2 * This program is is free software; you can redistribute it and/or modify
3 * it under the terms of the GNU General Public License, version 2 if the
4 * License as published by the Free Software Foundation.
6 * This program is distributed in the hope that it will be useful,
7 * but WITHOUT ANY WARRANTY; without even the implied warranty of
8 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9 * GNU General Public License for more details.
11 * You should have received a copy of the GNU General Public License
12 * along with this program; if not, write to the Free Software
13 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
19 * @brief Translates requests between the server an a perl interpreter.
21 * @copyright 2002,2006 The FreeRADIUS server project
22 * @copyright 2002 Boian Jordanov <bjordanov@orbitel.bg>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
41 #include <semaphore.h>
44 extern char **environ;
48 * Define a structure for our module configuration.
50 * These variables do not need to be in a structure, but it's
51 * a lot cleaner to do so, and a pointer to the structure can
52 * be used as the instance handle.
54 typedef struct perl_inst {
55 /* Name of the perl module */
58 /* Name of the functions for each module method */
60 char *func_authenticate;
61 char *func_accounting;
62 char *func_start_accounting;
63 char *func_stop_accounting;
65 char *func_checksimul;
70 char *func_post_proxy;
79 PerlInterpreter *perl;
80 pthread_key_t *thread_key;
82 pthread_mutex_t clone_mutex;
85 * A mapping of configuration file names to internal variables.
87 * Note that the string is dynamically allocated, so it MUST
88 * be freed. When the configuration file parse re-reads the string,
89 * it free's the old one, and strdup's the new one, placing the pointer
90 * to the strdup'd string into 'config.string'. This gets around
93 static const CONF_PARSER module_config[] = {
94 { "module", PW_TYPE_FILENAME,
95 offsetof(PERL_INST,module), NULL, "module"},
96 { "func_authorize", PW_TYPE_STRING_PTR,
97 offsetof(PERL_INST,func_authorize), NULL, "authorize"},
98 { "func_authenticate", PW_TYPE_STRING_PTR,
99 offsetof(PERL_INST,func_authenticate), NULL, "authenticate"},
100 { "func_accounting", PW_TYPE_STRING_PTR,
101 offsetof(PERL_INST,func_accounting), NULL, "accounting"},
102 { "func_preacct", PW_TYPE_STRING_PTR,
103 offsetof(PERL_INST,func_preacct), NULL, "preacct"},
104 { "func_checksimul", PW_TYPE_STRING_PTR,
105 offsetof(PERL_INST,func_checksimul), NULL, "checksimul"},
106 { "func_detach", PW_TYPE_STRING_PTR,
107 offsetof(PERL_INST,func_detach), NULL, "detach"},
108 { "func_xlat", PW_TYPE_STRING_PTR,
109 offsetof(PERL_INST,func_xlat), NULL, "xlat"},
111 { "func_pre_proxy", PW_TYPE_STRING_PTR,
112 offsetof(PERL_INST,func_pre_proxy), NULL, "pre_proxy"},
113 { "func_post_proxy", PW_TYPE_STRING_PTR,
114 offsetof(PERL_INST,func_post_proxy), NULL, "post_proxy"},
116 { "func_post_auth", PW_TYPE_STRING_PTR,
117 offsetof(PERL_INST,func_post_auth), NULL, "post_auth"},
119 { "func_recv_coa", PW_TYPE_STRING_PTR,
120 offsetof(PERL_INST,func_recv_coa), NULL, "recv_coa"},
121 { "func_send_coa", PW_TYPE_STRING_PTR,
122 offsetof(PERL_INST,func_send_coa), NULL, "send_coa"},
124 { "perl_flags", PW_TYPE_STRING_PTR,
125 offsetof(PERL_INST,perl_flags), NULL, NULL},
126 { "func_start_accounting", PW_TYPE_STRING_PTR,
127 offsetof(PERL_INST,func_start_accounting), NULL, NULL},
128 { "func_stop_accounting", PW_TYPE_STRING_PTR,
129 offsetof(PERL_INST,func_stop_accounting), NULL, NULL},
131 { NULL, -1, 0, NULL, NULL } /* end the list */
137 EXTERN_C void boot_DynaLoader(pTHX_ CV* cv);
140 #define dl_librefs "DynaLoader::dl_librefs"
141 #define dl_modules "DynaLoader::dl_modules"
