Do not use oath_[ht]otp_match() as predicates - a non-zero return can

mean an error occurred.  We should probably switch to the standard
Unix idiom of returning 0 for success.


git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@756 185d5e19-27fe-0310-9dcf-9bff6b9f3609

modules/pam_oath/pam_oath.c

@@ -271,9 +271,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags,
 		ret = oath_totp_match(key, response, window);
 	}
 	openpam_log(PAM_LOG_VERBOSE, "verification code %s",
-	    ret ? "matched" : "did not match");
-	if (ret == 0) {
-		pam_err = PAM_AUTH_ERR;
+	    ret > 0 ? "matched" : "did not match");
+	if (ret <= 0) {
+		pam_err = ret < 0 ? PAM_SERVICE_ERR : PAM_AUTH_ERR;
 		goto done;
 	}