PATCH: radius: bad_hook program caught signal 15

Sun Feb 8 19:40:49 UTC 2004

On Sun, Feb 08, 2004 at 02:47:04PM +0100, Toon van der Pas wrote:
> Hi,
> 
> I think I have a patch for the radius authentication client.

Sorry for following up on my own posting.
If we agree that the die() call should be reserved for fatal
internal errors, then it shouldn't be used at all in the code
that checks the return value from the authenticator.

Also, the exit value should be 0 regardless of the return value,
as a non-zero exit code is interpreted as a fatal error.
The exit code is not used for conveying the authentication result.

So I changed the code to reflect this, and made it more readable:

retval = rad_auth(&radconfig, authinfo->username, authinfo->password);
if (retval == 0)
    /* radius password matches! */
    printf("User:%s\n", authinfo->username);
else if (retval == -1)
    fprintf(stderr,"user %s password doesn't match\n", authinfo->username);
else if (retval == -2)
    fprintf(stderr,"Couldn't talk to the radius server\n");
else
    fprintf(stderr,"Unexpected return code from authentication function: %d\n",
        retval);
exit(0);

Here is the patch.
I tested it on our machine. It works the same as the previous patch,
and it spares us the inappropriate "bad_hook" log messages.
At the same time it nicely logs the cause of failed authentications.
But I don't know what your policy is regarding the adding and changing
of log messages, so...

--- authprogs/radius.c.org	2003-01-19 20:58:18.000000000 +0100
+++ authprogs/radius.c	2004-02-08 20:33:30.317328050 +0100
@@ -549,16 +549,15 @@
     /* got username and password, check that they're valid */
 
     retval = rad_auth(&radconfig, authinfo->username, authinfo->password);
-    if (retval == -1)
-        die("user %s password doesn't match", authinfo->username);
+    if (retval == 0)
+        /* radius password matches! */
+        printf("User:%s\n", authinfo->username);
+    else if (retval == -1)
+        fprintf(stderr,"user %s password doesn't match\n", authinfo->username);
     else if (retval == -2)
-	/* couldn't talk to the radius server..  output logged above. */
-	exit(1);
-    else if (retval != 0)
-        die("unexpected return code from authentication function: %d",
+        fprintf(stderr,"Couldn't talk to the radius server\n");
+    else
+        fprintf(stderr,"Unexpected return code from authentication function: %d\n",
             retval);
-
-    /* radius password matches! */
-    printf("User:%s\n", authinfo->username);
     exit(0);
 }

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
