# include <syslog.h>
#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
+#endif
+
struct main_config_t mainconfig;
+char *request_log_file = NULL;
+char *debug_condition = NULL;
+
+typedef struct cached_config_t {
+ struct cached_config_t *next;
+ time_t created;
+ CONF_SECTION *cs;
+} cached_config_t;
+
+static cached_config_t *cs_cache = NULL;
/*
* Temporary local variables for parsing the configuration
* file.
*/
-static uid_t server_uid;
+#ifdef HAVE_SETUID
+/*
+ * Systems that have set/getresuid also have setuid.
+ */
+uid_t server_uid;
static gid_t server_gid;
static const char *uid_name = NULL;
static const char *gid_name = NULL;
+#endif
+static const char *chroot_dir = NULL;
static int allow_core_dumps = 0;
static const char *radlog_dest = NULL;
* Security configuration for the server.
*/
static const CONF_PARSER security_config[] = {
- { "max_attributes", PW_TYPE_INTEGER, 0, &librad_max_attributes, Stringify(0) },
+ { "max_attributes", PW_TYPE_INTEGER, 0, &fr_max_attributes, Stringify(0) },
{ "reject_delay", PW_TYPE_INTEGER, 0, &mainconfig.reject_delay, Stringify(0) },
{ "status_server", PW_TYPE_BOOLEAN, 0, &mainconfig.status_server, "no"},
{ NULL, -1, 0, NULL, NULL }
/*
* Logging configuration for the server.
*/
-static const CONF_PARSER log_config[] = {
+static const CONF_PARSER logdest_config[] = {
{ "destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, "files" },
{ "syslog_facility", PW_TYPE_STRING_PTR, 0, &syslog_facility, Stringify(0) },
+
+ { "file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, "${logdir}/radius.log" },
+ { "requests", PW_TYPE_STRING_PTR, 0, &request_log_file, NULL },
+ { NULL, -1, 0, NULL, NULL }
+};
+
+
+static const CONF_PARSER serverdest_config[] = {
+ { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) logdest_config },
+ { "log_file", PW_TYPE_STRING_PTR, 0, &mainconfig.log_file, NULL },
+ { "log_destination", PW_TYPE_STRING_PTR, 0, &radlog_dest, NULL },
+ { NULL, -1, 0, NULL, NULL }
+};
+
+
+static const CONF_PARSER log_config_nodest[] = {
{ "stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names,"no" },
- { "file", PW_TYPE_STRING_PTR, -1, &mainconfig.log_file, "${logdir}/radius.log" },
- { "auth", PW_TYPE_BOOLEAN, -1, &mainconfig.log_auth, "no" },
+ { "auth", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth, "no" },
{ "auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, "no" },
{ "auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, "no" },
+ { "msg_badpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_badpass_msg, NULL},
+ { "msg_goodpass", PW_TYPE_STRING_PTR, 0, &mainconfig.auth_goodpass_msg, NULL},
+
{ NULL, -1, 0, NULL, NULL }
};
{ "logdir", PW_TYPE_STRING_PTR, 0, &radlog_dir, "${localstatedir}/log"},
{ "libdir", PW_TYPE_STRING_PTR, 0, &radlib_dir, "${prefix}/lib"},
{ "radacctdir", PW_TYPE_STRING_PTR, 0, &radacct_dir, "${logdir}/radacct" },
- { "hostname_lookups", PW_TYPE_BOOLEAN, 0, &librad_dodns, "no" },
+ { "hostname_lookups", PW_TYPE_BOOLEAN, 0, &fr_dns_lookups, "no" },
{ "max_request_time", PW_TYPE_INTEGER, 0, &mainconfig.max_request_time, Stringify(MAX_REQUEST_TIME) },
{ "cleanup_delay", PW_TYPE_INTEGER, 0, &mainconfig.cleanup_delay, Stringify(CLEANUP_DELAY) },
{ "max_requests", PW_TYPE_INTEGER, 0, &mainconfig.max_requests, Stringify(MAX_REQUESTS) },
{ "allow_core_dumps", PW_TYPE_BOOLEAN, 0, &allow_core_dumps, "no" },
{ "pidfile", PW_TYPE_STRING_PTR, 0, &mainconfig.pid_file, "${run_dir}/radiusd.pid"},
- { "user", PW_TYPE_STRING_PTR, 0, &uid_name, NULL},
- { "group", PW_TYPE_STRING_PTR, 0, &gid_name, NULL},
{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
{ "debug_level", PW_TYPE_INTEGER, 0, &mainconfig.debug_level, "0"},
+#ifdef WITH_PROXY
{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
- { "security", PW_TYPE_SUBSECTION, 0, NULL, (const void *) security_config },
- { NULL, -1, 0, NULL, NULL }
-};
-
-static const CONF_PARSER serverlog_config[] = {
- { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) log_config},
+#endif
+ { "log", PW_TYPE_SUBSECTION, 0, NULL, (const void *) log_config_nodest },
/*
* People with old configs will have these. They are listed
* DON'T exist in radiusd.conf, then the previously parsed
* values for "log { foo = bar}" will be used.
