#include <signal.h>
#include <sys/types.h>
#include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
#include <hydra.h>
#include <daemon.h>
static bool lookup_uid_gid()
{
#ifdef IPSEC_USER
+ if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
{
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL)
- {
- DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
- return FALSE;
- }
- charon->uid = pwp->pw_uid;
+ return FALSE;
}
#endif
#ifdef IPSEC_GROUP
+ if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
{
- char buf[1024];
- struct group group, *grp;
-
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL)
- {
- DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
- return FALSE;
- }
- charon->gid = grp->gr_gid;
- }
-#endif
- return TRUE;
-}
-
-/**
- * Drop process capabilities
- */
-static bool drop_capabilities()
-{
-#ifdef HAVE_PRCTL
- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
- if (setgid(charon->gid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged group failed");
- return FALSE;
- }
- if (setuid(charon->uid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged user failed");
- return FALSE;
- }
- if (!charon->drop_capabilities(charon))
- {
- DBG1(DBG_DMN, "unable to drop daemon capabilities");
return FALSE;
}
+#endif
return TRUE;
}
goto deinit;
}
- if (!drop_capabilities())
+ if (!charon->caps->drop(charon->caps))
{
DBG1(DBG_DMN, "capability dropping failed - aborting charon-nm");
goto deinit;
}
/* bypass file permissions to read from users ssh-agent */
- charon->keep_cap(charon, CAP_DAC_OVERRIDE);
+ charon->caps->keep(charon->caps, CAP_DAC_OVERRIDE);
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
};
lib->plugins->add_static_features(lib->plugins, "nm-backend", features,
countof(features), TRUE);
-}
\ No newline at end of file
+}
*/
#include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
#define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
#include <signal.h>
#undef _POSIX_PTHREAD_SEMANTICS
#include <errno.h>
#include <unistd.h>
#include <getopt.h>
-#include <pwd.h>
-#include <grp.h>
#include <hydra.h>
#include <daemon.h>
}
/**
- * drop daemon capabilities
- */
-static bool drop_capabilities()
-{
-#ifdef HAVE_PRCTL
- prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
- if (setgid(charon->gid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged group failed");
- return FALSE;
- }
- if (setuid(charon->uid) != 0)
- {
- DBG1(DBG_DMN, "change to unprivileged user failed");
- return FALSE;
- }
- if (!charon->drop_capabilities(charon))
- {
- DBG1(DBG_DMN, "unable to drop daemon capabilities");
- return FALSE;
- }
- return TRUE;
-}
-
-/**
* lookup UID and GID
*/
static bool lookup_uid_gid()
{
#ifdef IPSEC_USER
+ if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
{
- char buf[1024];
- struct passwd passwd, *pwp;
-
- if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
- pwp == NULL)
- {
- DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
- return FALSE;
- }
- charon->uid = pwp->pw_uid;
+ return FALSE;
}
#endif
#ifdef IPSEC_GROUP
+ if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
{
- char buf[1024];
- struct group group, *grp;
-
- if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
- grp == NULL)
- {
- DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
- return FALSE;
- }
- charon->gid = grp->gr_gid;
+ return FALSE;
}
#endif
#ifdef ANDROID
- charon->uid = AID_VPN;
+ charon->caps->set_uid(charon->caps, AID_VPN);
#endif
return TRUE;
}
pidfile = fopen(PID_FILE, "w");
if (pidfile)
{
- ignore_result(fchown(fileno(pidfile), charon->uid, charon->gid));
+ ignore_result(fchown(fileno(pidfile),
+ charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)));
fprintf(pidfile, "%d\n", getpid());
fflush(pidfile);
}
goto deinit;
}
- if (!drop_capabilities())
+ if (!charon->caps->drop(charon->caps))
{
