summaryrefslogtreecommitdiffstats
path: root/content/posts/WIP-how-bsd-authentication-works
diff options
context:
space:
mode:
Diffstat (limited to 'content/posts/WIP-how-bsd-authentication-works')
-rw-r--r--content/posts/WIP-how-bsd-authentication-works/index.org70
1 files changed, 70 insertions, 0 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index dfdc3a3..34e7aa6 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -8,6 +8,18 @@
#+SLUG:
#+SUMMARY:
+#+begin_export html
+<style>
+ details > summary {
+ list-style: none;
+ }
+ details > summary::-webkit-details-marker {
+ display: none;
+ }
+
+</style>
+#+end_export
+
[[https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/]]
* History
:PROPERTIES:
@@ -954,10 +966,68 @@
:CUSTOM_ID: auth_userresponse
:END:
+ @@html: <details> <summary> @@
#+begin_src c
int auth_userresponse(auth_session_t *as, char *response, int more)
#+end_src
+ @@html: </summary> @@
+
+ #+begin_src c
+ {
+ char path[PATH_MAX];
+ char *style, *name, *challenge, *class;
+ int len;
+
+ if (as == NULL)
+ return (0);
+
+ auth_setstate(as, 0);
+
+ if ((style = auth_getitem(as, AUTHV_STYLE)) == NULL ||
+ (name = auth_getitem(as, AUTHV_NAME)) == NULL ||
+ !_auth_validuser(name)) {
+ if (more == 0)
+ return (auth_close(as));
+ return(0);
+ }
+
+ len = snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style);
+ if (len < 0 || len >= sizeof(path)) {
+ if (more == 0)
+ return (auth_close(as));
+ return (0);
+ }
+
+ challenge = auth_getitem(as, AUTHV_CHALLENGE);
+ class = auth_getitem(as, AUTHV_CLASS);
+
+ if (challenge)
+ auth_setdata(as, challenge, strlen(challenge) + 1);
+ else
+ auth_setdata(as, "", 1);
+ if (response) {
+ auth_setdata(as, response, strlen(response) + 1);
+ explicit_bzero(response, strlen(response));
+ } else
+ auth_setdata(as, "", 1);
+
+ auth_call(as, path, style, "-s", "response", "--", name,
+ class, (char *)NULL);
+
+ /*
+ * If they authenticated then make sure they did not expire
+ */
+ if (auth_getstate(as) & AUTH_ALLOW)
+ auth_check_expire(as);
+ if (more == 0)
+ return (auth_close(as));
+ return (auth_getstate(as) & AUTH_ALLOW);
+ }
+ #+end_src
+ @@html: </details> @@
+ =auth_userresponse= is used to pass the user's response from
+ [[#auth_userchallenge][=auth_userchallenge=]] back to the authentication module.
* COMMENT note :noexport:
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 11:33:36 +0000