142 static void rlm_perl_clear_handles(pTHX)
144 AV *librefs = get_av(dl_librefs, FALSE);
150 static void **rlm_perl_get_handles(pTHX)
153 AV *librefs = get_av(dl_librefs, FALSE);
154 AV *modules = get_av(dl_modules, FALSE);
157 if (!librefs) return NULL;
159 if (!(AvFILL(librefs) >= 0)) {
163 handles = (void **)rad_malloc(sizeof(void *) * (AvFILL(librefs)+2));
165 for (i=0; i<=AvFILL(librefs); i++) {
167 SV *handle_sv = *av_fetch(librefs, i, FALSE);
171 "Could not fetch $%s[%d]!\n",
175 handle = (void *)SvIV(handle_sv);
185 handles[i] = (void *)0;
190 static void rlm_perl_close_handles(void **handles)
198 for (i=0; handles[i]; i++) {
199 radlog(L_DBG, "close %p\n", handles[i]);
206 static void rlm_perl_destruct(PerlInterpreter *perl)
210 PERL_SET_CONTEXT(perl);
212 PL_perl_destruct_level = 2;
214 PL_origenviron = environ;
220 * FIXME: This shouldn't happen
223 while (PL_scopestack_ix > 1 ){
231 static void rlm_destroy_perl(PerlInterpreter *perl)
236 PERL_SET_CONTEXT(perl);
238 handles = rlm_perl_get_handles(aTHX);
239 if (handles) rlm_perl_close_handles(handles);
240 rlm_perl_destruct(perl);
244 static void rlm_perl_make_key(pthread_key_t *key)
246 pthread_key_create(key, (void*)rlm_destroy_perl);
249 static PerlInterpreter *rlm_perl_clone(PerlInterpreter *perl, pthread_key_t *key)
253 PerlInterpreter *interp;
256 PERL_SET_CONTEXT(perl);
258 interp = pthread_getspecific(*key);
259 if (interp) return interp;
261 interp = perl_clone(perl, clone_flags);
265 #if PERL_REVISION >= 5 && PERL_VERSION <8
268 ptr_table_free(PL_ptr_table);
271 PERL_SET_CONTEXT(aTHX);
272 rlm_perl_clear_handles(aTHX);
274 ret = pthread_setspecific(*key, interp);
276 radlog(L_DBG,"rlm_perl: Failed associating interpretor "
277 "with thread %s", strerror(ret));
279 rlm_perl_destruct(interp);
287 static void xs_init(pTHX)
289 const char *file = __FILE__;
291 /* DynaLoader is a special case */
292 newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
297 * This is wrapper for radlog
298 * Now users can call radiusd::radlog(level,msg) wich is the same
299 * calling radlog from C code.
302 static XS(XS_radiusd_radlog)
306 croak("Usage: radiusd::radlog(level, message)");
311 level = (int) SvIV(ST(0));
312 msg = (char *) SvPV(ST(1), PL_na);
315 * Because 'msg' is a 'char *', we don't want '%s', etc.
316 * in it to give us printf-style vulnerabilities.
318 radlog(level, "rlm_perl: %s", msg);
326 static size_t perl_xlat(void *instance, REQUEST *request, const char *fmt,
327 char *out, size_t freespace)
330 PERL_INST *inst= (PERL_INST *) instance;
331 PerlInterpreter *perl;
332 char params[1024], *ptr, *tmp;
338 * Do an xlat on the provided string (nice recursive operation).
340 if (!radius_xlat(params, sizeof(params), fmt, request, NULL, NULL)) {
341 radlog(L_ERR, "rlm_perl: xlat failed.");
345 #ifndef WITH_ITHREADS
348 perl = rlm_perl_clone(inst->perl,inst->thread_key);
353 PERL_SET_CONTEXT(perl);
358 ptr = strtok(params, " ");
362 while (ptr != NULL) {
363 XPUSHs(sv_2mortal(newSVpv(ptr,0)));
364 ptr = strtok(NULL, " ");
369 count = call_pv(inst->func_xlat, G_SCALAR | G_EVAL);
373 radlog(L_ERR, "rlm_perl: perl_xlat exit %s\n",
376 } else if (count > 0) {
378 strlcpy(out, tmp, freespace);
381 radlog(L_DBG,"rlm_perl: Len is %zu , out is %s freespace is %zu",
382 ret, out, freespace);
393 * Do any per-module initialization that is separate to each
394 * configured instance of the module. e.g. set up connections
395 * to external databases, read configuration files, set up
396 * dictionary entries, etc.
398 * If configuration information is given in the config section
399 * that must be referenced in later calls, store a handle to it
400 * in *instance otherwise put a null pointer there.