DBG1(DBG_DMN, "capability dropping failed - aborting charon");
goto deinit;
sa/ikev2/tasks/ike_me.c sa/ikev2/tasks/ike_me.h
endif
-if USE_LIBCAP
- libcharon_la_LIBADD += -lcap
-endif
-
# build optional plugins
########################
#include <unistd.h>
#include <time.h>
-#ifdef CAPABILITIES
-# ifdef HAVE_SYS_CAPABILITY_H
-# include <sys/capability.h>
-# elif defined(CAPABILITIES_NATIVE)
-# include <linux/capability.h>
-# endif /* CAPABILITIES_NATIVE */
-#endif /* CAPABILITIES */
-
#include "daemon.h"
#include <library.h>
* Handler for kernel events
*/
kernel_handler_t *kernel_handler;
-
- /**
- * capabilities to keep
- */
-#ifdef CAPABILITIES_LIBCAP
- cap_t caps;
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
- struct __user_cap_data_struct caps[2];
-#endif /* CAPABILITIES_NATIVE */
-
};
/**
/* make sure the cache is clear before unloading plugins */
lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
lib->plugins->unload(lib->plugins);
-#ifdef CAPABILITIES_LIBCAP
- cap_free(this->caps);
-#endif /* CAPABILITIES_LIBCAP */
DESTROY_IF(this->kernel_handler);
DESTROY_IF(this->public.traps);
DESTROY_IF(this->public.shunts);
DESTROY_IF(this->public.backends);
DESTROY_IF(this->public.sender);
DESTROY_IF(this->public.socket);
+ DESTROY_IF(this->public.caps);
/* rehook library logging, shutdown logging */
dbg = dbg_old;
free(this);
}
-METHOD(daemon_t, keep_cap, void,
- private_daemon_t *this, u_int cap)
-{
-#ifdef CAPABILITIES_LIBCAP
- cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
- cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
- cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
- int i = 0;
-
- if (cap >= 32)
- {
- i++;
- cap -= 32;
- }
- this->caps[i].effective |= 1 << cap;
- this->caps[i].permitted |= 1 << cap;
- this->caps[i].inheritable |= 1 << cap;
-#endif /* CAPABILITIES_NATIVE */
-}
-
-METHOD(daemon_t, drop_capabilities, bool,
- private_daemon_t *this)
-{
-#ifdef CAPABILITIES_LIBCAP
- if (cap_set_proc(this->caps) != 0)
- {
- return FALSE;
- }
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
- struct __user_cap_header_struct header = {
-#if defined(_LINUX_CAPABILITY_VERSION_3)
- .version = _LINUX_CAPABILITY_VERSION_3,
-#elif defined(_LINUX_CAPABILITY_VERSION_2)
- .version = _LINUX_CAPABILITY_VERSION_2,
-#elif defined(_LINUX_CAPABILITY_VERSION_1)
- .version = _LINUX_CAPABILITY_VERSION_1,
-#else
- .version = _LINUX_CAPABILITY_VERSION,
-#endif
- };
- if (capset(&header, this->caps) != 0)
- {
- return FALSE;
- }
-#endif /* CAPABILITIES_NATIVE */
- return TRUE;
-}
-
METHOD(daemon_t, start, void,
private_daemon_t *this)
{
INIT(this,
.public = {
- .keep_cap = _keep_cap,
- .drop_capabilities = _drop_capabilities,
.initialize = _initialize,
.start = _start,
.bus = bus_create(),
},
);
charon = &this->public;
+ this->public.caps = capabilities_create();
this->public.controller = controller_create();
this->public.eap = eap_manager_create();
this->public.xauth = xauth_manager_create();
this->public.shunts = shunt_manager_create();
this->kernel_handler = kernel_handler_create();
-#ifdef CAPABILITIES
-#ifdef CAPABILITIES_LIBCAP
- this->caps = cap_init();
-#endif /* CAPABILITIES_LIBCAP */
- keep_cap(this, CAP_NET_ADMIN);
- if (lib->leak_detective)
- {
- keep_cap(this, CAP_SYS_NICE);
- }
-#endif /* CAPABILITIES */
+ this->public.caps->keep(this->public.caps, CAP_NET_ADMIN);
return this;
}
#include <config/backend_manager.h>
#include <sa/eap/eap_manager.h>
#include <sa/xauth/xauth_manager.h>
+#include <utils/capabilities.h>
#ifdef ME
#include <sa/ikev2/connect_manager.h>
#endif /* ME */
/**
- * User ID the daemon will user after initialization
+ * POSIX capability dropping
*/
- uid_t uid;
-
- /**
- * Group ID the daemon will use after initialization
- */
- gid_t gid;
+ capabilities_t *caps;
/**
* Name of the binary that uses the library (used for settings etc.)
