event_set_min_log_level(event, orig_level);
}
-int auth_request_password_verify(struct auth_request *request,
- const char *plain_password,
- const char *crypted_password,
- const char *scheme, const char *subsystem)
+enum passdb_result
+auth_request_password_verify(struct auth_request *request,
+ const char *plain_password,
+ const char *crypted_password,
+ const char *scheme, const char *subsystem)
{
return auth_request_password_verify_log(request, plain_password,
crypted_password, scheme, subsystem, TRUE);
}
-int auth_request_password_verify_log(struct auth_request *request,
+enum passdb_result
+auth_request_password_verify_log(struct auth_request *request,
const char *plain_password,
const char *crypted_password,
const char *scheme, const char *subsystem,
bool log_password_mismatch)
{
+ enum passdb_result result;
const unsigned char *raw_password;
size_t raw_password_size;
const char *error;
if (request->fields.skip_password_check) {
/* passdb continue* rule after a successful authentication */
- return 1;
+ return PASSDB_RESULT_OK;
}
if (request->passdb->set->deny) {
/* this is a deny database, we don't care about the password */
- return 0;
+ return PASSDB_RESULT_PASSWORD_MISMATCH;
}
if (auth_fields_exists(request->fields.extra_fields, "nopassword")) {
auth_request_log_debug(request, subsystem,
"Allowing any password");
- return 1;
+ return PASSDB_RESULT_OK;
}
ret = password_decode(crypted_password, scheme,
} else {
auth_request_log_error(request, subsystem,
"Unknown scheme %s", scheme);
+ return PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
}
- return -1;
+ return PASSDB_RESULT_INTERNAL_FAILURE;
}
/* Use original_username since it may be important for some
auth_request_log_error(request, subsystem,
"Invalid password%s in passdb: %s",
password_str, error);
+ result = PASSDB_RESULT_INTERNAL_FAILURE;
} else if (ret == 0) {
if (log_password_mismatch)
auth_request_log_password_mismatch(request, subsystem);
+ result = PASSDB_RESULT_PASSWORD_MISMATCH;
+ } else {
+ result = PASSDB_RESULT_OK;
}
if (ret <= 0 && request->set->debug_passwords) T_BEGIN {
log_password_failure(request, plain_password,
&gen_params,
subsystem);
} T_END;
- return ret;
+ return result;
}
enum passdb_result auth_request_password_missing(struct auth_request *request)
void auth_request_log_password_mismatch(struct auth_request *request,
const char *subsystem);
-int auth_request_password_verify(struct auth_request *request,
- const char *plain_password,
- const char *crypted_password,
- const char *scheme, const char *subsystem);
-int auth_request_password_verify_log(struct auth_request *request,
+enum passdb_result
+auth_request_password_verify(struct auth_request *request,
+ const char *plain_password,
+ const char *crypted_password,
+ const char *scheme, const char *subsystem)
+ ATTR_WARN_UNUSED_RESULT;
+enum passdb_result
+auth_request_password_verify_log(struct auth_request *request,
const char *plain_password,
const char *crypted_password,
const char *scheme, const char *subsystem,
- bool log_password_mismatch);
+ bool log_password_mismatch)
+ ATTR_WARN_UNUSED_RESULT;
enum passdb_result auth_request_password_missing(struct auth_request *request);
void auth_request_get_log_prefix(string_t *str, struct auth_request *auth_request,
projects / thirdparty / dovecot / core.git / commitdiff
