add Module-Success-Message.
ATTRIBUTE Client-IP-Address 1052 ipaddr
ATTRIBUTE Ldap-UserDn 1053 string
ATTRIBUTE NS-MTA-MD5-Password 1054 string
-ATTRIBUTE SQL-User-Name 1055 string
-ATTRIBUTE Module-Message 1056 string
+ATTRIBUTE SQL-User-Name 1055 string
ATTRIBUTE LM-Password 1057 octets
ATTRIBUTE NT-Password 1058 octets
ATTRIBUTE SMB-Account-CTRL 1059 integer
ATTRIBUTE Digest-User-Name 1072 string
ATTRIBUTE Pool-Name 1073 string
ATTRIBUTE Ldap-Group 1074 string
+ATTRIBUTE Module-Success-Message 1075 string
+ATTRIBUTE Module-Failure-Message 1076 string
#
# Non-Protocol Attributes
ATTRIBUTE Client-IP-Address 1052 ipaddr
ATTRIBUTE Ldap-UserDn 1053 string
ATTRIBUTE NS-MTA-MD5-Password 1054 string
-ATTRIBUTE SQL-User-Name 1055 string
-ATTRIBUTE Module-Message 1056 string
+ATTRIBUTE SQL-User-Name 1055 string
ATTRIBUTE LM-Password 1057 octets
ATTRIBUTE NT-Password 1058 octets
ATTRIBUTE SMB-Account-CTRL 1059 integer
ATTRIBUTE Digest-User-Name 1072 string
ATTRIBUTE Pool-Name 1073 string
ATTRIBUTE Ldap-Group 1074 string
+ATTRIBUTE Module-Success-Message 1075 string
+ATTRIBUTE Module-Failure-Message 1076 string
#
# Non-Protocol Attributes
#define LDAP_USERDN 1053
#define PW_NS_MTA_MD5_PASSWORD 1054
#define PW_SQL_USER_NAME 1055
-#define PW_MODULE_MESSAGE 1056
#define PW_LM_PASSWORD 1057
#define PW_NT_PASSWORD 1058
#define PW_SMB_ACCOUNT_CTRL 1059
#define PW_DIGEST_USER_NAME 1072
#define PW_POOL_NAME 1073
#define PW_LDAP_GROUP 1074
+#define PW_MODULE_SUCCESS_MESSAGE 1075
+#define PW_MODULE_FAILURE_MESSAGE 1076
/*
* Integer Translations
VALUE_PAIR *check_item;
VALUE_PAIR *reply_item;
VALUE_PAIR *auth_item;
+ VALUE_PAIR *module_msg;
VALUE_PAIR *tmp = NULL;
VALUE_PAIR *autz_type_item = NULL;
int result, r;
r != RLM_MODULE_OK &&
r != RLM_MODULE_UPDATED) {
if (r != RLM_MODULE_FAIL && r != RLM_MODULE_HANDLED) {
- VALUE_PAIR *module_msg;
-
if ((module_msg = pairfind(request->packet->vps,
- PW_MODULE_MESSAGE)) != NULL){
+ PW_MODULE_FAILURE_MESSAGE)) != NULL){
char msg[MAX_STRING_LEN+16];
snprintf(msg, sizeof(msg), "Invalid user (%s)",
module_msg->strvalue);
* wants to send back.
*/
if (result < 0) {
- VALUE_PAIR *module_msg;
-
DEBUG2("auth: Failed to validate the user.");
request->reply->code = PW_AUTHENTICATION_REJECT;
-
- if ((module_msg = pairfind(request->packet->vps,PW_MODULE_MESSAGE)) != NULL){
+
+ if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE)) != NULL){
char msg[MAX_STRING_LEN+19];
snprintf(msg, sizeof(msg), "Login incorrect (%s)",
if (request->reply->code == 0)
request->reply->code = PW_AUTHENTICATION_ACK;
- rad_authlog("Login OK", request, 1);
+ if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE)) != NULL){
+ char msg[MAX_STRING_LEN+12];
+
+ snprintf(msg, sizeof(msg), "Login OK (%s)",
+ module_msg->strvalue);
+ rad_authlog(msg, request, 1);
+ } else {
+ rad_authlog("Login OK", request, 1);
+ }
+
if (exec_program && !exec_wait) {
/*
* No need to check the exit status here.
{
VALUE_PAIR *passwd_item;
char pass_str[MAX_STRING_LEN];
- VALUE_PAIR *module_msg_vp;
- char module_msg[MAX_STRING_LEN];
+ VALUE_PAIR *module_fmsg_vp;
+ char module_fmsg[MAX_STRING_LEN];
/* quiet the compiler */
instance = instance;
if ((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL){
DEBUG("rlm_chap: Could not find clear text password for user %s",request->username->strvalue);
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_chap: Clear text password not available");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Clear text password not available");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_INVALID;
}
if (memcmp(pass_str+1,request->password->strvalue+1,CHAP_VALUE_LENGTH) != 0){
DEBUG("rlm_chap: Pasword check failed");
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_chap: Wrong user password");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Wrong user password");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
key_vp->strvalue,res);
}
else{
- char module_msg[MAX_STRING_LEN];
- VALUE_PAIR *module_msg_vp;
+ char module_fmsg[MAX_STRING_LEN];
+ VALUE_PAIR *module_fmsg_vp;
/*
* User is denied access, send back a reply message
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
- snprintf(module_msg, sizeof(module_msg), "rlm_counter: Maximum %s usage time reached", data->reset);
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg), "rlm_counter: Maximum %s usage time reached", data->reset);
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;
int res;
VALUE_PAIR **check_pairs, **reply_pairs;
char **vals;
- VALUE_PAIR *module_msg_vp;
+ VALUE_PAIR *module_fmsg_vp;
VALUE_PAIR *user_profile;
- char module_msg[MAX_STRING_LEN];
+ char module_fmsg[MAX_STRING_LEN];
LDAP_CONN *conn;
int conn_id = -1;
if ((res = perform_search(instance, conn, basedn, LDAP_SCOPE_SUBTREE, filter, inst->atts, &result)) != RLM_MODULE_OK) {
DEBUG("rlm_ldap: search failed");
if (res == RLM_MODULE_NOTFOUND){
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User not found");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User not found");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
}
ldap_release_conn(conn_id,inst->conns);
return (res);
DEBUG("rlm_ldap: checking if remote access for %s is allowed by %s", request->username->strvalue, inst->access_attr);
if (!strncmp(vals[0], "FALSE", 5)) {
DEBUG("rlm_ldap: dialup access disabled");
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Access Attribute denies access");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Access Attribute denies access");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
ldap_msgfree(result);
ldap_value_free(vals);
ldap_release_conn(conn_id,inst->conns);
ldap_value_free(vals);
} else {
DEBUG("rlm_ldap: no %s attribute - access denied by default", inst->access_attr);
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Access Attribute denies access");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Access Attribute denies access");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
ldap_msgfree(result);
ldap_release_conn(conn_id,inst->conns);
return RLM_MODULE_USERLOCK;
ldap_msgfree(result);
ldap_release_conn(conn_id,inst->conns);
if (res == RLM_MODULE_NOTFOUND){
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User is not an access group member");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User is not an access group member");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return (RLM_MODULE_USERLOCK);
}
else
char basedn[1024];
int res;
VALUE_PAIR *vp_user_dn;
- VALUE_PAIR *module_msg_vp;
- char module_msg[MAX_STRING_LEN];
+ VALUE_PAIR *module_fmsg_vp;
+ char module_fmsg[MAX_STRING_LEN];
LDAP_CONN *conn;
int conn_id = -1;
}
if ((res = perform_search(instance, conn, basedn, LDAP_SCOPE_SUBTREE, filter, attrs, &result)) != RLM_MODULE_OK) {
if (res == RLM_MODULE_NOTFOUND){
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User not found");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User not found");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
}
ldap_release_conn(conn_id,inst->conns);
return (res);
ld_user = ldap_connect(instance, user_dn, request->password->strvalue,
1, &res);
if (ld_user == NULL){
- snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Bind as user failed");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Bind as user failed");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return (res);
}
static int pap_authenticate(void *instance, REQUEST *request)
{
VALUE_PAIR *passwd_item;
- VALUE_PAIR *module_msg_vp;
- char module_msg[MAX_STRING_LEN];
+ VALUE_PAIR *module_fmsg_vp;
+ char module_fmsg[MAX_STRING_LEN];
MD5_CTX context;
char digest[16];
char buff[16];
if ((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL){
DEBUG("rlm_pap: Could not find password for user %s",request->username->strvalue);
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: User password not available");
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available");
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_INVALID;
}
if (strncmp((char *) passwd_item->strvalue,
(char *) request->password->strvalue, passwd_item->length) != 0){
DEBUG("rlm_pap: Passwords don't match");
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: CLEAR TEXT password check failed");
- module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed");
+ module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
break;
crypt((char *) request->password->strvalue, (char *)passwd_item->strvalue),
passwd_item->length) != 0){
DEBUG("rlm_pap: Passwords don't match");
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: CRYPT password check failed");
- module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CRYPT password check failed");
+ module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
break;
pap_hexify(buff,digest,16);
if (strncmp((char *)passwd_item->strvalue, buff, passwd_item->length) != 0){
DEBUG("rlm_pap: Passwords don't match");
- snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: MD5 password check failed");
- module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed");
+ module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
return RLM_MODULE_REJECT;
}
break;
key_vp->strvalue,reply_item->lvalue);
}
else{
- char module_msg[MAX_STRING_LEN];
- VALUE_PAIR *module_msg_vp;
+ char module_fmsg[MAX_STRING_LEN];
+ VALUE_PAIR *module_fmsg_vp;
DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero");
reply_item=pairmake("Reply-Message", msg, T_OP_EQ);
pairadd(&request->reply->vps, reply_item);
- snprintf(module_msg, sizeof(module_msg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
- module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ);
- pairadd(&request->packet->vps, module_msg_vp);
+ snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset);
+ module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ);
+ pairadd(&request->packet->vps, module_fmsg_vp);
ret=RLM_MODULE_REJECT;