capabilities: Make the user and group charon(-nm) changes to configurable
This commit is contained in:
parent
5e80e387bd
commit
68b7448eab
|
@ -174,6 +174,9 @@ used certificates.
|
|||
Maximum size (in bytes) of a sent fragment when using the proprietary IKEv1
|
||||
fragmentation extension.
|
||||
.TP
|
||||
.BR charon.group
|
||||
Name of the group the daemon changes to after startup
|
||||
.TP
|
||||
.BR charon.half_open_timeout " [30]"
|
||||
Timeout in seconds for connecting IKE_SAs (also see IKE_SA_INIT DROPPING).
|
||||
.TP
|
||||
|
@ -317,6 +320,9 @@ Section to define syslog loggers, see LOGGER CONFIGURATION
|
|||
.TP
|
||||
.BR charon.threads " [16]"
|
||||
Number of worker threads in charon
|
||||
.TP
|
||||
.BR charon.user
|
||||
Name of the user the daemon changes to after startup
|
||||
.SS charon.plugins subsection
|
||||
.TP
|
||||
.BR charon.plugins.android_log.loglevel " [1]"
|
||||
|
|
|
@ -28,6 +28,17 @@
|
|||
|
||||
#include <nm/nm_backend.h>
|
||||
|
||||
/**
|
||||
* Default user and group
|
||||
*/
|
||||
#ifndef IPSEC_USER
|
||||
#define IPSEC_USER NULL
|
||||
#endif
|
||||
|
||||
#ifndef IPSEC_GROUP
|
||||
#define IPSEC_GROUP NULL
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Hook in library for debugging messages
|
||||
*/
|
||||
|
@ -121,18 +132,20 @@ static void segv_handler(int signal)
|
|||
*/
|
||||
static bool lookup_uid_gid()
|
||||
{
|
||||
#ifdef IPSEC_USER
|
||||
if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
|
||||
char *name;
|
||||
|
||||
name = lib->settings->get_str(lib->settings, "charon-nm.user",
|
||||
IPSEC_USER);
|
||||
if (name && !lib->caps->resolve_uid(lib->caps, name))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
#ifdef IPSEC_GROUP
|
||||
if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
|
||||
name = lib->settings->get_str(lib->settings, "charon-nm.group",
|
||||
IPSEC_GROUP);
|
||||
if (name && !lib->caps->resolve_gid(lib->caps, name))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
|
@ -43,6 +43,17 @@
|
|||
*/
|
||||
#define PID_FILE IPSEC_PIDDIR "/charon.pid"
|
||||
|
||||
/**
|
||||
* Default user and group
|
||||
*/
|
||||
#ifndef IPSEC_USER
|
||||
#define IPSEC_USER NULL
|
||||
#endif
|
||||
|
||||
#ifndef IPSEC_GROUP
|
||||
#define IPSEC_GROUP NULL
|
||||
#endif
|
||||
|
||||
/**
|
||||
* Global reference to PID file (required to truncate, if undeletable)
|
||||
*/
|
||||
|
@ -148,18 +159,18 @@ static void run()
|
|||
*/
|
||||
static bool lookup_uid_gid()
|
||||
{
|
||||
#ifdef IPSEC_USER
|
||||
if (!lib->caps->resolve_uid(lib->caps, IPSEC_USER))
|
||||
char *name;
|
||||
|
||||
name = lib->settings->get_str(lib->settings, "charon.user", IPSEC_USER);
|
||||
if (name && !lib->caps->resolve_uid(lib->caps, name))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
#ifdef IPSEC_GROUP
|
||||
if (!lib->caps->resolve_gid(lib->caps, IPSEC_GROUP))
|
||||
name = lib->settings->get_str(lib->settings, "charon.group", IPSEC_GROUP);
|
||||
if (name && !lib->caps->resolve_gid(lib->caps, name))
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
#endif
|
||||
#ifdef ANDROID
|
||||
lib->caps->set_uid(lib->caps, AID_VPN);
|
||||
#endif
|
||||
|
|
Loading…
Reference in New Issue