From b52cd99145152b0d34e2d3a3eb970defb353ff29 Mon Sep 17 00:00:00 2001
From: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Tue, 23 Mar 2021 15:17:54 +0100
Subject: [PATCH] src: use cap_get_proc

This commit uses cap_get_proc from libcap as an alternative to using
getcap.
---
 common.gypi             |  2 +-
 src/node_credentials.cc | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/common.gypi b/common.gypi
index 79a22ac0faca37..9d8f977e35e1a6 100644
--- a/common.gypi
+++ b/common.gypi
@@ -371,7 +371,7 @@
       }],
       [ 'OS in "linux freebsd openbsd solaris aix"', {
         'cflags': [ '-pthread' ],
-        'ldflags': [ '-pthread' ],
+        'ldflags': [ '-pthread', '-lcap' ],
       }],
       [ 'OS in "linux freebsd openbsd solaris android aix cloudabi"', {
         'cflags': [ '-Wall', '-Wextra', '-Wno-unused-parameter', ],
diff --git a/src/node_credentials.cc b/src/node_credentials.cc
index 5d9ff4b0e22612..6af339a6f21c89 100644
--- a/src/node_credentials.cc
+++ b/src/node_credentials.cc
@@ -37,18 +37,18 @@ namespace credentials {
 #if !defined(__CloudABI__) && !defined(_WIN32)
 // Returns true if the current process has effective capabilities and the
 // passed-in capability is in that set.
-bool HasCapability(int capability) {
+bool HasCapability(cap_value_t capability) {
   DCHECK(cap_valid(capability));
-  struct __user_cap_header_struct cap_header_data = {
-    _LINUX_CAPABILITY_VERSION_1, getpid()
-  };
-  struct __user_cap_data_struct cap_data;
 
-  if (capget(&cap_header_data, &cap_data) == -1) {
+  cap_t cap = cap_get_proc();
+  if (cap == nullptr) {
     return false;
   }
+  cap_flag_value_t cap_flag_value;
+  cap_get_flag(cap, capability, CAP_EFFECTIVE, &cap_flag_value);
 
-  return cap_data.effective & CAP_TO_MASK(capability);
+  cap_free(cap);
+  return cap_flag_value == 1;
 }
 #endif