Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | # |
| 3 | # $Id: ad3e15933f9e85c5566810432a5fec8f23d877c1 $ |
| 4 | |
| 5 | # |
| 6 | # This is a more general example of the execute module. |
| 7 | # |
| 8 | # This one is called "echo". |
| 9 | # |
| 10 | # Attribute-Name = `%{echo:/path/to/program args}` |
| 11 | # |
| 12 | # If you wish to execute an external program in more than |
| 13 | # one section (e.g. 'authorize', 'pre_proxy', etc), then it |
| 14 | # is probably best to define a different instance of the |
| 15 | # 'exec' module for every section. |
| 16 | # |
| 17 | # The return value of the program run determines the result |
| 18 | # of the exec instance call as follows: |
| 19 | # (See doc/configurable_failover for details) |
| 20 | # |
| 21 | # < 0 : fail the module failed |
| 22 | # = 0 : ok the module succeeded |
| 23 | # = 1 : reject the module rejected the user |
| 24 | # = 2 : fail the module failed |
| 25 | # = 3 : ok the module succeeded |
| 26 | # = 4 : handled the module has done everything to handle the request |
| 27 | # = 5 : invalid the user's configuration entry was invalid |
| 28 | # = 6 : userlock the user was locked out |
| 29 | # = 7 : notfound the user was not found |
| 30 | # = 8 : noop the module did nothing |
| 31 | # = 9 : updated the module updated information in the request |
| 32 | # > 9 : fail the module failed |
| 33 | # |
| 34 | exec echo { |
| 35 | # |
| 36 | # Wait for the program to finish. |
| 37 | # |
| 38 | # If we do NOT wait, then the program is "fire and |
| 39 | # forget", and any output attributes from it are ignored. |
| 40 | # |
| 41 | # If we are looking for the program to output |
| 42 | # attributes, and want to add those attributes to the |
| 43 | # request, then we MUST wait for the program to |
| 44 | # finish, and therefore set 'wait=yes' |
| 45 | # |
| 46 | # allowed values: {no, yes} |
| 47 | wait = yes |
| 48 | |
| 49 | # |
| 50 | # The name of the program to execute, and it's |
| 51 | # arguments. Dynamic translation is done on this |
| 52 | # field, so things like the following example will |
| 53 | # work. |
| 54 | # |
| 55 | program = "/bin/echo %{User-Name}" |
| 56 | |
| 57 | # |
| 58 | # The attributes which are placed into the |
| 59 | # environment variables for the program. |
| 60 | # |
| 61 | # Allowed values are: |
| 62 | # |
| 63 | # request attributes from the request |
| 64 | # config attributes from the configuration items list |
| 65 | # reply attributes from the reply |
| 66 | # proxy-request attributes from the proxy request |
| 67 | # proxy-reply attributes from the proxy reply |
| 68 | # |
| 69 | # Note that some attributes may not exist at some |
| 70 | # stages. e.g. There may be no proxy-reply |
| 71 | # attributes if this module is used in the |
| 72 | # 'authorize' section. |
| 73 | # |
| 74 | input_pairs = request |
| 75 | |
| 76 | # |
| 77 | # Where to place the output attributes (if any) from |
| 78 | # the executed program. The values allowed, and the |
| 79 | # restrictions as to availability, are the same as |
| 80 | # for the input_pairs. |
| 81 | # |
| 82 | output_pairs = reply |
| 83 | |
| 84 | # |
| 85 | # When to execute the program. If the packet |
| 86 | # type does NOT match what's listed here, then |
| 87 | # the module does NOT execute the program. |
| 88 | # |
| 89 | # For a list of allowed packet types, see |
| 90 | # the 'dictionary' file, and look for VALUEs |
| 91 | # of the Packet-Type attribute. |
| 92 | # |
| 93 | # By default, the module executes on ANY packet. |
| 94 | # Un-comment out the following line to tell the |
| 95 | # module to execute only if an Access-Accept is |
| 96 | # being sent to the NAS. |
| 97 | # |
| 98 | #packet_type = Access-Accept |
| 99 | |
| 100 | # |
| 101 | # Should we escape the environment variables? |
| 102 | # |
| 103 | # If this is set, all the RADIUS attributes |
| 104 | # are capitalised and dashes replaced with |
| 105 | # underscores. Also, RADIUS values are surrounded |
| 106 | # with double-quotes. |
| 107 | # |
| 108 | # That is to say: User-Name=BobUser => USER_NAME="BobUser" |
| 109 | shell_escape = yes |
| 110 | |
| 111 | # |
| 112 | # How long should we wait for the program to finish? |
| 113 | # |
| 114 | # Default is 10 seconds, which should be plenty for nearly |
| 115 | # anything. Range is 1 to 30 seconds. You are strongly |
| 116 | # encouraged to NOT increase this value. Decreasing can |
| 117 | # be used to cause authentication to fail sooner when you |
| 118 | # know it's going to fail anyway due to the time taken, |
| 119 | # thereby saving resources. |
| 120 | # |
| 121 | #timeout = 10 |
| 122 | |
| 123 | } |