Refactored heavily #ifdefd capability code to its own libstrongswan class

src/charon-nm/charon-nm.c

@@ -18,11 +18,6 @@
 #include <signal.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <pwd.h>
-#include <grp.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
 
 #include <hydra.h>
 #include <daemon.h>
@@ -149,63 +144,20 @@ static void initialize_logger()
 static bool lookup_uid_gid()
 {
 #ifdef IPSEC_USER
+	if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
 	{
-		char buf[1024];
-		struct passwd passwd, *pwp;
-
-		if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
-			pwp == NULL)
-		{
-			DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
-			return FALSE;
-		}
-		charon->uid = pwp->pw_uid;
+		return FALSE;
 	}
 #endif
 #ifdef IPSEC_GROUP
+	if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
 	{
-		char buf[1024];
-		struct group group, *grp;
-
-		if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
-			grp == NULL)
-		{
-			DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
-			return FALSE;
-		}
-		charon->gid = grp->gr_gid;
+		return FALSE;
 	}
 #endif
 	return TRUE;
 }
 
-/**
- * Drop process capabilities
- */
-static bool drop_capabilities()
-{
-#ifdef HAVE_PRCTL
-	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
-	if (setgid(charon->gid) != 0)
-	{
-		DBG1(DBG_DMN, "change to unprivileged group failed");
-		return FALSE;
-	}
-	if (setuid(charon->uid) != 0)
-	{
-		DBG1(DBG_DMN, "change to unprivileged user failed");
-		return FALSE;
-	}
-	if (!charon->drop_capabilities(charon))
-	{
-		DBG1(DBG_DMN, "unable to drop daemon capabilities");
-		return FALSE;
-	}
-	return TRUE;
-}
-
 /**
  * Main function, starts NetworkManager backend.
  */
@@ -275,7 +227,7 @@ int main(int argc, char *argv[])
 		goto deinit;
 	}
 
-	if (!drop_capabilities())
+	if (!charon->caps->drop(charon->caps))
 	{
 		DBG1(DBG_DMN, "capability dropping failed - aborting charon-nm");
 		goto deinit;

src/charon-nm/nm/nm_backend.c

@@ -137,7 +137,7 @@ static bool nm_backend_init()
 	}
 
 	/* bypass file permissions to read from users ssh-agent */
-	charon->keep_cap(charon, CAP_DAC_OVERRIDE);
+	charon->caps->keep(charon->caps, CAP_DAC_OVERRIDE);
 
 	lib->processor->queue_job(lib->processor,
 		(job_t*)callback_job_create_with_prio((callback_job_cb_t)run, this,
@@ -171,4 +171,4 @@ void nm_backend_register()
 	};
 	lib->plugins->add_static_features(lib->plugins, "nm-backend", features,
 									  countof(features), TRUE);
-}
+}

src/charon/charon.c

@@ -17,9 +17,6 @@
  */
 
 #include <stdio.h>
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
 #define _POSIX_PTHREAD_SEMANTICS /* for two param sigwait on OpenSolaris */
 #include <signal.h>
 #undef _POSIX_PTHREAD_SEMANTICS
@@ -31,8 +28,6 @@
 #include <errno.h>
 #include <unistd.h>
 #include <getopt.h>
-#include <pwd.h>
-#include <grp.h>
 
 #include <hydra.h>
 #include <daemon.h>
@@ -143,68 +138,25 @@ static void run()
 	}
 }
 
