From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 13 Mar 2015 13:33:13 +0000 (+0100)
Subject: charon-systemd: Add support to configure user and group via strongswan.conf
X-Git-Tag: 5.3.0dr1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f3c83322;p=thirdparty%2Fstrongswan.git

charon-systemd: Add support to configure user and group via strongswan.conf

Fixes #887.
---

diff --git a/src/charon-systemd/charon-systemd.c b/src/charon-systemd/charon-systemd.c
index 4a2136fc9c..aeb67d410e 100644
--- a/src/charon-systemd/charon-systemd.c
+++ b/src/charon-systemd/charon-systemd.c
@@ -39,6 +39,17 @@
 #include <threading/thread.h>
 #include <threading/rwlock.h>
 
+/**
+ * Default user and group
+ */
+#ifndef IPSEC_USER
+#define IPSEC_USER NULL
+#endif
+
+#ifndef IPSEC_GROUP
+#define IPSEC_GROUP NULL
+#endif
+
 /**
  * hook in library for debugging messages
  */
@@ -268,18 +279,20 @@ static int run()
  */
 static bool lookup_uid_gid()
 {
-#ifdef IPSEC_USER
-	if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
+	char *name
+
+	name = lib->settings->get_str(lib->settings, "%s.user", IPSEC_USER,
+								  lib->ns);
+	if (name && !lib->caps->resolve_uid(lib->caps, name))
 	{
 		return FALSE;
 	}
-#endif /* IPSEC_USER */
-#ifdef IPSEC_GROUP
-	if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
+	name = lib->settings->get_str(lib->settings, "%s.group", IPSEC_GROUP,
+								  lib->ns);
+	if (name && !lib->caps->resolve_gid(lib->caps, name))
 	{
 		return FALSE;
 	}
-#endif /* IPSEC_GROUP */
 	return TRUE;
 }