dovecot-2.1: auth: password_verify() now returns error string al...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.1/rev/aea4151da8f6
changeset: 14100:aea4151da8f6
user:      Timo Sirainen <tss at iki.fi>
date:      Thu Feb 09 05:33:54 2012 +0200
description:
auth: password_verify() now returns error string also for password mismatches.

diffstat:

 src/auth/password-scheme.c |  20 +++++++++++++-------
 1 files changed, 13 insertions(+), 7 deletions(-)

diffs (39 lines):

diff -r 12579e53f575 -r aea4151da8f6 src/auth/password-scheme.c
--- a/src/auth/password-scheme.c	Thu Feb 09 05:27:32 2012 +0200
+++ b/src/auth/password-scheme.c	Thu Feb 09 05:33:54 2012 +0200
@@ -81,6 +81,7 @@
 	enum password_encoding encoding;
 	const unsigned char *generated;
 	size_t generated_size;
+	int ret;
 
 	s = password_scheme_lookup(scheme, &encoding);
 	if (s == NULL) {
@@ -89,15 +90,20 @@
 	}
 
 	if (s->password_verify != NULL) {
-		return s->password_verify(plaintext, user, raw_password, size,
-					  error_r);
+		ret = s->password_verify(plaintext, user, raw_password, size,
+					 error_r);
+	} else {
+		/* generic verification handler: generate the password and
+		   compare it to the one in database */
+		s->password_generate(plaintext, user,
+				     &generated, &generated_size);
+		ret = size != generated_size ? 0 :
+			memcmp(generated, raw_password, size) == 0 ? 1 : 0;
 	}
 
-	/* generic verification handler: generate the password and compare it
-	   to the one in database */
-	s->password_generate(plaintext, user, &generated, &generated_size);
-	return size != generated_size ? 0 :
-		memcmp(generated, raw_password, size) == 0 ? 1 : 0;
+	if (ret == 0)
+		*error_r = "Password mismatch";
+	return ret;
 }
 
 const char *password_get_scheme(const char **password)