-/**
- * drop daemon capabilities
- */
-static bool drop_capabilities()
-{
-#ifdef HAVE_PRCTL
-	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
-#endif
-
-	if (setgid(charon->gid) != 0)
-	{
-		DBG1(DBG_DMN, "change to unprivileged group failed");
-		return FALSE;
-	}
-	if (setuid(charon->uid) != 0)
-	{
-		DBG1(DBG_DMN, "change to unprivileged user failed");
-		return FALSE;
-	}
-	if (!charon->drop_capabilities(charon))
-	{
-		DBG1(DBG_DMN, "unable to drop daemon capabilities");
-		return FALSE;
-	}
-	return TRUE;
-}
-
 /**
  * lookup UID and GID
  */
 static bool lookup_uid_gid()
 {
 #ifdef IPSEC_USER
+	if (!charon->caps->resolve_uid(charon->caps, IPSEC_USER))
 	{
-		char buf[1024];
-		struct passwd passwd, *pwp;
-
-		if (getpwnam_r(IPSEC_USER, &passwd, buf, sizeof(buf), &pwp) != 0 ||
-			pwp == NULL)
-		{
-			DBG1(DBG_DMN, "resolving user '"IPSEC_USER"' failed");
-			return FALSE;
-		}
-		charon->uid = pwp->pw_uid;
+		return FALSE;
 	}
 #endif
 #ifdef IPSEC_GROUP
+	if (!charon->caps->resolve_gid(charon->caps, IPSEC_GROUP))
 	{
-		char buf[1024];
-		struct group group, *grp;
-
-		if (getgrnam_r(IPSEC_GROUP, &group, buf, sizeof(buf), &grp) != 0 ||
-			grp == NULL)
-		{
-			DBG1(DBG_DMN, "resolving group '"IPSEC_GROUP"' failed");
-			return FALSE;
-		}
-		charon->gid = grp->gr_gid;
+		return FALSE;
 	}
 #endif
 #ifdef ANDROID
-	charon->uid = AID_VPN;
+	charon->caps->set_uid(charon->caps, AID_VPN);
 #endif
 	return TRUE;
 }
@@ -260,7 +212,9 @@ static bool check_pidfile()
 	pidfile = fopen(PID_FILE, "w");
 	if (pidfile)
 	{
-		ignore_result(fchown(fileno(pidfile), charon->uid, charon->gid));
+		ignore_result(fchown(fileno(pidfile),
+							 charon->caps->get_uid(charon->caps),
+							 charon->caps->get_gid(charon->caps)));
 		fprintf(pidfile, "%d\n", getpid());
 		fflush(pidfile);
 	}
@@ -582,7 +536,7 @@ int main(int argc, char *argv[])
 		goto deinit;
 	}
 
-	if (!drop_capabilities())
+	if (!charon->caps->drop(charon->caps))
 	{
 		DBG1(DBG_DMN, "capability dropping failed - aborting charon");
 		goto deinit;

src/libcharon/Makefile.am

@@ -153,10 +153,6 @@ if USE_ME
     sa/ikev2/tasks/ike_me.c sa/ikev2/tasks/ike_me.h
 endif
 
-if USE_LIBCAP
-  libcharon_la_LIBADD += -lcap
-endif
-
 # build optional plugins
 ########################
 

src/libcharon/daemon.c

@@ -21,14 +21,6 @@
 #include <unistd.h>
 #include <time.h>
 
-#ifdef CAPABILITIES
-# ifdef HAVE_SYS_CAPABILITY_H
-#  include <sys/capability.h>
-# elif defined(CAPABILITIES_NATIVE)
-#  include <linux/capability.h>
-# endif /* CAPABILITIES_NATIVE */
-#endif /* CAPABILITIES */
-
 #include "daemon.h"
 
 #include <library.h>
@@ -52,17 +44,6 @@ struct private_daemon_t {
 	 * Handler for kernel events
 	 */
 	kernel_handler_t *kernel_handler;
-
-	/**
-	 * capabilities to keep
-	 */
-#ifdef CAPABILITIES_LIBCAP
-	cap_t caps;
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
-	struct __user_cap_data_struct caps[2];
-#endif /* CAPABILITIES_NATIVE */
-
 };
 
