print out descriptive message for people who butcher the configuration

author Alan T. DeKok <aland@freeradius.org>

Tue, 29 Apr 2025 16:33:27 +0000 (12:33 -0400)

committer Alan T. DeKok <aland@freeradius.org>

Tue, 29 Apr 2025 16:34:00 +0000 (12:34 -0400)
author Alan T. DeKok <aland@freeradius.org>
Tue, 29 Apr 2025 16:33:27 +0000 (12:33 -0400)
committer Alan T. DeKok <aland@freeradius.org>
Tue, 29 Apr 2025 16:34:00 +0000 (12:34 -0400)
diff --git a/src/include/modules.h b/src/include/modules.h

index 9ba81b3bc1fb7f19a25bfbbd8007a6ea8239d561..a07b2f6fe7c67ef52b1a5485fd2ca4f1981ac93e 100644 (file)
--- a/src/include/modules.h
+++ b/src/include/modules.h
@@ -168,6 +168,8 @@ rlm_rcode_t indexed_modcall(rlm_components_t comp, int idx, REQUEST *request);
  int virtual_servers_load(CONF_SECTION *config);
  void virtual_servers_free(time_t when);
  
+int virtual_server_sanity_check(REQUEST *request);
+
  #ifdef __cplusplus
  }
  #endif
diff --git a/src/main/modules.c b/src/main/modules.c

index 8f83690b6b4c322aeb3edee38695f141f29cfed6..c3a4c3deb7ed84332387253a8d35597074095a06 100644 (file)
--- a/src/main/modules.c
+++ b/src/main/modules.c
@@ -2294,3 +2294,66 @@ rlm_rcode_t process_send_coa(int send_coa_type, REQUEST *request)
         return indexed_modcall(MOD_SEND_COA, send_coa_type, request);
  }
  #endif
+
+int virtual_server_sanity_check(REQUEST *request)
+{
+       virtual_server_t *server;
+
+       server = virtual_server_find(request->server);
+       if (!server) {
+               RDEBUG("No such virtual server \"%s\"", request->server);
+               return -1;
+       }
+
+       switch (request->packet->code) {
+       case PW_CODE_ACCESS_REQUEST:
+               if (!server->mc[MOD_AUTHORIZE] &&
+                   !server->mc[MOD_AUTHENTICATE] &&
+                   !server->mc[MOD_POST_AUTH]) {
+                       REDEBUG("The virtual server %s is missing ALL of the 'authorize', 'authenticate', and 'post-auth' sections.", server->name);
+                       REDEBUG("Please either update the 'listen' section so that it does not receive Access-Request packets,");
+                       REDEBUG("or, add those sections back into the virtual server.");
+                       RDEBUG("The server WILL NOT be able to process Access-Request packets until the configuration is fixed.");
+                       return -1;
+               }
+               break;
+
+       case PW_CODE_ACCOUNTING_REQUEST:
+               if (!server->mc[MOD_PREACCT] &&
+                   !server->mc[MOD_ACCOUNTING]) {
+                       REDEBUG("The virtual server %s is missing ALL of the 'preacct' and 'accounting' sections.", server->name);
+                       REDEBUG("Please either update the 'listen' section so that it does not receive Accounting-Request packets,");
+                       REDEBUG("or, add those sections back into the virtual server.");
+                       RDEBUG("The server WILL NOT be able to process Accounting-Request packets until the configuration is fixed.");
+                       return -1;
+               }
+               break;
+
+       case PW_CODE_COA_REQUEST:
+               if (!server->mc[MOD_RECV_COA] &&
+                   !server->mc[MOD_SEND_COA]) {
+                       REDEBUG("The virtual server %s is missing ALL of the 'recv-coa' and 'send-coa' sections.", server->name);
+                       REDEBUG("Please either update the 'listen' section so that it does not receive CoA-Request packets,");
+                       REDEBUG("or, add those sections back into the virtual server.");
+                       RDEBUG("The server WILL NOT be able to process CoA-Request packets until the configuration is fixed.");
+                       return -1;
+               }
+               break;
+
+       case PW_CODE_DISCONNECT_REQUEST:
+               if (!server->mc[MOD_RECV_COA] &&
+                   !server->mc[MOD_SEND_COA]) {
+                       REDEBUG("The virtual server %s is missing ALL of the 'recv-coa' and 'send-coa' sections.", server->name);
+                       REDEBUG("Please either update the 'listen' section so that it does not receive Disconnect-Request packets,");
+                       REDEBUG("or, add those sections back into the virtual server.");
+                       RDEBUG("The server WILL NOT be able to process Disconnect-Request packets until the configuration is fixed.");
+                       return -1;
+               }
+               break;
+
+       default:
+               break;
+       }
+
+       return 0;
+}
diff --git a/src/main/process.c b/src/main/process.c

index 25ffdc9a14cf60bc55fccbc770a85c7546ad7989..cc520450a8ec66e0762232c58c6fe4606ffa9975 100644 (file)
--- a/src/main/process.c
+++ b/src/main/process.c
@@ -2121,6 +2121,13 @@ static REQUEST *request_setup(TALLOC_CTX *ctx, rad_listen_t *listener, RADIUS_PA
                 request->server = NULL;
         }
  
+       if (fr_debug_lvl) {
+               if (virtual_server_sanity_check(request) < 0) {
+                       talloc_free(request);
+                       return NULL;
+               }
+       }
+
         request->root = &main_config;
  #ifdef WITH_TCP
         request->listener->count++;
author	Alan T. DeKok <aland@freeradius.org>
	Tue, 29 Apr 2025 16:33:27 +0000 (12:33 -0400)
committer	Alan T. DeKok <aland@freeradius.org>
	Tue, 29 Apr 2025 16:34:00 +0000 (12:34 -0400)
src/include/modules.h		patch \| blob \| blame \| history
src/main/modules.c		patch \| blob \| blame \| history
src/main/process.c		patch \| blob \| blame \| history