/*
* Allocate memory, or exit.
*
* This call ALWAYS succeeds!
*/
void *rad_malloc(size_t size)
{
void *ptr = malloc(size);
if (ptr == NULL) {
ERROR("no memory");
fr_exit(1);
}
return ptr;
}
/*
* We got a fatal signal.
*/
static void sig_fatal(int sig)
{
if (getpid() != radius_pid) _exit(sig);
switch (sig) {
case SIGTERM:
radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
break;
case SIGINT:
#ifdef SIGQUIT
case SIGQUIT:
#endif
if (main_config.debug_memory || main_config.memory_report) {
radius_signal_self(RADIUS_SIGNAL_SELF_TERM);
break;
}
/* FALL-THROUGH */
default:
fr_exit(sig);
}
}
int main(int argc, char **argv)
{
fr_heap_t *hp;
int i;
heap_thing array[ARRAY_SIZE];
int skip = 0;
int left;
if (argc > 1) {
skip = atoi(argv[1]);
}
hp = fr_heap_create(heap_cmp, offsetof(heap_thing, heap));
if (!hp) {
fprintf(stderr, "Failed creating heap!\n");
fr_exit(1);
}
for (i = 0; i < ARRAY_SIZE; i++) {
array[i].data = rand() % 65537;
if (!fr_heap_insert(hp, &array[i])) {
fprintf(stderr, "Failed inserting %d\n", i);
fr_exit(1);
}
if (!fr_heap_check(hp, &array[i])) {
fprintf(stderr, "Inserted but not in heap %d\n", i);
fr_exit(1);
}
}
#if 0
for (i = 0; i < ARRAY_SIZE; i++) {
printf("Array %d has value %d at offset %d\n",
i, array[i].data, array[i].heap);
}
#endif
if (skip) {
int entry;
printf("%d elements to remove\n", ARRAY_SIZE / skip);
for (i = 0; i < ARRAY_SIZE / skip; i++) {
entry = i * skip;
if (!fr_heap_extract(hp, &array[entry])) {
fprintf(stderr, "Failed removing %d\n", entry);
}
if (fr_heap_check(hp, &array[entry])) {
fprintf(stderr, "Deleted but still in heap %d\n", entry);
fr_exit(1);
}
if (array[entry].heap != -1) {
fprintf(stderr, "heap offset is wrong %d\n", entry);
fr_exit(1);
}
}
}
left = fr_heap_num_elements(hp);
printf("%d elements left in the heap\n", left);
for (i = 0; i < left; i++) {
heap_thing *t = fr_heap_peek(hp);
if (!t) {
fprintf(stderr, "Failed peeking %d\n", i);
fr_exit(1);
}
printf("%d\t%d\n", i, t->data);
if (!fr_heap_extract(hp, NULL)) {
fprintf(stderr, "Failed extracting %d\n", i);
fr_exit(1);
}
}
if (fr_heap_num_elements(hp) > 0) {
fprintf(stderr, "%d elements left at the end", fr_heap_num_elements(hp));
fr_exit(1);
}
fr_heap_delete(hp);
return 0;
}
/*
* Read config files.
*
* This function can ONLY be called from the main server process.
*/
int main_config_init(void)
{
char const *p = NULL;
CONF_SECTION *cs;
struct stat statbuf;
cached_config_t *cc;
char buffer[1024];
if (stat(radius_dir, &statbuf) < 0) {
ERROR("Errors reading %s: %s",
radius_dir, fr_syserror(errno));
return -1;
}
#ifdef S_IWOTH
if ((statbuf.st_mode & S_IWOTH) != 0) {
ERROR("Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
radius_dir);
return -1;
}
#endif
#ifdef S_IROTH
if (0 && (statbuf.st_mode & S_IROTH) != 0) {
ERROR("Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
radius_dir);
return -1;
}
#endif
INFO("Starting - reading configuration files ...");
/*
* We need to load the dictionaries before reading the
* configuration files. This is because of the
* pre-compilation in conffile.c. That should probably
* be fixed to be done as a second stage.
