2 * mainconf.c Handle the server's configuration.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2002,2006-2007 The FreeRADIUS server project
21 * Copyright 2002 Alan DeKok <aland@ox.org>
24 #include <freeradius-devel/ident.h>
27 #include <freeradius-devel/radiusd.h>
28 #include <freeradius-devel/modules.h>
29 #include <freeradius-devel/rad_assert.h>
33 #ifdef HAVE_SYS_RESOURCE_H
34 #include <sys/resource.h>
45 #ifdef HAVE_SYS_PRCTL_H
46 #include <sys/prctl.h>
53 #ifdef HAVE_SYS_STAT_H
61 struct main_config_t mainconfig;
62 char *request_log_file = NULL;
63 char *debug_log_file = NULL;
64 char *debug_condition = NULL;
67 * Temporary local variables for parsing the configuration
72 static gid_t server_gid;
73 static const char *uid_name = NULL;
74 static const char *gid_name = NULL;
76 static const char *chroot_dir = NULL;
77 static int allow_core_dumps = 0;
78 static const char *radlog_dest = NULL;
81 * These are not used anywhere else..
83 static const char *localstatedir = NULL;
84 static const char *prefix = NULL;
85 static char *syslog_facility = NULL;
86 static const FR_NAME_NUMBER str2fac[] = {
97 { "daemon", LOG_DAEMON },
100 { "auth", LOG_AUTH },
106 { "news", LOG_NEWS },
109 { "uucp", LOG_UUCP },
112 { "cron", LOG_CRON },
115 { "authpriv", LOG_AUTHPRIV },
121 { "local0", LOG_LOCAL0 },
124 { "local1", LOG_LOCAL1 },
127 { "local2", LOG_LOCAL2 },
130 { "local3", LOG_LOCAL3 },
133 { "local4", LOG_LOCAL4 },
136 { "local5", LOG_LOCAL5 },
139 { "local6", LOG_LOCAL6 },
142 { "local7", LOG_LOCAL7 },
148 * Security configuration for the server.
150 static const CONF_PARSER security_config[] = {
151 { "max_attributes", PW_TYPE_INTEGER, 0, &fr_max_attributes, Stringify(0) },
152 { "reject_delay", PW_TYPE_INTEGER, 0, &mainconfig.reject_delay, Stringify(0) },
153 { "status_server", PW_TYPE_BOOLEAN, 0, &mainconfig.status_server, "no"},
154 { NULL, -1, 0, NULL, NULL }
159 * Logging configuration for the server.
161 static const CONF_PARSER logdest_config[] = {
162 { "destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, "files" },
163 { "syslog_facility", PW_TYPE_STRING_PTR, 0, &syslog_facility, Stringify(0) },
165 { "file", PW_TYPE_STRING_PTR, -1, &mainconfig.log_file, "${logdir}/radius.log" },
166 { "requests", PW_TYPE_STRING_PTR, -1, &request_log_file, NULL },
167 { "debug_file", PW_TYPE_STRING_PTR, -1, &debug_log_file, NULL },
168 { NULL, -1, 0, NULL, NULL }
172 static const CONF_PARSER serverdest_config[] = {
173 { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) logdest_config },
174 { "log_file", PW_TYPE_STRING_PTR, -1, &mainconfig.log_file, NULL },
175 { "log_destination", PW_TYPE_STRING_PTR, -1, &radlog_dest, NULL },
176 { NULL, -1, 0, NULL, NULL }
180 static const CONF_PARSER log_config_nodest[] = {
181 { "stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names,"no" },
183 { "auth", PW_TYPE_BOOLEAN, -1, &mainconfig.log_auth, "no" },
184 { "auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, "no" },
185 { "auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, "no" },
187 { NULL, -1, 0, NULL, NULL }
192 * A mapping of configuration file names to internal variables
194 static const CONF_PARSER server_config[] = {
196 * FIXME: 'prefix' is the ONLY one which should be
197 * configured at compile time. Hard-coding it here is
198 * bad. It will be cleaned up once we clean up the
199 * hard-coded defines for the locations of the various
202 { "prefix", PW_TYPE_STRING_PTR, 0, &prefix, "/usr/local"},
203 { "localstatedir", PW_TYPE_STRING_PTR, 0, &localstatedir, "${prefix}/var"},
