#define RETRY_DELAY 5
#define RETRY_COUNT 3
#define DEAD_TIME 120
+#define EXEC_TIMEOUT 10
/* for paircompare_register */
typedef int (*RAD_COMPARE_FUNC)(void *instance, REQUEST *,VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **);
int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
char *answer, int left);
int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
- char *user_msg, size_t msg_len,
+ char *user_msg, size_t msg_len, int timeout,
VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs);
void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench);
case VPT_TYPE_EXEC:
EVAL_DEBUG("TMPL EXEC");
*out = talloc_array(request, char, 1024);
- if (radius_exec_program(request, vpt->name, true, false, *out, 1024, NULL, NULL) != 0) {
+ if (radius_exec_program(request, vpt->name, true, false, *out, 1024, EXEC_TIMEOUT, NULL, NULL) != 0) {
TALLOC_FREE(*out);
return -1;
}
* @param[in] shell_escape values before passing them as arguments.
* @param[in] user_msg buffer to append plaintext (non valuepair) output.
* @param[in] msg_len length of user_msg buffer.
+ * @param[in] timeout amount of time to wait, in seconds.
* @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
* @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
* of value pairs.
* @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
*/
int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
- char *user_msg, size_t msg_len,
+ char *user_msg, size_t msg_len, int timeout,
VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs)
{
}
#ifndef __MINGW32__
- done = radius_readfrom_program(request, from_child, pid, 10, answer, sizeof(answer));
+ done = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer));
if (done < 0) {
/*
* failure - radius_readfrom_program will
radius_xlat(buffer, sizeof(buffer), request, mx->xlat_name, NULL, NULL);
} else {
RDEBUG("`%s`", mx->xlat_name);
- radius_exec_program(request, mx->xlat_name, false, true,
- NULL, 0, request->packet->vps, NULL);
+ radius_exec_program(request, mx->xlat_name, false, true, NULL, 0,
+ EXEC_TIMEOUT, request->packet->vps, NULL);
}
goto next_sibling;
}
RDEBUG("Trigger %s -> %s", name, value);
- radius_exec_program(request, value, false, true, NULL, 0, vp, NULL);
+ radius_exec_program(request, value, false, true, NULL, 0, EXEC_TIMEOUT, vp, NULL);
}
RDEBUG("Verifying client certificate: %s", conf->verify_client_cert_cmd);
if (radius_exec_program(request, conf->verify_client_cert_cmd, true, true, NULL, 0,
- request->packet->vps, NULL) != 0) {
+ EXEC_TIMEOUT, request->packet->vps, NULL) != 0) {
AUTH("rlm_eap_tls: Certificate CN (%s) fails external verification!", common_name);
my_ok = 0;
} else {
*/
out[0] = '\0';
result = radius_exec_program(request, map->src->name, true, true,
- answer, sizeof(answer),
+ answer, sizeof(answer), EXEC_TIMEOUT,
input_pairs ? *input_pairs : NULL,
(map->dst->type == VPT_TYPE_LIST) ? output_pairs : NULL);
talloc_free(expanded);
* FIXME: Do xlat of program name?
*/
result = radius_exec_program(request, fmt, inst->wait, inst->shell_escape,
- out, outlen, input_pairs ? *input_pairs : NULL, NULL);
+ out, outlen, EXEC_TIMEOUT,
+ input_pairs ? *input_pairs : NULL, NULL);
if (result != 0) {
out[0] = '\0';
return -1;
* into something else.
*/
status = radius_exec_program(request, inst->program, inst->wait, inst->shell_escape,
- out, sizeof(out),
+ out, sizeof(out), EXEC_TIMEOUT,
input_pairs ? *input_pairs : NULL, &answer);
rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
tmp = NULL;
status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
- out, sizeof(out),
+ out, sizeof(out), EXEC_TIMEOUT,
request->packet->vps, &tmp);
rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
}
status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
- out, sizeof(out),
+ out, sizeof(out), EXEC_TIMEOUT,
request->packet->vps, NULL);
return rlm_exec_status2rcode(request, out, strlen(out), status);
}
* Run the program, and expect that we get 16
*/
result = radius_exec_program(request, inst->ntlm_auth, true, true,
- buffer, sizeof(buffer),
+ buffer, sizeof(buffer), EXEC_TIMEOUT,
NULL, NULL);
if (result != 0) {
char *p;