Remove lib/libcapsicum and libexec/casper, brought back as

part of a merge mishap. Reported by: junovitch Sponsored by: The FreeBSD Foundation
author: gjb <gjb@FreeBSD.org> 2016-04-17 02:51:04 +0000
committer: gjb <gjb@FreeBSD.org> 2016-04-17 02:51:04 +0000
commit: f4e1f67adb9115a2f4a496dd1667dc6947a459d2 (patch)
tree: 1c7b59f2ecb8c207aed284f17641ef4ffdeea853 /libexec
parent: 8e91712e18c4dabd6433957b8cb7c70fd399f8fd (diff)
download: FreeBSD-src-f4e1f67adb9115a2f4a496dd1667dc6947a459d2.zip
FreeBSD-src-f4e1f67adb9115a2f4a496dd1667dc6947a459d2.tar.gz
16 files changed, 0 insertions, 1824 deletions
diff --git a/libexec/casper/Makefile b/libexec/casper/Makefile
deleted file mode 100644
index c66edd6..0000000
--- a/libexec/casper/Makefile
+++ /dev/null
@@ -1,12 +0,0 @@
-# $FreeBSD$
-
-.include <bsd.own.mk>
-
-PACKAGE=casper
-SUBDIR=	dns
-SUBDIR+=grp
-SUBDIR+=pwd
-SUBDIR+=random
-SUBDIR+=sysctl
-
-.include <bsd.subdir.mk>
diff --git a/libexec/casper/dns/Makefile b/libexec/casper/dns/Makefile
deleted file mode 100644
index 065977f..0000000
--- a/libexec/casper/dns/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-
-.PATH:	${.CURDIR} ${.CURDIR}/../../../sbin/casper
-
-PACKAGE=casper
-PROG=	dns
-
-SRCS=	dns.c
-
-LIBADD=	casper nv
-
-BINDIR=	/libexec/casper
-
-CFLAGS+=-I${.CURDIR}
-CFLAGS+=-I${.CURDIR}/../../../lib/libcapsicum
-CFLAGS+=-I${.CURDIR}/../../../lib/libcasper
-CFLAGS+=-I${.CURDIR}/../../../lib/libpjdlog
-CFLAGS+=-I${.CURDIR}/../../../sbin/casper
-
-MAN=
-
-.include <bsd.prog.mk>
diff --git a/libexec/casper/dns/Makefile.depend b/libexec/casper/dns/Makefile.depend
deleted file mode 100644
index aa79c09..0000000
--- a/libexec/casper/dns/Makefile.depend
+++ /dev/null
@@ -1,23 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	gnu/lib/libgcc \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcapsicum \
-	lib/libcasper \
-	lib/libcompiler_rt \
-	lib/libnv \
-	lib/libpjdlog \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/libexec/casper/dns/dns.c b/libexec/casper/dns/dns.c
deleted file mode 100644
index dbdb2a2..0000000
--- a/libexec/casper/dns/dns.c
+++ /dev/null
@@ -1,436 +0,0 @@
-/*-
- * Copyright (c) 2012-2013 The FreeBSD Foundation
- * All rights reserved.
- *
- * This software was developed by Pawel Jakub Dawidek under sponsorship from
- * the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/nv.h>
-#include <netinet/in.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <netdb.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libcapsicum.h>
-#include <libcapsicum_dns.h>
-#include <libcasper.h>
-#include <pjdlog.h>
-
-static bool
-dns_allowed_type(const nvlist_t *limits, const char *type)
-{
-	const char *name;
-	bool notypes;
-	void *cookie;
-
-	if (limits == NULL)
-		return (true);
-
-	notypes = true;
-	cookie = NULL;
-	while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
-		if (strncmp(name, "type", sizeof("type") - 1) != 0)
-			continue;
-		notypes = false;
-		if (strcmp(nvlist_get_string(limits, name), type) == 0)
-			return (true);
-	}
-
-	/* If there are no types at all, allow any type. */
-	if (notypes)
-		return (true);
-
-	return (false);
-}
-
-static bool
-dns_allowed_family(const nvlist_t *limits, int family)
-{
-	const char *name;
-	bool nofamilies;
-	void *cookie;
-
-	if (limits == NULL)
-		return (true);
-
-	nofamilies = true;
-	cookie = NULL;
-	while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
-		if (strncmp(name, "family", sizeof("family") - 1) != 0)
-			continue;
-		nofamilies = false;
-		if (family == AF_UNSPEC)
-			continue;
-		if (nvlist_get_number(limits, name) == (uint64_t)family)
-			return (true);
-	}
-
-	/* If there are no families at all, allow any family. */
-	if (nofamilies)
-		return (true);
-
-	return (false);
-}
-
-static void
-hostent_pack(const struct hostent *hp, nvlist_t *nvl)
-{
-	unsigned int ii;
-	char nvlname[64];
-	int n;
-
-	nvlist_add_string(nvl, "name", hp->h_name);
-	nvlist_add_number(nvl, "addrtype", (uint64_t)hp->h_addrtype);
-	nvlist_add_number(nvl, "length", (uint64_t)hp->h_length);
-
-	if (hp->h_aliases == NULL) {
-		nvlist_add_number(nvl, "naliases", 0);
-	} else {
-		for (ii = 0; hp->h_aliases[ii] != NULL; ii++) {
-			n = snprintf(nvlname, sizeof(nvlname), "alias%u", ii);
-			assert(n > 0 && n < (int)sizeof(nvlname));
-			nvlist_add_string(nvl, nvlname, hp->h_aliases[ii]);
-		}
-		nvlist_add_number(nvl, "naliases", (uint64_t)ii);
-	}
-
-	if (hp->h_addr_list == NULL) {
-		nvlist_add_number(nvl, "naddrs", 0);
-	} else {
-		for (ii = 0; hp->h_addr_list[ii] != NULL; ii++) {
-			n = snprintf(nvlname, sizeof(nvlname), "addr%u", ii);
-			assert(n > 0 && n < (int)sizeof(nvlname));
-			nvlist_add_binary(nvl, nvlname, hp->h_addr_list[ii],
-			    (size_t)hp->h_length);
-		}
-		nvlist_add_number(nvl, "naddrs", (uint64_t)ii);
-	}
-}
-
-static int
-dns_gethostbyname(const nvlist_t *limits, const nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	struct hostent *hp;
-	int family;
-
-	if (!dns_allowed_type(limits, "NAME"))
-		return (NO_RECOVERY);
-
-	family = (int)nvlist_get_number(nvlin, "family");
-
-	if (!dns_allowed_family(limits, family))
-		return (NO_RECOVERY);
-
-	hp = gethostbyname2(nvlist_get_string(nvlin, "name"), family);
-	if (hp == NULL)
-		return (h_errno);
-	hostent_pack(hp, nvlout);
-	return (0);
-}
-
-static int
-dns_gethostbyaddr(const nvlist_t *limits, const nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	struct hostent *hp;
-	const void *addr;
-	size_t addrsize;
-	int family;
-
-	if (!dns_allowed_type(limits, "ADDR"))
-		return (NO_RECOVERY);
-
-	family = (int)nvlist_get_number(nvlin, "family");
-
-	if (!dns_allowed_family(limits, family))
-		return (NO_RECOVERY);
-
-	addr = nvlist_get_binary(nvlin, "addr", &addrsize);
-	hp = gethostbyaddr(addr, (socklen_t)addrsize, family);
-	if (hp == NULL)
-		return (h_errno);
-	hostent_pack(hp, nvlout);
-	return (0);
-}
-
-static int
-dns_getnameinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct sockaddr_storage sast;
-	const void *sabin;
-	char *host, *serv;
-	size_t sabinsize, hostlen, servlen;
-	socklen_t salen;
-	int error, flags;
-
-	if (!dns_allowed_type(limits, "NAME"))
-		return (NO_RECOVERY);
-
-	error = 0;
-	host = serv = NULL;
-	memset(&sast, 0, sizeof(sast));
-
-	hostlen = (size_t)nvlist_get_number(nvlin, "hostlen");
-	servlen = (size_t)nvlist_get_number(nvlin, "servlen");
-
-	if (hostlen > 0) {
-		host = calloc(1, hostlen + 1);
-		if (host == NULL) {
-			error = EAI_MEMORY;
-			goto out;
-		}
-	}
-	if (servlen > 0) {
-		serv = calloc(1, servlen + 1);
-		if (serv == NULL) {
-			error = EAI_MEMORY;
-			goto out;
-		}
-	}
-
-	sabin = nvlist_get_binary(nvlin, "sa", &sabinsize);
-	if (sabinsize > sizeof(sast)) {
-		error = EAI_FAIL;
-		goto out;
-	}
-
-	memcpy(&sast, sabin, sabinsize);
-	salen = (socklen_t)sabinsize;
-
-	if ((sast.ss_family != AF_INET ||
-	     salen != sizeof(struct sockaddr_in)) &&
-	    (sast.ss_family != AF_INET6 ||
-	     salen != sizeof(struct sockaddr_in6))) {
-		error = EAI_FAIL;
-		goto out;
-	}
-
-	if (!dns_allowed_family(limits, (int)sast.ss_family)) {
-		error = NO_RECOVERY;
-		goto out;
-	}
-
-	flags = (int)nvlist_get_number(nvlin, "flags");
-
-	error = getnameinfo((struct sockaddr *)&sast, salen, host, hostlen,
-	    serv, servlen, flags);
-	if (error != 0)
-		goto out;
-
-	nvlist_move_string(nvlout, "host", host);
-	nvlist_move_string(nvlout, "serv", serv);
-out:
-	if (error != 0) {
-		free(host);
-		free(serv);
-	}
-	return (error);
-}
-
-static nvlist_t *
-addrinfo_pack(const struct addrinfo *ai)
-{
-	nvlist_t *nvl;
-
-	nvl = nvlist_create(0);
-	nvlist_add_number(nvl, "ai_flags", (uint64_t)ai->ai_flags);
-	nvlist_add_number(nvl, "ai_family", (uint64_t)ai->ai_family);
-	nvlist_add_number(nvl, "ai_socktype", (uint64_t)ai->ai_socktype);
-	nvlist_add_number(nvl, "ai_protocol", (uint64_t)ai->ai_protocol);
-	nvlist_add_binary(nvl, "ai_addr", ai->ai_addr, (size_t)ai->ai_addrlen);
-	nvlist_add_string(nvl, "ai_canonname", ai->ai_canonname);
-
-	return (nvl);
-}
-
-static int
-dns_getaddrinfo(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct addrinfo hints, *hintsp, *res, *cur;
-	const char *hostname, *servname;
-	char nvlname[64];
-	nvlist_t *elem;
-	unsigned int ii;
-	int error, family, n;
-
-	if (!dns_allowed_type(limits, "ADDR"))
-		return (NO_RECOVERY);
-
-	hostname = nvlist_get_string(nvlin, "hostname");
-	servname = nvlist_get_string(nvlin, "servname");
-	if (nvlist_exists_number(nvlin, "hints.ai_flags")) {
-		size_t addrlen;
-
-		hints.ai_flags = (int)nvlist_get_number(nvlin,
-		    "hints.ai_flags");
-		hints.ai_family = (int)nvlist_get_number(nvlin,
-		    "hints.ai_family");
-		hints.ai_socktype = (int)nvlist_get_number(nvlin,
-		    "hints.ai_socktype");
-		hints.ai_protocol = (int)nvlist_get_number(nvlin,
-		    "hints.ai_protocol");
-		hints.ai_addrlen = 0;
-		hints.ai_addr = NULL;
-		hints.ai_canonname = NULL;
-		hintsp = &hints;
-		family = hints.ai_family;
-	} else {
-		hintsp = NULL;
-		family = AF_UNSPEC;
-	}
-
-	if (!dns_allowed_family(limits, family))
-		return (NO_RECOVERY);
-
-	error = getaddrinfo(hostname, servname, hintsp, &res);
-	if (error != 0)
-		goto out;
-
-	for (cur = res, ii = 0; cur != NULL; cur = cur->ai_next, ii++) {
-		elem = addrinfo_pack(cur);
-		n = snprintf(nvlname, sizeof(nvlname), "res%u", ii);
-		assert(n > 0 && n < (int)sizeof(nvlname));
-		nvlist_move_nvlist(nvlout, nvlname, elem);
-	}
-
-	freeaddrinfo(res);
-	error = 0;
-out:
-	return (error);
-}
-
-static bool
-limit_has_entry(const nvlist_t *limits, const char *prefix)
-{
-	const char *name;
-	size_t prefixlen;
-	void *cookie;
-
-	if (limits == NULL)
-		return (false);
-
-	prefixlen = strlen(prefix);
-
-	cookie = NULL;
-	while ((name = nvlist_next(limits, NULL, &cookie)) != NULL) {
-		if (strncmp(name, prefix, prefixlen) == 0)
-			return (true);
-	}
-
-	return (false);
-}
-
-static int
-dns_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name;
-	void *cookie;
-	int nvtype;
-	bool hastype, hasfamily;
-
-	hastype = false;
-	hasfamily = false;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &nvtype, &cookie)) != NULL) {
-		if (nvtype == NV_TYPE_STRING) {
-			const char *type;
-
-			if (strncmp(name, "type", sizeof("type") - 1) != 0)
-				return (EINVAL);
-			type = nvlist_get_string(newlimits, name);
-			if (strcmp(type, "ADDR") != 0 &&
-			    strcmp(type, "NAME") != 0) {
-				return (EINVAL);
-			}
-			if (!dns_allowed_type(oldlimits, type))
-				return (ENOTCAPABLE);
-			hastype = true;
-		} else if (nvtype == NV_TYPE_NUMBER) {
-			int family;
-
-			if (strncmp(name, "family", sizeof("family") - 1) != 0)
-				return (EINVAL);
-			family = (int)nvlist_get_number(newlimits, name);
-			if (!dns_allowed_family(oldlimits, family))
-				return (ENOTCAPABLE);
-			hasfamily = true;
