Commit: 30d590cc481df4654c259e7db7822a50bd6ab5d7
Parent: c3c2abb43aba59b01246d0ae1bb0551be716e585
Author: Randy Palamar
Date: Thu, 14 Oct 2021 20:34:11 -0600
bump to OpenBSD 7.0
contains changes up to 2021.10.13
Diffstat:
| M | doas.c | | | 34 | +++++++++++++++++++++++----------- |
| M | doas.h | | | 6 | +++++- |
2 files changed, 28 insertions(+), 12 deletions(-)
diff --git a/doas.c b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.89 2021/01/27 17:02:50 millert Exp $ */
+/* $OpenBSD: doas.c,v 1.92 2021/10/13 17:41:14 millert Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@@ -224,17 +224,10 @@ verifypasswd(const char *user, const char *pass)
return strcmp(p1, p2) == 0;
}
-static void
-authuser(char *myname, int persist)
+static int
+authuser_checkpass(char *myname)
{
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
- int fd = -1, valid = 0;
-
- if (persist) {
- fd = openpersist(&valid);
- if (valid)
- goto good;
- }
if (!challenge) {
char host[HOST_NAME_MAX + 1];
@@ -253,9 +246,28 @@ authuser(char *myname, int persist)
if (!verifypasswd(myname, response)) {
explicit_bzero(rbuf, sizeof(rbuf));
syslog(LOG_NOTICE, "failed auth for %s", myname);
- errx(1, "Authentication failed");
+ warnx("Authentication failed");
+ return AUTH_FAILED;
}
explicit_bzero(rbuf, sizeof(rbuf));
+ return AUTH_OK;
+}
+
+static void
+authuser(char *myname, int persist)
+{
+ int i, fd = -1, valid = 0;
+
+ if (persist) {
+ fd = openpersist(&valid);
+ if (valid)
+ goto good;
+ }
+ for (i = 0; i < AUTH_RETRIES; i++) {
+ if (authuser_checkpass(myname) == AUTH_OK)
+ goto good;
+ }
+ exit(1);
good:
if (fd != -1) {
setpersist(fd);
diff --git a/doas.h b/doas.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.h,v 1.17 2021/01/27 17:02:50 millert Exp $ */
+/* $OpenBSD: doas.h,v 1.18 2021/09/07 13:46:07 jcs Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@@ -47,3 +47,7 @@ int clearpersist(void);
#define KEEPENV 0x2
#define PERSIST 0x4
#define NOLOG 0x8
+
+#define AUTH_FAILED -1
+#define AUTH_OK 0
+#define AUTH_RETRIES 3