| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
Processing of incoming requests is controlled by request-processing program. Request-processing program is a list-like structure, consisting of instructions.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
Request-processing program consists of instructions. There are seven basic instruction types:
grad_instr_conditional_tThis instruction marks a branch point within the program.
grad_instr_call_tRepresents a call of a subprogram
grad_instr_action_tInvokes a Rewrite function
grad_instr_proxy_tProxies a request to the remote server
grad_instr_forward_tForwards a request to the remote server
grad_instr_reply_tReplies back to the requesting NAS.
Consequently, an instruction is defined as a union of the above node types:
enum grad_instr_type
{
grad_instr_conditional,
grad_instr_call,
grad_instr_return,
grad_instr_action,
grad_instr_reply,
grad_instr_proxy,
grad_instr_forward
};
typedef struct grad_instr grad_instr_t;
struct grad_instr
{
enum grad_instr_type type;
grad_instr_t *next;
union
{
grad_instr_conditional_t cond;
grad_instr_call_t call;
grad_instr_action_t action;
grad_instr_reply_t reply;
grad_instr_proxy_t proxy;
grad_instr_forward_t forward;
} v;
};
|
Type member contains type of the instruction. The evaluator
uses type to determine which part of union v, holds
instruction-specific data.
Next points to the next instruction. The evaluator will
go to this instruction unless the present one changes the control
flow.
Finally, v contains instruction-specific data. These will
be discussed in the following subsections.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_conditional
{
grad_entry_point_t cond; /* Entry point to the compiled
Rewrite condition */
grad_instr_t *iftrue; /* Points to the ``true'' branch */
grad_instr_t *iffalse; /* Points to the ``false'' branch */
};
typedef struct grad_instr_conditional grad_instr_conditional_t;
|
Instructions of type grad_instr_conditional_t indicate branching.
Upon encountering an grad_instr_conditional_t, the
engine executes a Rewrite expression pointed to by cond.
If the expression evaluates to true, execution branches to
instruction iftrue. Otherwise, if iffalse is not NULL,
execution branches to that instruction. Otherwise, the control flow
passes to grad_instr_t.next, as described in the previous section.
Textual representation of Rewrite conditional expression or its entry point.
RPL expression executed if expr evaluates to t.
Optional RPL expression that is executed if expr evaluates to
nil.
COND with two arguments:
(COND "%[User-Name] ~= \"test-.*\""
(REPLY Access-Reject ("Reply-Message" . "Test accounts disabled")))
|
COND with three arguments:
(COND "%[Hint] == "PPP" && authorize(PAM)"
(REPLY Access-Accept
("Service-Type" . "Framed-User")
("Framed-Protocol" . "PPP"))
(REPLY Access-Reject
("Reply-Message" . "Access Denied")))
|
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_call {
grad_instr_t *entry;
};
typedef struct grad_instr_call grad_instr_call_t;
|
Instructions of type grad_instr_call instruct the engine to
call the given subprogram. The engine pushes the current
instruction to the return
point stack and branches to instruction
entry. Execution of the subprogram ends when the engine
encounters an instruction of one of the following types:
grad_instr_return, grad_instr_reply or grad_instr_proxy.
If grad_instr_return is encountered, the engine pops the
instruction from the top of the return point stack and makes it
current instruction, then it branches to the next node.
If grad_instr_reply or grad_instr_proxy is encountered,
the engine, after executing corresponding actions, finishes executing
the program.
In the first form, the argument list is the RPL subprogram to be executed.
In the second form defun-name is a name of the RPL subprogram
defined by defun.
First form:
(CALL (ACTION "myfun(%[User-Name])")
(REPLY Access-Reject
("Reply-Message" . "Access Denied")))
|
Second form:
(CALL process_users) |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
An instruction of type grad_instr_return indicates a return point from
the subprogram. If encountered in a subprogram (i.e. a program entered by
grad_instr_call node), it indicates return to the calling
subprogram (see the previous subsection). Otherwise, if
grad_instr_return is encountered within the main trunk, it
ends evaluating of the program.
Instructions of this type have no data associated with them in union v.
(RETURN) |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_action {
grad_entry_point_t expr; /* Entry point to the compiled
Rewrite expression */
};
typedef struct grad_instr_action grad_instr_reply_t;
|
The machine executes a Rewrite expression with entry point
expr. Any return value from the expression is ignored.
(ACTION "%[NAS-IP-Address] = request_source_ip()") |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_reply {
u_char reply_code; /* Radius request code */
};
typedef struct grad_instr_reply grad_instr_reply_t;
|
grad_instr_reply instructs radiusd to send to the
requesting NAS a reply with code reply_code. Any reply
pairs collected while executing the program are attached to
the reply.
After executing grad_instr_reply instruction, the engine
stops executing of the program.
Any execution path will usually end with this instruction.
Arguments:
Radius reply code.
List of A/V pairs to be added to the reply. Each A/V pair is represented
as a cons: (name-or-number . value).
(REPLY Access-Accept
("Service-Type" . "Framed-User")
("Framed-Protocol" . "PPP"))
|
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_proxy
{
grad_realm_t realm;
};
typedef struct grad_instr_proxy grad_instr_proxy_t;
|
This instruction tells radius to proxy the request to the server defined
in realm. In other words, the engine executes
proxy_send. Further processing of the program is stopped.
Realm-name is name of the realm as defined in ‘raddb/realms’.
.
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
(This message will disappear, once this node revised.)
struct grad_instr_forward
{
grad_list_t server_list;
};
typedef struct grad_instr_forward grad_instr_forward_t;
|
This node forwards the request to each servers from
server_list. Forwarding differs from proxying
in that the requests are sent to the remote servers and processed
locally. The remote server is not expected to
reply. See section forwarding, for more information on this subject.
In contrast to grad_instr_proxy, this instruction type does not
cause the execution to stop.
Elements of server_list are of type grad_server_t.
Currently forwarding is performed by forward_request function
(‘forward.c’), which could be used with little modifications.
Namely, it will be rewritten to get server list as argument, instead
of using static variable forward_list. Consequently, the
functions responsible for creating and initializing this static
variable will disappear along with the variable itself. .
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] |
This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.