2 * conffile.c Read the radiusd.conf file.
4 * Yep I should learn to use lex & yacc, or at least
5 * write a decent parser. I know how to do that, really :)
13 #include "libradius.h"
20 #include <netinet/in.h>
28 static const char rcsid[] =
31 #define xstrdup strdup
33 typedef enum conf_type {
39 struct conf_item *next;
40 struct conf_part *parent;
54 struct conf_item *children;
57 CONF_SECTION *config = NULL;
62 extern RADCLIENT *clients;
64 extern int read_realms_file(const char *file);
66 static int generate_realms(const char *filename);
67 static int generate_clients(const char *filename);
68 static CONF_SECTION *conf_read(const char *fromfile, int fromline, const char *conffile);
71 #define RADIUS_CONFIG "radiusd.conf"
75 * Isolate the scary casts in these tiny provably-safe functions
77 CONF_PAIR *cf_itemtopair(CONF_ITEM *ci)
81 assert(ci->type == CONF_ITEM_PAIR);
82 return (CONF_PAIR *)ci;
84 CONF_SECTION *cf_itemtosection(CONF_ITEM *ci)
88 assert(ci->type == CONF_ITEM_SECTION);
89 return (CONF_SECTION *)ci;
91 static CONF_ITEM *cf_pairtoitem(CONF_PAIR *cp)
95 return (CONF_ITEM *)cp;
97 static CONF_ITEM *cf_sectiontoitem(CONF_SECTION *cs)
101 return (CONF_ITEM *)cs;
105 * Create a new CONF_PAIR
107 static CONF_PAIR *cf_pair_alloc(const char *attr, const char *value,
108 int operator, CONF_SECTION *parent)
112 cp = (CONF_PAIR *)rad_malloc(sizeof(CONF_PAIR));
113 memset(cp, 0, sizeof(CONF_PAIR));
114 cp->item.type = CONF_ITEM_PAIR;
115 cp->item.parent = parent;
116 cp->attr = xstrdup(attr);
117 cp->value = xstrdup(value);
118 cp->operator = operator;
124 * Add an item to a configuration section.
126 static void cf_item_add(CONF_SECTION *cs, CONF_ITEM *ci_new)
130 for (ci = cs->children; ci && ci->next; ci = ci->next)
134 cs->children = ci_new;
142 void cf_pair_free(CONF_PAIR *cp)
144 if (cp == NULL) return;
146 if (cp->attr) free(cp->attr);
147 if (cp->value) free(cp->value);
152 * Allocate a CONF_SECTION
154 static CONF_SECTION *cf_section_alloc(const char *name1, const char *name2,
155 CONF_SECTION *parent)
159 if (name1 == NULL || !name1[0]) name1 = "main";
161 cs = (CONF_SECTION *)rad_malloc(sizeof(CONF_SECTION));
162 memset(cs, 0, sizeof(CONF_SECTION));
163 cs->item.type = CONF_ITEM_SECTION;
164 cs->item.parent = parent;
165 cs->name1 = xstrdup(name1);
166 cs->name2 = (name2 && *name2) ? xstrdup(name2) : NULL;
172 * Free a CONF_SECTION
174 void cf_section_free(CONF_SECTION *cs)
176 CONF_ITEM *ci, *next;
178 if (cs == NULL) return;
180 for (ci = cs->children; ci; ci = next) {
182 if (ci->type==CONF_ITEM_PAIR)
183 cf_pair_free(cf_itemtopair(ci));
185 cf_section_free(cf_itemtosection(ci));
188 if (cs->name1) free(cs->name1);
189 if (cs->name2) free(cs->name2);
192 * And free the section
198 * Expand the variables in an input string.
200 static const char *cf_expand_variables(const char *cf, int *lineno,
202 char *output, const char *input)
205 const char *end, *ptr;
208 CONF_SECTION *outercs;
212 while (*ptr >= ' ') {
214 * Ignore anything other than "${"
223 * Look for trailing '}', and silently
224 * ignore anything that doesn't match.
226 * FIXME! This is probably wrong...
228 end = strchr(ptr, '}');
236 memcpy(name, ptr, end - ptr);
237 name[end - ptr] = '\0';
239 cpn = cf_pair_find(cs, name);
242 * Also look recursively up the section tree,
243 * so things like ${confdir} can be defined
244 * there and used inside the module config
247 for (outercs=cs->item.parent
249 outercs=outercs->item.parent) {
250 cpn = cf_pair_find(outercs, name);
253 radlog(L_ERR, "%s[%d]: Unknown variable \"%s\"",
260 * Substitute the value of the variable.
262 strcpy(p, cpn->value);
265 } /* loop over all of the input string. */
273 * Parse a configuration section into user-supplied variables.
275 int cf_section_parse(CONF_SECTION *cs, const CONF_PARSER *variables)
281 CONF_SECTION *subsection;
287 * Handle the user-supplied variables.
289 for (i = 0; variables[i].name != NULL; i++) {
290 value = variables[i].dflt;
292 cp = cf_pair_find(cs, variables[i].name);
297 switch (variables[i].type)
299 case PW_TYPE_SUBSECTION:
300 subsection = cf_section_sub_find(cs,variables[i].name);
303 * If the configuration section is NOT there,
306 * FIXME! This is probably wrong... we should
307 * probably set the items to their default values.
313 rcode = cf_section_parse(subsection,
314 (CONF_PARSER *) variables[i].data);
320 case PW_TYPE_BOOLEAN:
322 * Allow yes/no and on/off
324 if ((strcasecmp(value, "yes") == 0) ||
325 (strcasecmp(value, "on") == 0)) {
326 *(int *)variables[i].data = 1;
327 } else if ((strcasecmp(value, "no") == 0) ||
328 (strcasecmp(value, "off") == 0)) {
329 *(int *)variables[i].data = 0;
331 *(int *)variables[i].data = 0;
332 radlog(L_ERR, "Bad value \"%s\" for boolean variable %s", value, variables[i].name);
335 DEBUG2(" %s: %s = %s",
341 case PW_TYPE_INTEGER:
342 *(int *)variables[i].data = strtol(value, 0, 0);
343 DEBUG2(" %s: %s = %d",
346 *(int *)variables[i].data);
349 case PW_TYPE_STRING_PTR:
350 q = (char **) variables[i].data;
356 * Expand variables while parsing,
357 * but ONLY expand ones which haven't already
360 if (value && (value == variables[i].dflt)) {
361 cf_expand_variables(NULL, 0, cs, buffer,value);
365 DEBUG2(" %s: %s = \"%s\"",
368 value ? value : "(null)");
369 *q = value ? strdup(value) : NULL;
374 * Allow '*' as any address
376 if (strcmp(value, "*") == 0) {
377 *(uint32_t *) variables[i].data = 0;
380 ipaddr = ip_getaddr(value);
382 radlog(L_ERR, "Can't find IP address for host %s", value);
385 DEBUG2(" %s: %s = %s IP address [%s]",
388 value, ip_ntoa(buffer, ipaddr));
389 *(uint32_t *) variables[i].data = ipaddr;
393 radlog(L_ERR, "type %d not supported yet", variables[i].type);
396 } /* switch over variable type */
397 } /* for all variables in the configuration section */
403 * Read a part of the config file.
405 static CONF_SECTION *cf_section_read(const char *cf, int *lineno, FILE *fp,
406 const char *name1, const char *name2,
407 CONF_SECTION *parent)
409 CONF_SECTION *cs, *css;
419 * Ensure that the user can't add CONF_SECTIONs
420 * with 'internal' names;
422 if ((name1 != NULL) && (name1[0] == '_')) {
423 radlog(L_ERR, "%s[%d]: Illegal configuration section name",
429 * Allocate new section.
431 cs = cf_section_alloc(name1, name2, parent);
432 cs->item.lineno = *lineno;
437 while (fgets(buf, sizeof(buf), fp) != NULL) {
441 t1 = gettoken(&ptr, buf1, sizeof(buf1));
444 * Skip comments and blank lines immediately.
