6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2002,2006 The FreeRADIUS server project
21 * Copyright 2002 Boian Jordanov <bjordanov@orbitel.bg>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
42 #include <semaphore.h>
45 extern char **environ;
49 * Define a structure for our module configuration.
51 * These variables do not need to be in a structure, but it's
52 * a lot cleaner to do so, and a pointer to the structure can
53 * be used as the instance handle.
55 typedef struct perl_inst {
56 /* Name of the perl module */
59 /* Name of the functions for each module method */
61 char *func_authenticate;
62 char *func_accounting;
63 char *func_start_accounting;
64 char *func_stop_accounting;
66 char *func_checksimul;
71 char *func_post_proxy;
80 PerlInterpreter *perl;
81 pthread_key_t *thread_key;
84 * A mapping of configuration file names to internal variables.
86 * Note that the string is dynamically allocated, so it MUST
87 * be freed. When the configuration file parse re-reads the string,
88 * it free's the old one, and strdup's the new one, placing the pointer
89 * to the strdup'd string into 'config.string'. This gets around
92 static const CONF_PARSER module_config[] = {
93 { "module", PW_TYPE_FILENAME,
94 offsetof(PERL_INST,module), NULL, "module"},
95 { "func_authorize", PW_TYPE_STRING_PTR,
96 offsetof(PERL_INST,func_authorize), NULL, "authorize"},
97 { "func_authenticate", PW_TYPE_STRING_PTR,
98 offsetof(PERL_INST,func_authenticate), NULL, "authenticate"},
99 { "func_accounting", PW_TYPE_STRING_PTR,
100 offsetof(PERL_INST,func_accounting), NULL, "accounting"},
101 { "func_preacct", PW_TYPE_STRING_PTR,
102 offsetof(PERL_INST,func_preacct), NULL, "preacct"},
103 { "func_checksimul", PW_TYPE_STRING_PTR,
104 offsetof(PERL_INST,func_checksimul), NULL, "checksimul"},
105 { "func_detach", PW_TYPE_STRING_PTR,
106 offsetof(PERL_INST,func_detach), NULL, "detach"},
107 { "func_xlat", PW_TYPE_STRING_PTR,
108 offsetof(PERL_INST,func_xlat), NULL, "xlat"},
110 { "func_pre_proxy", PW_TYPE_STRING_PTR,
111 offsetof(PERL_INST,func_pre_proxy), NULL, "pre_proxy"},
112 { "func_post_proxy", PW_TYPE_STRING_PTR,
113 offsetof(PERL_INST,func_post_proxy), NULL, "post_proxy"},
115 { "func_post_auth", PW_TYPE_STRING_PTR,
116 offsetof(PERL_INST,func_post_auth), NULL, "post_auth"},
118 { "func_recv_coa", PW_TYPE_STRING_PTR,
119 offsetof(PERL_INST,func_recv_coa), NULL, "recv_coa"},
120 { "func_send_coa", PW_TYPE_STRING_PTR,
121 offsetof(PERL_INST,func_send_coa), NULL, "send_coa"},
123 { "perl_flags", PW_TYPE_STRING_PTR,
124 offsetof(PERL_INST,perl_flags), NULL, NULL},
125 { "func_start_accounting", PW_TYPE_STRING_PTR,
126 offsetof(PERL_INST,func_start_accounting), NULL, NULL},
127 { "func_stop_accounting", PW_TYPE_STRING_PTR,
128 offsetof(PERL_INST,func_stop_accounting), NULL, NULL},
130 { NULL, -1, 0, NULL, NULL } /* end the list */
136 EXTERN_C void boot_DynaLoader(pTHX_ CV* cv);
139 #define dl_librefs "DynaLoader::dl_librefs"
140 #define dl_modules "DynaLoader::dl_modules"
141 static void rlm_perl_clear_handles(pTHX)
143 AV *librefs = get_av(dl_librefs, FALSE);
149 static void **rlm_perl_get_handles(pTHX)
152 AV *librefs = get_av(dl_librefs, FALSE);
153 AV *modules = get_av(dl_modules, FALSE);
158 "Could not get @%s for unloading.\n",
