rlm_perl

Synopsis

The perl module allows the server to call a persistent, embedded Perl script. Unlike the internal unlang policy language, Perl is a real programming language. When there are policies that cannot be implemented in unlang, it is recommended to use Perl.

Default configuration

Processing Sections

Any.

Return Codes: The return codes from functions in the Perl script are passed back to the server as the module return code. These codes are pre-defined in the example.pl program.

Expansions

This module registers only one expansion.

perl

Syntax: %{perl: …}
Contents: The contents of the expansion should be a valid Perl program. The output of the expansion is the last string produced by the Perl program.

Note	The Perl program must have all of its special characters escaped. That is, the characters `%`, `$`, and `{` should be replaced with the equivalent `\\%`, `\\$`, `\\{`.

Directives

func_accounting

Syntax: func_accounting = string
Default: accounting
Description: Function to call when perl is listed in this processing section.

func_authenticate

Syntax: func_authenticate = string
Default: authenticate
Description: Function to call when perl is listed in this processing section.

func_authorize

Syntax: func_authorize = string
Default: authorize
Description: Function to call when perl is listed in this processing section.

func_checksimul

Syntax: func_checksimul = string
Default: checksimul
Description: Function to call when perl is listed in this processing section.

func_detach

Syntax: func_detach = string
Default: detach
Description: Function to call when the perl module is shutting down.

func_post_auth

Syntax: func_post_auth = string
Default: post_auth
Description: Function to call when perl is listed in this processing section.

func_post_proxy

Syntax: func_post_proxy = string
Default: post_proxy
Description: Function to call when perl is listed in this processing section.

func_preacct

Syntax: func_preacct = string
Default: preacct
Description: Function to call when perl is listed in this processing section.

func_pre_proxy

Syntax: func_pre_proxy = string
Default: pre_proxy
Description: Function to call when perl is listed in this processing section.

func_recv_coa

Syntax: func_recv_coa = string
Default: recv_coa
Description: Function to call when perl is listed in this processing section.

func_send_coa

Syntax: func_send_coa = string
Default: send_coa
Description: Function to call when perl is listed in this processing section.

func_start_accounting

Syntax: func_start_accounting = string
Default: accounting_start
Description: Function to call for packets containing Acct-Status-Type = Start. If this function is defined, then the normal accounting function is not called for those packets.

func_stop_accounting

Syntax: func_stop_accounting = string
Default: accounting_stop
Description: Function to call for packets containing Acct-Status-Type = Stop. If this function is defined, then the normal accounting function is not called for those packets.

func_xlat

Syntax: func_xlat = string
Default: xlat
Description: Function to call for the %\{perl:…} dynamic expansion.

module

Syntax: filename = string
Default: ${modconfdir}/${.:instance}/example.pl
Description: The file containing the Perl script. The script should contain the functions referenced above.
: The following hashes are given to the module and filled with value-pairs (Attribute names and values):

%RAD_CHECK

Check items

%RAD_REQUEST

Attributes from the request

%RAD_REPLY

Attributes for the reply

%RAD_REQUEST_PROXY

Attributes for the proxied packet

%RAD_REQUEST_PROXY_REPLY

Attributes from the proxy reply

: The interface between FreeRADIUS and Perl is strings. That is, attributes of type octets are converted to printable strings, such as 0xabcdef. To access the binary values of the attributes, the Perl pack function should be called. To send any binary data back to FreeRADIUS, call the Perl unpack function so that the contents of the hashes are printable strings.
: IP addresses are sent as strings, e.g., 192.0.2.25, and not as a 4-byte binary value. The same applies to other attribute data types.
: Attributes of type string are copied to Perl as-is. They are not escaped or interpreted.