*/
if (!main_config.dictionary_dir) {
main_config.dictionary_dir = talloc_typed_strdup(NULL, DICTDIR);
}
/*
* Read the distribution dictionaries first, then
* the ones in raddb.
*/
DEBUG2("including dictionary file %s/%s", main_config.dictionary_dir, RADIUS_DICTIONARY);
if (dict_init(main_config.dictionary_dir, RADIUS_DICTIONARY) != 0) {
ERROR("Errors reading dictionary: %s",
fr_strerror());
return -1;
}
#define DICT_READ_OPTIONAL(_d, _n) \
do {\
switch (dict_read(_d, _n)) {\
case -1:\
ERROR("Errors reading %s/%s: %s", _d, _n, fr_strerror());\
return -1;\
case 0:\
DEBUG2("including dictionary file %s/%s", _d,_n);\
break;\
default:\
break;\
}\
} while (0)
/*
* Try to load protocol-specific dictionaries. It's OK
* if they don't exist.
*/
#ifdef WITH_DHCP
DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.dhcp");
#endif
#ifdef WITH_VMPS
DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.vqp");
#endif
/*
* It's OK if this one doesn't exist.
*/
DICT_READ_OPTIONAL(radius_dir, RADIUS_DICTIONARY);
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf",
radius_dir, main_config.name);
if ((cs = cf_file_read(buffer)) == NULL) {
ERROR("Errors reading or parsing %s", buffer);
return -1;
}
/*
* If there was no log destination set on the command line,
* set it now.
*/
if (default_log.dst == L_DST_NULL) {
if (cf_section_parse(cs, NULL, serverdest_config) < 0) {
fprintf(stderr, "radiusd: Error: Failed to parse log{} section.\n");
cf_file_free(cs);
return -1;
}
if (!radlog_dest) {
fprintf(stderr, "radiusd: Error: No log destination specified.\n");
cf_file_free(cs);
return -1;
}
default_log.dst = fr_str2int(log_str2dst, radlog_dest,
L_DST_NUM_DEST);
if (default_log.dst == L_DST_NUM_DEST) {
fprintf(stderr, "radiusd: Error: Unknown log_destination %s\n",
radlog_dest);
cf_file_free(cs);
return -1;
}
if (default_log.dst == L_DST_SYSLOG) {
/*
* Make sure syslog_facility isn't NULL
* before using it
*/
if (!syslog_facility) {
fprintf(stderr, "radiusd: Error: Syslog chosen but no facility was specified\n");
cf_file_free(cs);
return -1;
}
main_config.syslog_facility = fr_str2int(syslog_str2fac, syslog_facility, -1);
if (main_config.syslog_facility < 0) {
fprintf(stderr, "radiusd: Error: Unknown syslog_facility %s\n",
syslog_facility);
cf_file_free(cs);
return -1;
}
#ifdef HAVE_SYSLOG_H
/*
* Call openlog only once, when the
* program starts.
*/
openlog(progname, LOG_PID, main_config.syslog_facility);
#endif
} else if (default_log.dst == L_DST_FILES) {
if (!main_config.log_file) {
fprintf(stderr, "radiusd: Error: Specified \"files\" as a log destination, but no log filename was given!\n");
cf_file_free(cs);
return -1;
}
}
}
#ifdef HAVE_SETUID
/*
* Switch users as early as possible.
*/
if (!switch_users(cs)) fr_exit(1);
#endif
/*
* Open the log file AFTER switching uid / gid. If we
* did switch uid/gid, then the code in switch_users()
* took care of setting the file permissions correctly.
*/
if ((default_log.dst == L_DST_FILES) &&
(default_log.fd < 0)) {
default_log.fd = open(main_config.log_file,
O_WRONLY | O_APPEND | O_CREAT, 0640);
if (default_log.fd < 0) {
fprintf(stderr, "radiusd: Failed to open log file %s: %s\n", main_config.log_file, fr_syserror(errno));
cf_file_free(cs);
return -1;
}
}
/*
* This allows us to figure out where, relative to
* radiusd.conf, the other configuration files exist.
