diff options
| author | Martin Willi <martin@revosec.ch> | 2013-07-18 15:46:17 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-07-18 16:00:31 +0200 |
| commit | b4b3959b2233f881078f866f50d3296cca235438 (patch) | |
| tree | 7a85e32e9b411526a846ef004f6db15cadcb8ea1 | |
| parent | 1897dd730fa5462edbd22601bdb1231fbaab3fa6 (diff) | |
| download | strongswan-b4b3959b2233f881078f866f50d3296cca235438.tar.bz2 strongswan-b4b3959b2233f881078f866f50d3296cca235438.tar.xz | |
stream-service: move CAP_CHOWN check from plugins to service constructor
A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.
7 files changed, 7 insertions, 39 deletions
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c index 6b8609ebc..4d018dbef 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c @@ -98,12 +98,6 @@ plugin_t *duplicheck_plugin_create() return NULL; } - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) notify socket */ - DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.c b/src/libcharon/plugins/error_notify/error_notify_plugin.c index ef0ce7bc6..40ace6014 100644 --- a/src/libcharon/plugins/error_notify/error_notify_plugin.c +++ b/src/libcharon/plugins/error_notify/error_notify_plugin.c @@ -92,12 +92,6 @@ plugin_t *error_notify_plugin_create() { private_error_notify_plugin_t *this; - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) notify socket */ - DBG1(DBG_CFG, "error-notify plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c index 7f2d425fd..03557a269 100644 --- a/src/libcharon/plugins/load_tester/load_tester_plugin.c +++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c @@ -269,12 +269,6 @@ plugin_t *load_tester_plugin_create() return NULL; } - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) control socket */ - DBG1(DBG_CFG, "load-tester plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { @@ -304,4 +298,3 @@ plugin_t *load_tester_plugin_create() } return &this->public.plugin; } - diff --git a/src/libcharon/plugins/lookip/lookip_plugin.c b/src/libcharon/plugins/lookip/lookip_plugin.c index 63b138162..a6c32d65d 100644 --- a/src/libcharon/plugins/lookip/lookip_plugin.c +++ b/src/libcharon/plugins/lookip/lookip_plugin.c @@ -92,12 +92,6 @@ plugin_t *lookip_plugin_create() { private_lookip_plugin_t *this; - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) control socket */ - DBG1(DBG_CFG, "lookip plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c index 767bdc64b..31df1f99b 100644 --- a/src/libcharon/plugins/stroke/stroke_plugin.c +++ b/src/libcharon/plugins/stroke/stroke_plugin.c @@ -51,12 +51,13 @@ static bool register_stroke(private_stroke_plugin_t *this, if (reg) { this->socket = stroke_socket_create(); + return this->socket != NULL; } else { DESTROY_IF(this->socket); + return TRUE; } - return TRUE; } METHOD(plugin_t, get_features, int, @@ -91,12 +92,6 @@ plugin_t *stroke_plugin_create() { private_stroke_plugin_t *this; - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) stroke socket */ - DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { @@ -110,4 +105,3 @@ plugin_t *stroke_plugin_create() return &this->public.plugin; } - diff --git a/src/libcharon/plugins/whitelist/whitelist_plugin.c b/src/libcharon/plugins/whitelist/whitelist_plugin.c index 38465aebb..3ea45723c 100644 --- a/src/libcharon/plugins/whitelist/whitelist_plugin.c +++ b/src/libcharon/plugins/whitelist/whitelist_plugin.c @@ -92,12 +92,6 @@ plugin_t *whitelist_plugin_create() { private_whitelist_plugin_t *this; - if (!lib->caps->check(lib->caps, CAP_CHOWN)) - { /* required to chown(2) control socket */ - DBG1(DBG_CFG, "whitelist plugin requires CAP_CHOWN capability"); - return NULL; - } - INIT(this, .public = { .plugin = { diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c index c2681af3a..ece17b41f 100644 --- a/src/libstrongswan/networking/streams/stream_service.c +++ b/src/libstrongswan/networking/streams/stream_service.c @@ -251,6 +251,11 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog) DBG1(DBG_NET, "invalid stream URI: '%s'", uri); return NULL; } + if (!lib->caps->check(lib->caps, CAP_CHOWN)) + { /* required to chown(2) service socket */ + DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri); + return NULL; + } fd = socket(AF_UNIX, SOCK_STREAM, 0); if (fd == -1) { |