2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License, version 2 if the
4 * License as published by the Free Software Foundation.
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 * GNU General Public License for more details.
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * @brief Translates requests between the server an a perl interpreter.
21 * @copyright 2002,2006 The FreeRADIUS server project
22 * @copyright 2002 Boian Jordanov <bjordanov@orbitel.bg>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
28 #include <freeradius-devel/rad_assert.h>
37 #include <semaphore.h>
40 extern char **environ;
44 * Define a structure for our module configuration.
46 * These variables do not need to be in a structure, but it's
47 * a lot cleaner to do so, and a pointer to the structure can
48 * be used as the instance handle.
50 typedef struct rlm_perl_t {
51 /* Name of the perl module */
54 /* Name of the functions for each module method */
56 char *func_authenticate;
57 char *func_accounting;
58 char *func_start_accounting;
59 char *func_stop_accounting;
61 char *func_checksimul;
66 char *func_post_proxy;
75 PerlInterpreter *perl;
76 pthread_key_t *thread_key;
79 pthread_mutex_t clone_mutex;
82 HV *rad_perlconf_hv; // holds "config" items (perl %RAD_PERLCONF hash).
86 * A mapping of configuration file names to internal variables.
88 #define RLM_PERL_CONF(_x) { "func_" STRINGIFY(_x), PW_TYPE_STRING_PTR, \
89 offsetof(rlm_perl_t,func_##_x), NULL, STRINGIFY(_x)}
91 static const CONF_PARSER module_config[] = {
92 { "module", PW_TYPE_FILE_INPUT | PW_TYPE_DEPRECATED,
93 offsetof(rlm_perl_t,module), NULL, NULL},
94 { "filename", PW_TYPE_FILE_INPUT | PW_TYPE_REQUIRED,
95 offsetof(rlm_perl_t,module), NULL, NULL},
97 RLM_PERL_CONF(authorize),
98 RLM_PERL_CONF(authenticate),
99 RLM_PERL_CONF(post_auth),
100 RLM_PERL_CONF(accounting),
101 RLM_PERL_CONF(preacct),
102 RLM_PERL_CONF(checksimul),
103 RLM_PERL_CONF(detach),
107 RLM_PERL_CONF(pre_proxy),
108 RLM_PERL_CONF(post_proxy),
111 RLM_PERL_CONF(recv_coa),
112 RLM_PERL_CONF(send_coa),
114 { "perl_flags", PW_TYPE_STRING_PTR,
115 offsetof(rlm_perl_t,perl_flags), NULL, NULL},
117 { "func_start_accounting", PW_TYPE_STRING_PTR,
118 offsetof(rlm_perl_t,func_start_accounting), NULL, NULL},
120 { "func_stop_accounting", PW_TYPE_STRING_PTR,
121 offsetof(rlm_perl_t,func_stop_accounting), NULL, NULL},
123 { NULL, -1, 0, NULL, NULL } /* end the list */
129 EXTERN_C void boot_DynaLoader(pTHX_ CV* cv);
132 #define dl_librefs "DynaLoader::dl_librefs"
133 #define dl_modules "DynaLoader::dl_modules"
134 static void rlm_perl_clear_handles(pTHX)
136 AV *librefs = get_av(dl_librefs, false);
142 static void **rlm_perl_get_handles(pTHX)
145 AV *librefs = get_av(dl_librefs, false);
146 AV *modules = get_av(dl_modules, false);
149 if (!librefs) return NULL;
151 if (!(AvFILL(librefs) >= 0)) {
155 handles = (void **)rad_malloc(sizeof(void *) * (AvFILL(librefs)+2));
157 for (i=0; i<=AvFILL(librefs); i++) {
159 SV *handle_sv = *av_fetch(librefs, i, false);
162 ERROR("Could not fetch $%s[%d]!\n",
166 handle = (void *)SvIV(handle_sv);
176 handles[i] = (void *)0;
181 static void rlm_perl_close_handles(void **handles)
189 for (i=0; handles[i]; i++) {
190 DEBUG("close %p\n", handles[i]);
198 static void rlm_perl_destruct(PerlInterpreter *perl)
202 PERL_SET_CONTEXT(perl);
204 PL_perl_destruct_level = 2;
206 PL_origenviron = environ;
213 * FIXME: This shouldn't happen
216 while (PL_scopestack_ix > 1 ){
225 static void rlm_destroy_perl(PerlInterpreter *perl)
230 PERL_SET_CONTEXT(perl);
232 handles = rlm_perl_get_handles(aTHX);
233 if (handles) rlm_perl_close_handles(handles);
234 rlm_perl_destruct(perl);
238 static void rlm_perl_make_key(pthread_key_t *key)
240 pthread_key_create(key, (void*)rlm_destroy_perl);
243 static PerlInterpreter *rlm_perl_clone(PerlInterpreter *perl, pthread_key_t *key)
247 PerlInterpreter *interp;
250 PERL_SET_CONTEXT(perl);
252 interp = pthread_getspecific(*key);
253 if (interp) return interp;
255 interp = perl_clone(perl, clone_flags);
259 #if PERL_REVISION >= 5 && PERL_VERSION <8
262 ptr_table_free(PL_ptr_table);
265 PERL_SET_CONTEXT(aTHX);
266 rlm_perl_clear_handles(aTHX);
268 ret = pthread_setspecific(*key, interp);
270 DEBUG("rlm_perl: Failed associating interpretor with thread %s", fr_syserror(ret));
272 rlm_perl_destruct(interp);
282 * This is wrapper for radlog
283 * Now users can call radiusd::radlog(level,msg) wich is the same
284 * calling radlog from C code.
287 static XS(XS_radiusd_radlog)
291 croak("Usage: radiusd::radlog(level, message)");
296 level = (int) SvIV(ST(0));
297 msg = (char *) SvPV(ST(1), PL_na);
300 * Because 'msg' is a 'char *', we don't want '%s', etc.
301 * in it to give us printf-style vulnerabilities.
303 radlog(level, "rlm_perl: %s", msg);
308 static void xs_init(pTHX)
310 char const *file = __FILE__;
312 /* DynaLoader is a special case */
313 newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
315 newXS("radiusd::radlog",XS_radiusd_radlog, "rlm_perl");
321 static ssize_t perl_xlat(void *instance, REQUEST *request, char const *fmt, char *out, size_t freespace)
324 rlm_perl_t *inst= (rlm_perl_t *) instance;
332 PerlInterpreter *interp;
334 pthread_mutex_lock(&inst->clone_mutex);
335 interp = rlm_perl_clone(inst->perl, inst->thread_key);
338 PERL_SET_CONTEXT(interp);
340 pthread_mutex_unlock(&inst->clone_mutex);
342 PERL_SET_CONTEXT(inst->perl);
351 while ((q = strchr(p, ' '))) {
352 XPUSHs(sv_2mortal(newSVpv(p, p - q)));
359 count = call_pv(inst->func_xlat, G_SCALAR | G_EVAL);
363 REDEBUG("Exit %s", SvPV(ERRSV,n_a));
365 } else if (count > 0) {
367 strlcpy(out, tmp, freespace);
370 RDEBUG("Len is %zu , out is %s freespace is %zu", ret, out, freespace);
383 * Parse a configuration section, and populate a HV.
384 * This function is recursively called (allows to have nested hashes.)
386 void perl_parse_config(CONF_SECTION *cs, int lvl, HV *rad_hv)
388 if ((NULL == cs) || (NULL == rad_hv)) return;
390 int indent_section = (lvl+1)*4;
391 int indent_item = (lvl+2)*4;
393 DEBUG("%*s%s {", indent_section, " ", cf_section_name1(cs));
397 for (ci = cf_item_find_next(cs, NULL);
399 ci = cf_item_find_next(cs, ci))
401 if (cf_item_is_section(ci)) {
402 /* this is a section.
403 * create a new HV, store it as a reference in current HV,
404 * then recursively call perl_parse_config with this section and the new HV.
406 CONF_SECTION *scs = cf_itemtosection(ci);
408 char const *scs_name = cf_section_name1(scs); // hash key
409 if (!scs_name) continue;
411 if (hv_exists(rad_hv, scs_name, strlen(scs_name))) {
412 WARN("rlm_perl: Ignoring duplicate config section '%s'", scs_name);
419 ref = newRV_inc((SV*) sub_hv);
421 (void)hv_store(rad_hv, scs_name, strlen(scs_name), ref, 0);
423 perl_parse_config(scs, lvl+1, sub_hv);
426 if (!cf_item_is_pair(ci)) continue;
428 * store item attr / value in current HV.
431 CONF_PAIR *cp = cf_itemtopair(ci);
432 char const *attr = cf_pair_attr(cp); // hash key
433 char const *value = cf_pair_value(cp); // hash value
434 if ((!attr) || (!value)) continue;
436 if (hv_exists(rad_hv, attr, strlen(attr))) {
437 WARN("rlm_perl: Ignoring duplicate config item '%s'", attr);
441 (void)hv_store(rad_hv, attr, strlen(attr), newSVpv(value, strlen(value)), 0);
443 DEBUG("%*s%s = %s", indent_item, " ", attr, value);
447 DEBUG("%*s}", indent_section, " ");
451 * Do any per-module initialization that is separate to each
452 * configured instance of the module. e.g. set up connections
453 * to external databases, read configuration files, set up
454 * dictionary entries, etc.
456 * If configuration information is given in the config section
457 * that must be referenced in later calls, store a handle to it
458 * in *instance otherwise put a null pointer there.
461 * Setup a hashes wich we will use later
462 * parse a module and give him a chance to live
465 static int mod_instantiate(CONF_SECTION *conf, void *instance)
467 rlm_perl_t *inst = instance;
472 char const *xlat_name;
473 int exitstatus = 0, argc=0;
475 MEM(embed = talloc_zero_array(inst, char *, 4));
478 * Create pthread key. This key will be stored in instance
482 pthread_mutex_init(&inst->clone_mutex, NULL);
484 inst->thread_key = rad_malloc(sizeof(*inst->thread_key));
485 memset(inst->thread_key,0,sizeof(*inst->thread_key));
487 rlm_perl_make_key(inst->thread_key);
493 if (inst->perl_flags) {
494 embed[1] = inst->perl_flags;
495 embed[2] = inst->module;
499 embed[1] = inst->module;
504 PERL_SYS_INIT3(&argc, &embed, &envp);
506 if ((inst->perl = perl_alloc()) == NULL) {
507 ERROR("rlm_perl: No memory for allocating new perl !");
511 perl_construct(inst->perl);
514 PL_perl_destruct_level = 2;
519 PERL_SET_CONTEXT(inst->perl);
522 #if PERL_REVISION >= 5 && PERL_VERSION >=8
523 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
526 exitstatus = perl_parse(inst->perl, xs_init, argc, embed, NULL);
532 perl_run(inst->perl);
534 ERROR("rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module);
540 xlat_name = cf_section_name2(conf);
542 xlat_name = cf_section_name1(conf);
544 xlat_register(xlat_name, perl_xlat, NULL, inst);
547 /* parse perl configuration sub-section */
549 cs = cf_section_sub_find(conf, "config");
551 DEBUG("rlm_perl (%s): parsing 'config' section...", xlat_name);
553 inst->rad_perlconf_hv = get_hv("RAD_PERLCONF",1);
554 perl_parse_config(cs, 0, inst->rad_perlconf_hv);
556 DEBUG("rlm_perl (%s): done parsing 'config'.", xlat_name);
563 * get the vps and put them in perl hash
564 * If one VP have multiple values it is added as array_ref
565 * Example for this is Cisco-AVPair that holds multiple values.
566 * Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
568 static void perl_store_vps(TALLOC_CTX *ctx, VALUE_PAIR *vps, HV *rad_hv)
570 VALUE_PAIR *head, *sublist;
580 * Copy the valuepair list so we can remove attributes
581 * we've already processed. This is a horrible hack to
582 * get around various other stupidity.
584 head = paircopy(ctx, vps);
589 * Tagged attributes are added to the hash with name
590 * <attribute>:<tag>, others just use the normal attribute
593 if (head->da->flags.has_tag && (head->tag != 0)) {
594 snprintf(namebuf, sizeof(namebuf), "%s:%d",
595 head->da->name, head->tag);
598 name = head->da->name;
602 * Create a new list with all the attributes like this one
603 * which are in the same tag group.
