/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int argval;
const char *input_file = NULL;
const char *output_file = NULL;
const char *filter_file = NULL;
FILE *fp;
REQUEST *request = NULL;
VALUE_PAIR *vp;
VALUE_PAIR *filter_vps = NULL;
bool xlat_only = false;
fr_state_tree_t *state = NULL;
fr_talloc_fault_setup();
/*
* If the server was built with debugging enabled always install
* the basic fatal signal handlers.
*/
#ifndef NDEBUG
if (fr_fault_setup(getenv("PANIC_ACTION"), argv[0]) < 0) {
fr_perror("unittest");
exit(EXIT_FAILURE);
}
#endif
rad_debug_lvl = 0;
set_radius_dir(NULL, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&main_config, 0, sizeof(main_config));
main_config.name = "unittest";
/*
* The tests should have only IPs, not host names.
*/
fr_hostname_lookups = false;
/*
* We always log to stdout.
*/
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
/* Process the options. */
while ((argval = getopt(argc, argv, "d:D:f:hi:mMn:o:O:xX")) != EOF) {
switch (argval) {
case 'd':
set_radius_dir(NULL, optarg);
break;
case 'D':
main_config.dictionary_dir = talloc_typed_strdup(NULL, optarg);
break;
case 'f':
filter_file = optarg;
break;
case 'h':
usage(0);
break;
case 'i':
input_file = optarg;
break;
case 'm':
main_config.debug_memory = true;
break;
case 'M':
memory_report = true;
main_config.debug_memory = true;
break;
case 'n':
main_config.name = optarg;
break;
case 'o':
output_file = optarg;
break;
case 'O':
if (strcmp(optarg, "xlat_only") == 0) {
xlat_only = true;
break;
}
fprintf(stderr, "Unknown option '%s'\n", optarg);
exit(EXIT_FAILURE);
case 'X':
rad_debug_lvl += 2;
main_config.log_auth = true;
main_config.log_auth_badpass = true;
main_config.log_auth_goodpass = true;
break;
case 'x':
rad_debug_lvl++;
break;
default:
usage(1);
break;
}
}
if (rad_debug_lvl) version_print();
fr_debug_lvl = rad_debug_lvl;
/*
* Mismatch between the binary and the libraries it depends on
*/
if (fr_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
fr_perror("%s", main_config.name);
exit(EXIT_FAILURE);
}
/*
* Initialising OpenSSL once, here, is safer than having individual modules do it.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
if (tls_global_init() < 0) {
rcode = EXIT_FAILURE;
goto finish;
}
#endif
if (xlat_register(NULL, "poke", xlat_poke, NULL, NULL, 0, XLAT_DEFAULT_BUF_LEN) < 0) {
rcode = EXIT_FAILURE;
goto finish;
}
if (map_proc_register(NULL, "test-fail", mod_map_proc, NULL, NULL, 0) < 0) {
rcode = EXIT_FAILURE;
goto finish;
}
/* Read the configuration files, BEFORE doing anything else. */
if (main_config_init() < 0) {
exit_failure:
rcode = EXIT_FAILURE;
goto finish;
}
/*
* Setup dummy virtual server
*/
cf_section_add(main_config.config, cf_section_alloc(main_config.config, "server", "unit_test"));
/*
* Initialize Auth-Type, etc. in the virtual servers
* before loading the modules. Some modules need those
* to be defined.
*/
if (virtual_servers_bootstrap(main_config.config) < 0) goto exit_failure;
/*
* Bootstrap the modules. This links to them, and runs
* their "bootstrap" routines.
*
* After this step, all dynamic attributes, xlats, etc. are defined.
*/
if (modules_bootstrap(main_config.config) < 0) exit(EXIT_FAILURE);
/*
* Load the modules
*/
if (modules_init(main_config.config) < 0) goto exit_failure;
/*
* And then load the virtual servers.
*/
if (virtual_servers_init(main_config.config) < 0) goto exit_failure;
state = fr_state_tree_init(NULL, main_config.max_requests * 2, 10);
/*
* Set the panic action (if required)
*/
{
char const *panic_action = NULL;
panic_action = getenv("PANIC_ACTION");
if (!panic_action) panic_action = main_config.panic_action;
if (panic_action && (fr_fault_setup(panic_action, argv[0]) < 0)) {
fr_perror("%s", main_config.name);
exit(EXIT_FAILURE);
}
}
setlinebuf(stdout); /* unbuffered output */
if (!input_file || (strcmp(input_file, "-") == 0)) {
fp = stdin;
} else {
fp = fopen(input_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n",
input_file, strerror(errno));
rcode = EXIT_FAILURE;
goto finish;
}
}
/*
* For simplicity, read xlat's.