204 { "logdir", PW_TYPE_STRING_PTR, 0, &radlog_dir, "${localstatedir}/log"},
205 { "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"},
206 { "radacctdir", PW_TYPE_STRING_PTR, 0, &radacct_dir, "${logdir}/radacct" },
207 { "hostname_lookups", PW_TYPE_BOOLEAN, 0, &fr_dns_lookups, "no" },
208 { "max_request_time", PW_TYPE_INTEGER, 0, &mainconfig.max_request_time, Stringify(MAX_REQUEST_TIME) },
209 { "cleanup_delay", PW_TYPE_INTEGER, 0, &mainconfig.cleanup_delay, Stringify(CLEANUP_DELAY) },
210 { "max_requests", PW_TYPE_INTEGER, 0, &mainconfig.max_requests, Stringify(MAX_REQUESTS) },
211 #ifdef DELETE_BLOCKED_REQUESTS
212 { "delete_blocked_requests", PW_TYPE_INTEGER, 0, &mainconfig.kill_unresponsive_children, Stringify(FALSE) },
214 { "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" },
216 { "pidfile", PW_TYPE_STRING_PTR, 0, &mainconfig.pid_file, "${run_dir}/radiusd.pid"},
217 { "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
219 { "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
222 { "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
224 { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) log_config_nodest },
227 * People with old configs will have these. They are listed
228 * AFTER the "log" section, so if they exist in radiusd.conf,
229 * it will prefer "log_foo = bar" to "log { foo = bar }".
230 * They're listed with default values of NULL, so that if they
231 * DON'T exist in radiusd.conf, then the previously parsed
232 * values for "log { foo = bar}" will be used.
234 { "log_auth", PW_TYPE_BOOLEAN, -1, &mainconfig.log_auth, NULL },
235 { "log_auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, NULL },
236 { "log_auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, NULL },
237 { "log_stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names, NULL },
239 { "security", PW_TYPE_SUBSECTION, 0, NULL, (const void *) security_config },
241 { NULL, -1, 0, NULL, NULL }
244 #define MAX_ARGV (256)
247 static size_t config_escape_func(char *out, size_t outlen, const char *in)
250 static const char *disallowed = "%{}\\'\"`";
254 * Non-printable characters get replaced with their
255 * mime-encoded equivalents.
258 if (outlen <= 3) break;
260 snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
267 } else if (strchr(disallowed, *in) != NULL) {
268 if (outlen <= 2) break;
280 * Only one byte left.
300 * Xlat for %{config:section.subsection.attribute}
302 static size_t xlat_config(void *instance, REQUEST *request,
303 char *fmt, char *out,
305 RADIUS_ESCAPE_STRING func)
312 request = request; /* -Wunused */
313 instance = instance; /* -Wunused */
318 if (!radius_xlat(buffer, sizeof(buffer), fmt, request, config_escape_func)) {
322 ci = cf_reference_item(request->root->config,
323 request->root->config, buffer);
324 if (!ci || !cf_item_is_pair(ci)) {
329 cp = cf_itemtopair(ci);
332 * Ensure that we only copy what's necessary.
334 * If 'outlen' is too small, then the output is chopped to fit.
336 value = cf_pair_value(cp);
338 if (outlen > strlen(value)) {
339 outlen = strlen(value) + 1;
343 return func(out, outlen, value);
348 * Xlat for %{client:foo}
350 static size_t xlat_client(UNUSED void *instance, REQUEST *request,
351 char *fmt, char *out,
353 UNUSED RADIUS_ESCAPE_STRING func)
355 const char *value = NULL;
358 if (!fmt || !out || (outlen < 1)) return 0;
360 if (!request || !request->client) {
365 cp = cf_pair_find(request->client->cs, fmt);
366 if (!cp || !(value = cf_pair_value(cp))) {
371 strlcpy(out, value, outlen);
377 * Recursively make directories.
