From 45e96e6ea94284341f574828a01621501cce8631 Mon Sep 17 00:00:00 2001 From: Michael Santos Date: Sat, 21 Dec 2019 08:44:53 -0500 Subject: [PATCH] s/XMPPIPE_RESTRICT/RESTRICT/gi --- Makefile | 18 +++++++++--------- ..._capsicum.c => restrict_process_capsicum.c} | 6 +++--- ..._process_null.c => restrict_process_null.c} | 6 +++--- ...cess_pledge.c => restrict_process_pledge.c} | 6 +++--- ...cess_rlimit.c => restrict_process_rlimit.c} | 10 +++++----- ...ss_seccomp.c => restrict_process_seccomp.c} | 6 +++--- src/xmppipe.c | 8 ++++---- src/xmppipe.h | 4 ++-- 8 files changed, 32 insertions(+), 32 deletions(-) rename src/{xmppipe_restrict_process_capsicum.c => restrict_process_capsicum.c} (91%) rename src/{xmppipe_restrict_process_null.c => restrict_process_null.c} (82%) rename src/{xmppipe_restrict_process_pledge.c => restrict_process_pledge.c} (85%) rename src/{xmppipe_restrict_process_rlimit.c => restrict_process_rlimit.c} (81%) rename src/{xmppipe_restrict_process_seccomp.c => restrict_process_seccomp.c} (98%) diff --git a/Makefile b/Makefile index b8a9229..67f9ed3 100644 --- a/Makefile +++ b/Makefile @@ -12,8 +12,8 @@ ifeq ($(UNAME_SYS), Linux) -Wstrict-prototypes -Wmissing-prototypes \ -pie -fPIE \ -fno-strict-aliasing - XMPPIPE_RESTRICT_PROCESS ?= seccomp - XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= 0 + RESTRICT_PROCESS ?= seccomp + RESTRICT_PROCESS_RLIMIT_NOFILE ?= 0 LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack else ifeq ($(UNAME_SYS), FreeBSD) CFLAGS ?= -DHAVE_STRTONUM \ @@ -21,7 +21,7 @@ else ifeq ($(UNAME_SYS), FreeBSD) -Wformat -Werror=format-security \ -pie -fPIE \ -fno-strict-aliasing - XMPPIPE_RESTRICT_PROCESS ?= capsicum + RESTRICT_PROCESS ?= capsicum LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack else ifeq ($(UNAME_SYS), OpenBSD) CFLAGS ?= -DHAVE_STRTONUM \ @@ -29,7 +29,7 @@ else ifeq ($(UNAME_SYS), OpenBSD) -Wformat -Werror=format-security \ -pie -fPIE \ -fno-strict-aliasing - XMPPIPE_RESTRICT_PROCESS ?= pledge + RESTRICT_PROCESS ?= pledge LDFLAGS ?= -Wl,-z,relro,-z,now -Wl,-z,noexecstack else ifeq ($(UNAME_SYS), SunOS) else ifeq ($(UNAME_SYS), Darwin) @@ -39,15 +39,15 @@ else ifeq ($(UNAME_SYS), Darwin) -fno-strict-aliasing endif -XMPPIPE_RESTRICT_PROCESS ?= rlimit -XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE ?= -1 +RESTRICT_PROCESS ?= rlimit +RESTRICT_PROCESS_RLIMIT_NOFILE ?= -1 XMPPIPE_CFLAGS ?= -g -Wall CFLAGS += $(XMPPIPE_CFLAGS) \ -fwrapv \ - -DXMPPIPE_RESTRICT_PROCESS=\"$(XMPPIPE_RESTRICT_PROCESS)\" \ - -DXMPPIPE_RESTRICT_PROCESS_$(XMPPIPE_RESTRICT_PROCESS) \ - -DXMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE=$(XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE) + -DRESTRICT_PROCESS=\"$(RESTRICT_PROCESS)\" \ + -DRESTRICT_PROCESS_$(RESTRICT_PROCESS) \ + -DRESTRICT_PROCESS_RLIMIT_NOFILE=$(RESTRICT_PROCESS_RLIMIT_NOFILE) LDFLAGS += $(XMPPIPE_LDFLAGS) diff --git a/src/xmppipe_restrict_process_capsicum.c b/src/restrict_process_capsicum.c similarity index 91% rename from src/xmppipe_restrict_process_capsicum.c rename to src/restrict_process_capsicum.c index 1ff8025..44bf76d 100644 --- a/src/xmppipe_restrict_process_capsicum.c +++ b/src/restrict_process_capsicum.c @@ -12,7 +12,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef XMPPIPE_RESTRICT_PROCESS_capsicum +#ifdef RESTRICT_PROCESS_capsicum #include #include #include @@ -23,13 +23,13 @@ #include "xmppipe.h" -int xmppipe_restrict_process_init(xmppipe_state_t *state) { +int restrict_process_init(xmppipe_state_t *state) { struct rlimit rl = {0}; return setrlimit(RLIMIT_NPROC, &rl); } -int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { +int restrict_process_stdin(xmppipe_state_t *state) { struct rlimit rl = {0}; cap_rights_t policy_read; cap_rights_t policy_write; diff --git a/src/xmppipe_restrict_process_null.c b/src/restrict_process_null.c similarity index 82% rename from src/xmppipe_restrict_process_null.c rename to src/restrict_process_null.c index e1bb315..a676b59 100644 --- a/src/xmppipe_restrict_process_null.c +++ b/src/restrict_process_null.c @@ -12,10 +12,10 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef XMPPIPE_RESTRICT_PROCESS_null +#ifdef RESTRICT_PROCESS_null #include "xmppipe.h" -int xmppipe_restrict_process_init(xmppipe_state_t *state) { return 0; } +int restrict_process_init(xmppipe_state_t *state) { return 0; } -int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { return 0; } +int restrict_process_stdin(xmppipe_state_t *state) { return 0; } #endif diff --git a/src/xmppipe_restrict_process_pledge.c b/src/restrict_process_pledge.c similarity index 85% rename from src/xmppipe_restrict_process_pledge.c rename to src/restrict_process_pledge.c index 16ee5cb..6dd4062 100644 --- a/src/xmppipe_restrict_process_pledge.c +++ b/src/restrict_process_pledge.c @@ -12,15 +12,15 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef XMPPIPE_RESTRICT_PROCESS_pledge +#ifdef RESTRICT_PROCESS_pledge #include "xmppipe.h" #include -int xmppipe_restrict_process_init(xmppipe_state_t *state) { +int restrict_process_init(xmppipe_state_t *state) { return pledge("stdio inet dns rpath", NULL); } -int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { +int restrict_process_stdin(xmppipe_state_t *state) { return pledge("stdio", NULL); } #endif diff --git a/src/xmppipe_restrict_process_rlimit.c b/src/restrict_process_rlimit.c similarity index 81% rename from src/xmppipe_restrict_process_rlimit.c rename to src/restrict_process_rlimit.c index b2ab094..9dc33f7 100644 --- a/src/xmppipe_restrict_process_rlimit.c +++ b/src/restrict_process_rlimit.c @@ -12,23 +12,23 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef XMPPIPE_RESTRICT_PROCESS_rlimit +#ifdef RESTRICT_PROCESS_rlimit #include #include #include "xmppipe.h" -int xmppipe_restrict_process_init(xmppipe_state_t *state) { +int restrict_process_init(xmppipe_state_t *state) { struct rlimit rl_zero = {0}; return setrlimit(RLIMIT_NPROC, &rl_zero); } -int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { +int restrict_process_stdin(xmppipe_state_t *state) { struct rlimit rl = {0}; - rl.rlim_cur = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE; - rl.rlim_max = XMPPIPE_RESTRICT_PROCESS_RLIMIT_NOFILE; + rl.rlim_cur = RESTRICT_PROCESS_RLIMIT_NOFILE; + rl.rlim_max = RESTRICT_PROCESS_RLIMIT_NOFILE; if (rl.rlim_cur == (rlim_t)-1) { int fd = xmppipe_conn_fd(state); diff --git a/src/xmppipe_restrict_process_seccomp.c b/src/restrict_process_seccomp.c similarity index 98% rename from src/xmppipe_restrict_process_seccomp.c rename to src/restrict_process_seccomp.c index 98895ea..6f871a3 100644 --- a/src/xmppipe_restrict_process_seccomp.c +++ b/src/restrict_process_seccomp.c @@ -12,7 +12,7 @@ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifdef XMPPIPE_RESTRICT_PROCESS_seccomp +#ifdef RESTRICT_PROCESS_seccomp #include #include #include @@ -73,7 +73,7 @@ #define SECCOMP_AUDIT_ARCH 0 #endif -int xmppipe_restrict_process_init(xmppipe_state_t *state) { +int restrict_process_init(xmppipe_state_t *state) { struct sock_filter filter[] = { /* Ensure the syscall arch convention is as expected. */ BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)), @@ -304,7 +304,7 @@ int xmppipe_restrict_process_init(xmppipe_state_t *state) { return prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog); } -int xmppipe_restrict_process_stdin(xmppipe_state_t *state) { +int restrict_process_stdin(xmppipe_state_t *state) { struct sock_filter filter[] = { /* Ensure the syscall arch convention is as expected. */ BPF_STMT(BPF_LD + BPF_W + BPF_ABS, offsetof(struct seccomp_data, arch)), diff --git a/src/xmppipe.c b/src/xmppipe.c index f4b3119..d3439e5 100644 --- a/src/xmppipe.c +++ b/src/xmppipe.c @@ -97,7 +97,7 @@ int main(int argc, char **argv) { jid = xmppipe_getenv("XMPPIPE_USERNAME"); pass = xmppipe_getenv("XMPPIPE_PASSWORD"); - if (xmppipe_restrict_process_init(state) < 0) + if (restrict_process_init(state) < 0) err(EXIT_FAILURE, "restrict_process failed"); while ((ch = getopt_long(argc, argv, "a:b:c:dDeF:hI:k:K:o:P:p:r:sS:u:U:vx", @@ -265,9 +265,9 @@ int main(int argc, char **argv) { if (state->verbose) (void)fprintf(stderr, "restrict_process: stdin: %s\n", - XMPPIPE_RESTRICT_PROCESS); + RESTRICT_PROCESS); - if (xmppipe_restrict_process_stdin(state) < 0) + if (restrict_process_stdin(state) < 0) err(EXIT_FAILURE, "restrict_process failed"); if (xmppipe_stream_init(state) < 0) @@ -557,7 +557,7 @@ static long long xmppipe_strtonum(xmppipe_state_t *state, const char *nptr, static void usage(xmppipe_state_t *state) { (void)fprintf(stderr, "%s %s (using %s mode process restriction)\n", - __progname, XMPPIPE_VERSION, XMPPIPE_RESTRICT_PROCESS); + __progname, XMPPIPE_VERSION, RESTRICT_PROCESS); (void)fprintf( stderr, "usage: %s [OPTIONS]\n" diff --git a/src/xmppipe.h b/src/xmppipe.h index 8386b6e..e7476d9 100644 --- a/src/xmppipe.h +++ b/src/xmppipe.h @@ -166,8 +166,8 @@ void xmppipe_stanza_set_text(xmpp_stanza_t *, const char *const); void xmppipe_stanza_set_type(xmpp_stanza_t *const, const char *const); void xmppipe_stanza_add_child(xmpp_stanza_t *, xmpp_stanza_t *); -int xmppipe_restrict_process_init(xmppipe_state_t *state); -int xmppipe_restrict_process_stdin(xmppipe_state_t *state); +int restrict_process_init(xmppipe_state_t *state); +int restrict_process_stdin(xmppipe_state_t *state); int xmppipe_conn_fd(xmppipe_state_t *state); int b64_ntop(u_char const *src, size_t srclength, char *target,