2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License, version 2 if the
4 * License as published by the Free Software Foundation.
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 * GNU General Public License for more details.
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * @brief Translates requests between the server an a perl interpreter.
21 * @copyright 2002,2006 The FreeRADIUS server project
22 * @copyright 2002 Boian Jordanov <bjordanov@orbitel.bg>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
28 #include <freeradius-devel/rad_assert.h>
37 #include <semaphore.h>
40 extern char **environ;
44 * Define a structure for our module configuration.
46 * These variables do not need to be in a structure, but it's
47 * a lot cleaner to do so, and a pointer to the structure can
48 * be used as the instance handle.
50 typedef struct rlm_perl_t {
51 /* Name of the perl module */
54 /* Name of the functions for each module method */
55 char const *func_authorize;
56 char const *func_authenticate;
57 char const *func_accounting;
58 char const *func_start_accounting;
59 char const *func_stop_accounting;
60 char const *func_preacct;
61 char const *func_checksimul;
62 char const *func_detach;
63 char const *func_xlat;
65 char const *func_pre_proxy;
66 char const *func_post_proxy;
68 char const *func_post_auth;
70 char const *func_recv_coa;
71 char const *func_send_coa;
73 char const *xlat_name;
74 char const *perl_flags;
75 PerlInterpreter *perl;
76 pthread_key_t *thread_key;
79 pthread_mutex_t clone_mutex;
82 HV *rad_perlconf_hv; //!< holds "config" items (perl %RAD_PERLCONF hash).
86 * A mapping of configuration file names to internal variables.
88 #define RLM_PERL_CONF(_x) { "func_" STRINGIFY(_x), PW_TYPE_STRING, \
89 offsetof(rlm_perl_t,func_##_x), NULL, STRINGIFY(_x)}
91 static const CONF_PARSER module_config[] = {
92 { "module", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED, rlm_perl_t, module), NULL },
93 { "filename", FR_CONF_OFFSET(PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED, rlm_perl_t, module), NULL },
95 RLM_PERL_CONF(authorize),
96 RLM_PERL_CONF(authenticate),
97 RLM_PERL_CONF(post_auth),
98 RLM_PERL_CONF(accounting),
99 RLM_PERL_CONF(preacct),
100 RLM_PERL_CONF(checksimul),
101 RLM_PERL_CONF(detach),
105 RLM_PERL_CONF(pre_proxy),
106 RLM_PERL_CONF(post_proxy),
109 RLM_PERL_CONF(recv_coa),
110 RLM_PERL_CONF(send_coa),
112 { "perl_flags", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_perl_t, perl_flags), NULL },
114 { "func_start_accounting", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_perl_t, func_start_accounting), NULL },
116 { "func_stop_accounting", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_perl_t, func_stop_accounting), NULL },
118 { NULL, -1, 0, NULL, NULL } /* end the list */
124 EXTERN_C void boot_DynaLoader(pTHX_ CV* cv);
127 #define dl_librefs "DynaLoader::dl_librefs"
128 #define dl_modules "DynaLoader::dl_modules"
129 static void rlm_perl_clear_handles(pTHX)
131 AV *librefs = get_av(dl_librefs, false);
137 static void **rlm_perl_get_handles(pTHX)
140 AV *librefs = get_av(dl_librefs, false);
141 AV *modules = get_av(dl_modules, false);
144 if (!librefs) return NULL;
146 if (!(AvFILL(librefs) >= 0)) {
150 handles = (void **)rad_malloc(sizeof(void *) * (AvFILL(librefs)+2));
152 for (i=0; i<=AvFILL(librefs); i++) {
154 SV *handle_sv = *av_fetch(librefs, i, false);
157 ERROR("Could not fetch $%s[%d]!\n",
161 handle = (void *)SvIV(handle_sv);
171 handles[i] = (void *)0;
176 static void rlm_perl_close_handles(void **handles)
184 for (i=0; handles[i]; i++) {
185 DEBUG("close %p\n", handles[i]);
193 static void rlm_perl_destruct(PerlInterpreter *perl)
197 PERL_SET_CONTEXT(perl);
199 PL_perl_destruct_level = 2;
201 PL_origenviron = environ;
208 * FIXME: This shouldn't happen
211 while (PL_scopestack_ix > 1 ){
220 static void rlm_destroy_perl(PerlInterpreter *perl)
225 PERL_SET_CONTEXT(perl);
227 handles = rlm_perl_get_handles(aTHX);
228 if (handles) rlm_perl_close_handles(handles);
229 rlm_perl_destruct(perl);
233 static void rlm_perl_make_key(pthread_key_t *key)
235 pthread_key_create(key, (void*)rlm_destroy_perl);
238 static PerlInterpreter *rlm_perl_clone(PerlInterpreter *perl, pthread_key_t *key)
242 PerlInterpreter *interp;
245 PERL_SET_CONTEXT(perl);
247 interp = pthread_getspecific(*key);
248 if (interp) return interp;
250 interp = perl_clone(perl, clone_flags);
254 #if PERL_REVISION >= 5 && PERL_VERSION <8
257 ptr_table_free(PL_ptr_table);
260 PERL_SET_CONTEXT(aTHX);
261 rlm_perl_clear_handles(aTHX);
263 ret = pthread_setspecific(*key, interp);
265 DEBUG("rlm_perl: Failed associating interpretor with thread %s", fr_syserror(ret));
267 rlm_perl_destruct(interp);
277 * This is wrapper for radlog
278 * Now users can call radiusd::radlog(level,msg) wich is the same
279 * calling radlog from C code.
