124 lines
3.6 KiB
Text
124 lines
3.6 KiB
Text
|
# -*- text -*-
|
||
|
#
|
||
|
# $Id: ad3e15933f9e85c5566810432a5fec8f23d877c1 $
|
||
|
|
||
|
#
|
||
|
# This is a more general example of the execute module.
|
||
|
#
|
||
|
# This one is called "echo".
|
||
|
#
|
||
|
# Attribute-Name = `%{echo:/path/to/program args}`
|
||
|
#
|
||
|
# If you wish to execute an external program in more than
|
||
|
# one section (e.g. 'authorize', 'pre_proxy', etc), then it
|
||
|
# is probably best to define a different instance of the
|
||
|
# 'exec' module for every section.
|
||
|
#
|
||
|
# The return value of the program run determines the result
|
||
|
# of the exec instance call as follows:
|
||
|
# (See doc/configurable_failover for details)
|
||
|
#
|
||
|
# < 0 : fail the module failed
|
||
|
# = 0 : ok the module succeeded
|
||
|
# = 1 : reject the module rejected the user
|
||
|
# = 2 : fail the module failed
|
||
|
# = 3 : ok the module succeeded
|
||
|
# = 4 : handled the module has done everything to handle the request
|
||
|
# = 5 : invalid the user's configuration entry was invalid
|
||
|
# = 6 : userlock the user was locked out
|
||
|
# = 7 : notfound the user was not found
|
||
|
# = 8 : noop the module did nothing
|
||
|
# = 9 : updated the module updated information in the request
|
||
|
# > 9 : fail the module failed
|
||
|
#
|
||
|
exec echo {
|
||
|
#
|
||
|
# Wait for the program to finish.
|
||
|
#
|
||
|
# If we do NOT wait, then the program is "fire and
|
||
|
# forget", and any output attributes from it are ignored.
|
||
|
#
|
||
|
# If we are looking for the program to output
|
||
|
# attributes, and want to add those attributes to the
|
||
|
# request, then we MUST wait for the program to
|
||
|
# finish, and therefore set 'wait=yes'
|
||
|
#
|
||
|
# allowed values: {no, yes}
|
||
|
wait = yes
|
||
|
|
||
|
#
|
||
|
# The name of the program to execute, and it's
|
||
|
# arguments. Dynamic translation is done on this
|
||
|
# field, so things like the following example will
|
||
|
# work.
|
||
|
#
|
||
|
program = "/bin/echo %{User-Name}"
|
||
|
|
||
|
#
|
||
|
# The attributes which are placed into the
|
||
|
# environment variables for the program.
|
||
|
#
|
||
|
# Allowed values are:
|
||
|
#
|
||
|
# request attributes from the request
|
||
|
# config attributes from the configuration items list
|
||
|
# reply attributes from the reply
|
||
|
# proxy-request attributes from the proxy request
|
||
|
# proxy-reply attributes from the proxy reply
|
||
|
#
|
||
|
# Note that some attributes may not exist at some
|
||
|
# stages. e.g. There may be no proxy-reply
|
||
|
# attributes if this module is used in the
|
||
|
# 'authorize' section.
|
||
|
#
|
||
|
input_pairs = request
|
||
|
|
||
|
#
|
||
|
# Where to place the output attributes (if any) from
|
||
|
# the executed program. The values allowed, and the
|
||
|
# restrictions as to availability, are the same as
|
||
|
# for the input_pairs.
|
||
|
#
|
||
|
output_pairs = reply
|
||
|
|
||
|
#
|
||
|
# When to execute the program. If the packet
|
||
|
# type does NOT match what's listed here, then
|
||
|
# the module does NOT execute the program.
|
||
|
#
|
||
|
# For a list of allowed packet types, see
|
||
|
# the 'dictionary' file, and look for VALUEs
|
||
|
# of the Packet-Type attribute.
|
||
|
#
|
||
|
# By default, the module executes on ANY packet.
|
||
|
# Un-comment out the following line to tell the
|
||
|
# module to execute only if an Access-Accept is
|
||
|
# being sent to the NAS.
|
||
|
#
|
||
|
#packet_type = Access-Accept
|
||
|
|
||
|
#
|
||
|
# Should we escape the environment variables?
|
||
|
#
|
||
|
# If this is set, all the RADIUS attributes
|
||
|
# are capitalised and dashes replaced with
|
||
|
# underscores. Also, RADIUS values are surrounded
|
||
|
# with double-quotes.
|
||
|
#
|
||
|
# That is to say: User-Name=BobUser => USER_NAME="BobUser"
|
||
|
shell_escape = yes
|
||
|
|
||
|
#
|
||
|
# How long should we wait for the program to finish?
|
||
|
#
|
||
|
# Default is 10 seconds, which should be plenty for nearly
|
||
|
# anything. Range is 1 to 30 seconds. You are strongly
|
||
|
# encouraged to NOT increase this value. Decreasing can
|
||
|
# be used to cause authentication to fail sooner when you
|
||
|
# know it's going to fail anyway due to the time taken,
|
||
|
# thereby saving resources.
|
||
|
#
|
||
|
#timeout = 10
|
||
|
|
||
|
}
|