From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Wed, 28 Dec 2022 10:05:39 +0000 (+0200)
Subject: auth: Change auth_request_password_verify() to return enum passdb_result
X-Git-Tag: 2.4.0~3248
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09f9da9e9beccdc2d17f50069b831717e4ded0c9;p=thirdparty%2Fdovecot%2Fcore.git

auth: Change auth_request_password_verify() to return enum passdb_result

This does not break anything, because PASSDB_RESULT_OK is 1 and mismatch
is 0.
---

diff --git a/src/auth/auth-request.c b/src/auth/auth-request.c
index 0ca29f3674..86963bde12 100644
--- a/src/auth/auth-request.c
+++ b/src/auth/auth-request.c
@@ -2339,21 +2339,24 @@ void auth_request_log_login_failure(struct auth_request *request,
 	event_set_min_log_level(event, orig_level);
 }
 
-int auth_request_password_verify(struct auth_request *request,
-				 const char *plain_password,
-				 const char *crypted_password,
-				 const char *scheme, const char *subsystem)
+enum passdb_result
+auth_request_password_verify(struct auth_request *request,
+			     const char *plain_password,
+			     const char *crypted_password,
+			     const char *scheme, const char *subsystem)
 {
 	return auth_request_password_verify_log(request, plain_password,
 			crypted_password, scheme, subsystem, TRUE);
 }
 
-int auth_request_password_verify_log(struct auth_request *request,
+enum passdb_result
+auth_request_password_verify_log(struct auth_request *request,
 				 const char *plain_password,
 				 const char *crypted_password,
 				 const char *scheme, const char *subsystem,
 				 bool log_password_mismatch)
 {
+	enum passdb_result result;
 	const unsigned char *raw_password;
 	size_t raw_password_size;
 	const char *error;
@@ -2365,18 +2368,18 @@ int auth_request_password_verify_log(struct auth_request *request,
 
 	if (request->fields.skip_password_check) {
 		/* passdb continue* rule after a successful authentication */
-		return 1;
+		return PASSDB_RESULT_OK;
 	}
 
 	if (request->passdb->set->deny) {
 		/* this is a deny database, we don't care about the password */
-		return 0;
+		return PASSDB_RESULT_PASSWORD_MISMATCH;
 	}
 
 	if (auth_fields_exists(request->fields.extra_fields, "nopassword")) {
 		auth_request_log_debug(request, subsystem,
 					"Allowing any password");
-		return 1;
+		return PASSDB_RESULT_OK;
 	}
 
 	ret = password_decode(crypted_password, scheme,
@@ -2389,8 +2392,9 @@ int auth_request_password_verify_log(struct auth_request *request,
 		} else {
 			auth_request_log_error(request, subsystem,
 						"Unknown scheme %s", scheme);
+			return PASSDB_RESULT_SCHEME_NOT_AVAILABLE;
 		}
-		return -1;
+		return PASSDB_RESULT_INTERNAL_FAILURE;
 	}
 
 	/* Use original_username since it may be important for some
@@ -2404,9 +2408,13 @@ int auth_request_password_verify_log(struct auth_request *request,
 		auth_request_log_error(request, subsystem,
 					"Invalid password%s in passdb: %s",
 					password_str, error);
+		result = PASSDB_RESULT_INTERNAL_FAILURE;
 	} else if (ret == 0) {
 		if (log_password_mismatch)
 			auth_request_log_password_mismatch(request, subsystem);
+		result = PASSDB_RESULT_PASSWORD_MISMATCH;
+	} else {
+		result = PASSDB_RESULT_OK;
 	}
 	if (ret <= 0 && request->set->debug_passwords) T_BEGIN {
 		log_password_failure(request, plain_password,
@@ -2414,7 +2422,7 @@ int auth_request_password_verify_log(struct auth_request *request,
 				     &gen_params,
 				     subsystem);
 	} T_END;
-	return ret;
+	return result;
 }
 
 enum passdb_result auth_request_password_missing(struct auth_request *request)
diff --git a/src/auth/auth-request.h b/src/auth/auth-request.h
index dbd223ddd7..9f8869bf55 100644
--- a/src/auth/auth-request.h
+++ b/src/auth/auth-request.h
@@ -313,15 +313,19 @@ void auth_request_proxy_finish_failure(struct auth_request *request);
 
 void auth_request_log_password_mismatch(struct auth_request *request,
 					const char *subsystem);
-int auth_request_password_verify(struct auth_request *request,
-				 const char *plain_password,
-				 const char *crypted_password,
-				 const char *scheme, const char *subsystem);
-int auth_request_password_verify_log(struct auth_request *request,
+enum passdb_result
+auth_request_password_verify(struct auth_request *request,
+			     const char *plain_password,
+			     const char *crypted_password,
+			     const char *scheme, const char *subsystem)
+			     ATTR_WARN_UNUSED_RESULT;
+enum passdb_result
+auth_request_password_verify_log(struct auth_request *request,
 				 const char *plain_password,
 				 const char *crypted_password,
 				 const char *scheme, const char *subsystem,
-				 bool log_password_mismatch);
+				 bool log_password_mismatch)
+				 ATTR_WARN_UNUSED_RESULT;
 enum passdb_result auth_request_password_missing(struct auth_request *request);
 
 void auth_request_get_log_prefix(string_t *str, struct auth_request *auth_request,