2 * mainconf.c Handle the server's configuration.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2002,2006-2007 The FreeRADIUS server project
21 * Copyright 2002 Alan DeKok <aland@ox.org>
26 #include <freeradius-devel/radiusd.h>
27 #include <freeradius-devel/modules.h>
28 #include <freeradius-devel/rad_assert.h>
32 #ifdef HAVE_SYS_RESOURCE_H
33 #include <sys/resource.h>
44 #ifdef HAVE_SYS_PRCTL_H
45 #include <sys/prctl.h>
52 #ifdef HAVE_SYS_STAT_H
60 struct main_config_t mainconfig;
61 char *debug_condition = NULL;
62 extern int log_dates_utc;
64 typedef struct cached_config_t {
65 struct cached_config_t *next;
70 static cached_config_t *cs_cache = NULL;
73 * Temporary local variables for parsing the configuration
78 * Systems that have set/getresuid also have setuid.
80 static uid_t server_uid = 0;
81 static gid_t server_gid = 0;
82 static char const *uid_name = NULL;
83 static char const *gid_name = NULL;
85 static char const *chroot_dir = NULL;
86 static bool allow_core_dumps = false;
87 static char const *radlog_dest = NULL;
90 * These are not used anywhere else..
92 static char const *localstatedir = NULL;
93 static char const *prefix = NULL;
95 static char const *sbindir = NULL;
96 static char const *run_dir = NULL;
97 static char *syslog_facility = NULL;
98 static bool do_colourise = false;
102 * Security configuration for the server.
104 static const CONF_PARSER security_config[] = {
105 { "max_attributes", PW_TYPE_INTEGER, 0, &fr_max_attributes, STRINGIFY(0) },
106 { "reject_delay", PW_TYPE_INTEGER, 0, &mainconfig.reject_delay, STRINGIFY(0) },
107 { "status_server", PW_TYPE_BOOLEAN, 0, &mainconfig.status_server, "no"},
108 { NULL, -1, 0, NULL, NULL }
113 * Logging configuration for the server.
115 static const CONF_PARSER logdest_config[] = {
116 { "destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, "files" },
117 { "syslog_facility", PW_TYPE_STRING_PTR, 0, &syslog_facility, STRINGIFY(0) },
119 { "file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, "${logdir}/radius.log" },
120 { "requests", PW_TYPE_STRING_PTR, 0, &default_log.file, NULL },
121 { NULL, -1, 0, NULL, NULL }
125 static const CONF_PARSER serverdest_config[] = {
126 { "log", PW_TYPE_SUBSECTION, 0, NULL, (void const *) logdest_config },
127 { "log_file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, NULL },
128 { "log_destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, NULL },
129 { "use_utc", PW_TYPE_BOOLEAN, 0, &log_dates_utc, NULL },
130 { NULL, -1, 0, NULL, NULL }
134 static const CONF_PARSER log_config_nodest[] = {
135 { "stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names,"no" },
136 { "auth", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth, "no" },
137 { "auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, "no" },
138 { "auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, "no" },
139 { "msg_badpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_badpass_msg, NULL},
140 { "msg_goodpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_goodpass_msg, NULL},
141 { "colourise", PW_TYPE_BOOLEAN, 0, &do_colourise, NULL },
142 { "use_utc", PW_TYPE_BOOLEAN, 0, &log_dates_utc, NULL },
144 { NULL, -1, 0, NULL, NULL }
149 * A mapping of configuration file names to internal variables
151 static const CONF_PARSER server_config[] = {
153 * FIXME: 'prefix' is the ONLY one which should be
154 * configured at compile time. Hard-coding it here is
155 * bad. It will be cleaned up once we clean up the
156 * hard-coded defines for the locations of the various
159 { "name", PW_TYPE_STRING_PTR, 0, &my_name, "radiusd"},
160 { "prefix", PW_TYPE_STRING_PTR, 0, &prefix, "/usr/local"},
161 { "localstatedir", PW_TYPE_STRING_PTR, 0, &localstatedir, "${prefix}/var"},
162 { "sbindir", PW_TYPE_STRING_PTR, 0, &sbindir, "${prefix}/sbin"},
163 { "logdir", PW_TYPE_STRING_PTR, 0, &radlog_dir, "${localstatedir}/log"},
164 { "run_dir", PW_TYPE_STRING_PTR, 0, &run_dir, "${localstatedir}/run/${name}"},