*/
- { "log_auth", PW_TYPE_BOOLEAN, -1, &mainconfig.log_auth, NULL },
+ { "log_auth", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth, NULL },
{ "log_auth_badpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_badpass, NULL },
{ "log_auth_goodpass", PW_TYPE_BOOLEAN, 0, &mainconfig.log_auth_goodpass, NULL },
{ "log_stripped_names", PW_TYPE_BOOLEAN, 0, &log_stripped_names, NULL },
- { "log_file", PW_TYPE_STRING_PTR, -1, &mainconfig.log_file, NULL },
- { "log_destination", PW_TYPE_STRING_PTR, -1, &radlog_dest, NULL },
+
+ { "security", PW_TYPE_SUBSECTION, 0, NULL, (const void *) security_config },
+
{ NULL, -1, 0, NULL, NULL }
};
-
#define MAX_ARGV (256)
return(0);
}
-/*
- * Checks if the log directory is writeable by a particular user.
- */
-static int radlogdir_iswritable(const char *effectiveuser)
+
+#ifdef HAVE_SETUID
+int did_setuid = FALSE;
+
+#if defined(HAVE_SETRESUID) && defined (HAVE_GETRESUID)
+void fr_suid_up(void)
{
-#ifdef HAVE_GETPWNAM
- struct passwd *pwent;
-#endif
+ uid_t ruid, euid, suid;
+
+ if (getresuid(&ruid, &euid, &suid) < 0) {
+ radlog(L_ERR, "Failed getting saved UID's");
+ _exit(1);
+ }
- if (!radlog_dir || FR_DIR_IS_RELATIVE(radlog_dir))
- return(0);
+ if (setresuid(-1, suid, -1) < 0) {
+ radlog(L_ERR, "Failed switching to privileged user");
+ _exit(1);
+ }
- if (r_mkdir(radlog_dir) != 0)
- return(1);
+ if (geteuid() != suid) {
+ radlog(L_ERR, "Switched to unknown UID");
+ _exit(1);
+ }
+}
- /* FIXME: do we have this function? */
- if (strstr(radlog_dir, "radius") == NULL)
- return(0);
+void fr_suid_down(void)
+{
+ if (!did_setuid) return;
- /* we have a logdir that mentions 'radius', so it's probably
- * safe to chown the immediate directory to be owned by the normal
- * process owner. we gotta do it before we give up root. -chad
- */
+ if (setresuid(-1, server_uid, geteuid()) < 0) {
+ fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
+ progname, uid_name, strerror(errno));
+ _exit(1);
+ }
+
+ if (geteuid() != server_uid) {
+ fprintf(stderr, "%s: Failed switching uid: UID is incorrect\n",
+ progname);
+ _exit(1);
+ }
+}
- if (!effectiveuser) {
- return 1;
+void fr_suid_down_permanent(void)
+{
+ uid_t ruid, euid, suid;
+
+ if (!did_setuid) return;
+
+ if (getresuid(&ruid, &euid, &suid) < 0) {
+ radlog(L_ERR, "Failed getting saved uid's");
+ _exit(1);
}
-#ifdef HAVE_GETPWNAM
- pwent = getpwnam(effectiveuser);
+ if (setresuid(server_uid, server_uid, server_uid) < 0) {
+ radlog(L_ERR, "Failed in permanent switch to uid %s: %s",
+ uid_name, strerror(errno));
+ _exit(1);
+ }
- if (pwent == NULL) /* uh oh! */
- return(1);
+ if (geteuid() != server_uid) {
+ radlog(L_ERR, "Switched to unknown uid");
+ _exit(1);
+ }
- if (chown(radlog_dir, pwent->pw_uid, -1) != 0)
- return(1);
-#endif
- return(0);
+ if (getresuid(&ruid, &euid, &suid) < 0) {
+ radlog(L_ERR, "Failed getting saved uid's: %s",
+ strerror(errno));
+ _exit(1);
+ }
}
+#else
+/*
+ * Much less secure...
