radiusd.c

RADIUS协议的认证计费服务

		    case 'n':	/* No session table */
			no_old_session = 1;
			break;
#endif	/* MERIT_LAS */

		    case 'P':	/* Allow password changing. */
			allow_pw_changing = 1;
			break;

		    case 'p':
			i = 0;	/* use i as double-letter flag */
			if (argv[0][2] == 'p')
			{
				i = 1;
				if (argv[0][3])
				{
					ptr = &argv[0][3];
				}
				else
				{
					if (--argc == 0)
					{
						usage ();
					}
					ptr = (++argv)[0];
				}
			}
			else /* only one "p" and i == 0 */
			{
				if (argv[0][2])
				{
					ptr = &argv[0][2];
				}
				else
				{
					if (--argc == 0)
					{
						usage ();
					}
					ptr = (++argv)[0];
				}
			}

			if (sscanf (ptr, "%u", &result) != 1)
			{
				fprintf (stderr, "%s: Invalid port number\n",
					 progname);
				usage ();
			}

			if (i == 1) /* double "p" sets relay UDP port */
			{
				auth_fwd_port = result;
			}
			else /* only one "p" */
			{
				auth_port = result;
			}
			break;

		    case 'q':
			i = 0; /* use i as double-letter flag */
			if (argv[0][2] == 'q')
			{
				i = 1;
				if (argv[0][3])
				{
					ptr = &argv[0][3];
				}
				else
				{
					if (--argc == 0)
					{
						usage ();
					}
					ptr = (++argv)[0];
				}
			}
			else /* only one "q" and i == 0 */
			{
				if (argv[0][2])
				{
					ptr = &argv[0][2];
				}
				else
				{
					if (--argc == 0)
					{
						usage ();
					}
					ptr = (++argv)[0];
				}
			}

			if (sscanf (ptr, "%u", &result) != 1)
			{
				fprintf (stderr, "%s: Invalid port number\n",
					 progname);
				usage ();
			}

			if (i == 1) /* double "q" sets relay UDP port */
			{
				acct_fwd_port = result;
			}
			else /* only one "q" */
			{
				acct_port = result;
			}
			break;

#if defined(USE_DBM) || defined(USE_NDBM)
		    case 'u':
			/* Don't read RADIUS_USERS file into data structure */
			cache_users = 0;
			break;
#endif	/* USE_DBM || USE_NDBM*/

		    case 't':

			/*
			 * Set inactivity timeout for select(2).  The program
			 * will exit upon timeout.  This is intended for those
			 * systems which will start the server from inetd(8).
			 */
			if (argv[0][2])
			{
				ptr = &argv[0][2];
			}
			else
			{
				if (argc > 1)
				{
					ptr = (++argv)[0];
					argc--;
				}
				else
				{
					ptr = NULL;
				}
			}

			if (ptr == NULL || sscanf (ptr, "%d", &i) != 1)
			{
				fprintf (stderr, "%s: Invalid timeout value\n",
					 progname);
				usage ();
			}
			timeout.tv_sec = 60 * i;
			selecttime = &timeout;
			break;

		    case 'z':	/* zap (empty) logfile & debug file, once */
			zap_logfile = 1;
			zap_debugfile = 1;
			break;

		    default:
			fprintf (stderr, "%s: Invalid option, \"%s\"\n",
				progname, *argv);
			usage ();
			break;
		}
		argc--;
		argv++;
	}

	if (zap_logfile > 0)
	{
		setup_logfile (1);	/* Zap the radius logfile */

		sprintf (path, "%s/%s", radius_dir, RADIUS_DEBUG);
		strcpy (oldpath, path);
		strcat (oldpath, ".old");
		unlink (oldpath);
		rename (path, oldpath);
	}

	logit (LOG_DAEMON, LOG_INFO,
		"Merit AAA server %s, licensed software", verinfo (2));
	logit (LOG_DAEMON, LOG_INFO,
		"COPYRIGHT 1992, 1993, 1994, 1995, 1996, 1997, 1998");
	logit (LOG_DAEMON, LOG_INFO,
		"THE REGENTS OF THE UNIVERSITY OF MICHIGAN");
	logit (LOG_DAEMON, LOG_INFO, "ALL RIGHTS RESERVED");