-		} else {
-			return (EINVAL);
-		}
-	}
-
-	/*
-	 * If the new limit doesn't mention type or family we have to
-	 * check if the current limit does have those. Missing type or
-	 * family in the limit means that all types or families are
-	 * allowed.
-	 */
-	if (!hastype) {
-		if (limit_has_entry(oldlimits, "type"))
-			return (ENOTCAPABLE);
-	}
-	if (!hasfamily) {
-		if (limit_has_entry(oldlimits, "family"))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static int
-dns_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	int error;
-
-	if (strcmp(cmd, "gethostbyname") == 0)
-		error = dns_gethostbyname(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "gethostbyaddr") == 0)
-		error = dns_gethostbyaddr(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getnameinfo") == 0)
-		error = dns_getnameinfo(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getaddrinfo") == 0)
-		error = dns_getaddrinfo(limits, nvlin, nvlout);
-	else
-		error = NO_RECOVERY;
-
-	return (error);
-}
-
-int
-main(int argc, char *argv[])
-{
-
-	return (service_start("system.dns", PARENT_FILENO, dns_limit,
-	    dns_command, argc, argv));
-}
diff --git a/libexec/casper/grp/Makefile b/libexec/casper/grp/Makefile
deleted file mode 100644
index 454212e..0000000
--- a/libexec/casper/grp/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-
-.PATH:	${.CURDIR} ${.CURDIR}/../../../sbin/casper
-
-PACKAGE=casper
-PROG=	grp
-
-SRCS=	grp.c
-
-LIBADD=	casper nv pjdlog
-
-BINDIR=	/libexec/casper
-
-CFLAGS+=-I${.CURDIR}
-CFLAGS+=-I${.CURDIR}/../../../lib/libcapsicum
-CFLAGS+=-I${.CURDIR}/../../../lib/libcasper
-CFLAGS+=-I${.CURDIR}/../../../lib/libpjdlog
-CFLAGS+=-I${.CURDIR}/../../../sbin/casper
-
-MAN=
-
-.include <bsd.prog.mk>
diff --git a/libexec/casper/grp/Makefile.depend b/libexec/casper/grp/Makefile.depend
deleted file mode 100644
index aa79c09..0000000
--- a/libexec/casper/grp/Makefile.depend
+++ /dev/null
@@ -1,23 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	gnu/lib/libgcc \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcapsicum \
-	lib/libcasper \
-	lib/libcompiler_rt \
-	lib/libnv \
-	lib/libpjdlog \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/libexec/casper/grp/grp.c b/libexec/casper/grp/grp.c
deleted file mode 100644
index 5b3e13d..0000000
--- a/libexec/casper/grp/grp.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*-
- * Copyright (c) 2013 The FreeBSD Foundation
- * All rights reserved.
- *
- * This software was developed by Pawel Jakub Dawidek under sponsorship from
- * the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/nv.h>
-
-#include <assert.h>
-#include <errno.h>
-#include <grp.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libcapsicum.h>
-#include <libcasper.h>
-#include <pjdlog.h>
-
-static bool
-grp_allowed_cmd(const nvlist_t *limits, const char *cmd)
-{
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed commands, then all commands
-	 * are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "cmds"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "cmds");
-	return (nvlist_exists_null(limits, cmd));
-}
-
-static int
-grp_allowed_cmds(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NULL)
-			return (EINVAL);
-		if (!grp_allowed_cmd(oldlimits, name))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-grp_allowed_group(const nvlist_t *limits, const char *gname, gid_t gid)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed groups, then all groups are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "groups"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "groups");
-	cookie = NULL;
-	while ((name = nvlist_next(limits, &type, &cookie)) != NULL) {
-		switch (type) {
-		case NV_TYPE_NUMBER:
-			if (gid != (gid_t)-1 &&
-			    nvlist_get_number(limits, name) == (uint64_t)gid) {
-				return (true);
-			}
-			break;
-		case NV_TYPE_STRING:
-			if (gname != NULL &&
-			    strcmp(nvlist_get_string(limits, name),
-			    gname) == 0) {
-				return (true);
-			}
-			break;
-		default:
-			PJDLOG_ABORT("Unexpected type %d.", type);
-		}
-	}
-
-	return (false);
-}
-
-static int
-grp_allowed_groups(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name, *gname;
-	void *cookie;
-	gid_t gid;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		switch (type) {
-		case NV_TYPE_NUMBER:
-			gid = (gid_t)nvlist_get_number(newlimits, name);
-			gname = NULL;
-			break;
-		case NV_TYPE_STRING:
-			gid = (gid_t)-1;
-			gname = nvlist_get_string(newlimits, name);
-			break;
-		default:
-			return (EINVAL);
-		}
-		if (!grp_allowed_group(oldlimits, gname, gid))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-grp_allowed_field(const nvlist_t *limits, const char *field)
-{
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed fields, then all fields are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "fields"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "fields");
-	return (nvlist_exists_null(limits, field));
-}
-
-static int
-grp_allowed_fields(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NULL)
-			return (EINVAL);
-		if (!grp_allowed_field(oldlimits, name))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-grp_pack(const nvlist_t *limits, const struct group *grp, nvlist_t *nvl)
-{
-	char nvlname[64];
-	int n;
-
-	if (grp == NULL)
-		return (true);
-
-	/*
-	 * If either name or GID is allowed, we allow it.