*/
if (cf_section_parse(cs, NULL, server_config) < 0) {
return -1;
}
/*
* We ignore colourization of output until after the
* configuration files have been parsed.
*/
p = getenv("TERM");
if (do_colourise && p && isatty(default_log.fd) && strstr(p, "xterm")) {
default_log.colourise = true;
} else {
default_log.colourise = false;
}
/*
* Starting the server, WITHOUT "-x" on the
* command-line: use whatever is in the config
* file.
*/
if (debug_flag == 0) {
debug_flag = main_config.debug_level;
}
fr_debug_flag = debug_flag;
FR_INTEGER_COND_CHECK("max_request_time", main_config.max_request_time, (main_config.max_request_time != 0), 100);
FR_INTEGER_BOUND_CHECK("reject_delay", main_config.reject_delay, <=, 10);
FR_INTEGER_BOUND_CHECK("cleanup_delay", main_config.cleanup_delay, <=, 10);
/*
* Set default initial request processing delay to 1/3 of a second.
* Will be updated by the lowest response window across all home servers,
* if it is less than this.
*/
main_config.init_delay.tv_sec = 0;
main_config.init_delay.tv_usec = 1000000 / 3;
/*
* Free the old configuration items, and replace them
* with the new ones.
*
* Note that where possible, we do atomic switch-overs,
* to ensure that the pointers are always valid.
*/
rad_assert(main_config.config == NULL);
root_config = main_config.config = cs;
DEBUG2("%s: #### Loading Realms and Home Servers ####", main_config.name);
if (!realms_init(cs)) {
return -1;
}
DEBUG2("%s: #### Loading Clients ####", main_config.name);
if (!clients_parse_section(cs, false)) {
return -1;
}
/*
* Register the %{config:section.subsection} xlat function.
*/
xlat_register("config", xlat_config, NULL, NULL);
xlat_register("client", xlat_client, NULL, NULL);
xlat_register("getclient", xlat_getclient, NULL, NULL);
/*
* Go update our behaviour, based on the configuration
* changes.
*/
/*
* Sanity check the configuration for internal
* consistency.
*/
FR_INTEGER_BOUND_CHECK("reject_delay", main_config.reject_delay, <=, main_config.cleanup_delay);
if (chroot_dir) {
if (chdir(radlog_dir) < 0) {
ERROR("Failed to 'chdir %s' after chroot: %s",
radlog_dir, fr_syserror(errno));
return -1;
}
}
cc = talloc_zero(NULL, cached_config_t);
if (!cc) return -1;
cc->cs = talloc_steal(cc ,cs);
rad_assert(cs_cache == NULL);
cs_cache = cc;
/* Clear any unprocessed configuration errors */
(void) fr_strerror();
return 0;
}
/*
* Read config files.
*
* This function can ONLY be called from the main server process.
*/
int main_config_init(void)
{
char const *p = NULL;
CONF_SECTION *cs, *subcs;
struct stat statbuf;
cached_config_t *cc;
char buffer[1024];
if (stat(radius_dir, &statbuf) < 0) {
ERROR("Errors reading %s: %s",
radius_dir, fr_syserror(errno));
return -1;
}
#ifdef S_IWOTH
if ((statbuf.st_mode & S_IWOTH) != 0) {
ERROR("Configuration directory %s is globally writable. Refusing to start due to insecure configuration.",
radius_dir);
return -1;
}
#endif
#if 0 && defined(S_IROTH)
if (statbuf.st_mode & S_IROTH != 0) {
ERROR("Configuration directory %s is globally readable. Refusing to start due to insecure configuration.",
radius_dir);
return -1;
}
#endif
INFO("Starting - reading configuration files ...");
/*
* We need to load the dictionaries before reading the
* configuration files. This is because of the
* pre-compilation in conffile.c. That should probably
* be fixed to be done as a second stage.
