2 * conffile.c Read the radiusd.conf file.
4 * Yep I should learn to use lex & yacc, or at least
5 * write a decent parser. I know how to do that, really :)
19 #include <netinet/in.h>
27 static const char rcsid[] =
31 #define xstrdup strdup
33 typedef enum conf_type {
39 struct conf_item *next;
40 struct conf_part *parent;
54 struct conf_item *children;
57 CONF_SECTION *config = NULL;
62 extern RADCLIENT *clients;
64 extern int read_realms_file(const char *file);
66 static int generate_realms(const char *filename);
67 static int generate_clients(const char *filename);
68 static CONF_SECTION *conf_read(const char *fromfile, int fromline, const char *conffile);
71 #define RADIUS_CONFIG "radiusd.conf"
75 * Isolate the scary casts in these tiny provably-safe functions
77 CONF_PAIR *cf_itemtopair(CONF_ITEM *ci)
81 assert(ci->type == CONF_ITEM_PAIR);
82 return (CONF_PAIR *)ci;
84 CONF_SECTION *cf_itemtosection(CONF_ITEM *ci)
88 assert(ci->type == CONF_ITEM_SECTION);
89 return (CONF_SECTION *)ci;
91 static CONF_ITEM *cf_pairtoitem(CONF_PAIR *cp)
95 return (CONF_ITEM *)cp;
97 static CONF_ITEM *cf_sectiontoitem(CONF_SECTION *cs)
101 return (CONF_ITEM *)cs;
105 * Create a new CONF_PAIR
107 static CONF_PAIR *cf_pair_alloc(const char *attr, const char *value,
108 int operator, CONF_SECTION *parent)
112 cp = (CONF_PAIR *)xalloc(sizeof(CONF_PAIR));
113 memset(cp, 0, sizeof(CONF_PAIR));
114 cp->item.type = CONF_ITEM_PAIR;
115 cp->item.parent = parent;
116 cp->attr = xstrdup(attr);
117 cp->value = xstrdup(value);
118 cp->operator = operator;
124 * Add an item to a configuration section.
126 static void cf_item_add(CONF_SECTION *cs, CONF_ITEM *ci_new)
130 for (ci = cs->children; ci && ci->next; ci = ci->next)
134 cs->children = ci_new;
142 void cf_pair_free(CONF_PAIR *cp)
144 if (cp == NULL) return;
146 if (cp->attr) free(cp->attr);
147 if (cp->value) free(cp->value);
152 * Allocate a CONF_SECTION
154 static CONF_SECTION *cf_section_alloc(const char *name1, const char *name2,
155 CONF_SECTION *parent)
159 if (name1 == NULL || !name1[0]) name1 = "main";
161 cs = (CONF_SECTION *)xalloc(sizeof(CONF_SECTION));
162 memset(cs, 0, sizeof(CONF_SECTION));
163 cs->item.type = CONF_ITEM_SECTION;
164 cs->item.parent = parent;
165 cs->name1 = xstrdup(name1);
166 cs->name2 = (name2 && *name2) ? xstrdup(name2) : NULL;
172 * Free a CONF_SECTION
174 void cf_section_free(CONF_SECTION *cs)
176 CONF_ITEM *ci, *next;
178 if (cs == NULL) return;
180 for (ci = cs->children; ci; ci = next) {
182 if (ci->type==CONF_ITEM_PAIR)
183 cf_pair_free(cf_itemtopair(ci));
185 cf_section_free(cf_itemtosection(ci));
188 if (cs->name1) free(cs->name1);
189 if (cs->name2) free(cs->name2);
192 * And free the section
198 * Expand the variables in an input string.
200 static const char *cf_expand_variables(const char *cf, int *lineno,
202 char *output, const char *input)
205 const char *end, *ptr;
208 CONF_SECTION *outercs;
212 while (*ptr >= ' ') {
214 * Ignore anything other than "${"
223 * Look for trailing '}', and silently
224 * ignore anything that doesn't match.
226 * FIXME! This is probably wrong...