const char *name;
/**
- * Do not drop a given capability after initialization.
- *
- * Some plugins might need additional capabilites. They tell the daemon
- * during plugin initialization which one they need, the daemon won't
- * drop these.
- */
- void (*keep_cap)(daemon_t *this, u_int cap);
-
- /**
- * Drop all capabilities of the current process.
- *
- * Drops all capabalities, excect those exlcuded using keep_cap().
- * This should be called after the initialization of the daemon because
- * some plugins require the process to keep additional capabilities.
- *
- * @return TRUE, if successful
- */
- bool (*drop_capabilities)(daemon_t *this);
-
- /**
* Initialize the daemon.
*
* @param plugins list of plugins to load
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->uid, charon->gid) != 0)
+ if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing duplicheck socket permissions failed: %s",
strerror(errno));
);
/* required for PAM authentication */
- charon->keep_cap(charon, CAP_AUDIT_WRITE);
+ charon->caps->keep(charon->caps, CAP_AUDIT_WRITE);
charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER,
(eap_constructor_t)eap_gtc_create_server);
}
umask(old);
}
- if (chown(HA_FIFO, charon->uid, charon->gid) != 0)
+ if (chown(HA_FIFO, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing HA FIFO permissions failed: %s",
strerror(errno));
{
while (enumerator->enumerate(enumerator, NULL, &file, NULL))
{
- if (chown(file, charon->uid, charon->gid) != 0)
+ if (chown(file, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing ClusterIP permissions failed: %s",
strerror(errno));
return NULL;
}
umask(old);
- if (chown(unix_addr.sun_path, charon->uid, charon->gid) != 0)
+ if (chown(unix_addr.sun_path, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
}
return FALSE;
}
umask(old);
- if (chown(socket_addr.sun_path, charon->uid, charon->gid) != 0)
+ if (chown(socket_addr.sun_path, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
strerror(errno));
return FALSE;
}
umask(old);
- if (chown(addr.sun_path, charon->uid, charon->gid) != 0)
+ if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
+ charon->caps->get_gid(charon->caps)) != 0)
{
DBG1(DBG_CFG, "changing whitelist socket permissions failed: %s",
strerror(errno));
utils/hashtable.c utils/hashtable.h \
utils/enumerator.c utils/enumerator.h \
utils/optionsfrom.c utils/optionsfrom.h \
+utils/capabilities.c utils/capabilities.h \
utils/backtrace.c utils/backtrace.h
libstrongswan_la_LIBADD += -lvstr
endif
+if USE_LIBCAP
+ libstrongswan_la_LIBADD += -lcap
+endif
+
EXTRA_DIST = \
asn1/oid.txt asn1/oid.pl \
crypto/proposal/proposal_keywords.txt \
--- /dev/null
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "capabilities.h"
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#ifdef HAVE_PRCTL
+# include <sys/prctl.h>
+#endif /* HAVE_PRCTL */
+
+#include <debug.h>
+
+typedef struct private_capabilities_t private_capabilities_t;
+
+/**
+ * Private data of an capabilities_t object.
+ */
+struct private_capabilities_t {
+
+ /**
+ * Public capabilities_t interface.
+ */
+ capabilities_t public;
+
+ /**
+ * user ID to switch during rights dropping
+ */
+ uid_t uid;
+
+ /**
+ * group ID to switch during rights dropping
+ */
+ gid_t gid;
+
+ /**
+ * capabilities to keep
+ */
+#ifdef CAPABILITIES_LIBCAP
+ cap_t caps;
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+ struct __user_cap_data_struct caps[2];
+#endif /* CAPABILITIES_NATIVE */
+};
+
+METHOD(capabilities_t, keep, void,
+ private_capabilities_t *this, u_int cap)
+{
+#ifdef CAPABILITIES_LIBCAP
+ cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
+ cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
+ cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+ int i = 0;
+
+ if (cap >= 32)
+ {
+ i++;
+ cap -= 32;
+ }
+ this->caps[i].effective |= 1 << cap;
+ this->caps[i].permitted |= 1 << cap;
+ this->caps[i].inheritable |= 1 << cap;
+#endif /* CAPABILITIES_NATIVE */
+}
+
+METHOD(capabilities_t, get_uid, uid_t,
+ private_capabilities_t *this)
+{
+ return this->uid;
+}
+
+METHOD(capabilities_t, get_gid, gid_t,
+ private_capabilities_t *this)
+{
+ return this->gid;
+}
+
+METHOD(capabilities_t, set_uid, void,
+ private_capabilities_t *this, uid_t uid)
+{
+ this->uid = uid;
+}
+
+METHOD(capabilities_t, set_gid, void,
+ private_capabilities_t *this, gid_t gid)
+{
+ this->gid = gid;
+}
+
+METHOD(capabilities_t, resolve_uid, bool,
+ private_capabilities_t *this, char *username)
+{
+ const char *errstr = "user not found";
+ struct passwd passwd, *pwp;
+ char buf[1024];
+ int err;
+
+ err = getpwnam_r(username, &passwd, buf, sizeof(buf), &pwp);
+ if (pwp == NULL)
+ {
+ if (err)
+ {
+ errstr = strerror(err);
+ }
+ DBG1(DBG_LIB, "resolving user '%s' failed: %s", username, errstr);
+ return FALSE;
+ }
+ this->uid = pwp->pw_uid;
+ return TRUE;
+}
+
+METHOD(capabilities_t, resolve_gid, bool,
+ private_capabilities_t *this, char *groupname)
+{
+ const char *errstr = "group not found";
+ struct group group, *grp;
+ char buf[1024];
+ int err;
+
+ err = getgrnam_r(groupname, &group, buf, sizeof(buf), &grp);
+ if (grp == NULL)
+ {
+ if (err)
+ {
+ errstr = strerror(err);
+ }
+ DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname, errstr);
+ return FALSE;
+ }
+ this->gid = grp->gr_gid;
+ return TRUE;
+}
+
+METHOD(capabilities_t, drop, bool,
+ private_capabilities_t *this)
+{
+#ifdef HAVE_PRCTL
+ prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+#endif
+
+ if (this->gid && setgid(this->gid) != 0)
+ {
+ DBG1(DBG_LIB, "change to unprivileged group %u failed: %s",
+ this->gid, strerror(errno));
+ return FALSE;
+ }
+ if (this->uid && setuid(this->uid) != 0)
+ {
+ DBG1(DBG_LIB, "change to unprivileged user %u failed: %s",
+ this->uid, strerror(errno));
+ return FALSE;
+ }
+
+#ifdef CAPABILITIES_LIBCAP
+ if (cap_set_proc(this->caps) != 0)
+ {
+ DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
+ return FALSE;
+ }
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+ struct __user_cap_header_struct header = {
+#if defined(_LINUX_CAPABILITY_VERSION_3)
+ .version = _LINUX_CAPABILITY_VERSION_3,
+#elif defined(_LINUX_CAPABILITY_VERSION_2)
+ .version = _LINUX_CAPABILITY_VERSION_2,
+#elif defined(_LINUX_CAPABILITY_VERSION_1)
+ .version = _LINUX_CAPABILITY_VERSION_1,
