Exec-Program-Wait return value (was: Deprecated features)

Thu Jul 28 11:16:20 CEST 2005

Thor Spruyt wrote:

> Would you include a fix for Exec-Program-Wait (see below)? If needed, I can
> submit it on bugs.freeradius.org

Comments below..

> --- src/main/auth.c.orig        2005-07-18 14:17:40.000000000 +0000
> +++ src/main/auth.c     2005-07-18 14:31:31.000000000 +0000
> @@ -895,24 +895,35 @@
>                 pairmove(&request->reply->vps, &tmp);
>                 pairfree(&tmp);
> 
> -               if (r != 0) {
> +               if (r < 0) {
>                         /*
>                          *      Error. radius_exec_program() returns -1 on
> -                        *      fork/exec errors, or >0 if the exec'ed
> program
> -                        *      had a non-zero exit status.
> +                        *      fork/exec errors.
>                          */
> -                       if (umsg[0] == '\0') {
> -                               user_msg = "\r\nAccess denied (external
> check failed).";
> -                       } else {
> -                               user_msg = &umsg[0];
> -                       }

Is it correct to forget the message in umsg ? I don't know this part of
the code, what sort of message is in the string umsg ?

If it isn't usefull, we could pass NULL to the function radius_exec_program().

> -                       request->reply->code = PW_AUTHENTICATION_REJECT;
> +                       user_msg = "Access denied (external check failed)";
>                         tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
> -
>                         pairadd(&request->reply->vps, tmp);
> +
> +                       request->reply->code = PW_AUTHENTICATION_REJECT;
> +
>                         rad_authlog("Login incorrect (external check
> failed)",
> -                                       request, 0);
> +                                       request, 1);
> +
> +                       rad_postauth_reject(request);
> +
> +                       return RLM_MODULE_REJECT;
> +               }
> +               if (r > 0) {
> +                       /*
> +                        *      Reject. radius_exec_program() returns or >0
> +                        *      if the exec'ed program had a non-zero exit
> status.
> +                        */

In CVS head a return code >0 has a different meaning for the rlm_exec
module. Perhaps we may want something similar with Exec-Program-Wait,
what do you think?

See the rlm_exec examples in
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/raddb/radiusd.conf.in?rev=1.216

> +                       request->reply->code = PW_AUTHENTICATION_REJECT;
> +
> +                       rad_authlog("Login incorrect (external check said
> so)",
> +                                       request, 1);
> 
>                         rad_postauth_reject(request);

In the case (r > 0) you didn't add a "Reply-Message" in request->reply->vps.

-- 
Nicolas Baradakis