From c0fd23942009ee23050145b9f37c5ab81c640177 Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Tue, 22 Dec 2020 01:05:41 -0500
Subject: bsd-auth: copy/paste some, fix typo

---
 .../WIP-how-bsd-authentication-works/index.org     | 26 +++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

(limited to 'content/posts')

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index a63d731..f8c9a51 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -419,7 +419,7 @@
   received the =*style= and =*type=. If =*type= is =NULL=, it returns
   the first available login style for that class. If =*style= is
   specified, it is returned if available, otherwise =NULL= is
-  returned, which causes =auch_usercheck= to return =NULL= as well.
+  returned, which causes =auth_usercheck= to return =NULL= as well.
 
   It then creates a pointer =as= of type [[#auth_session_t][=auth_session_t=]], and handles
   it differently based on whether =*password= is =NULL=.
@@ -862,6 +862,30 @@
   directly interacted with over the terminal. As an example, this
   might be used in cases where the user is using S/KEY authentication
   over SSH.
+
+  A fair portion of this function is very similar to
+  [[#auth_usercheck][=auth_usercheck=]].
+
+  It first checks that =*name= is a valid username. This means that it
+  doesn't begin with a hyphen, had a non-zero length.
+
+  If =*style= is =NULL=, it checks if =*name= is in the =user:style=
+  format, and splits it accordingly.
+
+  It then gets the user's password database entry through
+  [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r(3)=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then
+  uses that to retrieve the user's login class using
+  [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass(3)=]], which returns a =login_cap_t=. Login classes
+  are stored in the [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database.
+
+  That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle(3)=]], which also
+  received the =*style= and =*type=. If =*type= is =NULL=, it returns
+  the first available login style for that class. If =*style= is
+  specified, it is returned if available, otherwise =NULL= is
+  returned, which causes =auth_userchallenge= to return =NULL= as
+  well.
+
+
 * auth_userresponse
   :PROPERTIES:
   :CUSTOM_ID: auth_userresponse
-- 
cgit v1.2.3