Thor Spruyt wrote:
Would you include a fix for Exec-Program-Wait (see below)? If needed, I can submit it on bugs.freeradius.org
Comments below..
--- src/main/auth.c.orig 2005-07-18 14:17:40.000000000 +0000 +++ src/main/auth.c 2005-07-18 14:31:31.000000000 +0000 @@ -895,24 +895,35 @@ pairmove(&request->reply->vps, &tmp); pairfree(&tmp);
- if (r != 0) { + if (r < 0) { /* * Error. radius_exec_program() returns -1 on - * fork/exec errors, or >0 if the exec'ed program - * had a non-zero exit status. + * fork/exec errors. */ - if (umsg[0] == '\0') { - user_msg = "\r\nAccess denied (external check failed)."; - } else { - user_msg = &umsg[0]; - }
Is it correct to forget the message in umsg ? I don't know this part of the code, what sort of message is in the string umsg ? If it isn't usefull, we could pass NULL to the function radius_exec_program().
- request->reply->code = PW_AUTHENTICATION_REJECT; + user_msg = "Access denied (external check failed)"; tmp = pairmake("Reply-Message", user_msg, T_OP_SET); - pairadd(&request->reply->vps, tmp); + + request->reply->code = PW_AUTHENTICATION_REJECT; + rad_authlog("Login incorrect (external check failed)", - request, 0); + request, 1); + + rad_postauth_reject(request); + + return RLM_MODULE_REJECT; + } + if (r > 0) { + /* + * Reject. radius_exec_program() returns or >0 + * if the exec'ed program had a non-zero exit status. + */
In CVS head a return code >0 has a different meaning for the rlm_exec module. Perhaps we may want something similar with Exec-Program-Wait, what do you think? See the rlm_exec examples in http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/raddb/radius...
+ request->reply->code = PW_AUTHENTICATION_REJECT; + + rad_authlog("Login incorrect (external check said so)", + request, 1);
rad_postauth_reject(request);
In the case (r > 0) you didn't add a "Reply-Message" in request->reply->vps. -- Nicolas Baradakis