379 static int r_mkdir(const char *part)
381 char *ptr, parentdir[500];
384 if (stat(part, &st) == 0)
387 ptr = strrchr(part, FR_DIR_SEP);
392 snprintf(parentdir, (ptr - part)+1, "%s", part);
394 if (r_mkdir(parentdir) != 0)
397 if (mkdir(part, 0770) != 0) {
398 radlog(L_ERR, "mkdir(%s) error: %s\n", part, strerror(errno));
407 int did_setuid = FALSE;
409 #if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
410 void fr_suid_up(void)
412 uid_t ruid, euid, suid;
414 if (getresuid(&ruid, &euid, &suid) < 0) {
415 radlog(L_ERR, "Failed getting saved UID's");
419 if (setresuid(-1, suid, -1) < 0) {
420 radlog(L_ERR, "Failed switching to privileged user");
424 if (geteuid() != suid) {
425 radlog(L_ERR, "Switched to unknown UID");
430 void fr_suid_down(void)
432 if (!did_setuid) return;
434 if (setresuid(-1, server_uid, geteuid()) < 0) {
435 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
436 progname, uid_name, strerror(errno));
440 if (geteuid() != server_uid) {
441 fprintf(stderr, "%s: Failed switching uid: UID is incorrect\n",
447 void fr_suid_down_permanent(void)
449 uid_t ruid, euid, suid;
451 if (!did_setuid) return;
453 if (getresuid(&ruid, &euid, &suid) < 0) {
454 radlog(L_ERR, "Failed getting saved uid's");
458 if (setresuid(server_uid, server_uid, server_uid) < 0) {
459 radlog(L_ERR, "Failed in permanent switch to uid %s: %s",
460 uid_name, strerror(errno));
464 if (geteuid() != server_uid) {
465 radlog(L_ERR, "Switched to unknown uid");
470 if (getresuid(&ruid, &euid, &suid) < 0) {
471 radlog(L_ERR, "Failed getting saved uid's: %s",
478 * Much less secure...
480 void fr_suid_up(void)
483 void fr_suid_down(void)
485 if (!uid_name) return;
487 if (setuid(server_uid) < 0) {
488 fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
489 progname, uid_name, strerror(errno));
493 void fr_suid_down_permanent(void)
499 * Do chroot, if requested.
501 * Switch UID and GID to what is specified in the config file
503 static int switch_users(CONF_SECTION *cs)
507 #ifdef HAVE_SYS_RESOURCE_H
508 struct rlimit core_limits;
512 * Don't do chroot/setuid/setgid if we're in debugging
515 if (debug_flag && (getuid() != 0)) return 1;
519 cp = cf_pair_find(cs, "group");
520 if (cp) gid_name = cf_pair_value(cp);
524 DEBUG2("group = %s", gid_name);
525 gr = getgrnam(gid_name);
527 fprintf(stderr, "%s: Cannot get ID for group %s: %s\n",
528 progname, gid_name, strerror(errno));
531 server_gid = gr->gr_gid;
533 server_gid = getgid();
539 cp = cf_pair_find(cs, "user");
540 if (cp) uid_name = cf_pair_value(cp);
544 DEBUG2("user = %s", uid_name);
545 pw = getpwnam(uid_name);
547 fprintf(stderr, "%s: Cannot get passwd entry for user %s: %s\n",
548 progname, uid_name, strerror(errno));
551 server_uid = pw->pw_uid;
552 #ifdef HAVE_INITGROUPS
553 if (initgroups(uid_name, server_gid) < 0) {
554 fprintf(stderr, "%s: Cannot initialize supplementary group list for user %s: %s\n",
555 progname, uid_name, strerror(errno));
560 server_uid = getuid();
564 cp = cf_pair_find(cs, "chroot");
565 if (cp) chroot_dir = cf_pair_value(cp);
567 DEBUG2("chroot = %s", chroot_dir);
568 if (chroot(chroot_dir) < 0) {
569 fprintf(stderr, "%s: Failed to perform chroot %s: %s",
570 progname, chroot_dir, strerror(errno));
575 * Note that we leave chdir alone. It may be
576 * OUTSIDE of the root. This allows us to read
577 * the configuration from "-d ./etc/raddb", with
578 * the chroot as "./chroot/" for example. After
579 * the server has been loaded, it does a "cd
580 * ${logdir}" below, so that core files (if any)
581 * go to a logging directory.
