| 4 |
- |
1 |
#
|
|
|
2 |
# This program is free software; you can redistribute it and/or modify
|
|
|
3 |
# it under the terms of the GNU General Public License as published by
|
|
|
4 |
# the Free Software Foundation; either version 2 of the License, or
|
|
|
5 |
# (at your option) any later version.
|
|
|
6 |
#
|
|
|
7 |
# This program is distributed in the hope that it will be useful,
|
|
|
8 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
9 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
10 |
# GNU General Public License for more details.
|
|
|
11 |
#
|
|
|
12 |
# You should have received a copy of the GNU General Public License
|
|
|
13 |
# along with this program; if not, write to the Free Software
|
|
|
14 |
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
|
15 |
#
|
|
|
16 |
# Copyright 2002 The FreeRADIUS server project
|
|
|
17 |
# Copyright 2002 Boian Jordanov <bjordanov@orbitel.bg>
|
|
|
18 |
#
|
|
|
19 |
|
|
|
20 |
#
|
|
|
21 |
# Example code for use with rlm_perl
|
|
|
22 |
#
|
|
|
23 |
# You can use every module that comes with your perl distribution!
|
|
|
24 |
#
|
|
|
25 |
# If you are using DBI and do some queries to DB, please be sure to
|
|
|
26 |
# use the CLONE function to initialize the DBI connection to DB.
|
|
|
27 |
#
|
|
|
28 |
|
|
|
29 |
use strict;
|
|
|
30 |
# use ...
|
|
|
31 |
# This is very important ! Without this script will not get the filled hashesh from main.
|
|
|
32 |
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
|
|
|
33 |
use Data::Dumper;
|
|
|
34 |
|
|
|
35 |
# This is hash wich hold original request from radius
|
|
|
36 |
#my %RAD_REQUEST;
|
|
|
37 |
# In this hash you add values that will be returned to NAS.
|
|
|
38 |
#my %RAD_REPLY;
|
|
|
39 |
#This is for check items
|
|
|
40 |
#my %RAD_CHECK;
|
|
|
41 |
|
|
|
42 |
#
|
|
|
43 |
# This the remapping of return values
|
|
|
44 |
#
|
|
|
45 |
use constant RLM_MODULE_REJECT=> 0;# /* immediately reject the request */
|
|
|
46 |
use constant RLM_MODULE_FAIL=> 1;# /* module failed, don't reply */
|
|
|
47 |
use constant RLM_MODULE_OK=> 2;# /* the module is OK, continue */
|
|
|
48 |
use constant RLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */
|
|
|
49 |
use constant RLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */
|
|
|
50 |
use constant RLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */
|
|
|
51 |
use constant RLM_MODULE_NOTFOUND=> 6;# /* user not found */
|
|
|
52 |
use constant RLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */
|
|
|
53 |
use constant RLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */
|
|
|
54 |
use constant RLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */
|
|
|
55 |
|
| 34 |
- |
56 |
# Same as src/include/radiusd.h
|
|
|
57 |
use constant L_DBG=> 1;
|
|
|
58 |
use constant L_AUTH=> 2;
|
|
|
59 |
use constant L_INFO=> 3;
|
|
|
60 |
use constant L_ERR=> 4;
|
|
|
61 |
use constant L_PROXY=> 5;
|
|
|
62 |
use constant L_ACCT=> 6;