165 { "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"},
166 { "dict_dir", PW_TYPE_STRING_PTR | PW_TYPE_NO_OVERWRITE, 0,
167 &mainconfig.dictionary_dir, "${prefix}/share" },
168 { "radacctdir", PW_TYPE_STRING_PTR, 0, &radacct_dir, "${logdir}/radacct" },
169 { "panic_action", PW_TYPE_STRING_PTR, 0, &mainconfig.panic_action, NULL},
170 { "hostname_lookups", PW_TYPE_BOOLEAN, 0, &fr_dns_lookups, "no" },
171 { "max_request_time", PW_TYPE_INTEGER, 0, &mainconfig.max_request_time, STRINGIFY(MAX_REQUEST_TIME) },
172 { "cleanup_delay", PW_TYPE_INTEGER, 0, &mainconfig.cleanup_delay, STRINGIFY(CLEANUP_DELAY) },
173 { "max_requests", PW_TYPE_INTEGER, 0, &mainconfig.max_requests, STRINGIFY(MAX_REQUESTS) },
174 #ifdef DELETE_BLOCKED_REQUESTS
175 { "delete_blocked_requests", PW_TYPE_INTEGER, 0, &mainconfig.kill_unresponsive_children, STRINGIFY(false) },
177 { "pidfile", PW_TYPE_STRING_PTR, 0, &mainconfig.pid_file, "${run_dir}/radiusd.pid"},
178 { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
180 { "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
183 { "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
185 { "log", PW_TYPE_SUBSECTION, 0, NULL, (void const *) log_config_nodest },
188 * People with old configs will have these. They are listed
189 * AFTER the "log" section, so if they exist in radiusd.conf,
190 * it will prefer "log_foo = bar" to "log { foo = bar }".
191 * They're listed with default values of NULL, so that if they
192 * DON'T exist in radiusd.conf, then the previously parsed
193 * values for "log { foo = bar}" will be used.
195 { "log_auth", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth, NULL },
196 { "log_auth_badpass", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth_badpass, NULL },
197 { "log_auth_goodpass", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &mainconfig.log_auth_goodpass, NULL },
198 { "log_stripped_names", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &log_stripped_names, NULL },
200 { "security", PW_TYPE_SUBSECTION, 0, NULL, (void const *) security_config },
202 { NULL, -1, 0, NULL, NULL }
205 static const CONF_PARSER bootstrap_security_config[] = {
207 { "user", PW_TYPE_STRING_PTR, 0, &uid_name, NULL },
208 { "group", PW_TYPE_STRING_PTR, 0, &gid_name, NULL },
210 { "chroot", PW_TYPE_STRING_PTR, 0, &chroot_dir, NULL },
211 { "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" },
213 { NULL, -1, 0, NULL, NULL }
216 static const CONF_PARSER bootstrap_config[] = {
217 { "security", PW_TYPE_SUBSECTION, 0, NULL, (void const *) bootstrap_security_config },
220 * For backwards compatibility.
223 { "user", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &uid_name, NULL },
224 { "group", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &gid_name, NULL },
226 { "chroot", PW_TYPE_STRING_PTR | PW_TYPE_DEPRECATED, 0, &chroot_dir, NULL },
227 { "allow_core_dumps", PW_TYPE_BOOLEAN | PW_TYPE_DEPRECATED, 0, &allow_core_dumps, NULL },
229 { NULL, -1, 0, NULL, NULL }
234 #define MAX_ARGV (256)
237 static size_t config_escape_func(UNUSED REQUEST *request, char *out, size_t outlen, char const *in, UNUSED void *arg)
240 static char const *disallowed = "%{}\\'\"`";
244 * Non-printable characters get replaced with their
245 * mime-encoded equivalents.
248 if (outlen <= 3) break;
250 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
257 } else if (strchr(disallowed, *in) != NULL) {
258 if (outlen <= 2) break;
270 * Only one byte left.
290 * Xlat for %{config:section.subsection.attribute}
292 static ssize_t xlat_config(UNUSED void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen)
302 if (radius_xlat(buffer, sizeof(buffer), request, fmt, config_escape_func, NULL) < 0) {
306 ci = cf_reference_item(request->root->config,
307 request->root->config, buffer);
308 if (!ci || !cf_item_is_pair(ci)) {
309 REDEBUG("Config item \"%s\" does not exist", fmt);
314 cp = cf_itemtopair(ci);
317 * Ensure that we only copy what's necessary.
319 * If 'outlen' is too small, then the output is chopped to fit.
321 value = cf_pair_value(cp);
327 if (outlen > strlen(value)) {
328 outlen = strlen(value) + 1;
331 strlcpy(out, value, outlen);
338 * Xlat for %{client:foo}
340 static ssize_t xlat_client(UNUSED void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen)
342 char const *value = NULL;
345 if (!fmt || !out || (outlen < 1)) return 0;
347 if (!request || !request->client) {
348 RWDEBUG("No client associated with this request");
353 cp = cf_pair_find(request->client->cs, fmt);
354 if (!cp || !(value = cf_pair_value(cp))) {
355 if (strcmp(fmt, "shortname") == 0) {
356 strlcpy(out, request->client->shortname, outlen);
359 RDEBUG("Client does not contain config item \"%s\"", fmt);
364 strlcpy(out, value, outlen);
370 * Xlat for %{getclient:<ipaddr>.foo}
372 static ssize_t xlat_getclient(UNUSED void *instance, REQUEST *request, char const *fmt, char *out, size_t outlen)
374 char const *value = NULL;
375 char buffer[INET6_ADDRSTRLEN], *q;
379 RADCLIENT *client = NULL;
381 if (!fmt || !out || (outlen < 1)) return 0;
384 if (!q || (q == p) || (((size_t)(q - p)) > sizeof(buffer))) {
385 REDEBUG("Invalid client string");
389 strlcpy(buffer, p, (q + 1) - p);
390 if (ip_ptonx(buffer, &ip) <= 0) {
391 REDEBUG("\"%s\" is not a valid IPv4 or IPv6 address", buffer);
397 client = client_find(NULL, &ip, IPPROTO_IP);
399 RDEBUG("No client found with IP \"%s\"", buffer);
404 cp = cf_pair_find(client->cs, fmt);
405 if (!cp || !(value = cf_pair_value(cp))) {
406 if (strcmp(fmt, "shortname") == 0) {
407 strlcpy(out, request->client->shortname, outlen);
410 RDEBUG("Client does not contain config item \"%s\"", fmt);
415 strlcpy(out, value, outlen);
423 #ifdef HAVE_SYS_RESOURCE_H
424 static struct rlimit core_limits;
427 static void fr_set_dumpable(void)
430 * If configured, turn core dumps off.
432 if (!allow_core_dumps) {
433 #ifdef HAVE_SYS_RESOURCE_H
434 struct rlimit no_core;
437 no_core.rlim_cur = 0;
438 no_core.rlim_max = 0;
440 if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
441 ERROR("Failed disabling core dumps: %s",
449 * Set or re-set the dumpable flag.
451 #ifdef HAVE_SYS_PRCTL_H
452 #ifdef PR_SET_DUMPABLE
453 if (prctl(PR_SET_DUMPABLE, 1) < 0) {
454 ERROR("Cannot re-enable core dumps: prctl(PR_SET_DUMPABLE) failed: '%s'",
461 * Reset the core dump limits to their original value.
463 #ifdef HAVE_SYS_RESOURCE_H
464 if (setrlimit(RLIMIT_CORE, &core_limits) < 0) {
465 ERROR("Cannot update core dump limit: %s",
472 static int doing_setuid = false;
474 #if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
475 void fr_suid_up(void)
477 uid_t ruid, euid, suid;
479 if (getresuid(&ruid, &euid, &suid) < 0) {
480 ERROR("Failed getting saved UID's");
484 if (setresuid(-1, suid, -1) < 0) {
485 ERROR("Failed switching to privileged user");
489 if (geteuid() != suid) {
490 ERROR("Switched to unknown UID");
495 void fr_suid_down(void)
497 if (!doing_setuid) return;
499 if (setresuid(-1, server_uid, geteuid()) < 0) {
500 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
501 progname, uid_name, fr_syserror(errno));
505 if (geteuid() != server_uid) {
506 fprintf(stderr, "%s: Failed switching uid: UID is incorrect\n",
514 void fr_suid_down_permanent(void)
516 if (!doing_setuid) return;
518 if (setresuid(server_uid, server_uid, server_uid) < 0) {
519 ERROR("Failed in permanent switch to uid %s: %s",
520 uid_name, fr_syserror(errno));
524 if (geteuid() != server_uid) {
525 ERROR("Switched to unknown uid");
533 * Much less secure...