-	 */
-	if (!grp_allowed_group(limits, grp->gr_name, grp->gr_gid))
-		return (false);
-
-	if (grp_allowed_field(limits, "gr_name"))
-		nvlist_add_string(nvl, "gr_name", grp->gr_name);
-	else
-		nvlist_add_string(nvl, "gr_name", "");
-	if (grp_allowed_field(limits, "gr_passwd"))
-		nvlist_add_string(nvl, "gr_passwd", grp->gr_passwd);
-	else
-		nvlist_add_string(nvl, "gr_passwd", "");
-	if (grp_allowed_field(limits, "gr_gid"))
-		nvlist_add_number(nvl, "gr_gid", (uint64_t)grp->gr_gid);
-	else
-		nvlist_add_number(nvl, "gr_gid", (uint64_t)-1);
-	if (grp_allowed_field(limits, "gr_mem") && grp->gr_mem[0] != NULL) {
-		unsigned int ngroups;
-
-		for (ngroups = 0; grp->gr_mem[ngroups] != NULL; ngroups++) {
-			n = snprintf(nvlname, sizeof(nvlname), "gr_mem[%u]",
-			    ngroups);
-			assert(n > 0 && n < sizeof(nvlname));
-			nvlist_add_string(nvl, nvlname, grp->gr_mem[ngroups]);
-		}
-		nvlist_add_number(nvl, "gr_nmem", (uint64_t)ngroups);
-	}
-
-	return (true);
-}
-
-static int
-grp_getgrent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct group *grp;
-
-	for (;;) {
-		errno = 0;
-		grp = getgrent();
-		if (errno != 0)
-			return (errno);
-		if (grp_pack(limits, grp, nvlout))
-			return (0);
-	}
-
-	/* NOTREACHED */
-}
-
-static int
-grp_getgrnam(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct group *grp;
-	const char *name;
-
-	if (!nvlist_exists_string(nvlin, "name"))
-		return (EINVAL);
-	name = nvlist_get_string(nvlin, "name");
-	PJDLOG_ASSERT(name != NULL);
-
-	errno = 0;
-	grp = getgrnam(name);
-	if (errno != 0)
-		return (errno);
-
-	(void)grp_pack(limits, grp, nvlout);
-
-	return (0);
-}
-
-static int
-grp_getgrgid(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct group *grp;
-	gid_t gid;
-
-	if (!nvlist_exists_number(nvlin, "gid"))
-		return (EINVAL);
-
-	gid = (gid_t)nvlist_get_number(nvlin, "gid");
-
-	errno = 0;
-	grp = getgrgid(gid);
-	if (errno != 0)
-		return (errno);
-
-	(void)grp_pack(limits, grp, nvlout);
-
-	return (0);
-}
-
-static int
-grp_setgroupent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	int stayopen;
-
-	if (!nvlist_exists_bool(nvlin, "stayopen"))
-		return (EINVAL);
-
-	stayopen = nvlist_get_bool(nvlin, "stayopen") ? 1 : 0;
-
-	return (setgroupent(stayopen) == 0 ? EFAULT : 0);
-}
-
-static int
-grp_setgrent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-
-	return (setgrent() == 0 ? EFAULT : 0);
-}
-
-static int
-grp_endgrent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-
-	endgrent();
-
-	return (0);
-}
-
-static int
-grp_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const nvlist_t *limits;
-	const char *name;
-	void *cookie;
-	int error, type;
-
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "cmds") &&
-	    !nvlist_exists_nvlist(newlimits, "cmds")) {
-		return (ENOTCAPABLE);
-	}
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "fields") &&
-	    !nvlist_exists_nvlist(newlimits, "fields")) {
-		return (ENOTCAPABLE);
-	}
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "groups") &&
-	    !nvlist_exists_nvlist(newlimits, "groups")) {
-		return (ENOTCAPABLE);
-	}
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NVLIST)
-			return (EINVAL);
-		limits = nvlist_get_nvlist(newlimits, name);
-		if (strcmp(name, "cmds") == 0)
-			error = grp_allowed_cmds(oldlimits, limits);
-		else if (strcmp(name, "fields") == 0)
-			error = grp_allowed_fields(oldlimits, limits);
-		else if (strcmp(name, "groups") == 0)
-			error = grp_allowed_groups(oldlimits, limits);
-		else
-			error = EINVAL;
-		if (error != 0)
-			return (error);
-	}
-
-	return (0);
-}
-
-static int
-grp_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	int error;
-
-	if (!grp_allowed_cmd(limits, cmd))
-		return (ENOTCAPABLE);
-
-	if (strcmp(cmd, "getgrent") == 0 || strcmp(cmd, "getgrent_r") == 0)
-		error = grp_getgrent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getgrnam") == 0 || strcmp(cmd, "getgrnam_r") == 0)
-		error = grp_getgrnam(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getgrgid") == 0 || strcmp(cmd, "getgrgid_r") == 0)
-		error = grp_getgrgid(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "setgroupent") == 0)
-		error = grp_setgroupent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "setgrent") == 0)
-		error = grp_setgrent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "endgrent") == 0)
-		error = grp_endgrent(limits, nvlin, nvlout);
-	else
-		error = EINVAL;
-
-	return (error);
-}
-
-int
-main(int argc, char *argv[])
-{
-
-	return (service_start("system.grp", PARENT_FILENO, grp_limit,
-	    grp_command, argc, argv));
-}
diff --git a/libexec/casper/pwd/Makefile b/libexec/casper/pwd/Makefile
deleted file mode 100644
index 91dd609..0000000
--- a/libexec/casper/pwd/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-
-.PATH:	${.CURDIR} ${.CURDIR}/../../../sbin/casper
-
-PACKAGE=casper
-PROG=	pwd
-
-SRCS=	pwd.c
-
-LIBADD=	casper nv pjdlog
-
-BINDIR=	/libexec/casper
-
-CFLAGS+=-I${.CURDIR}
-CFLAGS+=-I${.CURDIR}/../../../lib/libcapsicum
-CFLAGS+=-I${.CURDIR}/../../../lib/libcasper
-CFLAGS+=-I${.CURDIR}/../../../lib/libpjdlog
-CFLAGS+=-I${.CURDIR}/../../../sbin/casper
-
-MAN=
-
-.include <bsd.prog.mk>
diff --git a/libexec/casper/pwd/Makefile.depend b/libexec/casper/pwd/Makefile.depend
deleted file mode 100644
index aa79c09..0000000
--- a/libexec/casper/pwd/Makefile.depend
+++ /dev/null
@@ -1,23 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	gnu/lib/libgcc \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcapsicum \
-	lib/libcasper \
-	lib/libcompiler_rt \
-	lib/libnv \
-	lib/libpjdlog \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/libexec/casper/pwd/pwd.c b/libexec/casper/pwd/pwd.c
deleted file mode 100644
index 0a06c5f..0000000
--- a/libexec/casper/pwd/pwd.c
+++ /dev/null
@@ -1,430 +0,0 @@
-/*-
- * Copyright (c) 2013 The FreeBSD Foundation
- * All rights reserved.
