* things needed inside of the chroot are the
* logging directories.
*/
- radlog(L_INFO, "performing chroot to %s\n", chroot_dir);
}
#ifdef HAVE_GRP_H
/*
* Just before losing root permissions, ensure that the
* log files have the correct owner && group.
+ *
+ * We have to do this because the log file MAY have been
+ * specified on the command-line.
*/
if (uid_name || gid_name) {
if ((mainconfig.radlog_dest == RADLOG_FILES) &&
- (mainconfig.log_file != NULL)) {
- int fd = open(mainconfig.log_file,
- O_WRONLY | O_APPEND | O_CREAT, 0640);
- if (fd < 0) {
- fprintf(stderr, "%s: Cannot write to log file %s: %s\n",
- progname, mainconfig.log_file, strerror(errno));
+ (mainconfig.radlog_fd < 0)) {
+ mainconfig.radlog_fd = open(mainconfig.log_file,
+ O_WRONLY | O_APPEND | O_CREAT, 0640);
+ if (mainconfig.radlog_fd < 0) {
+ fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, strerror(errno));
return 0;
}
- close(fd);
if (chown(mainconfig.log_file, server_uid, server_gid) < 0) {
- fprintf(stderr, "%s: Cannot change ownership of log file %s: %s\n",
- progname, mainconfig.log_file, strerror(errno));
- return 0;
+ fprintf(stderr, "%s: Cannot change ownership of log file %s: %s\n",
+ progname, mainconfig.log_file, strerror(errno));
+ return 0;
}
}
}
cf_section_free(&cs);
return -1;
}
+
+ /*
+ * Call openlog only once, when the
+ * program starts.
+ */
+ openlog(progname, LOG_PID, mainconfig.syslog_facility);
+
+ } else if (mainconfig.radlog_dest == RADLOG_FILES) {
+ if (!mainconfig.log_file) {
+ fprintf(stderr, "radiusd: Error: Specified \"files\" as a log destination, but no log filename was given!\n");
+ cf_section_free(&cs);
+ return -1;
+ }
}
}
if (!switch_users(cs)) exit(1);
#endif
+ /*
+ * Open the log file AFTER switching uid / gid. If we
+ * did switch uid/gid, then the code in switch_users()
+ * took care of setting the file permissions correctly.
+ */
+ if ((mainconfig.radlog_dest == RADLOG_FILES) &&
+ (mainconfig.radlog_fd < 0)) {
+ mainconfig.radlog_fd = open(mainconfig.log_file,
+ O_WRONLY | O_APPEND | O_CREAT, 0640);
+ if (mainconfig.radlog_fd < 0) {
+ fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", mainconfig.log_file, strerror(errno));
+ cf_section_free(&cs);
+ return -1;
+ }
+ }
+
/* Initialize the dictionary */
cp = cf_pair_find(cs, "dictionary");
if (cp) p = cf_pair_value(cp);
CONF_SECTION *cs;
char buffer[1024];
+ radlog(L_INFO, "HUP - Re-reading configuration files");
+
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
radius_dir, mainconfig.name);
cs_cache = cc;
/*
+ * Re-open the log file. If we can't, then keep logging
+ * to the old log file.
+ *
+ * The "open log file" code is here rather than in log.c,
+ * because it makes that function MUCH simpler.
+ */
+ if (mainconfig.radlog_dest == RADLOG_FILES) {
+ int fd, old_fd;
+
+ fd = open(mainconfig.log_file,
+ O_WRONLY | O_APPEND | O_CREAT, 0640);
+ if (fd >= 0) {
+ /*
+ * Atomic swap. We'd like to keep the old
+ * FD around so that callers don't
+ * suddenly find the FD closed, and the
+ * writes go nowhere. But that's hard to
+ * do. So... we have the case where a
+ * log message *might* be lost on HUP.
+ */
+ old_fd = mainconfig.radlog_fd;
+ mainconfig.radlog_fd = fd;
+ close(old_fd);
+ }
+ }
+
+ radlog(L_INFO, "HUP - loading modules");
+
+ /*
* Prefer the new module configuration.
*/
module_hup(cf_section_sub_find(cs, "modules"));