From 22952f397b19639e0da2d271e5647e60fe5b1e97 Mon Sep 17 00:00:00 2001 From: fcusack Date: Wed, 29 May 2002 23:46:50 +0000 Subject: [PATCH] Change Module-Message to Module-Failure-Message, add Module-Success-Message. --- raddb/dictionary | 5 ++-- share/dictionary | 5 ++-- src/include/radius.h | 3 +- src/main/auth.c | 22 +++++++++------ src/modules/rlm_chap/rlm_chap.c | 16 +++++------ src/modules/rlm_counter/rlm_counter.c | 10 +++---- src/modules/rlm_ldap/rlm_ldap.c | 44 ++++++++++++++--------------- src/modules/rlm_pap/rlm_pap.c | 28 +++++++++--------- src/modules/rlm_sqlcounter/rlm_sqlcounter.c | 10 +++---- 9 files changed, 76 insertions(+), 67 deletions(-) diff --git a/raddb/dictionary b/raddb/dictionary index 420658f..5632e46 100644 --- a/raddb/dictionary +++ b/raddb/dictionary @@ -173,8 +173,7 @@ ATTRIBUTE Acct-Unique-Session-Id 1051 string ATTRIBUTE Client-IP-Address 1052 ipaddr ATTRIBUTE Ldap-UserDn 1053 string ATTRIBUTE NS-MTA-MD5-Password 1054 string -ATTRIBUTE SQL-User-Name 1055 string -ATTRIBUTE Module-Message 1056 string +ATTRIBUTE SQL-User-Name 1055 string ATTRIBUTE LM-Password 1057 octets ATTRIBUTE NT-Password 1058 octets ATTRIBUTE SMB-Account-CTRL 1059 integer @@ -192,6 +191,8 @@ ATTRIBUTE Digest-Nonce-Count 1071 string ATTRIBUTE Digest-User-Name 1072 string ATTRIBUTE Pool-Name 1073 string ATTRIBUTE Ldap-Group 1074 string +ATTRIBUTE Module-Success-Message 1075 string +ATTRIBUTE Module-Failure-Message 1076 string # # Non-Protocol Attributes diff --git a/share/dictionary b/share/dictionary index 420658f..5632e46 100644 --- a/share/dictionary +++ b/share/dictionary @@ -173,8 +173,7 @@ ATTRIBUTE Acct-Unique-Session-Id 1051 string ATTRIBUTE Client-IP-Address 1052 ipaddr ATTRIBUTE Ldap-UserDn 1053 string ATTRIBUTE NS-MTA-MD5-Password 1054 string -ATTRIBUTE SQL-User-Name 1055 string -ATTRIBUTE Module-Message 1056 string +ATTRIBUTE SQL-User-Name 1055 string ATTRIBUTE LM-Password 1057 octets ATTRIBUTE NT-Password 1058 octets ATTRIBUTE SMB-Account-CTRL 1059 integer @@ -192,6 +191,8 @@ ATTRIBUTE Digest-Nonce-Count 1071 string ATTRIBUTE Digest-User-Name 1072 string ATTRIBUTE Pool-Name 1073 string ATTRIBUTE Ldap-Group 1074 string +ATTRIBUTE Module-Success-Message 1075 string +ATTRIBUTE Module-Failure-Message 1076 string # # Non-Protocol Attributes diff --git a/src/include/radius.h b/src/include/radius.h index 45a1879..e1dc7c1 100644 --- a/src/include/radius.h +++ b/src/include/radius.h @@ -137,7 +137,6 @@ #define LDAP_USERDN 1053 #define PW_NS_MTA_MD5_PASSWORD 1054 #define PW_SQL_USER_NAME 1055 -#define PW_MODULE_MESSAGE 1056 #define PW_LM_PASSWORD 1057 #define PW_NT_PASSWORD 1058 #define PW_SMB_ACCOUNT_CTRL 1059 @@ -156,6 +155,8 @@ #define PW_DIGEST_USER_NAME 1072 #define PW_POOL_NAME 1073 #define PW_LDAP_GROUP 1074 +#define PW_MODULE_SUCCESS_MESSAGE 1075 +#define PW_MODULE_FAILURE_MESSAGE 1076 /* * Integer Translations diff --git a/src/main/auth.c b/src/main/auth.c index 4b4d39f..c323d9c 100644 --- a/src/main/auth.c +++ b/src/main/auth.c @@ -405,6 +405,7 @@ int rad_authenticate(REQUEST *request) VALUE_PAIR *check_item; VALUE_PAIR *reply_item; VALUE_PAIR *auth_item; + VALUE_PAIR *module_msg; VALUE_PAIR *tmp = NULL; VALUE_PAIR *autz_type_item = NULL; int result, r; @@ -521,10 +522,8 @@ autz_redo: r != RLM_MODULE_OK && r != RLM_MODULE_UPDATED) { if (r != RLM_MODULE_FAIL && r != RLM_MODULE_HANDLED) { - VALUE_PAIR *module_msg; - if ((module_msg = pairfind(request->packet->vps, - PW_MODULE_MESSAGE)) != NULL){ + PW_MODULE_FAILURE_MESSAGE)) != NULL){ char msg[MAX_STRING_LEN+16]; snprintf(msg, sizeof(msg), "Invalid user (%s)", module_msg->strvalue); @@ -588,12 +587,10 @@ autz_redo: * wants to send back. */ if (result < 0) { - VALUE_PAIR *module_msg; - DEBUG2("auth: Failed to validate the user."); request->reply->code = PW_AUTHENTICATION_REJECT; - - if ((module_msg = pairfind(request->packet->vps,PW_MODULE_MESSAGE)) != NULL){ + + if ((module_msg = pairfind(request->packet->vps,PW_MODULE_FAILURE_MESSAGE)) != NULL){ char msg[MAX_STRING_LEN+19]; snprintf(msg, sizeof(msg), "Login incorrect (%s)", @@ -869,7 +866,16 @@ autz_redo: if (request->reply->code == 0) request->reply->code = PW_AUTHENTICATION_ACK; - rad_authlog("Login OK", request, 1); + if ((module_msg = pairfind(request->packet->vps,PW_MODULE_SUCCESS_MESSAGE)) != NULL){ + char msg[MAX_STRING_LEN+12]; + + snprintf(msg, sizeof(msg), "Login OK (%s)", + module_msg->strvalue); + rad_authlog(msg, request, 1); + } else { + rad_authlog("Login OK", request, 1); + } + if (exec_program && !exec_wait) { /* * No need to check the exit status here. diff --git a/src/modules/rlm_chap/rlm_chap.c b/src/modules/rlm_chap/rlm_chap.c index b9a40fc..4b715b0 100644 --- a/src/modules/rlm_chap/rlm_chap.c +++ b/src/modules/rlm_chap/rlm_chap.c @@ -68,8 +68,8 @@ static int chap_authenticate(void *instance, REQUEST *request) { VALUE_PAIR *passwd_item; char pass_str[MAX_STRING_LEN]; - VALUE_PAIR *module_msg_vp; - char module_msg[MAX_STRING_LEN]; + VALUE_PAIR *module_fmsg_vp; + char module_fmsg[MAX_STRING_LEN]; /* quiet the compiler */ instance = instance; @@ -100,9 +100,9 @@ static int chap_authenticate(void *instance, REQUEST *request) if ((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL){ DEBUG("rlm_chap: Could not find clear text password for user %s",request->username->strvalue); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_chap: Clear text password not available"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Clear text password not available"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_INVALID; } @@ -113,9 +113,9 @@ static int chap_authenticate(void *instance, REQUEST *request) if (memcmp(pass_str+1,request->password->strvalue+1,CHAP_VALUE_LENGTH) != 0){ DEBUG("rlm_chap: Pasword check failed"); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_chap: Wrong user password"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_chap: Wrong user password"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_REJECT; } diff --git a/src/modules/rlm_counter/rlm_counter.c b/src/modules/rlm_counter/rlm_counter.c index 0ee2040..49e114c 100644 --- a/src/modules/rlm_counter/rlm_counter.c +++ b/src/modules/rlm_counter/rlm_counter.c @@ -610,8 +610,8 @@ static int counter_authorize(void *instance, REQUEST *request) key_vp->strvalue,res); } else{ - char module_msg[MAX_STRING_LEN]; - VALUE_PAIR *module_msg_vp; + char module_fmsg[MAX_STRING_LEN]; + VALUE_PAIR *module_fmsg_vp; /* * User is denied access, send back a reply message @@ -620,9 +620,9 @@ static int counter_authorize(void *instance, REQUEST *request) reply_item=pairmake("Reply-Message", msg, T_OP_EQ); pairadd(&request->reply->vps, reply_item); - snprintf(module_msg, sizeof(module_msg), "rlm_counter: Maximum %s usage time reached", data->reset); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg), "rlm_counter: Maximum %s usage time reached", data->reset); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); ret=RLM_MODULE_REJECT; diff --git a/src/modules/rlm_ldap/rlm_ldap.c b/src/modules/rlm_ldap/rlm_ldap.c index ce31f90..90c2c86 100644 --- a/src/modules/rlm_ldap/rlm_ldap.c +++ b/src/modules/rlm_ldap/rlm_ldap.c @@ -779,9 +779,9 @@ ldap_authorize(void *instance, REQUEST * request) int