stream-service: move CAP_CHOWN check from plugins to service constructor
authorMartin Willi <martin@revosec.ch>
Thu, 18 Jul 2013 13:46:17 +0000 (15:46 +0200)
committerMartin Willi <martin@revosec.ch>
Thu, 18 Jul 2013 14:00:31 +0000 (16:00 +0200)
A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.

src/libcharon/plugins/duplicheck/duplicheck_plugin.c
src/libcharon/plugins/error_notify/error_notify_plugin.c
src/libcharon/plugins/load_tester/load_tester_plugin.c
src/libcharon/plugins/lookip/lookip_plugin.c
src/libcharon/plugins/stroke/stroke_plugin.c
src/libcharon/plugins/whitelist/whitelist_plugin.c
src/libstrongswan/networking/streams/stream_service.c

index 6b8609e..4d018db 100644 (file)
@@ -98,12 +98,6 @@ plugin_t *duplicheck_plugin_create()
                return NULL;
        }
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) notify socket */
-               DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
index ef0ce7b..40ace60 100644 (file)
@@ -92,12 +92,6 @@ plugin_t *error_notify_plugin_create()
 {
        private_error_notify_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) notify socket */
-               DBG1(DBG_CFG, "error-notify plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
index 7f2d425..03557a2 100644 (file)
@@ -269,12 +269,6 @@ plugin_t *load_tester_plugin_create()
                return NULL;
        }
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "load-tester plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
@@ -304,4 +298,3 @@ plugin_t *load_tester_plugin_create()
        }
        return &this->public.plugin;
 }
-
index 63b1381..a6c32d6 100644 (file)
@@ -92,12 +92,6 @@ plugin_t *lookip_plugin_create()
 {
        private_lookip_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "lookip plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
index 767bdc6..31df1f9 100644 (file)
@@ -51,12 +51,13 @@ static bool register_stroke(private_stroke_plugin_t *this,
        if (reg)
        {
                this->socket = stroke_socket_create();
+               return this->socket != NULL;
        }
        else
        {
                DESTROY_IF(this->socket);
+               return TRUE;
        }
-       return TRUE;
 }
 
 METHOD(plugin_t, get_features, int,
@@ -91,12 +92,6 @@ plugin_t *stroke_plugin_create()
 {
        private_stroke_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) stroke socket */
-               DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
@@ -110,4 +105,3 @@ plugin_t *stroke_plugin_create()
 
        return &this->public.plugin;
 }
-
index 38465ae..3ea4572 100644 (file)
@@ -92,12 +92,6 @@ plugin_t *whitelist_plugin_create()
 {
        private_whitelist_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "whitelist plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
index c2681af..ece17b4 100644 (file)
@@ -251,6 +251,11 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
                DBG1(DBG_NET, "invalid stream URI: '%s'", uri);
                return NULL;
        }
+       if (!lib->caps->check(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) service socket */
+               DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri);
+               return NULL;
+       }
        fd = socket(AF_UNIX, SOCK_STREAM, 0);
        if (fd == -1)
        {