2 * radiusd.c Main loop of the radius server.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
20 * Copyright 2000-2012 The FreeRADIUS server project
21 * Copyright 1999,2000 Miquel van Smoorenburg <miquels@cistron.nl>
22 * Copyright 2000 Alan DeKok <aland@ox.org>
23 * Copyright 2000 Alan Curry <pacman-radius@cqc.com>
24 * Copyright 2000 Jeff Carneal <jeff@apex.net>
25 * Copyright 2000 Chad Miller <cmiller@surfsouth.com>
30 #include <freeradius-devel/radiusd.h>
31 #include <freeradius-devel/modules.h>
32 #include <freeradius-devel/rad_assert.h>
43 #ifdef HAVE_SYS_WAIT_H
44 # include <sys/wait.h>
47 # define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8)
50 # define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
56 char const *progname = NULL;
57 char const *radius_dir = NULL;
58 char const *radacct_dir = NULL;
59 char const *radlog_dir = NULL;
60 char const *radlib_dir = NULL;
61 bool log_stripped_names;
62 log_debug_t debug_flag = 0;
63 bool check_config = false;
65 char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
66 #ifdef RADIUSD_VERSION_COMMIT
67 " (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
69 ", for host " HOSTINFO ", built on " __DATE__ " at " __TIME__;
74 * Configuration items.
80 static void usage(int);
82 static void sig_fatal (int);
84 static void sig_hup (int);
87 #ifdef WITH_VERIFY_PTR
88 static void die_horribly(char const *reason)
90 ERROR("talloc abort: %s\n", reason);
98 int main(int argc, char *argv[])
100 int rcode = EXIT_SUCCESS;
103 bool spawn_flag = true;
104 bool dont_fork = false;
105 bool write_pid = false;
107 int from_child[2] = {-1, -1};
112 * We probably don't want to free the talloc autofree context
113 * directly, so we'll allocate a new context beneath it, and
114 * free that before any leak reports.
116 TALLOC_CTX *autofree = talloc(talloc_autofree_context(), void *);
119 * If the server was built with debugging enabled always install
120 * the basic fatal signal handlers.
123 fr_fault_setup(getenv("PANIC_ACTION"), argv[0]);
127 set_auth_parameters(argc,argv);
130 if ((progname = strrchr(argv[0], FR_DIR_SEP)) == NULL)
138 if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
139 fprintf(stderr, "%s: Unable to initialize socket library.\n", progname);
146 set_radius_dir(autofree, RADIUS_DIR);
149 * Ensure that the configuration is initialized.
151 memset(&mainconfig, 0, sizeof(mainconfig));
152 mainconfig.myip.af = AF_UNSPEC;
153 mainconfig.port = -1;
154 mainconfig.name = "radiusd";
157 * Don't put output anywhere until we get told a little
160 default_log.dest = L_DST_NULL;
162 mainconfig.log_file = NULL;
164 /* Process the options. */
165 while ((argval = getopt(argc, argv, "Cd:D:fhi:l:mMn:p:PstvxX")) != EOF) {
175 set_radius_dir(autofree, optarg);
179 mainconfig.dictionary_dir = talloc_typed_strdup(NULL, optarg);
191 if (strcmp(optarg, "stdout") == 0) {
194 mainconfig.log_file = strdup(optarg);
195 default_log.dest = L_DST_FILES;
196 default_log.fd = open(mainconfig.log_file,
197 O_WRONLY | O_APPEND | O_CREAT, 0640);
198 if (default_log.fd < 0) {
199 fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, fr_syserror(errno));
202 fr_log_fp = fdopen(default_log.fd, "a");
206 if (ip_hton(optarg, AF_UNSPEC, &mainconfig.myip) < 0) {
207 fprintf(stderr, "radiusd: Invalid IP Address or hostname \"%s\"\n", optarg);
214 mainconfig.name = optarg;
218 mainconfig.debug_memory = true;
222 mainconfig.memory_report = true;
223 mainconfig.debug_memory = true;
227 mainconfig.port = atoi(optarg);
228 if ((mainconfig.port <= 0) ||
229 (mainconfig.port >= 65536)) {
230 fprintf(stderr, "radiusd: Invalid port number %s\n", optarg);
237 /* Force the PID to be written, even in -f mode */
241 case 's': /* Single process mode */
246 case 't': /* no child threads */
251 /* Don't print timestamps */
254 default_log.dest = L_DST_STDOUT;
255 default_log.fd = STDOUT_FILENO;
263 mainconfig.log_auth = true;
264 mainconfig.log_auth_badpass = true;
265 mainconfig.log_auth_goodpass = true;
268 default_log.dest = L_DST_STDOUT;
269 default_log.fd = STDOUT_FILENO;
282 if (mainconfig.memory_report) {
283 talloc_enable_null_tracking();
284 #ifdef WITH_VERIFY_PTR
285 talloc_set_abort_fn(die_horribly);
288 talloc_set_log_fn(log_talloc);
291 * Mismatch between the binary and the libraries it depends on
293 if (fr_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
294 fr_perror("radiusd");
298 if (rad_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
303 * Mismatch between build time OpenSSL and linked SSL,
304 * better to die here than segfault later.
