add timeout arg to radius_exec_program, with default EXEC_TIMEOUT

diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index 30e1012..225f633 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -467,6 +467,7 @@ typedef struct main_config_t {
 #define RETRY_DELAY         5
 #define RETRY_COUNT         3
 #define DEAD_TIME             120
+#define EXEC_TIMEOUT          10
 
 /* for paircompare_register */
 typedef int (*RAD_COMPARE_FUNC)(void *instance, REQUEST *,VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR *, VALUE_PAIR **);
@@ -614,7 +615,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request,
 int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
                            char *answer, int left);
 int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
-                       char *user_msg, size_t msg_len,
+                       char *user_msg, size_t msg_len, int timeout,
                        VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs);
 void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quench);
 

diff --git a/src/main/evaluate.c b/src/main/evaluate.c
index 01ee49a..be157e6 100644 (file)
--- a/src/main/evaluate.c
+++ b/src/main/evaluate.c
@@ -88,7 +88,7 @@ static int radius_expand_tmpl(char **out, REQUEST *request, value_pair_tmpl_t co
        case VPT_TYPE_EXEC:
                EVAL_DEBUG("TMPL EXEC");
                *out = talloc_array(request, char, 1024);
-               if (radius_exec_program(request, vpt->name, true, false, *out, 1024, NULL, NULL) != 0) {
+               if (radius_exec_program(request, vpt->name, true, false, *out, 1024, EXEC_TIMEOUT, NULL, NULL) != 0) {
                        TALLOC_FREE(*out);
                        return -1;
                }

diff --git a/src/main/exec.c b/src/main/exec.c
index f1edf86..91f932d 100644 (file)
--- a/src/main/exec.c
+++ b/src/main/exec.c
@@ -497,13 +497,14 @@ int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout,
  * @param[in] shell_escape values before passing them as arguments.
  * @param[in] user_msg buffer to append plaintext (non valuepair) output.
  * @param[in] msg_len length of user_msg buffer.
+ * @param[in] timeout amount of time to wait, in seconds.
  * @param[in] input_pairs list of value pairs - these will be available in the environment of the child.
  * @param[out] output_pairs list of value pairs - child stdout will be parsed and added into this list
  *     of value pairs.
  * @return 0 if exec_wait==0, exit code if exec_wait!=0, -1 on error.
  */
 int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape,
-                       char *user_msg, size_t msg_len,
+                       char *user_msg, size_t msg_len, int timeout,
                        VALUE_PAIR *input_pairs, VALUE_PAIR **output_pairs)
 
 {
@@ -532,7 +533,7 @@ int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool
        }
 
 #ifndef __MINGW32__
-       done = radius_readfrom_program(request, from_child, pid, 10, answer, sizeof(answer));
+       done = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer));
        if (done < 0) {
                /*
                 * failure - radius_readfrom_program will

diff --git a/src/main/modcall.c b/src/main/modcall.c
index b7892fb..553b80f 100644 (file)
--- a/src/main/modcall.c
+++ b/src/main/modcall.c
@@ -903,8 +903,8 @@ redo:
                        radius_xlat(buffer, sizeof(buffer), request, mx->xlat_name, NULL, NULL);
                } else {
                        RDEBUG("`%s`", mx->xlat_name);
-                       radius_exec_program(request, mx->xlat_name, false, true,
-                                           NULL, 0, request->packet->vps, NULL);
+                       radius_exec_program(request, mx->xlat_name, false, true, NULL, 0,
+                                           EXEC_TIMEOUT, request->packet->vps, NULL);
                }
 
                goto next_sibling;

diff --git a/src/main/threads.c b/src/main/threads.c
index 5c96415..8de6d64 100644 (file)
--- a/src/main/threads.c
+++ b/src/main/threads.c
@@ -1473,5 +1473,5 @@ void exec_trigger(REQUEST *request, CONF_SECTION *cs, char const *name, int quen
        }
 