 /**
@@ -125,9 +106,6 @@ static void destroy(private_daemon_t *this)
 	/* make sure the cache is clear before unloading plugins */
 	lib->credmgr->flush_cache(lib->credmgr, CERT_ANY);
 	lib->plugins->unload(lib->plugins);
-#ifdef CAPABILITIES_LIBCAP
-	cap_free(this->caps);
-#endif /* CAPABILITIES_LIBCAP */
 	DESTROY_IF(this->kernel_handler);
 	DESTROY_IF(this->public.traps);
 	DESTROY_IF(this->public.shunts);
@@ -138,6 +116,7 @@ static void destroy(private_daemon_t *this)
 	DESTROY_IF(this->public.backends);
 	DESTROY_IF(this->public.sender);
 	DESTROY_IF(this->public.socket);
+	DESTROY_IF(this->public.caps);
 
 	/* rehook library logging, shutdown logging */
 	dbg = dbg_old;
@@ -150,57 +129,6 @@ static void destroy(private_daemon_t *this)
 	free(this);
 }
 
-METHOD(daemon_t, keep_cap, void,
-	   private_daemon_t *this, u_int cap)
-{
-#ifdef CAPABILITIES_LIBCAP
-	cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
-	cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
-	cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
-	int i = 0;
-
-	if (cap >= 32)
-	{
-		i++;
-		cap -= 32;
-	}
-	this->caps[i].effective |= 1 << cap;
-	this->caps[i].permitted |= 1 << cap;
-	this->caps[i].inheritable |= 1 << cap;
-#endif /* CAPABILITIES_NATIVE */
-}
-
-METHOD(daemon_t, drop_capabilities, bool,
-	   private_daemon_t *this)
-{
-#ifdef CAPABILITIES_LIBCAP
-	if (cap_set_proc(this->caps) != 0)
-	{
-		return FALSE;
-	}
-#endif /* CAPABILITIES_LIBCAP */
-#ifdef CAPABILITIES_NATIVE
-	struct __user_cap_header_struct header = {
-#if defined(_LINUX_CAPABILITY_VERSION_3)
-		.version = _LINUX_CAPABILITY_VERSION_3,
-#elif defined(_LINUX_CAPABILITY_VERSION_2)
-		.version = _LINUX_CAPABILITY_VERSION_2,
-#elif defined(_LINUX_CAPABILITY_VERSION_1)
-		.version = _LINUX_CAPABILITY_VERSION_1,
-#else
-		.version = _LINUX_CAPABILITY_VERSION,
-#endif
-	};
-	if (capset(&header, this->caps) != 0)
-	{
-		return FALSE;
-	}
-#endif /* CAPABILITIES_NATIVE */
-	return TRUE;
-}
-
 METHOD(daemon_t, start, void,
 	   private_daemon_t *this)
 {
@@ -269,8 +197,6 @@ private_daemon_t *daemon_create(const char *name)
 
 	INIT(this,
 		.public = {
-			.keep_cap = _keep_cap,
-			.drop_capabilities = _drop_capabilities,
 			.initialize = _initialize,
 			.start = _start,
 			.bus = bus_create(),
@@ -280,6 +206,7 @@ private_daemon_t *daemon_create(const char *name)
 		},
 	);
 	charon = &this->public;
+	this->public.caps = capabilities_create();
 	this->public.controller = controller_create();
 	this->public.eap = eap_manager_create();
 	this->public.xauth = xauth_manager_create();
@@ -289,16 +216,7 @@ private_daemon_t *daemon_create(const char *name)
 	this->public.shunts = shunt_manager_create();
 	this->kernel_handler = kernel_handler_create();
 
-#ifdef CAPABILITIES
-#ifdef CAPABILITIES_LIBCAP
-	this->caps = cap_init();
-#endif /* CAPABILITIES_LIBCAP */
-	keep_cap(this, CAP_NET_ADMIN);
-	if (lib->leak_detective)
-	{
-		keep_cap(this, CAP_SYS_NICE);
-	}
-#endif /* CAPABILITIES */
+	this->public.caps->keep(this->public.caps, CAP_NET_ADMIN);
 
 	return this;
 }

src/libcharon/daemon.h

@@ -165,6 +165,7 @@ typedef struct daemon_t daemon_t;
 #include <config/backend_manager.h>
 #include <sa/eap/eap_manager.h>
 #include <sa/xauth/xauth_manager.h>
+#include <utils/capabilities.h>
 
