1 files changed, 30 insertions, 12 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 0903ee7..c9dd17f 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -422,20 +422,38 @@
   option for each of them.
 
   After that the rest of the arguments are retrieved from
-  =_auth_next_arg= and added to the end of =argv=.
+  =_auth_next_arg= and added to the end of =argv=. Finally a =NULL= is
+  added to the end of =argv=.
 
-  If there are any extra options left over
+  Next a socket pair of type =PF_LOCAL, SOCK_STREAM= is created. This
+  is called the "back channel", and is used to communicate with the
+  authentication module.
 
-  <<here>>
+  The process now calls =fork()=.
 
-  Inside of =auth_call=, a socket pair of type =PF_LOCAL, SOCK_STREAM=
-  is created. This is called the "back channel", and is used to
-  communicate with the authentication module. The process then forks,
-  calling ~execve(path, argv, auth_environ)~, where the =argv= is
-  everything after =path= in the =auth_call= arguments. Any =authopts=
-  set in the auth session are also passed as arguments in the format =-v
-  opt1 -v opt2 -v opt3=, etc. =auth_environ= is defined at the top of
-  the file as
+  Here two constants are set for the "back channel" and optional
+  authentication file descriptors.
+
+  #+begin_src c
+  #define	COMM_FD	3
+  #define	AUTH_FD	4
+  #+end_src
+
+  In the child process, the "back channel" is set to file descriptor
+  3, or =COMM_FD= using =dup2(3)=. If =as->fd=, is not =-1=, it is set
+  to file descriptor 4, or =AUTH_FD=, also using =dup2(3)=. The
+  remainder of the file descriptors are closed using either
+  =closefrom(COMM_FD + 1)= or =closefrom(AUTH_FD + 1)=, depending on
+  whether or not =AUTH_FD= is used.
+
+  The child process then executes the module.
+
+  #+begin_src c
+  execve(path, argv, auth_environ);
+  #+end_src
+
+  =auth_environ= is defined at the top of the file as a very minimal
+  environment.
 
   #+BEGIN_SRC c
   static char *auth_environ[] = {
@@ -445,7 +463,7 @@
   };
   #+END_SRC
 
-  Where both constants are defined in =paths.h= as
+  Where both constants are defined in =/include/paths.h=.
 
   #+BEGIN_SRC c
   #define	_PATH_DEFPATH	"/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin"