summaryrefslogtreecommitdiffstats
path: root/content/posts/WIP-how-bsd-authentication-works
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/WIP-how-bsd-authentication-works')
-rw-r--r--content/posts/WIP-how-bsd-authentication-works/index.org68
1 files changed, 67 insertions, 1 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index d417868..d99b7a5 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -10,6 +10,9 @@
[[https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/]]
* History
+ :PROPERTIES:
+ :CUSTOM_ID: history
+ :END:
OpenBSD is quite different from many other Unix-like operating
systems in many ways, but one way which I find interesting is the
@@ -34,6 +37,9 @@
system of configured through [[https://man.openbsd.org/login.conf][=login.conf(5)=]].
* Why
+ :PROPERTIES:
+ :CUSTOM_ID: why
+ :END:
This one is pretty difficult, since there seems to be very little
information about how BSD Auth works apart from the source code
@@ -42,6 +48,9 @@
of BSD Auth.
* BSD Auth Modules
+ :PROPERTIES:
+ :CUSTOM_ID: modules
+ :END:
These programs or scripts are located in =/usr/libexec/auth/= with the
naming convention =login_<style>=. They take arguments in the form of
@@ -116,12 +125,18 @@
channel do =stdio=, presumably for debugging purposes.
* Documentation
+ :PROPERTIES:
+ :CUSTOM_ID: documentation
+ :END:
All of the high level authentication functions are described in
[[https://man.openbsd.org/authenticate][=authenticate(3)=]], with the lower level functions being described in
[[https://man.openbsd.org/auth_subr][=auth_subr(3)=]].
* auth_userokay
+ :PROPERTIES:
+ :CUSTOM_ID: auth_userokay
+ :END:
=auth_userokay= is the highest level function, and easiest to use.
It takes four character arrays as arguments, =name=, =style=,
@@ -160,6 +175,9 @@
the resulting value.
* auth_session_t
+ :PROPERTIES:
+ :CUSTOM_ID: auth_session_t
+ :END:
=auth_session_t= is the main data structure used to represent the
authentication session. It gets used by all other functions.
@@ -215,6 +233,10 @@
There are several functions which get used to operate on
=auth_session_t= to keep it opaque.
** auth_setdata
+ :PROPERTIES:
+ :CUSTOM_ID: auth_setdata
+ :END:
+
#+begin_src c
int auth_setdata(auth_session_t *as, void *ptr, size_t len)
#+end_src
@@ -225,6 +247,10 @@
location. It returns =0= on success.
** auth_setitem / auth_getitem
+ :PROPERTIES:
+ :CUSTOM_ID: auth_setitem
+ :END:
+
#+begin_src c
int auth_setitem(auth_session_t *as, auth_item_t item, char *value)
#+end_src
@@ -258,6 +284,10 @@
#+end_src
** auth_setoption
+ :PROPERTIES:
+ :CUSTOM_ID: auth_setoption
+ :END:
+
#+begin_src c
int auth_setoption(auth_session_t *as, char *n, char *v)
#+end_src
@@ -268,6 +298,10 @@
to its location. It returns =0= on success.
** auth_setstate / auth_getstate
+ :PROPERTIES:
+ :CUSTOM_ID: auth_setstate
+ :END:
+
#+begin_src c
void auth_setstate(auth_session_t *as, int s)
#+end_src
@@ -281,6 +315,10 @@
=auth_getstate= return the =state= of =*as=.
** auth_set_va_list
+ :PROPERTIES:
+ :CUSTOM_ID: auth_set_va_list
+ :END:
+
#+begin_src c
void auth_set_va_list(auth_session_t *as, va_list ap)
#+end_src
@@ -288,6 +326,10 @@
=auth_set_va_list= copies =ap= to the =ap= field in =*as=
** auth_clrenv
+ :PROPERTIES:
+ :CUSTOM_ID: auth_clrenv
+ :END:
+
#+begin_src c
void auth_clrenv(auth_session_t *as)
#+end_src
@@ -297,6 +339,10 @@
=auth_call= section.
** auth_setenv
+ :PROPERTIES:
+ :CUSTOM_ID: auth_setenv
+ :END:
+
#+begin_src c
void auth_setenv(auth_session_t *as)
#+end_src
@@ -305,6 +351,10 @@
according to =BI_SETENV= and =BI_UNSETENV= instructions.
** auth_getvalue
+ :PROPERTIES:
+ :CUSTOM_ID: auth_getvalue
+ :END:
+
#+BEGIN_SRC c
char *auth_getvalue(auth_session_t *as, char *what)
#+END_SRC
@@ -321,6 +371,9 @@
escaped value strings.
* auth_open
+ :PROPERTIES:
+ :CUSTOM_ID: auth_open
+ :END:
#+begin_src c
auth_session_t *auth_open(void)
@@ -338,6 +391,9 @@
It then sets the =fd= field to =-1=, and returns the pointer.
* auth_usercheck
+ :PROPERTIES:
+ :CUSTOM_ID: auth_usercheck
+ :END:
#+BEGIN_SRC c
auth_session_t *auth_usercheck(char *name, char *style, char *type, char *password)
@@ -365,7 +421,7 @@
it differently based on whether =*password= is =NULL=.
- If the password is a string, it creates a new session using
- =auth_open= and assigns it to =as=. It then sets the session
+ [[#auth_open][=auth_open=]] and assigns it to =as=. It then sets the session
=service= to ="response"=, and adds the =password= string to the
session's =data=.
@@ -389,6 +445,9 @@
#+end_src
* auth_verify
+ :PROPERTIES:
+ :CUSTOM_ID: auth_verify
+ :END:
#+BEGIN_SRC c
auth_session_t *auth_verify(auth_session_t *as, char *style, char *name, ...)
@@ -434,6 +493,9 @@
#+END_SRC
* auth_call
+ :PROPERTIES:
+ :CUSTOM_ID: auth_call
+ :END:
#+BEGIN_SRC c
int auth_call(auth_session_t *as, char *path, ...)
@@ -721,6 +783,10 @@
=as->rmlist= linked list.
* auth_close
+ :PROPERTIES:
+ :CUSTOM_ID: auth_close
+ :END:
+
#+begin_src c
int auth_close(auth_session_t *as)
#+end_src
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 18:58:28 +0000