 #ifdef ME
 #include <sa/ikev2/connect_manager.h>
@@ -269,40 +270,15 @@ struct daemon_t {
 #endif /* ME */
 
 	/**
-	 * User ID the daemon will user after initialization
+	 * POSIX capability dropping
 	 */
-	uid_t uid;
-
-	/**
-	 * Group ID the daemon will use after initialization
-	 */
-	gid_t gid;
+	capabilities_t *caps;
 
 	/**
 	 * Name of the binary that uses the library (used for settings etc.)
 	 */
 	const char *name;
 
-	/**
-	 * Do not drop a given capability after initialization.
-	 *
-	 * Some plugins might need additional capabilites. They tell the daemon
-	 * during plugin initialization which one they need, the daemon won't
-	 * drop these.
-	 */
-	void (*keep_cap)(daemon_t *this, u_int cap);
-
-	/**
-	 * Drop all capabilities of the current process.
-	 *
-	 * Drops all capabalities, excect those exlcuded using keep_cap().
-	 * This should be called after the initialization of the daemon because
-	 * some plugins require the process to keep additional capabilities.
-	 *
-	 * @return			TRUE, if successful
-	 */
-	bool (*drop_capabilities)(daemon_t *this);
-
 	/**
 	 * Initialize the daemon.
 	 *

src/libcharon/plugins/duplicheck/duplicheck_notify.c

@@ -84,7 +84,8 @@ static bool open_socket(private_duplicheck_notify_t *this)
 		return FALSE;
 	}
 	umask(old);
-	if (chown(addr.sun_path, charon->uid, charon->gid) != 0)
+	if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
+			  charon->caps->get_gid(charon->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing duplicheck socket permissions failed: %s",
 			 strerror(errno));

src/libcharon/plugins/eap_gtc/eap_gtc_plugin.c

@@ -63,7 +63,7 @@ plugin_t *eap_gtc_plugin_create()
 	);
 
 	/* required for PAM authentication */
-	charon->keep_cap(charon, CAP_AUDIT_WRITE);
+	charon->caps->keep(charon->caps, CAP_AUDIT_WRITE);
 
 	charon->eap->add_method(charon->eap, EAP_GTC, 0, EAP_SERVER,
 							(eap_constructor_t)eap_gtc_create_server);

src/libcharon/plugins/ha/ha_ctl.c

@@ -129,7 +129,8 @@ ha_ctl_t *ha_ctl_create(ha_segments_t *segments, ha_cache_t *cache)
 		}
 		umask(old);
 	}
-	if (chown(HA_FIFO, charon->uid, charon->gid) != 0)
+	if (chown(HA_FIFO, charon->caps->get_uid(charon->caps),
+			  charon->caps->get_gid(charon->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing HA FIFO permissions failed: %s",
 			 strerror(errno));

src/libcharon/plugins/ha/ha_kernel.c

@@ -316,7 +316,8 @@ static void disable_all(private_ha_kernel_t *this)
 	{
 		while (enumerator->enumerate(enumerator, NULL, &file, NULL))
 		{
-			if (chown(file, charon->uid, charon->gid) != 0)
+			if (chown(file, charon->caps->get_uid(charon->caps),
+					  charon->caps->get_gid(charon->caps)) != 0)
 			{
 				DBG1(DBG_CFG, "changing ClusterIP permissions failed: %s",
 					 strerror(errno));

