log: add option to set file permissions

ReadMe.md

@@ -579,10 +579,12 @@ entware|ipkg update<br>ipkg install smartdns|软件源路径：https://bin.entwa
 | log-file | 日志文件路径 | /var/log/smartdns/smartdns.log | 合法路径字符串 | log-file /var/log/smartdns/smartdns.log |
 | log-size | 日志大小 | 128K | 数字 + K、M 或 G | log-size 128K |
 | log-num | 日志归档个数 | openwrt为2， 其他系统为8 | 大于等于 0 的数字，0表示禁用日志 | log-num 2 |
+| log-file-mode | 日志归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
 | audit-enable | 设置审计启用 | no | [yes\|no] | audit-enable yes |
 | audit-file | 审计文件路径 | /var/log/smartdns/smartdns-audit.log | 合法路径字符串 | audit-file /var/log/smartdns/smartdns-audit.log |
 | audit-size | 审计大小 | 128K | 数字 + K、M 或 G | audit-size 128K |
 | audit-num | 审计归档个数 | 2 | 大于等于 0 的数字 | audit-num 2 |
+| audit-file-mode | 审计归档文件权限 | 0640 | 文件权限 | log-file-mode 644 |
 | conf-file | 附加配置文件 | 无 | 合法路径字符串 | conf-file /etc/smartdns/smartdns.more.conf |
 | server | 上游 UDP DNS | 无 | 可重复。<br>[ip][:port]：服务器 IP:端口（可选）<br>[-blacklist-ip]：配置 IP 过滤结果。<br>[-whitelist-ip]：指定仅接受参数中配置的 IP 范围<br>[-group [group] ...]：DNS 服务器所属组，比如 office 和 foreign，和 nameserver 配套使用<br>[-exclude-default-group]：将 DNS 服务器从默认组中排除。<br>[-set-mark]：设置数据包标记so-mark| server 8.8.8.8:53 -blacklist-ip -group g1 |
 | server-tcp | 上游 TCP DNS | 无 | 可重复。<br>[ip][:port]：服务器 IP:端口（可选）<br>[-blacklist-ip]：配置 IP 过滤结果<br>[-whitelist-ip]：指定仅接受参数中配置的 IP 范围。<br>[-group [group] ...]：DNS 服务器所属组，比如 office 和 foreign，和 nameserver 配套使用<br>[-exclude-default-group]：将 DNS 服务器从默认组中排除。<br>[-set-mark]：设置数据包标记so-mark | server-tcp 8.8.8.8:53 |

ReadMe_en.md

@@ -541,10 +541,12 @@ Note: Merlin firmware is derived from ASUS firmware and can theoretically be use
 |log-file|log path|/var/log/smartdns/smartdns.log|File Pah|log-file /var/log/smartdns/smartdns.log
 |log-size|log size|128K|number+K,M,G|log-size 128K
 |log-num|archived log number|2 for openwrt, 8 for other system|Integer, 0 means turn off the log|log-num 2
+|log-file-mode|archived log file mode|0640|Integer|log-file-mode 644
 |audit-enable|audit log enable|no|[yes\|no]|audit-enable yes
 |audit-file|audit log file|/var/log/smartdns/smartdns-audit.log|File Path|audit-file /var/log/smartdns/smartdns-audit.log
 |audit-size|audit log size|128K|number+K,M,G|audit-size 128K
 |audit-num|archived audit log number|2|Integer, 0 means turn off the log|audit-num 2
+|audit-file-mode|archived audit log file mode|0640|Integer|audit-file-mode 644
 |conf-file|additional conf file|None|File path|conf-file /etc/smartdns/smartdns.more.conf
 |server|Upstream UDP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group. <br>`[-set-mark]`：set mark on packets | server 8.8.8.8:53 -blacklist-ip
 |server-tcp|Upstream TCP DNS server|None|Repeatable <br>`[ip][:port]`: Server IP, port optional. <br>`[-blacklist-ip]`: The "-blacklist-ip" parameter is to filtering IPs which is configured by "blacklist-ip". <br>`[-whitelist-ip]`: whitelist-ip parameter specifies that only the IP range configured in whitelist-ip is accepted. <br>`[-group [group] ...]`: The group to which the DNS server belongs, such as office, foreign, use with nameserver. <br>`[-exclude-default-group]`: Exclude DNS servers from the default group <br>`[-set-mark]`：set mark on packets | server-tcp 8.8.8.8:53

etc/smartdns/smartdns.conf

@@ -139,6 +139,7 @@ log-level info
 # log-file /var/log/smartdns/smartdns.log
 # log-size 128k
 # log-num 2
+# log-file-mode [mode]: file mode of log file.
 
 # dns audit
 # audit-enable [yes|no]: enable or disable audit.
@@ -146,6 +147,7 @@ log-level info
 # audit-SOA [yes|no]: enable or disable log soa result.
 # audit-size size of each audit file, support k,m,g
 # audit-file /var/log/smartdns-audit.log
+# audit-file-mode [mode]: file mode of audit file.
 # audit-size 128k
 # audit-num 2
 

src/dns_conf.c

@@ -105,6 +105,7 @@ int dns_conf_log_level = TLOG_ERROR;
 char dns_conf_log_file[DNS_MAX_PATH];
 size_t dns_conf_log_size = 1024 * 1024;
 int dns_conf_log_num = 8;
+int dns_conf_log_file_mode;
 
 /* CA file */
 char dns_conf_ca_file[DNS_MAX_PATH];
@@ -119,6 +120,7 @@ int dns_conf_audit_log_SOA;
 char dns_conf_audit_file[DNS_MAX_PATH];
 size_t dns_conf_audit_size = 1024 * 1024;
 int dns_conf_audit_num = 2;
+int dns_conf_audit_file_mode;
 