282 static XS(XS_radiusd_radlog)
286 croak("Usage: radiusd::radlog(level, message)");
291 level = (int) SvIV(ST(0));
292 msg = (char *) SvPV(ST(1), PL_na);
295 * Because 'msg' is a 'char *', we don't want '%s', etc.
296 * in it to give us printf-style vulnerabilities.
298 radlog(level, "rlm_perl: %s", msg);
303 static void xs_init(pTHX)
305 char const *file = __FILE__;
307 /* DynaLoader is a special case */
308 newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
310 newXS("radiusd::radlog",XS_radiusd_radlog, "rlm_perl");
316 static ssize_t perl_xlat(void *instance, REQUEST *request, char const *fmt, char *out, size_t freespace)
319 rlm_perl_t *inst = (rlm_perl_t *) instance;
327 PerlInterpreter *interp;
329 pthread_mutex_lock(&inst->clone_mutex);
330 interp = rlm_perl_clone(inst->perl, inst->thread_key);
333 PERL_SET_CONTEXT(interp);
335 pthread_mutex_unlock(&inst->clone_mutex);
337 PERL_SET_CONTEXT(inst->perl);
346 while ((q = strchr(p, ' '))) {
347 XPUSHs(sv_2mortal(newSVpv(p, p - q)));
354 count = call_pv(inst->func_xlat, G_SCALAR | G_EVAL);
358 REDEBUG("Exit %s", SvPV(ERRSV,n_a));
360 } else if (count > 0) {
362 strlcpy(out, tmp, freespace);
365 RDEBUG("Len is %zu , out is %s freespace is %zu", ret, out, freespace);
378 * Parse a configuration section, and populate a HV.
379 * This function is recursively called (allows to have nested hashes.)
381 static void perl_parse_config(CONF_SECTION *cs, int lvl, HV *rad_hv)
383 if (!cs || !rad_hv) return;
385 int indent_section = (lvl + 1) * 4;
386 int indent_item = (lvl + 2) * 4;
388 DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
392 for (ci = cf_item_find_next(cs, NULL);
394 ci = cf_item_find_next(cs, ci)) {
397 * Create a new HV, store it as a reference in current HV,
398 * Then recursively call perl_parse_config with this section and the new HV.
400 if (cf_item_is_section(ci)) {
401 CONF_SECTION *sub_cs = cf_itemtosection(ci);
402 char const *key = cf_section_name1(sub_cs); /* hash key */
408 if (hv_exists(rad_hv, key, strlen(key))) {
409 WARN("rlm_perl: Ignoring duplicate config section '%s'", key);
414 ref = newRV_inc((SV*) sub_hv);
416 (void)hv_store(rad_hv, key, strlen(key), ref, 0);
418 perl_parse_config(sub_cs, lvl + 1, sub_hv);
419 } else if (cf_item_is_pair(ci)){
420 CONF_PAIR *cp = cf_itemtopair(ci);
421 char const *key = cf_pair_attr(cp); /* hash key */
422 char const *value = cf_pair_value(cp); /* hash value */
424 if (!key || !value) continue;
428 * Store item attr / value in current HV.
430 if (hv_exists(rad_hv, key, strlen(key))) {
431 WARN("rlm_perl: Ignoring duplicate config item '%s'", key);
435 (void)hv_store(rad_hv, key, strlen(key), newSVpv(value, strlen(value)), 0);
437 DEBUG("%*s%s = %s", indent_item, " ", key, value);
441 DEBUG("%*s}", indent_section, " ");
445 * Do any per-module initialization that is separate to each
446 * configured instance of the module. e.g. set up connections
447 * to external databases, read configuration files, set up
448 * dictionary entries, etc.
