From 9079e2b67a208189028e3030e88b25eb9700cfcd Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 9 Jan 2014 21:32:24 +0100 Subject: [PATCH] Added configuration option use-dbus to allow disabling D-BUS usage. --- doc/sample.config | 7 ++++++- src/config.c | 2 ++ src/main-ctl-handler.c | 10 +++++++++- src/ocserv-args.def | 7 ++++++- src/vpn.h | 1 + 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/doc/sample.config b/doc/sample.config index c5bc5cf2..916b3c2d 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -119,7 +119,12 @@ cookie-validity = 172800 # UTMP use-utmp = true -# PID file +# D-BUS usage. If disabled occtl tool cannot be used. If enabled +# then ocserv must have access to register org.infradead.ocserv +# D-BUS service. See doc/dbus/org.infradead.ocserv.conf +use-dbus = true + +# PID file. It can be overriden in the command line. pid-file = /var/run/ocserv.pid # The default server directory. Does not require any devices present. diff --git a/src/config.c b/src/config.c index 19c9ea23..e38197d2 100644 --- a/src/config.c +++ b/src/config.c @@ -74,6 +74,7 @@ static struct cfg_options available_options[] = { { .name = "banner", .type = OPTION_STRING, .mandatory = 0 }, { .name = "always-require-cert", .type = OPTION_BOOLEAN, .mandatory = 0 }, { .name = "use-utmp", .type = OPTION_BOOLEAN, .mandatory = 0 }, + { .name = "use-dbus", .type = OPTION_BOOLEAN, .mandatory = 1 }, { .name = "try-mtu-discovery", .type = OPTION_BOOLEAN, .mandatory = 0 }, { .name = "ping-leases", .type = OPTION_BOOLEAN, .mandatory = 0 }, { .name = "tls-priorities", .type = OPTION_STRING, .mandatory = 0 }, @@ -329,6 +330,7 @@ unsigned prefix = 0; READ_STRING("banner", config->banner); READ_TF("always-require-cert", config->force_cert_auth, 1); READ_TF("use-utmp", config->use_utmp, 1); + READ_TF("use-dbus", config->use_dbus, 0); READ_TF("try-mtu-discovery", config->try_mtu, 0); READ_TF("ping-leases", config->ping_leases, 0); diff --git a/src/main-ctl-handler.c b/src/main-ctl-handler.c index f601ab96..a48ee21b 100644 --- a/src/main-ctl-handler.c +++ b/src/main-ctl-handler.c @@ -220,7 +220,7 @@ static void toggle_watch(DBusWatch * watch, void *data) void ctl_handler_deinit(main_server_st * s) { - if (s->ctl_ctx != NULL) { + if (s->config->use_dbus != 0 && s->ctl_ctx != NULL) { mslog(s, NULL, LOG_DEBUG, "closing DBUS connection"); dbus_connection_close(s->ctl_ctx); dbus_bus_release_name(s->ctl_ctx, OCSERV_DBUS_NAME, NULL); @@ -236,6 +236,9 @@ int ctl_handler_init(main_server_st * s) DBusError err; DBusConnection *conn; + if (s->config->use_dbus == 0) + return 0; + dbus_error_init(&err); conn = dbus_bus_get_private(DBUS_BUS_SYSTEM, &err); @@ -1049,6 +1052,11 @@ void ctl_handle_commands(main_server_st * s, struct ctl_handler_st *ctl) int ret; unsigned flags, i; + if (s->config->use_dbus == 0) { + mslog(s, NULL, LOG_ERR, "%s called when D-BUS is disabled!", __func__); + return; + } + if (ctl->type == CTL_READ) flags = DBUS_WATCH_READABLE; else diff --git a/src/ocserv-args.def b/src/ocserv-args.def index 42549edf..eeb5710f 100644 --- a/src/ocserv-args.def +++ b/src/ocserv-args.def @@ -209,7 +209,12 @@ cookie-validity = 172800 # UTMP use-utmp = true -# PID file +# D-BUS usage. If disabled occtl tool cannot be used. If enabled +# then ocserv must have access to register org.infradead.ocserv +# D-BUS service. See doc/dbus/org.infradead.ocserv.conf +use-dbus = true + +# PID file. It can be overriden in the command line. pid-file = /var/run/ocserv.pid # The default server directory. Does not require any devices present. diff --git a/src/vpn.h b/src/vpn.h index 3758bd83..fe1895d9 100644 --- a/src/vpn.h +++ b/src/vpn.h @@ -180,6 +180,7 @@ struct cfg_st { unsigned max_clients; unsigned max_same_clients; unsigned use_utmp; + unsigned use_dbus; /* whether the D-BUS service is registered */ unsigned try_mtu; /* MTU discovery enabled */ unsigned force_cert_auth; /* always require client certificate */ unsigned rate_limit_ms; /* if non zero force a connection every rate_limit milliseconds */