403 * Setup a hashes wich we will use later
404 * parse a module and give him a chance to live
407 static int perl_instantiate(CONF_SECTION *conf, void **instance)
409 PERL_INST *inst = (PERL_INST *) instance;
414 const char *xlat_name;
415 int exitstatus = 0, argc=0;
418 * Set up a storage area for instance data
420 *instance = inst = talloc_zero(conf, PERL_INST);
421 if (!inst) return -1;
423 embed = talloc_size(inst, 4 * sizeof(char *));
424 memset(embed, 0, 4 *sizeof(char *));
427 * If the configuration parameters can't be parsed, then
430 if (cf_section_parse(conf, inst, module_config) < 0) {
435 * Create pthread key. This key will be stored in instance
439 pthread_mutex_init(&inst->clone_mutex, NULL);
441 inst->thread_key = rad_malloc(sizeof(*inst->thread_key));
442 memset(inst->thread_key,0,sizeof(*inst->thread_key));
444 rlm_perl_make_key(inst->thread_key);
450 if (inst->perl_flags) {
451 embed[1] = inst->perl_flags;
452 embed[2] = inst->module;
456 embed[1] = inst->module;
461 PERL_SYS_INIT3(&argc, &embed, &envp);
463 if ((inst->perl = perl_alloc()) == NULL) {
464 radlog(L_DBG, "rlm_perl: No memory for allocating new perl !");
468 perl_construct(inst->perl);
469 PL_perl_destruct_level = 2;
474 PERL_SET_CONTEXT(inst->perl);
476 if ((inst->perl = perl_alloc()) == NULL) {
477 radlog(L_ERR, "rlm_perl: No memory for allocating new perl !");
481 perl_construct(inst->perl);
484 #if PERL_REVISION >= 5 && PERL_VERSION >=8
485 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
488 exitstatus = perl_parse(inst->perl, xs_init, argc, embed, NULL);
493 newXS("radiusd::radlog",XS_radiusd_radlog, "rlm_perl");
496 exitstatus = perl_run(inst->perl);
498 radlog(L_ERR,"rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module);
504 xlat_name = cf_section_name2(conf);
505 if (xlat_name == NULL)
506 xlat_name = cf_section_name1(conf);
508 xlat_register(xlat_name, perl_xlat, inst);
515 * get the vps and put them in perl hash
516 * If one VP have multiple values it is added as array_ref
517 * Example for this is Cisco-AVPair that holds multiple values.
518 * Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
520 static void perl_store_vps(VALUE_PAIR *vp, HV *rad_hv)
522 VALUE_PAIR *nvp, *vpa;
532 * Copy the valuepair list so we can remove attributes we've
539 * Tagged attributes are added to the hash with name
540 * <attribute>:<tag>, others just use the normal attribute
543 if (nvp->da->flags.has_tag && (nvp->tag != 0)) {
544 snprintf(namebuf, sizeof(namebuf), "%s:%d",
545 nvp->da->name, nvp->tag);
548 name = nvp->da->name;
552 * Create a new list with all the attributes like this one
553 * which are in the same tag group.
555 vpa = paircopy2(nvp, nvp->da->attr, nvp->da->vendor, nvp->tag);
558 * Attribute has multiple values
564 for (vpn = vpa; vpn; vpn = vpn->next) {
565 len = vp_prints_value(buffer, sizeof(buffer), vpn, FALSE);
566 av_push(av, newSVpv(buffer, len));
568 (void)hv_store(rad_hv, name, strlen(name), newRV_noinc((SV *)av), 0);
571 * Attribute has a single value, so its value just gets
575 len = vp_prints_value(buffer, sizeof(buffer), vpa, FALSE);
576 (void)hv_store(rad_hv, name, strlen(name), newSVpv(buffer, len), 0);
582 * Finally remove all the VPs we processed from our copy
585 pairdelete(&nvp, nvp->da->attr, nvp->da->vendor, nvp->tag);
588 pairfree(&nvp); /* shouldn't be necessary, but hey... */
593 * Verify that a Perl SV is a string and save it in FreeRadius
597 static int pairadd_sv(VALUE_PAIR **vp, char *key, SV *sv, FR_TOKEN op) {
602 val = SvPV_nolen(sv);
603 vpp = pairmake(key, val, op);
607 "rlm_perl: Added pair %s = %s", key, val);
611 "rlm_perl: ERROR: Failed to create pair %s = %s",
620 * Gets the content from hashes
622 static int get_hv_content(HV *my_hv, VALUE_PAIR **vp)
627 I32 key_len, len, i, j;
