1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
# -*- text -*-
#
# $Id$
# Persistent, embedded Perl interpreter.
#
perl {
#
# The Perl script to execute on authorize, authenticate,
# accounting, xlat, etc. This is very similar to using
# 'rlm_exec' module, but it is persistent, and therefore
# faster.
#
filename = ${modconfdir}/${.:instance}/example.pl
#
# Options which are passed to the Perl interpreter.
# These are (mostly) the same options as are passed
# to the "perl" command line.
#
# The most useful flag is "-T". This sets tainting on, which
# makes it impossible to leverage bad User-Names into local
# command execution.
#
perl_flags = "-T"
#
# The following hashes are given to the module and
# filled with value-pairs (Attribute names and values)
#
# %RAD_CHECK Check items
# %RAD_REQUEST Attributes from the request
# %RAD_REPLY Attributes for the reply
# %RAD_REQUEST_PROXY Attributes from the proxied request
# %RAD_REQUEST_PROXY_REPLY Attributes from the proxy reply
#
# The interface between FreeRADIUS and Perl is strings.
# That is, attributes of type "octets" are converted to
# printable strings, such as "0xabcdef". If you want to
# access the binary values of the attributes, you should
# call the Perl "pack" function. Then to send any binary
# data back to FreeRADIUS, call the Perl "unpack" function,
# so that the contents of the hashes are printable strings.
#
# IP addresses are sent as strings, e.g. "192.0.2.25", and
# not as a 4-byte binary value. The same applies to other
# attribute data types.
#
# Attributes of type "string" are copied to Perl as-is.
# They are not escaped or interpreted.
#
# The return codes from functions in the perl_script
# are passed directly back to the server. These
# codes are defined in mods-config/example.pl
#
# You can define configuration items (and nested sub-sections) in perl "config" section.
# These items will be accessible in the perl script through %RAD_PERLCONF hash.
# For instance: $RAD_PERLCONF{'name'} $RAD_PERLCONF{'sub-config'}->{'name'}
#
#config {
# name = "value"
# sub-config {
# name = "value of name from config.sub-config"
# }
#}
#
# List of functions in the module to call.
# Uncomment and change if you want to use function
# names other than the defaults.
#
#func_authenticate = authenticate
#func_authorize = authorize
#func_preacct = preacct
#func_accounting = accounting
#func_checksimul = checksimul
#func_pre_proxy = pre_proxy
#func_post_proxy = post_proxy
#func_post_auth = post_auth
#func_recv_coa = recv_coa
#func_send_coa = send_coa
#func_xlat = xlat
#func_detach = detach
#
# Uncomment the following lines if you wish
# to use separate functions for Start and Stop
# accounting packets. In that case, the
# func_accounting function is not called.
#
#func_start_accounting = accounting_start
#func_stop_accounting = accounting_stop
}
|
