Upstream: Retry up to 3 times on password authentication failure

[humaidq]

Pulled merge from upstream jcs commit:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.c.diff?r1=1.90&r2=1.91&f=h
Resolves #82

[Duncaen]

This needs to be handled different, shadowauth and pamauth have some state, both open the timestamp fd every iteration.

For pamauth there is a little more state and this leaks memory of pam handles every iteration. I think it would be best to instead of repeatably calling the shadowauth or pamauth functions to move the iterations into each of the functions so the pam handle doesn't need to be recreated.

For shadow, I would loop around:

OpenDoas/shadow.c

Lines 84 to 100 in b96106b

	response = readpassphrase(challenge, rbuf, sizeof(rbuf), RPP_REQUIRE_TTY);
	if (response == NULL && errno == ENOTTY) {
	syslog(LOG_AUTHPRIV | LOG_NOTICE,
	"tty required for %s", myname);
	errx(1, "a tty is required");
	}
	if (response == NULL)
	err(1, "readpassphrase");
	if ((encrypted = crypt(response, hash)) == NULL) {
	explicit_bzero(rbuf, sizeof(rbuf));
	errx(1, "Authentication failed");
	}
	explicit_bzero(rbuf, sizeof(rbuf));
	if (strcmp(encrypted, hash) != 0) {
	syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
	errx(1, "Authentication failed");
	}

For pam the loop should be here, but that needs more investigation to confirm that this is supported by the pam api:

OpenDoas/pam.c

Lines 288 to 294 in b96106b

	/* authenticate */
	ret = pam_authenticate(pamh, 0);
	if (ret != PAM_SUCCESS) {
	pamcleanup(ret, sess, cred);
	syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
	errx(1, "Authentication failed");
	}

[Duncaen]

This was also an issue in the linked revision, https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.c.diff?r1=1.91&r2=1.92&f=h