aboutsummaryrefslogtreecommitdiffstats
path: root/main/strongswan/0001-file-logger-Set-owner-group-of-log-file.patch
blob: 5010b3b32164ec5caf34c987bd1bfdd04b471231 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

From 11760f5d8c06aa62010e25bc1150f23a5e34099b Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 14 Apr 2020 10:31:49 +0200
Subject: [PATCH] file-logger: Set owner/group of log file

The file is usually opened/created by root, however, if user/group IDs
are configured and the configuration is reloaded, the file will be reopened
as configured user.  Like with UNIX sockets we only attempt to change
the user if we have CAP_CHOWN allowing a start as regular user.

We don't have chown() on Windows, so check for it.
---
 configure.ac                              |  2 +-
 src/libcharon/bus/listeners/file_logger.c | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index 7788121e1..867b2040d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -661,7 +661,7 @@ AC_CHECK_FUNC(
 	]
 )
 
-AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
+AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
 AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
 
 AC_CHECK_FUNC([syslog], [
diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index d1f180227..704c4a510 100644
--- a/src/libcharon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
@@ -243,6 +243,25 @@ METHOD(file_logger_t, open_, void,
 				 this->filename, strerror(errno));
 			return;
 		}
+#ifdef HAVE_CHOWN
+		if (lib->caps->check(lib->caps, CAP_CHOWN))
+		{
+			if (chown(this->filename, lib->caps->get_uid(lib->caps),
+					  lib->caps->get_gid(lib->caps)) != 0)
+			{
+				DBG1(DBG_NET, "changing owner/group for '%s' failed: %s",
+					 this->filename, strerror(errno));
+			}
+		}
+		else
+		{
+			if (chown(this->filename, -1, lib->caps->get_gid(lib->caps)) != 0)
+			{
+				DBG1(DBG_NET, "changing group for '%s' failed: %s",
+					 this->filename, strerror(errno));
+			}
+		}
+#endif /* HAVE_CHOWN */
 #ifdef HAVE_SETLINEBUF
 		if (flush_line)
 		{
-- 
2.25.2
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 06:58:40 +0000