450 * If configuration information is given in the config section
451 * that must be referenced in later calls, store a handle to it
452 * in *instance otherwise put a null pointer there.
455 * Setup a hashes wich we will use later
456 * parse a module and give him a chance to live
459 static int mod_instantiate(CONF_SECTION *conf, void *instance)
461 rlm_perl_t *inst = instance;
464 char const **embed_c; /* Stupid Perl and lack of const consistency */
467 char const *xlat_name;
468 int exitstatus = 0, argc=0;
470 MEM(embed_c = talloc_zero_array(inst, char const *, 4));
471 memcpy(&embed, &embed_c, sizeof(embed));
473 * Create pthread key. This key will be stored in instance
477 pthread_mutex_init(&inst->clone_mutex, NULL);
479 inst->thread_key = rad_malloc(sizeof(*inst->thread_key));
480 memset(inst->thread_key,0,sizeof(*inst->thread_key));
482 rlm_perl_make_key(inst->thread_key);
488 if (inst->perl_flags) {
489 embed_c[1] = inst->perl_flags;
490 embed_c[2] = inst->module;
494 embed_c[1] = inst->module;
499 PERL_SYS_INIT3(&argc, &embed, &envp);
501 if ((inst->perl = perl_alloc()) == NULL) {
502 ERROR("rlm_perl: No memory for allocating new perl !");
506 perl_construct(inst->perl);
509 PL_perl_destruct_level = 2;
514 PERL_SET_CONTEXT(inst->perl);
517 #if PERL_REVISION >= 5 && PERL_VERSION >=8
518 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
521 exitstatus = perl_parse(inst->perl, xs_init, argc, embed, NULL);
527 perl_run(inst->perl);
529 ERROR("rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module);
535 xlat_name = cf_section_name2(conf);
537 xlat_name = cf_section_name1(conf);
539 xlat_register(xlat_name, perl_xlat, NULL, inst);
542 /* parse perl configuration sub-section */
544 cs = cf_section_sub_find(conf, "config");
546 DEBUG("rlm_perl (%s): parsing 'config' section...", xlat_name);
548 inst->rad_perlconf_hv = get_hv("RAD_PERLCONF",1);
549 perl_parse_config(cs, 0, inst->rad_perlconf_hv);
551 DEBUG("rlm_perl (%s): done parsing 'config'.", xlat_name);
558 * get the vps and put them in perl hash
559 * If one VP have multiple values it is added as array_ref
560 * Example for this is Cisco-AVPair that holds multiple values.
561 * Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
563 static void perl_store_vps(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR *vps, HV *rad_hv)
565 VALUE_PAIR *head, *sublist;
575 * Copy the valuepair list so we can remove attributes
576 * we've already processed. This is a horrible hack to
577 * get around various other stupidity.
579 head = paircopy(ctx, vps);
585 * Tagged attributes are added to the hash with name
586 * <attribute>:<tag>, others just use the normal attribute
589 if (head->da->flags.has_tag && (head->tag != 0)) {
590 snprintf(namebuf, sizeof(namebuf), "%s:%d",
591 head->da->name, head->tag);
594 name = head->da->name;
598 * Create a new list with all the attributes like this one
599 * which are in the same tag group.