- *
- * This software was developed by Pawel Jakub Dawidek under sponsorship from
- * the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/nv.h>
-
-#include <errno.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libcapsicum.h>
-#include <libcasper.h>
-#include <pjdlog.h>
-
-static bool
-pwd_allowed_cmd(const nvlist_t *limits, const char *cmd)
-{
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed commands, then all commands
-	 * are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "cmds"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "cmds");
-	return (nvlist_exists_null(limits, cmd));
-}
-
-static int
-pwd_allowed_cmds(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NULL)
-			return (EINVAL);
-		if (!pwd_allowed_cmd(oldlimits, name))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-pwd_allowed_user(const nvlist_t *limits, const char *uname, uid_t uid)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed users, then all users are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "users"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "users");
-	cookie = NULL;
-	while ((name = nvlist_next(limits, &type, &cookie)) != NULL) {
-		switch (type) {
-		case NV_TYPE_NUMBER:
-			if (uid != (uid_t)-1 &&
-			    nvlist_get_number(limits, name) == (uint64_t)uid) {
-				return (true);
-			}
-			break;
-		case NV_TYPE_STRING:
-			if (uname != NULL &&
-			    strcmp(nvlist_get_string(limits, name),
-			    uname) == 0) {
-				return (true);
-			}
-			break;
-		default:
-			PJDLOG_ABORT("Unexpected type %d.", type);
-		}
-	}
-
-	return (false);
-}
-
-static int
-pwd_allowed_users(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name, *uname;
-	void *cookie;
-	uid_t uid;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		switch (type) {
-		case NV_TYPE_NUMBER:
-			uid = (uid_t)nvlist_get_number(newlimits, name);
-			uname = NULL;
-			break;
-		case NV_TYPE_STRING:
-			uid = (uid_t)-1;
-			uname = nvlist_get_string(newlimits, name);
-			break;
-		default:
-			return (EINVAL);
-		}
-		if (!pwd_allowed_user(oldlimits, uname, uid))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-pwd_allowed_field(const nvlist_t *limits, const char *field)
-{
-
-	if (limits == NULL)
-		return (true);
-
-	/*
-	 * If no limit was set on allowed fields, then all fields are allowed.
-	 */
-	if (!nvlist_exists_nvlist(limits, "fields"))
-		return (true);
-
-	limits = nvlist_get_nvlist(limits, "fields");
-	return (nvlist_exists_null(limits, field));
-}
-
-static int
-pwd_allowed_fields(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const char *name;
-	void *cookie;
-	int type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NULL)
-			return (EINVAL);
-		if (!pwd_allowed_field(oldlimits, name))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static bool
-pwd_pack(const nvlist_t *limits, const struct passwd *pwd, nvlist_t *nvl)
-{
-	int fields;
-
-	if (pwd == NULL)
-		return (true);
-
-	/*
-	 * If either name or UID is allowed, we allow it.
-	 */
-	if (!pwd_allowed_user(limits, pwd->pw_name, pwd->pw_uid))
-		return (false);
-
-	fields = pwd->pw_fields;
-
-	if (pwd_allowed_field(limits, "pw_name")) {
-		nvlist_add_string(nvl, "pw_name", pwd->pw_name);
-	} else {
-		nvlist_add_string(nvl, "pw_name", "");
-		fields &= ~_PWF_NAME;
-	}
-	if (pwd_allowed_field(limits, "pw_uid")) {
-		nvlist_add_number(nvl, "pw_uid", (uint64_t)pwd->pw_uid);
-	} else {
-		nvlist_add_number(nvl, "pw_uid", (uint64_t)-1);
-		fields &= ~_PWF_UID;
-	}
-	if (pwd_allowed_field(limits, "pw_gid")) {
-		nvlist_add_number(nvl, "pw_gid", (uint64_t)pwd->pw_gid);
-	} else {
-		nvlist_add_number(nvl, "pw_gid", (uint64_t)-1);
-		fields &= ~_PWF_GID;
-	}
-	if (pwd_allowed_field(limits, "pw_change")) {
-		nvlist_add_number(nvl, "pw_change", (uint64_t)pwd->pw_change);
-	} else {
-		nvlist_add_number(nvl, "pw_change", (uint64_t)0);
-		fields &= ~_PWF_CHANGE;
-	}
-	if (pwd_allowed_field(limits, "pw_passwd")) {
-		nvlist_add_string(nvl, "pw_passwd", pwd->pw_passwd);
-	} else {
-		nvlist_add_string(nvl, "pw_passwd", "");
-		fields &= ~_PWF_PASSWD;
-	}
-	if (pwd_allowed_field(limits, "pw_class")) {
-		nvlist_add_string(nvl, "pw_class", pwd->pw_class);
-	} else {
-		nvlist_add_string(nvl, "pw_class", "");
-		fields &= ~_PWF_CLASS;
-	}
-	if (pwd_allowed_field(limits, "pw_gecos")) {
-		nvlist_add_string(nvl, "pw_gecos", pwd->pw_gecos);
-	} else {
-		nvlist_add_string(nvl, "pw_gecos", "");
-		fields &= ~_PWF_GECOS;
-	}
-	if (pwd_allowed_field(limits, "pw_dir")) {
-		nvlist_add_string(nvl, "pw_dir", pwd->pw_dir);
-	} else {
-		nvlist_add_string(nvl, "pw_dir", "");
-		fields &= ~_PWF_DIR;
-	}
-	if (pwd_allowed_field(limits, "pw_shell")) {
-		nvlist_add_string(nvl, "pw_shell", pwd->pw_shell);
-	} else {
-		nvlist_add_string(nvl, "pw_shell", "");
-		fields &= ~_PWF_SHELL;
-	}
-	if (pwd_allowed_field(limits, "pw_expire")) {
-		nvlist_add_number(nvl, "pw_expire", (uint64_t)pwd->pw_expire);
-	} else {
-		nvlist_add_number(nvl, "pw_expire", (uint64_t)0);
-		fields &= ~_PWF_EXPIRE;
-	}
-	nvlist_add_number(nvl, "pw_fields", (uint64_t)fields);
-
-	return (true);
-}
-
-static int
-pwd_getpwent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct passwd *pwd;
-
-	for (;;) {
-		errno = 0;
-		pwd = getpwent();
-		if (errno != 0)
-			return (errno);
-		if (pwd_pack(limits, pwd, nvlout))
-			return (0);
-	}
-
-	/* NOTREACHED */
-}
-
-static int
-pwd_getpwnam(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct passwd *pwd;
-	const char *name;
-
-	if (!nvlist_exists_string(nvlin, "name"))
-		return (EINVAL);
-	name = nvlist_get_string(nvlin, "name");
-	PJDLOG_ASSERT(name != NULL);
-
-	errno = 0;
-	pwd = getpwnam(name);
-	if (errno != 0)
-		return (errno);
-
-	(void)pwd_pack(limits, pwd, nvlout);
-
-	return (0);
-}
-
-static int
-pwd_getpwuid(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	struct passwd *pwd;
-	uid_t uid;
-
-	if (!nvlist_exists_number(nvlin, "uid"))
-		return (EINVAL);
-
-	uid = (uid_t)nvlist_get_number(nvlin, "uid");
-
-	errno = 0;
-	pwd = getpwuid(uid);
-	if (errno != 0)
-		return (errno);
-
-	(void)pwd_pack(limits, pwd, nvlout);
-
-	return (0);
-}
-
-static int
-pwd_setpassent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-	int stayopen;
-
-	if (!nvlist_exists_bool(nvlin, "stayopen"))
-		return (EINVAL);
-
-	stayopen = nvlist_get_bool(nvlin, "stayopen") ? 1 : 0;
-
-	return (setpassent(stayopen) == 0 ? EFAULT : 0);
-}
-
-static int
-pwd_setpwent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-
-	setpwent();
-
-	return (0);
-}
-
-static int
-pwd_endpwent(const nvlist_t *limits, const nvlist_t *nvlin, nvlist_t *nvlout)
-{
-
-	endpwent();
-
-	return (0);
-}
-
-static int
-pwd_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const nvlist_t *limits;
-	const char *name;
-	void *cookie;
-	int error, type;
-
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "cmds") &&
-	    !nvlist_exists_nvlist(newlimits, "cmds")) {
-		return (ENOTCAPABLE);
-	}
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "fields") &&
-	    !nvlist_exists_nvlist(newlimits, "fields")) {
-		return (ENOTCAPABLE);
-	}
-	if (oldlimits != NULL && nvlist_exists_nvlist(oldlimits, "users") &&
-	    !nvlist_exists_nvlist(newlimits, "users")) {
-		return (ENOTCAPABLE);
-	}
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NVLIST)
-			return (EINVAL);
-		limits = nvlist_get_nvlist(newlimits, name);
-		if (strcmp(name, "cmds") == 0)
-			error = pwd_allowed_cmds(oldlimits, limits);
-		else if (strcmp(name, "fields") == 0)
-			error = pwd_allowed_fields(oldlimits, limits);
-		else if (strcmp(name, "users") == 0)
-			error = pwd_allowed_users(oldlimits, limits);
-		else
-			error = EINVAL;
-		if (error != 0)
-			return (error);
-	}
-
-	return (0);
-}
-
-static int
-pwd_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	int error;
-
-	if (!pwd_allowed_cmd(limits, cmd))
-		return (ENOTCAPABLE);
-
-	if (strcmp(cmd, "getpwent") == 0 || strcmp(cmd, "getpwent_r") == 0)
-		error = pwd_getpwent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getpwnam") == 0 || strcmp(cmd, "getpwnam_r") == 0)
-		error = pwd_getpwnam(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "getpwuid") == 0 || strcmp(cmd, "getpwuid_r") == 0)
-		error = pwd_getpwuid(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "setpassent") == 0)
-		error = pwd_setpassent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "setpwent") == 0)
-		error = pwd_setpwent(limits, nvlin, nvlout);
-	else if (strcmp(cmd, "endpwent") == 0)
-		error = pwd_endpwent(limits, nvlin, nvlout);
-	else
-		error = EINVAL;
-
-	return (error);
-}
-
-int
-main(int argc, char *argv[])
-{
-
-	return (service_start("system.pwd", PARENT_FILENO, pwd_limit,
-	    pwd_command, argc, argv));
-}
diff --git a/libexec/casper/random/Makefile b/libexec/casper/random/Makefile
deleted file mode 100644
index 208f299..0000000
--- a/libexec/casper/random/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-
-.PATH:	${.CURDIR} ${.CURDIR}/../../../sbin/casper
-
-PACKAGE=casper
-PROG=	random
-
-SRCS=	random.c
-
-LIBADD=	casper nv
-
-BINDIR=	/libexec/casper
-
-CFLAGS+=-I${.CURDIR}
-CFLAGS+=-I${.CURDIR}/../../../lib/libcapsicum
-CFLAGS+=-I${.CURDIR}/../../../lib/libcasper
-CFLAGS+=-I${.CURDIR}/../../../lib/libpjdlog
-CFLAGS+=-I${.CURDIR}/../../../sbin/casper
-
-MAN=
-
-.include <bsd.prog.mk>
diff --git a/libexec/casper/random/Makefile.depend b/libexec/casper/random/Makefile.depend
deleted file mode 100644
index aa79c09..0000000
--- a/libexec/casper/random/Makefile.depend
+++ /dev/null
@@ -1,23 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	gnu/lib/libgcc \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcapsicum \
-	lib/libcasper \
-	lib/libcompiler_rt \
-	lib/libnv \
-	lib/libpjdlog \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/libexec/casper/random/random.c b/libexec/casper/random/random.c
deleted file mode 100644
index db91685..0000000
--- a/libexec/casper/random/random.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/*-
- * Copyright (c) 2012-2013 The FreeBSD Foundation
- * All rights reserved.
