📄 mainconfig.c
字号:
*last = this; return this->fd; } } return -1;}/* * Generate a list of listeners. Takes an input list of * listeners, too, so we don't close sockets with waiting packets. */static int listen_init(const char *filename, rad_listen_t **head){ CONF_SECTION *cs; rad_listen_t **last; char buffer[32]; rad_listen_t *this; /* * Add to the end of the list. */ for (last = head; *last != NULL; last = &((*last)->next)) { /* do nothing */ } /* * Find the first one (if any). */ for (cs = cf_subsection_find_next(mainconfig.config, NULL, "listen"); cs != NULL; cs = cf_subsection_find_next(mainconfig.config, cs, "listen")) { memset(&listen_inst, 0, sizeof(listen_inst)); /* * Fix errors for later. */ if (cf_section_parse(cs, &listen_inst, listen_config) < 0) { radlog(L_CONS|L_ERR, "%s[%d]: Error parsing listen section.", filename, cf_section_lineno(cs)); return -1; } if (listen_type) { listen_inst.type = lrad_str2int(listen_compare, listen_type, 0); } if (listen_inst.type == RAD_LISTEN_NONE) { radlog(L_CONS|L_ERR, "%s[%d]: Invalid type in listen section.", filename, cf_section_lineno(cs)); return -1; } this = rad_malloc(sizeof(*this)); memcpy(this, &listen_inst, sizeof(*this)); /* * And bind it to the port. */ if (listen_bind(this) < 0) { radlog(L_CONS|L_ERR, "%s[%d]: Error binding to port for %s:%d", filename, cf_section_lineno(cs), ip_ntoa(buffer, this->ipaddr), this->port); free(this); return -1; } *last = this; last = &(this->next); } /* * If we're proxying requests, open the proxy FD. * Otherwise, don't do anything. */ if (mainconfig.proxy_requests == TRUE) { int port = -1; rad_listen_t *auth; /* * Find the first authentication port, * and use it */ for (auth = *head; auth != NULL; auth = auth->next) { if (auth->type == RAD_LISTEN_AUTH) { port = auth->port + 2; break; } } /* * Not found, pick an accounting port. */ if (port < 0) for (auth = *head; auth != NULL; auth = auth->next) { if (auth->type == RAD_LISTEN_ACCT) { port = auth->port + 1; break; } } /* * Still no port. Don't do anything. */ if (port < 0) { return 0; } this = rad_malloc(sizeof(*this)); memset(this, 0, sizeof(*this)); /* * Create the proxy socket. */ this->ipaddr = mainconfig.myip; this->type = RAD_LISTEN_PROXY; /* * Try to find a proxy port (value doesn't matter) */ for (this->port = port; this->port < 64000; this->port++) { if (listen_bind(this) == 0) { last_proxy_port = this->port; *last = this; return 0; } } radlog(L_ERR|L_CONS, "Failed to open socket for proxying"); free(this); return -1; } return 0;}/* * Hack the OLD way of listening on a socket. */static int old_listen_init(rad_listen_t **head){ CONF_PAIR *cp; rad_listen_t *this, **last; /* * No "bind_address": all listen directives * are in the "listen" clauses. */ cp = cf_pair_find(mainconfig.config, "bind_address"); if (!cp) return 0; last = head; this = rad_malloc(sizeof(*this)); memset(this, 0, sizeof(*this)); /* * Create the authentication socket. */ this->ipaddr = mainconfig.myip; this->type = RAD_LISTEN_AUTH; this->port = auth_port; if (listen_bind(this) < 0) { radlog(L_CONS|L_ERR, "There appears to be another RADIUS server running on the authentication port %d", this->port); free(this); return -1; } auth_port = this->port; /* may have been updated in listen_bind */ *last = this; last = &(this->next); /* * Open Accounting Socket. * * If we haven't already gotten acct_port from /etc/services, * then make it auth_port + 1. */ this = rad_malloc(sizeof(*this)); memset(this, 0, sizeof(*this)); /* * Create the accounting socket. * * The accounting port is always the authentication port + 1 */ this->ipaddr = mainconfig.myip; this->type = RAD_LISTEN_ACCT; this->port = auth_port + 1; if (listen_bind(this) < 0) { radlog(L_CONS|L_ERR, "There appears to be another RADIUS server running on the accounting port %d", this->port); free(this); return -1; } *last = this; return 0;}#ifndef RADIUS_CONFIG#define RADIUS_CONFIG "radiusd.conf"#endifCONF_SECTION *read_radius_conf_file(void){ char buffer[256]; CONF_SECTION *cs; /* Lets go look for the new configuration files */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_CONFIG); if ((cs = conf_read(NULL, 0, buffer, NULL)) == NULL) { return NULL; } /* * This allows us to figure out where, relative to * radiusd.conf, the other configuration files exist. */ cf_section_parse(cs, NULL, server_config); /* Initialize the dictionary */ DEBUG2("read_config_files: reading dictionary"); if (dict_init(radius_dir, RADIUS_DICTIONARY) != 0) { radlog(L_ERR|L_CONS, "Errors reading dictionary: %s", librad_errstr); cf_section_free(&cs); return NULL; } return cs;}/* * Read config files. * * This function can ONLY be called from the main server process. */int read_mainconfig(int reload){ struct rlimit core_limits; static int old_debug_level = -1; char buffer[1024]; CONF_SECTION *cs, *oldcs; rad_listen_t *listener; RADCLIENT *c, *tail; if (!reload) { radlog(L_INFO, "Starting - reading configuration files ..."); } else { radlog(L_INFO, "Reloading configuration files."); } /* First read radiusd.conf */ DEBUG2("reread_config: reading radiusd.conf"); if ((cs = read_radius_conf_file()) == NULL) { if (debug_flag || (radlog_dir == NULL)) { radlog(L_ERR|L_CONS, "Errors reading radiusd.conf"); } else { radlog(L_ERR|L_CONS, "Errors reading %s/radiusd.conf: For more information, please read the tail end of %s", radlog_dir, mainconfig.log_file); } return -1; } /* * Free the old configuration items, and replace them * with the new ones. * * Note that where possible, we do atomic switch-overs, * to ensure that the pointers are always valid. */ oldcs = mainconfig.config; mainconfig.config = cs; cf_section_free(&oldcs); /* old-style naslist file */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_NASLIST); DEBUG2("read_config_files: reading naslist"); if (read_naslist_file(buffer) < 0) { radlog(L_ERR|L_CONS, "Errors reading naslist"); return -1; } /* old-style clients file */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_CLIENTS); DEBUG2("read_config_files: reading clients"); if (read_clients_file(buffer) < 0) { radlog(L_ERR|L_CONS, "Errors reading clients"); return -1; } /* * Add to that, the *new* list of clients. */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_CONFIG); c = generate_clients(buffer, mainconfig.config); if (!c) { return -1; } /* * The new list of clients takes precedence over the old one. */ for (tail = c; tail->next != NULL; tail = tail->next) { /* do nothing */ } tail->next = mainconfig.clients; mainconfig.clients = c; /* old-style realms file */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_REALMS); DEBUG2("read_config_files: reading realms"); if (read_realms_file(buffer) < 0) { radlog(L_ERR|L_CONS, "Errors reading realms"); return -1; } /* * If there isn't any realms it isn't fatal.. */ snprintf(buffer, sizeof(buffer), "%.200s/%.50s", radius_dir, RADIUS_CONFIG); if (generate_realms(buffer) < 0) { return -1; } /* * Register the %{config:section.subsection} xlat function. */ xlat_register("config", xlat_config, NULL); /* * Set the libraries debugging flag to whatever the main * flag is. Note that on a SIGHUP, to turn the debugging * off, we do other magic. * * Increase the debug level, if the configuration file * says to, OR, if we're decreasing the debug from what it * was before, allow that, too. */ if ((mainconfig.debug_level > debug_flag) || (mainconfig.debug_level <= old_debug_level)) { debug_flag = mainconfig.debug_level; } librad_debug = debug_flag; old_debug_level = mainconfig.debug_level; /* * Go update our behaviour, based on the configuration * changes. */ /* Get the current maximum for core files. */ if (getrlimit(RLIMIT_CORE, &core_limits) < 0) { radlog(L_ERR|L_CONS, "Failed to get current core limit: %s", strerror(errno)); exit(1); } if (mainconfig.allow_core_dumps) { if (setrlimit(RLIMIT_CORE, &core_limits) < 0) { radlog(L_ERR|L_CONS, "Cannot update core dump limit: %s", strerror(errno)); exit(1); /* * If we're running as a daemon, and core * dumps are enabled, log that information. */ } else if ((core_limits.rlim_cur != 0) && !debug_flag) radlog(L_INFO|L_CONS, "Core dumps are enabled."); } else if (!debug_flag) { /* * Not debugging. Set the core size to zero, to * prevent security breaches. i.e. People * reading passwords from the 'core' file. */ struct rlimit limits; limits.rlim_cur = 0; limits.rlim_max = core_limits.rlim_max; if (setrlimit(RLIMIT_CORE, &limits) < 0) { radlog(L_ERR|L_CONS, "Cannot disable core dumps: %s", strerror(errno)); exit(1); } } /* * The first time around, ensure that we can write to the * log directory. */ if (!reload) { /* * We need root to do mkdir() and chown(), so we * do this before giving up root. */ radlogdir_iswritable(mainconfig.uid_name); } switch_users(); /* * Sanity check the configuration for internal * consistency. */ if (mainconfig.reject_delay > mainconfig.cleanup_delay) { mainconfig.reject_delay = mainconfig.cleanup_delay; } /* * Initialize the old "bind_address" and "port", first. */ listener = NULL; if (old_listen_init(&listener) < 0) { exit(1); } /* * Read the list of listeners. */ snprintf(buffer, sizeof(buffer), "%.200s/radiusd.conf", radius_dir); if (listen_init(buffer, &listener) < 0) { exit(1); } if (!listener) { radlog(L_ERR|L_CONS, "Server is not configured to listen on any ports. Exiting."); exit(1); } listen_free(mainconfig.listen); mainconfig.listen = listener; return 0;}/* * Free the configuration. */int free_mainconfig(void){ /* * Clean up the configuration data * structures. */ cf_section_free(&mainconfig.config); realm_free(mainconfig.realms); clients_free(mainconfig.clients); return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -