From 030ef64b990b258a8b0554e007e59769e5580449 Mon Sep 17 00:00:00 2001
From: yrutschle <git1@rutschle.net>
Date: Sun, 9 May 2021 15:39:14 +0200
Subject: [PATCH] refactor: purified set_capabilities, told to keep or drop
 CAP_NET_ADMIN instead of deciding for itself

---
 common.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/common.c b/common.c
index 3698f86..8d215b9 100644
--- a/common.c
+++ b/common.c
@@ -786,9 +786,9 @@ void set_keepcaps(int val) {
 }
 
 /* Returns true if anything requires transparent proxying. */
-#ifdef LIBCAP
 static int use_transparent(void)
 {
+#ifdef LIBCAP
     if (cfg.transparent)
         return 1;
 
@@ -796,19 +796,21 @@ static int use_transparent(void)
         if (cfg.protocols[i].transparent)
             return 1;
 
+#endif
     return 0;
 }
-#endif
 
-/* set needed capabilities for effective and permitted, clear rest */
-void set_capabilities(void) {
+/* set needed capabilities for effective and permitted, clear rest
+ * IN: cap_net_admin: set to 1 to set CAP_NET_ADMIN
+ * */
+void set_capabilities(int cap_net_admin) {
 #ifdef LIBCAP
     int res;
     cap_t caps;
     cap_value_t cap_list[10];
     int ncap = 0;
 
-    if (use_transparent())
+    if (cap_net_admin)
         cap_list[ncap++] = CAP_NET_ADMIN;
 
     caps = cap_init();
@@ -877,7 +879,7 @@ void drop_privileges(const char* user_name, const char* chroot_path)
         res = setuid(pw->pw_uid);
         CHECK_RES_DIE(res, "setuid");
 
-        set_capabilities();
+        set_capabilities(use_transparent());
         set_keepcaps(0);
     }
 }