stroke: Add an option to prevent log level changes via stroke socket

author Tobias Brunner <tobias@strongswan.org>

Fri, 29 Nov 2013 16:27:23 +0000 (17:27 +0100)

committer Tobias Brunner <tobias@strongswan.org>

Thu, 23 Jan 2014 09:15:07 +0000 (10:15 +0100)
author Tobias Brunner <tobias@strongswan.org>
Fri, 29 Nov 2013 16:27:23 +0000 (17:27 +0100)
committer Tobias Brunner <tobias@strongswan.org>
Thu, 23 Jan 2014 09:15:07 +0000 (10:15 +0100)
diff --git a/man/strongswan.conf.5.in b/man/strongswan.conf.5.in

index 0d52892..2509a82 100644 (file)
--- a/man/strongswan.conf.5.in
+++ b/man/strongswan.conf.5.in
@@ -721,6 +721,9 @@ certificates even if they don't contain a CA basic constraint.
  .BR charon.plugins.stroke.max_concurrent " [4]"
  Maximum number of stroke messages handled concurrently
  .TP
+.BR charon.plugins.stroke.prevent_loglevel_changes " [no]"
+If enabled log level changes via stroke socket are not allowed.
+.TP
  .BR charon.plugins.stroke.socket " [unix://@piddir@/charon.ctl]"
  Socket provided by the stroke plugin
  .TP
diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c

index cf7ec36..8c0f2ea 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_socket.c
+++ b/src/libcharon/plugins/stroke/stroke_socket.c
@@ -1,5 +1,5 @@
  /*
- * Copyright (C) 2011-2012 Tobias Brunner
+ * Copyright (C) 2011-2013 Tobias Brunner
   * Copyright (C) 2008 Martin Willi
   * Hochschule fuer Technik Rapperswil
   *
@@ -99,6 +99,11 @@ struct private_stroke_socket_t {
          * Counter values for IKE events
          */
         stroke_counter_t *counter;
+
+       /**
+        * TRUE if log level changes are not allowed
+        */
+       bool prevent_loglevel_changes;
  };
  
  /**
@@ -567,6 +572,12 @@ static void stroke_loglevel(private_stroke_socket_t *this,
         DBG1(DBG_CFG, "received stroke: loglevel %d for %s",
                  msg->loglevel.level, msg->loglevel.type);
  
+       if (this->prevent_loglevel_changes)
+       {
+               DBG1(DBG_CFG, "prevented log level change");
+               fprintf(out, "command not allowed!\n");
+               return;
+       }
         if (strcaseeq(msg->loglevel.type, "any"))
         {
                 group = DBG_ANY;
@@ -576,7 +587,7 @@ static void stroke_loglevel(private_stroke_socket_t *this,
                 group = enum_from_name(debug_names, msg->loglevel.type);
                 if ((int)group < 0)
                 {
-                       fprintf(out, "invalid type (%s)!\n", msg->loglevel.type);
+                       fprintf(out, "unknown type '%s'!\n", msg->loglevel.type);
                         return;
                 }
         }
@@ -748,6 +759,8 @@ stroke_socket_t *stroke_socket_create()
                 .public = {
                         .destroy = _destroy,
                 },
+               .prevent_loglevel_changes = lib->settings->get_bool(lib->settings,
+                       "%s.plugins.stroke.prevent_loglevel_changes", FALSE, charon->name),
         );
  
         this->cred = stroke_cred_create();
author	Tobias Brunner <tobias@strongswan.org>
	Fri, 29 Nov 2013 16:27:23 +0000 (17:27 +0100)
committer	Tobias Brunner <tobias@strongswan.org>
	Thu, 23 Jan 2014 09:15:07 +0000 (10:15 +0100)
man/strongswan.conf.5.in		patch \| blob \| history
src/libcharon/plugins/stroke/stroke_socket.c		patch \| blob \| history