2 * radiusd.c Main loop of the radius server.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000-2004,2006 The FreeRADIUS server project
21 * Copyright 1999,2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
23 * Copyright 2000 Alan Curry <pacman-radius@cqc.com>
24 * Copyright 2000 Jeff Carneal <jeff@apex.net>
25 * Copyright 2000 Chad Miller <cmiller@surfsouth.com>
28 #include <freeradius-devel/ident.h>
31 #include <freeradius-devel/radiusd.h>
32 #include <freeradius-devel/radius_snmp.h>
33 #include <freeradius-devel/rad_assert.h>
46 #ifdef HAVE_SYS_WAIT_H
47 # include <sys/wait.h>
50 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
53 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
56 #ifndef HAVE_PTHREAD_H
57 #define thread_pool_lock(_x)
58 #define thread_pool_unlock(_x)
64 const char *progname = NULL;
65 const char *radius_dir = NULL;
66 const char *radacct_dir = NULL;
67 const char *radlog_dir = NULL;
68 const char *radlib_dir = NULL;
69 int log_stripped_names;
71 int log_auth_detail = FALSE;
73 const char *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
78 static int debug_memory = 0;
81 * Configuration items.
87 static void usage(int);
89 static void sig_fatal (int);
91 static void sig_hup (int);
97 int main(int argc, char *argv[])
100 unsigned char buffer[4096];
102 int spawn_flag = TRUE;
103 int dont_fork = FALSE;
106 #ifdef HAVE_SIGACTION
107 struct sigaction act;
111 set_auth_parameters(argc,argv);
114 if ((progname = strrchr(argv[0], '/')) == NULL)
121 radius_dir = strdup(RADIUS_DIR);
124 * Ensure that the configuration is initialized.
126 memset(&mainconfig, 0, sizeof(mainconfig));
127 mainconfig.myip.af = AF_UNSPEC;
128 mainconfig.port = -1;
129 mainconfig.radiusd_conf = strdup("radiusd.conf");
131 #ifdef HAVE_SIGACTION
132 memset(&act, 0, sizeof(act));
134 sigemptyset( &act.sa_mask ) ;
138 * Don't put output anywhere until we get told a little
141 mainconfig.radlog_fd = -1;
142 mainconfig.log_file = NULL;
144 /* Process the options. */
145 while ((argval = getopt(argc, argv, "Aa:bcd:fg:hi:l:mn:p:sSvxXyz")) != EOF) {
150 log_auth_detail = TRUE;
154 if (radacct_dir) free(radacct_dir);
155 radacct_dir = strdup(optarg);
159 /* ignore for backwards compatibility with Cistron */
163 if (radius_dir) free(radius_dir);
164 radius_dir = strdup(optarg);
176 if (ip_hton(optarg, AF_UNSPEC, &mainconfig.myip) < 0) {
177 fprintf(stderr, "radiusd: Invalid IP Address or hostname \"%s\"\n", optarg);
184 if ((strcmp(optarg, "stdout") == 0) ||
185 (strcmp(optarg, "stderr") == 0) ||
186 (strcmp(optarg, "syslog") == 0)) {
187 fprintf(stderr, "radiusd: -l %s is unsupported. Use log_destination in radiusd.conf\n", optarg);
190 if (radlog_dir) free(radlog_dir);
191 radlog_dir = strdup(optarg);
195 fprintf(stderr, "radiusd: -g is unsupported. Use log_destination in radiusd.conf.\n");
204 if ((strchr(optarg, '/') != NULL) ||
205 (strchr(optarg, '.') != NULL) ||
206 (strlen(optarg) > 45)) usage(1);
208 snprintf(buffer, sizeof(buffer), "%s.conf",
210 if (mainconfig.radiusd_conf)
211 free(mainconfig.radiusd_conf);
212 mainconfig.radiusd_conf = strdup(buffer);
216 log_stripped_names++;
220 mainconfig.port = atoi(optarg);
221 if ((mainconfig.port <= 0) ||
222 (mainconfig.port >= 65536)) {
223 fprintf(stderr, "radiusd: Invalid port number %s\n", optarg);
229 case 's': /* Single process mode */
239 * BIG debugging mode for users who are
240 * TOO LAZY to type '-sfxxyz -l stdout' themselves.
246 mainconfig.log_auth = TRUE;
247 mainconfig.log_auth_badpass = TRUE;
248 mainconfig.log_auth_goodpass = TRUE;
249 mainconfig.radlog_dest = RADLOG_STDOUT;
250 mainconfig.radlog_fd = STDOUT_FILENO;
258 mainconfig.log_auth = TRUE;
259 mainconfig.log_auth_badpass = TRUE;
263 mainconfig.log_auth_badpass = TRUE;
264 mainconfig.log_auth_goodpass = TRUE;
273 if (flag && (flag != 0x03)) {
274 fprintf(stderr, "radiusd: The options -i and -p cannot be used individually.\n");
279 radlog(L_INFO, "%s", radiusd_version);
280 radlog(L_INFO, "Copyright (C) 2000-2007 The FreeRADIUS server project.\n");
281 radlog(L_INFO, "There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n");
282 radlog(L_INFO, "PARTICULAR PURPOSE.\n");
283 radlog(L_INFO, "You may redistribute copies of FreeRADIUS under the terms of the\n");
284 radlog(L_INFO, "GNU General Public License.\n");
288 /* Read the configuration files, BEFORE doing anything else. */
289 if (read_mainconfig(0) < 0) {
295 * Disconnect from session
297 if (debug_flag == 0 && dont_fork == FALSE) {
301 radlog(L_ERR, "Couldn't fork: %s", strerror(errno));
306 * The parent exits, so the child can run in the background.
