session struct. - -If the password is provided it sets the service type to =response=, -and adds the adds the password to the auth data. Otherwise it -leaves it empty. -#+end_quote - -From there it calls a couple other functions, constructing and -filling out an =auth_session_t= struct using the =auth_set*= -functions from =auth_subr(3)=. It contains things like the user -name, login class, along with other details required to -authenticate the user. - -# FILL THIS PART OUT MORE! - #+BEGIN_SRC c struct auth_session_t { char *name; /* name of use being authenticated */ @@ -141,6 +118,31 @@ struct authdata { }; #+END_SRC +#+BEGIN_SRC c +auth_session_t *auth_usercheck(char *name, char *style, char *type, char *password) +#+END_SRC + +=auth_usercheck= checks the user name against the passwd db. It also +checks the login class against the =login.conf= db, along with +confirming the login styles available. + +If the password is non-=NULL=, then an =auth_session_t= struct is +created by calling =auth_open()=, then it calls + +#+BEGIN_SRC c +auth_setitem(as, AUTHV_SERVICE, "response"); +auth_setdata(as, "", 1); +auth_setdata(as, password, strlen(password) + 1); +#+END_SRC + +setting the service protocol to =response=, adding an empty line to +the session data, then adding the password as data. If the password is +=NULL=, it sets the =auth_session_t= pointer to =NULL=. It then passes +the user name, style, and login class to =auth_verify=, and returns +the the auth session pointer the call returns. + + + After that it constructs the path of the authentication module by combining =_PATH_AUTHPROG=, which is defined in =login_cap.h= as @@ -219,6 +221,7 @@ This is the integer returned by =auth_userokay=. # Setting env on auth_close(as) +# partual rewrite below The call graph for =auth_userokay= looks something like this: |