From a179737771ece982e1840d480b10cb6ed1792619 Mon Sep 17 00:00:00 2001 From: Thomas Guyot-Sionnest Date: Wed, 14 Apr 2010 03:38:52 -0400 Subject: Fix check_radius returning OK on unexpected results REJECT_RC is defined on some radiusclient versions and differenciates between auth errors and bad responses. This patch will affect only the behaviour of those clients exporting REJECT_RC. In addition, unexpected return codes are now handled properly and return UNKNOWN. --- NEWS | 1 + THANKS.in | 1 + plugins/check_radius.c | 14 ++++++++++++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index b698768f..8a11b321 100644 --- a/NEWS +++ b/NEWS @@ -19,6 +19,7 @@ This file documents the major additions and syntax changes between releases. Fix check_disk_smb and check_ircd failures when run via ePN check_ldap now allows for specifying an empty LDAP base Fix compilation error of pst3 in Solaris 8 + Fix check_radius returning OK on unexpected results (Craig Leres - #2911752) WARNINGS Updated developer documentation to say that performance labels should not have an equals sign or single quote in the label diff --git a/THANKS.in b/THANKS.in index f62a4d8e..0b1dab6c 100644 --- a/THANKS.in +++ b/THANKS.in @@ -263,3 +263,4 @@ Konstantin Khomoutov Josip Rodin Dann Frazier Stephane Chazelas +Craig Leres diff --git a/plugins/check_radius.c b/plugins/check_radius.c index 37176257..b2f5732c 100644 --- a/plugins/check_radius.c +++ b/plugins/check_radius.c @@ -63,6 +63,13 @@ void print_usage (void); #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d) #define my_rc_read_dictionary(a) rc_read_dictionary(a) #endif + +/* REJECT_RC is only defined in some version of radiusclient. It has + * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */ +#ifndef REJECT_RC +#define REJECT_RC BADRESP_RC +#endif + int my_rc_read_config(char *); char *server = NULL; @@ -195,13 +202,16 @@ main (int argc, char **argv) die (STATE_CRITICAL, _("Timeout")); if (result == ERROR_RC) die (STATE_CRITICAL, _("Auth Error")); - if (result == BADRESP_RC) + if (result == REJECT_RC) die (STATE_WARNING, _("Auth Failed")); + if (result == BADRESP_RC) + die (STATE_WARNING, _("Bad Response")); if (expect && !strstr (msg, expect)) die (STATE_WARNING, "%s", msg); if (result == OK_RC) die (STATE_OK, _("Auth OK")); - return (0); + (void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result); + die (STATE_UNKNOWN, msg); } -- cgit v1.2.3-74-g34f1