1 files changed, 31 insertions, 0 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 0726728..3e2d76f 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -106,6 +106,12 @@
   The auth module communicates with its caller through file
   descriptor 3.
 
+  Some modules require an extra file descriptor to be passed in for
+  authentication. In these cases, an extra =-v fd=4= argument will be
+  passed. Theoretically this =fd= can be any number, but in practice
+  =fd=4= is hard-coded.
+
+
   Most modules also have a hidden flag =-d=, which sets the back
   channel do =stdio=, presumably for debugging purposes.
 
@@ -397,6 +403,31 @@
   int auth_call(auth_session_t *as, char *path, ...)
   #+END_SRC
 
+  =auth_call= is responsible for setting up the environment,
+  calling the modules, and communicating with them.
+
+  First, the variable arguments are placed in =as->ap0=.
+
+  An array of char pointers called =argv= is allocated to hold the arguments for the
+  auth module.
+
+  #+BEGIN_SRC c
+  char *argv[64];		/* 64 args should be more than enough */
+  #+END_SRC
+
+  - =auth_next_arg=
+    #+BEGIN_SRC c
+    static char * _auth_next_arg(auth_session_t *as)
+    #+END_SRC
+
+    First goes through =as->ap0=, returning one argument at a time
+    until it hits the =NULL= character pointer. At which point it
+    calls =va_end(as->ap0)= and =explicit_bzero='s it.
+
+    Moves on to do the same thing for =as->ap=.
+
+    Finally when it's gone through both lists, returns =NULL=
+
   <<here>>
 
   Inside of =auth_call=, a socket pair of type =PF_LOCAL, SOCK_STREAM=