[tor-commits] [torsocks/master] Fix a bunch of stuff in the wrapper script, #24967

Mon Nov 19 15:35:17 UTC 2018

commit 47b10b686e8e94fe0a2096135d4d9b195afb5267
Author: Alex Xu (Hello71) <alex_y_xu at yahoo.ca>
Date:   Tue Jan 23 10:01:17 2018 -0500

    Fix a bunch of stuff in the wrapper script, #24967
---
 src/bin/torsocks.in | 160 ++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 125 insertions(+), 35 deletions(-)

diff --git a/src/bin/torsocks.in b/src/bin/torsocks.in
index fe8b67a..68ec2e5 100644
--- a/src/bin/torsocks.in
+++ b/src/bin/torsocks.in
@@ -58,6 +58,7 @@
 # Tamas Szerb <toma at rulez.org>
 # Modified by Robert Hogan <robert at roberthogan.net> April 16th 2006
 # Modified by David Goulet <dgoulet at ev0ke.net> 2013
+# Modified by Alex Xu (Hello71) <alex_y_xu at yahoo.ca> 2018
 
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@@ -67,15 +68,108 @@ LIB_NAME="libtorsocks"
 SHLIB_EXT="@SHLIB_EXT@"
 SHLIB="${LIBDIR}/${LIB_NAME}.${SHLIB_EXT}"
 
+# https://github.com/mkropat/sh-realpath
+#
+# Copyright (c) 2014 Michael Kropat
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+
+realpath() {
+    canonicalize_path "$(resolve_symlinks "$1")"
+}
+
+resolve_symlinks() {
+    _resolve_symlinks "$1"
+}
+
+_resolve_symlinks() {
+    _assert_no_path_cycles "$@" || return
+
+    local dir_context path
+    path=$(readlink -- "$1")
+    if [ $? -eq 0 ]; then
+        dir_context=$(dirname -- "$1")
+        _resolve_symlinks "$(_prepend_dir_context_if_necessary "$dir_context" "$path")" "$@"
+    else
+        printf '%s\n' "$1"
+    fi
+}
+
+_prepend_dir_context_if_necessary() {
+    if [ "$1" = . ]; then
+        printf '%s\n' "$2"
+    else
+        _prepend_path_if_relative "$1" "$2"
+    fi
+}
+
+_prepend_path_if_relative() {
+    case "$2" in
+        /* ) printf '%s\n' "$2" ;;
+         * ) printf '%s\n' "$1/$2" ;;
+    esac
+}
+
+_assert_no_path_cycles() {
+    local target path
+
+    target=$1
+    shift
+
+    for path in "$@"; do
+        if [ "$path" = "$target" ]; then
+            return 1
+        fi
+    done
+}
+
+canonicalize_path() {
+    if [ -d "$1" ]; then
+        _canonicalize_dir_path "$1"
+    else
+        _canonicalize_file_path "$1"
+    fi
+}
+
+_canonicalize_dir_path() {
+    (cd "$1" 2>/dev/null && pwd -P)
+}
+
+_canonicalize_file_path() {
+    local dir file
+    dir=$(dirname -- "$1")
+    file=$(basename -- "$1")
+    (cd "$dir" 2>/dev/null && printf '%s/%s\n' "$(pwd -P)" "$file")
+}
+
 # Set @LDPRELOAD@ variable with torsocks library path.
 set_ld_preload ()
 {
-	if [ -z "$@LDPRELOAD@" ]; then
-		export @LDPRELOAD@="${SHLIB}"
-	else
-		echo "$@LDPRELOAD@" | grep -q "${SHLIB}" || \
-			export @LDPRELOAD@="${SHLIB} $@LDPRELOAD@"
-	fi
+	case "$@LDPRELOAD@" in
+		*"${SHLIB}"*) ;;
+		'')
+			export @LDPRELOAD@="${SHLIB}"
+			;;
+		*)
+			export @LDPRELOAD@="${SHLIB}:$@LDPRELOAD@"
+			;;
+	esac
 
 	# OS X specific env variable
 	case "$OSTYPE" in
@@ -88,7 +182,7 @@ set_ld_preload ()
 # Report error due to Apple's System Integrity Protection.
 macos_sip_error ()
 {
-	echo "ERROR: $1 is located in a directory protected by Apple's System Integrity Protection." >&2
+	printf "ERROR: %s is located in a directory protected by Apple's System Integrity Protection.\n" "$1" >&2
 	exit 1
 }
 