163 if (!(AvFILL(librefs) >= 0)) {
167 handles = (void **)rad_malloc(sizeof(void *) * (AvFILL(librefs)+2));
169 for (i=0; i<=AvFILL(librefs); i++) {
171 SV *handle_sv = *av_fetch(librefs, i, FALSE);
175 "Could not fetch $%s[%d]!\n",
179 handle = (void *)SvIV(handle_sv);
189 handles[i] = (void *)0;
194 static void rlm_perl_close_handles(void **handles)
202 for (i=0; handles[i]; i++) {
203 radlog(L_DBG, "close %p\n", handles[i]);
210 static void rlm_perl_destruct(PerlInterpreter *perl)
214 PERL_SET_CONTEXT(perl);
216 PL_perl_destruct_level = 2;
218 PL_origenviron = environ;
224 * FIXME: This shouldn't happen
227 while (PL_scopestack_ix > 1 ){
235 static void rlm_destroy_perl(PerlInterpreter *perl)
240 PERL_SET_CONTEXT(perl);
242 handles = rlm_perl_get_handles(aTHX);
243 rlm_perl_destruct(perl);
244 rlm_perl_close_handles(handles);
248 static void rlm_perl_make_key(pthread_key_t *key)
250 pthread_key_create(key, rlm_destroy_perl);
253 static PerlInterpreter *rlm_perl_clone(PerlInterpreter *perl, pthread_key_t *key)
255 PerlInterpreter *interp;
258 PERL_SET_CONTEXT(perl);
260 interp = pthread_getspecific(*key);
261 if (interp) return interp;
263 interp = perl_clone(perl, clone_flags);
267 #if PERL_REVISION >= 5 && PERL_VERSION <8
270 ptr_table_free(PL_ptr_table);
273 PERL_SET_CONTEXT(aTHX);
274 rlm_perl_clear_handles(aTHX);
276 pthread_setspecific(*key, interp);
282 static void xs_init(pTHX)
284 char *file = __FILE__;
286 /* DynaLoader is a special case */
287 newXS("DynaLoader::boot_DynaLoader", boot_DynaLoader, file);
292 * This is wrapper for radlog
293 * Now users can call radiusd::radlog(level,msg) wich is the same
294 * calling radlog from C code.
297 static XS(XS_radiusd_radlog)
301 croak("Usage: radiusd::radlog(level, message)");
306 level = (int) SvIV(ST(0));
307 msg = (char *) SvPV(ST(1), PL_na);
310 * Because 'msg' is a 'char *', we don't want '%s', etc.
311 * in it to give us printf-style vulnerabilities.
313 radlog(level, "rlm_perl: %s", msg);
321 static size_t perl_xlat(void *instance, REQUEST *request, char *fmt, char *out,
322 size_t freespace, RADIUS_ESCAPE_STRING func)
325 PERL_INST *inst= (PERL_INST *) instance;
326 PerlInterpreter *perl;
327 char params[1024], *ptr, *tmp;
333 * Do an xlat on the provided string (nice recursive operation).
335 if (!radius_xlat(params, sizeof(params), fmt, request, func)) {
336 radlog(L_ERR, "rlm_perl: xlat failed.");
340 #ifndef WITH_ITHREADS
343 perl = rlm_perl_clone(inst->perl,inst->thread_key);
348 PERL_SET_CONTEXT(perl);
353 ptr = strtok(params, " ");
357 while (ptr != NULL) {
358 XPUSHs(sv_2mortal(newSVpv(ptr,0)));
359 ptr = strtok(NULL, " ");
364 count = call_pv(inst->func_xlat, G_SCALAR | G_EVAL);
368 radlog(L_ERR, "rlm_perl: perl_xlat exit %s\n",
371 } else if (count > 0) {
373 strlcpy(out, tmp, freespace);
376 radlog(L_DBG,"rlm_perl: Len is %d , out is %s freespace is %d",
388 * Do any per-module initialization that is separate to each
389 * configured instance of the module. e.g. set up connections
390 * to external databases, read configuration files, set up
391 * dictionary entries, etc.
393 * If configuration information is given in the config section
394 * that must be referenced in later calls, store a handle to it
395 * in *instance otherwise put a null pointer there.