*/
if (xlat_only) {
if (!do_xlats(input_file, fp)) rcode = EXIT_FAILURE;
if (input_file) fclose(fp);
goto finish;
}
/*
* Grab the VPs from stdin, or from the file.
*/
request = request_setup(fp);
if (!request) {
fprintf(stderr, "Failed reading input: %s\n", fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
/*
* No filter file, OR there's no more input, OR we're
* reading from a file, and it's different from the
* filter file.
*/
if (!filter_file || filedone ||
((input_file != NULL) && (strcmp(filter_file, input_file) != 0))) {
if (output_file) {
fclose(fp);
fp = NULL;
}
filedone = false;
}
/*
* There is a filter file. If necessary, open it. If we
* already are reading it via "input_file", then we don't
* need to re-open it.
*/
if (filter_file) {
if (!fp) {
fp = fopen(filter_file, "r");
if (!fp) {
fprintf(stderr, "Failed reading %s: %s\n", filter_file, strerror(errno));
rcode = EXIT_FAILURE;
goto finish;
}
}
if (fr_pair_list_afrom_file(request, &filter_vps, fp, &filedone) < 0) {
fprintf(stderr, "Failed reading attributes from %s: %s\n",
filter_file, fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
/*
* FIXME: loop over input packets.
*/
fclose(fp);
}
rad_virtual_server(request);
if (!output_file || (strcmp(output_file, "-") == 0)) {
fp = stdout;
} else {
fp = fopen(output_file, "w");
if (!fp) {
fprintf(stderr, "Failed writing %s: %s\n",
output_file, strerror(errno));
exit(EXIT_FAILURE);
}
}
print_packet(fp, request->reply);
if (output_file) fclose(fp);
/*
* Update the list with the response type.
*/
vp = radius_pair_create(request->reply, &request->reply->vps,
PW_RESPONSE_PACKET_TYPE, 0);
vp->vp_integer = request->reply->code;
{
VALUE_PAIR const *failed[2];
if (filter_vps && !fr_pair_validate(failed, filter_vps, request->reply->vps)) {
fr_pair_validate_debug(request, failed);
fr_perror("Output file %s does not match attributes in filter %s (%s)",
output_file ? output_file : input_file, filter_file, fr_strerror());
rcode = EXIT_FAILURE;
goto finish;
}
}
INFO("Exiting normally");
finish:
talloc_free(request);
talloc_free(state);
/*
* Free the configuration items.
*/
main_config_free();
/*
* Detach any modules.
*/
modules_free();
xlat_unregister(NULL, "poke", xlat_poke);
xlat_free(); /* modules may have xlat's */
if (memory_report) {
INFO("Allocated memory at time of report:");
fr_log_talloc_report(NULL);
}
return rcode;
}
/*
* The main guy.
*/
int main(int argc, char *argv[])
{
int rcode = EXIT_SUCCESS;
int status;
int argval;
bool display_version = false;
int from_child[2] = {-1, -1};
char *p;
/*
* We probably don't want to free the talloc autofree context
* directly, so we'll allocate a new context beneath it, and
* free that before any leak reports.
*/
TALLOC_CTX *autofree = talloc_init("main");
#ifdef OSFC2
set_auth_parameters(argc, argv);
#endif
#ifdef WIN32
{
WSADATA wsaData;
if (WSAStartup(MAKEWORD(2, 0), &wsaData)) {
fprintf(stderr, "%s: Unable to initialize socket library.\n",
main_config.name);
exit(EXIT_FAILURE);
}
}
#endif
rad_debug_lvl = 0;
set_radius_dir(autofree, RADIUS_DIR);
/*
* Ensure that the configuration is initialized.
*/
memset(&main_config, 0, sizeof(main_config));
main_config.daemonize = true;
main_config.spawn_workers = true;
p = strrchr(argv[0], FR_DIR_SEP);
if (!p) {
main_config.name = argv[0];
} else {
main_config.name = p + 1;
}
/*
* Don't put output anywhere until we get told a little
* more.
