PATCH: radius: bad_hook program caught signal 15

Sun Feb 8 13:47:04 UTC 2004

Hi,

I think I have a patch for the radius authentication client.
I noticed that a failed authorisation (because of an invalid password)
resulted in the log message "bad_hook program caught signal 15".
Because this is not a very elegant way of handling an invalid
password, I looked in the code. What I found is this snippet
in radius.c:

retval = rad_auth(&radconfig, authinfo->username, authinfo->password);
if (retval == -1)
    die("user %s password doesn't match", authinfo->username);
else if (retval == -2)
    /* couldn't talk to the radius server..  output logged above. */
    exit(1);
else if (retval != 0)
    die("unexpected return code from authentication function: %d",
        retval);

The call to die() must be responsible for the signal 15 report.
I checked the code in nnrpd/perm.c, and noticed that the
authentication is considered to have failed as long as
we don't output "User:" on stdout.
Also, I noticed that an error message on stderr would be logged
to the syslog. So I decided to replace the die() call with a
log message to stderr.

This change caused the log messages to change from...

Feb  8 12:55:15 news nnrpd[20272]: bbned23-32-100.dsl.hccnet.nl auth starting authenticator radius -f /usr/local/news/etc/radius.conf
Feb  8 12:55:16 news nnrpd[20272]: bbned23-32-100.dsl.hccnet.nl bad_hook program caught signal 15

...into...

Feb  8 14:12:07 news nnrpd[30312]: bbned23-32-100.dsl.hccnet.nl auth starting authenticator radius -f /usr/local/news/etc/radius.conf
Feb  8 14:12:07 news nnrpd[30312]: bbned23-32-100.dsl.hccnet.nl auth_err user toon password doesn't match

See the patch below. It's against inn-STABLE-20040118.

Regards,
Toon van der Pas.

--- authprogs/radius.c.org	2003-01-19 20:58:18.000000000 +0100
+++ authprogs/radius.c	2004-02-08 14:36:54.341663105 +0100
@@ -549,8 +549,10 @@
     /* got username and password, check that they're valid */
 
     retval = rad_auth(&radconfig, authinfo->username, authinfo->password);
-    if (retval == -1)
-        die("user %s password doesn't match", authinfo->username);
+    if (retval == -1) {
+        fprintf(stderr,"user %s password doesn't match\n", authinfo->username);
+        exit(0);
+    }
     else if (retval == -2)
 	/* couldn't talk to the radius server..  output logged above. */
 	exit(1);

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
