From 532c26157eb934ddb0e6e791b7d60423e5f51165 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Fri, 30 Oct 2020 01:59:58 -0400 Subject: Add a lot of clarity to auth_call --- .../WIP-how-bsd-authentication-works/index.org | 42 +++++++++++++++------- 1 file changed, 30 insertions(+), 12 deletions(-) (limited to 'content/posts') diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 0903ee7..c9dd17f 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -422,20 +422,38 @@ option for each of them. After that the rest of the arguments are retrieved from - =_auth_next_arg= and added to the end of =argv=. + =_auth_next_arg= and added to the end of =argv=. Finally a =NULL= is + added to the end of =argv=. - If there are any extra options left over + Next a socket pair of type =PF_LOCAL, SOCK_STREAM= is created. This + is called the "back channel", and is used to communicate with the + authentication module. - <> + The process now calls =fork()=. - Inside of =auth_call=, a socket pair of type =PF_LOCAL, SOCK_STREAM= - is created. This is called the "back channel", and is used to - communicate with the authentication module. The process then forks, - calling ~execve(path, argv, auth_environ)~, where the =argv= is - everything after =path= in the =auth_call= arguments. Any =authopts= - set in the auth session are also passed as arguments in the format =-v - opt1 -v opt2 -v opt3=, etc. =auth_environ= is defined at the top of - the file as + Here two constants are set for the "back channel" and optional + authentication file descriptors. + + #+begin_src c + #define COMM_FD 3 + #define AUTH_FD 4 + #+end_src + + In the child process, the "back channel" is set to file descriptor + 3, or =COMM_FD= using =dup2(3)=. If =as->fd=, is not =-1=, it is set + to file descriptor 4, or =AUTH_FD=, also using =dup2(3)=. The + remainder of the file descriptors are closed using either + =closefrom(COMM_FD + 1)= or =closefrom(AUTH_FD + 1)=, depending on + whether or not =AUTH_FD= is used. + + The child process then executes the module. + + #+begin_src c + execve(path, argv, auth_environ); + #+end_src + + =auth_environ= is defined at the top of the file as a very minimal + environment. #+BEGIN_SRC c static char *auth_environ[] = { @@ -445,7 +463,7 @@ }; #+END_SRC - Where both constants are defined in =paths.h= as + Where both constants are defined in =/include/paths.h=. #+BEGIN_SRC c #define _PATH_DEFPATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin" -- cgit v1.2.3