631 for (i = hv_iterinit(my_hv); i > 0; i--) {
632 res_sv = hv_iternextsv(my_hv,&key,&key_len);
633 if (SvROK(res_sv) && (SvTYPE(SvRV(res_sv)) == SVt_PVAV)) {
634 av = (AV*)SvRV(res_sv);
636 for (j = 0; j <= len; j++) {
637 av_sv = av_fetch(av, j, 0);
638 ret = pairadd_sv(vp, key, *av_sv, T_OP_ADD) + ret;
640 } else ret = pairadd_sv(vp, key, res_sv, T_OP_EQ) + ret;
647 * Call the function_name inside the module
648 * Store all vps in hashes %RAD_CHECK %RAD_REPLY %RAD_REQUEST
651 static int rlmperl_call(void *instance, REQUEST *request, char *function_name)
654 PERL_INST *inst = instance;
656 int exitstatus=0, count;
664 HV *rad_request_proxy_hv;
665 HV *rad_request_proxy_reply_hv;
669 pthread_mutex_lock(&inst->clone_mutex);
671 PerlInterpreter *interp;
673 interp = rlm_perl_clone(inst->perl,inst->thread_key);
676 PERL_SET_CONTEXT(interp);
679 pthread_mutex_unlock(&inst->clone_mutex);
681 PERL_SET_CONTEXT(inst->perl);
692 * Radius has told us to call this function, but none
695 if (!function_name) {
696 return RLM_MODULE_FAIL;
699 rad_reply_hv = get_hv("RAD_REPLY",1);
700 rad_check_hv = get_hv("RAD_CHECK",1);
701 rad_config_hv = get_hv("RAD_CONFIG",1);
702 rad_request_hv = get_hv("RAD_REQUEST",1);
704 rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
705 rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
708 perl_store_vps(request->reply->vps, rad_reply_hv);
709 perl_store_vps(request->config_items, rad_check_hv);
710 perl_store_vps(request->packet->vps, rad_request_hv);
711 perl_store_vps(request->config_items, rad_config_hv);
714 if (request->proxy != NULL) {
715 perl_store_vps(request->proxy->vps, rad_request_proxy_hv);
717 hv_undef(rad_request_proxy_hv);
720 if (request->proxy_reply !=NULL) {
721 perl_store_vps(request->proxy_reply->vps, rad_request_proxy_reply_hv);
723 hv_undef(rad_request_proxy_reply_hv);
729 * This way %RAD_xx can be pushed onto stack as sub parameters.
730 * XPUSHs( newRV_noinc((SV *)rad_request_hv) );
731 * XPUSHs( newRV_noinc((SV *)rad_reply_hv) );
732 * XPUSHs( newRV_noinc((SV *)rad_check_hv) );
736 count = call_pv(function_name, G_SCALAR | G_EVAL | G_NOARGS);
741 radlog(L_ERR, "rlm_perl: perl_embed:: module = %s , func = %s exit status= %s\n",
743 function_name, SvPV(ERRSV,n_a));
749 if (exitstatus >= 100 || exitstatus < 0) {
750 exitstatus = RLM_MODULE_FAIL;
760 if ((get_hv_content(rad_request_hv, &vp)) > 0 ) {
761 pairfree(&request->packet->vps);
762 request->packet->vps = vp;
766 * Update cached copies
768 request->username = pairfind(request->packet->vps, PW_USER_NAME, 0, TAG_ANY);
769 request->password = pairfind(request->packet->vps, PW_USER_PASSWORD, 0, TAG_ANY);
770 if (!request->password)
771 request->password = pairfind(request->packet->vps, PW_CHAP_PASSWORD, 0, TAG_ANY);
774 if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) {
775 pairfree(&request->reply->vps);
776 request->reply->vps = vp;
780 if ((get_hv_content(rad_check_hv, &vp)) > 0 ) {
781 pairfree(&request->config_items);
782 request->config_items = vp;
787 if (request->proxy &&
788 (get_hv_content(rad_request_proxy_hv, &vp) > 0)) {
789 pairfree(&request->proxy->vps);
790 request->proxy->vps = vp;
794 if (request->proxy_reply &&
795 (get_hv_content(rad_request_proxy_reply_hv, &vp) > 0)) {
796 pairfree(&request->proxy_reply->vps);
797 request->proxy_reply->vps = vp;
807 * Find the named user in this modules database. Create the set
808 * of attribute-value pairs to check and reply with for this user
809 * from the database. The authentication code only needs to check
810 * the password, the rest is done here.
812 static rlm_rcode_t perl_authorize(void *instance, REQUEST *request)
814 return rlmperl_call(instance, request,
815 ((PERL_INST *)instance)->func_authorize);
819 * Authenticate the user with the given password.