306 #ifdef HAVE_OPENSSL_CRYPTO_H
307 if (ssl_check_version() < 0) {
312 * Initialising OpenSSL once, here, is safer than having individual
318 if (flag && (flag != 0x03)) {
319 fprintf(stderr, "radiusd: The options -i and -p cannot be used individually.\n");
328 * Initialize any event loops just enough so module instantiations
329 * can add fd/event to them, but do not start them yet.
331 if (!radius_event_init(autofree)) {
335 /* Read the configuration files, BEFORE doing anything else. */
336 if (read_mainconfig(0) < 0) {
340 /* Set the panic action (if required) */
341 if (mainconfig.panic_action &&
343 !getenv("PANIC_ACTION") &&
345 (fr_fault_setup(mainconfig.panic_action, argv[0]) < 0)) {
351 devnull = open("/dev/null", O_RDWR);
353 ERROR("Failed opening /dev/null: %s", fr_syserror(errno));
358 * Disconnect from session
360 if (dont_fork == false) {
364 * Really weird things happen if we leave stdin open and call things like
367 if (dont_fork == false) {
368 dup2(devnull, STDIN_FILENO);
371 if (pipe(from_child) != 0) {
372 ERROR("Couldn't open pipe for child status: %s", fr_syserror(errno));
378 ERROR("Couldn't fork: %s", fr_syserror(errno));
383 * The parent exits, so the child can run in the background.
385 * As the child can still encounter an error during initialisation
386 * we do a blocking read on a pipe between it and the parent.
388 * Just before entering the event loop the child will send a success
389 * or failure message to the parent, via the pipe.
395 /* So the pipe is correctly widowed if the child exits */
396 close(from_child[1]);
399 * The child writes a 0x01 byte on
400 * success, and closes the pipe on error.
402 if ((read(from_child[0], &ret, 1) < 0)) {
406 /* For cleanliness... */
407 close(from_child[0]);
409 /* Don't turn children into zombies */
411 waitpid(pid, &stat_loc, WNOHANG);
418 /* so the pipe is correctly widowed if the parent exits?! */
419 close(from_child[0]);
426 if (default_log.dest == L_DST_STDOUT) {
428 default_log.fd = STDOUT_FILENO;
429 } else if (debug_flag) {
430 dup2(devnull, STDOUT_FILENO);
433 if (default_log.dest == L_DST_STDERR) {
435 default_log.fd = STDERR_FILENO;
437 dup2(devnull, STDERR_FILENO);
440 /* Libraries may write messages to stderr or stdout */
442 dup2(default_log.fd, STDOUT_FILENO);
443 dup2(default_log.fd, STDERR_FILENO);
449 * Ensure that we're using the CORRECT pid after forking,
450 * NOT the one we started with.
452 radius_pid = getpid();
455 * Start the event loop(s) and threads.
457 radius_event_start(mainconfig.config, spawn_flag);
460 * Now that we've set everything up, we can install the signal
461 * handlers. Before this, if we get any signal, we don't know
462 * what to do, so we might as well do the default, and die.
465 signal(SIGPIPE, SIG_IGN);
468 if ((fr_set_signal(SIGHUP, sig_hup) < 0) ||
469 (fr_set_signal(SIGTERM, sig_fatal) < 0)) {
470 ERROR("%s", fr_strerror());
475 * If we're debugging, then a CTRL-C will cause the
476 * server to die immediately. Use SIGTERM to shut down
477 * the server cleanly in that case.
479 if (mainconfig.debug_memory || (debug_flag == 0)) {
480 if ((fr_set_signal(SIGINT, sig_fatal) < 0)
482 || (fr_set_signal(SIGQUIT, sig_fatal) < 0)
485 ERROR("%s", fr_strerror());
491 * Everything seems to have loaded OK, exit gracefully.