606 pairfilter(ctx, &sublist, &head, head->da->attr, head->da->vendor, head->tag);
608 fr_cursor_init(&cursor, &sublist);
610 * Attribute has multiple values
612 if (fr_cursor_next(&cursor)) {
616 for (vp = fr_cursor_first(&cursor);
618 vp = fr_cursor_next(&cursor)) {
619 len = vp_prints_value(buffer, sizeof(buffer), vp, 0);
620 av_push(av, newSVpv(buffer, truncate_len(len, sizeof(buffer))));
622 (void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
625 * Attribute has a single value, so its value just gets
629 len = vp_prints_value(buffer, sizeof(buffer), sublist, 0);
630 (void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, truncate_len(len, sizeof(buffer))), 0);
641 * Verify that a Perl SV is a string and save it in FreeRadius
645 static int pairadd_sv(TALLOC_CTX *ctx, VALUE_PAIR **vps, char *key, SV *sv, FR_TOKEN op)
651 val = SvPV_nolen(sv);
652 vp = pairmake(ctx, vps, key, val, op);
654 DEBUG("rlm_perl: Added pair %s = %s", key, val);
657 EDEBUG("rlm_perl: Failed to create pair %s = %s", key, val);
665 * Gets the content from hashes
667 static int get_hv_content(TALLOC_CTX *ctx, HV *my_hv, VALUE_PAIR **vps)
672 I32 key_len, len, i, j;
676 for (i = hv_iterinit(my_hv); i > 0; i--) {
677 res_sv = hv_iternextsv(my_hv,&key,&key_len);
678 if (SvROK(res_sv) && (SvTYPE(SvRV(res_sv)) == SVt_PVAV)) {
679 av = (AV*)SvRV(res_sv);
681 for (j = 0; j <= len; j++) {
682 av_sv = av_fetch(av, j, 0);
683 ret = pairadd_sv(ctx, vps, key, *av_sv, T_OP_ADD) + ret;
685 } else ret = pairadd_sv(ctx, vps, key, res_sv, T_OP_EQ) + ret;
692 * Call the function_name inside the module
693 * Store all vps in hashes %RAD_CHECK %RAD_REPLY %RAD_REQUEST
696 static int do_perl(void *instance, REQUEST *request, char *function_name)
699 rlm_perl_t *inst = instance;
701 int exitstatus=0, count;
709 HV *rad_request_proxy_hv;
710 HV *rad_request_proxy_reply_hv;
714 * Radius has told us to call this function, but none
717 if (!function_name) return RLM_MODULE_FAIL;
720 pthread_mutex_lock(&inst->clone_mutex);
722 PerlInterpreter *interp;
724 interp = rlm_perl_clone(inst->perl,inst->thread_key);
727 PERL_SET_CONTEXT(interp);
730 pthread_mutex_unlock(&inst->clone_mutex);
732 PERL_SET_CONTEXT(inst->perl);
741 rad_reply_hv = get_hv("RAD_REPLY",1);
742 rad_check_hv = get_hv("RAD_CHECK",1);
743 rad_config_hv = get_hv("RAD_CONFIG",1);
744 rad_request_hv = get_hv("RAD_REQUEST",1);
746 perl_store_vps(request->reply, request->reply->vps, rad_reply_hv);
747 perl_store_vps(request, request->config_items, rad_check_hv);
748 perl_store_vps(request->packet, request->packet->vps, rad_request_hv);
749 perl_store_vps(request, request->config_items, rad_config_hv);
752 rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
753 rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
755 if (request->proxy != NULL) {
756 perl_store_vps(request->proxy, request->proxy->vps, rad_request_proxy_hv);
758 hv_undef(rad_request_proxy_hv);
761 if (request->proxy_reply !=NULL) {
762 perl_store_vps(request->proxy_reply, request->proxy_reply->vps, rad_request_proxy_reply_hv);
764 hv_undef(rad_request_proxy_reply_hv);
770 * This way %RAD_xx can be pushed onto stack as sub parameters.
