[tor-commits] [ooni-probe/master] Check for ability to capture, not a specific uid
art at torproject.org
art at torproject.org
Sat Jan 3 15:05:12 UTC 2015
commit 3ca49d4a2c6701075452c39c3af0f0284839552e
Author: Debian Live user <amnesia at localhost.localdomain>
Date: Sat Oct 25 10:21:35 2014 +0000
Check for ability to capture, not a specific uid
---
ooni/geoip.py | 6 ++++--
ooni/nettest.py | 7 ++++---
ooni/oonicli.py | 9 +++++----
ooni/tests/test_oonicli.py | 9 ++++-----
4 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/ooni/geoip.py b/ooni/geoip.py
index 86383d0..9cb5da3 100644
--- a/ooni/geoip.py
+++ b/ooni/geoip.py
@@ -9,7 +9,7 @@ client._HTTP11ClientFactory.noisy = False
from twisted.internet import reactor, defer
-from ooni.utils import log, checkForRoot
+from ooni.utils import log
from ooni import errors
try:
@@ -243,7 +243,9 @@ class ProbeIP(object):
"""
Perform a UDP traceroute to determine the probes IP address.
"""
- checkForRoot()
+ from ooni.utils.txscapy import hasRawSocketPermission
+ if not hasRawSocketPermission():
+ raise errors.InsufficientPrivileges
raise NotImplemented
def askTor(self):
diff --git a/ooni/nettest.py b/ooni/nettest.py
index 1a780fd..12fb2fb 100644
--- a/ooni/nettest.py
+++ b/ooni/nettest.py
@@ -10,7 +10,8 @@ from twisted.python import usage, reflect
from ooni import otime
from ooni.tasks import Measurement
-from ooni.utils import log, checkForRoot, sanitize_options
+from ooni.utils import log, sanitize_options
+from ooni.utils.txscapy import hasRawSocketPermission
from ooni.settings import config
from ooni import errors as e
@@ -339,8 +340,8 @@ class NetTestLoader(object):
klass.localOptions = options
test_instance = klass()
- if test_instance.requiresRoot:
- checkForRoot()
+ if test_instance.requiresRoot and not hasRawSocketPermission():
+ raise errors.InsufficientPrivileges
if test_instance.requiresTor:
self.requiresTor = True
test_instance.requirements()
diff --git a/ooni/oonicli.py b/ooni/oonicli.py
index 6505584..8997fca 100644
--- a/ooni/oonicli.py
+++ b/ooni/oonicli.py
@@ -13,7 +13,8 @@ from ooni.director import Director
from ooni.deck import Deck, nettest_to_path
from ooni.nettest import NetTestLoader
-from ooni.utils import log, checkForRoot
+from ooni.utils import log
+from ooni.utils.txscapy import hasRawSocketPermission
class Options(usage.Options):
@@ -125,11 +126,11 @@ def runWithDirector(logging=True, start_tor=True, check_incoherences=True):
log.start(global_options['logfile'])
if config.privacy.includepcap:
- try:
- checkForRoot()
+ if hasRawSocketPermission():
+ from ooni.utils.txscapy import hasRawSocketPermission
from ooni.utils.txscapy import ScapyFactory
config.scapyFactory = ScapyFactory(config.advanced.interface)
- except errors.InsufficientPrivileges:
+ else:
log.err("Insufficient Privileges to capture packets."
" See ooniprobe.conf privacy.includepcap")
sys.exit(2)
diff --git a/ooni/tests/test_oonicli.py b/ooni/tests/test_oonicli.py
index 3d5fdeb..89c4234 100644
--- a/ooni/tests/test_oonicli.py
+++ b/ooni/tests/test_oonicli.py
@@ -8,8 +8,8 @@ from ooni.tests import is_internet_connected
from ooni.tests.bases import ConfigTestCase
from ooni.settings import config
from ooni.oonicli import runWithDirector
-from ooni.utils import checkForRoot
from ooni.errors import InsufficientPrivileges
+from ooni.utils.txscapy import hasRawSocketPermission
def verify_header(header):
@@ -63,10 +63,9 @@ class TestRunDirector(ConfigTestCase):
super(TestRunDirector, self).setUp()
if not is_internet_connected():
self.skipTest("You must be connected to the internet to run this test")
- try:
- checkForRoot()
- except InsufficientPrivileges:
- self.skipTest("You must be root to run this test")
+ elif not hasRawSocketPermission():
+ self.skipTest("You must run this test as root or have the capabilities "
+ "cap_net_admin,cap_net_raw+eip")
config.tor.socks_port = 9050
config.tor.control_port = None
self.filenames = ['example-input.txt']
More information about the tor-commits
mailing list