494 DEBUG("Configuration appears to be OK.");
497 if (mainconfig.debug_memory) {
505 radius_stats_init(0);
509 * Write out the PID anyway if were in foreground mode.
511 if (!dont_fork) write_pid = true;
514 * Only write the PID file if we're running as a daemon.
516 * And write it AFTER we've forked, so that we write the
522 fp = fopen(mainconfig.pid_file, "w");
525 * FIXME: What about following symlinks,
526 * and having it over-write a normal file?
528 fprintf(fp, "%d\n", (int) radius_pid);
531 ERROR("Failed creating PID file %s: %s\n",
532 mainconfig.pid_file, fr_syserror(errno));
537 exec_trigger(NULL, NULL, "server.start", false);
540 * Inform the parent (who should still be waiting) that
541 * the rest of initialisation went OK, and that it should
542 * exit with a 0 status. If we don't get this far, then
543 * we just close the pipe on exit, and the parent gets a
547 if (write(from_child[1], "\001", 1) < 0) {
548 WARN("Failed informing parent of successful start: %s",
551 close(from_child[1]);
555 * Process requests until HUP or exit.
557 while ((status = radius_event_process()) == 0x80) {
559 radius_stats_init(1);
564 ERROR("Exiting due to internal error: %s", fr_strerror());
565 rcode = EXIT_FAILURE;
567 INFO("Exiting normally.");
570 exec_trigger(NULL, NULL, "server.stop", false);
573 * Ignore the TERM signal: we're
576 signal(SIGTERM, SIG_IGN);
579 * Send a TERM signal to all
580 * associated processes
581 * (including us, which gets
585 if (spawn_flag) kill(-radius_pid, SIGTERM);
589 * We're exiting, so we can delete the PID
590 * file. (If it doesn't exist, we can ignore
591 * the error returned by unlink)
593 if (dont_fork == false) {
594 unlink(mainconfig.pid_file);
601 * Detach any modules.
605 xlat_free(); /* modules may have xlat's */
608 * Free the configuration items.
617 * So we don't see autofreed memory in the talloc report
619 talloc_free(autofree);
621 if (mainconfig.memory_report) {
622 INFO("Allocated memory at time of report:");
623 log_talloc_report(NULL);
631 * Display the syntax for starting this program.
633 static void NEVER_RETURNS usage(int status)
635 FILE *output = status?stderr:stdout;
637 fprintf(output, "Usage: %s [options]\n", progname);
638 fprintf(output, "Options:\n");
639 fprintf(output, " -C Check configuration and exit.\n");
640 fprintf(stderr, " -d <raddb> Set configuration directory (defaults to " RADDBDIR ").\n");
641 fprintf(stderr, " -D <dictdir> Set main dictionary directory (defaults to " DICTDIR ").\n");
642 fprintf(output, " -f Run as a foreground process, not a daemon.\n");
643 fprintf(output, " -h Print this help message.\n");
644 fprintf(output, " -i <ipaddr> Listen on ipaddr ONLY.\n");
645 fprintf(output, " -l <log_file> Logging output will be written to this file.\n");
646 fprintf(output, " -m On SIGINT or SIGQUIT exit cleanly instead of immediately.\n");
647 fprintf(output, " -n <name> Read raddb/name.conf instead of raddb/radiusd.conf.\n");
648 fprintf(output, " -p <port> Listen on port ONLY.\n");
649 fprintf(output, " -P Always write out PID, even with -f.\n");
650 fprintf(output, " -s Do not spawn child processes to handle requests.\n");
651 fprintf(output, " -t Disable threads.\n");
652 fprintf(output, " -v Print server version information.\n");
653 fprintf(output, " -X Turn on full debugging.\n");
654 fprintf(output, " -x Turn on additional debugging. (-xx gives more debugging).\n");
660 * We got a fatal signal.
662 static void sig_fatal(int sig)
664 if (getpid() != radius_pid) _exit(sig);
668 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
675 if (mainconfig.debug_memory || mainconfig.memory_report) {
676 radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
688 * We got the hangup signal.
689 * Re-read the configuration files.
691 static void sig_hup(UNUSED int sig)
693 reset_signal(SIGHUP, sig_hup);
695 radius_signal_self(RADIUS_SIGNAL_SELF_HUP);