446 if ((*buf1 == '#') || (*buf1 == '\0')) {
451 * Allow for $INCLUDE files
453 * Currently this allows for includes only at the top
454 * level of config. IE you cannot have an $INCLUDE nested
455 * inside section. -cparker
457 if ((strcasecmp(buf1, "$INCLUDE") == 0) &&
458 (name1 == NULL) && (name2 == NULL)) {
462 t2 = getword(&ptr, buf2, sizeof(buf2));
464 cf_expand_variables(cf, lineno, cs, buf, buf2);
466 DEBUG2( "Config: including file: %s", buf );
468 if ((is = conf_read(cf, *lineno, buf)) == NULL) {
474 * Add the included conf to our CONF_SECTION
476 if (is && is->children ) cf_item_add(cs, is->children);
483 * No '=': must be a section or sub-section.
485 if (strchr(ptr, '=') == NULL) {
486 t2 = gettoken(&ptr, buf2, sizeof(buf2));
487 t3 = gettoken(&ptr, buf3, sizeof(buf3));
489 t2 = gettoken(&ptr, buf2, sizeof(buf2));
490 t3 = getword(&ptr, buf3, sizeof(buf3));
494 * See if it's the end of a section.
496 if (t1 == T_RCBRACE) {
497 if (name1 == NULL || buf2[0]) {
498 radlog(L_ERR, "%s[%d]: Unexpected end of section",
507 * Perhaps a subsection.
509 if (t2 == T_LCBRACE || t3 == T_LCBRACE) {
510 css = cf_section_read(cf, lineno, fp, buf1,
511 t2==T_LCBRACE ? NULL : buf2, cs);
516 cf_item_add(cs, cf_sectiontoitem(css));
522 * Ignore semi-colons.
524 if (*buf2 == ';') *buf2 = '\0';
527 * Must be a normal attr = value line.
529 if (buf1[0] != 0 && buf2[0] == 0 && buf3[0] == 0) {
531 } else if (buf1[0] == 0 || buf2[0] == 0 || buf3[0] == 0 ||
532 (t2 < T_EQSTART || t2 > T_EQEND)) {
533 radlog(L_ERR, "%s[%d]: Line is not in 'attribute = value' format",
540 * Ensure that the user can't add CONF_PAIRs
541 * with 'internal' names;
543 if (buf1[0] == '_') {
544 radlog(L_ERR, "%s[%d]: Illegal configuration pair name \"%s\"",
551 * Handle variable substitution via ${foo}
553 cf_expand_variables(cf, lineno, cs, buf, buf3);
556 * Add this CONF_PAIR to our CONF_SECTION
558 cpn = cf_pair_alloc(buf1, buf, t2, parent);
559 cpn->item.lineno = *lineno;
560 cf_item_add(cs, cf_pairtoitem(cpn));
564 * See if EOF was unexpected ..
567 radlog(L_ERR, "%s[%d]: Unexpected end of file", cf, *lineno);
576 * Read the config file.
578 static CONF_SECTION *conf_read(const char *fromfile, int fromline, const char *conffile)
584 if ((fp = fopen(conffile, "r")) == NULL) {
586 radlog(L_ERR|L_CONS, "%s[%d]: Unable to open file \"%s\": %s",
587 fromfile, fromline, conffile, strerror(errno));
589 radlog(L_ERR|L_CONS, "Unable to open file \"%s\": %s",
590 conffile, strerror(errno));
595 cs = cf_section_read(conffile, &lineno, fp, NULL, NULL, NULL);
602 * These are not used anywhere else..
604 static const char *localstatedir = NULL;
605 static const char *prefix = NULL;
607 static CONF_PARSER directory_config[] = {
609 * FIXME: 'prefix' is the ONLY one which should be configured
610 * at compile time. Hard-coding it here is bad. It will be cleaned
611 * up once we clean up the hard-coded defines for the locations of
614 { "prefix", PW_TYPE_STRING_PTR, &prefix, "/usr/local"},
615 { "localstatedir", PW_TYPE_STRING_PTR, &localstatedir, "${prefix}/var"},
616 { "logdir", PW_TYPE_STRING_PTR, &radlog_dir, "${localstatedir}/log"},
617 { "libdir", PW_TYPE_STRING_PTR, &radlib_dir, "${prefix}/lib"},
618 { "radacctdir", PW_TYPE_STRING_PTR, &radacct_dir, "${logdir}/radacct" },
619 { "hostname_lookups", PW_TYPE_BOOLEAN, &librad_dodns, "0" },
622 * We don't allow re-defining this, as doing so will cause
623 * all sorts of confusion.
626 { "confdir", PW_TYPE_STRING_PTR, &radius_dir, RADIUS_DIR },
628 { NULL, -1, NULL, NULL }
633 * Read the configuration and library
634 * This uses the new kind of configuration file as defined by
635 * Miquel at http://www.miquels.cistron.nl/radius/
638 int read_radius_conf_file(void)
643 /* Lets go look for the new configuration files */
644 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
645 if ((cs = conf_read(NULL, 0, buffer)) == NULL) {
650 * Free the old configuration data, and replace it
653 cf_section_free(config);
657 * And parse the directory configuration values.
659 cs = cf_section_find(NULL);
664 * This allows us to figure out where, relative to
665 * radiusd.conf, the other configuration files exist.
667 cf_section_parse(cs, directory_config);
669 /* Initialize the dictionary */
670 DEBUG2("read_config_files: reading dictionary");
671 if (dict_init(radius_dir, RADIUS_DICTIONARY) != 0) {
672 radlog(L_ERR|L_CONS, "Errors reading dictionary: %s",
677 /* old-style clients file */
678 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CLIENTS);
679 DEBUG2("read_config_files: reading clients");
680 if (read_clients_file(buffer) < 0) {
681 radlog(L_ERR|L_CONS, "Errors reading clients");
686 * Add to that, the *new* list of clients.
688 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
689 if (generate_clients(buffer) < 0) {
693 /* old-style realms file */
694 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_REALMS);
695 DEBUG2("read_config_files: reading realms");
696 if (read_realms_file(buffer) < 0) {
697 radlog(L_ERR|L_CONS, "Errors reading realms");
702 * If there isn't any realms it isn't fatal..
704 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_CONFIG);
705 if (generate_realms(buffer) < 0) {
709 /* old-style naslist file */
710 sprintf(buffer, "%.200s/%.50s", radius_dir, RADIUS_NASLIST);
711 DEBUG2("read_config_files: reading naslist");
712 if (read_naslist_file(buffer) < 0) {
713 radlog(L_ERR|L_CONS, "Errors reading naslist");
721 * Create the linked list of realms from the new configuration type
722 * This way we don't have to change to much in the other source-files
725 static int generate_realms(const char *filename)
729 char *s, *authhost, *accthost;
731 for (cs = cf_subsection_find_next(config, NULL, "realm")
733 cs = cf_subsection_find_next(config, cs, "realm")) {
735 radlog(L_CONS|L_ERR, "%s[%d]: Missing realm name", filename, cs->item.lineno);
739 * We've found a realm, allocate space for it
741 c = rad_malloc(sizeof(REALM));
742 memset(c, 0, sizeof(REALM));
744 * An authhost must exist in the configuration
746 if ((authhost = cf_section_value_find(cs, "authhost")) == NULL) {
748 "%s[%d]: No authhost entry in realm",
749 filename, cs->item.lineno);
752 if ((s = strchr(authhost, ':')) != NULL) {
754 c->auth_port = atoi(s);
756 c->auth_port = auth_port;
758 accthost = cf_section_value_find(cs, "accthost");
759 if ((s =strchr(accthost, ':')) != NULL) {
761 c->acct_port = atoi(s);
763 c->acct_port = acct_port;
765 if (strcmp(authhost, "LOCAL") != 0)
766 c->ipaddr = ip_getaddr(authhost);
769 * Double check length, just to be sure!
