From owner-svn-src-all@freebsd.org  Fri Oct  7 17:56:59 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E20EC0496E;
 Fri,  7 Oct 2016 17:56:59 +0000 (UTC)
 (envelope-from oshogbo@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EC330774;
 Fri,  7 Oct 2016 17:56:58 +0000 (UTC)
 (envelope-from oshogbo@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u97HuwBp043515;
 Fri, 7 Oct 2016 17:56:58 GMT (envelope-from oshogbo@FreeBSD.org)
Received: (from oshogbo@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u97HuvML043509;
 Fri, 7 Oct 2016 17:56:57 GMT (envelope-from oshogbo@FreeBSD.org)
Message-Id: <201610071756.u97HuvML043509@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: oshogbo set sender to
 oshogbo@FreeBSD.org using -f
From: Mariusz Zaborski <oshogbo@FreeBSD.org>
Date: Fri, 7 Oct 2016 17:56:57 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r306813 - in head/usr.bin: cmp col elfdump kdump tee tr
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 17:56:59 -0000

Author: oshogbo
Date: Fri Oct  7 17:56:57 2016
New Revision: 306813
URL: https://svnweb.freebsd.org/changeset/base/306813

Log:
  Remove the duplicated code using Capsicum helpers.
  
  Reviewed by:	cem, ed, bapt, emaste
  Differential Revision	https://reviews.freebsd.org/D8140

Modified:
  head/usr.bin/cmp/cmp.c
  head/usr.bin/col/col.c
  head/usr.bin/elfdump/elfdump.c
  head/usr.bin/kdump/kdump.c
  head/usr.bin/tee/tee.c
  head/usr.bin/tr/tr.c

Modified: head/usr.bin/cmp/cmp.c
==============================================================================
--- head/usr.bin/cmp/cmp.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/cmp/cmp.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/capsicum.h>
 #include <sys/stat.h>
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -53,7 +54,6 @@ __FBSDID("$FreeBSD$");
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <termios.h>
 #include <unistd.h>
 
 #include "extern.h"
@@ -70,7 +70,6 @@ main(int argc, char *argv[])
 	int ch, fd1, fd2, oflag, special;
 	const char *file1, *file2;
 	cap_rights_t rights;
-	unsigned long cmd;
 	uint32_t fcntls;
 
 	oflag = O_RDONLY;
@@ -165,20 +164,10 @@ main(int argc, char *argv[])
 	if (cap_fcntls_limit(fd2, fcntls) < 0 && errno != ENOSYS)
 		err(ERR_EXIT, "unable to limit fcntls for %s", file2);
 
-	cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(ERR_EXIT, "unable to limit rights for stdout");
-
-	/* Required for printf(3) via isatty(3). */
-	cmd = TIOCGETA;
-	if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(ERR_EXIT, "unable to limit ioctls for stdout");
-
-	/*
-	 * Cache NLS data, for strerror, for err(3), before entering capability
-	 * mode.
-	 */
-	(void)catopen("libc", NL_CAT_LOCALE);
+	if (caph_limit_stdout() == -1 || caph_limit_stderr() == -1)
+		err(ERR_EXIT, "unable to limit stdio");
+
+	caph_cache_catpages();
 
 	if (cap_enter() < 0 && errno != ENOSYS)
 		err(ERR_EXIT, "unable to enter capability mode");

Modified: head/usr.bin/col/col.c
==============================================================================
--- head/usr.bin/col/col.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/col/col.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -47,6 +47,7 @@ __FBSDID("$FreeBSD$");
 
 #include <sys/capsicum.h>
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <locale.h>
@@ -135,20 +136,11 @@ main(int argc, char **argv)
 	int nflushd_lines;		/* number of lines that were flushed */
 	int adjust, opt, warned, width;
 	const char *errstr;
-	cap_rights_t rights;
-	unsigned long cmd;
 
 	(void)setlocale(LC_CTYPE, "");
 
-	cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for stdin");
-	cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE, CAP_IOCTL);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for stdout");
-	cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
-	if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(1, "unable to limit ioctls for stdout");
+	if (caph_limit_stdio() == -1)
+		err(1, "unable to limit stdio");
 
 	if (cap_enter() < 0 && errno != ENOSYS)
 		err(1, "unable to enter capability mode");

