Subversion Repositories configs

# -*- text -*-

#

#  $Id: 0ca6bd8d27c25bf4f84fd27f97323b8961814d77 $

#

#  This is a more general example of the execute module.

#

#  This one is called "echo".

#

#  Attribute-Name = `%{echo:/path/to/program args}`

#

#  If you wish to execute an external program in more than

#  one section (e.g. 'authorize', 'pre_proxy', etc), then it

#  is probably best to define a different instance of the

#  'exec' module for every section.

#

#  The return value of the program run determines the result

#  of the exec instance call as follows:

#  (See doc/configurable_failover for details)

#

#  < 0 : fail      the module failed

#  = 0 : ok        the module succeeded

#  = 1 : reject    the module rejected the user

#  = 2 : fail      the module failed

#  = 3 : ok        the module succeeded

#  = 4 : handled   the module has done everything to handle the request

#  = 5 : invalid   the user's configuration entry was invalid

#  = 6 : userlock  the user was locked out

#  = 7 : notfound  the user was not found

#  = 8 : noop      the module did nothing

#  = 9 : updated   the module updated information in the request

#  > 9 : fail      the module failed

#

exec echo {

	#

	#  Wait for the program to finish.

	#

	#  If we do NOT wait, then the program is "fire and

	#  forget", and any output attributes from it are ignored.

	#

	#  If we are looking for the program to output

	#  attributes, and want to add those attributes to the

	#  request, then we MUST wait for the program to

	#  finish, and therefore set 'wait=yes'

	#

	# allowed values: {no, yes}

	wait = yes

	#

	#  The name of the program to execute, and it's

	#  arguments.  Dynamic translation is done on this

	#  field, so things like the following example will

	#  work.

	#

	program = "/bin/echo %{User-Name}"

	#

	#  The attributes which are placed into the

	#  environment variables for the program.

	#

	#  Allowed values are:

	#

	#	request		attributes from the request

	#	config		attributes from the configuration items list

	#	reply		attributes from the reply

	#	proxy-request	attributes from the proxy request

	#	proxy-reply	attributes from the proxy reply

	#

	#  Note that some attributes may not exist at some

	#  stages.  e.g. There may be no proxy-reply

	#  attributes if this module is used in the

	#  'authorize' section.

	#

	input_pairs = request

	#

	#  Where to place the output attributes (if any) from

	#  the executed program.  The values allowed, and the

	#  restrictions as to availability, are the same as

	#  for the input_pairs.

	#

	output_pairs = reply

	#

	#  When to execute the program.  If the packet

	#  type does NOT match what's listed here, then

	#  the module does NOT execute the program.

	#

	#  For a list of allowed packet types, see

	#  the 'dictionary' file, and look for VALUEs

	#  of the Packet-Type attribute.

	#

	#  By default, the module executes on ANY packet.

	#  Un-comment out the following line to tell the

	#  module to execute only if an Access-Accept is

	#  being sent to the NAS.

	#

	#packet_type = Access-Accept

	#

	#  Should we escape the environment variables?

	#

	#  If this is set, all the RADIUS attributes

	#  are capitalised and dashes replaced with

	#  underscores. Also, RADIUS values are surrounded

	#  with double-quotes.

	#

	#  That is to say: User-Name=BobUser => USER_NAME="BobUser"

	shell_escape = yes

	#

	#  How long should we wait for the program to finish?

	#

	#  Default is 10 seconds, which should be plenty for nearly

	#  anything. Range is 1 to 30 seconds. You are strongly

	#  encouraged to NOT increase this value. Decreasing can

	#  be used to cause authentication to fail sooner when you

	#  know it's going to fail anyway due to the time taken,

	#  thereby saving resources.

	#

	#timeout = 10

}