about summary refs log tree commit diff
path: root/bounce.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-10-05 22:02:19 -0400
committerJune McEnroe <june@causal.agency>2021-10-05 22:02:19 -0400
commit4910f996d39788b9cacd34f2ae560cf74eee85de (patch)
tree035243221737f2f179d090e486055de2c40afc70 /bounce.c
parentRemove certbot default paths (diff)
downloadpounce-4910f996d39788b9cacd34f2ae560cf74eee85de.tar.gz
pounce-4910f996d39788b9cacd34f2ae560cf74eee85de.zip
FreeBSD: Remove capsicum support
capsicum is too impractical and removing it will allow much more
straightforward code.
Diffstat (limited to '')
-rw-r--r--bounce.c37
1 files changed, 0 insertions, 37 deletions
diff --git a/bounce.c b/bounce.c
index 2e52428..beab2bc 100644
--- a/bounce.c
+++ b/bounce.c
@@ -47,10 +47,6 @@
 #include <tls.h>
 #include <unistd.h>
 
-#ifdef __FreeBSD__
-#include <sys/capsicum.h>
-#endif
-
 #ifndef SIGINFO
 #define SIGINFO SIGUSR2
 #endif
@@ -121,13 +117,6 @@ static void saveLoad(const char *path) {
 	atexit(saveSave);
 }
 
-#ifdef __FreeBSD__
-static void capLimit(int fd, const cap_rights_t *rights) {
-	int error = cap_rights_limit(fd, rights);
-	if (error) err(EX_OSERR, "cap_rights_limit");
-}
-#endif
-
 #ifdef __OpenBSD__
 static void unveilParent(const char *path, const char *mode) {
 	char buf[PATH_MAX];
@@ -419,32 +408,6 @@ int main(int argc, char *argv[]) {
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
-#ifdef __FreeBSD__
-	error = cap_enter();
-	if (error) err(EX_OSERR, "cap_enter");
-
-	cap_rights_t saveRights, fileRights, sockRights, bindRights;
-	cap_rights_init(&saveRights, CAP_WRITE);
-	cap_rights_init(&fileRights, CAP_FCNTL, CAP_FSTAT, CAP_LOOKUP, CAP_PREAD);
-	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND, CAP_SETSOCKOPT);
-	cap_rights_init(&bindRights, CAP_LISTEN, CAP_ACCEPT);
-	cap_rights_merge(&bindRights, &sockRights);
-
-	if (saveFile) capLimit(fileno(saveFile), &saveRights);
-	capLimit(cert.parent, &fileRights);
-	capLimit(cert.target, &fileRights);
-	capLimit(priv.parent, &fileRights);
-	capLimit(priv.target, &fileRights);
-	if (caPath) {
-		capLimit(localCA.parent, &fileRights);
-		capLimit(localCA.target, &fileRights);
-	}
-	for (size_t i = 0; i < binds; ++i) {
-		capLimit(bind[i], &bindRights);
-	}
-	capLimit(server, &sockRights);
-#endif
-
 	stateLogin(pass, blindReq, plain, nick, user, real);
 	if (pass) explicit_bzero(pass, strlen(pass));
 	if (plain) explicit_bzero(plain, strlen(plain));