rlm_perl

Synopsis

The perl module allows the server to call a persistent, embedded Perl script. Unlike the internal unlang policy language, Perl is a real programming language. When there are policies that cannot be implemented in unlang, it is recommended to use Perl.

Processing Sections

Any.

Return Codes

The return codes from functions in the Perl script are passed back to the server as the module return code. These codes are pre-defined in the example.pl program.

Expansions

This module registers only one expansion.

perl
Syntax

%{perl: …​}

Contents

The contents of the expansion should be a valid Perl program. The output of the expansion is the last string produced by the Perl program.

Note
The Perl program must have all of its special characters escaped. That is, the characters %, $, and { should be replaced with the equivalent \\%, \\$, \\{.

Directives

func_accounting
Syntax

func_accounting = string

Default

accounting

Description

Function to call when perl is listed in this processing section.

func_authenticate
Syntax

func_authenticate = string

Default

authenticate

Description

Function to call when perl is listed in this processing section.

func_authorize
Syntax

func_authorize = string

Default

authorize

Description

Function to call when perl is listed in this processing section.

func_checksimul
Syntax

func_checksimul = string

Default

checksimul

Description

Function to call when perl is listed in this processing section.

func_detach
Syntax

func_detach = string

Default

detach

Description

Function to call when the perl module is shutting down.

func_post_auth
Syntax

func_post_auth = string

Default

post_auth

Description

Function to call when perl is listed in this processing section.

func_post_proxy
Syntax

func_post_proxy = string

Default

post_proxy

Description

Function to call when perl is listed in this processing section.

func_preacct
Syntax

func_preacct = string

Default

preacct

Description

Function to call when perl is listed in this processing section.

func_pre_proxy
Syntax

func_pre_proxy = string

Default

pre_proxy

Description

Function to call when perl is listed in this processing section.

func_recv_coa
Syntax

func_recv_coa = string

Default

recv_coa

Description

Function to call when perl is listed in this processing section.

func_send_coa
Syntax

func_send_coa = string

Default

send_coa

Description

Function to call when perl is listed in this processing section.

func_start_accounting
Syntax

func_start_accounting = string

Default

accounting_start

Description

Function to call for packets containing Acct-Status-Type = Start. If this function is defined, then the normal accounting function is not called for those packets.

func_stop_accounting
Syntax

func_stop_accounting = string

Default

accounting_stop

Description

Function to call for packets containing Acct-Status-Type = Stop. If this function is defined, then the normal accounting function is not called for those packets.

func_xlat
Syntax

func_xlat = string

Default

xlat

Description

Function to call for the %\{perl:…​} dynamic expansion.

module
Syntax

filename = string

Default

${modconfdir}/${.:instance}/example.pl

Description

The file containing the Perl script. The script should contain the functions referenced above.

The following hashes are given to the module and filled with value-pairs (Attribute names and values):

%RAD_CHECK

Check items

%RAD_REQUEST

Attributes from the request

%RAD_REPLY

Attributes for the reply

%RAD_REQUEST_PROXY

Attributes for the proxied packet

%RAD_REQUEST_PROXY_REPLY

Attributes from the proxy reply

The interface between FreeRADIUS and Perl is strings. That is, attributes of type octets are converted to printable strings, such as 0xabcdef. To access the binary values of the attributes, the Perl pack function should be called. To send any binary data back to FreeRADIUS, call the Perl unpack function so that the contents of the hashes are printable strings.

IP addresses are sent as strings, e.g., 192.0.2.25, and not as a 4-byte binary value. The same applies to other attribute data types.

Attributes of type string are copied to Perl as-is. They are not escaped or interpreted.