src/libcharon/plugins/smp/smp.c

@@ -757,7 +757,8 @@ plugin_t *smp_plugin_create()
 		return NULL;
 	}
 	umask(old);
-	if (chown(unix_addr.sun_path, charon->uid, charon->gid) != 0)
+	if (chown(unix_addr.sun_path, charon->caps->get_uid(charon->caps),
+			  charon->caps->get_gid(charon->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing XML socket permissions failed: %s", strerror(errno));
 	}

src/libcharon/plugins/stroke/stroke_socket.c

@@ -758,7 +758,8 @@ static bool open_socket(private_stroke_socket_t *this)
 		return FALSE;
 	}
 	umask(old);
-	if (chown(socket_addr.sun_path, charon->uid, charon->gid) != 0)
+	if (chown(socket_addr.sun_path, charon->caps->get_uid(charon->caps),
+			  charon->caps->get_gid(charon->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing stroke socket permissions failed: %s",
 			 strerror(errno));

src/libcharon/plugins/whitelist/whitelist_control.c

@@ -77,7 +77,8 @@ static bool open_socket(private_whitelist_control_t *this)
 		return FALSE;
 	}
 	umask(old);
-	if (chown(addr.sun_path, charon->uid, charon->gid) != 0)
+	if (chown(addr.sun_path, charon->caps->get_uid(charon->caps),
+			  charon->caps->get_gid(charon->caps)) != 0)
 	{
 		DBG1(DBG_CFG, "changing whitelist socket permissions failed: %s",
 			 strerror(errno));

src/libstrongswan/Makefile.am

@@ -77,6 +77,7 @@ utils/linked_list.c utils/linked_list.h \
 utils/hashtable.c utils/hashtable.h \
 utils/enumerator.c utils/enumerator.h \
 utils/optionsfrom.c utils/optionsfrom.h \
+utils/capabilities.c utils/capabilities.h \
 utils/backtrace.c utils/backtrace.h
 
 
@@ -111,6 +112,10 @@ if USE_VSTR
   libstrongswan_la_LIBADD += -lvstr
 endif
 
+if USE_LIBCAP
+  libstrongswan_la_LIBADD += -lcap
+endif
+
 EXTRA_DIST = \
 asn1/oid.txt asn1/oid.pl \
 crypto/proposal/proposal_keywords.txt \

