ppp showing radius message

2001-04-25 Thread Victor Ivanov 

Hi,

I made a simple (and ugly) patch to ppp to show the radius message when
a radius reject is received.  It also saves it in struct authinfo so the auth
failure routine can pass it to the peer.  The patch modifies pap.c to do this,
but I don't know how to modify the other auth types (I'm using pap only here).

Someone finds this useful (except me)?

P.S. It's tested on the server side (with Windows client and a PicoBSD client
 for peers).

-- 
Players win and winners play
Have a lucky day


--- auth.h.orig Wed Apr 25 18:13:13 2001
+++ auth.h  Wed Apr 25 18:13:25 2001
@@ -42,6 +42,7 @@
   struct {
 struct fsm_retry fsm;  /* How often/frequently to resend requests */
   } cfg;
+  char *fail_message;
 };
 
 #define auth_Failure(a) (*a->fn.failure)(a);
--- pap.c.orig  Wed Apr 25 18:13:43 2001
+++ pap.c   Wed Apr 25 18:15:51 2001
@@ -149,7 +149,8 @@
 static void
 pap_Failure(struct authinfo *authp)
 {
-  SendPapCode(authp, PAP_NAK, "Login incorrect");
+  SendPapCode(authp, PAP_NAK,
+ (authp->fail_message ? authp->fail_message : "Login incorrect"));
   datalink_AuthNotOk(authp->physical->dl);
 }
 
--- radius.c.orig   Wed Apr 25 18:15:55 2001
+++ radius.cWed Apr 25 18:24:07 2001
@@ -83,6 +83,8 @@
 #include "datalink.h"
 #include "bundle.h"
 
+static char fail_message[128];
+
 /*
  * rad_continue_send_request() has given us `got' (non-zero).  Deal with it.
  */
@@ -111,10 +113,32 @@
   break;
 
 case RAD_ACCESS_REJECT:
-  log_Printf(LogPHASE, "Radius(%s): REJECT received\n", stype);
-  if (r->cx.auth)
-auth_Failure(r->cx.auth);
-  rad_close(r->cx.rad);
+  {
+int got2;
+
+nuke = NULL;
+while (!nuke && ((got2 = rad_get_attr(r->cx.rad, &data, &len)) > 0)) {
+ if (got2 == RAD_REPLY_MESSAGE) {
+   if ((nuke = rad_cvt_string(data, len)) == NULL) {
+ log_Printf(LogERROR, "rad_cvt_string: %s\n", rad_strerror(r->cx.rad));
+ rad_close(r->cx.rad);
+ return;
+   }
+ }
+   }
+   if (nuke) {
+ strlcpy(fail_message, nuke, sizeof(fail_message));
+ free(nuke);
+ r->cx.auth->fail_message = fail_message;
+ log_Printf(LogPHASE, "Radius(%s): REJECT received (%s)\n",
+ stype, fail_message);
+   } else
+ log_Printf(LogPHASE, "Radius(%s): REJECT received\n", stype);
+
+if (r->cx.auth)
+  auth_Failure(r->cx.auth);
+rad_close(r->cx.rad);
+  }
   return;
 
 case RAD_ACCESS_CHALLENGE:

 PGP signature

Re: ppp showing radius message

2001-04-25 Thread Leif Neland 


- Original Message - 
From: "Victor Ivanov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 5:48 PM
Subject: ppp showing radius message


Hi,

> I made a simple (and ugly) patch to ppp to show the radius message when
> a radius reject is received.  

Great idea.

It annoys me our radiusserver can send messages like "You are already connected. 
Simultaneous connects not allowed" or "Access only allowed between 18:00 and 08:00", 
but M$ completely ignores it.

So let's make Fbsd better in this respect too.


Leif


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message