capabilities: Add function to check if a capability is held, without keeping it

This can be useful if capabilities are not required anymore after
dropping privileges.

1 files changed, 12 insertions, 0 deletions

diff --git a/src/libstrongswan/utils/capabilities.h b/src/libstrongswan/utils/capabilities.h
index 4128909b6..fe11a4dfc 100644
--- a/src/libstrongswan/utils/capabilities.h
+++ b/src/libstrongswan/utils/capabilities.h
@@ -54,6 +54,8 @@ struct capabilities_t {
 	 * Register a capability to keep while calling drop(). Verifies that the
 	 * capability is currently held.
 	 *
+	 * @note CAP_CHOWN is handled specially as it might not be required.
+	 *
 	 * @param cap		capability to keep
 	 * @return			FALSE if the capability is currently not held
 	 */
@@ -61,6 +63,16 @@ struct capabilities_t {
 				 u_int cap) __attribute__((warn_unused_result));
 
 	/**
+	 * Check if the given capability is currently held.
+	 *
+	 * @note CAP_CHOWN is handled specially as it might not be required.
+	 *
+	 * @param cap		capability to check
+	 * @return			TRUE if the capability is currently held
+	 */
+	bool (*check)(capabilities_t *this, u_int cap);
+
+	/**
 	 * Get the user ID set through set_uid/resolve_uid.
 	 *
 	 * @return			currently set user ID