*/
default_log.dst = L_DST_NULL;
default_log.fd = -1;
main_config.log_file = NULL;
/* Process the options. */
while ((argval = getopt(argc, argv, "Cd:D:fhi:l:mMn:p:PstvxX")) != EOF) {
switch (argval) {
case 'C':
check_config = true;
main_config.spawn_workers = false;
main_config.daemonize = false;
break;
case 'd':
set_radius_dir(autofree, optarg);
break;
case 'D':
main_config.dictionary_dir = talloc_typed_strdup(autofree, optarg);
break;
case 'f':
main_config.daemonize = false;
break;
case 'h':
usage(0);
break;
case 'l':
if (strcmp(optarg, "stdout") == 0) {
goto do_stdout;
}
main_config.log_file = strdup(optarg);
default_log.dst = L_DST_FILES;
default_log.fd = open(main_config.log_file, O_WRONLY | O_APPEND | O_CREAT, 0640);
if (default_log.fd < 0) {
fprintf(stderr, "%s: Failed to open log file %s: %s\n",
main_config.name, main_config.log_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
fr_log_fp = fdopen(default_log.fd, "a");
break;
case 'n':
main_config.name = optarg;
break;
case 'm':
main_config.debug_memory = true;
break;
case 'M':
main_config.memory_report = true;
main_config.debug_memory = true;
break;
case 'P':
/* Force the PID to be written, even in -f mode */
main_config.write_pid = true;
break;
case 's': /* Single process mode */
main_config.spawn_workers = false;
main_config.daemonize = false;
break;
case 't': /* no child threads */
main_config.spawn_workers = false;
break;
case 'v':
display_version = true;
break;
case 'X':
main_config.spawn_workers = false;
main_config.daemonize = false;
rad_debug_lvl += 2;
main_config.log_auth = true;
main_config.log_auth_badpass = true;
main_config.log_auth_goodpass = true;
do_stdout:
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
break;
case 'x':
rad_debug_lvl++;
break;
default:
usage(1);
break;
}
}
/*
* Mismatch between the binary and the libraries it depends on.
*/
if (fr_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) {
fr_perror("%s", main_config.name);
exit(EXIT_FAILURE);
}
if (rad_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) exit(EXIT_FAILURE);
/*
* Mismatch between build time OpenSSL and linked SSL, better to die
* here than segfault later.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
if (ssl_check_consistency() < 0) exit(EXIT_FAILURE);
#endif
/*
* According to the talloc peeps, no two threads may modify any part of
* a ctx tree with a common root without synchronisation.
*
* So we can't run with a null context and threads.
*/
if (main_config.memory_report) {
if (main_config.spawn_workers) {
fprintf(stderr, "%s: The server cannot produce memory reports (-M) in threaded mode\n",
main_config.name);
exit(EXIT_FAILURE);
}
talloc_enable_null_tracking();
} else {
talloc_disable_null_tracking();
}
/*
* Initialising OpenSSL once, here, is safer than having individual modules do it.
* Must be called before display_version to ensure relevant engines are loaded.
*/
#ifdef HAVE_OPENSSL_CRYPTO_H
if (tls_global_init() < 0) exit(EXIT_FAILURE);
#endif
/*
* Better here, so it doesn't matter whether we get passed -xv or -vx.
*/
if (display_version) {
if (rad_debug_lvl == 0) rad_debug_lvl = 1;
fr_log_fp = stdout;
default_log.dst = L_DST_STDOUT;
default_log.fd = STDOUT_FILENO;
INFO("%s: %s", main_config.name, radiusd_version);
version_print();
exit(EXIT_SUCCESS);
}
if (rad_debug_lvl) version_print();
/*
* Under linux CAP_SYS_PTRACE is usually only available before setuid/setguid,
* so we need to check whether we can attach before calling those functions
* (in main_config_init()).
*/
fr_store_debug_state();
/*
* Write the PID always if we're running as a daemon.
*/
if (main_config.daemonize) main_config.write_pid = true;
/*
* Read the configuration files, BEFORE doing anything else.
*/
if (main_config_init() < 0) exit(EXIT_FAILURE);
/*
* This is very useful in figuring out why the panic_action didn't fire.
*/
INFO("%s", fr_debug_state_to_msg(fr_debug_state));
/*
* Check for vulnerabilities in the version of libssl were linked against.
*/
#if defined(HAVE_OPENSSL_CRYPTO_H) && defined(ENABLE_OPENSSL_VERSION_CHECK)
if (tls_global_version_check(main_config.allow_vulnerable_openssl) < 0) exit(EXIT_FAILURE);
#endif
fr_talloc_fault_setup();
/*
* Set the panic action (if required)
*/
{
char const *panic_action = NULL;
panic_action = getenv("PANIC_ACTION");
if (!panic_action) panic_action = main_config.panic_action;
if (panic_action && (fr_fault_setup(panic_action, argv[0]) < 0)) {
fr_perror("%s", main_config.name);
exit(EXIT_FAILURE);
}
}
#ifndef __MINGW32__
/*
* Disconnect from session
*/
if (main_config.daemonize) {
pid_t pid;
int devnull;
/*
* Really weird things happen if we leave stdin open and call things like
* system() later.
*/
devnull = open("/dev/null", O_RDWR);
if (devnull < 0) {
ERROR("Failed opening /dev/null: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
dup2(devnull, STDIN_FILENO);
close(devnull);
if (pipe(from_child) != 0) {
ERROR("Couldn't open pipe for child status: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
pid = fork();
if (pid < 0) {
ERROR("Couldn't fork: %s", fr_syserror(errno));
exit(EXIT_FAILURE);
}
/*
* The parent exits, so the child can run in the background.
*
* As the child can still encounter an error during initialisation
* we do a blocking read on a pipe between it and the parent.
*
* Just before entering the event loop the child will send a success
* or failure message to the parent, via the pipe.
*/
if (pid > 0) {
uint8_t ret = 0;
int stat_loc;
/* So the pipe is correctly widowed if the child exits */
close(from_child[1]);
/*
* The child writes a 0x01 byte on success, and closes
* the pipe on error.
*/
if ((read(from_child[0], &ret, 1) < 0)) {
ret = 0;
}
/* For cleanliness... */
close(from_child[0]);
/* Don't turn children into zombies */
if (!ret) {
waitpid(pid, &stat_loc, WNOHANG);
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
/* so the pipe is correctly widowed if the parent exits?! */
close(from_child[0]);
# ifdef HAVE_SETSID
setsid();
# endif
}
#endif
/*
* Ensure that we're using the CORRECT pid after forking, NOT the one
* we started with.
*/
radius_pid = getpid();
#ifdef HAVE_PTHREAD_H
/*
* Parse the thread pool configuration.
*/
if (thread_pool_bootstrap(main_config.config, &main_config.spawn_workers) < 0) exit(EXIT_FAILURE);
#endif
/*
* Initialize Auth-Type, etc. in the virtual servers
* before loading the modules. Some modules need those
* to be defined.
*/
if (virtual_servers_bootstrap(main_config.config) < 0) exit(EXIT_FAILURE);
/*
* Load the modules before starting up any threads.
*/
if (modules_init(main_config.config) < 0) exit(EXIT_FAILURE);
/*
* And then load the virtual servers.
*/
if (virtual_servers_init(main_config.config) < 0) exit(EXIT_FAILURE);
/*
* Initialize any event loops just enough so module instantiations can
* add fd/event to them, but do not start them yet.
*
* This has to be done post-fork in case we're using kqueue, where the
* queue isn't inherited by the child process.
*/
if (!radius_event_init(autofree)) exit(EXIT_FAILURE);
/*
* Redirect stderr/stdout as appropriate.
*/
if (radlog_init(&default_log, main_config.daemonize) < 0) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
#ifdef HAVE_PTHREAD_H
/*
* Initialize the threads ONLY if we're spawning, AND
* we're running normally.
*/
if (main_config.spawn_workers && (thread_pool_init() < 0)) exit(EXIT_FAILURE);
#endif
event_loop_started = true;
/*
* Start the event loop.
*/
radius_event_start(main_config.spawn_workers);
/*
* If we're debugging, then a CTRL-C will cause the server to die
* immediately. Use SIGTERM to shut down the server cleanly in
* that case.
*/
if (main_config.debug_memory || (rad_debug_lvl == 0)) {
if ((fr_set_signal(SIGINT, sig_fatal) < 0)
#ifdef SIGQUIT
|| (fr_set_signal(SIGQUIT, sig_fatal) < 0)
#endif
) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
}
/*
* Everything seems to have loaded OK, exit gracefully.
