Hi,

Have a look at following code:

        if (exec_program && exec_wait) {
                r = radius_exec_program(exec_program, request,
                                        exec_wait,
                                        umsg, sizeof(umsg),
                                        request->packet->vps, &tmp);
                free(exec_program);
                exec_program = NULL;

                /*
                 *      Always add the value-pairs to the reply.
                 */
                pairmove(&request->reply->vps, &tmp);
                pairfree(&tmp);

The value pairs have been added to the reply (my script outputs
Reply-Message = "Your account has expired."

                if (r != 0) {
                        /*
                         *      Error. radius_exec_program() returns -1 on
                         *      fork/exec errors, or >0 if the exec'ed
program
                         *      had a non-zero exit status.
                         */

Not sure why this is indicated as an error. If the script decides to rejects
a user, it returns 1, but that's no error.

                        if (umsg[0] == '\0') {
                                user_msg = "\r\nAccess denied (external
check failed).";
                        } else {
                                user_msg = &umsg[0];
                        }

I can understand this, there's no umsg, so provide a default Reply-Message.

                        request->reply->code = PW_AUTHENTICATION_REJECT;
                        tmp = pairmake("Reply-Message", user_msg, T_OP_SET);

                        pairadd(&request->reply->vps, tmp);

Shouldn't this only be added when there's not already a Reply-Message
attribute in &request->reply->vps ?!?

                        rad_authlog("Login incorrect (external check
failed)",
                                        request, 0);

                        return RLM_MODULE_REJECT;
                }
        }

Thanx,

Thor Spruyt
System Engineer
Mobile: +32 (0)475 67 22 65
Email: [EMAIL PROTECTED]
Loose those wires ! www.sinfilo.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to