diff options
Diffstat (limited to 'content/posts/WIP-how-bsd-authentication-works/index.org')
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/index.org | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index a63d731..f8c9a51 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -419,7 +419,7 @@ received the =*style= and =*type=. If =*type= is =NULL=, it returns the first available login style for that class. If =*style= is specified, it is returned if available, otherwise =NULL= is - returned, which causes =auch_usercheck= to return =NULL= as well. + returned, which causes =auth_usercheck= to return =NULL= as well. It then creates a pointer =as= of type [[#auth_session_t][=auth_session_t=]], and handles it differently based on whether =*password= is =NULL=. @@ -862,6 +862,30 @@ directly interacted with over the terminal. As an example, this might be used in cases where the user is using S/KEY authentication over SSH. + + A fair portion of this function is very similar to + [[#auth_usercheck][=auth_usercheck=]]. + + It first checks that =*name= is a valid username. This means that it + doesn't begin with a hyphen, had a non-zero length. + + If =*style= is =NULL=, it checks if =*name= is in the =user:style= + format, and splits it accordingly. + + It then gets the user's password database entry through + [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r(3)=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then + uses that to retrieve the user's login class using + [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass(3)=]], which returns a =login_cap_t=. Login classes + are stored in the [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database. + + That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle(3)=]], which also + received the =*style= and =*type=. If =*type= is =NULL=, it returns + the first available login style for that class. If =*style= is + specified, it is returned if available, otherwise =NULL= is + returned, which causes =auth_userchallenge= to return =NULL= as + well. + + * auth_userresponse :PROPERTIES: :CUSTOM_ID: auth_userresponse |