583 * This also allows the configuration of the
584 * server to be outside of the chroot. If the
585 * server is statically linked, then the only
586 * things needed inside of the chroot are the
587 * logging directories.
589 radlog(L_INFO, "performing chroot to %s\n", chroot_dir);
594 if (gid_name && (setgid(server_gid) < 0)) {
595 fprintf(stderr, "%s: Failed setting group to %s: %s",
596 progname, gid_name, strerror(errno));
606 * Now core dumps are disabled on most secure systems.
614 * Double check that we can write to the log directory.
616 * If we can't, don't start, as we can't log any errors!
618 if ((mainconfig.radlog_dest == RADLOG_FILES) &&
619 (mainconfig.log_file != NULL)) {
620 int fd = open(mainconfig.log_file,
621 O_WRONLY | O_APPEND | O_CREAT, 0640);
623 fprintf(stderr, "%s: Cannot write to log file %s: %s\n",
624 progname, mainconfig.log_file, strerror(errno));
630 * After this it's safe to call radlog(), as it's going
631 * to the right place.
635 #ifdef HAVE_SYS_RESOURCE_H
636 /* Get the current maximum for core files. */
637 if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
638 radlog(L_ERR, "Failed to get current core limit: %s", strerror(errno));
644 * Core dumps are allowed if we're in debug mode, OR
645 * we've allowed them, OR we did a setuid (which turns
648 * Otherwise, disable core dumps for security.
651 if (!(debug_flag || allow_core_dumps || did_setuid)) {
652 #ifdef HAVE_SYS_RESOURCE_H
653 struct rlimit no_core;
655 no_core.rlim_cur = 0;
656 no_core.rlim_max = 0;
658 if (setrlimit(RLIMIT_CORE, &no_core) < 0) {
659 radlog(L_ERR, "Failed disabling core dumps: %s",
666 * Otherwise, re-enable core dumps if we're
667 * running as a daemon, AND core dumps are
668 * allowed, AND we changed UID's.
670 } else if ((debug_flag == 0) && allow_core_dumps && did_setuid) {
672 * Set the dumpable flag.
674 #ifdef HAVE_SYS_PRCTL_H
675 #ifdef PR_SET_DUMPABLE
676 if (prctl(PR_SET_DUMPABLE, 1) < 0) {
677 radlog(L_ERR,"Cannot enable core dumps: prctl(PR_SET_DUMPABLE) failed: '%s'",
684 * Reset the core dump limits again, just to
685 * double check that they haven't changed.
687 #ifdef HAVE_SYS_RESOURCE_H
688 if (setrlimit(RLIMIT_CORE, &core_limits) < 0) {
689 radlog(L_ERR, "Cannot update core dump limit: %s",
695 radlog(L_INFO, "Core dumps are enabled.");
698 * Else we're debugging (so core dumps are enabled)
699 * OR we're not debugging, AND "allow_core_dumps == FALSE",
700 * OR we're not debugging, AND core dumps are allowed,
701 * BUT we didn't call setuid, so we haven't changed the
702 * core dump capabilities inherited from the parent shell.
710 static const FR_NAME_NUMBER str2dest[] = {
711 { "null", RADLOG_NULL },
712 { "files", RADLOG_FILES },
713 { "syslog", RADLOG_SYSLOG },
714 { "stdout", RADLOG_STDOUT },
715 { "stderr", RADLOG_STDERR },
716 { NULL, RADLOG_NUM_DEST }
723 * This function can ONLY be called from the main server process.
