1 files changed, 70 insertions, 0 deletions

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index dfdc3a3..34e7aa6 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -8,6 +8,18 @@
 #+SLUG:
 #+SUMMARY:
 
+#+begin_export html
+<style>
+  details > summary {
+    list-style: none;
+  }
+  details > summary::-webkit-details-marker {
+    display: none;
+  }
+
+</style>
+#+end_export
+
 [[https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/]]
 * History
   :PROPERTIES:
@@ -954,10 +966,68 @@
   :CUSTOM_ID: auth_userresponse
   :END:
 
+  @@html: <details> <summary> @@
   #+begin_src c
   int auth_userresponse(auth_session_t *as, char *response, int more)
   #+end_src
+  @@html: </summary> @@
+
+  #+begin_src c
+  {
+      char path[PATH_MAX];
+      char *style, *name, *challenge, *class;
+      int len;
+
+      if (as == NULL)
+          return (0);
+
+      auth_setstate(as, 0);
+
+      if ((style = auth_getitem(as, AUTHV_STYLE)) == NULL ||
+          (name = auth_getitem(as, AUTHV_NAME)) == NULL ||
+          !_auth_validuser(name)) {
+          if (more == 0)
+              return (auth_close(as));
+          return(0);
+      }
+
+      len = snprintf(path, sizeof(path), _PATH_AUTHPROG "%s", style);
+      if (len < 0 || len >= sizeof(path)) {
+          if (more == 0)
+              return (auth_close(as));
+          return (0);
+      }
+
+      challenge = auth_getitem(as, AUTHV_CHALLENGE);
+      class = auth_getitem(as, AUTHV_CLASS);
+
+      if (challenge)
+          auth_setdata(as, challenge, strlen(challenge) + 1);
+      else
+          auth_setdata(as, "", 1);
+      if (response) {
+          auth_setdata(as, response, strlen(response) + 1);
+          explicit_bzero(response, strlen(response));
+      } else
+          auth_setdata(as, "", 1);
+
+      auth_call(as, path, style, "-s", "response", "--", name,
+                class, (char *)NULL);
+
+      /*
+       * If they authenticated then make sure they did not expire
+       */
+      if (auth_getstate(as) & AUTH_ALLOW)
+          auth_check_expire(as);
+      if (more == 0)
+          return (auth_close(as));
+      return (auth_getstate(as) & AUTH_ALLOW);
+  }
+  #+end_src
 
+  @@html: </details> @@
+  =auth_userresponse= is used to pass the user's response from
+  [[#auth_userchallenge][=auth_userchallenge=]] back to the authentication module.
 
 * COMMENT note                                                     :noexport: