2 * mainconf.c Handle the server's configuration.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2002,2006-2007 The FreeRADIUS server project
21 * Copyright 2002 Alan DeKok <aland@ox.org>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
29 #include <freeradius-devel/rad_assert.h>
33 #ifdef HAVE_SYS_RESOURCE_H
34 #include <sys/resource.h>
45 #ifdef HAVE_SYS_PRCTL_H
46 #include <sys/prctl.h>
53 #ifdef HAVE_SYS_STAT_H
61 struct main_config_t mainconfig;
62 char *request_log_file = NULL;
63 char *debug_condition = NULL;
64 extern int log_dates_utc;
66 typedef struct cached_config_t {
67 struct cached_config_t *next;
72 static cached_config_t *cs_cache = NULL;
75 * Temporary local variables for parsing the configuration
80 * Systems that have set/getresuid also have setuid.
82 static uid_t server_uid = 0;
83 static gid_t server_gid = 0;
84 static const char *uid_name = NULL;
85 static const char *gid_name = NULL;
87 static const char *chroot_dir = NULL;
88 static int allow_core_dumps = 0;
89 static const char *radlog_dest = NULL;
92 * These are not used anywhere else..
94 static const char *localstatedir = NULL;
95 static const char *prefix = NULL;
96 static const char *my_name = NULL;
97 static const char *sbindir = NULL;
98 static const char *run_dir = NULL;
99 static char *syslog_facility = NULL;
100 static const FR_NAME_NUMBER str2fac[] = {
102 { "kern", LOG_KERN },
105 { "user", LOG_USER },
108 { "mail", LOG_MAIL },
111 { "daemon", LOG_DAEMON },
114 { "auth", LOG_AUTH },
120 { "news", LOG_NEWS },
123 { "uucp", LOG_UUCP },
126 { "cron", LOG_CRON },
129 { "authpriv", LOG_AUTHPRIV },
135 { "local0", LOG_LOCAL0 },
138 { "local1", LOG_LOCAL1 },
141 { "local2", LOG_LOCAL2 },
144 { "local3", LOG_LOCAL3 },
147 { "local4", LOG_LOCAL4 },
150 { "local5", LOG_LOCAL5 },
153 { "local6", LOG_LOCAL6 },
156 { "local7", LOG_LOCAL7 },
162 * Security configuration for the server.
164 static const CONF_PARSER security_config[] = {
165 { "max_attributes", PW_TYPE_INTEGER, 0, &fr_max_attributes, Stringify(0) },
166 { "reject_delay", PW_TYPE_INTEGER, 0, &mainconfig.reject_delay, Stringify(0) },
167 { "status_server", PW_TYPE_BOOLEAN, 0, &mainconfig.status_server, "no"},
168 { NULL, -1, 0, NULL, NULL }
173 * Logging configuration for the server.
175 static const CONF_PARSER logdest_config[] = {
176 { "destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, "files" },
177 { "syslog_facility", PW_TYPE_STRING_PTR, 0, &syslog_facility, Stringify(0) },
179 { "file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, "${logdir}/radius.log" },
180 { "requests", PW_TYPE_STRING_PTR, 0, &request_log_file, NULL },
181 { NULL, -1, 0, NULL, NULL }
185 static const CONF_PARSER serverdest_config[] = {
186 { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) logdest_config },
187 { "log_file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, NULL },
188 { "log_destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, NULL },
189 { "use_utc", PW_TYPE_BOOLEAN, 0, &log_dates_utc, NULL },
190 { NULL, -1, 0, NULL, NULL }
194 static const CONF_PARSER log_config_nodest[] = {
195 { "stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names,"no" },
197 { "auth", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth, "no" },
198 { "auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, "no" },
199 { "auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, "no" },
200 { "msg_badpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_badpass_msg, NULL},
201 { "msg_goodpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_goodpass_msg, NULL},
203 { "use_utc", PW_TYPE_BOOLEAN, 0, &log_dates_utc, NULL },
205 { NULL, -1, 0, NULL, NULL }
210 * A mapping of configuration file names to internal variables
212 static const CONF_PARSER server_config[] = {
214 * FIXME: 'prefix' is the ONLY one which should be
215 * configured at compile time. Hard-coding it here is
216 * bad. It will be cleaned up once we clean up the
217 * hard-coded defines for the locations of the various
220 { "name", PW_TYPE_STRING_PTR, 0, &my_name, "radiusd"},
221 { "prefix", PW_TYPE_STRING_PTR, 0, &prefix, "/usr/local"},
222 { "localstatedir", PW_TYPE_STRING_PTR, 0, &localstatedir, "${prefix}/var"},
223 { "sbindir", PW_TYPE_STRING_PTR, 0, &sbindir, "${prefix}/sbin"},
224 { "logdir", PW_TYPE_STRING_PTR, 0, &radlog_dir, "${localstatedir}/log"},
225 { "run_dir", PW_TYPE_STRING_PTR, 0, &run_dir, "${localstatedir}/run/${name}"},
226 { "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"},
227 { "radacctdir", PW_TYPE_STRING_PTR, 0, &radacct_dir, "${logdir}/radacct" },
228 { "hostname_lookups", PW_TYPE_BOOLEAN, 0, &fr_dns_lookups, "no" },
229 { "max_request_time", PW_TYPE_INTEGER, 0, &mainconfig.max_request_time, Stringify(MAX_REQUEST_TIME) },
230 { "cleanup_delay", PW_TYPE_INTEGER, 0, &mainconfig.cleanup_delay, Stringify(CLEANUP_DELAY) },
231 { "max_requests", PW_TYPE_INTEGER, 0, &mainconfig.max_requests, Stringify(MAX_REQUESTS) },
232 #ifdef DELETE_BLOCKED_REQUESTS
233 { "delete_blocked_requests", PW_TYPE_INTEGER, 0, &mainconfig.kill_unresponsive_children, Stringify(FALSE) },
235 { "pidfile", PW_TYPE_STRING_PTR, 0, &mainconfig.pid_file, "${run_dir}/radiusd.pid"},
236 { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
238 { "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
241 { "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
243 { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) log_config_nodest },
246 * People with old configs will have these. They are listed
247 * AFTER the "log" section, so if they exist in radiusd.conf,
248 * it will prefer "log_foo = bar" to "log { foo = bar }".
249 * They're listed with default values of NULL, so that if they
250 * DON'T exist in radiusd.conf, then the previously parsed
251 * values for "log { foo = bar}" will be used.
253 { "log_auth", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth, NULL },
254 { "log_auth_badpass", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth_badpass, NULL },
255 { "log_auth_goodpass", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth_goodpass, NULL },
256 { "log_stripped_names", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &log_stripped_names, NULL },
258 { "security", PW_TYPE_SUBSECTION, 0, NULL, (const void *) security_config },
260 { NULL, -1, 0, NULL, NULL }
263 static const CONF_PARSER bootstrap_security_config[] = {
265 { "user", PW_TYPE_STRING_PTR, 0, &uid_name, NULL },
266 { "group", PW_TYPE_STRING_PTR, 0, &gid_name, NULL },
268 { "chroot", PW_TYPE_STRING_PTR, 0, &chroot_dir, NULL },
269 { "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" },
271 { NULL, -1, 0, NULL, NULL }
274 static const CONF_PARSER bootstrap_config[] = {
275 { "security", PW_TYPE_SUBSECTION, 0, NULL, (const void *) bootstrap_security_config },
278 * For backwards compatibility.
281 { "user", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &uid_name, NULL },
282 { "group", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &gid_name, NULL },
284 { "chroot", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &chroot_dir, NULL },
285 { "allow_core_dumps", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &allow_core_dumps, NULL },
287 { NULL, -1, 0, NULL, NULL }
292 #define MAX_ARGV (256)
295 static size_t config_escape_func(char *out, size_t outlen, const char *in)
298 static const char *disallowed = "%{}\\'\"`";
302 * Non-printable characters get replaced with their
303 * mime-encoded equivalents.
306 if (outlen <= 3) break;
308 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
315 } else if (strchr(disallowed, *in) != NULL) {
316 if (outlen <= 2) break;
328 * Only one byte left.