#ifdef BASIC_SERVER
	logit (LOG_DAEMON, LOG_INFO,
"PERMISSION IS GRANTED TO USE, COPY AND REDISTRIBUTE THIS VERSION OF THE MERIT");
	logit (LOG_DAEMON, LOG_INFO,
"BASIC AAA SERVER, SO LONG AS NO FEE IS CHARGED FOR THIS SOFTWARE, AND SO LONG");
	logit (LOG_DAEMON, LOG_INFO,
"AS THE COPYRIGHT NOTICE ABOVE, THIS GRANT OF PERMISSION, AND THE DISCLAIMER");
	logit (LOG_DAEMON, LOG_INFO,
"BELOW APPEAR IN ALL COPIES MADE; AND SO LONG AS THE NAME OF THE UNIVERSITY OF");
	logit (LOG_DAEMON, LOG_INFO,
"MICHIGAN OR MERIT NETWORK IS NOT USED IN ANY ADVERTISING OR PUBLICITY");
	logit (LOG_DAEMON, LOG_INFO,
"PERTAINING TO THE USE OR DISTRIBUTION OF THIS SOFTWARE WITHOUT SPECIFIC,");
	logit (LOG_DAEMON, LOG_INFO,
"WRITTEN PRIOR AUTHORIZATION.");
	logit (LOG_DAEMON, LOG_INFO,
"NO RIGHTS ARE GRANTED HEREUNDER FOR ANY RECIPIENT TO MODIFY, DISASSEMBLE,");
	logit (LOG_DAEMON, LOG_INFO,
"DECOMPILE, REVERSE ENGINEER OR OTHERWISE CREATE DERIVATIVE WORKS OF THIS");
	logit (LOG_DAEMON, LOG_INFO,
"SOFTWARE.");
	logit (LOG_DAEMON, LOG_INFO,
"THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION FROM THE UNIVERSITY");
	logit (LOG_DAEMON, LOG_INFO,
"OF MICHIGAN AS TO ITS FITNESS FOR ANY PURPOSE, AND WITHOUT WARRANTY BY THE");
	logit (LOG_DAEMON, LOG_INFO,
"UNIVERSITY OF MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING");
	logit (LOG_DAEMON, LOG_INFO,
"WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR");
	logit (LOG_DAEMON, LOG_INFO,
"A PARTICULAR PURPOSE.  THE REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE");
	logit (LOG_DAEMON, LOG_INFO,
"LIABLE FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR");
	logit (LOG_DAEMON, LOG_INFO,
"CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING OUT OF OR IN");
	logit (LOG_DAEMON, LOG_INFO,
"CONNECTION WITH THE USE OF THE SOFTWARE, EVEN IF IT HAS BEEN OR IS HEREAFTER");
	logit (LOG_DAEMON, LOG_INFO,
"ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.");
	logit (LOG_DAEMON, LOG_INFO,
"FOR FURTHER INFORMATION ABOUT THE ENHANCED MERIT AAA SERVER, SEND EMAIL TO:");
	logit (LOG_DAEMON, LOG_INFO,
"aaa.license@merit OR, VISIT THE WWW SITE:  www.merit.edu/aaa/");
#endif	/* BASIC_SERVER */

#ifdef	SVR4
	if (sysinfo (SI_HOSTNAME, ourhostname, sizeof (ourhostname)) < 0)
	{
		perror ("SI_HOSTNAME");
		exit (-16);
	}
#else	/* Assume BSD */
	if (gethostname (ourhostname, sizeof (ourhostname)) < 0)
	{
		perror ("gethostname");
		exit (-16);
	}
#endif	/* SVR4 */

	if (cur_wrk_dir != (char *) NULL)
	{
		if (chdir (cur_wrk_dir) < 0)
		{
			perror ("chdir");
			exit (-15);
		}
	}

	if (debug_flag > 0)
	{
		set_debug (1);	/* sets ddt global variable */
	}

	avalue = 0;

	/* Initialize the dictionary */
	if (dict_init () != 0)
	{
		if ((file_logging == 1) && (msgfd != (FILE *) NULL))
		{
			fflush (msgfd);
		}

		perror ("dict_init");
		exit (-1);
	}

	/* Initialize Configuration Values */
	if (config_initialize () != 0)
	{
		if ((file_logging == 1) && (msgfd != (FILE *) NULL))
		{
			fflush (msgfd);
		}

		perror ("config_initialize");
		exit (-2);
	}

	if (acct_port == 0 || acct_fwd_port == 0) /* was not on command line */
	{
		udp_port = PW_ACCT_UDP_PORT;
		acct_port = udp_port;  /* Assume default */
		acct_fwd_port = udp_port; /* Assume default */
	}

	if (auth_port == 0 || auth_fwd_port == 0) /* was not on command line */
	{
		udp_port = PW_AUTH_UDP_PORT;
		auth_port = udp_port;  /* Assume default */
		auth_fwd_port = udp_port; /* Assume default */
	}

	fsm = (FSM_ENT **) NULL;
	default_fsm = (FSM_ENT **) NULL;
	nfsm = 0;

	for (i = 0; i <= PW_AUTH_MAX; i++)
	{
	        authtype_tv[i] = (AATV *) NULL; /* array for authentication */
	}

	for (i = j = 0; i < MAX_AATV; i++)
	{
		if ((aatv = *aatv_ptrs[i]) == NULL)
		{
			continue;
		}

		aatv->sockfd = -1;	/* do this here to ensure consistency */

		if ((authtype = aatv->authen_type) != -1)
		{
			authtype_tv[authtype] = aatv;
		}

		if (aatv->timer != (int (*)() ) NULL)
		{
			timer_funcs[j++] = aatv->timer; /* array for timers */
		}
	}
	timer_funcs[j] = NULL;

	read_sysconf ();	/* Configure the engine for the first time */

	/* Do AATV initialization now (to get inetd flag set) */
	maxfd = init_aatvs ();

