aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/daemon.c4
-rw-r--r--src/libcharon/daemon.h6
-rw-r--r--src/libcharon/plugins/duplicheck/duplicheck_notify.c4
-rw-r--r--src/libcharon/plugins/error_notify/error_notify_socket.c4
-rw-r--r--src/libcharon/plugins/ha/ha_ctl.c4
-rw-r--r--src/libcharon/plugins/ha/ha_kernel.c4
-rw-r--r--src/libcharon/plugins/load_tester/load_tester_control.c4
-rw-r--r--src/libcharon/plugins/lookip/lookip_socket.c4
-rw-r--r--src/libcharon/plugins/smp/smp.c4
-rw-r--r--src/libcharon/plugins/stroke/stroke_socket.c4
-rw-r--r--src/libcharon/plugins/whitelist/whitelist_control.c4
-rw-r--r--src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c2
12 files changed, 20 insertions, 28 deletions
diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c
index e375ab731..bc0407dc1 100644
--- a/src/libcharon/daemon.c
+++ b/src/libcharon/daemon.c
@@ -471,7 +471,6 @@ static void destroy(private_daemon_t *this)
DESTROY_IF(this->public.xauth);
DESTROY_IF(this->public.backends);
DESTROY_IF(this->public.socket);
- DESTROY_IF(this->public.caps);
/* rehook library logging, shutdown logging */
dbg = dbg_old;
@@ -581,7 +580,6 @@ private_daemon_t *daemon_create(const char *name)
.ref = 1,
);
charon = &this->public;
- this->public.caps = capabilities_create();
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
this->public.xauth = xauth_manager_create();
@@ -626,7 +624,7 @@ bool libcharon_init(const char *name)
this = daemon_create(name);
- if (!this->public.caps->keep(this->public.caps, CAP_NET_ADMIN))
+ if (!lib->caps->keep(lib->caps, CAP_NET_ADMIN))
{
dbg(DBG_DMN, 1, "libcharon requires CAP_NET_ADMIN capability");
return FALSE;
diff --git a/src/libcharon/daemon.h b/src/libcharon/daemon.h
index 2926d945b..24e623c44 100644
--- a/src/libcharon/daemon.h
+++ b/src/libcharon/daemon.h
@@ -163,7 +163,6 @@ typedef struct daemon_t daemon_t;
#include <config/backend_manager.h>
#include <sa/eap/eap_manager.h>
#include <sa/xauth/xauth_manager.h>
-#include <utils/capabilities.h>
#ifdef ME
#include <sa/ikev2/connect_manager.h>
@@ -273,11 +272,6 @@ struct daemon_t {
#endif /* ME */
/**
- * POSIX capability dropping
- */
- capabilities_t *caps;
-
- /**
* Name of the binary that uses the library (used for settings etc.)
*/
const char *name;
diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
index cd5d4970b..1091258da 100644
--- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c
@@ -84,8 +84,8 @@ static bool open_socket(private_duplicheck_notify_t *this)
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing duplicheck socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/error_notify/error_notify_socket.c b/src/libcharon/plugins/error_notify/error_notify_socket.c
index 3ea657ba5..2fc74202b 100644
--- a/src/libcharon/plugins/error_notify/error_notify_socket.c
+++ b/src/libcharon/plugins/error_notify/error_notify_socket.c
@@ -84,8 +84,8 @@ static bool open_socket(private_error_notify_socket_t *this)
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing notify socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/ha/ha_ctl.c b/src/libcharon/plugins/ha/ha_ctl.c
index cb9af3aed..178a0349b 100644
--- a/src/libcharon/plugins/ha/ha_ctl.c
+++ b/src/libcharon/plugins/ha/ha_ctl.c
@@ -129,8 +129,8 @@ ha_ctl_t *ha_ctl_create(ha_segments_t *segments, ha_cache_t *cache)
}
umask(old);
}
- if (chown(HA_FIFO, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(HA_FIFO, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing HA FIFO permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c
index c45339690..eed89e0bf 100644
--- a/src/libcharon/plugins/ha/ha_kernel.c
+++ b/src/libcharon/plugins/ha/ha_kernel.c
@@ -316,8 +316,8 @@ static void disable_all(private_ha_kernel_t *this)
{
while (enumerator->enumerate(enumerator, NULL, &file, NULL))
{
- if (chown(file, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(file, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing ClusterIP permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/load_tester/load_tester_control.c b/src/libcharon/plugins/load_tester/load_tester_control.c
index 0c21c23ca..3c82b5c30 100644
--- a/src/libcharon/plugins/load_tester/load_tester_control.c
+++ b/src/libcharon/plugins/load_tester/load_tester_control.c
@@ -110,8 +110,8 @@ static bool open_socket(private_load_tester_control_t *this)
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing load-tester socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/lookip/lookip_socket.c b/src/libcharon/plugins/lookip/lookip_socket.c
index f2a469e92..b1a46f46a 100644
--- a/src/libcharon/plugins/lookip/lookip_socket.c
+++ b/src/libcharon/plugins/lookip/lookip_socket.c
@@ -94,8 +94,8 @@ static bool open_socket(private_lookip_socket_t *this)
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing lookip socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c
index ad5029d1c..0c240cf7f 100644
--- a/src/libcharon/plugins/smp/smp.c
+++ b/src/libcharon/plugins/smp/smp.c
@@ -768,8 +768,8 @@ plugin_t *smp_plugin_create()
return NULL;
}
umask(old);
- if (chown(unix_addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(unix_addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
}
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c
index d152ecd70..931dba1f4 100644
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -847,8 +847,8 @@ static bool open_socket(private_stroke_socket_t *this)
return FALSE;
}
umask(old);
- if (chown(socket_addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(socket_addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/whitelist/whitelist_control.c b/src/libcharon/plugins/whitelist/whitelist_control.c
index a75ea9aee..b90b62ac1 100644
--- a/src/libcharon/plugins/whitelist/whitelist_control.c
+++ b/src/libcharon/plugins/whitelist/whitelist_control.c
@@ -77,8 +77,8 @@ static bool open_socket(private_whitelist_control_t *this)
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
- charon->caps->get_gid(charon->caps)) != 0)
+ if (chown(addr.sun_path, lib->caps->get_uid(lib->caps),
+ lib->caps->get_gid(lib->caps)) != 0)
{
DBG1(DBG_CFG, "changing whitelist socket permissions failed: %s",
strerror(errno));
diff --git a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
index 522cc2426..2ef9a6c8f 100644
--- a/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
+++ b/src/libcharon/plugins/xauth_pam/xauth_pam_plugin.c
@@ -53,7 +53,7 @@ plugin_t *xauth_pam_plugin_create()
xauth_pam_plugin_t *this;
/* required for PAM authentication */
- if (!charon->caps->keep(charon->caps, CAP_AUDIT_WRITE))
+ if (!lib->caps->keep(lib->caps, CAP_AUDIT_WRITE))
{
DBG1(DBG_DMN, "xauth-pam plugin requires CAP_AUDIT_WRITE capability");
return NULL;