From 5e33a1a3c45565b276aa435acffb879827cb3989 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 10 Jul 2015 18:38:12 -0300
Subject: [PATCH] Opens auditlog files and directories with the correct mode

Respecting the directives: SecAuditLogStorageDir and SecAuditLogFileMode
---
 src/audit_log.cc                         |  4 ++--
 src/audit_log.h                          |  9 +++++---
 src/audit_log_writer.h                   |  5 +----
 src/audit_log_writer_parallel.cc         | 28 ++++++++++++++++++------
 src/utils.cc                             |  4 ++--
 src/utils.h                              |  2 +-
 test/test-cases/regression/auditlog.json |  4 +++-
 7 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/src/audit_log.cc b/src/audit_log.cc
index 516fda4f..32070154 100644
--- a/src/audit_log.cc
+++ b/src/audit_log.cc
@@ -35,13 +35,13 @@ namespace ModSecurity {
 
 
 bool AuditLog::setStorageDirMode(int permission) {
-    this->m_storage_permission = permission;
+    this->directoryPermission = permission;
     return true;
 }
 
 
 bool AuditLog::setFileMode(int permission) {
-    this->m_file_permissions = permission;
+    this->filePermission = permission;
     return true;
 }
 
diff --git a/src/audit_log.h b/src/audit_log.h
index a21c206a..1f6cfdf0 100644
--- a/src/audit_log.h
+++ b/src/audit_log.h
@@ -41,7 +41,9 @@ class AuditLog {
             | HAuditLogPart | ZAuditLogPart),
         m_type(ParallelAuditLogType),
         m_writer(NULL),
-        m_relevant("")
+        m_relevant(""),
+        filePermission(0600),
+        directoryPermission(0600)
         { }
 
     enum AuditLogType {
@@ -166,11 +168,12 @@ class AuditLog {
     std::string m_path2;
     std::string m_storage_dir;
 
+    int filePermission;
+    int directoryPermission;
+
  private:
     AuditLogStatus m_status;
 
-    int m_file_permissions;
-    int m_storage_permission;
 
     int m_parts;
     AuditLogType m_type;
diff --git a/src/audit_log_writer.h b/src/audit_log_writer.h
index 421ae2bf..3abcdb8e 100644
--- a/src/audit_log_writer.h
+++ b/src/audit_log_writer.h
@@ -18,9 +18,6 @@
 
 #ifdef __cplusplus
 #include <string>
-#include <iostream>
-#include <sstream>
-#include <fstream>
 #endif
 
 #include "modsecurity/assay.h"
@@ -32,7 +29,7 @@ namespace ModSecurity {
 class AuditLog;
 
 /** @ingroup ModSecurity_CPP_API */
-class AuditLogWriter : public std::ofstream {
+class AuditLogWriter {
  public:
     explicit AuditLogWriter(AuditLog *audit)
         : m_audit(audit) { }
diff --git a/src/audit_log_writer_parallel.cc b/src/audit_log_writer_parallel.cc
index 8f855a60..296c005e 100644
--- a/src/audit_log_writer_parallel.cc
+++ b/src/audit_log_writer_parallel.cc
@@ -18,6 +18,9 @@
 #include <time.h>
 #include <stdio.h>
 #include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
 
 #include <fstream>
 
@@ -72,24 +75,35 @@ bool AuditLogWriterParallel::close() {
 
 
 bool AuditLogWriterParallel::write(Assay *assay) {
+    FILE *fp;
+    int fd;
     std::string log = assay->to_json(0);
     std::string fileName = logFilePath(&assay->timeStamp,
         YearMonthDayDirectory | YearMonthDayAndTimeDirectory
         | YearMonthDayAndTimeFileName);
-    fileName = fileName + "-" + assay->id;
 
     std::string logPath = m_audit->m_storage_dir;
+    fileName = logPath + fileName + "-" + assay->id;
+
+    if (logPath.empty()) {
+      return false;
+    }
 
     createDir((logPath +
-        logFilePath(&assay->timeStamp, YearMonthDayDirectory)).c_str());
+        logFilePath(&assay->timeStamp, YearMonthDayDirectory)).c_str(),
+        m_audit->directoryPermission);
     createDir((logPath +
         logFilePath(&assay->timeStamp, YearMonthDayDirectory
-            | YearMonthDayAndTimeDirectory)).c_str());
+            | YearMonthDayAndTimeDirectory)).c_str(),
+        m_audit->directoryPermission);
 
-    std::ofstream f;
-    f.open(logPath + fileName, std::fstream::out | std::fstream::app);
-    f << log;
-    f.close();
+    fd = open(fileName.c_str(), O_CREAT | O_WRONLY, m_audit->filePermission);
+    if (fd < 0) {
+        return false;
+    }
+    fp = fdopen(fd, "w");
+    fwrite(log.c_str(), log.length(), 1, fp);
+    fclose(fp);
 
     return true;
 }
diff --git a/src/utils.cc b/src/utils.cc
index 06e86240..653e6c75 100644
--- a/src/utils.cc
+++ b/src/utils.cc
@@ -69,11 +69,11 @@ std::string ascTime(time_t *t) {
 }
 
 
-void createDir(std::string dir) {
+void createDir(std::string dir, int mode) {
 #if defined _MSC_VER
     _mkdir(dir.data());
 #elif defined __GNUC__
-    mkdir(dir.data(), 0777);
+    mkdir(dir.data(), mode);
 #endif
 }
 
diff --git a/src/utils.h b/src/utils.h
index 5368d0f2..00555181 100644
--- a/src/utils.h
+++ b/src/utils.h
@@ -27,7 +27,7 @@ namespace ModSecurity {
     double random_number(const double from, const double to);
     double generate_assay_unique_id();
     std::string ascTime(time_t *t);
-    void createDir(std::string dir);
+    void createDir(std::string dir, int mode);
 }  // namespace ModSecurity
 
 #define SRC_UTILS_H_
diff --git a/test/test-cases/regression/auditlog.json b/test/test-cases/regression/auditlog.json
index b4df2986..926b9e24 100644
--- a/test/test-cases/regression/auditlog.json
+++ b/test/test-cases/regression/auditlog.json
@@ -51,7 +51,9 @@
       "SecRule ARGS \"@contains test\" \"t:trim,block,auditlog\"",
       "SecAuditEngine RelevantOnly",
       "SecAuditLogParts ABCFHZ",
-      "SecAuditLogStorageDir /tmp",
+      "SecAuditLogStorageDir /tmp/test",
+      "SecAuditLogDirMode 0766",
+      "SecAuditLogFileMode 0600",
       "SecAuditLogRelevantStatus \"^(?:5|4(?!04))\""
     ]
   }