From 59313f56a4110997b1e58770c877d6322fca702f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= Date: Wed, 22 Jan 2014 15:13:56 +0000 Subject: [PATCH] Do not use oath_[ht]otp_match() as predicates - a non-zero return can mean an error occurred. We should probably switch to the standard Unix idiom of returning 0 for success. git-svn-id: svn+ssh://svn.openpam.org/svn/openpam/trunk@756 185d5e19-27fe-0310-9dcf-9bff6b9f3609 --- modules/pam_oath/pam_oath.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/pam_oath/pam_oath.c b/modules/pam_oath/pam_oath.c index 8ede0ef..8d58f41 100644 --- a/modules/pam_oath/pam_oath.c +++ b/modules/pam_oath/pam_oath.c @@ -271,9 +271,9 @@ pam_sm_authenticate(pam_handle_t *pamh, int flags, ret = oath_totp_match(key, response, window); } openpam_log(PAM_LOG_VERBOSE, "verification code %s", - ret ? "matched" : "did not match"); - if (ret == 0) { - pam_err = PAM_AUTH_ERR; + ret > 0 ? "matched" : "did not match"); + if (ret <= 0) { + pam_err = ret < 0 ? PAM_SERVICE_ERR : PAM_AUTH_ERR; goto done; }