	/*
	 *	If we're running under (x)inetd, change stderr,
	 *	if it is the same as stdin/stdout.
	 */
	if (inetd)
	{
		if (fdcmp (STDIN_FILENO, STDERR_FILENO) == 0)
		{
			reset_stderr ("/dev/console", 1);
		}
	}

	/*
	 *	Disconnect from session
	 */
	if (debug_flag <= 0 && !inetd)
	{
		pid = (int) fork ();
		if (pid < 0)
		{
			sprintf (errmsg, "%s: Could not fork", progname);
			perror (errmsg);

			if ((file_logging == 1) && (msgfd != (FILE *) NULL))
			{
				fflush (msgfd);
			}

			exit (-5);
		}

		if (pid > 0) /* parent */
		{
			exit (0);
		}
	}

	sigemptyset (&signals);		/* Init signal suspend mask */
	sigaddset (&signals, SIGALRM);
	sigaddset (&signals, SIGCHLD);
	sigaddset (&signals, SIGHUP);
	sigaddset (&signals, SIGINT);
	sigaddset (&signals, SIGQUIT);
	sigaddset (&signals, SIGTERM);
	sigaddset (&signals, SIGUSR1);
	sigaddset (&signals, SIGUSR2);

	memcpy ((char *) &action.sa_mask, (char *) &signals,
		sizeof (action.sa_mask));
	action.sa_flags = 0;

	action.sa_handler = reply_timer;	/* Set up to use alarm() */
	sigaction (SIGALRM, &action, NULL);
	action.sa_handler = child_end;	/* General AATV process end routine */
	sigaction (SIGCHLD, &action, NULL);
	action.sa_handler = doconfig;		/* Set up HUP signal handler */
	sigaction (SIGHUP, &action, NULL);
	action.sa_handler = sig_int;		/* Initialize all AATVs */
	sigaction (SIGINT, &action, NULL);
	action.sa_handler = sig_quit;		/* Child terminator */
	sigaction (SIGQUIT, &action, NULL);
	action.sa_handler = sig_term;		/* Orderly shutdown */
	sigaction (SIGTERM, &action, NULL);
	action.sa_handler = debug_bump;		/* Increase debugging level */
	sigaction (SIGUSR1, &action, NULL);
	action.sa_handler = debug_off;		/* Disable debugging output */
	sigaction (SIGUSR2, &action, NULL);

	/*
	 * Disable signal processing until we're ready to go.  In particular
	 * we need to prevent update_clients() process from doing child_end()
	 * until we're fully initialized.
	 */
	sigprocmask (SIG_BLOCK, &signals, NULL);

	/* Now finish initialization, skipping call to init_aatvs () */
	doconfig (0);

	setsid ();

	/* Position RCS revision number at beginning of logversion[] */

	ptr = strchr (verinfo (2), ' ');	/* Locate first space */
	strcpy (logversion, ptr + 1);	/* Move version number to front */
	strtok (logversion, " ");  /* Terminate string after version number */

	if (debug_flag <= 0)
	{
		sprintf (errmsg, "%s/%s", radius_dir, RADIUS_PID);
		if ((fp = fopen (errmsg, "w")) == (FILE *) NULL)
		{
			logit (LOG_DAEMON, LOG_ERR,
				"%s: Could not open %s for startup message",
				progname, errmsg);

			if ((file_logging == 1) && (msgfd != (FILE *) NULL))
			{
				fflush (msgfd);
			}

			exit (-6);
		}

#ifndef SCO
		fchmod (fileno(fp), RAD_READ_MODE);
#endif

		sprintf (errmsg, "%u PID %s version [%s]",
			getpid (), progname, logversion);

		if (inetd)
		{
			strcat (errmsg, " (x)inetd");
		}

		fprintf (fp, "%s %-24.24s\n", errmsg, ctime (&birthdate));
		fclose (fp);

		sprintf (oldpath, "%-24.24s", ctime (&birthdate));
		logit (LOG_DAEMON, LOG_INFO, "Started %s: %s", oldpath, errmsg);
	}
	else
	{
		fprintf (ddt, "%-24.24s: Debugging turned ON, Level %d\n",
			ctime (&birthdate), debug_flag);
		fprintf (ddt, "%s\n", verinfo (1));
		fprintf (ddt, "Program = %s\n", progname);
	}

	if (inetd > 0 && selecttime == NULL)
	{
		timeout.tv_sec = 60 * DEFAULT_INETD_TIMEOUT;
		selecttime = &timeout;
	}
	stat_files (1, cache_users); /* first arg == one => init stat values */

	if (selecttime != NULL && timeout.tv_sec == 0)
	{
		selecttime = NULL;	/* No time for this! */
	}
	tofmaxdelay = time (0); /* Initialize the time of maximum delay */

	/* Give DNS process a chance to finish before reading requests */
	if (spawn_flag)
	{
		FD_CLR(server_aatv.sockfd, &select_mask);
		alarm (1);
		alarm_set++;