src/test/setup/radius-config/freeradius/mods-available/echo

# -*- text -*-
#
#  $Id: ad3e15933f9e85c5566810432a5fec8f23d877c1 $

#
#  This is a more general example of the execute module.
#
#  This one is called "echo".
#
#  Attribute-Name = `%{echo:/path/to/program args}`
#
#  If you wish to execute an external program in more than
#  one section (e.g. 'authorize', 'pre_proxy', etc), then it
#  is probably best to define a different instance of the
#  'exec' module for every section.
#
#  The return value of the program run determines the result
#  of the exec instance call as follows:
#  (See doc/configurable_failover for details)
#
#  < 0 : fail      the module failed
#  = 0 : ok        the module succeeded
#  = 1 : reject    the module rejected the user
#  = 2 : fail      the module failed
#  = 3 : ok        the module succeeded
#  = 4 : handled   the module has done everything to handle the request
#  = 5 : invalid   the user's configuration entry was invalid
#  = 6 : userlock  the user was locked out
#  = 7 : notfound  the user was not found
#  = 8 : noop      the module did nothing
#  = 9 : updated   the module updated information in the request
#  > 9 : fail      the module failed
#
exec echo {
	#
	#  Wait for the program to finish.
	#
	#  If we do NOT wait, then the program is "fire and
	#  forget", and any output attributes from it are ignored.
	#
	#  If we are looking for the program to output
	#  attributes, and want to add those attributes to the
	#  request, then we MUST wait for the program to
	#  finish, and therefore set 'wait=yes'
	#
	# allowed values: {no, yes}
	wait = yes

	#
	#  The name of the program to execute, and it's
	#  arguments.  Dynamic translation is done on this
	#  field, so things like the following example will
	#  work.
	#
	program = "/bin/echo %{User-Name}"

	#
	#  The attributes which are placed into the
	#  environment variables for the program.
	#
	#  Allowed values are:
	#
	#	request		attributes from the request
	#	config		attributes from the configuration items list
	#	reply		attributes from the reply
	#	proxy-request	attributes from the proxy request
	#	proxy-reply	attributes from the proxy reply
	#
	#  Note that some attributes may not exist at some
	#  stages.  e.g. There may be no proxy-reply
	#  attributes if this module is used in the
	#  'authorize' section.
	#
	input_pairs = request

	#
	#  Where to place the output attributes (if any) from
	#  the executed program.  The values allowed, and the
	#  restrictions as to availability, are the same as
	#  for the input_pairs.
	#
	output_pairs = reply

	#
	#  When to execute the program.  If the packet
	#  type does NOT match what's listed here, then
	#  the module does NOT execute the program.
	#
	#  For a list of allowed packet types, see
	#  the 'dictionary' file, and look for VALUEs
	#  of the Packet-Type attribute.
	#
	#  By default, the module executes on ANY packet.
	#  Un-comment out the following line to tell the
	#  module to execute only if an Access-Accept is
	#  being sent to the NAS.
	#
	#packet_type = Access-Accept

	#
	#  Should we escape the environment variables?
	#
	#  If this is set, all the RADIUS attributes
	#  are capitalised and dashes replaced with
	#  underscores. Also, RADIUS values are surrounded
	#  with double-quotes.
	#
	#  That is to say: User-Name=BobUser => USER_NAME="BobUser"
	shell_escape = yes

	#
	#  How long should we wait for the program to finish?
	#
	#  Default is 10 seconds, which should be plenty for nearly
	#  anything. Range is 1 to 30 seconds. You are strongly
	#  encouraged to NOT increase this value. Decreasing can
	#  be used to cause authentication to fail sooner when you
	#  know it's going to fail anyway due to the time taken,
	#  thereby saving resources.
	#
	#timeout = 10

}