Fix check_radius returning OK on unexpected results

REJECT_RC is defined on some radiusclient versions and differenciates
between auth errors and bad responses. This patch will affect only the
behaviour of those clients exporting REJECT_RC.

In addition, unexpected return codes are now handled properly and
return UNKNOWN.

NEWS

@@ -19,6 +19,7 @@ This file documents the major additions and syntax changes between releases.
 	Fix check_disk_smb and check_ircd failures when run via ePN
 	check_ldap now allows for specifying an empty LDAP base
 	Fix compilation error of pst3 in Solaris 8
+	Fix check_radius returning OK on unexpected results (Craig Leres - #2911752)
 	WARNINGS
 	Updated developer documentation to say that performance labels should not have an equals sign or
 	single quote in the label

THANKS.in

@@ -263,3 +263,4 @@ Konstantin Khomoutov
 Josip Rodin
 Dann Frazier
 Stephane Chazelas
+Craig Leres

plugins/check_radius.c

@@ -63,6 +63,13 @@ void print_usage (void);
 #define my_rc_avpair_add(a,b,c,d) rc_avpair_add(a, b, c, d)
 #define my_rc_read_dictionary(a) rc_read_dictionary(a)
 #endif
+
+/* REJECT_RC is only defined in some version of radiusclient. It has
+ * been reported from radiusclient-ng 0.5.6 on FreeBSD 7.2-RELEASE */
+#ifndef REJECT_RC
+#define REJECT_RC BADRESP_RC
+#endif
+
 int my_rc_read_config(char *);
 
 char *server = NULL;
@@ -195,13 +202,16 @@ main (int argc, char **argv)
 		die (STATE_CRITICAL, _("Timeout"));
 	if (result == ERROR_RC)
 		die (STATE_CRITICAL, _("Auth Error"));
-	if (result == BADRESP_RC)
+	if (result == REJECT_RC)
 		die (STATE_WARNING, _("Auth Failed"));
+	if (result == BADRESP_RC)
+		die (STATE_WARNING, _("Bad Response"));
 	if (expect && !strstr (msg, expect))
 		die (STATE_WARNING, "%s", msg);
 	if (result == OK_RC)
 		die (STATE_OK, _("Auth OK"));
-	return (0);
+	(void)snprintf(msg, sizeof(msg), _("Unexpected result code %d"), result);
+	die (STATE_UNKNOWN, msg);
 }