602 pairfilter(ctx, &sublist, &head, head->da->attr, head->da->vendor, head->tag);
604 fr_cursor_init(&cursor, &sublist);
607 * Attribute has multiple values
609 if (fr_cursor_next(&cursor)) {
613 for (vp = fr_cursor_first(&cursor);
615 vp = fr_cursor_next(&cursor)) {
616 if (vp->da->type != PW_TYPE_STRING) {
617 len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
618 av_push(av, newSVpv(buffer, truncate_len(len, sizeof(buffer))));
619 RDEBUG("<-- %s = %s", vp->da->name, buffer);
621 av_push(av, newSVpv(vp->vp_strvalue, vp->length));
622 RDEBUG("<-- %s = %s", vp->da->name, vp->vp_strvalue);
625 (void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
628 * Attribute has a single value, so its value just gets
631 } else if (sublist) {
633 if (sublist->da->type != PW_TYPE_STRING) {
634 len = vp_prints_value(buffer, sizeof(buffer), sublist, 0);
635 (void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, truncate_len(len, sizeof(buffer))), 0);
636 RDEBUG("<-- %s = %s", sublist->da->name, buffer);
638 (void)hv_store(rad_hv, name, strlen(name), newSVpv(sublist->vp_strvalue, sublist->length), 0);
639 RDEBUG("<-- %s = %s", sublist->da->name, sublist->vp_strvalue);
651 * Verify that a Perl SV is a string and save it in FreeRadius
655 static int pairadd_sv(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **vps, char *key, SV *sv, FR_TOKEN op)
663 vp = pairmake(ctx, vps, key, NULL, op);
666 REDEBUG("Failed to create pair %s = %s", key, val);
670 if (vp->da->type != PW_TYPE_STRING) {
671 if (pairparsevalue(vp, val, 0) < 0) goto fail;
673 pairstrncpy(vp, val, len);
676 RDEBUG("--> %s = %s", key, val);
684 * Gets the content from hashes
686 static int get_hv_content(TALLOC_CTX *ctx, REQUEST *request, HV *my_hv, VALUE_PAIR **vps)
691 I32 key_len, len, i, j;
695 for (i = hv_iterinit(my_hv); i > 0; i--) {
696 res_sv = hv_iternextsv(my_hv,&key,&key_len);
697 if (SvROK(res_sv) && (SvTYPE(SvRV(res_sv)) == SVt_PVAV)) {
698 av = (AV*)SvRV(res_sv);
700 for (j = 0; j <= len; j++) {
701 av_sv = av_fetch(av, j, 0);
702 ret = pairadd_sv(ctx, request, vps, key, *av_sv, T_OP_ADD) + ret;
704 } else ret = pairadd_sv(ctx, request, vps, key, res_sv, T_OP_EQ) + ret;
711 * Call the function_name inside the module
712 * Store all vps in hashes %RAD_CHECK %RAD_REPLY %RAD_REQUEST
715 static int do_perl(void *instance, REQUEST *request, char const *function_name)
718 rlm_perl_t *inst = instance;
720 int exitstatus=0, count;
728 HV *rad_request_proxy_hv;
729 HV *rad_request_proxy_reply_hv;
733 * Radius has told us to call this function, but none
736 if (!function_name) return RLM_MODULE_FAIL;
739 pthread_mutex_lock(&inst->clone_mutex);
741 PerlInterpreter *interp;
743 interp = rlm_perl_clone(inst->perl,inst->thread_key);
746 PERL_SET_CONTEXT(interp);
749 pthread_mutex_unlock(&inst->clone_mutex);
751 PERL_SET_CONTEXT(inst->perl);
760 rad_reply_hv = get_hv("RAD_REPLY",1);
761 rad_check_hv = get_hv("RAD_CHECK",1);
762 rad_config_hv = get_hv("RAD_CONFIG",1);
763 rad_request_hv = get_hv("RAD_REQUEST",1);
765 perl_store_vps(request->reply, request, request->reply->vps, rad_reply_hv);
766 perl_store_vps(request, request, request->config_items, rad_check_hv);
767 perl_store_vps(request->packet, request, request->packet->vps, rad_request_hv);
768 perl_store_vps(request, request, request->config_items, rad_config_hv);
771 rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
772 rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
774 if (request->proxy != NULL) {
775 perl_store_vps(request->proxy, request, request->proxy->vps, rad_request_proxy_hv);
777 hv_undef(rad_request_proxy_hv);
780 if (request->proxy_reply !=NULL) {
781 perl_store_vps(request->proxy_reply, request, request->proxy_reply->vps, rad_request_proxy_reply_hv);
783 hv_undef(rad_request_proxy_reply_hv);
789 * This way %RAD_xx can be pushed onto stack as sub parameters.
