From 7c0852781cfa8eb87237bef5ab83f0fc043742f0 Mon Sep 17 00:00:00 2001
From: Dante Catalfamo
Date: Thu, 29 Oct 2020 16:10:56 -0400
Subject: bsd-auth: add more detail to auth_usercheck

---
 .../WIP-how-bsd-authentication-works/index.org     | 48 +++++++++++++---------
 1 file changed, 29 insertions(+), 19 deletions(-)

(limited to 'content')

diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 4565580..3535cb2 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -289,33 +289,43 @@
   format, and splits it accordingly.
 
   It then gets the user's password database entry through
-  [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then
-  uses that to retrieve the user's login class using [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass=]],
-  which returns a =login_cap_t=. Login classes are stored in the
-  [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database.
+  [[https://man.openbsd.org/man3/getpwnam.3#getpwnam_r][=getpwman_r(3)=]], which operates on the [[https://man.openbsd.org/passwd.5][=passwd(5)=]] database. It then
+  uses that to retrieve the user's login class using
+  [[https://man.openbsd.org/login_getclass#login_getclass][=login_getclass(3)=]], which returns a =login_cap_t=. Login classes
+  are stored in the [[https://man.openbsd.org/man5/login.conf.5][=login.conf(5)=]] database.
 
-  That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle=]], which also
+  That struct is then passed into [[https://man.openbsd.org/login_getclass#login_getstyle][=login_getstyle(3)=]], which also
   received the =*style= and =*type=. If =*type= is =NULL=, it returns
   the first available login style for that class. If =*style= is
   specified, it is returned if available, otherwise =NULL= is
   returned, which causes =auch_usercheck= to return =NULL= as well.
 
-  If the password is a string, then it creates a new session using
-  =auth_open=. It then sets the session =service= to ="response"=, and
-  adds the =password= string to the session's =data=. Here the newly
-  created session is called =as=.
+  It then creates a pointer =as= of type =auth_session_t=, and handles
+  it differently based on whether =*password= is =NULL=.
 
-  #+BEGIN_SRC c
-  auth_setitem(as, AUTHV_SERVICE, "response");
-  auth_setdata(as, "", 1);
-  auth_setdata(as, password, strlen(password) + 1);
-  #+END_SRC
+  - If the password is a string, it creates a new session using
+    =auth_open= and assigns it to =as=. It then sets the session
+    =service= to ="response"=, and adds the =password= string to the
+    session's =data=.
+
+    #+BEGIN_SRC c
+    auth_setitem(as, AUTHV_SERVICE, "response");
+    auth_setdata(as, "", 1);
+    auth_setdata(as, password, strlen(password) + 1);
+    #+END_SRC
+
+  - If =*password= is =NULL=, it sets =as= to =NULL=.
 
-  If the password is =NULL=, it sets the =auth_session_t= pointer to
-  =NULL=. It then passes the user name, style, login class, and =NULL=
-  char pointer to =auth_verify=. The last two variables are received
-  as variable arguments. It then returns the auth session pointer the
-  call returns.
+  It then passes the =auth_session_t= (=as=) pointer, =*name=,
+  =*style=, login class (=lc=), and a =NULL= char pointer to
+  =auth_verify=. It then returns the auth session pointer the call
+  returns.
+
+  #+begin_src c
+  as = auth_verify(as, style, name, lc->lc_class, (char *)NULL);
+  // [...] some cleanup
+  return (as);
+  #+end_src
 
 * auth_verify
 
-- 
cgit v1.2.3