 /* address rules */
 art_tree dns_conf_domain_rule;
@@ -2420,9 +2422,11 @@ static struct config_item _config_item[] = {
 	CONF_STRING("log-file", (char *)dns_conf_log_file, DNS_MAX_PATH),
 	CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024),
 	CONF_INT("log-num", &dns_conf_log_num, 0, 1024),
+	CONF_INT_BASE("log-file-mode", &dns_conf_log_file_mode, 0, 511, 8),
 	CONF_YESNO("audit-enable", &dns_conf_audit_enable),
 	CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA),
 	CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH),
+	CONF_INT_BASE("audit-file-mode", &dns_conf_audit_file_mode, 0, 511, 8),
 	CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024),
 	CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024),
 	CONF_INT("rr-ttl", &dns_conf_rr_ttl, 0, CONF_INT_MAX),

src/dns_conf.h

@@ -350,6 +350,7 @@ extern int dns_conf_log_level;
 extern char dns_conf_log_file[DNS_MAX_PATH];
 extern size_t dns_conf_log_size;
 extern int dns_conf_log_num;
+extern int dns_conf_log_file_mode;;
 
 extern char dns_conf_ca_file[DNS_MAX_PATH];
 extern char dns_conf_ca_path[DNS_MAX_PATH];
@@ -367,6 +368,7 @@ extern int dns_conf_audit_log_SOA;
 extern char dns_conf_audit_file[DNS_MAX_PATH];
 extern size_t dns_conf_audit_size;
 extern int dns_conf_audit_num;
+extern int dns_conf_audit_file_mode;
 
 extern char dns_conf_server_name[DNS_MAX_SERVER_NAME_LEN];
 extern art_tree dns_conf_domain_rule;

src/dns_server.c

@@ -5532,6 +5532,10 @@ static int _dns_server_audit_init(void)
 		return -1;
 	}
 
+	if (dns_conf_audit_file_mode > 0) {
+		tlog_set_permission(dns_audit, dns_conf_audit_file_mode, dns_conf_audit_file_mode);
+	}
+
 	return 0;
 }
 

src/include/conf.h

@@ -49,6 +49,13 @@ struct config_item_int {
 	int max;
 };
 
+struct config_item_int_base {
+	int *data;
+	int min;
+	int max;
+	int base;
+};
+
 struct config_item_string {
 	char *data;
 	size_t size;
@@ -81,6 +88,13 @@ struct config_enum {
 			.data = value, .min = min_value, .max = max_value                                                          \
 		}                                                                                                              \
 	}
+#define CONF_INT_BASE(key, value, min_value, max_value, base_value)                                                    \
+	{                                                                                                                  \
+		key, conf_int_base, &(struct config_item_int_base)                                                             \
+		{                                                                                                              \
+			.data = value, .min = min_value, .max = max_value, .base = base_value                                      \
+		}                                                                                                              \
+	}
 #define CONF_STRING(key, value, len_value)                                                                             \
 	{                                                                                                                  \
 		key, conf_string, &(struct config_item_string)                                                                 \
@@ -131,6 +145,8 @@ extern int conf_custom(const char *item, void *data, int argc, char *argv[]);
 
 extern int conf_int(const char *item, void *data, int argc, char *argv[]);
 
+extern int conf_int_base(const char *item, void *data, int argc, char *argv[]);
+
 extern int conf_string(const char *item, void *data, int argc, char *argv[]);
 
 extern int conf_yesno(const char *item, void *data, int argc, char *argv[]);

src/lib/conf.c

@@ -87,6 +87,27 @@ int conf_int(const char *item, void *data, int argc, char *argv[])
 	return 0;
 }
 
+int conf_int_base(const char *item, void *data, int argc, char *argv[])
+{
+	struct config_item_int_base *item_int = data;
+	int value = 0;
+	if (argc < 2) {
+		return -1;
+	}
+
+	value = strtol(argv[1], NULL, item_int->base);
+
+	if (value < item_int->min) {
+		value = item_int->min;
+	} else if (value > item_int->max) {
+		value = item_int->max;
+	}
+
+	*(item_int->data) = value;
+
+	return 0;
+}
+
 int conf_string(const char *item, void *data, int argc, char *argv[])
 {
 	struct config_item_string *item_string = data;

src/smartdns.c

@@ -361,6 +361,9 @@ static int _smartdns_init(void)
 
 	tlog_setlogscreen(verbose_screen);
 	tlog_setlevel(dns_conf_log_level);
+	if (dns_conf_log_file_mode > 0) {
+		tlog_set_permission(tlog_get_root(), dns_conf_log_file_mode, dns_conf_log_file_mode);
+	}
 
 	tlog(TLOG_NOTICE, "smartdns starting...(Copyright (C) Nick Peng <pymumu@gmail.com>, build: %s %s)", __DATE__,
 		 __TIME__);

src/tlog.c

@@ -90,6 +90,7 @@ struct tlog_log {
     time_t last_waitpid;
     mode_t file_perm;
     mode_t archive_perm;
+    int mode_changed;
 
     int waiters;
     int is_exit;
@@ -332,6 +333,7 @@ void tlog_set_permission(struct tlog_log *log, unsigned int file, unsigned int a
 {
     log->file_perm = file;
     log->archive_perm = archive;
+    log->mode_changed = 1;
 }
 
 int tlog_localtime(struct tlog_time *tm)
@@ -1205,6 +1207,10 @@ static int _tlog_write(struct tlog_log *log, const char *buff, int bufflen)
             return -1;
         }
 
+        if (log->mode_changed != 0) {
+            fchmod(log->fd, log->file_perm);
+        }
+
         log->last_try = 0;
         log->print_errmsg = 1;
         /* get log file size */