821 static rlm_rcode_t perl_authenticate(void *instance, REQUEST *request)
823 return rlmperl_call(instance, request,
824 ((PERL_INST *)instance)->func_authenticate);
827 * Massage the request before recording it or proxying it
829 static rlm_rcode_t perl_preacct(void *instance, REQUEST *request)
831 return rlmperl_call(instance, request,
832 ((PERL_INST *)instance)->func_preacct);
835 * Write accounting information to this modules database.
837 static rlm_rcode_t perl_accounting(void *instance, REQUEST *request)
840 int acctstatustype=0;
842 if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0, TAG_ANY)) != NULL) {
843 acctstatustype = pair->vp_integer;
845 radlog(L_ERR, "Invalid Accounting Packet");
846 return RLM_MODULE_INVALID;
849 switch (acctstatustype) {
851 case PW_STATUS_START:
853 if (((PERL_INST *)instance)->func_start_accounting) {
854 return rlmperl_call(instance, request,
855 ((PERL_INST *)instance)->func_start_accounting);
857 return rlmperl_call(instance, request,
858 ((PERL_INST *)instance)->func_accounting);
864 if (((PERL_INST *)instance)->func_stop_accounting) {
865 return rlmperl_call(instance, request,
866 ((PERL_INST *)instance)->func_stop_accounting);
868 return rlmperl_call(instance, request,
869 ((PERL_INST *)instance)->func_accounting);
873 return rlmperl_call(instance, request,
874 ((PERL_INST *)instance)->func_accounting);
879 * Check for simultaneouse-use
881 static rlm_rcode_t perl_checksimul(void *instance, REQUEST *request)
883 return rlmperl_call(instance, request,
884 ((PERL_INST *)instance)->func_checksimul);
891 static rlm_rcode_t perl_pre_proxy(void *instance, REQUEST *request)
893 return rlmperl_call(instance, request,
894 ((PERL_INST *)instance)->func_pre_proxy);
899 static rlm_rcode_t perl_post_proxy(void *instance, REQUEST *request)
901 return rlmperl_call(instance, request,
902 ((PERL_INST *)instance)->func_post_proxy);
909 static rlm_rcode_t perl_post_auth(void *instance, REQUEST *request)
911 return rlmperl_call(instance, request,
912 ((PERL_INST *)instance)->func_post_auth);
918 static rlm_rcode_t perl_recv_coa(void *instance, REQUEST *request)
920 return rlmperl_call(instance, request,
921 ((PERL_INST *)instance)->func_recv_coa);
926 static rlm_rcode_t perl_send_coa(void *instance, REQUEST *request)
928 return rlmperl_call(instance, request,
929 ((PERL_INST *)instance)->func_send_coa);
933 * Detach a instance give a chance to a module to make some internal setup ...
935 static int perl_detach(void *instance)
937 PERL_INST *inst = (PERL_INST *) instance;
938 int exitstatus = 0, count = 0;
942 * FIXME: Call this in the destruct function?
945 dTHXa(handle->clone);
946 PERL_SET_CONTEXT(handle->clone);
948 dSP; ENTER; SAVETMPS; PUSHMARK(SP);
949 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
958 if (exitstatus >= 100 || exitstatus < 0) {
959 exitstatus = RLM_MODULE_FAIL;
969 if (inst->func_detach) {
971 PERL_SET_CONTEXT(inst->perl);
973 dSP; ENTER; SAVETMPS;
976 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
981 if (exitstatus >= 100 || exitstatus < 0) {
982 exitstatus = RLM_MODULE_FAIL;
991 xlat_unregister(inst->xlat_name, perl_xlat, instance);
994 rlm_perl_destruct(inst->perl);
995 pthread_mutex_destroy(&inst->clone_mutex);
997 perl_destruct(inst->perl);
998 perl_free(inst->perl);
1007 * The module name should be the only globally exported symbol.
1008 * That is, everything else should be 'static'.
1010 * If the module needs to temporarily modify it's instantiation
1011 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
1012 * The server will then take care of ensuring that the module
1013 * is single-threaded.
1015 module_t rlm_perl = {
1019 RLM_TYPE_THREAD_SAFE, /* type */
1021 RLM_TYPE_THREAD_UNSAFE,
1023 perl_instantiate, /* instantiation */
1024 perl_detach, /* detach */
1026 perl_authenticate, /* authenticate */
1027 perl_authorize, /* authorize */
1028 perl_preacct, /* preacct */
1029 perl_accounting, /* accounting */
1030 perl_checksimul, /* check simul */
1032 perl_pre_proxy, /* pre-proxy */
1033 perl_post_proxy, /* post-proxy */
1037 perl_post_auth /* post-auth */