398 * Setup a hashes wich we will use later
399 * parse a module and give him a chance to live
402 static int perl_instantiate(CONF_SECTION *conf, void **instance)
404 PERL_INST *inst = (PERL_INST *) instance;
410 HV *rad_request_proxy_hv;
411 HV *rad_request_proxy_reply_hv;
417 const char *xlat_name;
418 int exitstatus = 0, argc=0;
420 embed = rad_malloc(4*(sizeof(char *)));
421 memset(embed, 0, sizeof(4*(sizeof(char *))));
423 * Set up a storage area for instance data
425 inst = rad_malloc(sizeof(PERL_INST));
426 memset(inst, 0, sizeof(PERL_INST));
429 * If the configuration parameters can't be parsed, then
432 if (cf_section_parse(conf, inst, module_config) < 0) {
438 * Create pthread key. This key will be stored in instance
442 inst->thread_key = rad_malloc(sizeof(*inst->thread_key));
443 memset(inst->thread_key,0,sizeof(*inst->thread_key));
445 rlm_perl_make_key(inst->thread_key);
448 if (inst->perl_flags) {
449 embed[1] = inst->perl_flags;
450 embed[2] = inst->module;
454 embed[1] = inst->module;
459 PERL_SYS_INIT3(&argc, &embed, &envp);
461 if ((inst->perl = perl_alloc()) == NULL) {
462 radlog(L_DBG, "rlm_perl: No memory for allocating new perl !");
466 perl_construct(inst->perl);
467 PL_perl_destruct_level = 2;
472 PERL_SET_CONTEXT(inst->perl);
474 if ((inst->perl = perl_alloc()) == NULL) {
475 radlog(L_ERR, "rlm_perl: No memory for allocating new perl !");
479 perl_construct(inst->perl);
482 #if PERL_REVISION >= 5 && PERL_VERSION >=8
483 PL_exit_flags |= PERL_EXIT_DESTRUCT_END;
486 exitstatus = perl_parse(inst->perl, xs_init, argc, embed, NULL);
492 exitstatus = perl_run(inst->perl);
494 radlog(L_ERR,"rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module);
500 newXS("radiusd::radlog",XS_radiusd_radlog, "rlm_perl.c");
502 rad_reply_hv = newHV();
503 rad_check_hv = newHV();
504 rad_config_hv = newHV();
505 rad_request_hv = newHV();
507 rad_request_proxy_hv = newHV();
508 rad_request_proxy_reply_hv = newHV();
511 rad_reply_hv = get_hv("RAD_REPLY",1);
512 rad_check_hv = get_hv("RAD_CHECK",1);
513 rad_config_hv = get_hv("RAD_CONFIG",1);
514 rad_request_hv = get_hv("RAD_REQUEST",1);
516 rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
517 rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
520 xlat_name = cf_section_name2(conf);
521 if (xlat_name == NULL)
522 xlat_name = cf_section_name1(conf);
524 inst->xlat_name = strdup(xlat_name);
525 xlat_register(xlat_name, perl_xlat, inst);
534 * get the vps and put them in perl hash
535 * If one VP have multiple values it is added as array_ref
536 * Example for this is Cisco-AVPair that holds multiple values.
537 * Which will be available as array_ref in $RAD_REQUEST{'Cisco-AVPair'}
539 static void perl_store_vps(VALUE_PAIR *vp, HV *rad_hv)
541 VALUE_PAIR *nvp, *vpa, *vpn;
543 char namebuf[256], *name;
545 int attr, vendor, len;
550 while (nvp != NULL) {
552 attr = nvp->attribute;
553 vendor = nvp->vendor;
554 vpa = paircopy2(nvp, attr, vendor);
560 len = vp_prints_value(buffer, sizeof(buffer),
562 av_push(av, newSVpv(buffer, len));
565 hv_store(rad_hv, nvp->name, strlen(nvp->name),
566 newRV_noinc((SV *) av), 0);
568 if ((vpa->flags.has_tag) &&
569 (vpa->flags.tag != 0)) {
570 snprintf(namebuf, sizeof(namebuf), "%s:%d",
571 nvp->name, nvp->flags.tag);
575 len = vp_prints_value(buffer, sizeof(buffer),
577 hv_store(rad_hv, name, strlen(name),
578 newSVpv(buffer, len), 0);
582 vpa = nvp; while ((vpa != NULL) && (vpa->attribute == attr) && (vpa->vendor == vendor))
584 pairdelete(&nvp, attr, vendor);
591 * Verify that a Perl SV is a string and save it in FreeRadius
595 static int pairadd_sv(VALUE_PAIR **vp, char *key, SV *sv, int operator) {
600 val = SvPV_nolen(sv);
601 vpp = pairmake(key, val, operator);
605 "rlm_perl: Added pair %s = %s", key, val);
609 "rlm_perl: ERROR: Failed to create pair %s = %s",
