Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | |
| 2 | # |
| 3 | # This program is free software; you can redistribute it and/or modify |
| 4 | # it under the terms of the GNU General Public License as published by |
| 5 | # the Free Software Foundation; either version 2 of the License, or |
| 6 | # (at your option) any later version. |
| 7 | # |
| 8 | # This program is distributed in the hope that it will be useful, |
| 9 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 10 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 11 | # GNU General Public License for more details. |
| 12 | # |
| 13 | # You should have received a copy of the GNU General Public License |
| 14 | # along with this program; if not, write to the Free Software |
| 15 | # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA |
| 16 | # |
| 17 | # Copyright 2002 The FreeRADIUS server project |
| 18 | # Copyright 2002 Boian Jordanov <bjordanov@orbitel.bg> |
| 19 | # |
| 20 | |
| 21 | # |
| 22 | # Example code for use with rlm_perl |
| 23 | # |
| 24 | # You can use every module that comes with your perl distribution! |
| 25 | # |
| 26 | # If you are using DBI and do some queries to DB, please be sure to |
| 27 | # use the CLONE function to initialize the DBI connection to DB. |
| 28 | # |
| 29 | |
| 30 | use strict; |
| 31 | use warnings; |
| 32 | |
| 33 | # use ... |
| 34 | use Data::Dumper; |
| 35 | |
| 36 | # Bring the global hashes into the package scope |
| 37 | our (%RAD_REQUEST, %RAD_REPLY, %RAD_CHECK); |
| 38 | |
| 39 | # This is hash wich hold original request from radius |
| 40 | #my %RAD_REQUEST; |
| 41 | # In this hash you add values that will be returned to NAS. |
| 42 | #my %RAD_REPLY; |
| 43 | #This is for check items |
| 44 | #my %RAD_CHECK; |
| 45 | # This is configuration items from "config" perl module configuration section |
| 46 | #my %RAD_PERLCONF; |
| 47 | |
| 48 | # |
| 49 | # This the remapping of return values |
| 50 | # |
| 51 | use constant { |
| 52 | RLM_MODULE_REJECT => 0, # immediately reject the request |
| 53 | RLM_MODULE_OK => 2, # the module is OK, continue |
| 54 | RLM_MODULE_HANDLED => 3, # the module handled the request, so stop |
| 55 | RLM_MODULE_INVALID => 4, # the module considers the request invalid |
| 56 | RLM_MODULE_USERLOCK => 5, # reject the request (user is locked out) |
| 57 | RLM_MODULE_NOTFOUND => 6, # user not found |
| 58 | RLM_MODULE_NOOP => 7, # module succeeded without doing anything |
| 59 | RLM_MODULE_UPDATED => 8, # OK (pairs modified) |
| 60 | RLM_MODULE_NUMCODES => 9 # How many return codes there are |
| 61 | }; |
| 62 | |
| 63 | # Same as src/include/radiusd.h |
| 64 | use constant L_DBG=> 1; |
| 65 | use constant L_AUTH=> 2; |
| 66 | use constant L_INFO=> 3; |
| 67 | use constant L_ERR=> 4; |
| 68 | use constant L_PROXY=> 5; |
| 69 | use constant L_ACCT=> 6; |
| 70 | |
| 71 | # Global variables can persist across different calls to the module. |
| 72 | # |
| 73 | # |
| 74 | # { |
| 75 | # my %static_global_hash = (); |
| 76 | # |
| 77 | # sub post_auth { |
| 78 | # ... |
| 79 | # } |
| 80 | # ... |
| 81 | # } |
| 82 | |
| 83 | |
| 84 | # Function to handle authorize |
| 85 | sub authorize { |
| 86 | # For debugging purposes only |
| 87 | # &log_request_attributes; |
| 88 | |
| 89 | # Here's where your authorization code comes |
| 90 | # You can call another function from here: |