- *
- * This software was developed by Pawel Jakub Dawidek under sponsorship from
- * the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/nv.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libcapsicum.h>
-#include <libcasper.h>
-#include <pjdlog.h>
-
-#define	MAXSIZE	(1024 * 1024)
-
-static int
-random_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	void *data;
-	size_t size;
-
-	if (strcmp(cmd, "generate") != 0)
-		return (EINVAL);
-	if (!nvlist_exists_number(nvlin, "size"))
-		return (EINVAL);
-
-	size = (size_t)nvlist_get_number(nvlin, "size");
-	if (size == 0 || size > MAXSIZE)
-		return (EINVAL);
-
-	data = malloc(size);
-	if (data == NULL)
-		return (ENOMEM);
-
-	arc4random_buf(data, size);
-
-	nvlist_move_binary(nvlout, "data", data, size);
-
-	return (0);
-}
-
-int
-main(int argc, char *argv[])
-{
-
-	/*
-	 * TODO: Sandbox this.
-	 */
-
-	return (service_start("system.random", PARENT_FILENO, NULL,
-	    random_command, argc, argv));
-}
diff --git a/libexec/casper/sysctl/Makefile b/libexec/casper/sysctl/Makefile
deleted file mode 100644
index e9b4bf6..0000000
--- a/libexec/casper/sysctl/Makefile
+++ /dev/null
@@ -1,22 +0,0 @@
-# $FreeBSD$
-
-.PATH:	${.CURDIR} ${.CURDIR}/../../../sbin/casper
-
-PACKAGE=casper
-PROG=	sysctl
-
-SRCS=	sysctl.c
-
-LIBADD=	casper nv pjdlog
-
-BINDIR=	/libexec/casper
-
-CFLAGS+=-I${.CURDIR}
-CFLAGS+=-I${.CURDIR}/../../../lib/libcapsicum
-CFLAGS+=-I${.CURDIR}/../../../lib/libcasper
-CFLAGS+=-I${.CURDIR}/../../../lib/libpjdlog
-CFLAGS+=-I${.CURDIR}/../../../sbin/casper
-
-MAN=
-
-.include <bsd.prog.mk>
diff --git a/libexec/casper/sysctl/Makefile.depend b/libexec/casper/sysctl/Makefile.depend
deleted file mode 100644
index aa79c09..0000000
--- a/libexec/casper/sysctl/Makefile.depend
+++ /dev/null
@@ -1,23 +0,0 @@
-# $FreeBSD$
-# Autogenerated - do NOT edit!
-
-DIRDEPS = \
-	gnu/lib/csu \
-	gnu/lib/libgcc \
-	include \
-	include/xlocale \
-	lib/${CSU_DIR} \
-	lib/libc \
-	lib/libcapsicum \
-	lib/libcasper \
-	lib/libcompiler_rt \
-	lib/libnv \
-	lib/libpjdlog \
-	lib/libutil \
-
-
-.include <dirdeps.mk>
-
-.if ${DEP_RELDIR} == ${_DEP_RELDIR}
-# local dependencies - needed for -jN in clean tree
-.endif
diff --git a/libexec/casper/sysctl/sysctl.c b/libexec/casper/sysctl/sysctl.c
deleted file mode 100644
index 4cbc505..0000000
--- a/libexec/casper/sysctl/sysctl.c
+++ /dev/null
@@ -1,249 +0,0 @@
-/*-
- * Copyright (c) 2013 The FreeBSD Foundation
- * All rights reserved.
- *
- * This software was developed by Pawel Jakub Dawidek under sponsorship from
- * the FreeBSD Foundation.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <sys/sysctl.h>
-#include <sys/nv.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <libcapsicum.h>
-#include <libcapsicum_sysctl.h>
-#include <libcasper.h>
-#include <pjdlog.h>
-
-static int
-sysctl_check_one(const nvlist_t *nvl, bool islimit)
-{
-	const char *name;
-	void *cookie;
-	int type;
-	unsigned int fields;
-
-	/* NULL nvl is of course invalid. */
-	if (nvl == NULL)
-		return (EINVAL);
-	if (nvlist_error(nvl) != 0)
-		return (nvlist_error(nvl));
-
-#define	HAS_NAME	0x01
-#define	HAS_OPERATION	0x02
-
-	fields = 0;
-	cookie = NULL;
-	while ((name = nvlist_next(nvl, &type, &cookie)) != NULL) {
-		/* We accept only one 'name' and one 'operation' in nvl. */
-		if (strcmp(name, "name") == 0) {
-			if (type != NV_TYPE_STRING)
-				return (EINVAL);
-			/* Only one 'name' can be present. */
-			if ((fields & HAS_NAME) != 0)
-				return (EINVAL);
-			fields |= HAS_NAME;
-		} else if (strcmp(name, "operation") == 0) {
-			uint64_t operation;
-
-			if (type != NV_TYPE_NUMBER)
-				return (EINVAL);
-			/*
-			 * We accept only CAP_SYSCTL_READ and
-			 * CAP_SYSCTL_WRITE flags.
-			 */
-			operation = nvlist_get_number(nvl, name);
-			if ((operation & ~(CAP_SYSCTL_RDWR)) != 0)
-				return (EINVAL);
-			/* ...but there has to be at least one of them. */
-			if ((operation & (CAP_SYSCTL_RDWR)) == 0)
-				return (EINVAL);
-			/* Only one 'operation' can be present. */
-			if ((fields & HAS_OPERATION) != 0)
-				return (EINVAL);
-			fields |= HAS_OPERATION;
-		} else if (islimit) {
-			/* If this is limit, there can be no other fields. */
-			return (EINVAL);
-		}
-	}
-
-	/* Both fields has to be there. */
-	if (fields != (HAS_NAME | HAS_OPERATION))
-		return (EINVAL);
-
-#undef	HAS_OPERATION
-#undef	HAS_NAME
-
-	return (0);
-}
-
-static bool
-sysctl_allowed(const nvlist_t *limits, const char *chname, uint64_t choperation)
-{
-	uint64_t operation;
-	const char *name;
-	void *cookie;
-	int type;
-
-	if (limits == NULL)
-		return (true);
-
-	cookie = NULL;
-	while ((name = nvlist_next(limits, &type, &cookie)) != NULL) {
-		PJDLOG_ASSERT(type == NV_TYPE_NUMBER);
-
-		operation = nvlist_get_number(limits, name);
-		if ((operation & choperation) != choperation)
-			continue;
-
-		if ((operation & CAP_SYSCTL_RECURSIVE) == 0) {
-			if (strcmp(name, chname) != 0)
-				continue;
-		} else {
-			size_t namelen;
-
-			namelen = strlen(name);
-			if (strncmp(name, chname, namelen) != 0)
-				continue;
-			if (chname[namelen] != '.' && chname[namelen] != '\0')
-				continue;
-		}
-
-		return (true);
-	}
-
-	return (false);
-}
-
-static int
-sysctl_limit(const nvlist_t *oldlimits, const nvlist_t *newlimits)
-{
-	const nvlist_t *nvl;
-	const char *name;
-	void *cookie;
-	uint64_t operation;
-	int error, type;
-
-	cookie = NULL;
-	while ((name = nvlist_next(newlimits, &type, &cookie)) != NULL) {
-		if (type != NV_TYPE_NUMBER)
-			return (EINVAL);
-		operation = nvlist_get_number(newlimits, name);
-		if ((operation & ~(CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE)) != 0)
-			return (EINVAL);
-		if ((operation & (CAP_SYSCTL_RDWR | CAP_SYSCTL_RECURSIVE)) == 0)
-			return (EINVAL);
-		if (!sysctl_allowed(oldlimits, name, operation))
-			return (ENOTCAPABLE);
-	}
-
-	return (0);
-}
-
-static int
-sysctl_command(const char *cmd, const nvlist_t *limits, nvlist_t *nvlin,
-    nvlist_t *nvlout)
-{
-	const char *name;
-	const void *newp;
-	void *oldp;
-	uint64_t operation;
-	size_t oldlen, newlen;
-	size_t *oldlenp;
-	int error;
-
-	if (strcmp(cmd, "sysctl") != 0)
-		return (EINVAL);
-	error = sysctl_check_one(nvlin, false);
-	if (error != 0)
-		return (error);
-
-	name = nvlist_get_string(nvlin, "name");
-	operation = nvlist_get_number(nvlin, "operation");
-	if (!sysctl_allowed(limits, name, operation))
-		return (ENOTCAPABLE);
-
-	if ((operation & CAP_SYSCTL_WRITE) != 0) {
-		if (!nvlist_exists_binary(nvlin, "newp"))
-			return (EINVAL);
-		newp = nvlist_get_binary(nvlin, "newp", &newlen);
-		PJDLOG_ASSERT(newp != NULL && newlen > 0);
-	} else {
-		newp = NULL;
-		newlen = 0;
-	}
-
-	if ((operation & CAP_SYSCTL_READ) != 0) {
-		if (nvlist_exists_null(nvlin, "justsize")) {
-			oldp = NULL;
-			oldlen = 0;
-			oldlenp = &oldlen;
-		} else {
-			if (!nvlist_exists_number(nvlin, "oldlen"))
-				return (EINVAL);
-			oldlen = (size_t)nvlist_get_number(nvlin, "oldlen");
-			if (oldlen == 0)
-				return (EINVAL);
-			oldp = calloc(1, oldlen);
-			if (oldp == NULL)
-				return (ENOMEM);
-			oldlenp = &oldlen;
-		}
-	} else {
-		oldp = NULL;
-		oldlen = 0;
-		oldlenp = NULL;
-	}
-
-	if (sysctlbyname(name, oldp, oldlenp, newp, newlen) == -1) {
-		error = errno;
-		free(oldp);
-		return (error);
-	}
-
-	if ((operation & CAP_SYSCTL_READ) != 0) {
-		if (nvlist_exists_null(nvlin, "justsize"))
-			nvlist_add_number(nvlout, "oldlen", (uint64_t)oldlen);
-		else
-			nvlist_move_binary(nvlout, "oldp", oldp, oldlen);
-	}
-
-	return (0);
-}
-
-int
-main(int argc, char *argv[])
-{
-
-	return (service_start("system.sysctl", PARENT_FILENO, sysctl_limit,
-	    sysctl_command, argc, argv));
-}
author	gjb <gjb@FreeBSD.org>	2016-04-17 02:51:04 +0000
committer	gjb <gjb@FreeBSD.org>	2016-04-17 02:51:04 +0000
commit	f4e1f67adb9115a2f4a496dd1667dc6947a459d2 (patch)
tree	1c7b59f2ecb8c207aed284f17641ef4ffdeea853 /libexec
parent	8e91712e18c4dabd6433957b8cb7c70fd399f8fd (diff)
download	FreeBSD-src-f4e1f67adb9115a2f4a496dd1667dc6947a459d2.zip FreeBSD-src-f4e1f67adb9115a2f4a496dd1667dc6947a459d2.tar.gz