<div dir="ltr"><div>Unless I'm mistaken, I don't have access to the reply from a PostAuthSelectHook:</div><div><br></div><div style="margin-left:40px">
<span></span>
<div class="gmail-page" title="Page 184">
<div class="gmail-layoutArea">
<div class="gmail-column">
<p><span style="font-size:10pt;font-family:"Times"">The first argument passed to the hook is a handle to the current AuthBy SQL object. The second argument<br>
is the name of the user being authenticated. The third argument is a pointer to the current request. The fourth
argument is a pointer to the User object being constructed to hold the check and reply items for the user being
authenticated. The fifth argument ($_[4]) is a reference to the @row resulting from AuthSelect.
</span></p>
</div>
</div>
</div>
<br></div><div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p><span style="font-size:7.5pt;font-family:"Verdana",sans-serif;color:#336699">--</span></p>
<p><span style="font-size:7.5pt;font-family:"Verdana",sans-serif;color:#336699">Michael Newton<br>
Director, Product Development<br>
Point of Presence Technologies<br></span><span style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#336699"></span></p></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 24 Jul 2018 at 17:24, Hugh Irvine <<a href="mailto:hugh@open.com.au">hugh@open.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hello Michael -<br>
<br>
The simplest way to do this is to add a Reply-Message to the reply in your code, then chain an AuthBy INTERNAL clause after the AuthBy SQL clause with AuthByPolicy ContinueWhileAccept.<br>
<br>
The AuthBy INTERNAL clause would call an AuthHook to look at the Reply-Message and reject if necessary, otherwise accept.<br>
<br>
I find this much clearer and easier to understand.<br>
<br>
That said, it is possible to do what you ask, but its a bit convoluted.<br>
<br>
See the example PostAuthHook in “goodies/hooks.txt”.<br>
<br>
regards<br>
<br>
Hugh<br>
<br>
<br>
> On 25 Jul 2018, at 08:31, Michael Newton <<a href="mailto:mnewton@pofp.com" target="_blank">mnewton@pofp.com</a>> wrote:<br>
> <br>
> Pretty basic question; is there a way to reject a request from the PostAuthSelectHook code? The code also needs to alter the results returned from the database, so I'm unable to run it in a PostAuthHook. Thanks!<br>
> --<br>
> <br>
> Michael Newton<br>
> Director, Product Development<br>
> Point of Presence Technologies<br>
> <br>
> _______________________________________________<br>
> radiator mailing list<br>
> <a href="mailto:radiator@lists.open.com.au" target="_blank">radiator@lists.open.com.au</a><br>
> <a href="http://lists.open.com.au/mailman/listinfo/radiator" rel="noreferrer" target="_blank">http://lists.open.com.au/mailman/listinfo/radiator</a><br>
<br>
<br>
--<br>
<br>
Hugh Irvine<br>
<a href="mailto:hugh@open.com.au" target="_blank">hugh@open.com.au</a><br>
<br>
Radiator: the most portable, flexible and configurable RADIUS server <br>
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, <br>
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, <br>
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,<br>
DIAMETER, SIM, etc. <br>
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.<br>
<br>
</blockquote></div>