+ */
+void fr_suid_up(void)
+{
+}
+void fr_suid_down(void)
+{
+ if (!uid_name) return;
+ if (setuid(server_uid) < 0) {
+ fprintf(stderr, "%s: Failed switching to uid %s: %s\n",
+ progname, uid_name, strerror(errno));
+ _exit(1);
+ }
+}
+void fr_suid_down_permanent(void)
+{
+}
+#endif
/*
+ * Do chroot, if requested.
+ *
* Switch UID and GID to what is specified in the config file
*/
-static int switch_users(void)
+static int switch_users(CONF_SECTION *cs)
{
- int did_setuid = FALSE;
+ CONF_PAIR *cp;
#ifdef HAVE_SYS_RESOURCE_H
struct rlimit core_limits;
#endif
+ /*
+ * Don't do chroot/setuid/setgid if we're in debugging
+ * as non-root.
+ */
+ if (debug_flag && (getuid() != 0)) return 1;
+
#ifdef HAVE_GRP_H
/* Set GID. */
- if (gid_name != NULL) {
+ cp = cf_pair_find(cs, "group");
+ if (cp) gid_name = cf_pair_value(cp);
+ if (gid_name) {
struct group *gr;
+ DEBUG2("group = %s", gid_name);
gr = getgrnam(gid_name);
if (gr == NULL) {
- if (errno == ENOMEM) {
- radlog(L_ERR, "Cannot switch to Group %s: out of memory", gid_name);
- } else {
- radlog(L_ERR, "Cannot switch group; %s doesn't exist", gid_name);
- }
+ fprintf(stderr, "%s: Cannot get ID for group %s: %s\n",
+ progname, gid_name, strerror(errno));
return 0;
}
server_gid = gr->gr_gid;
- if (setgid(server_gid) < 0) {
- radlog(L_ERR, "Failed setting Group to %s: %s",
- gid_name, strerror(errno));
- return 0;
- }
} else {
server_gid = getgid();
}
#ifdef HAVE_PWD_H
/* Set UID. */
- if (uid_name != NULL) {
+ cp = cf_pair_find(cs, "user");
+ if (cp) uid_name = cf_pair_value(cp);
+ if (uid_name) {
struct passwd *pw;
-
+
+ DEBUG2("user = %s", uid_name);
pw = getpwnam(uid_name);
if (pw == NULL) {
- if (errno == ENOMEM) {
- radlog(L_ERR, "Cannot switch to User %s: out of memory", uid_name);
- } else {
- radlog(L_ERR, "Cannot switch user; %s doesn't exist", uid_name);
- }
+ fprintf(stderr, "%s: Cannot get passwd entry for user %s: %s\n",
+ progname, uid_name, strerror(errno));
return 0;
}
server_uid = pw->pw_uid;
#ifdef HAVE_INITGROUPS
if (initgroups(uid_name, server_gid) < 0) {
- if (errno != EPERM) {
- radlog(L_ERR, "Failed setting supplementary groups for User %s: %s", uid_name, strerror(errno));
- return 0;
- }
+ fprintf(stderr, "%s: Cannot initialize supplementary group list for user %s: %s\n",
+ progname, uid_name, strerror(errno));
+ return 0;
}
#endif
- if (setuid(server_uid) < 0) {
- radlog(L_ERR, "Failed setting User to %s: %s", uid_name, strerror(errno));
+ } else {
+ server_uid = getuid();
+ }
+#endif
+
+ cp = cf_pair_find(cs, "chroot");
+ if (cp) chroot_dir = cf_pair_value(cp);
+ if (chroot_dir) {
+ DEBUG2("chroot = %s", chroot_dir);
+ if (chroot(chroot_dir) < 0) {
+ fprintf(stderr, "%s: Failed to perform chroot %s: %s",
+ progname, chroot_dir, strerror(errno));
return 0;
}
/*
+ * Note that we leave chdir alone. It may be
+ * OUTSIDE of the root. This allows us to read
+ * the configuration from "-d ./etc/raddb", with
+ * the chroot as "./chroot/" for example. After
+ * the server has been loaded, it does a "cd
+ * ${logdir}" below, so that core files (if any)
+ * go to a logging directory.
+ *
+ * This also allows the configuration of the
+ * server to be outside of the chroot. If the
+ * server is statically linked, then the only
+ * things needed inside of the chroot are the
+ * logging directories.
