capabilities: Ensure required capabilities are actually held by the process/user

author: Tobias Brunner <tobias@strongswan.org> 2013-05-08 17:14:29 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2013-06-25 17:16:32 +0200
commit: 2e21bac19aebd661b70ddb9741fa86e205e89e59 (patch)
tree: 4136baac843eb8ff545e8dd642fc16e856be1f5e /src/libcharon/plugins
parent: a65024264379bacc2733282f2b59b8c14e3897c0 (diff)
download: strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.bz2
strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.xz
1 files changed, 7 insertions, 3 deletions
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index b9ba0b5ac..522cc2426 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -52,6 +52,13 @@ plugin_t *xauth_pam_plugin_create()
 {
 	xauth_pam_plugin_t *this;
 
+	/* required for PAM authentication */
+	if (!charon->caps->keep(charon->caps, CAP_AUDIT_WRITE))
+	{
+		DBG1(DBG_DMN, "xauth-pam plugin requires CAP_AUDIT_WRITE capability");
+		return NULL;
+	}
+
 	INIT(this,
 		.plugin = {
 			.get_name = _get_name,
@@ -60,8 +67,5 @@ plugin_t *xauth_pam_plugin_create()
 		},
 	);
 
-	/* required for PAM authentication */
-	charon->caps->keep(charon->caps, CAP_AUDIT_WRITE);
-
 	return &this->plugin;
 }
author	Tobias Brunner <tobias@strongswan.org>	2013-05-08 17:14:29 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2013-06-25 17:16:32 +0200
commit	2e21bac19aebd661b70ddb9741fa86e205e89e59 (patch)
tree	4136baac843eb8ff545e8dd642fc16e856be1f5e /src/libcharon/plugins
parent	a65024264379bacc2733282f2b59b8c14e3897c0 (diff)
download	strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.bz2 strongswan-2e21bac19aebd661b70ddb9741fa86e205e89e59.tar.xz