]> git.ipfire.org Git - thirdparty/strongswan.git/commitdiff
projects / thirdparty / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: db77230)
file-logger: Set owner/group of log file
authorTobias Brunner <tobias@strongswan.org>
Tue, 14 Apr 2020 08:31:49 +0000 (10:31 +0200)
committerTobias Brunner <tobias@strongswan.org>
Thu, 7 May 2020 07:30:57 +0000 (09:30 +0200)
The file is usually opened/created by root, however, if user/group IDs
are configured and the configuration is reloaded, the file will be reopened
as configured user.  Like with UNIX sockets we only attempt to change
the user if we have CAP_CHOWN allowing a start as regular user.

We don't have chown() on Windows, so check for it.

configure.ac patch | blob | blame | history
src/libcharon/bus/listeners/file_logger.c patch | blob | blame | history

diff --git a/configure.ac b/configure.ac
index 7788121e156be619e1aa89e5ce5be473dddd6732..867b2040dd1054b2bdd444ab327a36b1c664f5bc 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -661,7 +661,7 @@ AC_CHECK_FUNC(
        ]
 )
 
-AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
+AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
 AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)
 
 AC_CHECK_FUNC([syslog], [
diff --git a/src/libcharon/bus/listeners/file_logger.c b/src/libcharon/bus/listeners/file_logger.c
index d1f18022745b0d77b0c533714ff9ffbb84182df8..704c4a510e911ec6f9fcee369f20995e9d13ff73 100644 (file)
--- a/src/libcharon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
@@ -243,6 +243,25 @@ METHOD(file_logger_t, open_, void,
                                 this->filename, strerror(errno));
                        return;
                }
+#ifdef HAVE_CHOWN
+               if (lib->caps->check(lib->caps, CAP_CHOWN))
+               {
+                       if (chown(this->filename, lib->caps->get_uid(lib->caps),
+                                         lib->caps->get_gid(lib->caps)) != 0)
+                       {
+                               DBG1(DBG_NET, "changing owner/group for '%s' failed: %s",
+                                        this->filename, strerror(errno));
+                       }
+               }
+               else
+               {
+                       if (chown(this->filename, -1, lib->caps->get_gid(lib->caps)) != 0)
+                       {
+                               DBG1(DBG_NET, "changing group for '%s' failed: %s",
+                                        this->filename, strerror(errno));
+                       }
+               }
+#endif /* HAVE_CHOWN */
 #ifdef HAVE_SETLINEBUF
                if (flush_line)
                {
Unnamed repository; edit this file 'description' to name the repository.