commit 3ca49d4a2c6701075452c39c3af0f0284839552e Author: Debian Live user <amnesia@localhost.localdomain> Date: Sat Oct 25 10:21:35 2014 +0000 Check for ability to capture, not a specific uid --- ooni/geoip.py | 6 ++++-- ooni/nettest.py | 7 ++++--- ooni/oonicli.py | 9 +++++---- ooni/tests/test_oonicli.py | 9 ++++----- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/ooni/geoip.py b/ooni/geoip.py index 86383d0..9cb5da3 100644 --- a/ooni/geoip.py +++ b/ooni/geoip.py @@ -9,7 +9,7 @@ client._HTTP11ClientFactory.noisy = False from twisted.internet import reactor, defer -from ooni.utils import log, checkForRoot +from ooni.utils import log from ooni import errors try: @@ -243,7 +243,9 @@ class ProbeIP(object): """ Perform a UDP traceroute to determine the probes IP address. """ - checkForRoot() + from ooni.utils.txscapy import hasRawSocketPermission + if not hasRawSocketPermission(): + raise errors.InsufficientPrivileges raise NotImplemented def askTor(self): diff --git a/ooni/nettest.py b/ooni/nettest.py index 1a780fd..12fb2fb 100644 --- a/ooni/nettest.py +++ b/ooni/nettest.py @@ -10,7 +10,8 @@ from twisted.python import usage, reflect from ooni import otime from ooni.tasks import Measurement -from ooni.utils import log, checkForRoot, sanitize_options +from ooni.utils import log, sanitize_options +from ooni.utils.txscapy import hasRawSocketPermission from ooni.settings import config from ooni import errors as e @@ -339,8 +340,8 @@ class NetTestLoader(object): klass.localOptions = options test_instance = klass() - if test_instance.requiresRoot: - checkForRoot() + if test_instance.requiresRoot and not hasRawSocketPermission(): + raise errors.InsufficientPrivileges if test_instance.requiresTor: self.requiresTor = True test_instance.requirements() diff --git a/ooni/oonicli.py b/ooni/oonicli.py index 6505584..8997fca 100644 --- a/ooni/oonicli.py +++ b/ooni/oonicli.py @@ -13,7 +13,8 @@ from ooni.director import Director from ooni.deck import Deck, nettest_to_path from ooni.nettest import NetTestLoader -from ooni.utils import log, checkForRoot +from ooni.utils import log +from ooni.utils.txscapy import hasRawSocketPermission class Options(usage.Options): @@ -125,11 +126,11 @@ def runWithDirector(logging=True, start_tor=True, check_incoherences=True): log.start(global_options['logfile']) if config.privacy.includepcap: - try: - checkForRoot() + if hasRawSocketPermission(): + from ooni.utils.txscapy import hasRawSocketPermission from ooni.utils.txscapy import ScapyFactory config.scapyFactory = ScapyFactory(config.advanced.interface) - except errors.InsufficientPrivileges: + else: log.err("Insufficient Privileges to capture packets." " See ooniprobe.conf privacy.includepcap") sys.exit(2) diff --git a/ooni/tests/test_oonicli.py b/ooni/tests/test_oonicli.py index 3d5fdeb..89c4234 100644 --- a/ooni/tests/test_oonicli.py +++ b/ooni/tests/test_oonicli.py @@ -8,8 +8,8 @@ from ooni.tests import is_internet_connected from ooni.tests.bases import ConfigTestCase from ooni.settings import config from ooni.oonicli import runWithDirector -from ooni.utils import checkForRoot from ooni.errors import InsufficientPrivileges +from ooni.utils.txscapy import hasRawSocketPermission def verify_header(header): @@ -63,10 +63,9 @@ class TestRunDirector(ConfigTestCase): super(TestRunDirector, self).setUp() if not is_internet_connected(): self.skipTest("You must be connected to the internet to run this test") - try: - checkForRoot() - except InsufficientPrivileges: - self.skipTest("You must be root to run this test") + elif not hasRawSocketPermission(): + self.skipTest("You must run this test as root or have the capabilities " + "cap_net_admin,cap_net_raw+eip") config.tor.socks_port = 9050 config.tor.control_port = None self.filenames = ['example-input.txt']