From 2de1c7ead6dcdd88a8901c1d90720a2181dd42a5 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Wed, 23 Dec 2020 15:41:16 -0500 Subject: bsd-auth: write auth_userchallenge, add more stubs --- .../WIP-how-bsd-authentication-works/index.org | 62 ++++++++++++++++++++-- 1 file changed, 59 insertions(+), 3 deletions(-) (limited to 'content/posts/WIP-how-bsd-authentication-works') diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 34e7aa6..0c1eaa8 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -971,7 +971,6 @@ int auth_userresponse(auth_session_t *as, char *response, int more) #+end_src @@html: @@ - #+begin_src c { char path[PATH_MAX]; @@ -1024,10 +1023,67 @@ return (auth_getstate(as) & AUTH_ALLOW); } #+end_src - @@html: @@ =auth_userresponse= is used to pass the user's response from - [[#auth_userchallenge][=auth_userchallenge=]] back to the authentication module. + [[#auth_userchallenge][=auth_userchallenge=]] back to the authentication module. Similar to + =auth_userchallenge=, it is also a front-end for [[#auth_call][=auth_call=]]. + + If =as= is =NULL=, =0= is returned. + + The state of =as= is then set to =0=. + #+begin_src c + auth_setstate(as, 0); + #+end_src + + =as= is then checked to ensure all the required items are set. Then + it checks if =as->style= or =as->name= are =NULL=, or if the + username is invalid using [[#_auth_validuser][=auth_validuser=]]. If any of those checks + fail, and =more= is equal to =0=, then the session is closed using + [[#auth_close][=auth_close=]], and the return value of that returned. Otherwise =0= + is returned. + + Then the path to the [[#modules][auth module]] is created. + + The challenge and class of the session are extracted and stored in + variables =challenge= and =class= respectively. + + If =challenge= contains data, its contents are added to the + =as->data= spool, otherwise an empty string is added to the spool. + + If =response= contains data, it is added to the data spool as well, + and then =respose= is =explicit_bzero='d. Otherwise an empty string + is added to the data spool. + + Next [[#auth_call][=auth_call=]] is used to call the auth module with service type + =response=. + + #+begin_src c + auth_call(as, path, style, "-s", "response", "--", name, + class, (char *)NULL); + #+end_src + + If the request is allowed, it's checked to make sure it's not + expired using [[#auth_check_expire][=auth_check_expire=]]. + + If =more= is equal to =0=, the session is closed using [[#auth_close][=auth_close=]]. + + The allow state of the session is then returned. + + #+begin_src c + return (auth_getstate(as) & AUTH_ALLOW); + #+end_src + +* auth_check_expire + :PROPERTIES: + :CUSTOM_ID: auth_check_expire + :END: + + +* _auth_validuser + :PROPERTIES: + :CUSTOM_ID: _auth_validuser + :END: + * COMMENT note :noexport: -- cgit v1.2.3