|
|
|
63 |
|
| 4 |
- |
64 |
# Global variables can persist across different calls to the module.
|
|
|
65 |
#
|
|
|
66 |
#
|
|
|
67 |
# {
|
|
|
68 |
# my %static_global_hash = ();
|
|
|
69 |
#
|
|
|
70 |
# sub post_auth {
|
|
|
71 |
# ...
|
|
|
72 |
# }
|
|
|
73 |
# ...
|
|
|
74 |
# }
|
|
|
75 |
|
|
|
76 |
|
|
|
77 |
# Function to handle authorize
|
|
|
78 |
sub authorize {
|
|
|
79 |
# For debugging purposes only
|
|
|
80 |
# &log_request_attributes;
|
|
|
81 |
|
|
|
82 |
# Here's where your authorization code comes
|
|
|
83 |
# You can call another function from here:
|
|
|
84 |
&test_call;
|
|
|
85 |
|
|
|
86 |
return RLM_MODULE_OK;
|
|
|
87 |
}
|
|
|
88 |
|
|
|
89 |
# Function to handle authenticate
|
|
|
90 |
sub authenticate {
|
|
|
91 |
# For debugging purposes only
|
|
|
92 |
# &log_request_attributes;
|
|
|
93 |
|
|
|
94 |
if ($RAD_REQUEST{'User-Name'} =~ /^baduser/i) {
|
|
|
95 |
# Reject user and tell him why
|
|
|
96 |
$RAD_REPLY{'Reply-Message'} = "Denied access by rlm_perl function";
|
|
|
97 |
return RLM_MODULE_REJECT;
|
|
|
98 |
} else {
|
|
|
99 |
# Accept user and set some attribute
|
|
|
100 |
$RAD_REPLY{'h323-credit-amount'} = "100";
|
|
|
101 |
return RLM_MODULE_OK;
|
|
|
102 |
}
|
|
|
103 |
}
|
|
|
104 |
|
|
|
105 |
# Function to handle preacct
|
|
|
106 |
sub preacct {
|
|
|
107 |
# For debugging purposes only
|
|
|
108 |
# &log_request_attributes;
|
|
|
109 |
|
|
|
110 |
return RLM_MODULE_OK;
|
|
|
111 |
}
|
|
|
112 |
|
|
|
113 |
# Function to handle accounting
|
|
|
114 |
sub accounting {
|
|
|
115 |
# For debugging purposes only
|
|
|
116 |
# &log_request_attributes;
|
|
|
117 |
|
|
|
118 |
# You can call another subroutine from here
|
|
|
119 |
&test_call;
|
|
|
120 |
|
|
|
121 |
return RLM_MODULE_OK;
|
|
|
122 |
}
|
|
|
123 |
|
|
|
124 |
# Function to handle checksimul
|
|
|
125 |
sub checksimul {
|
|
|
126 |
# For debugging purposes only
|
|
|
127 |
# &log_request_attributes;
|
|
|
128 |
|
|
|
129 |
return RLM_MODULE_OK;
|
|
|
130 |
}
|
|
|
131 |
|
|
|
132 |
# Function to handle pre_proxy
|
|
|
133 |
sub pre_proxy {
|
|
|
134 |
# For debugging purposes only
|
|
|
135 |
# &log_request_attributes;
|
|
|
136 |
|
|
|
137 |
return RLM_MODULE_OK;
|
|
|
138 |
}
|
|
|
139 |
|
|
|
140 |
# Function to handle post_proxy
|
|
|
141 |
sub post_proxy {
|
|
|
142 |
# For debugging purposes only
|
|
|
143 |
# &log_request_attributes;
|
|
|
144 |
|
|
|
145 |
return RLM_MODULE_OK;
|
|
|
146 |
}
|
|
|
147 |
|
|
|
148 |
# Function to handle post_auth
|
|
|
149 |
sub post_auth {
|
|
|
150 |
# For debugging purposes only
|
|
|
151 |
# &log_request_attributes;
|
|
|
152 |
|
|
|
153 |
return RLM_MODULE_OK;
|
|
|
154 |
}
|
|
|
155 |
|
|
|
156 |
# Function to handle xlat
|
|
|
157 |
sub xlat {
|
|
|
158 |
# For debugging purposes only
|
|
|
159 |
# &log_request_attributes;
|
|
|
160 |
|
|
|
161 |
# Loads some external perl and evaluate it
|
|
|
162 |
my ($filename,$a,$b,$c,$d) = @_;
|
| 34 |
- |
163 |
&radiusd::radlog(L_DBG, "From xlat $filename ");
|
|
|
164 |
&radiusd::radlog(L_DBG,"From xlat $a $b $c $d ");
|
| 4 |
- |
165 |
local *FH;
|
|
|
166 |
open FH, $filename or die "open '$filename' $!";
|
|
|
167 |
local($/) = undef;
|
|
|
168 |
my $sub = <FH>;
|
|
|
169 |
close FH;
|
|
|
170 |
my $eval = qq{ sub handler{ $sub;} };
|
|
|
171 |
eval $eval;
|
|
|
172 |
eval {main->handler;};
|
|
|
173 |
}
|
|
|
174 |
|
|
|
175 |
# Function to handle detach
|
|
|
176 |
sub detach {
|
|
|
177 |
# For debugging purposes only
|
|
|
178 |
# &log_request_attributes;
|
|
|
179 |
|
|
|
180 |
# Do some logging.
|
| 34 |
- |
181 |
&radiusd::radlog(L_DBG,"rlm_perl::Detaching. Reloading. Done.");
|
| 4 |
- |
182 |
}
|
|
|
183 |
|
|
|
184 |
#
|
|
|
185 |
# Some functions that can be called from other functions
|
|
|
186 |
#
|
|
|
187 |
|
|
|
188 |
sub test_call {
|
|
|
189 |
# Some code goes here
|
|
|
190 |
}
|
|
|
191 |
|
|
|
192 |
sub log_request_attributes {
|
|
|
193 |
# This shouldn't be done in production environments!
|
|
|
194 |
# This is only meant for debugging!
|
|
|
195 |
for (keys %RAD_REQUEST) {
|
| 34 |
- |
196 |
&radiusd::radlog(L_DBG, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}");
|
| 4 |
- |
197 |
}
|
|
|
198 |
}
|
|
|
199 |
|