track configuration versions

so we can tell if someone mangles the config, and claims otherwise

diff --git a/src/bin/radiusd.c b/src/bin/radiusd.c
index aedfd93ec7561f8428b530eedd6f4d560aad42f1..8c40080fd649bfe0bc9e9505a8c85ef611b032ca 100644 (file)
--- a/src/bin/radiusd.c
+++ b/src/bin/radiusd.c
@@ -637,6 +637,18 @@ int main(int argc, char *argv[])
         */
        INFO("%s", fr_debug_state_to_msg(fr_debug_state));
 
+       /*
+        *      Track configuration versions.  This lets us know if the configuration changed.
+        */
+       if (fr_debug_lvl) {
+               uint8_t digest[16];
+
+               cf_md5_final(digest);
+
+               INFO("Configuration version: %02x%02x-%02x%02x-%02x%02x-%02x%02x",
+                    digest[0], digest[1], digest[2], digest[3], digest[4], digest[5], digest[6], digest[7]);
+       }
+
        /*
         *  Call this again now we've loaded the configuration. Yes I know...
         */

diff --git a/src/lib/server/cf_file.c b/src/lib/server/cf_file.c
index 62b8717cb4bf86463af017776a6c85f9e7ca279c..743632f41a8f46caf3347c5ae12f1840746bfb3b 100644 (file)
--- a/src/lib/server/cf_file.c
+++ b/src/lib/server/cf_file.c
@@ -40,6 +40,7 @@ RCSID("$Id$")
 #include <freeradius-devel/util/file.h>
 #include <freeradius-devel/util/misc.h>
 #include <freeradius-devel/util/perm.h>
+#include <freeradius-devel/util/md5.h>
 #include <freeradius-devel/util/syserror.h>
 
 #include <sys/types.h>
@@ -3058,6 +3059,33 @@ static int frame_readdir(cf_stack_t *stack)
 }
 
 
+static fr_md5_ctx_t *cf_md5_ctx = NULL;
+
+void cf_md5_init(void)
+{
+       cf_md5_ctx = fr_md5_ctx_alloc();
+}
+
+
+static void cf_md5_update(char const *p)
+{
+       if (!cf_md5_ctx) return;
+
+       fr_md5_update(cf_md5_ctx, (uint8_t const *)p, strlen(p));
+}
+
+void cf_md5_final(uint8_t *digest)
+{
+       if (!cf_md5_ctx) {
+               memset(digest, 0, MD5_DIGEST_LENGTH);
+               return;
+       }
+
+       fr_md5_final(digest, cf_md5_ctx);
+       fr_md5_ctx_free(cf_md5_ctx);
+       cf_md5_ctx = NULL;
+}
+
 static int cf_file_fill(cf_stack_t *stack)
 {
        bool at_eof, has_spaces;
@@ -3073,6 +3101,7 @@ read_continuation:
         *      Get data, and remember if we are at EOF.
         */
        at_eof = (fgets(stack->fill, stack->bufsize - (stack->fill - stack->buff[0]), frame->fp) == NULL);
+       cf_md5_update(stack->fill);
        frame->lineno++;
 
        /*

diff --git a/src/lib/server/cf_file.h b/src/lib/server/cf_file.h
index 429fbd3bf22dd920b8affce52411cc54619f2ddf..3fd9fce54853c2297bdd76009c3a82c067c41a7c 100644 (file)
--- a/src/lib/server/cf_file.h
+++ b/src/lib/server/cf_file.h
@@ -49,6 +49,9 @@ void          cf_file_free(CONF_SECTION *cs);
 bool           cf_file_check(CONF_PAIR *cp, bool check_perms);
 void           cf_file_check_user(uid_t uid, gid_t gid);
 
+void           cf_md5_init(void);
+void           cf_md5_final(uint8_t *digest);
+
 /*
  *     Config file writing
  */

diff --git a/src/lib/server/main_config.c b/src/lib/server/main_config.c
index 431db312a037e44108b28fd2026bbf2edd094ee9..55eec15082c4ac1d928b673e92cb63a4337f9180 100644 (file)
--- a/src/lib/server/main_config.c
+++ b/src/lib/server/main_config.c
@@ -1170,6 +1170,11 @@ do {\
        if (cf_section_rules_push(cs, lib_dir_on_read_config) < 0) goto failure;
        if (cf_section_rules_push(cs, virtual_servers_on_read_config) < 0) goto failure;
 
+       /*
+        *      Track the status of the configuration.
+        */
+       if (fr_debug_lvl) cf_md5_init();
+
        /* Read the configuration file */
        snprintf(buffer, sizeof(buffer), "%.200s/%.50s.conf", config->raddb_dir, config->name);
        if (cf_file_read(cs, buffer) < 0) {