Modified: head/usr.bin/elfdump/elfdump.c
==============================================================================
--- head/usr.bin/elfdump/elfdump.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/elfdump/elfdump.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -36,6 +36,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/endian.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -44,7 +45,6 @@ __FBSDID("$FreeBSD$");
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <termios.h>
 #include <unistd.h>
 
 #define	ED_DYN		(1<<0)
@@ -505,7 +505,6 @@ main(int ac, char **av)
 	u_int64_t name;
 	u_int64_t type;
 	struct stat sb;
-	unsigned long cmd;
 	u_int flags;
 	Elf32_Ehdr *e;
 	void *p;
@@ -573,14 +572,11 @@ main(int ac, char **av)
 	cap_rights_init(&rights, CAP_MMAP_R);
 	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
 		err(1, "unable to limit rights for %s", *av);
-	cap_rights_limit(STDIN_FILENO, cap_rights_init(&rights));
-	cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
-	cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
-	if ((cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) ||
-	    (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS) ||
-	    (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) ||
-	    (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS))
-		err(1, "unable to limit rights for stdout/stderr");
+	cap_rights_init(&rights);
+	if ((cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) ||
+	    caph_limit_stdout() < 0 || caph_limit_stderr() < 0) {
+                err(1, "unable to limit rights for stdio");
+	}
 	if (cap_enter() < 0 && errno != ENOSYS)
 		err(1, "unable to enter capability mode");
 	e = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);

Modified: head/usr.bin/kdump/kdump.c
==============================================================================
--- head/usr.bin/kdump/kdump.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/kdump/kdump.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$");
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <ctype.h>
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <grp.h>
 #include <inttypes.h>
@@ -74,7 +75,6 @@ __FBSDID("$FreeBSD$");
 #include <stdlib.h>
 #include <string.h>
 #include <sysdecode.h>
-#include <termios.h>
 #include <time.h>
 #include <unistd.h>
 #include <vis.h>
@@ -110,7 +110,6 @@ void ktrstruct(char *, size_t);
 void ktrcapfail(struct ktr_cap_fail *);
 void ktrfault(struct ktr_fault *);
 void ktrfaultend(struct ktr_faultend *);
-void limitfd(int fd);
 void usage(void);
 
 #define	TIMESTAMP_NONE		0x0
@@ -337,9 +336,8 @@ main(int argc, char *argv[])
 			err(1, "unable to enter capability mode");
 	}
 #endif
-	limitfd(STDIN_FILENO);
-	limitfd(STDOUT_FILENO);
-	limitfd(STDERR_FILENO);
+	if (caph_limit_stdio() == -1)
+		err(1, "unable to limit stdio");
 
 	TAILQ_INIT(&trace_procs);
 	drop_logged = 0;
@@ -432,40 +430,6 @@ main(int argc, char *argv[])
 	return 0;
 }
 
-void
-limitfd(int fd)
-{
-	cap_rights_t rights;
-	unsigned long cmd;
-
-	cap_rights_init(&rights, CAP_FSTAT);
-	cmd = 0;
-
-	switch (fd) {
-	case STDIN_FILENO:
-		cap_rights_set(&rights, CAP_READ);
-		break;
-	case STDOUT_FILENO:
-		cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
-		cmd = TIOCGETA;	/* required by isatty(3) in printf(3) */
-		break;
-	case STDERR_FILENO:
-		cap_rights_set(&rights, CAP_WRITE);
-		if (!suppressdata) {
-			cap_rights_set(&rights, CAP_IOCTL);
-			cmd = TIOCGWINSZ;
-		}
-		break;
-	default:
-		abort();
-	}
-
-	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for descriptor %d", fd);
-	if (cmd != 0 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
-		err(1, "unable to limit ioctls for descriptor %d", fd);
-}
-
 int
 fread_tail(void *buf, int size, int num)
 {

Modified: head/usr.bin/tee/tee.c
==============================================================================
--- head/usr.bin/tee/tee.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/tee/tee.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -45,6 +45,7 @@ static const char rcsid[] =
 #include <sys/stat.h>
 #include <sys/types.h>
 
