MDEV-25641 max_password_errors not working with ed25519 auth plugin

report correct error codes in ed25519.
Invalid value stored in the user table or an OpenSSL error is CR_ERROR.
When a user provided incorrect password when logging in -
it's CR_AUTH_USER_CREDENTIALS.

1 files changed, 4 insertions, 4 deletions

diff --git a/plugin/auth_ed25519/server_ed25519.c b/plugin/auth_ed25519/server_ed25519.c
index 81fc3e66755..e9678450042 100644
--- a/plugin/auth_ed25519/server_ed25519.c
+++ b/plugin/auth_ed25519/server_ed25519.c
@@ -41,17 +41,17 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
 
   /* prepare the pk */
   if (info->auth_string_length != PASSWORD_LEN)
-    return CR_AUTH_USER_CREDENTIALS;
+    return CR_ERROR; // bad password in the user table
   memcpy(pw, info->auth_string, PASSWORD_LEN);
   pw[PASSWORD_LEN]= '=';
   if (my_base64_decode(pw, PASSWORD_LEN_BUF, pk, NULL, 0) != CRYPTO_PUBLICKEYBYTES)
-    return CR_AUTH_USER_CREDENTIALS;
+    return CR_ERROR; // bad password in the user table
 
   info->password_used= PASSWORD_USED_YES;
 
   /* prepare random nonce */
   if (my_random_bytes((unsigned char *)nonce, (int)sizeof(nonce)))
-    return CR_AUTH_USER_CREDENTIALS;
+    return CR_ERROR; // eh? OpenSSL error
 
   /* send it */
   if (vio->write_packet(vio, reply + CRYPTO_BYTES, NONCE_BYTES))
@@ -63,7 +63,7 @@ static int auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info)
   memcpy(reply, pkt, CRYPTO_BYTES);
 
   if (crypto_sign_open(reply, CRYPTO_BYTES + NONCE_BYTES, pk))
-    return CR_ERROR;
+    return CR_AUTH_USER_CREDENTIALS; // wrong password provided by the user
 
   return CR_OK;
 }