1 files changed, 34 insertions, 9 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index f24693d..898b634 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -303,6 +303,10 @@
 
    =auth_setenv= scans through =as->spool=, modifying the environment
    according to =BI_SETENV= and =BI_UNSETENV= instructions.
+
+** auth_getvalue
+
+   <<here2>>
 * auth_open
 
   #+begin_src c
@@ -733,17 +737,38 @@
   removing any files requested by the authentication module, and
   freeing =as=.
 
-  First it saves the state in a variable =s=
+  First it saves the allow state of =as->state= in a variable =s=.
 
-<<here>>
+  #+begin_src c
+  s = as->state & AUTH_ALLOW;
+  #+end_src
+
+  If =s= is equal to =0=, =as->index= is set to =0=, truncating
+  =as->spool= so that no further functions will be able to read from
+  it.
+
+  It then modifies the environment using =auth_setenv=
+
+  #+begin_src c
+  auth_setenv(as);
+  #+end_src
+
+  All =as->rmlist= structs are checked. If =s= is equal to =0=, the
+  files are deleted. All =rmlist= structs are then freed.
+
+  All =as->optlist= structs are freed.
+
+  All =as->data= structs are =explicit_bzero='d and then freed.
+
+  =as->pwd= is =explicit_bzero='d and freed.
 
-  It first sets the environment variables returned through the back
-  channel by passing the auth session to =auth_setenv=. It then goes
-  through the =rmlist= of the session, deleting the files if the
-  session reported a failure. It then zeroes out all sensitive
-  information, and frees the various structs associated with the current
-  =auth_session_t=, and then the session itself. Finally it returns
-  the session's state =&='ed with =AUTH_ALLOW=.
+  All remaining structs referenced by =as= are freed.
+
+  =as= is freed.
+
+  =s= is returned.
+
+<<here>>
 * grapgh?
 # Setting env on auth_close(as)
 # partual rewrite below