771 * XPUSHs( newRV_noinc((SV *)rad_request_hv) );
772 * XPUSHs( newRV_noinc((SV *)rad_reply_hv) );
773 * XPUSHs( newRV_noinc((SV *)rad_check_hv) );
777 count = call_pv(function_name, G_SCALAR | G_EVAL | G_NOARGS);
782 ERROR("rlm_perl: perl_embed:: module = %s , func = %s exit status= %s\n",
784 function_name, SvPV(ERRSV,n_a));
790 if (exitstatus >= 100 || exitstatus < 0) {
791 exitstatus = RLM_MODULE_FAIL;
801 if ((get_hv_content(request->packet, rad_request_hv, &vp)) > 0 ) {
802 pairfree(&request->packet->vps);
803 request->packet->vps = vp;
807 * Update cached copies
809 request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
810 request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
811 if (!request->password)
812 request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
815 if ((get_hv_content(request->reply, rad_reply_hv, &vp)) > 0 ) {
816 pairfree(&request->reply->vps);
817 request->reply->vps = vp;
821 if ((get_hv_content(request, rad_check_hv, &vp)) > 0 ) {
822 pairfree(&request->config_items);
823 request->config_items = vp;
828 if (request->proxy &&
829 (get_hv_content(request->proxy, rad_request_proxy_hv, &vp) > 0)) {
830 pairfree(&request->proxy->vps);
831 request->proxy->vps = vp;
835 if (request->proxy_reply &&
836 (get_hv_content(request->proxy_reply, rad_request_proxy_reply_hv, &vp) > 0)) {
837 pairfree(&request->proxy_reply->vps);
838 request->proxy_reply->vps = vp;
847 #define RLM_PERL_FUNC(_x) static rlm_rcode_t mod_##_x(void *instance, REQUEST *request) \
849 return do_perl(instance, request, \
850 ((rlm_perl_t *)instance)->func_##_x); \
853 RLM_PERL_FUNC(authorize)
854 RLM_PERL_FUNC(authenticate)
855 RLM_PERL_FUNC(post_auth)
857 RLM_PERL_FUNC(checksimul)
860 RLM_PERL_FUNC(pre_proxy)
861 RLM_PERL_FUNC(post_proxy)
865 RLM_PERL_FUNC(recv_coa)
866 RLM_PERL_FUNC(send_coa)
869 RLM_PERL_FUNC(preacct)
872 * Write accounting information to this modules database.
874 static rlm_rcode_t mod_accounting(void *instance, REQUEST *request)
877 int acctstatustype=0;
879 if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
880 acctstatustype = pair->vp_integer;
882 ERROR("Invalid Accounting Packet");
883 return RLM_MODULE_INVALID;
886 switch (acctstatustype) {
888 case PW_STATUS_START:
890 if (((rlm_perl_t *)instance)->func_start_accounting) {
891 return do_perl(instance, request,
892 ((rlm_perl_t *)instance)->func_start_accounting);
894 return do_perl(instance, request,
895 ((rlm_perl_t *)instance)->func_accounting);
901 if (((rlm_perl_t *)instance)->func_stop_accounting) {
902 return do_perl(instance, request,
903 ((rlm_perl_t *)instance)->func_stop_accounting);
905 return do_perl(instance, request,
906 ((rlm_perl_t *)instance)->func_accounting);
910 return do_perl(instance, request,
911 ((rlm_perl_t *)instance)->func_accounting);
918 * Detach a instance give a chance to a module to make some internal setup ...
920 DIAG_OFF(nested-externs)
921 static int mod_detach(void *instance)
923 rlm_perl_t *inst = (rlm_perl_t *) instance;
924 int exitstatus = 0, count = 0;
926 hv_undef(inst->rad_perlconf_hv);
930 * FIXME: Call this in the destruct function?
933 dTHXa(handle->clone);
934 PERL_SET_CONTEXT(handle->clone);
936 dSP; ENTER; SAVETMPS; PUSHMARK(SP);
937 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
946 if (exitstatus >= 100 || exitstatus < 0) {
947 exitstatus = RLM_MODULE_FAIL;
957 if (inst->func_detach) {
959 PERL_SET_CONTEXT(inst->perl);
961 dSP; ENTER; SAVETMPS;
964 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
969 if (exitstatus >= 100 || exitstatus < 0) {
970 exitstatus = RLM_MODULE_FAIL;
980 rlm_perl_destruct(inst->perl);
981 pthread_mutex_destroy(&inst->clone_mutex);
983 perl_destruct(inst->perl);
984 perl_free(inst->perl);
990 DIAG_ON(nested-externs)
993 * The module name should be the only globally exported symbol.
994 * That is, everything else should be 'static'.
996 * If the module needs to temporarily modify it's instantiation
997 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
998 * The server will then take care of ensuring that the module
999 * is single-threaded.
1001 module_t rlm_perl = {
1005 RLM_TYPE_THREAD_SAFE, /* type */
1007 RLM_TYPE_THREAD_UNSAFE,
1011 mod_instantiate, /* instantiation */
1012 mod_detach, /* detach */
1014 mod_authenticate, /* authenticate */
1015 mod_authorize, /* authorize */
1016 mod_preacct, /* preacct */
1017 mod_accounting, /* accounting */
1018 mod_checksimul, /* check simul */
1020 mod_pre_proxy, /* pre-proxy */
1021 mod_post_proxy, /* post-proxy */
1025 mod_post_auth /* post-auth */