618 * Gets the content from hashes
620 static int get_hv_content(HV *my_hv, VALUE_PAIR **vp)
625 I32 key_len, len, i, j;
629 for (i = hv_iterinit(my_hv); i > 0; i--) {
630 res_sv = hv_iternextsv(my_hv,&key,&key_len);
631 if (SvROK(res_sv) && (SvTYPE(SvRV(res_sv)) == SVt_PVAV)) {
632 av = (AV*)SvRV(res_sv);
634 for (j = 0; j <= len; j++) {
635 av_sv = av_fetch(av, j, 0);
636 ret = pairadd_sv(vp, key, *av_sv, T_OP_ADD) + ret;
638 } else ret = pairadd_sv(vp, key, res_sv, T_OP_EQ) + ret;
645 * Call the function_name inside the module
646 * Store all vps in hashes %RAD_CHECK %RAD_REPLY %RAD_REQUEST
649 static int rlmperl_call(void *instance, REQUEST *request, char *function_name)
652 PERL_INST *inst = instance;
654 int exitstatus=0, count;
662 HV *rad_request_proxy_hv;
663 HV *rad_request_proxy_reply_hv;
667 PerlInterpreter *interp;
669 interp = rlm_perl_clone(inst->perl,inst->thread_key);
672 PERL_SET_CONTEXT(interp);
675 PERL_SET_CONTEXT(inst->perl);
685 * Radius has told us to call this function, but none
688 if (!function_name) {
689 return RLM_MODULE_FAIL;
692 rad_reply_hv = get_hv("RAD_REPLY",1);
693 rad_check_hv = get_hv("RAD_CHECK",1);
694 rad_config_hv = get_hv("RAD_CONFIG",1);
695 rad_request_hv = get_hv("RAD_REQUEST",1);
697 rad_request_proxy_hv = get_hv("RAD_REQUEST_PROXY",1);
698 rad_request_proxy_reply_hv = get_hv("RAD_REQUEST_PROXY_REPLY",1);
701 perl_store_vps(request->reply->vps, rad_reply_hv);
702 perl_store_vps(request->config_items, rad_check_hv);
703 perl_store_vps(request->packet->vps, rad_request_hv);
704 perl_store_vps(request->config_items, rad_config_hv);
707 if (request->proxy != NULL) {
708 perl_store_vps(request->proxy->vps, rad_request_proxy_hv);
710 hv_undef(rad_request_proxy_hv);
713 if (request->proxy_reply !=NULL) {
714 perl_store_vps(request->proxy_reply->vps, rad_request_proxy_reply_hv);
716 hv_undef(rad_request_proxy_reply_hv);
722 * This way %RAD_xx can be pushed onto stack as sub parameters.
723 * XPUSHs( newRV_noinc((SV *)rad_request_hv) );
724 * XPUSHs( newRV_noinc((SV *)rad_reply_hv) );
725 * XPUSHs( newRV_noinc((SV *)rad_check_hv) );
729 count = call_pv(function_name, G_SCALAR | G_EVAL | G_NOARGS);
734 radlog(L_ERR, "rlm_perl: perl_embed:: module = %s , func = %s exit status= %s\n",
736 function_name, SvPV(ERRSV,n_a));
742 if (exitstatus >= 100 || exitstatus < 0) {
743 exitstatus = RLM_MODULE_FAIL;
753 if ((get_hv_content(rad_request_hv, &vp)) > 0 ) {
754 pairfree(&request->packet->vps);
755 request->packet->vps = vp;
759 * Update cached copies
761 request->username = pairfind(request->packet->vps,
763 request->password = pairfind(request->packet->vps,
764 PW_USER_PASSWORD, 0);
765 if (!request->password)
766 request->password = pairfind(request->packet->vps,
767 PW_CHAP_PASSWORD, 0);
770 if ((get_hv_content(rad_reply_hv, &vp)) > 0 ) {
771 pairfree(&request->reply->vps);
772 request->reply->vps = vp;
776 if ((get_hv_content(rad_check_hv, &vp)) > 0 ) {
777 pairfree(&request->config_items);
778 request->config_items = vp;
783 if (request->proxy &&
784 (get_hv_content(rad_request_proxy_hv, &vp) > 0)) {
785 pairfree(&request->proxy->vps);
786 request->proxy->vps = vp;
790 if (request->proxy_reply &&
791 (get_hv_content(rad_request_proxy_reply_hv, &vp) > 0)) {
792 pairfree(&request->proxy_reply->vps);
793 request->proxy_reply->vps = vp;
803 * Find the named user in this modules database. Create the set
804 * of attribute-value pairs to check and reply with for this user
805 * from the database. The authentication code only needs to check
806 * the password, the rest is done here.
808 static int perl_authorize(void *instance, REQUEST *request)
810 return rlmperl_call(instance, request,
811 ((PERL_INST *)instance)->func_authorize);
815 * Authenticate the user with the given password.