src/libstrongswan/utils/capabilities.c

@@ -0,0 +1,246 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "capabilities.h"
+
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include <unistd.h>
+#ifdef HAVE_PRCTL
+# include <sys/prctl.h>
+#endif /* HAVE_PRCTL */
+
+#include <debug.h>
+
+typedef struct private_capabilities_t private_capabilities_t;
+
+/**
+ * Private data of an capabilities_t object.
+ */
+struct private_capabilities_t {
+
+	/**
+	 * Public capabilities_t interface.
+	 */
+	capabilities_t public;
+
+	/**
+	 * user ID to switch during rights dropping
+	 */
+	uid_t uid;
+
+	/**
+	 * group ID to switch during rights dropping
+	 */
+	gid_t gid;
+
+	/**
+	 * capabilities to keep
+	 */
+#ifdef CAPABILITIES_LIBCAP
+	cap_t caps;
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+	struct __user_cap_data_struct caps[2];
+#endif /* CAPABILITIES_NATIVE */
+};
+
+METHOD(capabilities_t, keep, void,
+	private_capabilities_t *this, u_int cap)
+{
+#ifdef CAPABILITIES_LIBCAP
+	cap_set_flag(this->caps, CAP_EFFECTIVE, 1, &cap, CAP_SET);
+	cap_set_flag(this->caps, CAP_INHERITABLE, 1, &cap, CAP_SET);
+	cap_set_flag(this->caps, CAP_PERMITTED, 1, &cap, CAP_SET);
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+	int i = 0;
+
+	if (cap >= 32)
+	{
+		i++;
+		cap -= 32;
+	}
+	this->caps[i].effective |= 1 << cap;
+	this->caps[i].permitted |= 1 << cap;
+	this->caps[i].inheritable |= 1 << cap;
+#endif /* CAPABILITIES_NATIVE */
+}
+
+METHOD(capabilities_t, get_uid, uid_t,
+	private_capabilities_t *this)
+{
+	return this->uid;
+}
+
+METHOD(capabilities_t, get_gid, gid_t,
+	private_capabilities_t *this)
+{
+	return this->gid;
+}
+
+METHOD(capabilities_t, set_uid, void,
+	private_capabilities_t *this, uid_t uid)
+{
+	this->uid = uid;
+}
+
+METHOD(capabilities_t, set_gid, void,
+	private_capabilities_t *this, gid_t gid)
+{
+	this->gid = gid;
+}
+
+METHOD(capabilities_t, resolve_uid, bool,
+	private_capabilities_t *this, char *username)
+{
+	const char *errstr = "user not found";
+	struct passwd passwd, *pwp;
+	char buf[1024];
+	int err;
+
+	err = getpwnam_r(username, &passwd, buf, sizeof(buf), &pwp);
+	if (pwp == NULL)
+	{
+		if (err)
+		{
+			errstr = strerror(err);
+		}
+		DBG1(DBG_LIB, "resolving user '%s' failed: %s", username, errstr);
+		return FALSE;
+	}
+	this->uid = pwp->pw_uid;
+	return TRUE;
+}
+
+METHOD(capabilities_t, resolve_gid, bool,
+	private_capabilities_t *this, char *groupname)
+{
+	const char *errstr = "group not found";
+	struct group group, *grp;
+	char buf[1024];
+	int err;
+
+	err = getgrnam_r(groupname, &group, buf, sizeof(buf), &grp);
+	if (grp == NULL)
+	{
+		if (err)
+		{
+			errstr = strerror(err);
+		}
+		DBG1(DBG_LIB, "resolving user '%s' failed: %s", groupname, errstr);
+		return FALSE;
+	}
+	this->gid = grp->gr_gid;
+	return TRUE;
+}
+
+METHOD(capabilities_t, drop, bool,
+	private_capabilities_t *this)
+{
+#ifdef HAVE_PRCTL
+	prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
+#endif
+
+	if (this->gid && setgid(this->gid) != 0)
+	{
+		DBG1(DBG_LIB, "change to unprivileged group %u failed: %s",
+			 this->gid, strerror(errno));
+		return FALSE;
+	}
+	if (this->uid && setuid(this->uid) != 0)
+	{
+		DBG1(DBG_LIB, "change to unprivileged user %u failed: %s",
+			 this->uid, strerror(errno));
+		return FALSE;
+	}
+
+#ifdef CAPABILITIES_LIBCAP
+	if (cap_set_proc(this->caps) != 0)
+	{
+		DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
+		return FALSE;
+	}
+#endif /* CAPABILITIES_LIBCAP */
+#ifdef CAPABILITIES_NATIVE
+	struct __user_cap_header_struct header = {
+#if defined(_LINUX_CAPABILITY_VERSION_3)
+		.version = _LINUX_CAPABILITY_VERSION_3,
+#elif defined(_LINUX_CAPABILITY_VERSION_2)
+		.version = _LINUX_CAPABILITY_VERSION_2,
+#elif defined(_LINUX_CAPABILITY_VERSION_1)
+		.version = _LINUX_CAPABILITY_VERSION_1,
+#else
+		.version = _LINUX_CAPABILITY_VERSION,
+#endif
+	};
+	if (capset(&header, this->caps) != 0)
+	{
+		DBG1(DBG_LIB, "dropping capabilities failed: %s", strerror(errno));
+		return FALSE;
+	}
+#endif /* CAPABILITIES_NATIVE */
+#ifdef CAPABILITIES
+	DBG1(DBG_LIB, "dropped capabilities, running as uid %u, gid %u",
+		 this->uid, this->gid);
+#endif /* CAPABILITIES */
+	return TRUE;
+}
+
+METHOD(capabilities_t, destroy, void,
+	private_capabilities_t *this)
+{
+#ifdef CAPABILITIES_LIBCAP
+	cap_free(this->caps);
+#endif /* CAPABILITIES_LIBCAP */
+	free(this);
+}
+
+/**
+ * See header
+ */
+capabilities_t *capabilities_create()
+{
+	private_capabilities_t *this;
+
+	INIT(this,
+		.public = {
+			.keep = _keep,
+			.get_uid = _get_uid,
+			.get_gid = _get_gid,
+			.set_uid = _set_uid,
+			.set_gid = _set_gid,
+			.resolve_uid = _resolve_uid,
+			.resolve_gid = _resolve_gid,
+			.drop = _drop,
+			.destroy = _destroy,
+		},
+	);
+
+#ifdef CAPABILITIES
+#ifdef CAPABILITIES_LIBCAP
+	this->caps = cap_init();
+#endif /* CAPABILITIES_LIBCAP */
+	if (lib->leak_detective)
+	{
+		keep(this, CAP_SYS_NICE);
+	}
+#endif /* CAPABILITIES */
+
+	return &this->public;
+}