+#else
+ .version = _LINUX_CAPABILITY_VERSION,
+#endif
+ };
+ if (capset(&header, this->caps) != 0)
+ {
+ DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
+ return FALSE;
+ }
+#endif /* CAPABILITIES_NATIVE */
+#ifdef CAPABILITIES
+ DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u",
+ this->uid, this->gid);
+#endif /* CAPABILITIES */
+ return TRUE;
+}
+
+METHOD(capabilities_t, destroy, void,
+ private_capabilities_t *this)
+{
+#ifdef CAPABILITIES_LIBCAP
+ cap_free(this->caps);
+#endif /* CAPABILITIES_LIBCAP */
+ free(this);
+}
+
+/**
+ * See header
+ */
+capabilities_t *capabilities_create()
+{
+ private_capabilities_t *this;
+
+ INIT(this,
+ .public = {
+ .keep = _keep,
+ .get_uid = _get_uid,
+ .get_gid = _get_gid,
+ .set_uid = _set_uid,
+ .set_gid = _set_gid,
+ .resolve_uid = _resolve_uid,
+ .resolve_gid = _resolve_gid,
+ .drop = _drop,
+ .destroy = _destroy,
+ },
+ );
+
+#ifdef CAPABILITIES
+#ifdef CAPABILITIES_LIBCAP
+ this->caps = cap_init();
+#endif /* CAPABILITIES_LIBCAP */
+ if (lib->leak_detective)
+ {
+ keep(this, CAP_SYS_NICE);
+ }
+#endif /* CAPABILITIES */
+
+ return &this->public;
+}
--- /dev/null
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup capabilities capabilities
+ * @{ @ingroup utils
+ */
+
+#ifndef CAPABILITIES_H_
+#define CAPABILITIES_H_
+
+#include <library.h>
+#ifdef HAVE_SYS_CAPABILITY_H
+# include <sys/capability.h>
+#else
+# include <linux/capability.h>
+#endif
+
+typedef struct capabilities_t capabilities_t;
+
+/**
+ * POSIX capability dropping abstraction layer.
+ */
+struct capabilities_t {
+
+ /**
+ * Register a capability to keep while calling drop().
+ *
+ * @param cap capability to keep
+ */
+ void (*keep)(capabilities_t *this, u_int cap);
+
+ /**
+ * Get the user ID set through set_uid/resolve_uid.
+ *
+ * @return currently set user ID
+ */
+ uid_t (*get_uid)(capabilities_t *this);
+
+ /**
+ * Get the group ID set through set_gid/resolve_gid.
+ *
+ * @return currently set group ID
+ */
+ gid_t (*get_gid)(capabilities_t *this);
+
+ /**
+ * Set the numerical user ID to use during rights dropping.
+ *
+ * @param uid user ID to use
+ */
+ void (*set_uid)(capabilities_t *this, uid_t uid);
+
+ /**
+ * Set the numerical group ID to use during rights dropping.
+ *
+ * @param gid group ID to use
+ */
+ void (*set_gid)(capabilities_t *this, gid_t gid);
+
+ /**
+ * Resolve a username and set the user ID accordingly.
+ *
+ * @param username username get the uid for
+ * @return TRUE if username resolved and uid set
+ */
+ bool (*resolve_uid)(capabilities_t *this, char *username);
+
+ /**
+ * Resolve a groupname and set the group ID accordingly.
+ *
+ * @param groupname groupname to get the gid for
+ * @return TRUE if groupname resolved and gid set
+ */
+ bool (*resolve_gid)(capabilities_t *this, char *groupname);
+
+ /**
+ * Drop all capabilities not previously passed to keep(), switch to UID/GID.
+ *
+ * @return TRUE if capability drop successful
+ */
+ bool (*drop)(capabilities_t *this);
+
+ /**
+ * Destroy a capabilities_t.
+ */
+ void (*destroy)(capabilities_t *this);
+};
+
+/**
+ * Create a capabilities instance.
+ */
+capabilities_t *capabilities_create();
+
+#endif /** CAPABILITIES_H_ @}*/