348 * Xlat for %{config:section.subsection.attribute}
350 static size_t xlat_config(void *instance, REQUEST *request,
351 char *fmt, char *out,
353 RADIUS_ESCAPE_STRING func)
360 request = request; /* -Wunused */
361 instance = instance; /* -Wunused */
366 if (!radius_xlat(buffer, sizeof(buffer), fmt, request, config_escape_func)) {
370 ci = cf_reference_item(request->root->config,
371 request->root->config, buffer);
372 if (!ci || !cf_item_is_pair(ci)) {
377 cp = cf_itemtopair(ci);
380 * Ensure that we only copy what's necessary.
382 * If 'outlen' is too small, then the output is chopped to fit.
384 value = cf_pair_value(cp);
386 if (outlen > strlen(value)) {
387 outlen = strlen(value) + 1;
391 return func(out, outlen, value);
396 * Xlat for %{client:foo}
398 static size_t xlat_client(UNUSED void *instance, REQUEST *request,
399 char *fmt, char *out,
401 UNUSED RADIUS_ESCAPE_STRING func)
403 const char *value = NULL;
406 if (!fmt || !out || (outlen < 1)) return 0;
408 if (!request || !request->client) {
413 cp = cf_pair_find(request->client->cs, fmt);
414 if (!cp || !(value = cf_pair_value(cp))) {
419 strlcpy(out, value, outlen);
425 * Recursively make directories.
427 static int r_mkdir(const char *part)
429 char *ptr, parentdir[500];
432 if (stat(part, &st) == 0)
435 ptr = strrchr(part, FR_DIR_SEP);
440 snprintf(parentdir, (ptr - part)+1, "%s", part);
442 if (r_mkdir(parentdir) != 0)
445 if (mkdir(part, 0770) != 0) {
446 radlog(L_ERR, "mkdir(%s) error: %s\n", part, strerror(errno));
453 #ifdef HAVE_SYS_RESOURCE_H
454 static struct rlimit core_limits;
457 static void fr_set_dumpable(void)
460 * If configured, turn core dumps off.
462 if (!allow_core_dumps) {
463 #ifdef HAVE_SYS_RESOURCE_H
464 struct rlimit no_core;
467 no_core.rlim_cur = 0;
468 no_core.rlim_max = 0;
470 if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
471 radlog(L_ERR, "Failed disabling core dumps: %s",
479 * Set or re-set the dumpable flag.
481 #ifdef HAVE_SYS_PRCTL_H
482 #ifdef PR_SET_DUMPABLE
483 if (prctl(PR_SET_DUMPABLE, 1) < 0) {
484 radlog(L_ERR,"Cannot re-enable core dumps: prctl(PR_SET_DUMPABLE) failed: '%s'",
491 * Reset the core dump limits to their original value.
493 #ifdef HAVE_SYS_RESOURCE_H
494 if (setrlimit(RLIMIT_CORE, &core_limits) < 0) {
495 radlog(L_ERR, "Cannot update core dump limit: %s",
502 static int doing_setuid = FALSE;
504 #if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
505 void fr_suid_up(void)
507 uid_t ruid, euid, suid;
509 if (getresuid(&ruid, &euid, &suid) < 0) {
510 radlog(L_ERR, "Failed getting saved UID's");
514 if (setresuid(-1, suid, -1) < 0) {
515 radlog(L_ERR, "Failed switching to privileged user");
519 if (geteuid() != suid) {
520 radlog(L_ERR, "Switched to unknown UID");
525 void fr_suid_down(void)
527 if (!doing_setuid) return;
529 if (setresuid(-1, server_uid, geteuid()) < 0) {
530 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
531 progname, uid_name, strerror(errno));
535 if (geteuid() != server_uid) {
536 fprintf(stderr, "%s: Failed switching uid: UID is incorrect\n",
544 void fr_suid_down_permanent(void)
546 if (!doing_setuid) return;
548 if (setresuid(server_uid, server_uid, server_uid) < 0) {
549 radlog(L_ERR, "Failed in permanent switch to uid %s: %s",
550 uid_name, strerror(errno));
554 if (geteuid() != server_uid) {
555 radlog(L_ERR, "Switched to unknown uid");
563 * Much less secure...