228 end = strchr(ptr, '}');
236 memcpy(name, ptr, end - ptr);
237 name[end - ptr] = '\0';
239 cpn = cf_pair_find(cs, name);
242 * Also look recursively up the section tree,
243 * so things like ${confdir} can be defined
244 * there and used inside the module config
247 for (outercs=cs->item.parent
249 outercs=outercs->item.parent) {
250 cpn = cf_pair_find(outercs, name);
253 radlog(L_ERR, "%s[%d]: Unknown variable \"%s\"",
260 * Substitute the value of the variable.
262 strcpy(p, cpn->value);
265 } /* loop over all of the input string. */
273 * Parse a configuration section into user-supplied variables.
275 int cf_section_parse(CONF_SECTION *cs, const CONF_PARSER *variables)
285 * Handle the user-supplied variables.
287 for (i = 0; variables[i].name != NULL; i++) {
288 value = variables[i].dflt;
290 cp = cf_pair_find(cs, variables[i].name);
295 switch (variables[i].type)
297 case PW_TYPE_BOOLEAN:
299 * Allow yes/no and on/off
301 if ((strcasecmp(value, "yes") == 0) ||
302 (strcasecmp(value, "on") == 0)) {
303 *(int *)variables[i].data = 1;
304 } else if ((strcasecmp(value, "no") == 0) ||
305 (strcasecmp(value, "off") == 0)) {
306 *(int *)variables[i].data = 0;
308 *(int *)variables[i].data = 0;
309 radlog(L_ERR, "Bad value \"%s\" for boolean variable %s", value, variables[i].name);
312 DEBUG2("Config: %s.%s = %s",
318 case PW_TYPE_INTEGER:
319 *(int *)variables[i].data = strtol(value, 0, 0);
320 DEBUG2("Config: %s.%s = %d",
323 *(int *)variables[i].data);
326 case PW_TYPE_STRING_PTR:
327 q = (char **) variables[i].data;
333 * Expand variables while parsing.
336 cf_expand_variables(NULL, 0, cs, buffer, value);
340 DEBUG2("Config: %s.%s = \"%s\"",
343 value ? value : "(null)");
344 *q = value ? strdup(value) : NULL;
349 * Allow '*' as any address
351 if (strcmp(value, "*") == 0) {
352 *(uint32_t *) variables[i].data = 0;
355 ipaddr = ip_getaddr(value);
357 radlog(L_ERR, "Can't find IP address for host %s", value);
360 DEBUG2("Config: %s.%s = %s IP address [%s]",
363 value, ip_ntoa(buffer, ipaddr));
364 *(uint32_t *) variables[i].data = ipaddr;
368 radlog(L_ERR, "type %d not supported yet", variables[i].type);
371 } /* switch over variable type */
372 } /* for all variables in the configuration section */
378 * Read a part of the config file.
380 static CONF_SECTION *cf_section_read(const char *cf, int *lineno, FILE *fp,
381 const char *name1, const char *name2,
382 CONF_SECTION *parent)
384 CONF_SECTION *cs, *css;
394 * Ensure that the user can't add CONF_SECTIONs
395 * with 'internal' names;
397 if ((name1 != NULL) && (name1[0] == '_')) {
398 radlog(L_ERR, "%s[%d]: Illegal configuration section name",
404 * Allocate new section.
406 cs = cf_section_alloc(name1, name2, parent);
407 cs->item.lineno = *lineno;
412 while (fgets(buf, sizeof(buf), fp) != NULL) {
416 t1 = gettoken(&ptr, buf1, sizeof(buf1));
419 * Skip comments and blank lines immediately.
421 if ((*buf1 == '#') || (*buf1 == '\0')) {
426 * Allow for $INCLUDE files
428 * Currently this allows for includes only at the top
429 * level of config. IE you cannot have an $INCLUDE nested
430 * inside section. -cparker
432 if ((strcasecmp(buf1, "$INCLUDE") == 0) &&
433 (name1 == NULL) && (name2 == NULL)) {
437 t2 = getword(&ptr, buf2, sizeof(buf2));
439 cf_expand_variables(cf, lineno, cs, buf, buf2);
441 DEBUG2( "Config: including file: %s", buf );
443 if ((is = conf_read(cf, *lineno, buf)) == NULL) {
449 * Add the included conf to our CONF_SECTION
451 if (is && is->children ) cf_item_add(cs, is->children);
458 * No '=': must be a section or sub-section.
460 if (strchr(ptr, '=') == NULL) {
461 t2 = gettoken(&ptr, buf2, sizeof(buf2));
462 t3 = gettoken(&ptr, buf3, sizeof(buf3));
464 t2 = gettoken(&ptr, buf2, sizeof(buf2));
465 t3 = getword(&ptr, buf3, sizeof(buf3));
469 * See if it's the end of a section.
471 if (t1 == T_RCBRACE) {
472 if (name1 == NULL || buf2[0]) {
473 radlog(L_ERR, "%s[%d]: Unexpected end of section",
482 * Perhaps a subsection.
484 if (t2 == T_LCBRACE || t3 == T_LCBRACE) {
485 css = cf_section_read(cf, lineno, fp, buf1,
486 t2==T_LCBRACE ? NULL : buf2, cs);
491 cf_item_add(cs, cf_sectiontoitem(css));
497 * Ignore semi-colons.
499 if (*buf2 == ';') *buf2 = '\0';
502 * Must be a normal attr = value line.
504 if (buf1[0] != 0 && buf2[0] == 0 && buf3[0] == 0) {
506 } else if (buf1[0] == 0 || buf2[0] == 0 || buf3[0] == 0 ||
507 (t2 < T_EQSTART || t2 > T_EQEND)) {
508 radlog(L_ERR, "%s[%d]: Line is not in 'attribute = value' format",
515 * Ensure that the user can't add CONF_PAIRs
516 * with 'internal' names;
518 if (buf1[0] == '_') {
519 radlog(L_ERR, "%s[%d]: Illegal configuration pair name \"%s\"",
526 * Handle variable substitution via ${foo}
528 cf_expand_variables(cf, lineno, cs, buf, buf3);
531 * Add this CONF_PAIR to our CONF_SECTION
533 cpn = cf_pair_alloc(buf1, buf, t2, parent);
534 cpn->item.lineno = *lineno;
535 cf_item_add(cs, cf_pairtoitem(cpn));
539 * See if EOF was unexpected ..
542 radlog(L_ERR, "%s[%d]: Unexpected end of file", cf, *lineno);
551 * Read the config file.
553 static CONF_SECTION *conf_read(const char *fromfile, int fromline, const char *conffile)
559 if ((fp = fopen(conffile, "r")) == NULL) {
561 radlog(L_ERR|L_CONS, "%s[%d]: Unable to open file \"%s\": %s",
562 fromfile, fromline, conffile, strerror(errno));
564 radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
565 conffile, strerror(errno));
570 cs = cf_section_read(conffile, &lineno, fp, NULL, NULL, NULL);
577 * These are not used anywhere else..
579 static const char *localstatedir = NULL;
580 static const char *prefix = NULL;
582 static CONF_PARSER directory_config[] = {
584 * FIXME: 'prefix' is the ONLY one which should be configured
585 * at compile time. Hard-coding it here is bad. It will be cleaned
586 * up once we clean up the hard-coded defines for the locations of
589 { "prefix", PW_TYPE_STRING_PTR, &prefix, "/usr/local"},
590 { "localstatedir", PW_TYPE_STRING_PTR, &localstatedir, "${prefix}/var"},
591 { "logdir", PW_TYPE_STRING_PTR, &radlog_dir, "${localstatedir}/log"},
592 { "libdir", PW_TYPE_STRING_PTR, &radlib_dir, "${prefix}/lib"},
593 { "radacctdir", PW_TYPE_STRING_PTR, &radacct_dir, "${logdir}/radacct" },
594 { "hostname_lookups", PW_TYPE_BOOLEAN, &librad_dodns, "0" },
597 * We don't allow re-defining this, as doing so will cause
598 * all sorts of confusion.