*/
if (check_config) {
DEBUG("Configuration appears to be OK");
/* for -C -m|-M */
if (main_config.debug_memory) goto cleanup;
exit(EXIT_SUCCESS);
}
/*
* Now that we've set everything up, we can install the signal
* handlers. Before this, if we get any signal, we don't know
* what to do, so we might as well do the default, and die.
*/
#ifdef SIGPIPE
signal(SIGPIPE, SIG_IGN);
#endif
if ((fr_set_signal(SIGHUP, sig_hup) < 0) ||
(fr_set_signal(SIGTERM, sig_fatal) < 0)) {
ERROR("%s", fr_strerror());
exit(EXIT_FAILURE);
}
#ifdef WITH_STATS
radius_stats_init(0);
#endif
/*
* Write the PID after we've forked, so that we write the correct one.
*/
if (main_config.write_pid) {
FILE *fp;
fp = fopen(main_config.pid_file, "w");
if (fp != NULL) {
/*
* @fixme What about following symlinks,
* and having it over-write a normal file?
*/
fprintf(fp, "%d\n", (int) radius_pid);
fclose(fp);
} else {
ERROR("Failed creating PID file %s: %s", main_config.pid_file, fr_syserror(errno));
exit(EXIT_FAILURE);
}
}
exec_trigger(NULL, NULL, "server.start", false);
/*
* Inform the parent (who should still be waiting) that the rest of
* initialisation went OK, and that it should exit with a 0 status.
* If we don't get this far, then we just close the pipe on exit, and the
* parent gets a read failure.
*/
if (main_config.daemonize) {
if (write(from_child[1], "\001", 1) < 0) {
WARN("Failed informing parent of successful start: %s",
fr_syserror(errno));
}
close(from_child[1]);
}
/*
* Clear the libfreeradius error buffer.
*/
fr_strerror();
/*
* Initialise the state rbtree (used to link multiple rounds of challenges).
*/
global_state = fr_state_tree_init(autofree, main_config.max_requests * 2, main_config.continuation_timeout);
/*
* Process requests until HUP or exit.
*/
while ((status = radius_event_process()) == 0x80) {
#ifdef WITH_STATS
radius_stats_init(1);
#endif
main_config_hup();
}
if (status < 0) {
ERROR("Exiting due to internal error: %s", fr_strerror());
rcode = EXIT_FAILURE;
} else {
INFO("Exiting normally");
rcode = EXIT_SUCCESS;
}
/*
* Ignore the TERM signal: we're about to die.
*/
signal(SIGTERM, SIG_IGN);
/*
* Fire signal and stop triggers after ignoring SIGTERM, so handlers are
* not killed with the rest of the process group, below.
*/
if (status == 2) exec_trigger(NULL, NULL, "server.signal.term", true);
exec_trigger(NULL, NULL, "server.stop", false);
/*
* Send a TERM signal to all associated processes
* (including us, which gets ignored.)
*/
#ifndef __MINGW32__
if (main_config.spawn_workers) kill(-radius_pid, SIGTERM);
#endif
/*
* We're exiting, so we can delete the PID file.
* (If it doesn't exist, we can ignore the error returned by unlink)
*/
if (main_config.daemonize) unlink(main_config.pid_file);
/*
* Free memory in an explicit and consistent order
*
* We could let everything be freed by the autofree
* context, but in some cases there are odd interactions
* with destructors that may cause double frees and
* SEGVs.
*/
radius_event_free(); /* Free the requests */
#ifdef HAVE_PTHREAD_H
thread_pool_stop(); /* stop all the threads */
#endif
talloc_free(global_state); /* Free state entries */
cleanup:
map_proc_free(); /* Free map processors */
main_config_free(); /* Free the main config */
modules_free(); /* Detach any modules (and their connection pools) */
xlat_free(); /* modules may have xlat's */
#ifdef WIN32
WSACleanup();
#endif
#ifdef HAVE_OPENSSL_CRYPTO_H
tls_global_cleanup(); /* Cleanup any memory malloced by OpenSSL and placed into globals */
#endif
talloc_free(autofree); /* Cleanup everything else */
/*
* Anything not cleaned up by the above is allocated in the NULL
* top level context, and is likely leaked memory.
*/
if (main_config.memory_report) fr_log_talloc_report(NULL);
return rcode;
}