src/libstrongswan/utils/capabilities.h

@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2012 Martin Willi
+ * Copyright (C) 2012 revosec AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup capabilities capabilities
+ * @{ @ingroup utils
+ */
+
+#ifndef CAPABILITIES_H_
+#define CAPABILITIES_H_
+
+#include <library.h>
+#ifdef HAVE_SYS_CAPABILITY_H
+# include <sys/capability.h>
+#else
+# include <linux/capability.h>
+#endif
+
+typedef struct capabilities_t capabilities_t;
+
+/**
+ * POSIX capability dropping abstraction layer.
+ */
+struct capabilities_t {
+
+	/**
+	 * Register a capability to keep while calling drop().
+	 *
+	 * @param cap		capability to keep
+	 */
+	void (*keep)(capabilities_t *this, u_int cap);
+
+	/**
+	 * Get the user ID set through set_uid/resolve_uid.
+	 *
+	 * @return			currently set user ID
+	 */
+	uid_t (*get_uid)(capabilities_t *this);
+
+	/**
+	 * Get the group ID set through set_gid/resolve_gid.
+	 *
+	 * @return			currently set group ID
+	 */
+	gid_t (*get_gid)(capabilities_t *this);
+
+	/**
+	 * Set the numerical user ID to use during rights dropping.
+	 *
+	 * @param uid		user ID to use
+	 */
+	void (*set_uid)(capabilities_t *this, uid_t uid);
+
+	/**
+	 * Set the numerical group ID to use during rights dropping.
+	 *
+	 * @param gid		group ID to use
+	 */
+	void (*set_gid)(capabilities_t *this, gid_t gid);
+
+	/**
+	 * Resolve a username and set the user ID accordingly.
+	 *
+	 * @param username	username get the uid for
+	 * @return			TRUE if username resolved and uid set
+	 */
+	bool (*resolve_uid)(capabilities_t *this, char *username);
+
+	/**
+	 * Resolve a groupname and set the group ID accordingly.
+	 *
+	 * @param groupname	groupname to get the gid for
+	 * @return			TRUE if groupname resolved and gid set
+	 */
+	bool (*resolve_gid)(capabilities_t *this, char *groupname);
+
+	/**
+	 * Drop all capabilities not previously passed to keep(), switch to UID/GID.
+	 *
+	 * @return			TRUE if capability drop successful
+	 */
+	bool (*drop)(capabilities_t *this);
+
+	/**
+	 * Destroy a capabilities_t.
+	 */
+	void (*destroy)(capabilities_t *this);
+};
+
+/**
+ * Create a capabilities instance.
+ */
+capabilities_t *capabilities_create();
+
+#endif /** CAPABILITIES_H_ @}*/