On Fri, Sep 03, 2004 at 01:33:15PM -0400, Alan DeKok wrote:
> "Thor Spruyt" <[EMAIL PROTECTED]> wrote:
> > I hope the rlm_exec module is going to be changed to enable outputting
> > Reject attributes! If you have to run 2 scripts each time, what's the whole
> > point of making the module?
> The module can be updated, once patches are supplied.
Hmm. How about this, everyone?
Current behaviour retained:
If the program returns <0, no attributes, RLM_MODULE_FAIL, errorlog
If the program returns 0, attributes, RLM_MODULE_OK
New behaviour: (Replaces behaviour identical to <0 above)
If the program returns 1 through RLM_MODULE_NUMCODES, return the
appropriate code and attributes as expected.
1 RLM_MODULE_REJECT, /* immediately reject the request */
2 RLM_MODULE_FAIL, /* module failed, don't reply */
3 RLM_MODULE_OK, /* the module is OK, continue */
4 RLM_MODULE_HANDLED, /* the module handled the request, so stop. */
5 RLM_MODULE_INVALID, /* the module considers the request invalid. */
6 RLM_MODULE_USERLOCK, /* reject the request (user is locked out) */
7 RLM_MODULE_NOTFOUND, /* user not found */
8 RLM_MODULE_NOOP, /* module succeeded without doing anything */
9 RLM_MODULE_UPDATED, /* OK (pairs modified) */
If it returns > RLM_MODULE_NUMCODES, return RLM_MODULE_OK. (as for 0)
This should work for everyone using 0 = success and -1 = failure, but
I'll prolly catch people who're using >0 for failure, which is possible
but (slightly) deranged. ^_^;
Hopefully this allows everyone to do what they need to do, and we can
finally deprecate Exec-Program-Wait and Exec-Program. ^_^
Patch for discussion. I decided to try this route when I couldn't
think what to use for a module call that failed but returned attributes.
This then leads the question, what return code do we want for when the
child process terminates abnormally? (!WIFEXITED or rad_waitpid returns
something other than the child's pid)... If we leave it as it is, it's
RLM_MODULE_REJECT with the below patch... Would RLM_MODULE_FAIL be
better? (Changes return 1 at src/main/exec.c:390 to return 2... This
is fine since every caller or radius_exec_program only checks for !=0,
except the rlm_exec xlat call which checks <0.
Index: rlm_exec.c
===================================================================
RCS file: /source/radiusd/src/modules/rlm_exec/rlm_exec.c,v
retrieving revision 1.11
diff -u -r1.11 rlm_exec.c
--- rlm_exec.c 26 Feb 2004 19:04:32 -0000 1.11
+++ rlm_exec.c 4 Sep 2004 07:41:02 -0000
@@ -332,7 +332,7 @@
result = radius_exec_program(inst->program, request,
inst->wait, NULL, 0,
*input_pairs, &answer);
- if (result != 0) {
+ if (result < 0) {
radlog(L_ERR, "rlm_exec (%s): External script failed",
inst->xlat_name);
return RLM_MODULE_FAIL;
@@ -347,7 +347,10 @@
pairfree(&answer);
- return RLM_MODULE_OK;
+ if (result == 0 || result > RLM_MODULE_NUMCODES) {
+ return RLM_MODULE_OK;
+ }
+ return result-1;
}
--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
