From f7f1f37faa3b49c47b0e142afb91b18db8a55f17 Mon Sep 17 00:00:00 2001 From: Nick Peng Date: Wed, 21 Dec 2022 21:30:08 +0800 Subject: [PATCH] log: add option to set file permissions --- ReadMe.md | 2 ++ ReadMe_en.md | 2 ++ etc/smartdns/smartdns.conf | 2 ++ src/dns_conf.c | 4 ++++ src/dns_conf.h | 2 ++ src/dns_server.c | 4 ++++ src/include/conf.h | 16 ++++++++++++++++ src/lib/conf.c | 21 +++++++++++++++++++++ src/smartdns.c | 3 +++ src/tlog.c | 6 ++++++ 10 files changed, 62 insertions(+) diff --git a/ReadMe.md b/ReadMe.md index 2d0fece..7e71d8a 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -579,10 +579,12 @@ entware|ipkg update
ipkg install smartdns|软件源路径:https://bin.entwa | log-file | 日志文件路径 | /var/log/smartdns/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns/smartdns.log | | log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K | | log-num | 日志归档个数 | openwrt为2, 其他系统为8 | 大于等于 0 的数字,0表示禁用日志 | log-num 2 | +| log-file-mode | 日志归档文件权限 | 0640 | 文件权限 | log-file-mode 644 | | audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes | | audit-file | 审计文件路径 | /var/log/smartdns/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns/smartdns-audit.log | | audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K | | audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 | +| audit-file-mode | 审计归档文件权限 | 0640 | 文件权限 | log-file-mode 644 | | conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf | | server | 上游 UDP DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-blacklist-ip]:配置 IP 过滤结果。
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark| server 8.8.8.8:53 -blacklist-ip -group g1 | | server-tcp | 上游 TCP DNS | 无 | 可重复。
[ip][:port]:服务器 IP:端口(可选)
[-blacklist-ip]:配置 IP 过滤结果
[-whitelist-ip]:指定仅接受参数中配置的 IP 范围。
[-group [group] ...]:DNS 服务器所属组,比如 office 和 foreign,和 nameserver 配套使用
[-exclude-default-group]:将 DNS 服务器从默认组中排除。
[-set-mark]:设置数据包标记so-mark | server-tcp 8.8.8.8:53 | diff --git a/ReadMe_en.md b/ReadMe_en.md index 99854b2..51b74f7 100644 --- a/ReadMe_en.md +++ b/ReadMe_en.md @@ -541,10 +541,12 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use |log-file|log path|/var/log/smartdns/smartdns.log|File Pah|log-file /var/log/smartdns/smartdns.log |log-size|log size|128K|number+K,M,G|log-size 128K |log-num|archived log number|2 for openwrt, 8 for other system|Integer, 0 means turn off the log|log-num 2 +|log-file-mode|archived log file mode|0640|Integer|log-file-mode 644 |audit-enable|audit log enable|no|[yes\|no]|audit-enable yes |audit-file|audit log file|/var/log/smartdns/smartdns-audit.log|File Path|audit-file /var/log/smartdns/smartdns-audit.log |audit-size|audit log size|128K|number+K,M,G|audit-size 128K |audit-num|archived audit log number|2|Integer, 0 means turn off the log|audit-num 2 +|audit-file-mode|archived audit log file mode|0640|Integer|audit-file-mode 644 |conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf |server|Upstream UDP DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group.
`[-set-mark]`:set mark on packets | server 8.8.8.8:53 -blacklist-ip |server-tcp|Upstream TCP DNS server|None|Repeatable
`[ip][:port]`: Server IP, port optional.
`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip".
`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted.
`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver.
`[-exclude-default-group]`: Exclude DNS servers from the default group
`[-set-mark]`:set mark on packets | server-tcp 8.8.8.8:53 diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf index b7653a0..d9836bc 100644 --- a/etc/smartdns/smartdns.conf +++ b/etc/smartdns/smartdns.conf @@ -139,6 +139,7 @@ log-level info # log-file /var/log/smartdns/smartdns.log # log-size 128k # log-num 2 +# log-file-mode [mode]: file mode of log file. # dns audit # audit-enable [yes|no]: enable or disable audit. @@ -146,6 +147,7 @@ log-level info # audit-SOA [yes|no]: enable or disable log soa result. # audit-size size of each audit file, support k,m,g # audit-file /var/log/smartdns-audit.log +# audit-file-mode [mode]: file mode of audit file. # audit-size 128k # audit-num 2 diff --git a/src/dns_conf.c b/src/dns_conf.c index ef57f86..5bb9b68 100644 --- a/src/dns_conf.c +++ b/src/dns_conf.c @@ -105,6 +105,7 @@ int dns_conf_log_level = TLOG_ERROR; char dns_conf_log_file[DNS_MAX_PATH]; size_t dns_conf_log_size = 1024 * 1024; int dns_conf_log_num = 8; +int dns_conf_log_file_mode; /* CA file */ char dns_conf_ca_file[DNS_MAX_PATH]; @@ -119,6 +120,7 @@ int dns_conf_audit_log_SOA; char dns_conf_audit_file[DNS_MAX_PATH]; size_t dns_conf_audit_size = 1024 * 1024; int dns_conf_audit_num = 2; +int dns_conf_audit_file_mode; /* address rules */ art_tree dns_conf_domain_rule; @@ -2420,9 +2422,11 @@ static struct config_item _config_item[] = { CONF_STRING("log-file", (char *)dns_conf_log_file, DNS_MAX_PATH), CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024), CONF_INT("log-num", &dns_conf_log_num, 0, 1024), + CONF_INT_BASE("log-file-mode", &dns_conf_log_file_mode, 0, 511, 8), CONF_YESNO("audit-enable", &dns_conf_audit_enable), CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA), CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH), + CONF_INT_BASE("audit-file-mode", &dns_conf_audit_file_mode, 0, 511, 8), CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024), CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024), CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX), diff --git a/src/dns_conf.h b/src/dns_conf.h index d0aa26a..fe85224 100644 --- a/src/dns_conf.h +++ b/src/dns_conf.h @@ -350,6 +350,7 @@ extern int dns_conf_log_level; extern char dns_conf_log_file[DNS_MAX_PATH]; extern size_t dns_conf_log_size; extern int dns_conf_log_num; +extern int dns_conf_log_file_mode;; extern char dns_conf_ca_file[DNS_MAX_PATH]; extern char dns_conf_ca_path[DNS_MAX_PATH]; @@ -367,6 +368,7 @@ extern int dns_conf_audit_log_SOA; extern char dns_conf_audit_file[DNS_MAX_PATH]; extern size_t dns_conf_audit_size; extern int dns_conf_audit_num; +extern int dns_conf_audit_file_mode; extern char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN]; extern art_tree dns_conf_domain_rule; diff --git a/src/dns_server.c b/src/dns_server.c index e1dab10..3d5972e 100644 --- a/src/dns_server.c +++ b/src/dns_server.c @@ -5532,6 +5532,10 @@ static int _dns_server_audit_init(void) return -1; } + if (dns_conf_audit_file_mode > 0) { + tlog_set_permission(dns_audit, dns_conf_audit_file_mode, dns_conf_audit_file_mode); + } + return 0; } diff --git a/src/include/conf.h b/src/include/conf.h index 9bc8e54..59a7d8d 100644 --- a/src/include/conf.h +++ b/src/include/conf.h @@ -49,6 +49,13 @@ struct config_item_int { int max; }; +struct config_item_int_base { + int *data; + int min; + int max; + int base; +}; + struct config_item_string { char *data; size_t size; @@ -81,6 +88,13 @@ struct config_enum { .data = value, .min = min_value, .max = max_value \ } \ } +#define CONF_INT_BASE(key, value, min_value, max_value, base_value) \ + { \ + key, conf_int_base, &(struct config_item_int_base) \ + { \ + .data = value, .min = min_value, .max = max_value, .base = base_value \ + } \ + } #define CONF_STRING(key, value, len_value) \ { \ key, conf_string, &(struct config_item_string) \ @@ -131,6 +145,8 @@ extern int conf_custom(const char *item, void *data, int argc, char *argv[]); extern int conf_int(const char *item, void *data, int argc, char *argv[]); +extern int conf_int_base(const char *item, void *data, int argc, char *argv[]); + extern int conf_string(const char *item, void *data, int argc, char *argv[]); extern int conf_yesno(const char *item, void *data, int argc, char *argv[]); diff --git a/src/lib/conf.c b/src/lib/conf.c index 7e62d94..a8765b4 100644 --- a/src/lib/conf.c +++ b/src/lib/conf.c @@ -87,6 +87,27 @@ int conf_int(const char *item, void *data, int argc, char *argv[]) return 0; } +int conf_int_base(const char *item, void *data, int argc, char *argv[]) +{ + struct config_item_int_base *item_int = data; + int value = 0; + if (argc < 2) { + return -1; + } + + value = strtol(argv[1], NULL, item_int->base); + + if (value < item_int->min) { + value = item_int->min; + } else if (value > item_int->max) { + value = item_int->max; + } + + *(item_int->data) = value; + + return 0; +} + int conf_string(const char *item, void *data, int argc, char *argv[]) { struct config_item_string *item_string = data; diff --git a/src/smartdns.c b/src/smartdns.c index 83ea284..52074b8 100644 --- a/src/smartdns.c +++ b/src/smartdns.c @@ -361,6 +361,9 @@ static int _smartdns_init(void) tlog_setlogscreen(verbose_screen); tlog_setlevel(dns_conf_log_level); + if (dns_conf_log_file_mode > 0) { + tlog_set_permission(tlog_get_root(), dns_conf_log_file_mode, dns_conf_log_file_mode); + } tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng , build: %s %s)", __DATE__, __TIME__); diff --git a/src/tlog.c b/src/tlog.c index 2512209..54eb751 100644 --- a/src/tlog.c +++ b/src/tlog.c @@ -90,6 +90,7 @@ struct tlog_log { time_t last_waitpid; mode_t file_perm; mode_t archive_perm; + int mode_changed; int waiters; int is_exit; @@ -332,6 +333,7 @@ void tlog_set_permission(struct tlog_log *log, unsigned int file, unsigned int a { log->file_perm = file; log->archive_perm = archive; + log->mode_changed = 1; } int tlog_localtime(struct tlog_time *tm) @@ -1205,6 +1207,10 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen) return -1; } + if (log->mode_changed != 0) { + fchmod(log->fd, log->file_perm); + } + log->last_try = 0; log->print_errmsg = 1; /* get log file size */