790 * XPUSHs( newRV_noinc((SV *)rad_request_hv) );
791 * XPUSHs( newRV_noinc((SV *)rad_reply_hv) );
792 * XPUSHs( newRV_noinc((SV *)rad_check_hv) );
796 count = call_pv(function_name, G_SCALAR | G_EVAL | G_NOARGS);
801 ERROR("rlm_perl: perl_embed:: module = %s , func = %s exit status= %s\n",
803 function_name, SvPV(ERRSV,n_a));
809 if (exitstatus >= 100 || exitstatus < 0) {
810 exitstatus = RLM_MODULE_FAIL;
820 if ((get_hv_content(request->packet, request, rad_request_hv, &vp)) > 0 ) {
821 pairfree(&request->packet->vps);
822 request->packet->vps = vp;
826 * Update cached copies
828 request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
829 request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
830 if (!request->password)
831 request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
834 if ((get_hv_content(request->reply, request, rad_reply_hv, &vp)) > 0 ) {
835 pairfree(&request->reply->vps);
836 request->reply->vps = vp;
840 if ((get_hv_content(request, request, rad_check_hv, &vp)) > 0 ) {
841 pairfree(&request->config_items);
842 request->config_items = vp;
847 if (request->proxy &&
848 (get_hv_content(request->proxy, request, rad_request_proxy_hv, &vp) > 0)) {
849 pairfree(&request->proxy->vps);
850 request->proxy->vps = vp;
854 if (request->proxy_reply &&
855 (get_hv_content(request->proxy_reply, request, rad_request_proxy_reply_hv, &vp) > 0)) {
856 pairfree(&request->proxy_reply->vps);
857 request->proxy_reply->vps = vp;
866 #define RLM_PERL_FUNC(_x) static rlm_rcode_t CC_HINT(nonnull) mod_##_x(void *instance, REQUEST *request) \
868 return do_perl(instance, request, \
869 ((rlm_perl_t *)instance)->func_##_x); \
872 RLM_PERL_FUNC(authorize)
873 RLM_PERL_FUNC(authenticate)
874 RLM_PERL_FUNC(post_auth)
876 RLM_PERL_FUNC(checksimul)
879 RLM_PERL_FUNC(pre_proxy)
880 RLM_PERL_FUNC(post_proxy)
884 RLM_PERL_FUNC(recv_coa)
885 RLM_PERL_FUNC(send_coa)
888 RLM_PERL_FUNC(preacct)
891 * Write accounting information to this modules database.
893 static rlm_rcode_t CC_HINT(nonnull) mod_accounting(void *instance, REQUEST *request)
896 int acctstatustype=0;
898 if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
899 acctstatustype = pair->vp_integer;
901 ERROR("Invalid Accounting Packet");
902 return RLM_MODULE_INVALID;
905 switch (acctstatustype) {
907 case PW_STATUS_START:
909 if (((rlm_perl_t *)instance)->func_start_accounting) {
910 return do_perl(instance, request,
911 ((rlm_perl_t *)instance)->func_start_accounting);
913 return do_perl(instance, request,
914 ((rlm_perl_t *)instance)->func_accounting);
920 if (((rlm_perl_t *)instance)->func_stop_accounting) {
921 return do_perl(instance, request,
922 ((rlm_perl_t *)instance)->func_stop_accounting);
924 return do_perl(instance, request,
925 ((rlm_perl_t *)instance)->func_accounting);
929 return do_perl(instance, request,
930 ((rlm_perl_t *)instance)->func_accounting);
937 * Detach a instance give a chance to a module to make some internal setup ...
939 DIAG_OFF(nested-externs)
940 static int mod_detach(void *instance)
942 rlm_perl_t *inst = (rlm_perl_t *) instance;
943 int exitstatus = 0, count = 0;
945 hv_undef(inst->rad_perlconf_hv);
949 * FIXME: Call this in the destruct function?
952 dTHXa(handle->clone);
953 PERL_SET_CONTEXT(handle->clone);
955 dSP; ENTER; SAVETMPS; PUSHMARK(SP);
956 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
965 if (exitstatus >= 100 || exitstatus < 0) {
966 exitstatus = RLM_MODULE_FAIL;
976 if (inst->func_detach) {
978 PERL_SET_CONTEXT(inst->perl);
980 dSP; ENTER; SAVETMPS;
983 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
988 if (exitstatus >= 100 || exitstatus < 0) {
989 exitstatus = RLM_MODULE_FAIL;
999 rlm_perl_destruct(inst->perl);
1000 pthread_mutex_destroy(&inst->clone_mutex);
1002 perl_destruct(inst->perl);
1003 perl_free(inst->perl);
1009 DIAG_ON(nested-externs)
1012 * The module name should be the only globally exported symbol.
1013 * That is, everything else should be 'static'.
1015 * If the module needs to temporarily modify it's instantiation
1016 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
1017 * The server will then take care of ensuring that the module
1018 * is single-threaded.
1020 module_t rlm_perl = {
1024 RLM_TYPE_THREAD_SAFE, /* type */
1026 RLM_TYPE_THREAD_UNSAFE,
1030 mod_instantiate, /* instantiation */
1031 mod_detach, /* detach */
1033 mod_authenticate, /* authenticate */
1034 mod_authorize, /* authorize */
1035 mod_preacct, /* preacct */
1036 mod_accounting, /* accounting */
1037 mod_checksimul, /* check simul */
1039 mod_pre_proxy, /* pre-proxy */
1040 mod_post_proxy, /* post-proxy */
1044 mod_post_auth /* post-auth */