Deprecated features (was: Any objection to deleting support for"clients"?)
Thor Spruyt
thor.spruyt at telenet.be
Wed Jul 27 19:25:54 CEST 2005
Alan DeKok wrote:
>> * post_proxy_authorize
>
> We can delete it.
Better change the default to "no" first.
Since the default is still "yes" even in 1.0.4, I guess a lot of people
still use "yes"!
> I think that the CVS head has changed enough from the 1.0.x branch
> that we should call it 2.0, and not 1.1.x. Since it's a 2.0, we
> should fix everything we can find.
Would you include a fix for Exec-Program-Wait (see below)? If needed, I can
submit it on bugs.freeradius.org
--- src/main/auth.c.orig 2005-07-18 14:17:40.000000000 +0000
+++ src/main/auth.c 2005-07-18 14:31:31.000000000 +0000
@@ -895,24 +895,35 @@
pairmove(&request->reply->vps, &tmp);
pairfree(&tmp);
- if (r != 0) {
+ if (r < 0) {
/*
* Error. radius_exec_program() returns -1 on
- * fork/exec errors, or >0 if the exec'ed
program
- * had a non-zero exit status.
+ * fork/exec errors.
*/
- if (umsg[0] == '\0') {
- user_msg = "\r\nAccess denied (external
check failed).";
- } else {
- user_msg = &umsg[0];
- }
- request->reply->code = PW_AUTHENTICATION_REJECT;
+ user_msg = "Access denied (external check failed)";
tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
-
pairadd(&request->reply->vps, tmp);
+
+ request->reply->code = PW_AUTHENTICATION_REJECT;
+
rad_authlog("Login incorrect (external check
failed)",
- request, 0);
+ request, 1);
+
+ rad_postauth_reject(request);
+
+ return RLM_MODULE_REJECT;
+ }
+ if (r > 0) {
+ /*
+ * Reject. radius_exec_program() returns or >0
+ * if the exec'ed program had a non-zero exit
status.
+ */
+
+ request->reply->code = PW_AUTHENTICATION_REJECT;
+
+ rad_authlog("Login incorrect (external check said
so)",
+ request, 1);
rad_postauth_reject(request);
--
Groeten, Regards, Salutations,
Thor Spruyt
M: +32 (0)475 67 22 65
E: thor.spruyt at telenet.be
W: www.thor-spruyt.com
www.salesguide.be
www.telenethotspot.be
More information about the Freeradius-Devel
mailing list