771 if (strlen(authhost) >= sizeof(c->server)) {
772 radlog(L_ERR, "%s[%d]: Server name of length %d is greater that allowed: %d",
773 filename, cs->item.lineno,
774 strlen(authhost), sizeof(c->server) - 1);
777 if (strlen(cs->name2) >= sizeof(c->realm)) {
778 radlog(L_ERR, "%s[%d]: Realm name of length %d is greater than allowed %d",
779 filename, cs->item.lineno,
780 strlen(cs->name2), sizeof(c->server) - 1);
784 strcpy(c->realm, cs->name2);
785 strcpy(c->server, authhost);
787 s = cf_section_value_find(cs, "secret");
789 radlog(L_ERR, "%s[%d]: No shared secret supplied for realm",
790 filename, cs->item.lineno);
794 if (strlen(s) >= sizeof(c->secret)) {
795 radlog(L_ERR, "%s[%d]: Secret of length %d is greater than the allowed maximum of %d.",
796 filename, cs->item.lineno,
797 strlen(s), sizeof(c->secret) - 1);
800 strNcpy((char *)c->secret, s, sizeof(c->secret));
804 if ((cf_section_value_find(cs, "nostrip")) != NULL)
806 if ((cf_section_value_find(cs, "noacct")) != NULL)
808 if ((cf_section_value_find(cs, "trusted")) != NULL)
810 if ((cf_section_value_find(cs, "notrealm")) != NULL)
812 if ((cf_section_value_find(cs, "notsuffix")) != NULL)
825 * Create the linked list of realms from the new configuration type
826 * This way we don't have to change to much in the other source-files
828 static int generate_clients(const char *filename)
832 char *hostnm, *secret, *shortnm, *netmask;
834 for (cs = cf_subsection_find_next(config, NULL, "client")
836 cs = cf_subsection_find_next(config, cs, "client")) {
838 radlog(L_CONS|L_ERR, "%s[%d]: Missing client name", filename, cs->item.lineno);
842 * Check the lengths, we don't want any core dumps
845 secret = cf_section_value_find(cs, "secret");
846 shortnm = cf_section_value_find(cs, "shortname");
847 netmask = strchr(hostnm, '/');
849 if (strlen(secret) >= sizeof(c->secret)) {
850 radlog(L_ERR, "%s[%d]: Secret of length %d is greater than the allowed maximum of %d.",
851 filename, cs->item.lineno,
852 strlen(secret), sizeof(c->secret) - 1);
855 if (strlen(shortnm) > sizeof(c->shortname)) {
856 radlog(L_ERR, "%s[%d]: Client short name of length %d is greater than the allowed maximum of %d.",
857 filename, cs->item.lineno,
858 strlen(shortnm), sizeof(c->shortname) - 1);
862 * The size is fine.. Let's create the buffer
864 c = rad_malloc(sizeof(RADCLIENT));
873 mask_length = atoi(netmask + 1);
874 if ((mask_length <= 0) || (mask_length > 32)) {
875 radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.",
876 filename, cs->item.lineno, netmask + 1);
880 c->netmask = (1 << 31);
881 for (i = 1; i < mask_length; i++) {
882 c->netmask |= (c->netmask >> 1);
886 c->netmask = htonl(c->netmask);
889 c->ipaddr = ip_getaddr(hostnm);
890 if (c->ipaddr == INADDR_NONE) {
891 radlog(L_CONS|L_ERR, "%s[%d]: Failed to look up hostname %s",
892 filename, cs->item.lineno, hostnm);
897 * Update the client name again...
901 c->ipaddr &= c->netmask;
902 strcpy(c->longname, hostnm);
904 ip_hostname(c->longname, sizeof(c->longname),
908 strcpy((char *)c->secret, secret);
909 strcpy(c->shortname, shortnm);
919 * Return a CONF_PAIR within a CONF_SECTION.
922 CONF_PAIR *cf_pair_find(CONF_SECTION *section, const char *name)
926 if (section == NULL) {
930 for (ci = section->children; ci; ci = ci->next) {
931 if (ci->type != CONF_ITEM_PAIR)
933 if (name == NULL || strcmp(cf_itemtopair(ci)->attr, name) == 0)
937 return cf_itemtopair(ci);
941 * Return the attr of a CONF_PAIR
944 char *cf_pair_attr(CONF_PAIR *pair)
946 return (pair ? pair->attr : NULL);
950 * Return the value of a CONF_PAIR
953 char *cf_pair_value(CONF_PAIR *pair)
955 return (pair ? pair->value : NULL);
959 * Return the first label of a CONF_SECTION
962 char *cf_section_name1(CONF_SECTION *section)
964 return (section ? section->name1 : NULL);
968 * Return the second label of a CONF_SECTION
971 char *cf_section_name2(CONF_SECTION *section)
973 return (section ? section->name2 : NULL);
977 * Find a value in a CONF_SECTION
979 char *cf_section_value_find(CONF_SECTION *section, const char *attr)
983 cp = cf_pair_find(section, attr);
985 return (cp ? cp->value : NULL);
989 * Return the next pair after a CONF_PAIR
990 * with a certain name (char *attr) If the requested
991 * attr is NULL, any attr matches.
994 CONF_PAIR *cf_pair_find_next(CONF_SECTION *section, CONF_PAIR *pair, const char *attr)
999 * If pair is NULL this must be a first time run
1000 * Find the pair with correct name
1004 return cf_pair_find(section, attr);
1007 ci = cf_pairtoitem(pair)->next;
1009 for (; ci; ci = ci->next) {
1010 if (ci->type != CONF_ITEM_PAIR)
1012 if (attr == NULL || strcmp(cf_itemtopair(ci)->attr, attr) == 0)
1016 return cf_itemtopair(ci);
1020 * Find a CONF_SECTION, or return the root if name is NULL
1023 CONF_SECTION *cf_section_find(const char *name)
1026 return cf_section_sub_find(config, name);
1032 * Find a sub-section in a section
1035 CONF_SECTION *cf_section_sub_find(CONF_SECTION *section, const char *name)
1039 for (ci = section->children; ci; ci = ci->next) {
1040 if (ci->type != CONF_ITEM_SECTION)
1042 if (strcmp(cf_itemtosection(ci)->name1, name) == 0)
1046 return cf_itemtosection(ci);
1051 * Return the next subsection after a CONF_SECTION
1052 * with a certain name1 (char *name1). If the requested
1053 * name1 is NULL, any name1 matches.
1056 CONF_SECTION *cf_subsection_find_next(CONF_SECTION *section,
1057 CONF_SECTION *subsection,
1063 * If subsection is NULL this must be a first time run
1064 * Find the subsection with correct name
1067 if (subsection == NULL){
1068 ci = section->children;
1070 ci = cf_sectiontoitem(subsection)->next;
1073 for (; ci; ci = ci->next) {
1074 if (ci->type != CONF_ITEM_SECTION)
1076 if (name1 == NULL ||
1077 strcmp(cf_itemtosection(ci)->name1, name1) == 0)
1081 return cf_itemtosection(ci);
1085 * Return the next item after a CONF_ITEM.
1088 CONF_ITEM *cf_item_find_next(CONF_SECTION *section, CONF_ITEM *item)
1091 * If item is NULL this must be a first time run
1092 * Return the first item
1096 return section->children;
1102 int cf_section_lineno(CONF_SECTION *section)
1104 return cf_sectiontoitem(section)->lineno;
1107 int cf_pair_lineno(CONF_PAIR *pair)
1109 return cf_pairtoitem(pair)->lineno;
1112 int cf_item_is_section(CONF_ITEM *item)
1114 return item->type == CONF_ITEM_SECTION;
1119 * JMG dump_config tries to dump the config structure in a readable format
1123 static int dump_config_section(CONF_SECTION *cs, int indent)
1129 /* The DEBUG macro doesn't let me
1130 * for(i=0;i<indent;++i) debugputchar('\t');
1131 * so I had to get creative. --Pac. */
1133 for (ci = cs->children; ci; ci = ci->next) {
1134 if (ci->type == CONF_ITEM_PAIR) {
1135 cp=cf_itemtopair(ci);
1136 DEBUG("%.*s%s = %s",
1137 indent, "\t\t\t\t\t\t\t\t\t\t\t",
1138 cp->attr, cp->value);
1140 scs=cf_itemtosection(ci);
1141 DEBUG("%.*s%s %s%s{",
1142 indent, "\t\t\t\t\t\t\t\t\t\t\t",
1144 scs->name2 ? scs->name2 : "",
1145 scs->name2 ? " " : "");
1146 dump_config_section(scs, indent+1);
1148 indent, "\t\t\t\t\t\t\t\t\t\t\t");
1155 int dump_config(void)
1157 return dump_config_section(config, 0);