565 void fr_suid_up(void)
568 void fr_suid_down(void)
570 if (!uid_name) return;
572 if (setuid(server_uid) < 0) {
573 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
574 progname, uid_name, strerror(errno));
580 void fr_suid_down_permanent(void)
584 #endif /* HAVE_SETRESUID && HAVE_GETRESUID */
585 #else /* HAVE_SETUID */
586 void fr_suid_up(void)
589 void fr_suid_down(void)
593 void fr_suid_down_permanent(void)
597 #endif /* HAVE_SETUID */
602 * Do chroot, if requested.
604 * Switch UID and GID to what is specified in the config file
606 static int switch_users(CONF_SECTION *cs)
608 #ifdef HAVE_SYS_RESOURCE_H
610 * Get the current maximum for core files. Do this
611 * before anything else so as to ensure it's properly
614 if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
615 radlog(L_ERR, "Failed to get current core limit: %s", strerror(errno));
621 * Don't do chroot/setuid/setgid if we're in debugging
624 if (debug_flag && (getuid() != 0)) return 1;
626 if (cf_section_parse(cs, NULL, bootstrap_config) < 0) {
627 fprintf(stderr, "radiusd: Error: Failed to parse user/group information.\n");
637 gr = getgrnam(gid_name);
639 fprintf(stderr, "%s: Cannot get ID for group %s: %s\n",
640 progname, gid_name, strerror(errno));
643 server_gid = gr->gr_gid;
645 server_gid = getgid();
654 pw = getpwnam(uid_name);
656 fprintf(stderr, "%s: Cannot get passwd entry for user %s: %s\n",
657 progname, uid_name, strerror(errno));
661 if (getuid() == pw->pw_uid) {
665 server_uid = pw->pw_uid;
666 #ifdef HAVE_INITGROUPS
667 if (initgroups(uid_name, server_gid) < 0) {
668 fprintf(stderr, "%s: Cannot initialize supplementary group list for user %s: %s\n",
669 progname, uid_name, strerror(errno));
675 server_uid = getuid();
680 if (chroot(chroot_dir) < 0) {
681 fprintf(stderr, "%s: Failed to perform chroot %s: %s",
682 progname, chroot_dir, strerror(errno));
687 * Note that we leave chdir alone. It may be
688 * OUTSIDE of the root. This allows us to read
689 * the configuration from "-d ./etc/raddb", with
690 * the chroot as "./chroot/" for example. After
691 * the server has been loaded, it does a "cd
692 * ${logdir}" below, so that core files (if any)
693 * go to a logging directory.
695 * This also allows the configuration of the
696 * server to be outside of the chroot. If the
697 * server is statically linked, then the only
698 * things needed inside of the chroot are the
699 * logging directories.
705 if (gid_name && (setgid(server_gid) < 0)) {
706 fprintf(stderr, "%s: Failed setting group to %s: %s",
707 progname, gid_name, strerror(errno));
714 * Just before losing root permissions, ensure that the
715 * log files have the correct owner && group.
717 * We have to do this because the log file MAY have been
718 * specified on the command-line.
720 if (uid_name || gid_name) {
721 if ((mainconfig.radlog_dest == RADLOG_FILES) &&
722 (mainconfig.radlog_fd < 0)) {
723 mainconfig.radlog_fd = open(mainconfig.log_file,
724 O_WRONLY | O_APPEND | O_CREAT, 0640);
725 if (mainconfig.radlog_fd < 0) {
726 fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, strerror(errno));
730 if (chown(mainconfig.log_file, server_uid, server_gid) < 0) {
731 fprintf(stderr, "%s: Cannot change ownership of log file %s: %s\n",
732 progname, mainconfig.log_file, strerror(errno));
746 * This also clears the dumpable flag if core dumps
751 if (allow_core_dumps) {
752 radlog(L_INFO, "Core dumps are enabled.");
757 #endif /* HAVE_SETUID */
760 static const FR_NAME_NUMBER str2dest[] = {
761 { "null", RADLOG_NULL },
762 { "files", RADLOG_FILES },
763 { "syslog", RADLOG_SYSLOG },
764 { "stdout", RADLOG_STDOUT },
765 { "stderr", RADLOG_STDERR },
766 { NULL, RADLOG_NUM_DEST }
773 * This function can ONLY be called from the main server process.
