Fix check_radius returning OK on unexpected results

REJECT_RC is defined on some radiusclient versions and differenciates
between auth errors and bad responses. This patch will affect only the
behaviour of those clients exporting REJECT_RC.

In addition, unexpected return codes are now handled properly and
return UNKNOWN.

diff --git a/NEWS b/NEWS
index b698768f32e90de37e00b0b4ad5bb30a7e48fa61..8a11b321673db79a124dcbda7b3e2d9cd05fa906 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,7 @@ This file documents the major additions and syntax changes between releases.
        Fix check_disk_smb and check_ircd failures when run via ePN
        check_ldap now allows for specifying an empty LDAP base
        Fix compilation error of pst3 in Solaris 8
+       Fix check_radius returning OK on unexpected results (Craig Leres - #2911752)
        WARNINGS
        Updated developer documentation to say that performance labels should not have an equals sign or
        single quote in the label

diff --git a/THANKS.in b/THANKS.in
index f62a4d8ee4c72ee88a745bf427e73ca8055877cd..0b1dab6cb7365e017f7c708cefd0b091945671c7 100644 (file)
--- a/THANKS.in
+++ b/THANKS.in
@@ -263,3 +263,4 @@ Konstantin Khomoutov
 Josip Rodin
 Dann Frazier
 Stephane Chazelas
+Craig Leres

diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 37176257be8d276ee4adeb36d75870703e78d184..b2f5732cb0aea76310506018d8d105b8f108f997 100644 (file)
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
@@ -63,6 +63,13 @@ void print_usage (void);
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(a)
 #endif
+
+/* REJECT_RC is only defined in some version of radiusclient. It has
+ * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */
+#ifndef REJECT_RC
+#define REJECT_RC BADRESP_RC
+#endif
+
 int my_rc_read_config(char *);
 
 char *server = NULL;
@@ -195,13 +202,16 @@ main (int argc, char **argv)
                die (STATE_CRITICAL, _("Timeout"));
        if (result == ERROR_RC)
                die (STATE_CRITICAL, _("Auth Error"));
-       if (result == BADRESP_RC)
+       if (result == REJECT_RC)
                die (STATE_WARNING, _("Auth Failed"));
+       if (result == BADRESP_RC)
+               die (STATE_WARNING, _("Bad Response"));
        if (expect && !strstr (msg, expect))
                die (STATE_WARNING, "%s", msg);
        if (result == OK_RC)
                die (STATE_OK, _("Auth OK"));
-       return (0);
+       (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result);
+       die (STATE_UNKNOWN, msg);
 }