601 { "confdir", PW_TYPE_STRING_PTR, &radius_dir, RADIUS_DIR },
603 { NULL, -1, NULL, NULL }
608 * Read the configuration and library
609 * This uses the new kind of configuration file as defined by
610 * Miquel at http://www.miquels.cistron.nl/radius/
613 int read_radius_conf_file(void)
618 /* Lets go look for the new configuration files */
619 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
620 if ((cs = conf_read(NULL, 0, buffer)) == NULL) {
625 * Free the old configuration data, and replace it
628 cf_section_free(config);
632 * And parse the directory configuration values.
634 cs = cf_section_find(NULL);
639 * This allows us to figure out where, relative to
640 * radiusd.conf, the other configuration files exist.
642 cf_section_parse(cs, directory_config);
644 /* Initialize the dictionary */
645 DEBUG2("read_config_files: reading dictionary");
646 if (dict_init(radius_dir, RADIUS_DICTIONARY) != 0) {
647 radlog(L_ERR|L_CONS, "Errors reading dictionary: %s",
652 /* old-style clients file */
653 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CLIENTS);
654 DEBUG2("read_config_files: reading clients");
655 if (read_clients_file(buffer) < 0) {
656 radlog(L_ERR|L_CONS, "Errors reading clients");
661 * Add to that, the *new* list of clients.
663 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
664 if (generate_clients(buffer) < 0) {
668 /* old-style realms file */
669 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_REALMS);
670 DEBUG2("read_config_files: reading realms");
671 if (read_realms_file(buffer) < 0) {
672 radlog(L_ERR|L_CONS, "Errors reading realms");
677 * If there isn't any realms it isn't fatal..
679 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
680 if (generate_realms(buffer) < 0) {
684 /* old-style naslist file */
685 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_NASLIST);
686 DEBUG2("read_config_files: reading naslist");
687 if (read_naslist_file(buffer) < 0) {
688 radlog(L_ERR|L_CONS, "Errors reading naslist");
696 * Create the linked list of realms from the new configuration type
697 * This way we don't have to change to much in the other source-files
700 static int generate_realms(const char *filename)
704 char *s, *authhost, *accthost;
706 for (cs = cf_subsection_find_next(config, NULL, "realm")
708 cs = cf_subsection_find_next(config, cs, "realm")) {
710 radlog(L_CONS|L_ERR, "%s[%d]: Missing realm name", filename, cs->item.lineno);
714 * We've found a realm, allocate space for it
716 if ((c = malloc(sizeof(REALM))) == NULL) {
717 radlog(L_CONS|L_ERR, "Out of memory");
720 memset(c, 0, sizeof(REALM));
722 * An authhost must exist in the configuration
724 if ((authhost = cf_section_value_find(cs, "authhost")) == NULL) {
726 "%s[%d]: No authhost entry in realm",
727 filename, cs->item.lineno);
730 if ((s = strchr(authhost, ':')) != NULL) {
732 c->auth_port = atoi(s);
734 c->auth_port = auth_port;
736 accthost = cf_section_value_find(cs, "accthost");
737 if ((s =strchr(accthost, ':')) != NULL) {
739 c->acct_port = atoi(s);
741 c->acct_port = acct_port;
743 if (strcmp(authhost, "LOCAL") != 0)
744 c->ipaddr = ip_getaddr(authhost);
747 * Double check length, just to be sure!
