This file is indexed.

/usr/sbin/radwatch is in freeradius 2.2.8+dfsg-0.1build2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#!/bin/sh
######################################################################
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program; if not, write to the Free Software
#    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
#
#    Copyright (C) 2009 Network RADIUS SARL <info@networkradius.com>
#
######################################################################
#
# radwatch - Start the radius daemon and restart upon crash.
#
#  It also catches signals sent to it, and then re-sends those signals
#  to the radius server it is watching.
#
#  If you want to watch and re-start the server, we recommend
#  reading the file doc/supervise-radiusd.txt

#
#  This simplifies the script, and avoids most issues with (say)
#  Debian re-naming "radiusd" to "freeradius".
#
name=radiusd

prefix=/usr
exec_prefix=/usr
sbindir=${exec_prefix}/sbin
localstatedir=/var
logdir=/var/log/freeradius
rundir=${localstatedir}/run/${name}
sysconfdir=/etc
pid_file=${rundir}/${name}.pid
log_file=${logdir}/${name}_safe.log

#
#  Figure out what arguments to pass tail
#
tail="tail -n "
echo foo | ${tail}1 > /dev/null 2>&1
if test "$?" != "0"
then
    tail="tail -"
fi

RADIUSD=$sbindir/${name}
RADDBDIR=${sysconfdir}/raddb

#
#  If you want to send email, define this field to be an email address.
#  This part of the functionality hasn't been well tested, so please
#  test it before putting it into production.
#
#  It also presumes that you have a functioning mail system on
#  the maching running RADIUS.  You will need to check that the
#  "mail" command exists, and sends mail to the address below, e.g.:
#
#     echo test | mail -s "Testing" $MAILTO
#
#  If you receive the message, then enable MAILTO.  Otherwise, fix
#  your mail system so that it delivers mail.
#
MAILTO=

#
#  Allow "radiusd_safe -X" for testing the radiusd_safe functionality.
#
ARGS="$@"

test -f $RADIUSD || exit 0
test -f $RADDBDIR/radiusd.conf || exit 0

ulimit -c unlimited

#
#  See if the PID file exists.  It might have been left over after
#  a crash, or it might be because the RADIUS server is still running.
#
if test -f $pid_file
then
    PID=`cat $pid_file`
    #
    #  Check if the process exists, AND if it has the right name
    #
    if ps -p $PID | grep $name > /dev/null
    then
	echo "`date +'%a %b %e %H:%M:%S %Y'` : Fatal: A $name process already exists at PID $PID.  We cannot start another one." >> $log_file
	echo "A $name process already exists"
	exit 1
    fi
    
    #
    #  A RADIUS server doesn't exist.  Delete the stale PID file.
    #
    rm -f $pid_file
    if test -f $pid_file
    then
	echo "`date +'%a %b %e %H:%M:%S %Y'` : Fatal: Cannot remove the pid file: $pid_file" >> $log_file
	echo "Fatal error: Cannot remove the pid file: $pid_file"
	echo "Please remove it manually and start $0 again"
	echo "$name daemon not started"
	exit 1
    fi
fi

started=0
restarts=0
last_email=0
now=0

#
#  Save our PID.
#
echo $$ > ${rundir}/${name}_safe.pid

#
#  Loop forever, or until we're told to exit via a signal.
#
while :
do
    #
    #  The first time around, just start the server.
    #  After that, see if we are re-starting in the same second
    #  as the last time.  If so, sleep for a second.  Otherwise,
    #  if we're not starting in the same second, then just restart
    #  the server.
    #
    #  This helps prevent CPU spikes when something goes catastrophically
    #  wrong, and the server re-starts continuously.  (e.g. disk full, etc.)
    #
    now_s=`date +'%a %b %e %H:%M:%S %Y'`
    if test "$started" != "0"
    then
	#  Send mail when the server starts
	if test "$MAILTO" != ""
	then
	    # don't print minutes and seconds: cheap way
	    # of sending email only once an hour.
	    now=`date +'%a %b %e %H %Y'`
	    restarts=`expr $restarts + 1`

	    # send email the first time it restarts
	    if test "$last_email" = "0"
	    then
		    cat |  mail -s "ERROR - $name died, restarting.." $MAILTO <<EOF
$name has restarted unexpectedly at $now

See $log_file for details.  Last 20 lines are:

----------------------------------------------------------------------
`${tail}20 $log_file`
EOF
		last_email="$now"
		restarts=0
	    else
		#  Send email only once every hour (or so)
		if test "$now" != "$last_email"
		then
		    cat |  mail -s "ERROR - $name died, restarting.." $MAILTO <<EOF
$name has restarted $restarts times since last email at $last_email

See $log_file for details.  Last 100 lines are:

----------------------------------------------------------------------
`${tail}100 $log_file`
EOF
		    last_email="$now"
		    restarts=0
		fi
	    fi
	fi

	if test "$started" = "$now_s"
	then
	    #  Allow us to be killed
	    trap - HUP INT QUIT TERM TSTP
	    sleep 1
	fi
    fi
    started="$now_s"

    mysig=
    trap 'mysig=1' HUP
    trap 'mysig=2' INT
    trap 'mysig=3' QUIT
    trap 'mysig=15' TERM
    trap 'mysig=18' TSTP

    eval "$RADIUSD -f $ARGS < /dev/null >> $log_file 2>&1 &"
    PID=$!
    
    if test "$?" != "0"
    then
	echo "Failed to start $name.  See $log_file for details"
	echo "$name daemon not started"
	exit 1
    fi

    echo $PID > $pid_file

    #
    #  Wait for the process to exit.
    #
    wait $PID
    code=$?

    #
    #  On *BSD and Linux, sending *us* a signal results in "wait" returning
    #  with 128+sig.  On Solaris, it results in "wait" returning with "0".
    #
    #  If this happens, we reset our expectations here so that the code
    #  below will work correctly.
    #
    if test "$code" = "0"
    then
	if test "$mysig" != ""
	then
	    code=`expr $mysig + 128`
	fi
    fi

    case "$code" in
	0)
	    echo "`date +'%a %b %e %H:%M:%S %Y'` : Info: $name exited normally.  Exiting" | tee -a $log_file
	    break
	    ;;

	127)
	    echo "`date +'%a %b %e %H:%M:%S %Y'` : Info: $name exited unexpectedly.  Restarting it." | tee -a $log_file
	    ;;

	*)
	    #
	    #  The server exited of its own accord.
	    #
	    if test "$code" -lt 128
	    then
		echo "`date +'%a %b %e %H:%M:%S %Y'` : Info: $name exited unexpectedly on exit code $code.  Restarting it." | tee -a $log_file
	    else
		sig=`expr $code - 128`

		#
		#  Was the signal sent to us, or to the child process?
		#
		if test "$mysig" != ""
		then
		    echo "`date +'%a %b %e %H:%M:%S %Y'` : Info: Caught signal $sig: Signalling $name to exit." | tee -a $log_file
		    kill -$sig $PID
		    break
		else
		    echo "`date +'%a %b %e %H:%M:%S %Y'` : Info: $name exited unexpectedly on signal $sig.  Restarting it." | tee -a $log_file
		fi
	    fi
	    ;;
    esac
done

rm -f $pid_file ${rundir}/${name}_safe.pid
exit 0