3 files changed, 23 insertions, 21 deletions

diff --git a/chat.c b/chat.c
index 821d510..3020be9 100644
--- a/chat.c
+++ b/chat.c
@@ -47,7 +47,7 @@
 #include <unistd.h>
 
 #ifdef __FreeBSD__
-#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
 #endif
 
 #include "chat.h"
@@ -319,21 +319,24 @@ int main(int argc, char *argv[]) {
 #endif
 
 #ifdef __FreeBSD__
-	struct { cap_rights_t stdin, stdout, stderr, irc; } rights;
-	cap_rights_init(&rights.stdin, CAP_READ, CAP_EVENT);
-	cap_rights_init(&rights.stdout, CAP_WRITE, CAP_IOCTL);
-	cap_rights_init(&rights.stderr, CAP_WRITE);
-	cap_rights_init(&rights.irc, CAP_SEND, CAP_RECV, CAP_EVENT);
+	cap_rights_t rights;
+	caph_stream_rights(&rights, CAPH_WRITE);
 	int error = 0
-		|| cap_rights_limit(STDIN_FILENO, &rights.stdin)
-		|| cap_rights_limit(STDOUT_FILENO, &rights.stdout)
-		|| cap_rights_limit(STDERR_FILENO, &rights.stderr)
-		|| cap_rights_limit(irc, &rights.irc);
+		|| caph_limit_stdin()
+		|| caph_rights_limit(STDOUT_FILENO, cap_rights_set(&rights, CAP_IOCTL))
+		|| caph_limit_stderr()
+		|| caph_rights_limit(
+			irc, cap_rights_init(&rights, CAP_SEND, CAP_RECV, CAP_EVENT)
+		);
 	if (error) err(EX_OSERR, "cap_rights_limit");
 
 	if (self.restricted) {
-		int error = cap_enter();
-		if (error) err(EX_OSERR, "cap_enter");
+		// caph_cache_tzdata(3) doesn't load UTC info, which we need for
+		// certificate verification. gmtime(3) does.
+		caph_cache_tzdata();
+		gmtime(&(time_t) { time(NULL) });
+		error = caph_enter();
+		if (error) err(EX_OSERR, "caph_enter");
 	}
 #endif
 
diff --git a/log.c b/log.c
index fab5a41..e31c5fe 100644
--- a/log.c
+++ b/log.c
@@ -39,7 +39,7 @@
 #include <unistd.h>
 
 #ifdef __FreeBSD__
-#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
 #endif
 
 #include "chat.h"
@@ -54,11 +54,9 @@ void logOpen(void) {
 
 #ifdef __FreeBSD__
 	cap_rights_t rights;
-	cap_rights_init(
-		&rights, CAP_MKDIRAT, CAP_CREATE, CAP_WRITE,
-		/* for fdopen(3) */ CAP_FCNTL, CAP_FSTAT
-	);
-	int error = cap_rights_limit(logDir, &rights);
+	caph_stream_rights(&rights, CAPH_WRITE);
+	cap_rights_set(&rights, CAP_MKDIRAT, CAP_CREATE);
+	int error = caph_rights_limit(logDir, &rights);
 	if (error) err(EX_OSERR, "cap_rights_limit");
 #endif
 }
diff --git a/ui.c b/ui.c
index a3003df..abf477c 100644
--- a/ui.c
+++ b/ui.c
@@ -49,7 +49,7 @@
 #include <wctype.h>
 
 #ifdef __FreeBSD__
-#include <sys/capsicum.h>
+#include <capsicum_helpers.h>
 #endif
 
 #include "chat.h"
@@ -1192,8 +1192,9 @@ void uiLoad(const char *name) {
 
 #ifdef __FreeBSD__
 	cap_rights_t rights;
-	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FLOCK, CAP_FTRUNCATE);
-	error = cap_rights_limit(fileno(saveFile), &rights);
+	caph_stream_rights(&rights, CAPH_READ | CAPH_WRITE);
+	cap_rights_set(&rights, CAP_FLOCK, CAP_FTRUNCATE);
+	error = caph_rights_limit(fileno(saveFile), &rights);
 	if (error) err(EX_OSERR, "cap_rights_limit");
 #endif