749 if (strlen(authhost) >= sizeof(c->server)) {
750 radlog(L_ERR, "%s[%d]: Server name of length %d is greater that allowed: %d",
751 filename, cs->item.lineno,
752 strlen(authhost), sizeof(c->server) - 1);
755 if (strlen(cs->name2) >= sizeof(c->realm)) {
756 radlog(L_ERR, "%s[%d]: Realm name of length %d is greater than allowed %d",
757 filename, cs->item.lineno,
758 strlen(cs->name2), sizeof(c->server) - 1);
762 strcpy(c->realm, cs->name2);
763 strcpy(c->server, authhost);
765 s = cf_section_value_find(cs, "secret");
767 radlog(L_ERR, "%s[%d]: No shared secret supplied for realm",
768 filename, cs->item.lineno);
772 if (strlen(s) >= sizeof(c->secret)) {
773 radlog(L_ERR, "%s[%d]: Secret of length %d is greater than the allowed maximum of %d.",
774 filename, cs->item.lineno,
775 strlen(s), sizeof(c->secret) - 1);
778 strNcpy((char *)c->secret, s, sizeof(c->secret));
782 if ((cf_section_value_find(cs, "nostrip")) != NULL)
784 if ((cf_section_value_find(cs, "noacct")) != NULL)
786 if ((cf_section_value_find(cs, "trusted")) != NULL)
788 if ((cf_section_value_find(cs, "notrealm")) != NULL)
790 if ((cf_section_value_find(cs, "notsuffix")) != NULL)
803 * Create the linked list of realms from the new configuration type
804 * This way we don't have to change to much in the other source-files
806 static int generate_clients(const char *filename)
810 char *hostnm, *secret, *shortnm, *netmask;
812 for (cs = cf_subsection_find_next(config, NULL, "client")
814 cs = cf_subsection_find_next(config, cs, "client")) {
816 radlog(L_CONS|L_ERR, "%s[%d]: Missing client name", filename, cs->item.lineno);
820 * Check the lengths, we don't want any core dumps
823 secret = cf_section_value_find(cs, "secret");
824 shortnm = cf_section_value_find(cs, "shortname");
825 netmask = strchr(hostnm, '/');
827 if (strlen(secret) >= sizeof(c->secret)) {
828 radlog(L_ERR, "%s[%d]: Secret of length %d is greater than the allowed maximum of %d.",
829 filename, cs->item.lineno,
830 strlen(secret), sizeof(c->secret) - 1);
833 if (strlen(shortnm) > sizeof(c->shortname)) {
834 radlog(L_ERR, "%s[%d]: Client short name of length %d is greater than the allowed maximum of %d.",
835 filename, cs->item.lineno,
836 strlen(shortnm), sizeof(c->shortname) - 1);
840 * The size is fine.. Let's create the buffer
842 if ((c = malloc(sizeof(RADCLIENT))) == NULL) {
843 radlog(L_CONS|L_ERR, "Out of memory");
854 mask_length = atoi(netmask + 1);
855 if ((mask_length <= 0) || (mask_length > 32)) {
856 radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.",
857 filename, cs->item.lineno, netmask + 1);
861 c->netmask = (1 << 31);
862 for (i = 1; i < mask_length; i++) {
863 c->netmask |= (c->netmask >> 1);
867 c->netmask = htonl(c->netmask);
870 c->ipaddr = ip_getaddr(hostnm);
871 if (c->ipaddr == INADDR_NONE) {
872 radlog(L_CONS|L_ERR, "%s[%d]: Failed to look up hostname %s",
873 filename, cs->item.lineno, hostnm);
878 * Update the client name again...
882 c->ipaddr &= c->netmask;
883 strcpy(c->longname, hostnm);
885 ip_hostname(c->longname, sizeof(c->longname),
889 strcpy((char *)c->secret, secret);
890 strcpy(c->shortname, shortnm);
900 * Return a CONF_PAIR within a CONF_SECTION.
903 CONF_PAIR *cf_pair_find(CONF_SECTION *section, const char *name)
907 if (section == NULL) {
911 for (ci = section->children; ci; ci = ci->next) {
912 if (ci->type != CONF_ITEM_PAIR)
914 if (name == NULL || strcmp(cf_itemtopair(ci)->attr, name) == 0)
918 return cf_itemtopair(ci);
922 * Return the attr of a CONF_PAIR
925 char *cf_pair_attr(CONF_PAIR *pair)
927 return (pair ? pair->attr : NULL);
931 * Return the value of a CONF_PAIR
934 char *cf_pair_value(CONF_PAIR *pair)
936 return (pair ? pair->value : NULL);
940 * Return the first label of a CONF_SECTION
943 char *cf_section_name1(CONF_SECTION *section)
945 return (section ? section->name1 : NULL);
949 * Return the second label of a CONF_SECTION
952 char *cf_section_name2(CONF_SECTION *section)
954 return (section ? section->name2 : NULL);
958 * Find a value in a CONF_SECTION
960 char *cf_section_value_find(CONF_SECTION *section, const char *attr)
964 cp = cf_pair_find(section, attr);
966 return (cp ? cp->value : NULL);
970 * Return the next pair after a CONF_PAIR
971 * with a certain name (char *attr) If the requested
972 * attr is NULL, any attr matches.
