(RADIATOR) RejectHasReason, RejectMessage

Scott Adkins Tue, 9 Nov 1999 18:02:26 -0800

I don't know if anyone will find this useful, but I thought I would submit it
to the list anyways. 

I needed to send a more specific reason to the user's screen when they failed
to authenticate into the system.  Normally, they only get "Request Denied".
I discovered that if you set "RejectHasReason" in the config file, the AuthBy
module could add to the reason, such as "Your account has been turned off." 
However, the only problem with this is that the reason displayed on the user's
screen would be "Request DeniedYour account has been turned off."  I would 
have to get smart on how to set the rejection message in the AuthBy module to
make it display the way I wanted.

So, I expanded "RejectHasReason" to optionally take on the values of "append",
"prepend", or "replace", depending on whether you want the custom message to
be displayed before the "Request Denied" message, after, or in place of it.
I also added a new option called "RejectMessage", which allows you to change
the default message from "Request Denied" to something else.  That one would
be useful if your AuthBy module isn't going to return a custom reject message.

The patch only added about 10 lines of code. It isn't all that important, but
it isn't a bad little feature either.  In any the case, the patch is included
as an attachment.  

Thanks!
Scott
-- 
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
      Scott W. Adkins                    http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                    mailto:[EMAIL PROTECTED]
        ICQ 7626282                     Work (740)593-9478 Fax (740)593-1944
 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+
       CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979

*** Radius-orig/Handler.pm      Tue Nov  9 16:13:50 1999
--- Radius/Handler.pm   Tue Nov  9 16:15:25 1999
***************
*** 49,54 ****
--- 49,55 ----
  
      $self->SUPER::initialize;
      $self->{AuthByPolicy} = 'ContinueWhileIgnore';
+     $self->{RejectMessage} = 'Request Denied';
  }
  
  #####################################################################
***************
*** 129,136 ****
      }
      elsif ($keyword eq 'RejectHasReason')
      {
!       $self->{RejectHasReason}++;
      }
      elsif ($keyword eq 'SessionDatabase')
      {
        $self->{SessionDatabase} = $value;
--- 130,142 ----
      }
      elsif ($keyword eq 'RejectHasReason')
      {
!       $value = "append" if $value eq "";
!       $self->{RejectHasReason} = lc $value;
      }
+     elsif ($keyword eq 'RejectMessage')
+     {
+       $self->{RejectMessage} = $value;
+     }
      elsif ($keyword eq 'SessionDatabase')
      {
        $self->{SessionDatabase} = $value;
***************
*** 265,276 ****
        {
            # Issue a denial and bomb out
            my $reason = "MaxSessions exceeded";
            &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
            $rp->set_code('Access-Reject');
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 
!                             'Request Denied');
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
!               if $self->{RejectHasReason};
            $p->{Client}->replyTo($rp, $p);
            return;
        }
--- 271,285 ----
        {
            # Issue a denial and bomb out
            my $reason = "MaxSessions exceeded";
+           my $custom_reason = $self->{RejectHasReason};
            &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
            $rp->set_code('Access-Reject');
+           $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
+               if $custom_reason eq "prepend" || $custom_reason eq "replace";
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 
!               $self->{RejectMessage}) if $custom_reason ne "replace";
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
!               if $custom_reason eq "append";
            $p->{Client}->replyTo($rp, $p);
            return;
        }
***************
*** 556,568 ****
        elsif ($handled == $main::REJECT
               || $handled == $main::REJECT_IMMEDIATE)
        {
            &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
            $rp->set_code('Access-Reject');
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 
!                             'Request Denied');
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
!               if $self->{RejectHasReason};
! 
            $p->{Client}->replyTo($rp, $p);
        }
        elsif ($handled == $main::CHALLENGE)
--- 565,579 ----
        elsif ($handled == $main::REJECT
               || $handled == $main::REJECT_IMMEDIATE)
        {
+           my $custom_reason = $self->{RejectHasReason};
            &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
            $rp->set_code('Access-Reject');
+           $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
+               if $custom_reason eq "prepend" || $custom_reason eq "replace";
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, 
!               $self->{RejectMessage}) if $custom_reason ne "replace";
            $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
!               if $custom_reason eq "append";
            $p->{Client}->replyTo($rp, $p);
        }
        elsif ($handled == $main::CHALLENGE)

(RADIATOR) RejectHasReason, RejectMessage

Reply via email to