725 int read_mainconfig(int reload)
727 const char *p = NULL;
728 static int old_debug_level = -1;
734 if (stat(radius_dir, &statbuf) < 0) {
735 radlog(L_ERR, "Errors reading %s: %s",
736 radius_dir, strerror(errno));
741 if ((statbuf.st_mode & S_IWOTH) != 0) {
742 radlog(L_ERR, "Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
749 if (0 && (statbuf.st_mode & S_IROTH) != 0) {
750 radlog(L_ERR, "Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
757 radlog(L_INFO, "Starting - reading configuration files ...");
759 radlog(L_INFO, "Reloading - reading configuration files...");
762 /* Read the configuration file */
763 snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
764 radius_dir, mainconfig.name);
765 if ((cs = cf_file_read(buffer)) == NULL) {
766 radlog(L_ERR, "Errors reading %s", buffer);
771 * If there was no log destination set on the command line,
774 if (mainconfig.radlog_dest == RADLOG_NULL) {
775 if (cf_section_parse(cs, NULL, serverdest_config) < 0) {
776 fprintf(stderr, "radiusd: Error: Failed to parse log{} section.\n");
777 cf_section_free(&cs);
782 fprintf(stderr, "radiusd: Error: No log destination specified.\n");
783 cf_section_free(&cs);
787 mainconfig.radlog_dest = fr_str2int(str2dest, radlog_dest,
789 if (mainconfig.radlog_dest == RADLOG_NUM_DEST) {
790 fprintf(stderr, "radiusd: Error: Unknown log_destination %s\n",
792 cf_section_free(&cs);
796 if (mainconfig.radlog_dest == RADLOG_SYSLOG) {
798 * Make sure syslog_facility isn't NULL
801 if (!syslog_facility) {
802 fprintf(stderr, "radiusd: Error: Syslog chosen but no facility was specified\n");
803 cf_section_free(&cs);
806 mainconfig.syslog_facility = fr_str2int(str2fac, syslog_facility, -1);
807 if (mainconfig.syslog_facility < 0) {
808 fprintf(stderr, "radiusd: Error: Unknown syslog_facility %s\n",
810 cf_section_free(&cs);
818 * We should really switch users earlier in the process.
820 if (!switch_users(cs)) exit(1);
823 /* Initialize the dictionary */
824 cp = cf_pair_find(cs, "dictionary");
825 if (cp) p = cf_pair_value(cp);
826 if (!p) p = radius_dir;
827 DEBUG2("including dictionary file %s/%s", p, RADIUS_DICTIONARY);
828 if (dict_init(p, RADIUS_DICTIONARY) != 0) {
829 radlog(L_ERR, "Errors reading dictionary: %s",
835 * This allows us to figure out where, relative to
836 * radiusd.conf, the other configuration files exist.
838 cf_section_parse(cs, NULL, server_config);
841 * Free the old configuration items, and replace them
844 * Note that where possible, we do atomic switch-overs,
845 * to ensure that the pointers are always valid.
847 cf_section_free(&mainconfig.config);
848 mainconfig.config = cs;
850 if (!clients_parse_section(cs)) {
854 DEBUG2("%s: #### Loading Realms and Home Servers ####", mainconfig.name);
856 if (!realms_init(cs)) {
861 * Register the %{config:section.subsection} xlat function.
863 xlat_register("config", xlat_config, NULL);
864 xlat_register("client", xlat_client, NULL);
867 * Reload: change debug flag if it's changed in the
868 * configuration file.
871 if (mainconfig.debug_level != old_debug_level) {
872 debug_flag = mainconfig.debug_level;
875 } else if (debug_flag == 0) {
878 * Starting the server, WITHOUT "-x" on the
879 * command-line: use whatever's in the config
882 debug_flag = mainconfig.debug_level;
884 fr_debug_flag = debug_flag;
885 old_debug_level = mainconfig.debug_level;
888 * Go update our behaviour, based on the configuration
893 * Sanity check the configuration for internal
896 if (mainconfig.reject_delay > mainconfig.cleanup_delay) {
897 mainconfig.reject_delay = mainconfig.cleanup_delay;
899 if (mainconfig.reject_delay < 0) mainconfig.reject_delay = 0;
901 /* Reload the modules. */
902 if (setup_modules(reload, mainconfig.config) < 0) {
903 radlog(L_ERR, "Errors initializing modules");
908 if (chdir(radlog_dir) < 0) {
909 radlog(L_ERR, "Failed to 'chdir %s' after chroot: %s",
910 radlog_dir, strerror(errno));
919 * Free the configuration. Called only when the server is exiting.
921 int free_mainconfig(void)
924 * Clean up the configuration data
927 cf_section_free(&mainconfig.config);
929 listen_free(&mainconfig.listen);