summary refs log tree commit diff
path: root/dispatch.c
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2021-10-05 22:02:19 -0400
committerJune McEnroe <june@causal.agency>2021-10-05 22:02:19 -0400
commit4910f996d39788b9cacd34f2ae560cf74eee85de (patch)
tree035243221737f2f179d090e486055de2c40afc70 /dispatch.c
parentRemove certbot default paths (diff)
downloadpounce-4910f996d39788b9cacd34f2ae560cf74eee85de.tar.gz
pounce-4910f996d39788b9cacd34f2ae560cf74eee85de.zip
FreeBSD: Remove capsicum support
capsicum is too impractical and removing it will allow much more
straightforward code.
Diffstat (limited to '')
-rw-r--r--dispatch.c38
1 files changed, 1 insertions, 37 deletions
diff --git a/dispatch.c b/dispatch.c
index 2b85857..512bca2 100644
--- a/dispatch.c
+++ b/dispatch.c
@@ -41,10 +41,6 @@
 #include <sysexits.h>
 #include <unistd.h>
 
-#ifdef __FreeBSD__
-#include <sys/capsicum.h>
-#endif
-
 static struct {
 	uint8_t buf[4096];
 	uint8_t *ptr;
@@ -169,10 +165,7 @@ int main(int argc, char *argv[]) {
 	if (error) err(EX_OSERR, "pledge");
 #endif
 
-	int dir = open(path, O_DIRECTORY);
-	if (dir < 0) err(EX_NOINPUT, "%s", path);
-
-	error = fchdir(dir);
+	error = chdir(path);
 	if (error) err(EX_NOINPUT, "%s", path);
 
 	enum { Cap = 1024 };
@@ -212,25 +205,6 @@ int main(int argc, char *argv[]) {
 	if (!binds) errx(EX_UNAVAILABLE, "could not bind any sockets");
 	freeaddrinfo(head);
 
-#ifdef __FreeBSD__
-	error = cap_enter();
-	if (error) err(EX_OSERR, "cap_enter");
-
-	cap_rights_t dirRights, sockRights, unixRights, bindRights;
-	cap_rights_init(&dirRights, CAP_CONNECTAT);
-	cap_rights_init(&sockRights, CAP_EVENT, CAP_RECV, CAP_SEND, CAP_SETSOCKOPT);
-	cap_rights_init(&unixRights, CAP_CONNECT, CAP_SEND);
-	cap_rights_init(&bindRights, CAP_LISTEN, CAP_ACCEPT);
-	cap_rights_merge(&bindRights, &sockRights);
-
-	error = cap_rights_limit(dir, &dirRights);
-	if (error) err(EX_OSERR, "cap_rights_limit");
-	for (size_t i = 0; i < binds; ++i) {
-		error = cap_rights_limit(fds[i].fd, &bindRights);
-		if (error) err(EX_OSERR, "cap_rights_limit");
-	}
-#endif
-
 	for (size_t i = 0; i < binds; ++i) {
 		error = listen(fds[i].fd, -1);
 		if (error) err(EX_IOERR, "listen");
@@ -290,17 +264,7 @@ int main(int argc, char *argv[]) {
 			int sock = socket(PF_UNIX, SOCK_STREAM, 0);
 			if (sock < 0) err(EX_OSERR, "socket");
 
-#ifdef __FreeBSD__
-			error = cap_rights_limit(sock, &unixRights);
-			if (error) err(EX_OSERR, "cap_rights_limit");
-
-			error = connectat(
-				dir, sock, (struct sockaddr *)&addr, SUN_LEN(&addr)
-			);
-#else
 			error = connect(sock, (struct sockaddr *)&addr, SUN_LEN(&addr));
-#endif
-
 			if (error) {
 				warn("%s", name);
 				alert(fds[i].fd);