+#include <capsicum_helpers.h>
 #include <err.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -52,7 +53,6 @@ static const char rcsid[] =
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <termios.h>
 #include <unistd.h>
 
 typedef struct _list {
@@ -73,8 +73,6 @@ main(int argc, char *argv[])
 	char *bp;
 	int append, ch, exitval;
 	char *buf;
-	cap_rights_t rights;
-	unsigned long cmd;
 #define	BSIZE (8 * 1024)
 
 	append = 0;
@@ -96,15 +94,8 @@ main(int argc, char *argv[])
 	if ((buf = malloc(BSIZE)) == NULL)
 		err(1, "malloc");
 
-	cap_rights_init(&rights, CAP_READ, CAP_FSTAT);
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights for stdin");
-	cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
-	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights for stderr");
-	cmd = TIOCGETA;
-	if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit ioctls for stderr");
+	if (caph_limit_stdin() == -1 || caph_limit_stderr() == -1)
+		err(EXIT_FAILURE, "unable to limit stdio");
 
 	add(STDOUT_FILENO, "stdout");
 
@@ -148,19 +139,14 @@ add(int fd, const char *name)
 {
 	LIST *p;
 	cap_rights_t rights;
-	unsigned long cmd;
-
-	if (fd == STDOUT_FILENO)
-		cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT, CAP_IOCTL);
-	else
-		cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
-	if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
-		err(EXIT_FAILURE, "unable to limit rights");
 
 	if (fd == STDOUT_FILENO) {
-		cmd = TIOCGETA;
-		if (cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
-			err(EXIT_FAILURE, "unable to limit ioctls for stdout");
+		if (caph_limit_stdout() == -1)
+			err(EXIT_FAILURE, "unable to limit stdout");
+	} else {
+		cap_rights_init(&rights, CAP_WRITE, CAP_FSTAT);
+		if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
+			err(EXIT_FAILURE, "unable to limit rights");
 	}
 
 	if ((p = malloc(sizeof(LIST))) == NULL)

Modified: head/usr.bin/tr/tr.c
==============================================================================
--- head/usr.bin/tr/tr.c	Fri Oct  7 16:17:51 2016	(r306812)
+++ head/usr.bin/tr/tr.c	Fri Oct  7 17:56:57 2016	(r306813)
@@ -44,16 +44,15 @@ static const char sccsid[] = "@(#)tr.c	8
 #include <sys/types.h>
 #include <sys/capsicum.h>
 
+#include <capsicum_helpers.h>
 #include <ctype.h>
 #include <err.h>
-#include <errno.h>
 #include <limits.h>
 #include <locale.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <termios.h>
 #include <unistd.h>
 #include <wchar.h>
 #include <wctype.h>
@@ -72,8 +71,6 @@ int
 main(int argc, char **argv)
 {
 	static int carray[NCHARS_SB];
-	cap_rights_t rights;
-	unsigned long cmd;
 	struct cmap *map;
 	struct cset *delete, *squeeze;
 	int n, *p;
@@ -82,23 +79,8 @@ main(int argc, char **argv)
 
 	(void)setlocale(LC_ALL, "");
 
-	cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_READ);
-	if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for stdin");
-	cap_rights_init(&rights, CAP_FSTAT, CAP_IOCTL, CAP_WRITE);
-	if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for stdout");
-	if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS)
-		err(1, "unable to limit rights for stderr");
-
-	/* Required for isatty(3). */
-	cmd = TIOCGETA;
-	if (cap_ioctls_limit(STDIN_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(1, "unable to limit ioctls for stdin");
-	if (cap_ioctls_limit(STDOUT_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(1, "unable to limit ioctls for stdout");
-	if (cap_ioctls_limit(STDERR_FILENO, &cmd, 1) < 0 && errno != ENOSYS)
-		err(1, "unable to limit ioctls for stderr");
+	if (caph_limit_stdio() == -1)
+		err(1, "unable to limit stdio");
 
 	if (cap_enter() < 0 && errno != ENOSYS)
 		err(1, "unable to enter capability mode");