diff options
author | June McEnroe <june@causal.agency> | 2021-10-05 22:02:19 -0400 |
---|---|---|
committer | June McEnroe <june@causal.agency> | 2021-10-05 22:02:19 -0400 |
commit | 4910f996d39788b9cacd34f2ae560cf74eee85de (patch) | |
tree | 035243221737f2f179d090e486055de2c40afc70 /bounce.c | |
parent | Remove certbot default paths (diff) | |
download | pounce-4910f996d39788b9cacd34f2ae560cf74eee85de.tar.gz pounce-4910f996d39788b9cacd34f2ae560cf74eee85de.zip |
FreeBSD: Remove capsicum support
capsicum is too impractical and removing it will allow much more straightforward code.
Diffstat (limited to '')
-rw-r--r-- | bounce.c | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/bounce.c b/bounce.c index 2e52428..beab2bc 100644 --- a/bounce.c +++ b/bounce.c @@ -47,10 +47,6 @@ #include <tls.h> #include <unistd.h> -#ifdef __FreeBSD__ -#include <sys/capsicum.h> -#endif - #ifndef SIGINFO #define SIGINFO SIGUSR2 #endif @@ -121,13 +117,6 @@ static void saveLoad(const char *path) { atexit(saveSave); } -#ifdef __FreeBSD__ -static void capLimit(int fd, const cap_rights_t *rights) { - int error = cap_rights_limit(fd, rights); - if (error) err(EX_OSERR, "cap_rights_limit"); -} -#endif - #ifdef __OpenBSD__ static void unveilParent(const char *path, const char *mode) { char buf[PATH_MAX]; @@ -419,32 +408,6 @@ int main(int argc, char *argv[]) { if (error) err(EX_OSERR, "pledge"); #endif -#ifdef __FreeBSD__ - error = cap_enter(); - if (error) err(EX_OSERR, "cap_enter"); - - cap_rights_t saveRights, fileRights, sockRights, bindRights; - cap_rights_init(&saveRights, CAP_WRITE); - cap_rights_init(&fileRights, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP, CAP_PREAD); - cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND, CAP_SETSOCKOPT); - cap_rights_init(&bindRights, CAP_LISTEN, CAP_ACCEPT); - cap_rights_merge(&bindRights, &sockRights); - - if (saveFile) capLimit(fileno(saveFile), &saveRights); - capLimit(cert.parent, &fileRights); - capLimit(cert.target, &fileRights); - capLimit(priv.parent, &fileRights); - capLimit(priv.target, &fileRights); - if (caPath) { - capLimit(localCA.parent, &fileRights); - capLimit(localCA.target, &fileRights); - } - for (size_t i = 0; i < binds; ++i) { - capLimit(bind[i], &bindRights); - } - capLimit(server, &sockRights); -#endif - stateLogin(pass, blindReq, plain, nick, user, real); if (pass) explicit_bzero(pass, strlen(pass)); if (plain) explicit_bzero(plain, strlen(plain)); |