        RDEBUG("Trigger %s -> %s", name, value);
-       radius_exec_program(request, value, false, true, NULL, 0, vp, NULL);
+       radius_exec_program(request, value, false, true, NULL, 0, EXEC_TIMEOUT, vp, NULL);
 }

diff --git a/src/main/tls.c b/src/main/tls.c
index fa062ca..a6e037f 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1790,7 +1790,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 
                        RDEBUG("Verifying client certificate: %s", conf->verify_client_cert_cmd);
                        if (radius_exec_program(request, conf->verify_client_cert_cmd, true, true, NULL, 0,
-                                               request->packet->vps, NULL) != 0) {
+                                               EXEC_TIMEOUT, request->packet->vps, NULL) != 0) {
                                AUTH("rlm_eap_tls: Certificate CN (%s) fails external verification!", common_name);
                                my_ok = 0;
                        } else {

diff --git a/src/main/valuepair.c b/src/main/valuepair.c
index 624b368..9f970bd 100644 (file)
--- a/src/main/valuepair.c
+++ b/src/main/valuepair.c
@@ -1073,7 +1073,7 @@ int radius_mapexec(VALUE_PAIR **out, REQUEST *request, value_pair_map_t const *m
         */
        out[0] = '\0';
        result = radius_exec_program(request, map->src->name, true, true,
-                                    answer, sizeof(answer),
+                                    answer, sizeof(answer), EXEC_TIMEOUT,
                                     input_pairs ? *input_pairs : NULL,
                                     (map->dst->type == VPT_TYPE_LIST) ? output_pairs : NULL);
        talloc_free(expanded);

diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c
index 0d8149d..a787d72 100644 (file)
--- a/src/modules/rlm_exec/rlm_exec.c
+++ b/src/modules/rlm_exec/rlm_exec.c
@@ -179,7 +179,8 @@ static ssize_t exec_xlat(void *instance, REQUEST *request, char const *fmt, char
         *      FIXME: Do xlat of program name?
         */
        result = radius_exec_program(request, fmt, inst->wait, inst->shell_escape,
-                                    out, outlen, input_pairs ? *input_pairs : NULL, NULL);
+                                    out, outlen, EXEC_TIMEOUT,
+                                    input_pairs ? *input_pairs : NULL, NULL);
        if (result != 0) {
                out[0] = '\0';
                return -1;
@@ -333,7 +334,7 @@ static rlm_rcode_t exec_dispatch(void *instance, REQUEST *request)
         *      into something else.
         */
        status = radius_exec_program(request, inst->program, inst->wait, inst->shell_escape,
-                                    out, sizeof(out),
+                                    out, sizeof(out), EXEC_TIMEOUT,
                                     input_pairs ? *input_pairs : NULL, &answer);
        rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
 
@@ -383,7 +384,7 @@ static rlm_rcode_t mod_post_auth(void *instance, REQUEST *request)
 
        tmp = NULL;
        status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
-                                    out, sizeof(out),
+                                    out, sizeof(out), EXEC_TIMEOUT,
                                     request->packet->vps, &tmp);
        rcode = rlm_exec_status2rcode(request, out, strlen(out), status);
 
@@ -440,7 +441,7 @@ static  rlm_rcode_t mod_accounting(void *instance, REQUEST *request)
        }
 
        status = radius_exec_program(request, vp->vp_strvalue, we_wait, inst->shell_escape,
-                                    out, sizeof(out),
+                                    out, sizeof(out), EXEC_TIMEOUT,
                                     request->packet->vps, NULL);
        return rlm_exec_status2rcode(request, out, strlen(out), status);
 }

diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
index 50d9ade..ae3ecb8 100644 (file)
--- a/src/modules/rlm_mschap/rlm_mschap.c
+++ b/src/modules/rlm_mschap/rlm_mschap.c
@@ -1058,7 +1058,7 @@ static int do_mschap(rlm_mschap_t *inst,
                 *      Run the program, and expect that we get 16
                 */
                result = radius_exec_program(request, inst->ntlm_auth, true, true,
-                                            buffer, sizeof(buffer),
+                                            buffer, sizeof(buffer), EXEC_TIMEOUT,
                                             NULL, NULL);
                if (result != 0) {
                        char *p;