535 void fr_suid_up(void)
538 void fr_suid_down(void)
540 if (!uid_name) return;
542 if (setuid(server_uid) < 0) {
543 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
544 progname, uid_name, fr_syserror(errno));
550 void fr_suid_down_permanent(void)
554 #endif /* HAVE_SETRESUID && HAVE_GETRESUID */
555 #else /* HAVE_SETUID */
556 void fr_suid_up(void)
559 void fr_suid_down(void)
563 void fr_suid_down_permanent(void)
567 #endif /* HAVE_SETUID */
572 * Do chroot, if requested.
574 * Switch UID and GID to what is specified in the config file
576 static int switch_users(CONF_SECTION *cs)
578 #ifdef HAVE_SYS_RESOURCE_H
580 * Get the current maximum for core files. Do this
581 * before anything else so as to ensure it's properly
584 if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
585 ERROR("Failed to get current core limit: %s", fr_syserror(errno));
591 * Don't do chroot/setuid/setgid if we're in debugging
594 if (debug_flag && (getuid() != 0)) return 1;
596 if (cf_section_parse(cs, NULL, bootstrap_config) < 0) {
597 fprintf(stderr, "radiusd: Error: Failed to parse user/group information.\n");
607 gr = getgrnam(gid_name);
609 fprintf(stderr, "%s: Cannot get ID for group %s: %s\n",
610 progname, gid_name, fr_syserror(errno));
613 server_gid = gr->gr_gid;
615 server_gid = getgid();
624 pw = getpwnam(uid_name);
626 fprintf(stderr, "%s: Cannot get passwd entry for user %s: %s\n",
627 progname, uid_name, fr_syserror(errno));
631 if (getuid() == pw->pw_uid) {
635 server_uid = pw->pw_uid;
636 #ifdef HAVE_INITGROUPS
637 if (initgroups(uid_name, server_gid) < 0) {
638 fprintf(stderr, "%s: Cannot initialize supplementary group list for user %s: %s\n",
639 progname, uid_name, fr_syserror(errno));
645 server_uid = getuid();
650 if (chroot(chroot_dir) < 0) {
651 fprintf(stderr, "%s: Failed to perform chroot %s: %s",
652 progname, chroot_dir, fr_syserror(errno));
657 * Note that we leave chdir alone. It may be
658 * OUTSIDE of the root. This allows us to read
659 * the configuration from "-d ./etc/raddb", with
660 * the chroot as "./chroot/" for example. After
661 * the server has been loaded, it does a "cd
662 * ${logdir}" below, so that core files (if any)
663 * go to a logging directory.
665 * This also allows the configuration of the
666 * server to be outside of the chroot. If the
667 * server is statically linked, then the only
668 * things needed inside of the chroot are the
669 * logging directories.
675 if (gid_name && (setgid(server_gid) < 0)) {
676 fprintf(stderr, "%s: Failed setting group to %s: %s",
677 progname, gid_name, fr_syserror(errno));
684 * Just before losing root permissions, ensure that the
685 * log files have the correct owner && group.
687 * We have to do this because the log file MAY have been
688 * specified on the command-line.
690 if (uid_name || gid_name) {
691 if ((default_log.dest == L_DST_FILES) &&
692 (default_log.fd < 0)) {
693 default_log.fd = open(mainconfig.log_file,
694 O_WRONLY | O_APPEND | O_CREAT, 0640);
695 if (default_log.fd < 0) {
696 fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, fr_syserror(errno));
700 if (chown(mainconfig.log_file, server_uid, server_gid) < 0) {
701 fprintf(stderr, "%s: Cannot change ownership of log file %s: %s\n",
702 progname, mainconfig.log_file, fr_syserror(errno));
716 * This also clears the dumpable flag if core dumps
721 if (allow_core_dumps) {
722 INFO("Core dumps are enabled.");
727 #endif /* HAVE_SETUID */
733 * This function can ONLY be called from the main server process.