975 CONF_PAIR *cf_pair_find_next(CONF_SECTION *section, CONF_PAIR *pair, const char *attr)
980 * If pair is NULL this must be a first time run
981 * Find the pair with correct name
985 return cf_pair_find(section, attr);
988 ci = cf_pairtoitem(pair)->next;
990 for (; ci; ci = ci->next) {
991 if (ci->type != CONF_ITEM_PAIR)
993 if (attr == NULL || strcmp(cf_itemtopair(ci)->attr, attr) == 0)
997 return cf_itemtopair(ci);
1001 * Find a CONF_SECTION, or return the root if name is NULL
1004 CONF_SECTION *cf_section_find(const char *name)
1007 return cf_section_sub_find(config, name);
1013 * Find a sub-section in a section
1016 CONF_SECTION *cf_section_sub_find(CONF_SECTION *section, const char *name)
1020 for (ci = section->children; ci; ci = ci->next) {
1021 if (ci->type != CONF_ITEM_SECTION)
1023 if (strcmp(cf_itemtosection(ci)->name1, name) == 0)
1027 return cf_itemtosection(ci);
1032 * Return the next subsection after a CONF_SECTION
1033 * with a certain name1 (char *name1). If the requested
1034 * name1 is NULL, any name1 matches.
1037 CONF_SECTION *cf_subsection_find_next(CONF_SECTION *section,
1038 CONF_SECTION *subsection,
1044 * If subsection is NULL this must be a first time run
1045 * Find the subsection with correct name
1048 if (subsection == NULL){
1049 ci = section->children;
1051 ci = cf_sectiontoitem(subsection)->next;
1054 for (; ci; ci = ci->next) {
1055 if (ci->type != CONF_ITEM_SECTION)
1057 if (name1 == NULL ||
1058 strcmp(cf_itemtosection(ci)->name1, name1) == 0)
1062 return cf_itemtosection(ci);
1066 * Return the next item after a CONF_ITEM.
1069 CONF_ITEM *cf_item_find_next(CONF_SECTION *section, CONF_ITEM *item)
1072 * If item is NULL this must be a first time run
1073 * Return the first item
1077 return section->children;
1083 int cf_section_lineno(CONF_SECTION *section)
1085 return cf_sectiontoitem(section)->lineno;
1088 int cf_pair_lineno(CONF_PAIR *pair)
1090 return cf_pairtoitem(pair)->lineno;
1093 int cf_item_is_section(CONF_ITEM *item)
1095 return item->type == CONF_ITEM_SECTION;
1100 * JMG dump_config tries to dump the config structure in a readable format
1104 static int dump_config_section(CONF_SECTION *cs, int indent)
1110 /* The DEBUG macro doesn't let me
1111 * for(i=0;i<indent;++i) debugputchar('\t');
1112 * so I had to get creative. --Pac. */
1114 for (ci = cs->children; ci; ci = ci->next) {
1115 if (ci->type == CONF_ITEM_PAIR) {
1116 cp=cf_itemtopair(ci);
1117 DEBUG("%.*s%s = %s",
1118 indent, "\t\t\t\t\t\t\t\t\t\t\t",
1119 cp->attr, cp->value);
1121 scs=cf_itemtosection(ci);
1122 DEBUG("%.*s%s %s%s{",
1123 indent, "\t\t\t\t\t\t\t\t\t\t\t",
1125 scs->name2 ? scs->name2 : "",
1126 scs->name2 ? " " : "");
1127 dump_config_section(scs, indent+1);
1129 indent, "\t\t\t\t\t\t\t\t\t\t\t");
1136 int dump_config(void)
1138 return dump_config_section(config, 0);