res; VALUE_PAIR **check_pairs, **reply_pairs; char **vals; - VALUE_PAIR *module_msg_vp; + VALUE_PAIR *module_fmsg_vp; VALUE_PAIR *user_profile; - char module_msg[MAX_STRING_LEN]; + char module_fmsg[MAX_STRING_LEN]; LDAP_CONN *conn; int conn_id = -1; @@ -824,9 +824,9 @@ ldap_authorize(void *instance, REQUEST * request) if ((res = perform_search(instance, conn, basedn, LDAP_SCOPE_SUBTREE, filter, inst->atts, &result)) != RLM_MODULE_OK) { DEBUG("rlm_ldap: search failed"); if (res == RLM_MODULE_NOTFOUND){ - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User not found"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User not found"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); } ldap_release_conn(conn_id,inst->conns); return (res); @@ -857,9 +857,9 @@ ldap_authorize(void *instance, REQUEST * request) DEBUG("rlm_ldap: checking if remote access for %s is allowed by %s", request->username->strvalue, inst->access_attr); if (!strncmp(vals[0], "FALSE", 5)) { DEBUG("rlm_ldap: dialup access disabled"); - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Access Attribute denies access"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Access Attribute denies access"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); ldap_msgfree(result); ldap_value_free(vals); ldap_release_conn(conn_id,inst->conns); @@ -868,9 +868,9 @@ ldap_authorize(void *instance, REQUEST * request) ldap_value_free(vals); } else { DEBUG("rlm_ldap: no %s attribute - access denied by default", inst->access_attr); - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Access Attribute denies access"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Access Attribute denies access"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); ldap_msgfree(result); ldap_release_conn(conn_id,inst->conns); return RLM_MODULE_USERLOCK; @@ -904,9 +904,9 @@ ldap_authorize(void *instance, REQUEST * request) ldap_msgfree(result); ldap_release_conn(conn_id,inst->conns); if (res == RLM_MODULE_NOTFOUND){ - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User is not an access group member"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User is not an access group member"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return (RLM_MODULE_USERLOCK); } else @@ -1062,8 +1062,8 @@ ldap_authenticate(void *instance, REQUEST * request) char basedn[1024]; int res; VALUE_PAIR *vp_user_dn; - VALUE_PAIR *module_msg_vp; - char module_msg[MAX_STRING_LEN]; + VALUE_PAIR *module_fmsg_vp; + char module_fmsg[MAX_STRING_LEN]; LDAP_CONN *conn; int conn_id = -1; @@ -1115,9 +1115,9 @@ ldap_authenticate(void *instance, REQUEST * request) } if ((res = perform_search(instance, conn, basedn, LDAP_SCOPE_SUBTREE, filter, attrs, &result)) != RLM_MODULE_OK) { if (res == RLM_MODULE_NOTFOUND){ - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: User not found"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: User not found"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); } ldap_release_conn(conn_id,inst->conns); return (res); @@ -1146,9 +1146,9 @@ ldap_authenticate(void *instance, REQUEST * request) ld_user = ldap_connect(instance, user_dn, request->password->strvalue, 1, &res); if (ld_user == NULL){ - snprintf(module_msg,MAX_STRING_LEN-1,"rlm_ldap: Bind as user failed"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_ldap: Bind as user failed"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return (res); } diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c index ddbd9a2..2d0d5da 100644 --- a/src/modules/rlm_pap/rlm_pap.c +++ b/src/modules/rlm_pap/rlm_pap.c @@ -144,8 +144,8 @@ static int pap_instantiate(CONF_SECTION *conf, void **instance) static int pap_authenticate(void *instance, REQUEST *request) { VALUE_PAIR *passwd_item; - VALUE_PAIR *module_msg_vp; - char module_msg[MAX_STRING_LEN]; + VALUE_PAIR *module_fmsg_vp; + char module_fmsg[MAX_STRING_LEN]; MD5_CTX context; char digest[16]; char buff[16]; @@ -180,9 +180,9 @@ static int pap_authenticate(void *instance, REQUEST *request) if ((passwd_item = pairfind(request->config_items, PW_PASSWORD)) == NULL){ DEBUG("rlm_pap: Could not find password for user %s",request->username->strvalue); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: User password not available"); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: User password not available"); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_INVALID; } @@ -203,9 +203,9 @@ static int pap_authenticate(void *instance, REQUEST *request) if (strncmp((char *) passwd_item->strvalue, (char *) request->password->strvalue, passwd_item->length) != 0){ DEBUG("rlm_pap: Passwords don't match"); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: CLEAR TEXT password check failed"); - module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CLEAR TEXT password check failed"); + module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_REJECT; } break; @@ -215,9 +215,9 @@ static int pap_authenticate(void *instance, REQUEST *request) crypt((char *) request->password->strvalue, (char *)passwd_item->strvalue), passwd_item->length) != 0){ DEBUG("rlm_pap: Passwords don't match"); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: CRYPT password check failed"); - module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: CRYPT password check failed"); + module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_REJECT; } break; @@ -230,9 +230,9 @@ static int pap_authenticate(void *instance, REQUEST *request) pap_hexify(buff,digest,16); if (strncmp((char *)passwd_item->strvalue, buff, passwd_item->length) != 0){ DEBUG("rlm_pap: Passwords don't match"); - snprintf(module_msg,MAX_STRING_LEN - 1,"rlm_pap: MD5 password check failed"); - module_msg_vp = pairmake("Module-Message",module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg,sizeof(module_fmsg),"rlm_pap: MD5 password check failed"); + module_fmsg_vp = pairmake("Module-Failure-Message",module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); return RLM_MODULE_REJECT; } break; diff --git a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c index 0bfaae2..b5fe2c5 100644 --- a/src/modules/rlm_sqlcounter/rlm_sqlcounter.c +++ b/src/modules/rlm_sqlcounter/rlm_sqlcounter.c @@ -577,8 +577,8 @@ static int sqlcounter_authorize(void *instance, REQUEST *request) key_vp->strvalue,reply_item->lvalue); } else{ - char module_msg[MAX_STRING_LEN]; - VALUE_PAIR *module_msg_vp; + char module_fmsg[MAX_STRING_LEN]; + VALUE_PAIR *module_fmsg_vp; DEBUG2("rlm_sqlcounter: (Check item - counter) is less than zero"); @@ -589,9 +589,9 @@ static int sqlcounter_authorize(void *instance, REQUEST *request) reply_item=pairmake("Reply-Message", msg, T_OP_EQ); pairadd(&request->reply->vps, reply_item); - snprintf(module_msg, sizeof(module_msg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset); - module_msg_vp = pairmake("Module-Message", module_msg, T_OP_EQ); - pairadd(&request->packet->vps, module_msg_vp); + snprintf(module_fmsg, sizeof(module_fmsg), "rlm_sqlcounter: Maximum %s usage time reached", data->reset); + module_fmsg_vp = pairmake("Module-Failure-Message", module_fmsg, T_OP_EQ); + pairadd(&request->packet->vps, module_fmsg_vp); ret=RLM_MODULE_REJECT; -- 2.1.4