Alan DeKok wrote:
* post_proxy_authorize
We can delete it.
Better change the default to "no" first. Since the default is still "yes" even in 1.0.4, I guess a lot of people still use "yes"!
I think that the CVS head has changed enough from the 1.0.x branch that we should call it 2.0, and not 1.1.x. Since it's a 2.0, we should fix everything we can find.
Would you include a fix for Exec-Program-Wait (see below)? If needed, I can submit it on bugs.freeradius.org --- src/main/auth.c.orig 2005-07-18 14:17:40.000000000 +0000 +++ src/main/auth.c 2005-07-18 14:31:31.000000000 +0000 @@ -895,24 +895,35 @@ pairmove(&request->reply->vps, &tmp); pairfree(&tmp); - if (r != 0) { + if (r < 0) { /* * Error. radius_exec_program() returns -1 on - * fork/exec errors, or >0 if the exec'ed program - * had a non-zero exit status. + * fork/exec errors. */ - if (umsg[0] == '\0') { - user_msg = "\r\nAccess denied (external check failed)."; - } else { - user_msg = &umsg[0]; - } - request->reply->code = PW_AUTHENTICATION_REJECT; + user_msg = "Access denied (external check failed)"; tmp = pairmake("Reply-Message", user_msg, T_OP_SET); - pairadd(&request->reply->vps, tmp); + + request->reply->code = PW_AUTHENTICATION_REJECT; + rad_authlog("Login incorrect (external check failed)", - request, 0); + request, 1); + + rad_postauth_reject(request); + + return RLM_MODULE_REJECT; + } + if (r > 0) { + /* + * Reject. radius_exec_program() returns or >0 + * if the exec'ed program had a non-zero exit status. + */ + + request->reply->code = PW_AUTHENTICATION_REJECT; + + rad_authlog("Login incorrect (external check said so)", + request, 1); rad_postauth_reject(request); -- Groeten, Regards, Salutations, Thor Spruyt M: +32 (0)475 67 22 65 E: thor.spruyt@telenet.be W: www.thor-spruyt.com www.salesguide.be www.telenethotspot.be