[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [ooni-probe/master] Check for ability to capture, not a specific uid



commit 3ca49d4a2c6701075452c39c3af0f0284839552e
Author: Debian Live user <amnesia@xxxxxxxxxxxxxxxxxxxxx>
Date:   Sat Oct 25 10:21:35 2014 +0000

    Check for ability to capture, not a specific uid
---
 ooni/geoip.py              |    6 ++++--
 ooni/nettest.py            |    7 ++++---
 ooni/oonicli.py            |    9 +++++----
 ooni/tests/test_oonicli.py |    9 ++++-----
 4 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/ooni/geoip.py b/ooni/geoip.py
index 86383d0..9cb5da3 100644
--- a/ooni/geoip.py
+++ b/ooni/geoip.py
@@ -9,7 +9,7 @@ client._HTTP11ClientFactory.noisy = False
 
 from twisted.internet import reactor, defer
 
-from ooni.utils import log, checkForRoot
+from ooni.utils import log
 from ooni import errors
 
 try:
@@ -243,7 +243,9 @@ class ProbeIP(object):
         """
         Perform a UDP traceroute to determine the probes IP address.
         """
-        checkForRoot()
+        from ooni.utils.txscapy import hasRawSocketPermission
+        if not hasRawSocketPermission():
+            raise errors.InsufficientPrivileges
         raise NotImplemented
 
     def askTor(self):
diff --git a/ooni/nettest.py b/ooni/nettest.py
index 1a780fd..12fb2fb 100644
--- a/ooni/nettest.py
+++ b/ooni/nettest.py
@@ -10,7 +10,8 @@ from twisted.python import usage, reflect
 
 from ooni import otime
 from ooni.tasks import Measurement
-from ooni.utils import log, checkForRoot, sanitize_options
+from ooni.utils import log, sanitize_options
+from ooni.utils.txscapy import hasRawSocketPermission
 from ooni.settings import config
 
 from ooni import errors as e
@@ -339,8 +340,8 @@ class NetTestLoader(object):
                 klass.localOptions = options
 
             test_instance = klass()
-            if test_instance.requiresRoot:
-                checkForRoot()
+            if test_instance.requiresRoot and not hasRawSocketPermission():
+                raise errors.InsufficientPrivileges
             if test_instance.requiresTor:
                 self.requiresTor = True
             test_instance.requirements()
diff --git a/ooni/oonicli.py b/ooni/oonicli.py
index 6505584..8997fca 100644
--- a/ooni/oonicli.py
+++ b/ooni/oonicli.py
@@ -13,7 +13,8 @@ from ooni.director import Director
 from ooni.deck import Deck, nettest_to_path
 from ooni.nettest import NetTestLoader
 
-from ooni.utils import log, checkForRoot
+from ooni.utils import log
+from ooni.utils.txscapy import hasRawSocketPermission
 
 
 class Options(usage.Options):
@@ -125,11 +126,11 @@ def runWithDirector(logging=True, start_tor=True, check_incoherences=True):
         log.start(global_options['logfile'])
 
     if config.privacy.includepcap:
-        try:
-            checkForRoot()
+        if hasRawSocketPermission():
+            from ooni.utils.txscapy import hasRawSocketPermission
             from ooni.utils.txscapy import ScapyFactory
             config.scapyFactory = ScapyFactory(config.advanced.interface)
-        except errors.InsufficientPrivileges:
+        else:
             log.err("Insufficient Privileges to capture packets."
                     " See ooniprobe.conf privacy.includepcap")
             sys.exit(2)
diff --git a/ooni/tests/test_oonicli.py b/ooni/tests/test_oonicli.py
index 3d5fdeb..89c4234 100644
--- a/ooni/tests/test_oonicli.py
+++ b/ooni/tests/test_oonicli.py
@@ -8,8 +8,8 @@ from ooni.tests import is_internet_connected
 from ooni.tests.bases import ConfigTestCase
 from ooni.settings import config
 from ooni.oonicli import runWithDirector
-from ooni.utils import checkForRoot
 from ooni.errors import InsufficientPrivileges
+from ooni.utils.txscapy import hasRawSocketPermission
 
 
 def verify_header(header):
@@ -63,10 +63,9 @@ class TestRunDirector(ConfigTestCase):
         super(TestRunDirector, self).setUp()
         if not is_internet_connected():
             self.skipTest("You must be connected to the internet to run this test")
-        try:
-            checkForRoot()
-        except InsufficientPrivileges:
-            self.skipTest("You must be root to run this test")
+        elif not hasRawSocketPermission():
+            self.skipTest("You must run this test as root or have the capabilities "
+            "cap_net_admin,cap_net_raw+eip")
         config.tor.socks_port = 9050
         config.tor.control_port = None
         self.filenames = ['example-input.txt']



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits