capabilities: CAP_CHOWN might be required by many plugins opening UNIX sockets
[strongswan.git] / src / libcharon / plugins / duplicheck / duplicheck_plugin.c
index cbb575a..d6e652d 100644 (file)
@@ -15,6 +15,7 @@
 
 #include "duplicheck_plugin.h"
 
+#include "duplicheck_notify.h"
 #include "duplicheck_listener.h"
 
 #include <daemon.h>
@@ -35,12 +36,51 @@ struct private_duplicheck_plugin_t {
         * Listener doing duplicate checks
         */
        duplicheck_listener_t *listener;
+
+       /**
+        * Notification sender facility
+        */
+       duplicheck_notify_t *notify;
 };
 
+METHOD(plugin_t, get_name, char*,
+       private_duplicheck_plugin_t *this)
+{
+       return "duplicheck";
+}
+
+/**
+ * Register listener
+ */
+static bool plugin_cb(private_duplicheck_plugin_t *this,
+                                         plugin_feature_t *feature, bool reg, void *cb_data)
+{
+       if (reg)
+       {
+               charon->bus->add_listener(charon->bus, &this->listener->listener);
+       }
+       else
+       {
+               charon->bus->remove_listener(charon->bus, &this->listener->listener);
+       }
+       return TRUE;
+}
+
+METHOD(plugin_t, get_features, int,
+       private_duplicheck_plugin_t *this, plugin_feature_t *features[])
+{
+       static plugin_feature_t f[] = {
+               PLUGIN_CALLBACK((plugin_feature_callback_t)plugin_cb, NULL),
+                       PLUGIN_PROVIDE(CUSTOM, "duplicheck"),
+       };
+       *features = f;
+       return countof(f);
+}
+
 METHOD(plugin_t, destroy, void,
        private_duplicheck_plugin_t *this)
 {
-       charon->bus->remove_listener(charon->bus, &this->listener->listener);
+       this->notify->destroy(this->notify);
        this->listener->destroy(this->listener);
        free(this);
 }
@@ -52,16 +92,35 @@ plugin_t *duplicheck_plugin_create()
 {
        private_duplicheck_plugin_t *this;
 
+       if (!lib->settings->get_bool(lib->settings,
+                                                       "%s.plugins.duplicheck.enable", TRUE, charon->name))
+       {
+               return NULL;
+       }
+
+       if (!lib->caps->keep(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) notify socket */
+               DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability");
+               return NULL;
+       }
+
        INIT(this,
                .public = {
                        .plugin = {
+                               .get_name = _get_name,
+                               .get_features = _get_features,
                                .destroy = _destroy,
                        },
                },
-               .listener = duplicheck_listener_create(),
+               .notify = duplicheck_notify_create(),
        );
 
-       charon->bus->add_listener(charon->bus, &this->listener->listener);
+       if (!this->notify)
+       {
+               free(this);
+               return NULL;
+       }
+       this->listener = duplicheck_listener_create(this->notify);
 
        return &this->public.plugin;
 }