+ */
+ radlog(L_INFO, "performing chroot to %s\n", chroot_dir);
+ }
+
+#ifdef HAVE_GRP_H
+ /* Set GID. */
+ if (gid_name && (setgid(server_gid) < 0)) {
+ fprintf(stderr, "%s: Failed setting group to %s: %s",
+ progname, gid_name, strerror(errno));
+ return 0;
+ }
+#endif
+
+#ifdef HAVE_PWD_H
+ if (uid_name) {
+ fr_suid_down();
+
+ /*
* Now core dumps are disabled on most secure systems.
*/
+
did_setuid = TRUE;
}
#endif
+ /*
+ * Double check that we can write to the log directory.
+ *
+ * If we can't, don't start, as we can't log any errors!
+ */
+ if ((mainconfig.radlog_dest == RADLOG_FILES) &&
+ (mainconfig.log_file != NULL)) {
+ int fd = open(mainconfig.log_file,
+ O_WRONLY | O_APPEND | O_CREAT, 0640);
+ if (fd < 0) {
+ fprintf(stderr, "%s: Cannot write to log file %s: %s\n",
+ progname, mainconfig.log_file, strerror(errno));
+ return 0;
+ }
+ close(fd);
+
+ /*
+ * After this it's safe to call radlog(), as it's going
+ * to the right place.
+ */
+ }
+
#ifdef HAVE_SYS_RESOURCE_H
/* Get the current maximum for core files. */
if (getrlimit(RLIMIT_CORE, &core_limits) < 0) {
* core dump capabilities inherited from the parent shell.
*/
-#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H)
- /*
- * We've probably written to the log file already as
- * root.root, so if we have switched users, we've got to
- * update the ownership of the file.
- */
- if ((debug_flag == 0) &&
- (mainconfig.radlog_dest == RADLOG_FILES) &&
- (mainconfig.log_file != NULL)) {
- chown(mainconfig.log_file, server_uid, server_gid);
- }
-#endif
return 1;
}
+#endif
static const FR_NAME_NUMBER str2dest[] = {
int read_mainconfig(int reload)
{
const char *p = NULL;
- static int old_debug_level = -1;
CONF_PAIR *cp;
CONF_SECTION *cs;
struct stat statbuf;
+ cached_config_t *cc;
char buffer[1024];
+ if (reload != 0) {
+ radlog(L_ERR, "Reload is not implemented");
+ return -1;
+ }
+
if (stat(radius_dir, &statbuf) < 0) {
radlog(L_ERR, "Errors reading %s: %s",
radius_dir, strerror(errno));
}
#endif
- if (!reload) {
- radlog(L_INFO, "Starting - reading configuration files ...");
- } else {
- radlog(L_INFO, "Reloading - reading configuration files...");
- }
+ radlog(L_INFO, "Starting - reading configuration files ...");
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
}
/*
- * Don't over-ride a destination set on the command-line.
- */
- if (mainconfig.radlog_dest != RADLOG_NULL) goto read_dict;
-
- /*
- * Debug flag 1 MAY go to files.
- * Debug flag 2 ALWAYS goes to stdout
- *
- * Parse the log{} section before printing anything else.
- * All messages before this MUST be errors, which log.c
- * will print to stderr.
+ * If there was no log destination set on the command line,
+ * set it now.
*/
- if (debug_flag < 2) {
- if (cf_section_parse(cs, NULL, serverlog_config) < 0) {
+ if (mainconfig.radlog_dest == RADLOG_NULL) {
+ if (cf_section_parse(cs, NULL, serverdest_config) < 0) {
fprintf(stderr, "radiusd: Error: Failed to parse log{} section.\n");
cf_section_free(&cs);
return -1;
}
-
+
if (!radlog_dest) {
fprintf(stderr, "radiusd: Error: No log destination specified.\n");
cf_section_free(&cs);
return -1;
}
}
-
- } else if (mainconfig.radlog_dest != RADLOG_NULL) {
- mainconfig.radlog_dest = RADLOG_STDOUT;
- mainconfig.radlog_fd = STDOUT_FILENO;
}
- read_dict:
+#ifdef HAVE_SETUID
+ /*
+ * Switch users as early as possible.
