summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e7cefa7)
raw | patch | inline | side by side (parent: e7cefa7)
author | Thomas Guyot-Sionnest <dermoth@aei.ca> | |
Wed, 14 Apr 2010 07:38:52 +0000 (03:38 -0400) | ||
committer | Thomas Guyot-Sionnest <dermoth@aei.ca> | |
Wed, 14 Apr 2010 07:38:52 +0000 (03:38 -0400) |
REJECT_RC is defined on some radiusclient versions and differenciates
between auth errors and bad responses. This patch will affect only the
behaviour of those clients exporting REJECT_RC.
In addition, unexpected return codes are now handled properly and
return UNKNOWN.
between auth errors and bad responses. This patch will affect only the
behaviour of those clients exporting REJECT_RC.
In addition, unexpected return codes are now handled properly and
return UNKNOWN.
NEWS | patch | blob | history | |
THANKS.in | patch | blob | history | |
plugins/check_radius.c | patch | blob | history |
index b698768f32e90de37e00b0b4ad5bb30a7e48fa61..8a11b321673db79a124dcbda7b3e2d9cd05fa906 100644 (file)
--- a/NEWS
+++ b/NEWS
Fix check_disk_smb and check_ircd failures when run via ePN
check_ldap now allows for specifying an empty LDAP base
Fix compilation error of pst3 in Solaris 8
Fix check_disk_smb and check_ircd failures when run via ePN
check_ldap now allows for specifying an empty LDAP base
Fix compilation error of pst3 in Solaris 8
+ Fix check_radius returning OK on unexpected results (Craig Leres - #2911752)
WARNINGS
Updated developer documentation to say that performance labels should not have an equals sign or
single quote in the label
WARNINGS
Updated developer documentation to say that performance labels should not have an equals sign or
single quote in the label
diff --git a/THANKS.in b/THANKS.in
index f62a4d8ee4c72ee88a745bf427e73ca8055877cd..0b1dab6cb7365e017f7c708cefd0b091945671c7 100644 (file)
--- a/THANKS.in
+++ b/THANKS.in
Josip Rodin
Dann Frazier
Stephane Chazelas
Josip Rodin
Dann Frazier
Stephane Chazelas
+Craig Leres
diff --git a/plugins/check_radius.c b/plugins/check_radius.c
index 37176257be8d276ee4adeb36d75870703e78d184..b2f5732cb0aea76310506018d8d105b8f108f997 100644 (file)
--- a/plugins/check_radius.c
+++ b/plugins/check_radius.c
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
#define my_rc_read_dictionary(a) rc_read_dictionary(a)
#endif
#define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
#define my_rc_read_dictionary(a) rc_read_dictionary(a)
#endif
+
+/* REJECT_RC is only defined in some version of radiusclient. It has
+ * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */
+#ifndef REJECT_RC
+#define REJECT_RC BADRESP_RC
+#endif
+
int my_rc_read_config(char *);
char *server = NULL;
int my_rc_read_config(char *);
char *server = NULL;
die (STATE_CRITICAL, _("Timeout"));
if (result == ERROR_RC)
die (STATE_CRITICAL, _("Auth Error"));
die (STATE_CRITICAL, _("Timeout"));
if (result == ERROR_RC)
die (STATE_CRITICAL, _("Auth Error"));
- if (result == BADRESP_RC)
+ if (result == REJECT_RC)
die (STATE_WARNING, _("Auth Failed"));
die (STATE_WARNING, _("Auth Failed"));
+ if (result == BADRESP_RC)
+ die (STATE_WARNING, _("Bad Response"));
if (expect && !strstr (msg, expect))
die (STATE_WARNING, "%s", msg);
if (result == OK_RC)
die (STATE_OK, _("Auth OK"));
if (expect && !strstr (msg, expect))
die (STATE_WARNING, "%s", msg);
if (result == OK_RC)
die (STATE_OK, _("Auth OK"));
- return (0);
+ (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result);
+ die (STATE_UNKNOWN, msg);
}
}