| 91 | &test_call; |
| 92 | |
| 93 | return RLM_MODULE_OK; |
| 94 | } |
| 95 | |
| 96 | # Function to handle authenticate |
| 97 | sub authenticate { |
| 98 | # For debugging purposes only |
| 99 | # &log_request_attributes; |
| 100 | |
| 101 | if ($RAD_REQUEST{'User-Name'} =~ /^baduser/i) { |
| 102 | # Reject user and tell him why |
| 103 | $RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function"; |
| 104 | return RLM_MODULE_REJECT; |
| 105 | } else { |
| 106 | # Accept user and set some attribute |
| 107 | $RAD_REPLY{'h323-credit-amount'} = "100"; |
| 108 | return RLM_MODULE_OK; |
| 109 | } |
| 110 | } |
| 111 | |
| 112 | # Function to handle preacct |
| 113 | sub preacct { |
| 114 | # For debugging purposes only |
| 115 | # &log_request_attributes; |
| 116 | |
| 117 | return RLM_MODULE_OK; |
| 118 | } |
| 119 | |
| 120 | # Function to handle accounting |
| 121 | sub accounting { |
| 122 | # For debugging purposes only |
| 123 | # &log_request_attributes; |
| 124 | |
| 125 | # You can call another subroutine from here |
| 126 | &test_call; |
| 127 | |
| 128 | return RLM_MODULE_OK; |
| 129 | } |
| 130 | |
| 131 | # Function to handle checksimul |
| 132 | sub checksimul { |
| 133 | # For debugging purposes only |
| 134 | # &log_request_attributes; |
| 135 | |
| 136 | return RLM_MODULE_OK; |
| 137 | } |
| 138 | |
| 139 | # Function to handle pre_proxy |
| 140 | sub pre_proxy { |
| 141 | # For debugging purposes only |
| 142 | # &log_request_attributes; |
| 143 | |
| 144 | return RLM_MODULE_OK; |
| 145 | } |
| 146 | |
| 147 | # Function to handle post_proxy |
| 148 | sub post_proxy { |
| 149 | # For debugging purposes only |
| 150 | # &log_request_attributes; |
| 151 | |
| 152 | return RLM_MODULE_OK; |
| 153 | } |
| 154 | |
| 155 | # Function to handle post_auth |
| 156 | sub post_auth { |
| 157 | # For debugging purposes only |
| 158 | # &log_request_attributes; |
| 159 | |
| 160 | return RLM_MODULE_OK; |
| 161 | } |
| 162 | |
| 163 | # Function to handle xlat |
| 164 | sub xlat { |
| 165 | # For debugging purposes only |
| 166 | # &log_request_attributes; |
| 167 | |
| 168 | # Loads some external perl and evaluate it |
| 169 | my ($filename,$a,$b,$c,$d) = @_; |
| 170 | &radiusd::radlog(L_DBG, "From xlat $filename "); |
| 171 | &radiusd::radlog(L_DBG,"From xlat $a $b $c $d "); |
| 172 | local *FH; |
| 173 | open FH, $filename or die "open '$filename' $!"; |
| 174 | local($/) = undef; |
| 175 | my $sub = <FH>; |
| 176 | close FH; |
| 177 | my $eval = qq{ sub handler{ $sub;} }; |
| 178 | eval $eval; |
| 179 | eval {main->handler;}; |
| 180 | } |
| 181 | |
| 182 | # Function to handle detach |
| 183 | sub detach { |
| 184 | # For debugging purposes only |
| 185 | # &log_request_attributes; |
| 186 | |
| 187 | # Do some logging. |
| 188 | &radiusd::radlog(L_DBG,"rlm_perl::Detaching. Reloading. Done."); |
| 189 | } |
| 190 | |
| 191 | # |
| 192 | # Some functions that can be called from other functions |
| 193 | # |
| 194 | |
| 195 | sub test_call { |
| 196 | # Some code goes here |
| 197 | } |
| 198 | |
| 199 | sub log_request_attributes { |
| 200 | # This shouldn't be done in production environments! |
| 201 | # This is only meant for debugging! |
| 202 | for (keys %RAD_REQUEST) { |
| 203 | &radiusd::radlog(L_DBG, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); |
| 204 | } |
| 205 | } |
| 206 | |