318 * If we're NOT debugging, trap fatal signals, so we can
319 * easily clean up after ourselves.
321 * If we ARE debugging, don't trap them, so we can
324 if ((mainconfig.allow_core_dumps == FALSE) && (debug_flag == 0)) {
326 #ifdef HAVE_SIGACTION
327 act.sa_handler = sig_fatal;
328 sigaction(SIGSEGV, &act, NULL);
330 signal(SIGSEGV, sig_fatal);
336 * Ensure that we're using the CORRECT pid after forking,
337 * NOT the one we started with.
339 radius_pid = getpid();
342 * Only write the PID file if we're running as a daemon.
344 * And write it AFTER we've forked, so that we write the
347 if (dont_fork == FALSE) {
350 fp = fopen(mainconfig.pid_file, "w");
353 * FIXME: What about following symlinks,
354 * and having it over-write a normal file?
356 fprintf(fp, "%d\n", (int) radius_pid);
359 radlog(L_ERR|L_CONS, "Failed creating PID file %s: %s\n",
360 mainconfig.pid_file, strerror(errno));
366 * If we're running as a daemon, close the default file
367 * descriptors, AFTER forking.
372 devnull = open("/dev/null", O_RDWR);
374 radlog(L_ERR|L_CONS, "Failed opening /dev/null: %s\n",
378 dup2(devnull, STDIN_FILENO);
379 if (mainconfig.radlog_dest == RADLOG_STDOUT) {
380 mainconfig.radlog_fd = dup(STDOUT_FILENO);
382 dup2(devnull, STDOUT_FILENO);
383 if (mainconfig.radlog_dest == RADLOG_STDERR) {
384 mainconfig.radlog_fd = dup(STDERR_FILENO);
386 dup2(devnull, STDERR_FILENO);
391 * It's called the thread pool, but it does a little
394 radius_event_init(mainconfig.config, spawn_flag);
397 * Use linebuffered or unbuffered stdout if
398 * the debug flag is on.
400 if (debug_flag == TRUE)
404 * Now that we've set everything up, we can install the signal
405 * handlers. Before this, if we get any signal, we don't know
406 * what to do, so we might as well do the default, and die.
409 signal(SIGPIPE, SIG_IGN);
411 #ifdef HAVE_SIGACTION
412 act.sa_handler = sig_hup;
413 sigaction(SIGHUP, &act, NULL);
414 act.sa_handler = sig_fatal;
415 sigaction(SIGTERM, &act, NULL);
418 signal(SIGHUP, sig_hup);
420 signal(SIGTERM, sig_fatal);
423 * If we're debugging, then a CTRL-C will cause the
424 * server to die immediately. Use SIGTERM to shut down
425 * the server cleanly in that case.
427 if ((debug_memory == 1) || (debug_flag == 0)) {
428 #ifdef HAVE_SIGACTION
429 act.sa_handler = sig_fatal;
430 sigaction(SIGINT, &act, NULL);
431 sigaction(SIGQUIT, &act, NULL);
433 signal(SIGINT, sig_fatal);
435 signal(SIGQUIT, sig_fatal);
441 * Process requests until HUP or exit.
443 while ((rcode = radius_event_process()) == 0x80) {
446 * Reload anything that can safely be reloaded.
448 DEBUG("HUP support not available.");
450 thread_pool_unlock();
456 * Ignore the TERM signal: we're
459 signal(SIGTERM, SIG_IGN);
462 * Send a TERM signal to all
463 * associated processes
464 * (including us, which gets
468 kill(-radius_pid, SIGTERM);
472 * We're exiting, so we can delete the PID
473 * file. (If it doesn't exist, we can ignore
474 * the error returned by unlink)
476 if (dont_fork == FALSE) {
477 unlink(mainconfig.pid_file);
483 * Free the configuration items.
488 * Detach any modules.
499 * Display the syntax for starting this program.
501 static void NEVER_RETURNS usage(int status)
503 FILE *output = status?stderr:stdout;
506 "Usage: %s [-a acct_dir] [-d db_dir] [-l log_dir] [-i address] [-AcfnsSvXxyz]\n", progname);
507 fprintf(output, "Options:\n\n");
508 fprintf(output, " -a acct_dir use accounting directory 'acct_dir'.\n");
509 fprintf(output, " -A Log auth detail.\n");
510 fprintf(output, " -d raddb_dir Configuration files are in \"raddbdir/*\".\n");
511 fprintf(output, " -f Run as a foreground process, not a daemon.\n");
512 fprintf(output, " -h Print this help message.\n");
513 fprintf(output, " -i ipaddr Listen on ipaddr ONLY\n");
514 fprintf(output, " -l log_dir Log file is \"log_dir/radius.log\" (not used in debug mode)\n");
515 fprintf(output, " -p port Listen on port ONLY\n");
516 fprintf(output, " -s Do not spawn child processes to handle requests.\n");
517 fprintf(output, " -S Log stripped names.\n");
518 fprintf(output, " -v Print server version information.\n");
519 fprintf(output, " -X Turn on full debugging.\n");
520 fprintf(output, " -x Turn on additional debugging. (-xx gives more debugging).\n");
521 fprintf(output, " -y Log authentication failures, with password.\n");
522 fprintf(output, " -z Log authentication successes, with password.\n");
528 * We got a fatal signal.
530 static void sig_fatal(int sig)
535 * We can't really do anything
536 * intelligent here so just die
541 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
549 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
555 radius_signal_self(RADIUS_SIGNAL_SELF_EXIT);
562 * We got the hangup signal.
563 * Re-read the configuration files.
565 static void sig_hup(int sig)
567 sig = sig; /* -Wunused */
569 reset_signal(SIGHUP, sig_hup);
571 radius_signal_self(RADIUS_SIGNAL_SELF_HUP);