735 int read_mainconfig(int reload)
737 char const *p = NULL;
744 ERROR("Reload is not implemented");
748 if (stat(radius_dir, &statbuf) < 0) {
749 ERROR("Errors reading %s: %s",
750 radius_dir, fr_syserror(errno));
755 if ((statbuf.st_mode & S_IWOTH) != 0) {
756 ERROR("Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
763 if (0 && (statbuf.st_mode & S_IROTH) != 0) {
764 ERROR("Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
769 INFO("Starting - reading configuration files ...");
772 * Load the dictionaries. If it's unset, set it to the
773 * raddb directory, as per older versions of the server.
774 * This should probably never happen, but we should
775 * ideally be backwards compatible.
777 if (!mainconfig.dictionary_dir || !*mainconfig.dictionary_dir) {
778 mainconfig.dictionary_dir = talloc_strdup(NULL, radius_dir);
780 DEBUG2("including dictionary file %s/%s", mainconfig.dictionary_dir, RADIUS_DICTIONARY);
781 if (dict_init(mainconfig.dictionary_dir, RADIUS_DICTIONARY) != 0) {
782 ERROR("Errors reading dictionary: %s",
790 * Read the distribution dictionaries first, then
793 DEBUG2("including dictionary file %s/%s", mainconfig.dictionary_dir, RADIUS_DICTIONARY);
794 if (dict_init(mainconfig.dictionary_dir, RADIUS_DICTIONARY) != 0) {
795 ERROR("Errors reading dictionary: %s",
801 * It's OK if this one doesn't exist.
803 rcode = dict_read(radius_dir, RADIUS_DICTIONARY);
805 ERROR("Errors reading %s/%s: %s", radius_dir, RADIUS_DICTIONARY,
811 * We print this after reading it. That way if
812 * it doesn't exist, it's OK, and we don't print
816 DEBUG2("including dictionary file %s/%s", radius_dir, RADIUS_DICTIONARY);
820 /* Read the configuration file */
821 snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
822 radius_dir, mainconfig.name);
823 if ((cs = cf_file_read(buffer)) == NULL) {
824 ERROR("Errors reading or parsing %s", buffer);
829 * If there was no log destination set on the command line,
832 if (default_log.dest == L_DST_NULL) {
833 if (cf_section_parse(cs, NULL, serverdest_config) < 0) {
834 fprintf(stderr, "radiusd: Error: Failed to parse log{} section.\n");
840 fprintf(stderr, "radiusd: Error: No log destination specified.\n");
845 default_log.dest = fr_str2int(log_str2dst, radlog_dest,
847 if (default_log.dest == L_DST_NUM_DEST) {
848 fprintf(stderr, "radiusd: Error: Unknown log_destination %s\n",
854 if (default_log.dest == L_DST_SYSLOG) {
856 * Make sure syslog_facility isn't NULL
859 if (!syslog_facility) {
860 fprintf(stderr, "radiusd: Error: Syslog chosen but no facility was specified\n");
864 mainconfig.syslog_facility = fr_str2int(syslog_str2fac, syslog_facility, -1);
865 if (mainconfig.syslog_facility < 0) {
866 fprintf(stderr, "radiusd: Error: Unknown syslog_facility %s\n",
874 * Call openlog only once, when the
877 openlog(progname, LOG_PID, mainconfig.syslog_facility);
880 } else if (default_log.dest == L_DST_FILES) {
881 if (!mainconfig.log_file) {
882 fprintf(stderr, "radiusd: Error: Specified \"files\" as a log destination, but no log filename was given!\n");
891 * Switch users as early as possible.
893 if (!switch_users(cs)) fr_exit(1);
897 * Open the log file AFTER switching uid / gid. If we
898 * did switch uid/gid, then the code in switch_users()
899 * took care of setting the file permissions correctly.
901 if ((default_log.dest == L_DST_FILES) &&
902 (default_log.fd < 0)) {
903 default_log.fd = open(mainconfig.log_file,
904 O_WRONLY | O_APPEND | O_CREAT, 0640);
905 if (default_log.fd < 0) {
906 fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, fr_syserror(errno));
913 * This allows us to figure out where, relative to
914 * radiusd.conf, the other configuration files exist.
916 if (cf_section_parse(cs, NULL, server_config) < 0) {
921 * We ignore colourization of output until after the
922 * configuration files have been parsed.