*/
if (!main_config.dictionary_dir) {
main_config.dictionary_dir = DICTDIR;
}
/*
* About sizeof(REQUEST) + sizeof(RADIUS_PACKET) * 2 + sizeof(VALUE_PAIR) * 400
*
* Which should be enough for many configurations.
*/
main_config.talloc_pool_size = 8 * 1024; /* default */
/*
* Read the distribution dictionaries first, then
* the ones in raddb.
*/
DEBUG2("including dictionary file %s/%s", main_config.dictionary_dir, RADIUS_DICTIONARY);
if (dict_init(main_config.dictionary_dir, RADIUS_DICTIONARY) != 0) {
ERROR("Errors reading dictionary: %s",
fr_strerror());
return -1;
}
#define DICT_READ_OPTIONAL(_d, _n) \
do {\
switch (dict_read(_d, _n)) {\
case -1:\
ERROR("Errors reading %s/%s: %s", _d, _n, fr_strerror());\
return -1;\
case 0:\
DEBUG2("including dictionary file %s/%s", _d,_n);\
break;\
default:\
break;\
}\
} while (0)
/*
* Try to load protocol-specific dictionaries. It's OK
* if they don't exist.
*/
#ifdef WITH_DHCP
DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.dhcp");
#endif
#ifdef WITH_VMPS
DICT_READ_OPTIONAL(main_config.dictionary_dir, "dictionary.vqp");
#endif
/*
* It's OK if this one doesn't exist.
*/
DICT_READ_OPTIONAL(radius_dir, RADIUS_DICTIONARY);
cs = cf_section_alloc(NULL, "main", NULL);
if (!cs) return -1;
/*
* Add a 'feature' subsection off the main config
* We check if it's defined first, as the user may
* have defined their own feature flags, or want
* to manually override the ones set by modules
* or the server.
*/
subcs = cf_section_sub_find(cs, "feature");
if (!subcs) {
subcs = cf_section_alloc(cs, "feature", NULL);
if (!subcs) return -1;
cf_section_add(cs, subcs);
}
version_init_features(subcs);
/*
* Add a 'version' subsection off the main config
* We check if it's defined first, this is for
* backwards compatibility.
*/
subcs = cf_section_sub_find(cs, "version");
if (!subcs) {
subcs = cf_section_alloc(cs, "version", NULL);
if (!subcs) return -1;
cf_section_add(cs, subcs);
}
version_init_numbers(subcs);
/* Read the configuration file */
snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf", radius_dir, main_config.name);
if (cf_file_read(cs, buffer) < 0) {
ERROR("Errors reading or parsing %s", buffer);
talloc_free(cs);
return -1;
}
/*
* If there was no log destination set on the command line,
* set it now.
*/
if (default_log.dst == L_DST_NULL) {
default_log.dst = L_DST_STDERR;
default_log.fd = STDERR_FILENO;
if (cf_section_parse(cs, NULL, startup_server_config) == -1) {
fprintf(stderr, "%s: Error: Failed to parse log{} section.\n",
main_config.name);
cf_file_free(cs);
return -1;
}
if (!radlog_dest) {
fprintf(stderr, "%s: Error: No log destination specified.\n",
main_config.name);
cf_file_free(cs);
return -1;
}
default_log.fd = -1;
default_log.dst = fr_str2int(log_str2dst, radlog_dest,
L_DST_NUM_DEST);
if (default_log.dst == L_DST_NUM_DEST) {
fprintf(stderr, "%s: Error: Unknown log_destination %s\n",
main_config.name, radlog_dest);
cf_file_free(cs);
return -1;
}
if (default_log.dst == L_DST_SYSLOG) {
/*
* Make sure syslog_facility isn't NULL
* before using it
*/
if (!syslog_facility) {
fprintf(stderr, "%s: Error: Syslog chosen but no facility was specified\n",
main_config.name);
cf_file_free(cs);
return -1;
}
main_config.syslog_facility = fr_str2int(syslog_facility_table, syslog_facility, -1);
if (main_config.syslog_facility < 0) {
fprintf(stderr, "%s: Error: Unknown syslog_facility %s\n",
main_config.name, syslog_facility);
cf_file_free(cs);
return -1;
}
#ifdef HAVE_SYSLOG_H
/*
* Call openlog only once, when the
* program starts.
*/
openlog(main_config.name, LOG_PID, main_config.syslog_facility);
#endif
} else if (default_log.dst == L_DST_FILES) {
if (!main_config.log_file) {
fprintf(stderr, "%s: Error: Specified \"files\" as a log destination, but no log filename was given!\n",
main_config.name);
cf_file_free(cs);
return -1;
}
}
}
#ifdef HAVE_SETUID
/*
* Switch users as early as possible.
*/
if (!switch_users(cs)) fr_exit(1);
#endif
/*
* This allows us to figure out where, relative to
* radiusd.conf, the other configuration files exist.
*/
if (cf_section_parse(cs, NULL, server_config) < 0) return -1;
/*
* Fix up log_auth, and log_accept and log_reject
*/
if (main_config.log_auth) {
main_config.log_accept = main_config.log_reject = true;
}
/*
* We ignore colourization of output until after the
* configuration files have been parsed.
*/
p = getenv("TERM");
if (do_colourise && p && isatty(default_log.fd) && strstr(p, "xterm")) {
default_log.colourise = true;
} else {
default_log.colourise = false;
}
/*
* Starting the server, WITHOUT "-x" on the
* command-line: use whatever is in the config
* file.
*/
if (rad_debug_lvl == 0) {
rad_debug_lvl = main_config.debug_level;
}
fr_debug_lvl = rad_debug_lvl;
FR_INTEGER_COND_CHECK("max_request_time", main_config.max_request_time,
(main_config.max_request_time != 0), 100);
/*
* reject_delay can be zero. OR 1 though 10.
*/
if ((main_config.reject_delay.tv_sec != 0) || (main_config.reject_delay.tv_usec != 0)) {
FR_TIMEVAL_BOUND_CHECK("reject_delay", &main_config.reject_delay, >=, 1, 0);
}
int main(int argc, char **argv)
{
int i, j, array[MAX];
fr_fifo_t *fi;
fi = fr_fifo_create(NULL, MAX, NULL);
if (!fi) fr_exit(1);
for (j = 0; j < 5; j++) {
#define SPLIT (MAX/3)
#define COUNT ((j * SPLIT) + i)
for (i = 0; i < SPLIT; i++) {
array[COUNT % MAX] = COUNT;
if (fr_fifo_push(fi, &array[COUNT % MAX]) < 0) {
fprintf(stderr, "%d %d\tfailed pushing %d\n",
j, i, COUNT);
fr_exit(2);
}
if (fr_fifo_num_elements(fi) != (i + 1)) {
fprintf(stderr, "%d %d\tgot size %d expected %d\n",
j, i, i + 1, fr_fifo_num_elements(fi));
fr_exit(1);
}
}
if (fr_fifo_num_elements(fi) != SPLIT) {
fprintf(stderr, "HALF %d %d\n",
fr_fifo_num_elements(fi), SPLIT);
fr_exit(1);
}
for (i = 0; i < SPLIT; i++) {
int *p;
p = fr_fifo_pop(fi);
if (!p) {
fprintf(stderr, "No pop at %d\n", i);
fr_exit(3);
}
if (*p != COUNT) {
fprintf(stderr, "%d %d\tgot %d expected %d\n",
j, i, *p, COUNT);
fr_exit(4);
}
if (fr_fifo_num_elements(fi) != SPLIT - (i + 1)) {
fprintf(stderr, "%d %d\tgot size %d expected %d\n",
j, i, SPLIT - (i + 1), fr_fifo_num_elements(fi));
fr_exit(1);
}
}
if (fr_fifo_num_elements(fi) != 0) {
fprintf(stderr, "ZERO %d %d\n",
fr_fifo_num_elements(fi), 0);
fr_exit(1);
}
}
talloc_free(fi);
fr_exit(0);
}
static unlang_action_t unlang_foreach(REQUEST *request,
rlm_rcode_t *presult, int *priority)
{
VALUE_PAIR *vp;
unlang_stack_t *stack = request->stack;
unlang_stack_frame_t *frame = &stack->frame[stack->depth];
unlang_t *instruction = frame->instruction;
unlang_frame_state_foreach_t *foreach = NULL;
unlang_group_t *g;
g = unlang_generic_to_group(instruction);
if (!frame->repeat) {
int i, foreach_depth = -1;
VALUE_PAIR *vps;
if (stack->depth >= UNLANG_STACK_MAX) {
ERROR("Internal sanity check failed: module stack is too deep");
fr_exit(EXIT_FAILURE);
}
/*
* Figure out how deep we are in nesting by looking at request_data
* stored previously.