@@ -101,21 +195,20 @@ macos_sip_check ()
 		darwin*)
 			# We need to figure out if Apple's System Integrity Protection is
 			# enabled on the users' system.
-			if /usr/bin/csrutil status | grep -q enabled; then
-				local abs_app_dir=`cd "$(dirname "$app_path")" && pwd -P`
-
-				# It seems like /usr/** (with an exception of /usr/local/**),
-				# /System/**, /sbin/**, and /bin/** are currently protected
-				# using SIP.
-				case "$abs_app_dir/`basename $app_path`" in
-					/usr/local/*)
-						# Must be listed before the match on /usr/*
-						;;
-					/usr/*|/System/*|/sbin/*|/bin/*)
-						macos_sip_error $app_path
-						;;
-				esac
-			fi
+			case "$(/usr/bin/csrutil status)" in
+				*enabled*)
+					# It seems like /usr/** (with an exception of /usr/local/**),
+					# /System/**, /sbin/**, and /bin/** are currently protected
+					# using SIP.
+					case "$(realpath "$app_path")" in
+						/usr/local/*)
+							# Must be listed before the match on /usr/*
+							;;
+						/usr/*|/System/*|/sbin/*|/bin/*)
+							macos_sip_error "$app_path"
+							;;
+					esac
+			esac
 			;;
 	esac
 }
@@ -124,14 +217,14 @@ macos_sip_check ()
 tor_shell ()
 {
 	set_ld_preload
-	echo "$0: New torified shell coming right up..."
+	echo "New torified shell coming right up..."
 	${SHELL:-/bin/sh}
 }
 
 torify_app ()
 {
-	local app_path="`which $1`"
-	local getcap="`PATH="$PATH:/usr/sbin:/sbin" which getcap`"
+	local app_path="$(command -v "$1")"
+	local getcap="$(PATH="$PATH:/usr/sbin:/sbin" command -v getcap)"
 	local caps=
 
 	if [ -z "$1" ]; then
@@ -144,7 +237,7 @@ torify_app ()
 	# This must be before torifying because getcap uses cap_get_file(3)
 	# via syscall(2) which breaks torsocks.
 	if [ -n "$getcap" ]; then
-		caps="`$getcap $app_path 2>/dev/null`"
+		caps="$("$getcap" "$app_path" 2>/dev/null)"
 	fi
 
 	# Check if Apple's System Integrity Protection is enabled if the user is
@@ -161,9 +254,7 @@ torify_app ()
 		echo "ERROR: $1 is setgid. torsocks will not work on a setgid executable." >&2
 		exit 1
 	elif [ -n "$caps" ]; then
-		echo "ERROR: $1 gains the following elevated capabilities. torsocks will \
-not work with privledged executables.
-$caps" >&2
+		printf "ERROR: %s gains the following elevated capabilities. torsocks will not work with privileged executables.\n%s" "$app_path" "$caps" >&2
 		exit 1
 	fi
 
@@ -218,10 +309,9 @@ if [ $# -eq 0 ] ; then
 	exit 1
 fi
 
-# Ensure libtorsocks exists,
-if [ ! -f "$SHLIB" ]; then
-   echo "$0: $SHLIB does not exist! Try re-installing torsocks."
-   exit
+if [ ! -e "$SHLIB" ]; then
+   echo "ERROR: $SHLIB does not exist! Try re-installing torsocks." >&2
+   exit 1
 fi
 
 while true;
@@ -235,7 +325,7 @@ do
 			;;
 		off)
 			check_script_sourced "$1"
-			export @LDPRELOAD@="`echo -n $@LDPRELOAD@ | sed "s#$SHLIB *##"`"
+			export @LDPRELOAD@="$(printf '%s' "$@LDPRELOAD@" | sed "s#$SHLIB *##")"
 			if [ -z "$@LDPRELOAD@" ]; then
 				unset @LDPRELOAD@
 				case "$OSTYPE" in
@@ -248,7 +338,7 @@ do
 			break
 			;;
 		show|sh)
-			echo "@LDPRELOAD@=\"$@LDPRELOAD@\""
+			printf '%s="%s"\n' "@LDPRELOAD@" "$@LDPRELOAD@"
 			break
 			;;
 		-h|--help)

