1 files changed, 17 insertions, 6 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index c9dd17f..a0c8407 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -431,7 +431,7 @@
 
   The process now calls =fork()=.
 
-  Here two constants are set for the "back channel" and optional
+  Here two constants are set for the back channel and optional
   authentication file descriptors.
 
   #+begin_src c
@@ -439,7 +439,7 @@
   #define	AUTH_FD	4
   #+end_src
 
-  In the child process, the "back channel" is set to file descriptor
+  In the child process, the back channel is set to file descriptor
   3, or =COMM_FD= using =dup2(3)=. If =as->fd=, is not =-1=, it is set
   to file descriptor 4, or =AUTH_FD=, also using =dup2(3)=. The
   remainder of the file descriptors are closed using either
@@ -470,12 +470,23 @@
   #define	_PATH_BSHELL	"/bin/sh"
   #+END_SRC
 
+  In the parent process, the child's end of the back channel is
+  closed, and so is the parent's copy of =as->fd= if it exists.
 
-  The =exec='d process then listens on FD 3, which is one half of the
-  =sockpair= that was created earlier.
+  The data from =as->data= is then written to the back channel
+  sequentially, zeroed, and freed.
 
-  In the non-exec'd process, first the contents of the auth session's
-  =*data= are read in one at a time.
+  Next =as->index= is set to =0=.
+
+  The response from the authentication module is then put into
+  =as->spool= with an optional received file descriptor placed in
+  =as->fd=, using =_auth_spool=.
+
+  #+begin_src c
+  _auth_spool(as, pfd[0]);
+  #+end_src
+
+  <<here>>
 
   The data received through the back channel is then put into the
   =spool= of the auth session using =_auth_spool(as, pfd[0])=. After