The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
LUISMUNOZ / Net-Radius-Server-1.116 / examples / def-rule.pl 
#! /usr/bin/perl
#
# Sample rule configuration for Net::Radius::Server, including
# packet dumping on flat files.
#
# Copyright © 2006-2009, Luis E. Muñoz
#
# This file defines a single rule that simply matches common
# requests with positive acknowledgements, for simple testing.
#
# $Id: def-rule.pl 108 2009-10-17 02:48:38Z lem $
#
# DO NOT USE THIS EXAMPLE IN PRODUCTION - NO CREDENTIAL CHECKS ARE DONE
# Also, the request/response dumping will consume vey significant amounts
# of disk space.

use strict;
use warnings;

use BerkeleyDB;
use File::Spec::Functions;
use Net::Radius::Server::Rule;
use Net::Radius::Server::Dump;
use Net::Radius::Server::DBStore;
use Net::Radius::Server::Base qw/:all/;
use Net::Radius::Server::Set::Simple;
use Net::Radius::Server::Match::Simple;

my @rules = ();
my $dump_location = catdir($ENV{HOME}, 'packet-dumps');
my $db_file       = catdir($ENV{HOME}, 'radius-accounting.db');

# Note that in this example file, log_level is used in many places to
# show where it could be used. Normally, you would not need it unless
# troubleshooting specific issues. Also, you can ask for different
# logging levels at different places...

my $log_level = 1;

# This is an example about how to include per-child initialization
# code. You may want to do this to setup database connections. This
# code could also be stowed away within a specific class for your
# environment.

{
    no warnings 'redefine';
    sub Net::Radius::Server::NS::child_init_hook
    {
	my $self = shift;
	$self->log(0, "*** child_init_hook() called!\n");
    }
};

# The following two rules show how to use ::Simple packet matching
# code to restrict actions to specific types of packets. Rules can be
# arranged in a single list, and the packet matching code makes sure
# the appropiate set methods are invoked only when required.

# Simple rule: Match Access-Request, return Access-Accept. No verification.
push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	# See if the packet is an Access-Request...
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ({ code        => 'Access-Request', 
			      description => 'Access-Packet',
			      log_level   => $log_level }), 
			   ],
	set_methods => [
			# Prepare an Access-Accept as response, which will
			# grant access to whatever was requested by the
			# NAS.
			Net::Radius::Server::Set::Simple->mk
			({
			    log_level => $log_level,
			    auto      => 1,
			    code      => 'Access-Accept',
			    result    => NRS_SET_CONTINUE,
			}),

			# With the following lines uncommented, a new
			# BerkeleyDB hash database will be created at
			# $db_file. The contents of Accounting-Request
			# packets will be stored there for later
			# analysis.
			Net::Radius::Server::DBStore->mk
			({
			    log_level   => 4,
			    sync        => 1,
			    description => 'Access-DBStore',
			    param       => [
					    'BerkeleyDB::Hash',
					    -Filename => $db_file,
					    -Flags    => DB_CREATE ],
			    result      => NRS_SET_CONTINUE,
			}),

			# If the following lines are uncommented, log the
			# request and the response just before signing and
			# sending it
		        Net::Radius::Server::Dump->mk
			({
			    basepath  => $dump_location,
			    basename  => 'access-',
			    result    => NRS_SET_CONTINUE | NRS_SET_RESPOND,
			    log_level => $log_level,
			}),
			],
    });

# Match Accounting-Requests with an Accounting-Response
push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	# See if the packet is an Accounting-Request...
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ({ code        => 'Accounting-Request', 
			       description => 'Acct-Packet',
			       log_level   => $log_level }), 
			   ],
	set_methods => [
			# Return an Accounting-Response, noting that
			# we received the packet from the NAS
			Net::Radius::Server::Set::Simple->mk
			({
			    log_level => $log_level,
			    auto      => 1,
			    code      => 'Accounting-Response',
			    result    => NRS_SET_CONTINUE,
			}),
			# If the following lines are uncommented, log the
			# request and the response just before signing and
			# sending it
		        Net::Radius::Server::Dump->mk
			({
			    basepath  => $dump_location,
			    basename  => 'acct-',
			    result    => NRS_SET_CONTINUE | NRS_SET_RESPOND,
			    log_level => $log_level,
			}),
			],
    });

# Match a Disconnect-Request with a Disconnect Response. Note that
# this flow is backwards, as normally the -Request is sent _from_ the
# server and the - Response is sent from the NAS.

# This shows how to use ::Simple to match packets with specific
# attributes in them, which is useful to implement special cases.

# If the request includes Service-Type => Authorize-Only, we are
# required to return an Disconnect-NAK first, and then start a new
# authorization. We will only respond the NAK...

push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ({ code        => 'Disconnect-Request', 
			      description => 'Disconnect-Request',
			      log_level   => $log_level,
			      attr        => 
				  [
				   'Service-Type' => 'Authorize-Only',
				   ],
			      }), 
			   ],
        set_methods => [
			Net::Radius::Server::Set::Simple->mk
			({
			    log_level => $log_level,
			    auto      => 1,
			    code      => 'Disconnect-NAK',
			    result    => NRS_SET_RESPOND,
			}),
			],
    });

# ... Otherwise, we will simply return a Disconnect-ACK. Note that
# this rule must come after the prior one.

push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ({ code        => 'Disconnect-Request', 
			      description => 'Disconnect-Request',
			      log_level   => $log_level }), 
			   ],
        set_methods => [ Net::Radius::Server::Set::Simple->mk
			 ({
			     log_level => $log_level,
			     auto      => 1,
			     code      => 'Disconnect-ACK',
			     result    => NRS_SET_CONTINUE | NRS_SET_RESPOND,
			 }),
			 ],
    });

# Match a CoA-Request with a CoA Response. Note that
# this flow is backwards, as normally the -Request is sent _from_ the
# server and the - Response is sent from the NAS.

# This shows how to use ::Simple to match packets with specific
# attributes in them, which is useful to implement special cases.

# If the request includes Service-Type => Authorize-Only, we are
# required to return an CoA-NAK first, and then start a new
# authorization. We will only respond the NAK...

push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ( { code        => 'CoA-Request', 
			       description => 'CoA-Request',
			       log_level   => $log_level,
			       attr        => 
				   [
				    'Service-Type' => 'Authorize-Only',
				    ],
			   }), 
			   ],
	set_methods => [
			Net::Radius::Server::Set::Simple->mk
			({
			    log_level => $log_level,
			    auto      => 1,
			    code      => 'CoA-NAK',
			    result    => NRS_SET_RESPOND,
			}),
			],
    });

# ... Otherwise, we will simply return a CoA-ACK. Note that
# this rule must come after the prior one.

push @rules, Net::Radius::Server::Rule->new
    ({
	log_level => $log_level,
	match_methods => [ Net::Radius::Server::Match::Simple->mk
			   ( { code        => 'CoA-Request', 
			       description => 'CoA-Request',
			       log_level   => $log_level,
			   }), 
			   ],
	set_methods => [
			Net::Radius::Server::Set::Simple->mk
			({
			    log_level => $log_level,
			    auto      => 1,
			    code      => 'CoA-ACK',
			    result    => NRS_SET_CONTINUE | NRS_SET_RESPOND,
			}),
			],
    });

# Return the rule set

\@rules;