775 int read_mainconfig(int reload)
777 const char *p = NULL;
785 radlog(L_ERR, "Reload is not implemented");
789 if (stat(radius_dir, &statbuf) < 0) {
790 radlog(L_ERR, "Errors reading %s: %s",
791 radius_dir, strerror(errno));
796 if ((statbuf.st_mode & S_IWOTH) != 0) {
797 radlog(L_ERR, "Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
804 if (0 && (statbuf.st_mode & S_IROTH) != 0) {
805 radlog(L_ERR, "Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
811 radlog(L_INFO, "Starting - reading configuration files ...");
813 /* Read the configuration file */
814 snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
815 radius_dir, mainconfig.name);
816 if ((cs = cf_file_read(buffer)) == NULL) {
817 radlog(L_ERR, "Errors reading %s", buffer);
822 * If there was no log destination set on the command line,
825 if (mainconfig.radlog_dest == RADLOG_NULL) {
826 if (cf_section_parse(cs, NULL, serverdest_config) < 0) {
827 fprintf(stderr, "radiusd: Error: Failed to parse log{} section.\n");
828 cf_section_free(&cs);
833 fprintf(stderr, "radiusd: Error: No log destination specified.\n");
834 cf_section_free(&cs);
838 mainconfig.radlog_dest = fr_str2int(str2dest, radlog_dest,
840 if (mainconfig.radlog_dest == RADLOG_NUM_DEST) {
841 fprintf(stderr, "radiusd: Error: Unknown log_destination %s\n",
843 cf_section_free(&cs);
847 if (mainconfig.radlog_dest == RADLOG_SYSLOG) {
849 * Make sure syslog_facility isn't NULL
852 if (!syslog_facility) {
853 fprintf(stderr, "radiusd: Error: Syslog chosen but no facility was specified\n");
854 cf_section_free(&cs);
857 mainconfig.syslog_facility = fr_str2int(str2fac, syslog_facility, -1);
858 if (mainconfig.syslog_facility < 0) {
859 fprintf(stderr, "radiusd: Error: Unknown syslog_facility %s\n",
861 cf_section_free(&cs);
867 * Call openlog only once, when the
870 openlog(progname, LOG_PID, mainconfig.syslog_facility);
873 } else if (mainconfig.radlog_dest == RADLOG_FILES) {
874 if (!mainconfig.log_file) {
875 fprintf(stderr, "radiusd: Error: Specified \"files\" as a log destination, but no log filename was given!\n");
876 cf_section_free(&cs);
884 * Switch users as early as possible.
886 if (!switch_users(cs)) exit(1);
890 * Open the log file AFTER switching uid / gid. If we
891 * did switch uid/gid, then the code in switch_users()
892 * took care of setting the file permissions correctly.
894 if ((mainconfig.radlog_dest == RADLOG_FILES) &&
895 (mainconfig.radlog_fd < 0)) {
896 mainconfig.radlog_fd = open(mainconfig.log_file,
897 O_WRONLY | O_APPEND | O_CREAT, 0640);
898 if (mainconfig.radlog_fd < 0) {
899 fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, strerror(errno));
900 cf_section_free(&cs);
905 /* Initialize the dictionary */
906 cp = cf_pair_find(cs, "dictionary");
907 if (cp) p = cf_pair_value(cp);
908 if (!p) p = radius_dir;
909 DEBUG2("including dictionary file %s/%s", p, RADIUS_DICTIONARY);
910 if (dict_init(p, RADIUS_DICTIONARY) != 0) {
911 radlog(L_ERR, "Errors reading dictionary: %s",
917 * This allows us to figure out where, relative to
918 * radiusd.conf, the other configuration files exist.
920 if (cf_section_parse(cs, NULL, server_config) < 0) {
924 if (mainconfig.max_request_time == 0) mainconfig.max_request_time = 100;
925 if (mainconfig.reject_delay > 5) mainconfig.reject_delay = 5;
926 if (mainconfig.cleanup_delay > 5) mainconfig.cleanup_delay =5;
929 * Free the old configuration items, and replace them
932 * Note that where possible, we do atomic switch-overs,
933 * to ensure that the pointers are always valid.
