logs created at startup can get wrong file mode

https://bugzilla.redhat.com/show_bug.cgi?id=518279
Resolves: bug 518279
Bug Description: logs created at startup can get wrong file mode
Reviewed by: nkinder (Thanks!)
Fix Description: Try to apply the mode using chmod() if a log file has been specified.  If and only if the log file has not been set, or if the chmod() succeeds, apply the changes to the internal config.
Platforms tested: RHEL5 x86_64
Flag Day: no
Doc impact: no

ldap/servers/slapd/log.c

@@ -661,6 +661,7 @@ int
 log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, int apply)
 {
 	int	v = 0;
+	int	retval = LDAP_SUCCESS;
 	slapdFrontendConfig_t *fe_cfg = getFrontendConfig();
 
 	if ( NULL == value ) {
@@ -680,27 +681,54 @@ log_set_mode (const char *attrname, char *value, int logtype, char *errorbuf, in
 	switch (logtype) {
 		case SLAPD_ACCESS_LOG:
 			LOG_ACCESS_LOCK_WRITE( );
-			slapi_ch_free ( (void **) &fe_cfg->accesslog_mode );
-			fe_cfg->accesslog_mode = slapi_ch_strdup (value);
-			loginfo.log_access_mode = v;
+			if (loginfo.log_access_file &&
+				( chmod( loginfo.log_access_file, v ) != 0) ) {
+				int oserr = errno;
+				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+					"%s: Failed to chmod access log file to %s: errno %d (%s)",
+					attrname, value, oserr, slapd_system_strerror(oserr) );
+				retval = LDAP_UNWILLING_TO_PERFORM;
+			} else { /* only apply the changes if no file or if successful */
+				slapi_ch_free ( (void **) &fe_cfg->accesslog_mode );
+				fe_cfg->accesslog_mode = slapi_ch_strdup (value);
+				loginfo.log_access_mode = v;
+			}
 			LOG_ACCESS_UNLOCK_WRITE();
 			break;
 		case SLAPD_ERROR_LOG:
 			LOG_ERROR_LOCK_WRITE( );
-			slapi_ch_free ( (void **) &fe_cfg->errorlog_mode );
-			fe_cfg->errorlog_mode = slapi_ch_strdup (value);
-			loginfo.log_error_mode = v;
+			if (loginfo.log_error_file &&
+				( chmod( loginfo.log_error_file, v ) != 0) ) {
+				int oserr = errno;
+				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+					"%s: Failed to chmod error log file to %s: errno %d (%s)",
+					attrname, value, oserr, slapd_system_strerror(oserr) );
+				retval = LDAP_UNWILLING_TO_PERFORM;
+			} else { /* only apply the changes if no file or if successful */
+				slapi_ch_free ( (void **) &fe_cfg->errorlog_mode );
+				fe_cfg->errorlog_mode = slapi_ch_strdup (value);
+				loginfo.log_error_mode = v;
+			}
 			LOG_ERROR_UNLOCK_WRITE();
 			break;
 		case SLAPD_AUDIT_LOG:
 			LOG_AUDIT_LOCK_WRITE( );
-			slapi_ch_free ( (void **) &fe_cfg->auditlog_mode );
-			fe_cfg->auditlog_mode = slapi_ch_strdup (value);
-			loginfo.log_audit_mode = v;
+			if (loginfo.log_audit_file &&
+				( chmod( loginfo.log_audit_file, v ) != 0) ) {
+				int oserr = errno;
+				PR_snprintf( errorbuf, SLAPI_DSE_RETURNTEXT_SIZE,
+					"%s: Failed to chmod audit log file to %s: errno %d (%s)",
+					attrname, value, oserr, slapd_system_strerror(oserr) );
+				retval = LDAP_UNWILLING_TO_PERFORM;
+			} else { /* only apply the changes if no file or if successful */
+				slapi_ch_free ( (void **) &fe_cfg->auditlog_mode );
+				fe_cfg->auditlog_mode = slapi_ch_strdup (value);
+				loginfo.log_audit_mode = v;
+			}
 			LOG_AUDIT_UNLOCK_WRITE();
 			break;
 	}
-	return LDAP_SUCCESS;
+	return retval;
 }
 
 /******************************************************************************