+ */
+ if (!switch_users(cs)) exit(1);
+#endif
+
/* Initialize the dictionary */
cp = cf_pair_find(cs, "dictionary");
if (cp) p = cf_pair_value(cp);
DEBUG2("including dictionary file %s/%s", p, RADIUS_DICTIONARY);
if (dict_init(p, RADIUS_DICTIONARY) != 0) {
radlog(L_ERR, "Errors reading dictionary: %s",
- librad_errstr);
+ fr_strerror());
return -1;
}
cf_section_free(&mainconfig.config);
mainconfig.config = cs;
- clients_parse_section(cs);
-
DEBUG2("%s: #### Loading Realms and Home Servers ####", mainconfig.name);
-
if (!realms_init(cs)) {
return -1;
}
+ DEBUG2("%s: #### Loading Clients ####", mainconfig.name);
+ if (!clients_parse_section(cs)) {
+ return -1;
+ }
+
/*
* Register the %{config:section.subsection} xlat function.
*/
xlat_register("client", xlat_client, NULL);
/*
- * Reload: change debug flag if it's changed in the
- * configuration file.
+ * Starting the server, WITHOUT "-x" on the
+ * command-line: use whatever is in the config
+ * file.
*/
- if (reload) {
- if (mainconfig.debug_level != old_debug_level) {
- debug_flag = mainconfig.debug_level;
- }
-
- } else if (debug_flag == 0) {
-
- /*
- * Starting the server, WITHOUT "-x" on the
- * command-line: use whatever's in the config
- * file.
- */
+ if (debug_flag == 0) {
debug_flag = mainconfig.debug_level;
}
- librad_debug = debug_flag;
- old_debug_level = mainconfig.debug_level;
+ fr_debug_flag = debug_flag;
/*
* Go update our behaviour, based on the configuration
*/
/*
- * The first time around, ensure that we can write to the
- * log directory.
- */
- if (!reload && !debug_flag) {
- /*
- * We need root to do mkdir() and chown(), so we
- * do this before giving up root.
- */
- radlogdir_iswritable(uid_name);
- }
-
- /*
- * We should really switch users earlier in the process.
- */
- if (!switch_users()) exit(1);
-
- /*
* Sanity check the configuration for internal
* consistency.
*/
/* Reload the modules. */
if (setup_modules(reload, mainconfig.config) < 0) {
- radlog(L_ERR, "Errors initializing modules");
return -1;
}
+ if (chroot_dir) {
+ if (chdir(radlog_dir) < 0) {
+ radlog(L_ERR, "Failed to 'chdir %s' after chroot: %s",
+ radlog_dir, strerror(errno));
+ return -1;
+ }
+ }
+
+ cc = rad_malloc(sizeof(*cc));
+ memset(cc, 0, sizeof(*cc));
+
+ cc->cs = cs;
+ rad_assert(cs_cache == NULL);
+ cs_cache = cc;
+
return 0;
}
*/
int free_mainconfig(void)
{
+ cached_config_t *cc, *next;
+
+ virtual_servers_free(0);
+
+ /*
+ * Free all of the cached configurations.
+ */
+ for (cc = cs_cache; cc != NULL; cc = next) {
+ next = cc->next;
+ cf_section_free(&cc->cs);
+ free(cc);
+ }
+
/*
* Clean up the configuration data
* structures.
*/
- cf_section_free(&mainconfig.config);
realms_free();
listen_free(&mainconfig.listen);
dict_free();
return 0;
}
+
+void hup_mainconfig(void)
+{
+ cached_config_t *cc;
+ CONF_SECTION *cs;
+ char buffer[1024];
+
+ /* Read the configuration file */
+ snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
+ radius_dir, mainconfig.name);
+ if ((cs = cf_file_read(buffer)) == NULL) {
+ radlog(L_ERR, "Failed to re-read %s", buffer);
+ return;
+ }
+
+ cc = rad_malloc(sizeof(*cc));
+ memset(cc, 0, sizeof(*cc));
+
+ /*
+ * Save the current configuration. Note that we do NOT
+ * free older ones. We should probably do so at some
+ * point. Doing so will require us to mark which modules
+ * are still in use, and which aren't. Modules that
+ * can't be HUPed always use the original configuration.
+ * Modules that can be HUPed use one of the newer
+ * configurations.
+ */
+ cc->created = time(NULL);
+ cc->cs = cs;
+ cc->next = cs_cache;
+ cs_cache = cc;
+
+ /*
+ * Prefer the new module configuration.
+ */
+ module_hup(cf_section_sub_find(cs, "modules"));
+
+ /*
+ * Load new servers BEFORE freeing old ones.
+ */
+ virtual_servers_load(cs);
+
+ virtual_servers_free(cc->created - mainconfig.max_request_time * 4);
+}
projects / freeradius.git / blobdiff