From: Nick Porter <nick@portercomputing.co.uk>
Date: Mon, 29 Apr 2024 17:16:30 +0000 (+0100)
Subject: Failed authentications should return `reject` not `fail`
X-Git-Tag: release_3_2_4~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8201f3460ef2d89a8ea7dc7c7676e9a144faf04a;p=thirdparty%2Ffreeradius-server.git

Failed authentications should return `reject` not `fail`
---

diff --git a/src/modules/rlm_totp/rlm_totp.c b/src/modules/rlm_totp/rlm_totp.c
index 6f6e6fbeb9c..2ca2e3c272d 100644
--- a/src/modules/rlm_totp/rlm_totp.c
+++ b/src/modules/rlm_totp/rlm_totp.c
@@ -167,7 +167,7 @@ static ssize_t base32_decode(uint8_t *out, size_t outlen, char const *in)
 	 *	Will get converted to
 	 *
 	 *	11111222 22333334 44445555 56666677 77788888
-	 */	
+	 */
 	for (p = b = out; p < end; p += 8) {
 		b[0] = p[0] << 3;
 		b[0] |= p[1] >> 2;
@@ -490,7 +490,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
 		/*
 		 *	Forbid using a key more than once.
 		 */
-		if (totp_reused(instance, now, key, keylen, password->vp_strvalue)) return RLM_MODULE_FAIL;
+		if (totp_reused(instance, now, key, keylen, password->vp_strvalue)) return RLM_MODULE_REJECT;
 
 		return RLM_MODULE_OK;
 	}
@@ -498,7 +498,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
 	/*
 	 *	Bad keys don't affect the cache.
 	 */
-	return RLM_MODULE_FAIL;
+	return RLM_MODULE_REJECT;
 }