file-logger: Set owner/group of log file

The file is usually opened/created by root, however, if user/group IDs are configured and the configuration is reloaded, the file will be reopened as configured user. Like with UNIX sockets we only attempt to change the user if we have CAP_CHOWN allowing a start as regular user. We don't have chown() on Windows, so check for it.
2020-04-14 10:31:49 +02:00 · 2020-04-14 10:31:49 +02:00 · b06374f6a5
parent db772305c6
commit b06374f6a5
2 changed files with 20 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -661,7 +661,7 @@ AC_CHECK_FUNC(
 	]
 )

-AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r)
+AC_CHECK_FUNCS(prctl mallinfo getpass closefrom getpwnam_r getgrnam_r getpwuid_r chown)
 AC_CHECK_FUNCS(fmemopen funopen mmap memrchr setlinebuf strptime dirfd sigwaitinfo explicit_bzero)

 AC_CHECK_FUNC([syslog], [
--- a/src/libcharon/bus/listeners/file_logger.c
+++ b/src/libcharon/bus/listeners/file_logger.c
@ -243,6 +243,25 @@ METHOD(file_logger_t, open_, void,
 				 this->filename, strerror(errno));
 			return;
 		}
+#ifdef HAVE_CHOWN
+		if (lib->caps->check(lib->caps, CAP_CHOWN))
+		{
+			if (chown(this->filename, lib->caps->get_uid(lib->caps),
+					  lib->caps->get_gid(lib->caps)) != 0)
+			{
+				DBG1(DBG_NET, "changing owner/group for '%s' failed: %s",
+					 this->filename, strerror(errno));
+			}
+		}
+		else
+		{
+			if (chown(this->filename, -1, lib->caps->get_gid(lib->caps)) != 0)
+			{
+				DBG1(DBG_NET, "changing group for '%s' failed: %s",
+					 this->filename, strerror(errno));
+			}
+		}
+#endif /* HAVE_CHOWN */
 #ifdef HAVE_SETLINEBUF
 		if (flush_line)
 		{