935 cf_section_free(&mainconfig.config);
936 mainconfig.config = cs;
938 DEBUG2("%s: #### Loading Realms and Home Servers ####", mainconfig.name);
939 if (!realms_init(cs)) {
943 DEBUG2("%s: #### Loading Clients ####", mainconfig.name);
944 if (!clients_parse_section(cs)) {
949 * Register the %{config:section.subsection} xlat function.
951 xlat_register("config", xlat_config, NULL);
952 xlat_register("client", xlat_client, NULL);
955 * Starting the server, WITHOUT "-x" on the
956 * command-line: use whatever is in the config
959 if (debug_flag == 0) {
960 debug_flag = mainconfig.debug_level;
962 fr_debug_flag = debug_flag;
965 * Go update our behaviour, based on the configuration
970 * Sanity check the configuration for internal
973 if (mainconfig.reject_delay > mainconfig.cleanup_delay) {
974 mainconfig.reject_delay = mainconfig.cleanup_delay;
976 if (mainconfig.reject_delay < 0) mainconfig.reject_delay = 0;
978 /* Reload the modules. */
979 if (setup_modules(reload, mainconfig.config) < 0) {
984 if (chdir(radlog_dir) < 0) {
985 radlog(L_ERR, "Failed to 'chdir %s' after chroot: %s",
986 radlog_dir, strerror(errno));
991 cc = rad_malloc(sizeof(*cc));
992 memset(cc, 0, sizeof(*cc));
995 rad_assert(cs_cache == NULL);
1002 * Free the configuration. Called only when the server is exiting.
1004 int free_mainconfig(void)
1006 cached_config_t *cc, *next;
1008 virtual_servers_free(0);
1011 * Free all of the cached configurations.
1013 for (cc = cs_cache; cc != NULL; cc = next) {
1015 cf_section_free(&cc->cs);
1020 * Clean up the configuration data
1024 listen_free(&mainconfig.listen);
1030 void hup_mainconfig(void)
1032 cached_config_t *cc;
1036 radlog(L_INFO, "HUP - Re-reading configuration files");
1038 /* Read the configuration file */
1039 snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
1040 radius_dir, mainconfig.name);
1041 if ((cs = cf_file_read(buffer)) == NULL) {
1042 radlog(L_ERR, "Failed to re-read %s", buffer);
1046 cc = rad_malloc(sizeof(*cc));
1047 memset(cc, 0, sizeof(*cc));
1050 * Save the current configuration. Note that we do NOT
1051 * free older ones. We should probably do so at some
1052 * point. Doing so will require us to mark which modules
1053 * are still in use, and which aren't. Modules that
1054 * can't be HUPed always use the original configuration.
1055 * Modules that can be HUPed use one of the newer
1058 cc->created = time(NULL);
1060 cc->next = cs_cache;
1064 * Re-open the log file. If we can't, then keep logging
1065 * to the old log file.
1067 * The "open log file" code is here rather than in log.c,
1068 * because it makes that function MUCH simpler.
1070 if (mainconfig.radlog_dest == RADLOG_FILES) {
1073 fd = open(mainconfig.log_file,
1074 O_WRONLY | O_APPEND | O_CREAT, 0640);
1077 * Atomic swap. We'd like to keep the old
1078 * FD around so that callers don't
1079 * suddenly find the FD closed, and the
1080 * writes go nowhere. But that's hard to
1081 * do. So... we have the case where a
1082 * log message *might* be lost on HUP.
1084 old_fd = mainconfig.radlog_fd;
1085 mainconfig.radlog_fd = fd;
1090 radlog(L_INFO, "HUP - loading modules");
1093 * Prefer the new module configuration.
1095 module_hup(cf_section_sub_find(cs, "modules"));
1098 * Load new servers BEFORE freeing old ones.
1100 virtual_servers_load(cs);
1102 virtual_servers_free(cc->created - mainconfig.max_request_time * 4);