925 if (do_colourise && p && isatty(default_log.fd) && strstr(p, "xterm")) {
926 default_log.colourise = true;
928 default_log.colourise = false;
931 if (mainconfig.max_request_time == 0) mainconfig.max_request_time = 100;
932 if (mainconfig.reject_delay > 5) mainconfig.reject_delay = 5;
933 if (mainconfig.cleanup_delay > 5) mainconfig.cleanup_delay =5;
936 * Free the old configuration items, and replace them
939 * Note that where possible, we do atomic switch-overs,
940 * to ensure that the pointers are always valid.
942 rad_assert(mainconfig.config == NULL);
943 root_config = mainconfig.config = cs;
945 DEBUG2("%s: #### Loading Realms and Home Servers ####", mainconfig.name);
946 if (!realms_init(cs)) {
950 DEBUG2("%s: #### Loading Clients ####", mainconfig.name);
951 if (!clients_parse_section(cs, false)) {
956 * Register the %{config:section.subsection} xlat function.
958 xlat_register("config", xlat_config, NULL, NULL);
959 xlat_register("client", xlat_client, NULL, NULL);
960 xlat_register("getclient", xlat_getclient, NULL, NULL);
963 * Starting the server, WITHOUT "-x" on the
964 * command-line: use whatever is in the config
967 if (debug_flag == 0) {
968 debug_flag = mainconfig.debug_level;
970 fr_debug_flag = debug_flag;
973 * Go update our behaviour, based on the configuration
978 * Sanity check the configuration for internal
981 if (mainconfig.reject_delay > mainconfig.cleanup_delay) {
982 mainconfig.reject_delay = mainconfig.cleanup_delay;
984 if (mainconfig.reject_delay < 0) mainconfig.reject_delay = 0;
986 /* Reload the modules. */
987 if (setup_modules(reload, mainconfig.config) < 0) {
992 if (chdir(radlog_dir) < 0) {
993 ERROR("Failed to 'chdir %s' after chroot: %s",
994 radlog_dir, fr_syserror(errno));
999 cc = rad_malloc(sizeof(*cc));
1000 memset(cc, 0, sizeof(*cc));
1003 rad_assert(cs_cache == NULL);
1006 /* Clear any unprocessed configuration errors */
1007 (void) fr_strerror();
1013 * Free the configuration. Called only when the server is exiting.
1015 int free_mainconfig(void)
1017 cached_config_t *cc, *next;
1019 virtual_servers_free(0);
1022 * Clean up the configuration data
1027 listen_free(&mainconfig.listen);
1030 * Free all of the cached configurations.
1032 for (cc = cs_cache; cc != NULL; cc = next) {
1034 cf_file_free(cc->cs);
1043 void hup_logfile(void)
1047 if (default_log.dest != L_DST_FILES) return;
1049 fd = open(mainconfig.log_file,
1050 O_WRONLY | O_APPEND | O_CREAT, 0640);
1053 * Atomic swap. We'd like to keep the old
1054 * FD around so that callers don't
1055 * suddenly find the FD closed, and the
1056 * writes go nowhere. But that's hard to
1057 * do. So... we have the case where a
1058 * log message *might* be lost on HUP.
1060 old_fd = default_log.fd;
1061 default_log.fd = fd;
1066 void hup_mainconfig(void)
1068 cached_config_t *cc;
1072 INFO("HUP - Re-reading configuration files");
1074 /* Read the configuration file */
1075 snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
1076 radius_dir, mainconfig.name);
1077 if ((cs = cf_file_read(buffer)) == NULL) {
1078 ERROR("Failed to re-read or parse %s", buffer);
1082 cc = rad_malloc(sizeof(*cc));
1083 memset(cc, 0, sizeof(*cc));
1086 * Save the current configuration. Note that we do NOT
1087 * free older ones. We should probably do so at some
1088 * point. Doing so will require us to mark which modules
1089 * are still in use, and which aren't. Modules that
1090 * can't be HUPed always use the original configuration.
1091 * Modules that can be HUPed use one of the newer
1094 cc->created = time(NULL);
1096 cc->next = cs_cache;
1100 * Re-open the log file. If we can't, then keep logging
1101 * to the old log file.
1103 * The "open log file" code is here rather than in log.c,
1104 * because it makes that function MUCH simpler.
1108 INFO("HUP - loading modules");
1111 * Prefer the new module configuration.
1113 module_hup(cf_section_sub_find(cs, "modules"));
1116 * Load new servers BEFORE freeing old ones.
1118 virtual_servers_load(cs);
1120 virtual_servers_free(cc->created - mainconfig.max_request_time * 4);