# proxyTimedOutHook.pl
# NoReplyHook
#
# Radiator hook for sending downstream an Access-Reject if
# the upstream Radius server times out while authenticating

sub
{
	my $p  = ${$_[0]};  # Original request from NAS
	my $fp = ${$_[1]};  # Request forwarded to the remote Radius
	my $rp = ${$_[2]};  # Reply packet being constructed to return to the NAS

	my $reason = "unknown realm or server timeout";
	my $reply = "From TLR: unknown realm or proxy server timeout";
	#my $reply = "From TLR: unknown realm or proxy server timeout while authenticating $p->{OriginalUserName}";

	my $authlog;

        # Do not touch e.g., Accounting-Request messages
        return unless $p->code eq 'Access-Request';

	# $rp can also be reached with ${p}->{rp}
	$rp->set_code('Access-Reject');
	$rp->add_attr('Reply-Message', $reply);

	# If Proxy-State attributes are not added, reply will not be recognized
	map {$rp->add_attr('Proxy-State', $_)} $p->get_attr('Proxy-State');

	# Log to two different AuthLogs
	if ($authlog = Radius::Configurable::find('AuthLog', "authlogger-sql-internal")) {
		$authlog->authlog($main::REJECT, $reason, $p);
	}
	if ($authlog = Radius::Configurable::find('AuthLog', "authlogger-file-internal")) {
		$authlog->authlog($main::REJECT, $reason, $p);
	}

	$p->{Client}->replyTo($p);
	return;
}