stream-service: move CAP_CHOWN check from plugins to service constructor

A plugin service can be a TCP socket now, so it does not make much sense
to strictly check for CAP_CHOWN.

diff --git a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
index 6b8609ebc4c97ad62dd77a600d2ca6eaf5aaaca8..4d018dbeff2649d819e129bf79cbf541da472e40 100644 (file)
--- a/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
+++ b/src/libcharon/plugins/duplicheck/duplicheck_plugin.c
@@ -98,12 +98,6 @@ plugin_t *duplicheck_plugin_create()
                return NULL;
        }
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) notify socket */
-               DBG1(DBG_CFG, "duplicheck plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {

diff --git a/src/libcharon/plugins/error_notify/error_notify_plugin.c b/src/libcharon/plugins/error_notify/error_notify_plugin.c
index ef0ce7bc6004c089a285fe44926330bac44e05e0..40ace601441ccadb2f0907b8a1265a6a188e63a1 100644 (file)
--- a/src/libcharon/plugins/error_notify/error_notify_plugin.c
+++ b/src/libcharon/plugins/error_notify/error_notify_plugin.c
@@ -92,12 +92,6 @@ plugin_t *error_notify_plugin_create()
 {
        private_error_notify_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) notify socket */
-               DBG1(DBG_CFG, "error-notify plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {

diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index 7f2d425fd36eacfbf4b3570ffad91c600526d29c..03557a269edea9207a3155230f56c5c41b277d44 100644 (file)
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -269,12 +269,6 @@ plugin_t *load_tester_plugin_create()
                return NULL;
        }
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "load-tester plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
@@ -304,4 +298,3 @@ plugin_t *load_tester_plugin_create()
        }
        return &this->public.plugin;
 }
-

diff --git a/src/libcharon/plugins/lookip/lookip_plugin.c b/src/libcharon/plugins/lookip/lookip_plugin.c
index 63b1381627011a2bcf362ae022f3f9218065c08c..a6c32d65d85cf2e37d293e8a5b9e47421907d13a 100644 (file)
--- a/src/libcharon/plugins/lookip/lookip_plugin.c
+++ b/src/libcharon/plugins/lookip/lookip_plugin.c
@@ -92,12 +92,6 @@ plugin_t *lookip_plugin_create()
 {
        private_lookip_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "lookip plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {

diff --git a/src/libcharon/plugins/stroke/stroke_plugin.c b/src/libcharon/plugins/stroke/stroke_plugin.c
index 767bdc64bd779bcaa51c71e4dcd4193d9cb41d05..31df1f99b33b38dacdb45742466104ef8edc89d5 100644 (file)
--- a/src/libcharon/plugins/stroke/stroke_plugin.c
+++ b/src/libcharon/plugins/stroke/stroke_plugin.c
@@ -51,12 +51,13 @@ static bool register_stroke(private_stroke_plugin_t *this,
        if (reg)
        {
                this->socket = stroke_socket_create();
+               return this->socket != NULL;
        }
        else
        {
                DESTROY_IF(this->socket);
+               return TRUE;
        }
-       return TRUE;
 }
 
 METHOD(plugin_t, get_features, int,
@@ -91,12 +92,6 @@ plugin_t *stroke_plugin_create()
 {
        private_stroke_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) stroke socket */
-               DBG1(DBG_CFG, "stroke plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {
@@ -110,4 +105,3 @@ plugin_t *stroke_plugin_create()
 
        return &this->public.plugin;
 }
-

diff --git a/src/libcharon/plugins/whitelist/whitelist_plugin.c b/src/libcharon/plugins/whitelist/whitelist_plugin.c
index 38465aebbff2f14dd1ff0f5f28ec37c5afa0705b..3ea45723cf035da63f77d13915a6877de4f6124f 100644 (file)
--- a/src/libcharon/plugins/whitelist/whitelist_plugin.c
+++ b/src/libcharon/plugins/whitelist/whitelist_plugin.c
@@ -92,12 +92,6 @@ plugin_t *whitelist_plugin_create()
 {
        private_whitelist_plugin_t *this;
 
-       if (!lib->caps->check(lib->caps, CAP_CHOWN))
-       {       /* required to chown(2) control socket */
-               DBG1(DBG_CFG, "whitelist plugin requires CAP_CHOWN capability");
-               return NULL;
-       }
-
        INIT(this,
                .public = {
                        .plugin = {

diff --git a/src/libstrongswan/networking/streams/stream_service.c b/src/libstrongswan/networking/streams/stream_service.c
index c2681af3a317f9b3bdce363e1c7ff4d6f4a4d47a..ece17b41f1e113dbee3887c93c4266eeb924bb3e 100644 (file)
--- a/src/libstrongswan/networking/streams/stream_service.c
+++ b/src/libstrongswan/networking/streams/stream_service.c
@@ -251,6 +251,11 @@ stream_service_t *stream_service_create_unix(char *uri, int backlog)
                DBG1(DBG_NET, "invalid stream URI: '%s'", uri);
                return NULL;
        }
+       if (!lib->caps->check(lib->caps, CAP_CHOWN))
+       {       /* required to chown(2) service socket */
+               DBG1(DBG_NET, "socket '%s' requires CAP_CHOWN capability", uri);
+               return NULL;
+       }
        fd = socket(AF_UNIX, SOCK_STREAM, 0);
        if (fd == -1)
        {