817 static int perl_authenticate(void *instance, REQUEST *request)
819 return rlmperl_call(instance, request,
820 ((PERL_INST *)instance)->func_authenticate);
823 * Massage the request before recording it or proxying it
825 static int perl_preacct(void *instance, REQUEST *request)
827 return rlmperl_call(instance, request,
828 ((PERL_INST *)instance)->func_preacct);
831 * Write accounting information to this modules database.
833 static int perl_accounting(void *instance, REQUEST *request)
836 int acctstatustype=0;
838 if ((pair = pairfind(request->packet->vps, PW_ACCT_STATUS_TYPE, 0)) != NULL) {
839 acctstatustype = pair->vp_integer;
841 radlog(L_ERR, "Invalid Accounting Packet");
842 return RLM_MODULE_INVALID;
845 switch (acctstatustype) {
847 case PW_STATUS_START:
849 if (((PERL_INST *)instance)->func_start_accounting) {
850 return rlmperl_call(instance, request,
851 ((PERL_INST *)instance)->func_start_accounting);
853 return rlmperl_call(instance, request,
854 ((PERL_INST *)instance)->func_accounting);
860 if (((PERL_INST *)instance)->func_stop_accounting) {
861 return rlmperl_call(instance, request,
862 ((PERL_INST *)instance)->func_stop_accounting);
864 return rlmperl_call(instance, request,
865 ((PERL_INST *)instance)->func_accounting);
869 return rlmperl_call(instance, request,
870 ((PERL_INST *)instance)->func_accounting);
875 * Check for simultaneouse-use
877 static int perl_checksimul(void *instance, REQUEST *request)
879 return rlmperl_call(instance, request,
880 ((PERL_INST *)instance)->func_checksimul);
887 static int perl_pre_proxy(void *instance, REQUEST *request)
889 return rlmperl_call(instance, request,
890 ((PERL_INST *)instance)->func_pre_proxy);
895 static int perl_post_proxy(void *instance, REQUEST *request)
897 return rlmperl_call(instance, request,
898 ((PERL_INST *)instance)->func_post_proxy);
905 static int perl_post_auth(void *instance, REQUEST *request)
907 return rlmperl_call(instance, request,
908 ((PERL_INST *)instance)->func_post_auth);
914 static int perl_recv_coa(void *instance, REQUEST *request)
916 return rlmperl_call(instance, request,
917 ((PERL_INST *)instance)->func_recv_coa);
922 static int perl_send_coa(void *instance, REQUEST *request)
924 return rlmperl_call(instance, request,
925 ((PERL_INST *)instance)->func_send_coa);
929 * Detach a instance give a chance to a module to make some internal setup ...
931 static int perl_detach(void *instance)
933 PERL_INST *inst = (PERL_INST *) instance;
934 int exitstatus = 0, count = 0;
938 * FIXME: Call this in the destruct function?
941 dTHXa(handle->clone);
942 PERL_SET_CONTEXT(handle->clone);
944 dSP; ENTER; SAVETMPS; PUSHMARK(SP);
945 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
954 if (exitstatus >= 100 || exitstatus < 0) {
955 exitstatus = RLM_MODULE_FAIL;
965 if (inst->func_detach) {
967 PERL_SET_CONTEXT(inst->perl);
969 dSP; ENTER; SAVETMPS;
972 count = call_pv(inst->func_detach, G_SCALAR | G_EVAL );
977 if (exitstatus >= 100 || exitstatus < 0) {
978 exitstatus = RLM_MODULE_FAIL;
987 xlat_unregister(inst->xlat_name, perl_xlat);
988 free(inst->xlat_name);
991 rlm_perl_destruct(inst->perl);
993 perl_destruct(inst->perl);
994 perl_free(inst->perl);
1004 * The module name should be the only globally exported symbol.
1005 * That is, everything else should be 'static'.
1007 * If the module needs to temporarily modify it's instantiation
1008 * data, the type should be changed to RLM_TYPE_THREAD_UNSAFE.
1009 * The server will then take care of ensuring that the module
1010 * is single-threaded.
1012 module_t rlm_perl = {
1016 RLM_TYPE_THREAD_SAFE, /* type */
1018 RLM_TYPE_THREAD_UNSAFE,
1020 perl_instantiate, /* instantiation */
1021 perl_detach, /* detach */
1023 perl_authenticate, /* authenticate */
1024 perl_authorize, /* authorize */
1025 perl_preacct, /* preacct */
1026 perl_accounting, /* accounting */
1027 perl_checksimul, /* check simul */
1029 perl_pre_proxy, /* pre-proxy */
1030 perl_post_proxy, /* post-proxy */
1034 perl_post_auth /* post-auth */