Allow post-auth to return reject

author Alan T. DeKok <aland@freeradius.org>

Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)
author Alan T. DeKok <aland@freeradius.org>
Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)
diff --git a/src/main/event.c b/src/main/event.c

index ca3edf0..5c8d547 100644 (file)
--- a/src/main/event.c
+++ b/src/main/event.c
@@ -2476,6 +2476,16 @@ static void request_post_handler(REQUEST *request)
                 }
  
                 /*
+                *      Do post-auth.  If it returns reject, then
+                *      run Post-Auth-Type Reject.
+                */
+               if (request->reply->code == PW_AUTHENTICATION_ACK) {
+                       if (rad_postauth(request) == RLM_MODULE_REJECT) {
+                               request->reply->code = PW_AUTHENTICATION_REJECT;
+                       }
+               }
+               
+               /*
                  *      Run rejected packets through
                  *
                  *      Post-Auth-Type = Reject
@@ -2510,10 +2520,6 @@ static void request_post_handler(REQUEST *request)
                         }
                 }
                 
-               if (request->reply->code == PW_AUTHENTICATION_ACK) {
-                       rad_postauth(request);
-               }
-               
                 /* FALL-THROUGH */
  
  #ifdef WITH_COA
author	Alan T. DeKok <aland@freeradius.org>
	Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Sun, 31 May 2015 12:11:42 +0000 (08:11 -0400)