*
* FIXME: figure this out by walking up the modcall stack instead.
*/
for (i = 0; i < 8; i++) {
if (!request_data_reference(request, (void *)xlat_fmt_get_vp, i)) {
foreach_depth = i;
break;
}
}
if (foreach_depth < 0) {
REDEBUG("foreach Nesting too deep!");
*presult = RLM_MODULE_FAIL;
*priority = 0;
return UNLANG_ACTION_CALCULATE_RESULT;
}
/*
* Copy the VPs from the original request, this ensures deterministic
* behaviour if someone decides to add or remove VPs in the set we're
* iterating over.
*/
if (tmpl_copy_vps(stack, &vps, request, g->vpt) < 0) { /* nothing to loop over */
*presult = RLM_MODULE_NOOP;
*priority = instruction->actions[RLM_MODULE_NOOP];
return UNLANG_ACTION_CALCULATE_RESULT;
}
MEM(frame->state = foreach = talloc_zero(stack, unlang_frame_state_foreach_t));
rad_assert(vps != NULL);
foreach->depth = foreach_depth;
foreach->vps = vps;
fr_cursor_talloc_init(&foreach->cursor, &foreach->vps, VALUE_PAIR);
#ifndef NDEBUG
foreach->indent = request->log.unlang_indent;
#endif
vp = fr_cursor_head(&foreach->cursor);
} else {
foreach = talloc_get_type_abort(frame->state, unlang_frame_state_foreach_t);
vp = fr_cursor_next(&foreach->cursor);
/*
* We've been asked to unwind to the
* enclosing "foreach". We're here, so
* we can stop unwinding.
*/
if (frame->unwind == UNLANG_TYPE_BREAK) {
frame->unwind = UNLANG_TYPE_NULL;
vp = NULL;
}
/*
* Unwind all the way.
*/
if (frame->unwind == UNLANG_TYPE_RETURN) {
vp = NULL;
}
if (!vp) {
/*
* Free the copied vps and the request data
* If we don't remove the request data, something could call
* the xlat outside of a foreach loop and trigger a segv.
*/
fr_pair_list_free(&foreach->vps);
request_data_get(request, (void *)xlat_fmt_get_vp, foreach->depth);
*presult = frame->result;
if (*presult != RLM_MODULE_UNKNOWN) *priority = instruction->actions[*presult];
#ifndef NDEBUG
rad_assert(foreach->indent == request->log.unlang_indent);
#endif
return UNLANG_ACTION_CALCULATE_RESULT;
}
}
#ifndef NDEBUG
RDEBUG2("");
RDEBUG2("# looping with: Foreach-Variable-%d = %pV", foreach->depth, &vp->data);
#endif
rad_assert(vp);
/*
* Add the vp to the request, so that
* xlat.c, xlat_foreach() can find it.
*/
foreach->variable = vp;
request_data_add(request, (void *)xlat_fmt_get_vp, foreach->depth, &foreach->variable,
false, false, false);
/*
* Push the child, and yield for a later return.
*/
unlang_push(stack, g->children, frame->result, UNLANG_NEXT_SIBLING, UNLANG_SUB_FRAME);
frame->repeat = true;
return UNLANG_ACTION_PUSHED_CHILD;
}