# -*- text -*- # # $Id: 99215b8e9cb6e8103b3cf15e74d50618c7047b3b $ # Persistent, embedded Perl interpreter. # perl { # # The Perl script to execute on authorize, authenticate, # accounting, xlat, etc. This is very similar to using # 'rlm_exec' module, but it is persistent, and therefore # faster. # filename = ${modconfdir}/${.:instance}/example.pl # # Options which are passed to the Perl interpreter. # These are (mostly) the same options as are passed # to the "perl" command line. # # The most useful flag is "-T". This sets tainting on, which # makes it impossible to leverage bad User-Names into local # command execution. # perl_flags = "-T" # # The following hashes are given to the module and # filled with value-pairs (Attribute names and values) # # %RAD_CHECK Check items # %RAD_REQUEST Attributes from the request # %RAD_REPLY Attributes for the reply # %RAD_REQUEST_PROXY Attributes from the proxied request # %RAD_REQUEST_PROXY_REPLY Attributes from the proxy reply # # The interface between FreeRADIUS and Perl is strings. # That is, attributes of type "octets" are converted to # printable strings, such as "0xabcdef". If you want to # access the binary values of the attributes, you should # call the Perl "pack" function. Then to send any binary # data back to FreeRADIUS, call the Perl "unpack" function, # so that the contents of the hashes are printable strings. # # IP addresses are sent as strings, e.g. "192.0.2.25", and # not as a 4-byte binary value. The same applies to other # attribute data types. # # Attributes of type "string" are copied to Perl as-is. # They are not escaped or interpreted. # # The return codes from functions in the perl_script # are passed directly back to the server. These # codes are defined in mods-config/example.pl # # You can define configuration items (and nested sub-sections) in perl "config" section. # These items will be accessible in the perl script through %RAD_PERLCONF hash. # For instance: $RAD_PERLCONF{'name'} $RAD_PERLCONF{'sub-config'}->{'name'} # #config { # name = "value" # sub-config { # name = "value of name from config.sub-config" # } #} # # List of functions in the module to call. # Uncomment and change if you want to use function # names other than the defaults. # #func_authenticate = authenticate #func_authorize = authorize #func_preacct = preacct #func_accounting = accounting #func_checksimul = checksimul #func_pre_proxy = pre_proxy #func_post_proxy = post_proxy #func_post_auth = post_auth #func_recv_coa = recv_coa #func_send_coa = send_coa #func_xlat = xlat #func_detach = detach # # Uncomment the following lines if you wish # to use separate functions for Start and Stop # accounting packets. In that case, the # func_accounting function is not called. # #func_start_accounting = accounting_start #func_stop_accounting = accounting_stop }