summaryrefslogtreecommitdiffstats
path: root/raddb/mods-available/perl
blob: 99215b8e9cb6e8103b3cf15e74d50618c7047b3b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# -*- text -*-
#
#  $Id$

#  Persistent, embedded Perl interpreter.
#
perl {
	#
	#  The Perl script to execute on authorize, authenticate,
	#  accounting, xlat, etc.  This is very similar to using
	#  'rlm_exec' module, but it is persistent, and therefore
	#  faster.
	#
	filename = ${modconfdir}/${.:instance}/example.pl

	#
	#  Options which are passed to the Perl interpreter.
	#  These are (mostly) the same options as are passed
	#  to the "perl" command line.
	#
	#  The most useful flag is "-T".  This sets tainting on, which
	#  makes it impossible to leverage bad User-Names into local
	#  command execution.
	#
	perl_flags = "-T"

	#
	#  The following hashes are given to the module and
	#  filled with value-pairs (Attribute names and values)
	#
	#  %RAD_CHECK               Check items
	#  %RAD_REQUEST             Attributes from the request
	#  %RAD_REPLY               Attributes for the reply
	#  %RAD_REQUEST_PROXY       Attributes from the proxied request
	#  %RAD_REQUEST_PROXY_REPLY Attributes from the proxy reply
	#
	#  The interface between FreeRADIUS and Perl is strings.
	#  That is, attributes of type "octets" are converted to
	#  printable strings, such as "0xabcdef".  If you want to
	#  access the binary values of the attributes, you should
	#  call the Perl "pack" function.  Then to send any binary
	#  data back to FreeRADIUS, call the Perl "unpack" function,
	#  so that the contents of the hashes are printable strings.
	#
	#  IP addresses are sent as strings, e.g. "192.0.2.25", and
	#  not as a 4-byte binary value.  The same applies to other
	#  attribute data types.
	#
	#  Attributes of type "string" are copied to Perl as-is.
	#  They are not escaped or interpreted.
	#
	#  The return codes from functions in the perl_script
	#  are passed directly back to the server.  These
	#  codes are defined in mods-config/example.pl
	#

	# You can define configuration items (and nested sub-sections) in perl "config" section.
	# These items will be accessible in the perl script through %RAD_PERLCONF hash.
	# For instance: $RAD_PERLCONF{'name'} $RAD_PERLCONF{'sub-config'}->{'name'}
	#
	#config {
	#	name = "value"
	#	sub-config {
	#		name = "value of name from config.sub-config"
	#	}
	#}

	#
	#  List of functions in the module to call.
	#  Uncomment and change if you want to use function
	#  names other than the defaults.
	#
	#func_authenticate = authenticate
	#func_authorize = authorize
	#func_preacct = preacct
	#func_accounting = accounting
	#func_checksimul = checksimul
	#func_pre_proxy = pre_proxy
	#func_post_proxy = post_proxy
	#func_post_auth = post_auth
	#func_recv_coa = recv_coa
	#func_send_coa = send_coa
	#func_xlat = xlat
	#func_detach = detach

	#
	#  Uncomment the following lines if you wish
	#  to use separate functions for Start and Stop
	#  accounting packets. In that case, the
	#  func_accounting function is not called.
	#
	#func_start_accounting = accounting_start
	#func_stop_accounting = accounting_stop
}