FreeBSD: Use capsicum_helpers.h
parent
cb62d92f54
commit
cbc9545cb3
27
chat.c
27
chat.c
|
@ -47,7 +47,7 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
#include <sys/capsicum.h>
|
#include <capsicum_helpers.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "chat.h"
|
#include "chat.h"
|
||||||
|
@ -319,21 +319,24 @@ int main(int argc, char *argv[]) {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
struct { cap_rights_t stdin, stdout, stderr, irc; } rights;
|
cap_rights_t rights;
|
||||||
cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT);
|
caph_stream_rights(&rights, CAPH_WRITE);
|
||||||
cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL);
|
|
||||||
cap_rights_init(&rights.stderr, CAP_WRITE);
|
|
||||||
cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT);
|
|
||||||
int error = 0
|
int error = 0
|
||||||
|| cap_rights_limit(STDIN_FILENO, &rights.stdin)
|
|| caph_limit_stdin()
|
||||||
|| cap_rights_limit(STDOUT_FILENO, &rights.stdout)
|
|| caph_rights_limit(STDOUT_FILENO, cap_rights_set(&rights, CAP_IOCTL))
|
||||||
|| cap_rights_limit(STDERR_FILENO, &rights.stderr)
|
|| caph_limit_stderr()
|
||||||
|| cap_rights_limit(irc, &rights.irc);
|
|| caph_rights_limit(
|
||||||
|
irc, cap_rights_init(&rights, CAP_SEND, CAP_RECV, CAP_EVENT)
|
||||||
|
);
|
||||||
if (error) err(EX_OSERR, "cap_rights_limit");
|
if (error) err(EX_OSERR, "cap_rights_limit");
|
||||||
|
|
||||||
if (self.restricted) {
|
if (self.restricted) {
|
||||||
int error = cap_enter();
|
// caph_cache_tzdata(3) doesn't load UTC info, which we need for
|
||||||
if (error) err(EX_OSERR, "cap_enter");
|
// certificate verification. gmtime(3) does.
|
||||||
|
caph_cache_tzdata();
|
||||||
|
gmtime(&(time_t) { time(NULL) });
|
||||||
|
error = caph_enter();
|
||||||
|
if (error) err(EX_OSERR, "caph_enter");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
10
log.c
10
log.c
|
@ -39,7 +39,7 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
#include <sys/capsicum.h>
|
#include <capsicum_helpers.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "chat.h"
|
#include "chat.h"
|
||||||
|
@ -54,11 +54,9 @@ void logOpen(void) {
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
cap_rights_t rights;
|
cap_rights_t rights;
|
||||||
cap_rights_init(
|
caph_stream_rights(&rights, CAPH_WRITE);
|
||||||
&rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE,
|
cap_rights_set(&rights, CAP_MKDIRAT, CAP_CREATE);
|
||||||
/* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT
|
int error = caph_rights_limit(logDir, &rights);
|
||||||
);
|
|
||||||
int error = cap_rights_limit(logDir, &rights);
|
|
||||||
if (error) err(EX_OSERR, "cap_rights_limit");
|
if (error) err(EX_OSERR, "cap_rights_limit");
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
7
ui.c
7
ui.c
|
@ -49,7 +49,7 @@
|
||||||
#include <wctype.h>
|
#include <wctype.h>
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
#include <sys/capsicum.h>
|
#include <capsicum_helpers.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include "chat.h"
|
#include "chat.h"
|
||||||
|
@ -1192,8 +1192,9 @@ void uiLoad(const char *name) {
|
||||||
|
|
||||||
#ifdef __FreeBSD__
|
#ifdef __FreeBSD__
|
||||||
cap_rights_t rights;
|
cap_rights_t rights;
|
||||||
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE);
|
caph_stream_rights(&rights, CAPH_READ | CAPH_WRITE);
|
||||||
error = cap_rights_limit(fileno(saveFile), &rights);
|
cap_rights_set(&rights, CAP_FLOCK, CAP_FTRUNCATE);
|
||||||
|
error = caph_rights_limit(fileno(saveFile), &rights);
|
||||||
if (error) err(EX_OSERR, "cap_rights_limit");
|
if (error) err(EX_OSERR, "cap_rights_limit");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue