diff options
-rw-r--r-- | chat.c | 27 | ||||
-rw-r--r-- | log.c | 10 | ||||
-rw-r--r-- | ui.c | 7 |
3 files changed, 23 insertions, 21 deletions
diff --git a/chat.c b/chat.c index 821d510..3020be9 100644 --- a/chat.c +++ b/chat.c @@ -47,7 +47,7 @@ #include <unistd.h> #ifdef __FreeBSD__ -#include <sys/capsicum.h> +#include <capsicum_helpers.h> #endif #include "chat.h" @@ -319,21 +319,24 @@ int main(int argc, char *argv[]) { #endif #ifdef __FreeBSD__ - struct { cap_rights_t stdin, stdout, stderr, irc; } rights; - cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT); - cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL); - cap_rights_init(&rights.stderr, CAP_WRITE); - cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT); + cap_rights_t rights; + caph_stream_rights(&rights, CAPH_WRITE); int error = 0 - || cap_rights_limit(STDIN_FILENO, &rights.stdin) - || cap_rights_limit(STDOUT_FILENO, &rights.stdout) - || cap_rights_limit(STDERR_FILENO, &rights.stderr) - || cap_rights_limit(irc, &rights.irc); + || caph_limit_stdin() + || caph_rights_limit(STDOUT_FILENO, cap_rights_set(&rights, CAP_IOCTL)) + || caph_limit_stderr() + || caph_rights_limit( + irc, cap_rights_init(&rights, CAP_SEND, CAP_RECV, CAP_EVENT) + ); if (error) err(EX_OSERR, "cap_rights_limit"); if (self.restricted) { - int error = cap_enter(); - if (error) err(EX_OSERR, "cap_enter"); + // caph_cache_tzdata(3) doesn't load UTC info, which we need for + // certificate verification. gmtime(3) does. + caph_cache_tzdata(); + gmtime(&(time_t) { time(NULL) }); + error = caph_enter(); + if (error) err(EX_OSERR, "caph_enter"); } #endif diff --git a/log.c b/log.c index fab5a41..e31c5fe 100644 --- a/log.c +++ b/log.c @@ -39,7 +39,7 @@ #include <unistd.h> #ifdef __FreeBSD__ -#include <sys/capsicum.h> +#include <capsicum_helpers.h> #endif #include "chat.h" @@ -54,11 +54,9 @@ void logOpen(void) { #ifdef __FreeBSD__ cap_rights_t rights; - cap_rights_init( - &rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE, - /* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT - ); - int error = cap_rights_limit(logDir, &rights); + caph_stream_rights(&rights, CAPH_WRITE); + cap_rights_set(&rights, CAP_MKDIRAT, CAP_CREATE); + int error = caph_rights_limit(logDir, &rights); if (error) err(EX_OSERR, "cap_rights_limit"); #endif } diff --git a/ui.c b/ui.c index a3003df..abf477c 100644 --- a/ui.c +++ b/ui.c @@ -49,7 +49,7 @@ #include <wctype.h> #ifdef __FreeBSD__ -#include <sys/capsicum.h> +#include <capsicum_helpers.h> #endif #include "chat.h" @@ -1192,8 +1192,9 @@ void uiLoad(const char *name) { #ifdef __FreeBSD__ cap_rights_t rights; - cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE); - error = cap_rights_limit(fileno(saveFile), &rights); + caph_stream_rights(&rights, CAPH_READ | CAPH_WRITE); + cap_rights_set(&rights, CAP_FLOCK, CAP_FTRUNCATE); + error = caph_rights_limit(fileno(saveFile), &rights); if (error) err(EX_OSERR, "cap_rights_limit"); #endif |