VALUE_PAIR *input_pairs, bool shell_escape);
int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
char *answer, int left);
-int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
- char *user_msg, size_t msg_len, int timeout,
- VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs) CC_HINT(nonnull (1, 2));
+int radius_exec_program(char *out, size_t outlen, VALUE_PAIR **output_pairs,
+ REQUEST *request, char const *cmd, VALUE_PAIR *input_pairs,
+ bool exec_wait, bool shell_escape, int timeout) CC_HINT(nonnull (4, 5));
void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench)
CC_HINT(nonnull (3));
case TMPL_TYPE_EXEC:
EVAL_DEBUG("TMPL EXEC");
*out = talloc_array(request, char, 1024);
- if (radius_exec_program(request, vpt->name, true, false, *out, 1024, EXEC_TIMEOUT, NULL, NULL) != 0) {
+ if (radius_exec_program(*out, 1024, NULL, request, vpt->name, NULL, true, false, EXEC_TIMEOUT) != 0) {
TALLOC_FREE(*out);
return -1;
}
/** Execute a program.
*
+ * @param[out] out buffer to append plaintext (non valuepair) output.
+ * @param[in] outlen length of out buffer.
+ * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
+ * of value pairs.
* @param[in] request Current request (may be NULL).
* @param[in] cmd Command to execute. This is parsed into argv[] parts, then each individual argv part
* is xlat'ed.
+ * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
* @param[in] exec_wait set to 1 if you want to read from or write to child.
* @param[in] shell_escape values before passing them as arguments.
- * @param[in] user_msg buffer to append plaintext (non valuepair) output.
- * @param[in] msg_len length of user_msg buffer.
* @param[in] timeout amount of time to wait, in seconds.
- * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
- * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
- * of value pairs.
+
* @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
*/
-int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
- char *user_msg, size_t msg_len, int timeout,
- VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs)
+int radius_exec_program(char *out, size_t outlen, VALUE_PAIR **output_pairs,
+ REQUEST *request, char const *cmd, VALUE_PAIR *input_pairs,
+ bool exec_wait, bool shell_escape, int timeout)
{
pid_t pid;
RDEBUG2("Executing: %s:", cmd);
- if (user_msg) *user_msg = '\0';
+ if (out) *out = '\0';
pid = radius_start_program(cmd, request, exec_wait, NULL, &from_child, input_pairs, shell_escape);
if (pid < 0) {
if (userparse(request, answer, output_pairs) == T_INVALID) {
RERROR("Failed parsing output from: %s: %s", cmd, fr_strerror());
- strlcpy(user_msg, answer, len);
+ strlcpy(out, answer, len);
ret = -1;
}
/*
* We've not been told to extract output pairs,
- * just copy the programs output to the user_msg
+ * just copy the programs output to the out
* buffer.
*/
- } else if (user_msg) {
- strlcpy(user_msg, answer, msg_len);
+ } else if (out) {
+ strlcpy(out, answer, outlen);
}
/*
* if dst is an attribute, then we create an attribute of that type and then
* call pairparsevalue on the output of the script.
*/
- result = radius_exec_program(request, map->rhs->name, true, true,
- answer, sizeof(answer), EXEC_TIMEOUT,
- input_pairs ? *input_pairs : NULL,
- (map->lhs->type == TMPL_TYPE_LIST) ? &output_pairs : NULL);
+ result = radius_exec_program(answer, sizeof(answer), (map->lhs->type == TMPL_TYPE_LIST) ? &output_pairs : NULL,
+ request, map->rhs->name, input_pairs ? *input_pairs : NULL,
+ true, true, EXEC_TIMEOUT);
talloc_free(expanded);
if (result != 0) {
talloc_free(output_pairs);
radius_xlat(buffer, sizeof(buffer), request, mx->xlat_name, NULL, NULL);
} else {
RDEBUG("`%s`", mx->xlat_name);
- radius_exec_program(request, mx->xlat_name, false, true, NULL, 0,
- EXEC_TIMEOUT, request->packet->vps, NULL);
+ radius_exec_program(NULL, 0, NULL, request, mx->xlat_name, request->packet->vps,
+ false, true, EXEC_TIMEOUT);
}
goto next_sibling;
}
DEBUG("Trigger %s -> %s", name, value);
- radius_exec_program(request, value, false, true, NULL, 0, EXEC_TIMEOUT, vp, NULL);
+ radius_exec_program(NULL, 0, NULL, request, value, vp, false, true, EXEC_TIMEOUT);
}
}
RDEBUG("Verifying client certificate: %s", conf->verify_client_cert_cmd);
- if (radius_exec_program(request, conf->verify_client_cert_cmd, true, true, NULL, 0,
- EXEC_TIMEOUT, request->packet->vps, NULL) != 0) {
+ if (radius_exec_program(NULL, 0, NULL, request, conf->verify_client_cert_cmd,
+ request->packet->vps,
+ true, true, EXEC_TIMEOUT) != 0) {
AUTH("tls: Certificate CN (%s) fails external verification!", common_name);
my_ok = 0;
} else {
* This function does it's own xlat of the input program
* to execute.
*/
- result = radius_exec_program(request, fmt, inst->wait, inst->shell_escape,
- out, outlen, inst->timeout,
- input_pairs ? *input_pairs : NULL, NULL);
+ result = radius_exec_program(out, outlen, NULL, request, fmt, input_pairs ? *input_pairs : NULL,
+ inst->wait, inst->shell_escape, inst->timeout);
if (result != 0) {
out[0] = '\0';
return -1;
* This function does it's own xlat of the input program
* to execute.
*/
- status = radius_exec_program(request, inst->program, inst->wait, inst->shell_escape,
- out, sizeof(out), inst->timeout,
- inst->input ? *input_pairs : NULL,
- inst->output ? &answer : NULL);
+ status = radius_exec_program(out, sizeof(out), inst->output ? &answer : NULL, request,
+ inst->program, inst->input ? *input_pairs : NULL,
+ inst->wait, inst->shell_escape, inst->timeout);
rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
/*
}
tmp = NULL;
- status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
- out, sizeof(out), inst->timeout,
- request->packet->vps, &tmp);
+ status = radius_exec_program(out, sizeof(out), &tmp, request, vp->vp_strvalue, request->packet->vps,
+ we_wait, inst->shell_escape, inst->timeout);
rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
/*
return RLM_MODULE_NOOP;
}
- status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
- out, sizeof(out), inst->timeout,
- request->packet->vps, NULL);
+ status = radius_exec_program(out, sizeof(out), NULL, request, vp->vp_strvalue, request->packet->vps,
+ we_wait, inst->shell_escape, inst->timeout);
return rlm_exec_status2rcode(request, out, strlen(out), status);
}
int result;
input_pairs = radius_list(request, PAIR_LIST_REQUEST);
- result = radius_exec_program(request, map->rhs->name, true, true, answer,
- sizeof(answer), EXEC_TIMEOUT,
- input_pairs ? *input_pairs : NULL, NULL);
+ result = radius_exec_program(answer, sizeof(answer), NULL, request,
+ map->rhs->name, input_pairs ? *input_pairs : NULL,
+ true, true, EXEC_TIMEOUT);
if (result != 0) {
return -1;
}
/*
* Run the program, and expect that we get 16
*/
- result = radius_exec_program(request, inst->ntlm_auth, true, true,
- buffer, sizeof(buffer), inst->ntlm_auth_timeout,
- NULL, NULL);
+ result = radius_exec_program(buffer, sizeof(buffer), NULL, request, inst->ntlm_auth, NULL,
+ true, true, inst->ntlm_auth_timeout);
if (result != 0) {
char *p;