From: Matthew Newton Date: Wed, 11 Jan 2012 12:33:03 +0000 (+0000) Subject: Unix group setting for detail log files X-Git-Tag: release_2_2_0~198^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9401152d4885b4a345ccb467448bcb6771c4aa1;p=thirdparty%2Ffreeradius-server.git Unix group setting for detail log files Patch to allow the group to be set when updating detail logs, rather than being limited to just the group of the running daemon. --- diff --git a/raddb/modules/detail b/raddb/modules/detail index 11005dc3e2b..2e68d065ec9 100644 --- a/raddb/modules/detail +++ b/raddb/modules/detail @@ -48,6 +48,13 @@ detail { # people from seeing that information. detailperm = 0600 + # The Unix group of the log file. + # + # The user that the server runs as must be in the specified + # system group otherwise this will fail to work. + # +# group = freerad + # # Every entry in the detail file has a header which # is a timestamp. By default, we use the ctime diff --git a/src/modules/rlm_detail/rlm_detail.c b/src/modules/rlm_detail/rlm_detail.c index 73076514f41..4be7f7b9873 100644 --- a/src/modules/rlm_detail/rlm_detail.c +++ b/src/modules/rlm_detail/rlm_detail.c @@ -36,6 +36,14 @@ RCSID("$Id$") #include #endif +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_GRP_H +#include +#endif + #define DIRLEN 8192 struct detail_instance { @@ -45,6 +53,9 @@ struct detail_instance { /* detail file permissions */ int detailperm; + /* detail file group */ + char *group; + /* directory permissions */ int dirperm; @@ -67,6 +78,8 @@ static const CONF_PARSER module_config[] = { offsetof(struct detail_instance,header), NULL, "%t" }, { "detailperm", PW_TYPE_INTEGER, offsetof(struct detail_instance,detailperm), NULL, "0600" }, + { "group", PW_TYPE_STRING_PTR, + offsetof(struct detail_instance,group), NULL, NULL}, { "dirperm", PW_TYPE_INTEGER, offsetof(struct detail_instance,dirperm), NULL, "0755" }, { "locking", PW_TYPE_BOOLEAN, @@ -185,6 +198,12 @@ static int do_detail(void *instance, REQUEST *request, RADIUS_PACKET *packet, off_t fsize; FILE *fp; +#ifdef HAVE_GRP_H + gid_t gid; + struct group *grp; + char *endptr; +#endif + struct detail_instance *inst = instance; rad_assert(request != NULL); @@ -317,6 +336,27 @@ static int do_detail(void *instance, REQUEST *request, RADIUS_PACKET *packet, return RLM_MODULE_FAIL; } + +#ifdef HAVE_GRP_H + if (inst->group != NULL) { + gid = strtol(inst->group, &endptr, 10); + if (*endptr != '\0') { + grp = getgrnam(inst->group); + if (grp == NULL) { + RDEBUG2("rlm_detail: Unable to find system group \"%s\"", inst->group); + goto skip_group; + } + gid = grp->gr_gid; + } + + if (chown(buffer, -1, gid) == -1) { + RDEBUG2("rlm_detail: Unable to change system group of \"%s\"", buffer); + } + } +#endif + + skip_group: + /* * Post a timestamp */