diff options
Diffstat (limited to 'src/libcharon')
-rw-r--r-- | src/libcharon/daemon.c | 4 | ||||
-rw-r--r-- | src/libcharon/daemon.h | 6 | ||||
-rw-r--r-- | src/libcharon/plugins/duplicheck/duplicheck_notify.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/error_notify/error_notify_socket.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/ha/ha_ctl.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/ha/ha_kernel.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/load_tester/load_tester_control.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/lookip/lookip_socket.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/smp/smp.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/stroke/stroke_socket.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/whitelist/whitelist_control.c | 4 | ||||
-rw-r--r-- | src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c | 2 |
12 files changed, 20 insertions, 28 deletions
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index e375ab731..bc0407dc1 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -471,7 +471,6 @@ static void destroy(private_daemon_t *this) DESTROY_IF(this->public.xauth); DESTROY_IF(this->public.backends); DESTROY_IF(this->public.socket); - DESTROY_IF(this->public.caps); /* rehook library logging, shutdown logging */ dbg = dbg_old; @@ -581,7 +580,6 @@ private_daemon_t *daemon_create(const char *name) .ref = 1, ); charon = &this->public; - this->public.caps = capabilities_create(); this->public.controller = controller_create(); this->public.eap = eap_manager_create(); this->public.xauth = xauth_manager_create(); @@ -626,7 +624,7 @@ bool libcharon_init(const char *name) this = daemon_create(name); - if (!this->public.caps->keep(this->public.caps, CAP_NET_ADMIN)) + if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN)) { dbg(DBG_DMN, 1, "libcharon requires CAP_NET_ADMIN capability"); return FALSE; diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h index 2926d945b..24e623c44 100644 --- a/src/libcharon/daemon.h +++ b/src/libcharon/daemon.h @@ -163,7 +163,6 @@ typedef struct daemon_t daemon_t; #include <config/backend_manager.h> #include <sa/eap/eap_manager.h> #include <sa/xauth/xauth_manager.h> -#include <utils/capabilities.h> #ifdef ME #include <sa/ikev2/connect_manager.h> @@ -273,11 +272,6 @@ struct daemon_t { #endif /* ME */ /** - * POSIX capability dropping - */ - capabilities_t *caps; - - /** * Name of the binary that uses the library (used for settings etc.) */ const char *name; diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c index cd5d4970b..1091258da 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c @@ -84,8 +84,8 @@ static bool open_socket(private_duplicheck_notify_t *this) return FALSE; } umask(old); - if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing duplicheck socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c index 3ea657ba5..2fc74202b 100644 --- a/src/libcharon/plugins/error_notify/error_notify_socket.c +++ b/src/libcharon/plugins/error_notify/error_notify_socket.c @@ -84,8 +84,8 @@ static bool open_socket(private_error_notify_socket_t *this) return FALSE; } umask(old); - if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing notify socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c index cb9af3aed..178a0349b 100644 --- a/src/libcharon/plugins/ha/ha_ctl.c +++ b/src/libcharon/plugins/ha/ha_ctl.c @@ -129,8 +129,8 @@ ha_ctl_t *ha_ctl_create(ha_segments_t *segments, ha_cache_t *cache) } umask(old); } - if (chown(HA_FIFO, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(HA_FIFO, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing HA FIFO permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c index c45339690..eed89e0bf 100644 --- a/src/libcharon/plugins/ha/ha_kernel.c +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -316,8 +316,8 @@ static void disable_all(private_ha_kernel_t *this) { while (enumerator->enumerate(enumerator, NULL, &file, NULL)) { - if (chown(file, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(file, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing ClusterIP permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c index 0c21c23ca..3c82b5c30 100644 --- a/src/libcharon/plugins/load_tester/load_tester_control.c +++ b/src/libcharon/plugins/load_tester/load_tester_control.c @@ -110,8 +110,8 @@ static bool open_socket(private_load_tester_control_t *this) return FALSE; } umask(old); - if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing load-tester socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/lookip/lookip_socket.c b/src/libcharon/plugins/lookip/lookip_socket.c index f2a469e92..b1a46f46a 100644 --- a/src/libcharon/plugins/lookip/lookip_socket.c +++ b/src/libcharon/plugins/lookip/lookip_socket.c @@ -94,8 +94,8 @@ static bool open_socket(private_lookip_socket_t *this) return FALSE; } umask(old); - if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing lookip socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index ad5029d1c..0c240cf7f 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -768,8 +768,8 @@ plugin_t *smp_plugin_create() return NULL; } umask(old); - if (chown(unix_addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(unix_addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno)); } diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index d152ecd70..931dba1f4 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -847,8 +847,8 @@ static bool open_socket(private_stroke_socket_t *this) return FALSE; } umask(old); - if (chown(socket_addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(socket_addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing stroke socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c index a75ea9aee..b90b62ac1 100644 --- a/src/libcharon/plugins/whitelist/whitelist_control.c +++ b/src/libcharon/plugins/whitelist/whitelist_control.c @@ -77,8 +77,8 @@ static bool open_socket(private_whitelist_control_t *this) return FALSE; } umask(old); - if (chown(addr.sun_path, charon->caps->get_uid(charon->caps), - charon->caps->get_gid(charon->caps)) != 0) + if (chown(addr.sun_path, lib->caps->get_uid(lib->caps), + lib->caps->get_gid(lib->caps)) != 0) { DBG1(DBG_CFG, "changing whitelist socket permissions failed: %s", strerror(errno)); diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c index 522cc2426..2ef9a6c8f 100644 --- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c +++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c @@ -53,7 +53,7 @@ plugin_t *xauth_pam_plugin_create() xauth_pam_plugin_t *this; /* required for PAM authentication */ - if (!charon->caps->keep(charon->caps, CAP_AUDIT_WRITE)) + if (!lib->caps->keep(lib->caps, CAP_AUDIT_WRITE)) { DBG1(DBG_DMN, "xauth-pam plugin requires CAP_AUDIT_WRITE capability"); return NULL; |